From 31a3837fa55d73917cc7f2071d0a9170b31d0a22 Mon Sep 17 00:00:00 2001
From: Ulf Gebhardt <ulf.gebhardt@webcraft-media.de>
Date: Thu, 25 Nov 2021 09:01:23 +0100
Subject: [PATCH] right check for searchUsers & verifyLogin

---
 backend/src/auth/RIGHTS.ts                    | 3 +++
 backend/src/auth/ROLES.ts                     | 1 +
 backend/src/graphql/resolver/AdminResolver.ts | 4 +++-
 backend/src/graphql/resolver/UserResolver.ts  | 2 +-
 4 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/backend/src/auth/RIGHTS.ts b/backend/src/auth/RIGHTS.ts
index 08dca83b1..fa750239e 100644
--- a/backend/src/auth/RIGHTS.ts
+++ b/backend/src/auth/RIGHTS.ts
@@ -1,5 +1,6 @@
 export enum RIGHTS {
   LOGIN = 'LOGIN',
+  VERIFY_LOGIN = 'VERIFY_LOGIN',
   BALANCE = 'BALANCE',
   GET_COMMUNITY_INFO = 'GET_COMMUNITY_INFO',
   COMMUNITIES = 'COMMUNITIES',
@@ -20,4 +21,6 @@ export enum RIGHTS {
   CHECK_USERNAME = 'CHECK_USERNAME',
   CHECK_EMAIL = 'CHECK_EMAIL',
   HAS_ELOPAGE = 'HAS_ELOPAGE',
+  // Admin
+  SEARCH_USERS = 'SEARCH_USERS',
 }
diff --git a/backend/src/auth/ROLES.ts b/backend/src/auth/ROLES.ts
index ef6746059..ada6a2cef 100644
--- a/backend/src/auth/ROLES.ts
+++ b/backend/src/auth/ROLES.ts
@@ -5,6 +5,7 @@ import { Role } from './Role'
 export const ROLE_UNAUTHORIZED = new Role('unauthorized', INALIENABLE_RIGHTS)
 export const ROLE_USER = new Role('user', [
   ...INALIENABLE_RIGHTS,
+  RIGHTS.VERIFY_LOGIN,
   RIGHTS.BALANCE,
   RIGHTS.LIST_GDT_ENTRIES,
   RIGHTS.EXIST_PID,
diff --git a/backend/src/graphql/resolver/AdminResolver.ts b/backend/src/graphql/resolver/AdminResolver.ts
index 9af50faad..4ae259087 100644
--- a/backend/src/graphql/resolver/AdminResolver.ts
+++ b/backend/src/graphql/resolver/AdminResolver.ts
@@ -1,10 +1,12 @@
-import { Resolver, Query, Arg } from 'type-graphql'
+import { Resolver, Query, Arg, Authorized } from 'type-graphql'
 import { getCustomRepository } from 'typeorm'
 import { UserAdmin } from '../model/UserAdmin'
 import { LoginUserRepository } from '../../typeorm/repository/LoginUser'
+import { RIGHTS } from '../../auth/RIGHTS'
 
 @Resolver()
 export class AdminResolver {
+  @Authorized([RIGHTS.SEARCH_USERS])
   @Query(() => [UserAdmin])
   async searchUsers(@Arg('searchText') searchText: string): Promise<UserAdmin[]> {
     const loginUserRepository = getCustomRepository(LoginUserRepository)
diff --git a/backend/src/graphql/resolver/UserResolver.ts b/backend/src/graphql/resolver/UserResolver.ts
index 89e398496..323df11fb 100644
--- a/backend/src/graphql/resolver/UserResolver.ts
+++ b/backend/src/graphql/resolver/UserResolver.ts
@@ -195,7 +195,7 @@ const SecretKeyCryptographyDecrypt = (encryptedMessage: Buffer, encryptionKey: B
 
 @Resolver()
 export class UserResolver {
-  @Authorized()
+  @Authorized([RIGHTS.VERIFY_LOGIN])
   @Query(() => User)
   @UseMiddleware(klicktippNewsletterStateMiddleware)
   async verifyLogin(@Ctx() context: any): Promise<User> {