Let all tests pass 💚

2025-12-13 07:45:56 +00:00 · 2019-03-04 18:36:56 +01:00 · 2019-03-04 18:36:56 +01:00 · c869724d29
commit c869724d29
parent b2520258a3
3 changed files with 31 additions and 7 deletions
--- a/src/middleware/permissionsMiddleware.js
+++ b/src/middleware/permissionsMiddleware.js
@ -34,8 +34,6 @@ const permissions = shield({
  },
  Mutation: {
    CreatePost: isAuthenticated,
-    // TODO UpdatePost: isOwner,
-    // TODO DeletePost: isOwner,
    report: isAuthenticated,
    CreateBadge: isAdmin,
    UpdateBadge: isAdmin,
--- a/src/middleware/softDeleteMiddleware.js
+++ b/src/middleware/softDeleteMiddleware.js
@ -19,5 +19,8 @@ export default {
    User: async (resolve, root, args, context, info) => {
      return resolve(root, setDefaults(args), context, info)
    }
+  },
+  Mutation: async (resolve, root, args, context, info) => {
+    return resolve(root, setDefaults(args), context, info)
  }
 }
--- a/src/resolvers/posts.js
+++ b/src/resolvers/posts.js
@ -1,22 +1,45 @@
 import { neo4jgraphql } from 'neo4j-graphql-js'

+const isAuthor = async (params, { user, driver }) => {
+  if (!user) return false
+  const session = driver.session()
+  const { id: postId } = params
+  const result = await session.run(`
+  MATCH (post:Post {id: $postId})<-[:WROTE]-(author)
+  RETURN author
+  `, { postId })
+  const [author] = result.records.map((record) => {
+    return record.get('author')
+  })
+  const { properties: { id: authorId } } = author
+  session.close()
+  return authorId === user.id
+}
+
 export default {
  Mutation: {
-    CreatePost: async (object, params, ctx, resolveInfo) => {
-      const result = await neo4jgraphql(object, params, ctx, resolveInfo, false)
+    CreatePost: async (object, params, context, resolveInfo) => {
+      const result = await neo4jgraphql(object, params, context, resolveInfo, false)

-      const session = ctx.driver.session()
+      const session = context.driver.session()
      await session.run(
        'MATCH (author:User {id: $userId}), (post:Post {id: $postId}) ' +
        'MERGE (post)<-[:WROTE]-(author) ' +
        'RETURN author', {
-          userId: ctx.user.id,
+          userId: context.user.id,
          postId: result.id
        })
      session.close()

      return result
+    },
+    UpdatePost: async (object, params, context, resolveInfo) => {
+      if (!await isAuthor(params, context)) return Error('Not Authorised!')
+      return neo4jgraphql(object, params, context, resolveInfo, false)
+    },
+    DeletePost: async (object, params, context, resolveInfo) => {
+      if (!await isAuthor(params, context)) return Error('Not Authorised!')
+      return neo4jgraphql(object, params, context, resolveInfo, false)
    }
-
  }
 }