fix(workflows): Finish password confirmation

Signed-off-by: Joas Schilling <coding@schilljs.com>

3 files changed, 11 insertions, 4 deletions

diff --git a/apps/workflowengine/lib/Controller/AWorkflowController.php b/apps/workflowengine/lib/Controller/AWorkflowController.php
index 77e50526092..2c3655743ff 100644
--- a/apps/workflowengine/lib/Controller/AWorkflowController.php
+++ b/apps/workflowengine/lib/Controller/AWorkflowController.php
@@ -30,6 +30,7 @@ namespace OCA\WorkflowEngine\Controller;
 use Doctrine\DBAL\Exception;
 use OCA\WorkflowEngine\Helper\ScopeContext;
 use OCA\WorkflowEngine\Manager;
+use OCP\AppFramework\Http\Attribute\PasswordConfirmationRequired;
 use OCP\AppFramework\Http\DataResponse;
 use OCP\AppFramework\OCS\OCSBadRequestException;
 use OCP\AppFramework\OCS\OCSException;
@@ -103,6 +104,7 @@ abstract class AWorkflowController extends OCSController {
 	 * @throws OCSForbiddenException
 	 * @throws OCSException
 	 */
+	#[PasswordConfirmationRequired]
 	public function create(
 		string $class,
 		string $name,
@@ -131,6 +133,7 @@ abstract class AWorkflowController extends OCSController {
 	 * @throws OCSForbiddenException
 	 * @throws OCSException
 	 */
+	#[PasswordConfirmationRequired]
 	public function update(
 		int $id,
 		string $name,
@@ -159,6 +162,7 @@ abstract class AWorkflowController extends OCSController {
 	 * @throws OCSForbiddenException
 	 * @throws OCSException
 	 */
+	#[PasswordConfirmationRequired]
 	public function destroy(int $id): DataResponse {
 		try {
 			$deleted = $this->manager->deleteOperation($id, $this->getScopeContext());
diff --git a/apps/workflowengine/lib/Controller/UserWorkflowsController.php b/apps/workflowengine/lib/Controller/UserWorkflowsController.php
index dd2457dd9e8..02c52deb9c7 100644
--- a/apps/workflowengine/lib/Controller/UserWorkflowsController.php
+++ b/apps/workflowengine/lib/Controller/UserWorkflowsController.php
@@ -29,6 +29,7 @@ namespace OCA\WorkflowEngine\Controller;
 
 use OCA\WorkflowEngine\Helper\ScopeContext;
 use OCA\WorkflowEngine\Manager;
+use OCP\AppFramework\Http\Attribute\PasswordConfirmationRequired;
 use OCP\AppFramework\Http\DataResponse;
 use OCP\AppFramework\OCS\OCSBadRequestException;
 use OCP\AppFramework\OCS\OCSForbiddenException;
@@ -84,6 +85,7 @@ class UserWorkflowsController extends AWorkflowController {
 	 * @throws OCSBadRequestException
 	 * @throws OCSForbiddenException
 	 */
+	#[PasswordConfirmationRequired]
 	public function create(string $class, string $name, array $checks, string $operation, string $entity, array $events): DataResponse {
 		return parent::create($class, $name, $checks, $operation, $entity, $events);
 	}
@@ -93,6 +95,7 @@ class UserWorkflowsController extends AWorkflowController {
 	 * @throws OCSBadRequestException
 	 * @throws OCSForbiddenException
 	 */
+	#[PasswordConfirmationRequired]
 	public function update(int $id, string $name, array $checks, string $operation, string $entity, array $events): DataResponse {
 		return parent::update($id, $name, $checks, $operation, $entity, $events);
 	}
@@ -101,6 +104,7 @@ class UserWorkflowsController extends AWorkflowController {
 	 * @NoAdminRequired
 	 * @throws OCSForbiddenException
 	 */
+	#[PasswordConfirmationRequired]
 	public function destroy(int $id): DataResponse {
 		return parent::destroy($id);
 	}
diff --git a/apps/workflowengine/src/store.js b/apps/workflowengine/src/store.js
index 49c881e67b6..6f8905687cf 100644
--- a/apps/workflowengine/src/store.js
+++ b/apps/workflowengine/src/store.js
@@ -89,7 +89,8 @@ const store = new Store({
 				context.commit('addRule', rule)
 			})
 		},
-		createNewRule(context, rule) {
+		async createNewRule(context, rule) {
+			await confirmPassword()
 			let entity = null
 			let events = []
 			if (rule.isComplex === false && rule.fixedEntity === '') {
@@ -120,9 +121,7 @@ const store = new Store({
 			context.commit('removeRule', rule)
 		},
 		async pushUpdateRule(context, rule) {
-			if (context.state.scope === 0) {
-				await confirmPassword()
-			}
+			await confirmPassword()
 			let result
 			if (rule.id < 0) {
 				result = await axios.post(getApiUrl(''), rule)