Allow admins to create a post as pinned

- at the moment, it is created as a property of Post, but will be refactored to create a relationship[:PINNED] from the admin to the Post - Co-authored-by: kachulio1 <jngugi88@gmail.com>
2025-12-13 07:45:56 +00:00 · 2019-10-08 15:07:08 +02:00 · 2019-10-08 15:07:08 +02:00 · 774581f2e0
commit 774581f2e0
parent 227239cc8b
3 changed files with 90 additions and 5 deletions
--- a/backend/src/middleware/permissionsMiddleware.js
+++ b/backend/src/middleware/permissionsMiddleware.js
@ -111,6 +111,11 @@ const noEmailFilter = rule({
  return !('email' in args)
 })

+const pinnedPost = rule({
+  cache: 'no_cache',
+})(async (_, args) => {
+  return 'pinned' in args
+})
 const publicRegistration = rule()(() => !!CONFIG.PUBLIC_REGISTRATION)

 // Permissions
@ -143,7 +148,7 @@ const permissions = shield(
      SignupVerification: allow,
      CreateInvitationCode: and(isAuthenticated, or(not(invitationLimitReached), isAdmin)),
      UpdateUser: onlyYourself,
-      CreatePost: isAuthenticated,
+      CreatePost: or(and(isAuthenticated, not(pinnedPost)), isAdmin),
      UpdatePost: isAuthor,
      DeletePost: isAuthor,
      report: isAuthenticated,
--- a/backend/src/schema/resolvers/posts.spec.js
+++ b/backend/src/schema/resolvers/posts.spec.js
@ -17,13 +17,21 @@ const categoryIds = ['cat9', 'cat4', 'cat15']
 let variables

 const createPostMutation = gql`
-  mutation($id: ID, $title: String!, $content: String!, $language: String, $categoryIds: [ID]) {
+  mutation(
+    $id: ID
+    $title: String!
+    $content: String!
+    $language: String
+    $categoryIds: [ID]
+    $pinned: Boolean
+  ) {
    CreatePost(
      id: $id
      title: $title
      content: $content
      language: $language
      categoryIds: $categoryIds
+      pinned: $pinned
    ) {
      id
      title
@ -31,6 +39,7 @@ const createPostMutation = gql`
      slug
      disabled
      deleted
+      pinned
      language
      author {
        name
@ -357,6 +366,73 @@ describe('CreatePost', () => {
        })
      })
    })
+
+    describe('pinned posts', () => {
+      beforeEach(async () => {
+        variables = { ...variables, categoryIds: ['cat9', 'cat27', 'cat15'], pinned: true }
+      })
+      describe('users cannot create pinned posts', () => {
+        it('throws authorization error', async () => {
+          await expect(mutate({ mutation: createPostMutation, variables })).resolves.toMatchObject({
+            errors: [{ message: 'Not Authorised!' }],
+            data: { CreatePost: null },
+          })
+        })
+      })
+
+      describe('moderator cannot create pinned posts', () => {
+        let moderator
+        beforeEach(async () => {
+          moderator = await user.update({ role: 'moderator', updatedAt: new Date().toISOString() })
+          authenticatedUser = await moderator.toJson()
+        })
+
+        it('throws authorization error', async () => {
+          await expect(mutate({ mutation: createPostMutation, variables })).resolves.toMatchObject({
+            errors: [{ message: 'Not Authorised!' }],
+            data: { CreatePost: null },
+          })
+        })
+      })
+
+      describe('admin can create pinned posts', () => {
+        let admin
+        beforeEach(async () => {
+          admin = await user.update({
+            role: 'admin',
+            name: 'Admin',
+            updatedAt: new Date().toISOString(),
+          })
+          authenticatedUser = await admin.toJson()
+          variables = {
+            ...variables,
+            title: 'pinned post',
+            content:
+              'this is super important for the community and we promise not to have too many',
+          }
+        })
+
+        it('throws authorization error', async () => {
+          const expected = {
+            data: {
+              CreatePost: {
+                title: 'pinned post',
+                content:
+                  'this is super important for the community and we promise not to have too many',
+                author: {
+                  name: 'Admin',
+                },
+                pinned: true,
+              },
+            },
+          }
+
+          await expect(mutate({ mutation: createPostMutation, variables })).resolves.toMatchObject(
+            expected,
+          )
+        })
+      })
+    })
  })
 })

@ -386,7 +462,6 @@ describe('UpdatePost', () => {
    })

    variables = {
-      ...variables,
      id: 'p9876',
      title: 'New title',
      content: 'New content',
@ -395,8 +470,11 @@ describe('UpdatePost', () => {

  describe('unauthenticated', () => {
    it('throws authorization error', async () => {
-      const { errors } = await mutate({ mutation: updatePostMutation, variables })
-      expect(errors[0]).toHaveProperty('message', 'Not Authorised!')
+      authenticatedUser = null
+      expect(mutate({ mutation: updatePostMutation, variables })).resolves.toMatchObject({
+        errors: [{ message: 'Not Authorised!' }],
+        data: { UpdatePost: null },
+      })
    })
  })

--- a/backend/src/schema/types/type/Post.gql
+++ b/backend/src/schema/types/type/Post.gql
@ -16,6 +16,7 @@ type Post {
  createdAt: String
  updatedAt: String
  language: String
+  pinned: Boolean
  relatedContributions: [Post]!
    @cypher(
      statement: """
@ -68,6 +69,7 @@ type Mutation {
    language: String
    categoryIds: [ID]
    contentExcerpt: String
+    pinned: Boolean
  ): Post
  UpdatePost(
    id: ID!