From a9117eb1359e07809524f73868d5665e5287a1bc Mon Sep 17 00:00:00 2001 From: priyadarshini-silpa Date: Wed, 4 Jan 2023 10:26:58 +0530 Subject: [PATCH 1/3] create squiggle mutation --- server/schema/squiggle/squiggle.datasources.js | 12 ++++++++++++ server/schema/squiggle/squiggle.mutation.js | 17 +++++++++++++++++ server/schema/squiggle/squiggle.resolver.js | 9 +++++++++ server/schema/squiggle/squiggle.schema.js | 2 ++ 4 files changed, 40 insertions(+) diff --git a/server/schema/squiggle/squiggle.datasources.js b/server/schema/squiggle/squiggle.datasources.js index bedb4b60..72b61fff 100644 --- a/server/schema/squiggle/squiggle.datasources.js +++ b/server/schema/squiggle/squiggle.datasources.js @@ -28,10 +28,22 @@ const find = async (query, limit, offset) => { } }; +const create = async (squiggleType, content) => { + try { + const _squiggle = await SquiggleModel.create({ + squiggleType, + content, + }); + return _squiggle; + } catch (error) { + throw APIError(null, error); + } +}; const SquiggleDataSources = () => ({ getLatest, findByID, find, + create, }); module.exports = SquiggleDataSources; diff --git a/server/schema/squiggle/squiggle.mutation.js b/server/schema/squiggle/squiggle.mutation.js index e69de29b..c6a3abbd 100644 --- a/server/schema/squiggle/squiggle.mutation.js +++ b/server/schema/squiggle/squiggle.mutation.js @@ -0,0 +1,17 @@ +const { GraphQLObjectType, GraphQLNonNull, GraphQLString } = require('../scalars'); +const { createSquiggle } = require('./squiggle.resolver'); + +const SquiggleType = require('./squiggle.type'); + +module.exports = new GraphQLObjectType({ + name: 'SquiggleMutation', + fields: { + createSquiggle: { + type: SquiggleType, + args: { + content: { type: new GraphQLNonNull(GraphQLString) }, + }, + resolve: createSquiggle, + }, + }, +}); diff --git a/server/schema/squiggle/squiggle.resolver.js b/server/schema/squiggle/squiggle.resolver.js index 6ab58f58..12619312 100644 --- a/server/schema/squiggle/squiggle.resolver.js +++ b/server/schema/squiggle/squiggle.resolver.js @@ -14,6 +14,15 @@ const { APIError } = require('../../utils/exception'); const DEF_LIMIT = 10; const DEF_OFFSET = 0; module.exports = { + createSquiggle: async (_parent, { squiggleType, content }, { API: { Squiggle } }) => { + try { + const _squiggle = await Squiggle.create(squiggleType, content); + + return _squiggle; + } catch (error) { + throw APIError(null, error); + } + }, getLatestSquiggle: async (_parent, _args, { API: { Squiggle } }, _) => { try { const _squiggle = await Squiggle.getLatest(); diff --git a/server/schema/squiggle/squiggle.schema.js b/server/schema/squiggle/squiggle.schema.js index 9de2c615..475696fe 100644 --- a/server/schema/squiggle/squiggle.schema.js +++ b/server/schema/squiggle/squiggle.schema.js @@ -25,10 +25,12 @@ const { // GraphQLJSONObject, } = require('../scalars'); +const SquiggleMutation = require('./squiggle.mutation'); const SquiggleQuery = require('./squiggle.query'); const SquiggleType = require('./squiggle.type'); module.exports = new GraphQLSchema({ types: [SquiggleType], query: SquiggleQuery, + mutation: SquiggleMutation, }); From 51b258557963a3ad76452f0eada41a71f616705b Mon Sep 17 00:00:00 2001 From: priyadarshini-silpa Date: Sat, 28 Jan 2023 09:53:20 +0530 Subject: [PATCH 2/3] chore: add empty line for code cleanliness --- server/schema/squiggle/squiggle.datasources.js | 2 ++ 1 file changed, 2 insertions(+) diff --git a/server/schema/squiggle/squiggle.datasources.js b/server/schema/squiggle/squiggle.datasources.js