diff --git a/backend/src/schema/resolvers/posts.js b/backend/src/schema/resolvers/posts.js index 8e97e0b87..733ad5710 100644 --- a/backend/src/schema/resolvers/posts.js +++ b/backend/src/schema/resolvers/posts.js @@ -17,19 +17,42 @@ const maintainPinnedPosts = (params) => { return params } +const postAccessFilter = (params) => { + const groupFilter = { + group: { + OR: [{ groupType_in: 'public' }, { myRole_in: ['usual', 'admin', 'owner'] }], + }, + } + if (isEmpty(params.filter)) { + params.filter = { OR: [groupFilter, {}] } + } else { + if (isEmpty(params.filter.group)) { + params.filter = { OR: [groupFilter, { ...params.filter }] } + } else { + params.filter.group = { + AND: [{ ...groupFilter.group }, { ...params.filter.group }], + } + } + } + return params +} + export default { Query: { Post: async (object, params, context, resolveInfo) => { params = await filterForMutedUsers(params, context) params = await maintainPinnedPosts(params) + params = await postAccessFilter(params) return neo4jgraphql(object, params, context, resolveInfo) }, findPosts: async (object, params, context, resolveInfo) => { params = await filterForMutedUsers(params, context) + params = await postAccessFilter(params) return neo4jgraphql(object, params, context, resolveInfo) }, profilePagePosts: async (object, params, context, resolveInfo) => { params = await filterForMutedUsers(params, context) + params = await postAccessFilter(params) return neo4jgraphql(object, params, context, resolveInfo) }, PostsEmotionsCountByEmotion: async (object, params, context, resolveInfo) => { diff --git a/backend/src/schema/types/type/Post.gql b/backend/src/schema/types/type/Post.gql index 434b44772..8ea8b5cdb 100644 --- a/backend/src/schema/types/type/Post.gql +++ b/backend/src/schema/types/type/Post.gql @@ -81,7 +81,7 @@ input _PostFilter { emotions_none: _PostEMOTEDFilter emotions_single: _PostEMOTEDFilter emotions_every: _PostEMOTEDFilter - group: ID + group: _GroupFilter } enum _PostOrdering {