mirror of
https://github.com/IT4Change/Ocelot-Social.git
synced 2025-12-13 07:45:56 +00:00
same cypher for removeUserFromGroup and leaveGroup, adjust tests, admin cannot remove users fro group
This commit is contained in:
Moriz Wahl
parent
eb0bc971ec
commit
db8ad8897e
@ -280,10 +280,7 @@ const canRemoveUserFromGroup = rule({
|
||||
try {
|
||||
const { currentUserRole, userRole } = await readTxPromise
|
||||
return (
|
||||
currentUserRole &&
|
||||
['admin', 'owner'].includes(currentUserRole) &&
|
||||
userRole &&
|
||||
userRole !== 'owner'
|
||||
currentUserRole && ['owner'].includes(currentUserRole) && userRole && userRole !== 'owner'
|
||||
)
|
||||
} catch (error) {
|
||||
throw new Error(error)
|
||||
|
||||
@ -295,25 +295,8 @@ export default {
|
||||
LeaveGroup: async (_parent, params, context, _resolveInfo) => {
|
||||
const { groupId, userId } = params
|
||||
const session = context.driver.session()
|
||||
const writeTxResultPromise = session.writeTransaction(async (transaction) => {
|
||||
const leaveGroupCypher = `
|
||||
MATCH (member:User {id: $userId})-[membership:MEMBER_OF]->(group:Group {id: $groupId})
|
||||
DELETE membership
|
||||
WITH member, group
|
||||
OPTIONAL MATCH (p:Post)-[:IN]->(group)
|
||||
WHERE NOT group.groupType = 'public'
|
||||
WITH member, group, collect(p) AS posts
|
||||
FOREACH (post IN posts |
|
||||
MERGE (member)-[:CANNOT_SEE]->(post))
|
||||
RETURN member {.*, myRoleInGroup: NULL}
|
||||
`
|
||||
|
||||
const transactionResponse = await transaction.run(leaveGroupCypher, { groupId, userId })
|
||||
const [member] = await transactionResponse.records.map((record) => record.get('member'))
|
||||
return member
|
||||
})
|
||||
try {
|
||||
return await writeTxResultPromise
|
||||
return await removeUserFromGroupWriteTxResultPromise(session, groupId, userId)
|
||||
} catch (error) {
|
||||
throw new Error(error)
|
||||
} finally {
|
||||
@ -371,28 +354,8 @@ export default {
|
||||
RemoveUserFromGroup: async (_parent, params, context, _resolveInfo) => {
|
||||
const { groupId, userId } = params
|
||||
const session = context.driver.session()
|
||||
const writeTxResultPromise = session.writeTransaction(async (transaction) => {
|
||||
const removeUserFromGroupCypher = `
|
||||
MATCH (member:User {id: $userId})-[membership:MEMBER_OF]->(group:Group {id: $groupId})
|
||||
DELETE membership
|
||||
WITH member AS user, group
|
||||
OPTIONAL MATCH (u:User)-[:WROTE]->(p:Post)-[:IN]->(group)
|
||||
WHERE NOT u.id = $userId
|
||||
WITH user, collect(p) AS posts
|
||||
FOREACH (post IN posts |
|
||||
MERGE (user)-[:CANNOT_SEE]->(post))
|
||||
RETURN user {.*, myRoleInGroup: null}`
|
||||
|
||||
const transactionResponse = await transaction.run(removeUserFromGroupCypher, {
|
||||
groupId,
|
||||
userId,
|
||||
})
|
||||
|
||||
const [user] = await transactionResponse.records.map((record) => record.get('user'))
|
||||
return user
|
||||
})
|
||||
try {
|
||||
return await writeTxResultPromise
|
||||
return await removeUserFromGroupWriteTxResultPromise(session, groupId, userId)
|
||||
} catch (error) {
|
||||
throw new Error(error)
|
||||
} finally {
|
||||
@ -414,3 +377,27 @@ export default {
|
||||
}),
|
||||
},
|
||||
}
|
||||
|
||||
const removeUserFromGroupWriteTxResultPromise = async (session, groupId, userId) => {
|
||||
return session.writeTransaction(async (transaction) => {
|
||||
const removeUserFromGroupCypher = `
|
||||
MATCH (user:User {id: $userId})-[membership:MEMBER_OF]->(group:Group {id: $groupId})
|
||||
DELETE membership
|
||||
WITH user, group
|
||||
OPTIONAL MATCH (author:User)-[:WROTE]->(p:Post)-[:IN]->(group)
|
||||
WHERE NOT group.groupType = 'public'
|
||||
AND NOT author.id = $userId
|
||||
WITH user, collect(p) AS posts
|
||||
FOREACH (post IN posts |
|
||||
MERGE (user)-[:CANNOT_SEE]->(post))
|
||||
RETURN user {.*, myRoleInGroup: NULL}
|
||||
`
|
||||
|
||||
const transactionResponse = await transaction.run(removeUserFromGroupCypher, {
|
||||
groupId,
