@@ -26,10 +26,10 @@ function hasApplicationPermission(
2626 permissionType : ObjectPermissions
2727) {
2828 if ( ! entity || entity . kind === 'Workflow' ) return false ;
29- const appRoles = entity . permissions [ permissionType ] . map (
30- ( role : any ) => role . _id
29+ const appRoles = entity . permissions [ permissionType ] . map ( ( role : any ) =>
30+ role . _id ? role . _id . toString ( ) : role . toString ( )
3131 ) ;
32- const userRoles = user . roles ?. map ( ( role ) => role . _id ) ;
32+ const userRoles = user . roles ?. map ( ( role ) => role . _id . toString ( ) ) ;
3333 return appRoles . some ( ( role ) => userRoles . includes ( role ) ) ;
3434}
3535
@@ -74,7 +74,7 @@ export async function extendAbilityForStepOnStep(
7474 if ( ability . cannot ( 'read' , step ) ) {
7575 const app = await requireApplication ( ) ;
7676 if ( hasApplicationPermission ( user , app , 'canSee' ) ) {
77- can ( 'read' , 'Step' , { _id : step . id } ) ;
77+ can ( 'read' , 'Step' , { _id : step . _id } ) ;
7878 }
7979 }
8080
@@ -83,7 +83,7 @@ export async function extendAbilityForStepOnStep(
8383 if ( ability . cannot ( 'update' , step ) ) {
8484 const app = await requireApplication ( ) ;
8585 if ( hasApplicationPermission ( user , app , 'canUpdate' ) ) {
86- can ( 'update' , 'Step' , { _id : step . id } ) ;
86+ can ( 'update' , 'Step' , { _id : step . _id } ) ;
8787 }
8888 }
8989
@@ -92,7 +92,7 @@ export async function extendAbilityForStepOnStep(
9292 if ( ability . cannot ( 'delete' , step ) ) {
9393 const app = await requireApplication ( ) ;
9494 if ( hasApplicationPermission ( user , app , 'canDelete' ) ) {
95- can ( 'delete' , 'Step' , { _id : step . id } ) ;
95+ can ( 'delete' , 'Step' , { _id : step . _id } ) ;
9696 }
9797 }
9898
0 commit comments