From 7541bfaa6cf0c8dc730c6f2a2a3c7a5c7b2594d4 Mon Sep 17 00:00:00 2001
From: Joas Schilling <coding@schilljs.com>
Date: Thu, 2 Nov 2023 12:22:42 +0100
Subject: [PATCH] fix(workflows): Finish password confirmation

Signed-off-by: Joas Schilling <coding@schilljs.com>
---
 apps/workflowengine/lib/Controller/AWorkflowController.php | 3 +++
 .../lib/Controller/UserWorkflowsController.php             | 3 +++
 apps/workflowengine/src/store.js                           | 7 +++----
 3 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/apps/workflowengine/lib/Controller/AWorkflowController.php b/apps/workflowengine/lib/Controller/AWorkflowController.php
index 77e50526092..501d7c64d4d 100644
--- a/apps/workflowengine/lib/Controller/AWorkflowController.php
+++ b/apps/workflowengine/lib/Controller/AWorkflowController.php
@@ -99,6 +99,7 @@ abstract class AWorkflowController extends OCSController {
 	}
 
 	/**
+	 * @PasswordConfirmationRequired
 	 * @throws OCSBadRequestException
 	 * @throws OCSForbiddenException
 	 * @throws OCSException
@@ -127,6 +128,7 @@ abstract class AWorkflowController extends OCSController {
 	}
 
 	/**
+	 * @PasswordConfirmationRequired
 	 * @throws OCSBadRequestException
 	 * @throws OCSForbiddenException
 	 * @throws OCSException
@@ -155,6 +157,7 @@ abstract class AWorkflowController extends OCSController {
 	}
 
 	/**
+	 * @PasswordConfirmationRequired
 	 * @throws OCSBadRequestException
 	 * @throws OCSForbiddenException
 	 * @throws OCSException
diff --git a/apps/workflowengine/lib/Controller/UserWorkflowsController.php b/apps/workflowengine/lib/Controller/UserWorkflowsController.php
index dd2457dd9e8..f1aa8e70bcd 100644
--- a/apps/workflowengine/lib/Controller/UserWorkflowsController.php
+++ b/apps/workflowengine/lib/Controller/UserWorkflowsController.php
@@ -81,6 +81,7 @@ class UserWorkflowsController extends AWorkflowController {
 
 	/**
 	 * @NoAdminRequired
+	 * @PasswordConfirmationRequired
 	 * @throws OCSBadRequestException
 	 * @throws OCSForbiddenException
 	 */
@@ -90,6 +91,7 @@ class UserWorkflowsController extends AWorkflowController {
 
 	/**
 	 * @NoAdminRequired
+	 * @PasswordConfirmationRequired
 	 * @throws OCSBadRequestException
 	 * @throws OCSForbiddenException
 	 */
@@ -99,6 +101,7 @@ class UserWorkflowsController extends AWorkflowController {
 
 	/**
 	 * @NoAdminRequired
+	 * @PasswordConfirmationRequired
 	 * @throws OCSForbiddenException
 	 */
 	public function destroy(int $id): DataResponse {
diff --git a/apps/workflowengine/src/store.js b/apps/workflowengine/src/store.js
index 1de22622c5a..2cda19b1a24 100644
--- a/apps/workflowengine/src/store.js
+++ b/apps/workflowengine/src/store.js
@@ -89,7 +89,8 @@ const store = new Store({
 				context.commit('addRule', rule)
 			})
 		},
-		createNewRule(context, rule) {
+		async createNewRule(context, rule) {
+			await confirmPassword()
 			let entity = null
 			let events = []
 			if (rule.isComplex === false && rule.fixedEntity === '') {
@@ -120,9 +121,7 @@ const store = new Store({
 			context.commit('removeRule', rule)
 		},
 		async pushUpdateRule(context, rule) {
-			if (context.state.scope === 0) {
-				await confirmPassword()
-			}
+			await confirmPassword()
 			let result
 			if (rule.id < 0) {
 				result = await axios.post(getApiUrl(''), rule)