|
||||
userId,
|
||||
})
|
||||
const [user] = await transactionResponse.records.map((record) => record.get('user'))
|
||||
return user
|
||||
})
|
||||
}
|
||||
|
||||
@ -3076,6 +3076,26 @@ describe('in mode', () => {
|
||||
})
|
||||
})
|
||||
|
||||
it('throws an error', async () => {
|
||||
authenticatedUser = await usualMemberUser.toJson()
|
||||
await expect(
|
||||
mutate({
|
||||
mutation: removeUserFromGroupMutation(),
|
||||
variables: {
|
||||
groupId: 'hidden-group',
|
||||
userId: 'admin-member-user',
|
||||
},
|
||||
}),
|
||||
).resolves.toMatchObject({
|
||||
errors: expect.arrayContaining([
|
||||
expect.objectContaining({
|
||||
message: 'Not Authorized!',
|
||||
}),
|
||||
]),
|
||||
})
|
||||
})
|
||||
|
||||
/*
|
||||
it('removes the user from the group', async () => {
|
||||
await expect(
|
||||
mutate({
|
||||
@ -3131,6 +3151,7 @@ describe('in mode', () => {
|
||||
]),
|
||||
})
|
||||
})
|
||||
*/
|
||||
})
|
||||
})
|
||||
})
|
||||
|
||||
@ -1524,9 +1524,9 @@ describe('Posts in Groups', () => {
|
||||
})
|
||||
})
|
||||
|
||||
it('does not show the posts of the closed group anymore', async () => {
|
||||
it('stil shows the posts of the closed group', async () => {
|
||||
const result = await query({ query: filterPosts(), variables: {} })
|
||||
expect(result.data.Post).toHaveLength(3)
|
||||
expect(result.data.Post).toHaveLength(4)
|
||||
expect(result).toMatchObject({
|
||||
data: {
|
||||
Post: expect.arrayContaining([
|
||||
@ -1540,6 +1540,11 @@ describe('Posts in Groups', () => {
|
||||
title: 'A post without a group',
|
||||
content: 'I am a user who does not belong to a group yet.',
|
||||
},
|
||||
{
|
||||
id: 'post-to-closed-group',
|
||||
title: 'A post to a closed group',
|
||||
content: 'I am posting into a closed group as a member of the group',
|
||||
},
|
||||
{
|
||||
id: 'post-to-hidden-group',
|
||||
title: 'A post to a hidden group',
|
||||
@ -1564,9 +1569,9 @@ describe('Posts in Groups', () => {
|
||||
})
|
||||
})
|
||||
|
||||
it('does only show the public posts', async () => {
|
||||
it('still shows the post of the hidden group', async () => {
|
||||
const result = await query({ query: filterPosts(), variables: {} })
|
||||
expect(result.data.Post).toHaveLength(2)
|
||||
expect(result.data.Post).toHaveLength(4)
|
||||
expect(result).toMatchObject({
|
||||
data: {
|
||||
Post: expect.arrayContaining([
|
||||
@ -1580,6 +1585,16 @@ describe('Posts in Groups', () => {
|
||||
title: 'A post without a group',
|
||||
content: 'I am a user who does not belong to a group yet.',
|
||||
},
|
||||
{
|
||||
id: 'post-to-closed-group',
|
||||
title: 'A post to a closed group',
|
||||
content: 'I am posting into a closed group as a member of the group',
|
||||
},
|
||||
{
|
||||
id: 'post-to-hidden-group',
|
||||
title: 'A post to a hidden group',
|
||||
content: 'I am posting into a hidden group as a member of the group',
|
||||
},
|
||||
]),
|
||||
},
|
||||
errors: undefined,
|
||||
@ -1603,9 +1618,9 @@ describe('Posts in Groups', () => {
|
||||
authenticatedUser = await allGroupsUser.toJson()
|
||||
})
|
||||
|
||||
it('does not show the posts of the closed group', async () => {
|
||||
it('shows the posts of the closed group', async () => {
|
||||
const result = await query({ query: filterPosts(), variables: {} })
|
||||
expect(result.data.Post).toHaveLength(3)
|
||||
expect(result.data.Post).toHaveLength(4)
|
||||
expect(result).toMatchObject({
|
||||
data: {
|
||||
Post: expect.arrayContaining([
|
||||
@ -1624,6 +1639,11 @@ describe('Posts in Groups', () => {
|
||||
title: 'A post to a closed group',
|
||||
content: 'I am posting into a closed group as a member of the group',
|
||||
},
|
||||
{
|
||||
id: 'post-to-hidden-group',
|
||||
title: 'A post to a hidden group',
|
||||
content: 'I am posting into a hidden group as a member of the group',
|
||||
},
|
||||
]),
|
||||
},
|
||||
errors: undefined,
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user