* Records an audit log entry when all blocks in a workflow are locked or unlocked. * Only audits workflow-level transitions (all locked or all unlocked), not partial toggles.
(workflowId: string, actorId: string)
| 299 | * Only audits workflow-level transitions (all locked or all unlocked), not partial toggles. |
| 300 | */ |
| 301 | async function auditWorkflowLockToggle(workflowId: string, actorId: string): Promise<void> { |
| 302 | const [wf] = await db |
| 303 | .select({ name: workflow.name, workspaceId: workflow.workspaceId }) |
| 304 | .from(workflow) |
| 305 | .where(eq(workflow.id, workflowId)) |
| 306 | |
| 307 | if (!wf) return |
| 308 | |
| 309 | const blocks = await db |
| 310 | .select({ locked: workflowBlocks.locked }) |
| 311 | .from(workflowBlocks) |
| 312 | .where(eq(workflowBlocks.workflowId, workflowId)) |
| 313 | |
| 314 | if (blocks.length === 0) return |
| 315 | |
| 316 | const allLocked = blocks.every((b) => b.locked) |
| 317 | const allUnlocked = blocks.every((b) => !b.locked) |
| 318 | |
| 319 | // Only audit workflow-level transitions, not partial toggles |
| 320 | if (!allLocked && !allUnlocked) return |
| 321 | |
| 322 | recordAudit({ |
| 323 | workspaceId: wf.workspaceId, |
| 324 | actorId, |
| 325 | action: allLocked ? AuditAction.WORKFLOW_LOCKED : AuditAction.WORKFLOW_UNLOCKED, |
| 326 | resourceType: AuditResourceType.WORKFLOW, |
| 327 | resourceId: workflowId, |
| 328 | resourceName: wf.name, |
| 329 | description: allLocked ? `Locked workflow "${wf.name}"` : `Unlocked workflow "${wf.name}"`, |
| 330 | metadata: { blockCount: blocks.length }, |
| 331 | }) |
| 332 | } |
| 333 | |
| 334 | async function handleBlockOperationTx( |
| 335 | tx: any, |
no test coverage detected