right check for searchUsers & verifyLogin

backend/src/auth/RIGHTS.ts

@@ -1,5 +1,6 @@
 export enum RIGHTS {
   LOGIN = 'LOGIN',
+  VERIFY_LOGIN = 'VERIFY_LOGIN',
   BALANCE = 'BALANCE',
   GET_COMMUNITY_INFO = 'GET_COMMUNITY_INFO',
   COMMUNITIES = 'COMMUNITIES',
@@ -20,4 +21,6 @@ export enum RIGHTS {
   CHECK_USERNAME = 'CHECK_USERNAME',
   CHECK_EMAIL = 'CHECK_EMAIL',
   HAS_ELOPAGE = 'HAS_ELOPAGE',
+  // Admin
+  SEARCH_USERS = 'SEARCH_USERS',
 }

backend/src/auth/ROLES.ts

@@ -5,6 +5,7 @@ import { Role } from './Role'
 export const ROLE_UNAUTHORIZED = new Role('unauthorized', INALIENABLE_RIGHTS)
 export const ROLE_USER = new Role('user', [
   ...INALIENABLE_RIGHTS,
+  RIGHTS.VERIFY_LOGIN,
   RIGHTS.BALANCE,
   RIGHTS.LIST_GDT_ENTRIES,
   RIGHTS.EXIST_PID,

backend/src/graphql/resolver/AdminResolver.ts

@@ -1,10 +1,12 @@
-import { Resolver, Query, Arg } from 'type-graphql'
+import { Resolver, Query, Arg, Authorized } from 'type-graphql'
 import { getCustomRepository } from 'typeorm'
 import { UserAdmin } from '../model/UserAdmin'
 import { LoginUserRepository } from '../../typeorm/repository/LoginUser'
+import { RIGHTS } from '../../auth/RIGHTS'
 
 @Resolver()
 export class AdminResolver {
+  @Authorized([RIGHTS.SEARCH_USERS])
   @Query(() => [UserAdmin])
   async searchUsers(@Arg('searchText') searchText: string): Promise<UserAdmin[]> {
     const loginUserRepository = getCustomRepository(LoginUserRepository)

backend/src/graphql/resolver/UserResolver.ts

@@ -195,7 +195,7 @@ const SecretKeyCryptographyDecrypt = (encryptedMessage: Buffer, encryptionKey: B
 
 @Resolver()
 export class UserResolver {
-  @Authorized()
+  @Authorized([RIGHTS.VERIFY_LOGIN])
   @Query(() => User)
   @UseMiddleware(klicktippNewsletterStateMiddleware)
   async verifyLogin(@Ctx() context: any): Promise<User> {