Add security policy to app-connections (#2085)

Fixes OPS-3877.

Author: MarceloRGonc

packages/server/api/src/app/app-connection/app-connection.controller.ts

@@ -15,6 +15,7 @@ import {
   UpsertAppConnectionRequestBody,
 } from '@openops/shared';
 import { StatusCodes } from 'http-status-codes';
+import { getProjectScopedRoutePolicy } from '../core/security/route-policies/route-security-policy-factory';
 import { sendConnectionDeletedEvent } from '../telemetry/event-models';
 import { appConnectionService } from './app-connection-service/app-connection-service';
 import { redactSecrets, removeSensitiveData } from './app-connection-utils';
@@ -155,7 +156,10 @@ const DEFAULT_PAGE_SIZE = 10;
 const UpsertAppConnectionRequest = {
   config: {
     allowedPrincipals: [PrincipalType.USER, PrincipalType.SERVICE],
-    permission: Permission.WRITE_APP_CONNECTION,
+    security: getProjectScopedRoutePolicy({
+      allowedPrincipals: [PrincipalType.USER, PrincipalType.SERVICE],
+      permission: Permission.WRITE_APP_CONNECTION,
+    }),
   },
   schema: {
     tags: ['app-connections'],
@@ -172,7 +176,10 @@ const UpsertAppConnectionRequest = {
 const PatchAppConnectionRequest = {
   config: {
     allowedPrincipals: [PrincipalType.USER, PrincipalType.SERVICE],
-    permission: Permission.WRITE_APP_CONNECTION,
+    security: getProjectScopedRoutePolicy({
+      allowedPrincipals: [PrincipalType.USER, PrincipalType.SERVICE],
+      permission: Permission.WRITE_APP_CONNECTION,
+    }),
   },
   schema: {
     operationId: 'Update Connection',
@@ -190,7 +197,10 @@ const PatchAppConnectionRequest = {
 const ListAppConnectionsRequest = {
   config: {
     allowedPrincipals: [PrincipalType.USER, PrincipalType.SERVICE],
-    permission: Permission.READ_APP_CONNECTION,
+    security: getProjectScopedRoutePolicy({
+      allowedPrincipals: [PrincipalType.USER, PrincipalType.SERVICE],
+      permission: Permission.READ_APP_CONNECTION,
+    }),
   },
   schema: {
     operationId: 'List Connections',
@@ -208,7 +218,10 @@ const ListAppConnectionsRequest = {
 const DeleteAppConnectionRequest = {
   config: {
     allowedPrincipals: [PrincipalType.USER, PrincipalType.SERVICE],
-    permission: Permission.WRITE_APP_CONNECTION,
+    security: getProjectScopedRoutePolicy({
+      allowedPrincipals: [PrincipalType.USER, PrincipalType.SERVICE],
+      permission: Permission.DELETE_APP_CONNECTION,
+    }),
   },
   schema: {
     tags: ['app-connections'],
@@ -227,7 +240,10 @@ const DeleteAppConnectionRequest = {
 const GetAppConnectionRequest = {
   config: {
     allowedPrincipals: [PrincipalType.USER, PrincipalType.SERVICE],
-    permission: Permission.READ_APP_CONNECTION,
+    security: getProjectScopedRoutePolicy({
+      allowedPrincipals: [PrincipalType.USER, PrincipalType.SERVICE],
+      permission: Permission.READ_APP_CONNECTION,
+    }),
   },
   schema: {
     operationId: 'Get Connection Details',
@@ -254,7 +270,10 @@ const GetAppConnectionRequest = {
 const GetConnectionMetadataRequest = {
   config: {
     allowedPrincipals: [PrincipalType.USER, PrincipalType.SERVICE],
-    permission: Permission.READ_APP_CONNECTION,
+    security: getProjectScopedRoutePolicy({
+      allowedPrincipals: [PrincipalType.USER, PrincipalType.SERVICE],
+      permission: Permission.READ_APP_CONNECTION,
+    }),
   },
   schema: {
     operationId: 'Get Connection Metadata',