adapt existing isAdmin treatment

2026-02-06 01:46:07 +00:00 · 2023-06-21 02:08:11 +02:00 · 2023-06-21 02:08:11 +02:00 · 44687e6fc3
commit 44687e6fc3
parent d1d9f6c050
5 changed files with 35 additions and 12 deletions
--- a/backend/src/graphql/directive/isAuthorized.ts
+++ b/backend/src/graphql/directive/isAuthorized.ts
@ -4,7 +4,7 @@ import { AuthChecker } from 'type-graphql'
 import { INALIENABLE_RIGHTS } from '@/auth/INALIENABLE_RIGHTS'
 import { decode, encode } from '@/auth/JWT'
 import { RIGHTS } from '@/auth/RIGHTS'
-import { ROLE_UNAUTHORIZED, ROLE_USER, ROLE_ADMIN } from '@/auth/ROLES'
+import { ROLE_UNAUTHORIZED, ROLE_USER, ROLE_ADMIN, ROLE_NAMES, ROLE_MODERATOR } from '@/auth/ROLES'
 import { Context } from '@/server/context'
 import { LogError } from '@/server/LogError'

@ -33,10 +33,14 @@ export const isAuthorized: AuthChecker<Context> = async ({ context }, rights) =>
  try {
    const user = await User.findOneOrFail({
      where: { gradidoID: decoded.gradidoID },
-      relations: ['emailContact'],
+      relations: ['emailContact', 'userRole'],
    })
    context.user = user
-    context.role = user.isAdmin ? ROLE_ADMIN : ROLE_USER
+    context.role = user.userRole
+      ? user.userRole.role === ROLE_NAMES.ROLE_NAME_ADMIN
+        ? ROLE_ADMIN
+        : ROLE_MODERATOR
+      : ROLE_USER
  } catch {
    // in case the database query fails (user deleted)
    throw new LogError('401 Unauthorized')
--- a/backend/src/graphql/model/User.ts
+++ b/backend/src/graphql/model/User.ts
@ -18,7 +18,9 @@ export class User {
    this.createdAt = user.createdAt
    this.language = user.language
    this.publisherId = user.publisherId
-    this.isAdmin = user.isAdmin
+    if (user.userRole) {
+      this.isAdmin = user.userRole.createdAt
+    }
    this.klickTipp = null
    this.hasElopage = null
    this.hideAmountGDD = user.hideAmountGDD
--- a/backend/src/graphql/model/UserAdmin.ts
+++ b/backend/src/graphql/model/UserAdmin.ts
@ -14,7 +14,9 @@ export class UserAdmin {
    this.hasElopage = hasElopage
    this.deletedAt = user.deletedAt
    this.emailConfirmationSend = emailConfirmationSend
-    this.isAdmin = user.isAdmin
+    if (user.userRole) {
+      this.isAdmin = user.userRole?.createdAt
+    }
  }

  @Field(() => Int)
--- a/backend/src/graphql/resolver/UserResolver.ts
+++ b/backend/src/graphql/resolver/UserResolver.ts
@ -7,6 +7,7 @@ import { ContributionLink as DbContributionLink } from '@entity/ContributionLink
 import { TransactionLink as DbTransactionLink } from '@entity/TransactionLink'
 import { User as DbUser } from '@entity/User'
 import { UserContact as DbUserContact } from '@entity/UserContact'
+import { UserRole } from '@entity/UserRole'
 import i18n from 'i18n'
 import {
  Resolver,
@ -38,6 +39,7 @@ import { UserRepository } from '@repository/User'
 import { subscribe } from '@/apis/KlicktippController'
 import { encode } from '@/auth/JWT'
 import { RIGHTS } from '@/auth/RIGHTS'
+import { ROLE_NAMES } from '@/auth/ROLES'
 import { CONFIG } from '@/config'
 import {
  sendAccountActivationEmail,
@ -713,7 +715,10 @@ export class UserResolver {
    @Ctx()
    context: Context,
  ): Promise<Date | null> {
-    const user = await DbUser.findOne({ id: userId })
+    const user = await DbUser.findOne({
+      where: { id: userId },
+      relations: ['userRole'],
+    })
    // user exists ?
    if (!user) {
      throw new LogError('Could not find user with given ID', userId)
@ -723,18 +728,24 @@ export class UserResolver {
    if (moderator.id === userId) {
      throw new LogError('Administrator can not change his own role')
    }
-    // change isAdmin
-    switch (user.isAdmin) {
+    // change userRole
+    switch (user.userRole) {
      case null:
        if (isAdmin) {
-          user.isAdmin = new Date()
+          user.userRole = UserRole.create()
+          user.userRole.createdAt = new Date()
+          user.userRole.role = ROLE_NAMES.ROLE_NAME_ADMIN
+          user.userRole.userId = user.id
        } else {
          throw new LogError('User is already an usual user')
        }
        break
      default:
        if (!isAdmin) {
-          user.isAdmin = null
+          if (user.userRole) {
+            await UserRole.delete(user.userRole)
+          }
+          user.userRole = undefined
        } else {
          throw new LogError('User is already admin')
        }
@ -743,7 +754,11 @@ export class UserResolver {
    await user.save()
    await EVENT_ADMIN_USER_ROLE_SET(user, moderator)
    const newUser = await DbUser.findOne({ id: userId })
-    return newUser ? newUser.isAdmin : null
+    return newUser
+      ? newUser.userRole && newUser.userRole.role === ROLE_NAMES.ROLE_NAME_ADMIN
+        ? newUser.userRole.createdAt
+        : null
+      : null
  }

  @Authorized([RIGHTS.DELETE_USER])
--- a/backend/src/util/communityUser.ts
+++ b/backend/src/util/communityUser.ts
@ -26,7 +26,7 @@ const communityDbUser: dbUser = {
  createdAt: new Date(),
  // emailChecked: false,
  language: '',
-  isAdmin: null,
+  userRole: undefined,
  publisherId: 0,
  // default password encryption type
  passwordEncryptionType: PasswordEncryptionType.NO_PASSWORD,