From c333e4072f8e1699c08ccc8cb67cab2607db78f2 Mon Sep 17 00:00:00 2001
From: devanshu052000 <devanshu.rastogi05@gmail.com>
Date: Thu, 12 Jun 2025 02:45:00 +0530
Subject: [PATCH] Implemented restrictions for RunJS, RunPy and Workflows

---
 .../_stores/slices/dataQuerySlice.js          |  2 +-
 .../_stores/slices/queryPanelSlice.js         | 75 +++++++++++++++++--
 2 files changed, 71 insertions(+), 6 deletions(-)

diff --git a/frontend/src/AppBuilder/_stores/slices/dataQuerySlice.js b/frontend/src/AppBuilder/_stores/slices/dataQuerySlice.js
index 3a8dba58c6..f9b2badccd 100644
--- a/frontend/src/AppBuilder/_stores/slices/dataQuerySlice.js
+++ b/frontend/src/AppBuilder/_stores/slices/dataQuerySlice.js
@@ -456,7 +456,7 @@ export const createDataQuerySlice = (set, get) => ({
       try {
         for (const query of queries) {
           if (
-            (query.options.runOnPageLoad || query.options.run_on_page_load) &&
+            (query.options?.runOnPageLoad || query.options?.run_on_page_load) &&
             (query.restricted || isQueryRunnable(query))
           ) {
             await get().queryPanel.runQuery(query.id, query.name, undefined, undefined, {}, false, true, 'canvas');
diff --git a/frontend/src/AppBuilder/_stores/slices/queryPanelSlice.js b/frontend/src/AppBuilder/_stores/slices/queryPanelSlice.js
index 8810fdf954..7a24a911ec 100644
--- a/frontend/src/AppBuilder/_stores/slices/queryPanelSlice.js
+++ b/frontend/src/AppBuilder/_stores/slices/queryPanelSlice.js
@@ -342,14 +342,15 @@ export const createQueryPanelSlice = (set, get) => ({
 
         let queryExecutionPromise = null;
         if (query.kind === 'runjs') {
-          queryExecutionPromise = executeMultilineJS(query.options.code, query?.id, false, mode, parameters);
+          queryExecutionPromise = executeMultilineJS(query.options?.code, query?.id, false, mode, parameters);
         } else if (query.kind === 'runpy') {
-          queryExecutionPromise = executeRunPycode(query.options.code, query, false, mode, queryState);
+          queryExecutionPromise = executeRunPycode(query.options?.code, query, false, mode, queryState);
         } else if (query.kind === 'workflows') {
           queryExecutionPromise = executeWorkflow(
             moduleId,
-            query.options.workflowId,
-            query.options.blocking,
+            query,
+            query.options?.workflowId,
+            query.options?.blocking,
             query.options?.params,
             (currentAppEnvironmentId ?? environmentId) || selectedEnvironment?.id //TODO: currentAppEnvironmentId may no longer required. Need to check
           );
@@ -695,6 +696,28 @@ export const createQueryPanelSlice = (set, get) => ({
       const {
         queryPanel: { evaluatePythonCode },
       } = get();
+
+      if (query.restricted) {
+        return {
+          status: 'failed',
+          message: 'Unauthorized Access',
+          description: '',
+          data: {
+            type: 'tj-401',
+            responseObject: {
+              statusCode: 401,
+              responseBody: 'Unauthorized Access',
+            },
+          },
+          metadata: {
+            response: {
+              statusCode: 401,
+              responseBody: 'Unauthorized Access',
+            },
+          },
+        };
+      }
+
       return { data: await evaluatePythonCode({ code, query, isPreview, mode, currentState }) };
     },
 
@@ -911,7 +934,7 @@ export const createQueryPanelSlice = (set, get) => ({
       //   queries: updatedQueries,
       // });
     },
-    executeWorkflow: async (moduleId, workflowId, _blocking = false, params = {}, appEnvId) => {
+    executeWorkflow: async (moduleId, query, workflowId, _blocking = false, params = {}, appEnvId) => {
       const {
         app: { appId },
         getAllExposedValues,
@@ -919,6 +942,27 @@ export const createQueryPanelSlice = (set, get) => ({
       const currentState = getAllExposedValues();
       const resolvedParams = get().resolveReferences(moduleId, params, currentState, {}, {});
 
+      if (query.restricted) {
+        return {
+          status: 'failed',
+          message: 'Unauthorized Access',
+          description: '',
+          data: {
+            type: 'tj-401',
+            responseObject: {
+              statusCode: 401,
+              responseBody: 'Unauthorized Access',
+            },
+          },
+          metadata: {
+            response: {
+              statusCode: 401,
+              responseBody: 'Unauthorized Access',
+            },
+          },
+        };
+      }
+
       try {
         const response = await workflowExecutionsService.execute(workflowId, resolvedParams, appId, appEnvId);
         return { data: response.result, status: 'ok' };
@@ -969,6 +1013,27 @@ export const createQueryPanelSlice = (set, get) => ({
 
       const queryDetails = dataQuery.queries.modules?.[moduleId].find((q) => q.id === queryId);
 
+      if (queryDetails.restricted) {
+        return {
+          status: 'failed',
+          message: 'Unauthorized Access',
+          description: '',
+          data: {
+            type: 'tj-401',
+            responseObject: {
+              statusCode: 401,
+              responseBody: 'Unauthorized Access',
+            },
+          },
+          metadata: {
+            response: {
+              statusCode: 401,
+              responseBody: 'Unauthorized Access',
+            },
+          },
+        };
+      }
+
       const defaultParams =
         queryDetails?.options?.parameters?.reduce(
           (paramObj, param) => ({