-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathrequireAdmin.ts
More file actions
103 lines (86 loc) · 3.22 KB
/
Copy pathrequireAdmin.ts
File metadata and controls
103 lines (86 loc) · 3.22 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
import { defaultFieldResolver, GraphQLSchema } from 'graphql';
import { mapSchema, MapperKind, getDirective } from '@graphql-tools/utils';
import { ResolverContextWithUser, UnknownGraphQLResolverResult } from '../types/graphql';
import { ForbiddenError, UserInputError } from 'apollo-server-express';
import WorkspaceModel from '../models/workspace';
/**
* Check is user admin via workspace id
* @param context - resolver context
* @param workspaceId - workspace id to check
*/
async function checkByWorkspaceId(context: ResolverContextWithUser, workspaceId: string): Promise<void> {
const workspace = await context.factories.workspacesFactory.findById(workspaceId);
if (!workspace) {
throw new UserInputError('There is no workspace with that id');
}
const member = await workspace.getMemberInfo(context.user.id);
if (!member || WorkspaceModel.isPendingMember(member)) {
throw new ForbiddenError('You are not a member of this workspace');
}
if (!member.isAdmin) {
throw new ForbiddenError('Not enough permissions');
}
}
/**
* Check is user admin via project id
* @param context - resolver context
* @param projectId - project id to check
*/
async function checkByProjectId(context: ResolverContextWithUser, projectId: string): Promise<void> {
const project = await context.factories.projectsFactory.findById(projectId);
if (!project) {
throw new UserInputError('There is no project with provided ID');
}
await checkByWorkspaceId(context, project.workspaceId.toString());
}
/**
* Defines directive for accessing to a field only for admins
*
* Order to check workspace or project id:
* 1) args.workspaceId
* 2) args.input.workspaceId
* 3) args.projectId
* 4) args.input.projectId
*/
export default function requireAdminDirective(directiveName = 'requireAdmin') {
return {
requireAdminDirectiveTypeDefs: `
"""
Access to the field only for admins
"""
directive @${directiveName} on FIELD_DEFINITION
`,
requireAdminDirectiveTransformer: (schema: GraphQLSchema) =>
mapSchema(schema, {
[MapperKind.OBJECT_FIELD]: (fieldConfig, fieldName) => {
const requireAdminDirective = getDirective(schema, fieldConfig, directiveName)?.[0];
if (requireAdminDirective) {
const {
resolve = defaultFieldResolver,
} = fieldConfig;
/**
* New field resolver
* @param resolverArgs - default GraphQL resolver args
*/
fieldConfig.resolve = async (...resolverArgs): UnknownGraphQLResolverResult => {
const [, args, context] = resolverArgs;
if (args.workspaceId) {
await checkByWorkspaceId(context, args.workspaceId);
}
if (args.input?.workspaceId) {
await checkByWorkspaceId(context, args.input.workspaceId);
}
if (args.projectId) {
await checkByProjectId(context, args.projectId);
}
if (args.input?.projectId) {
await checkByProjectId(context, args.input.projectId);
}
return resolve(...resolverArgs);
};
}
return fieldConfig;
},
}),
};
}