diff --git a/backend/src/middleware/permissionsMiddleware.js b/backend/src/middleware/permissionsMiddleware.js index d312bc112..b0d07c8ec 100644 --- a/backend/src/middleware/permissionsMiddleware.js +++ b/backend/src/middleware/permissionsMiddleware.js @@ -41,20 +41,6 @@ const isMySocialMedia = rule({ return socialMedia.ownedBy.node.id === user.id }) -/* TODO: decide if we want to remove this check: the check - * `onlyEnabledContent` throws authorization errors only if you have - * arguments for `disabled` or `deleted` assuming these are filter - * parameters. Soft-delete middleware obfuscates data on its way out - * anyways. Furthermore, `neo4j-graphql-js` offers many ways to filter for - * data so I believe, this is not a good check anyways. - */ -const onlyEnabledContent = rule({ - cache: 'strict', -})(async (parent, args, ctx, info) => { - const { disabled, deleted } = args - return !(disabled || deleted) -}) - const invitationLimitReached = rule({ cache: 'no_cache', })(async (parent, args, { user, driver }) => { @@ -125,7 +111,8 @@ const permissions = shield( reports: isModerator, statistics: allow, currentUser: allow, - Post: or(onlyEnabledContent, isModerator), + Post: allow, + profilePagePosts: allow, Comment: allow, User: or(noEmailFilter, isAdmin), isLoggedIn: allow, @@ -134,7 +121,6 @@ const permissions = shield( PostsEmotionsByCurrentUser: isAuthenticated, blockedUsers: isAuthenticated, notifications: isAuthenticated, - profilePagePosts: or(onlyEnabledContent, isModerator), Donations: isAuthenticated, }, Mutation: { diff --git a/backend/src/middleware/softDelete/softDeleteMiddleware.js b/backend/src/middleware/softDelete/softDeleteMiddleware.js index 3360d4085..8be8c3d39 100644 --- a/backend/src/middleware/softDelete/softDeleteMiddleware.js +++ b/backend/src/middleware/softDelete/softDeleteMiddleware.js @@ -3,9 +3,7 @@ const isModerator = ({ user }) => { } const setDefaultFilters = (resolve, root, args, context, info) => { - if (typeof args.deleted !== 'boolean') { - args.deleted = false - } + args.deleted = false if (!isModerator(context)) { args.disabled = false diff --git a/backend/src/middleware/softDelete/softDeleteMiddleware.spec.js b/backend/src/middleware/softDelete/softDeleteMiddleware.spec.js index 5b04abebd..fa942f5c4 100644 --- a/backend/src/middleware/softDelete/softDeleteMiddleware.spec.js +++ b/backend/src/middleware/softDelete/softDeleteMiddleware.spec.js @@ -341,76 +341,6 @@ describe('softDeleteMiddleware', () => { }) }) }) - - describe('filter (deleted: true)', () => { - beforeEach(() => { - graphqlQuery = gql` - { - Post(deleted: true) { - title - } - } - ` - }) - - describe('as user', () => { - beforeEach(async () => { - authenticatedUser = await user.toJson() - }) - - it('throws authorisation error', async () => { - const { data, errors } = await action() - expect(data).toEqual({ Post: null }) - expect(errors[0]).toHaveProperty('message', 'Not Authorised!') - }) - }) - - describe('as moderator', () => { - beforeEach(async () => { - authenticatedUser = await moderator.toJson() - }) - - it('does not show deleted posts', async () => { - const expected = { data: { Post: [{ title: 'UNAVAILABLE' }] } } - await expect(action()).resolves.toMatchObject(expected) - }) - }) - }) - - describe('filter (disabled: true)', () => { - beforeEach(() => { - graphqlQuery = gql` - { - Post(disabled: true) { - title - } - } - ` - }) - - describe('as user', () => { - beforeEach(async () => { - authenticatedUser = await user.toJson() - }) - - it('throws authorisation error', async () => { - const { data, errors } = await action() - expect(data).toEqual({ Post: null }) - expect(errors[0]).toHaveProperty('message', 'Not Authorised!') - }) - }) - - describe('as moderator', () => { - beforeEach(async () => { - authenticatedUser = await moderator.toJson() - }) - - it('shows disabled posts', async () => { - const expected = { data: { Post: [{ title: 'Disabled post' }] } } - await expect(action()).resolves.toMatchObject(expected) - }) - }) - }) }) }) })