IT4Change/Ocelot-Social
3
0
Fork 0
mirror of https://github.com/IT4Change/Ocelot-Social.git synced 2025-12-13 07:45:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

Implement authorization on Post mutations

Browse Source
This commit is contained in:
Robert Schäfer 2019-02-20 00:46:27 +01:00
parent f1dd52f579
commit 7a70b9ece4
1 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/middleware/permissionsMiddleware.js
View File

@ -16,7 +16,7 @@ const isModerator = rule()(async (parent, args, ctx, info) => {
})
*/
const isOwner = rule({ cache: 'no_cache' })(async (parent, args, ctx, info) => {
const myself = rule({ cache: 'no_cache' })(async (parent, args, ctx, info) => {
return ctx.user.id === parent.id
})
@ -28,13 +28,16 @@ const permissions = shield({
// customers: and(isAuthenticated, isAdmin)
},
Mutation: {
report: isAuthenticated
CreatePost: isAuthenticated,
// TODO UpdatePost: isOwner,
// TODO DeletePost: isOwner,
report: isAuthenticated,
// addFruitToBasket: isAuthenticated
// CreateUser: allow,
},
User: {
email: isOwner,
password: isOwner
email: myself,
password: myself
}
// Post: isAuthenticated
})