index 72b61fff..44125edd 100644 --- a/server/schema/squiggle/squiggle.datasources.js +++ b/server/schema/squiggle/squiggle.datasources.js @@ -34,11 +34,13 @@ const create = async (squiggleType, content) => { squiggleType, content, }); + return _squiggle; } catch (error) { throw APIError(null, error); } }; + const SquiggleDataSources = () => ({ getLatest, findByID, From ed1866429cef0c0dd261030cac93e7b84f06f3e5 Mon Sep 17 00:00:00 2001 From: priyadarshini-silpa Date: Sat, 28 Jan 2023 09:55:14 +0530 Subject: [PATCH 3/3] feat: add permission checks --- planning/v1/ROLES.md | 45 +++++++++++++++------ server/schema/squiggle/squiggle.resolver.js | 12 +++++- 2 files changed, 43 insertions(+), 14 deletions(-) diff --git a/planning/v1/ROLES.md b/planning/v1/ROLES.md index 7a0f8fce..984a5a3b 100644 --- a/planning/v1/ROLES.md +++ b/planning/v1/ROLES.md @@ -76,6 +76,24 @@ --- +## Squiggle Section + +### Squiggle Permissions + +| Permission Name | Description | +| ------------------ | ------------------------- | +| squiggle.write.new | Can create a new squiggle | +| | | + +### Squiggle Roles + +| Role Name | squiggle.write.new | +| -------------- | ------------------ | +| squiggle.admin | Y | +| | | + +--- + ## Tag Section ### Tag Permissions @@ -99,21 +117,22 @@ --- -### Live Section +### Live Section ### Live Permissions -| Permission Name | Description | -| --------------- | ---------------------------| -| live.read.all | Can read all live data | -| live.write.all | Can add/edit all live data | +| Permission Name | Description | +| --------------- | -------------------------- | +| live.read.all | Can read all live data | +| live.write.all | Can add/edit all live data | ### Live Roles -| Role Name | live.read.all | live.write.all | -| ------------------|------------------|-----------------| -| live.verified | Y | N | -| live.superadmin | Y | Y | +| Role Name | live.read.all | live.write.all | +| --------------- | ------------- | -------------- | +| live.verified | Y | N | +| live.superadmin | Y | Y | + ### Media Section ### Media Permissions @@ -126,7 +145,7 @@ ### Media Roles -| Role Name | media.write.new | media.write.self | media.write.all | -| ----------- | --------------- | ---------------- | ---------------- | -| media.team | Y | Y | N | -| media.admin | Y | Y | Y | +| Role Name | media.write.new | media.write.self | media.write.all | +| ----------- | --------------- | ---------------- | --------------- | +| media.team | Y | Y | N | +| media.admin | Y | Y | Y | diff --git a/server/schema/squiggle/squiggle.resolver.js b/server/schema/squiggle/squiggle.resolver.js index 12619312..a34c6f97 100644 --- a/server/schema/squiggle/squiggle.resolver.js +++ b/server/schema/squiggle/squiggle.resolver.js @@ -9,13 +9,23 @@ * @since 0.1.0 */ +const UserPermission = require('../../utils/userAuth/permission'); const { APIError } = require('../../utils/exception'); const DEF_LIMIT = 10; const DEF_OFFSET = 0; module.exports = { - createSquiggle: async (_parent, { squiggleType, content }, { API: { Squiggle } }) => { + createSquiggle: async ( + _parent, + { squiggleType, content }, + { session, authToken, decodedToken, API: { Squiggle } } + ) => { try { + if (!UserPermission.exists(session, authToken, decodedToken, 'squiggle.write.new')) { + throw APIError('FORBIDDEN', null, { + reason: 'The user does not have the required permissions to create a squiggle.', + }); + } const _squiggle = await Squiggle.create(squiggleType, content); return _squiggle;