From 44687e6fc36878ae144dbeac640251c2e2d0d690 Mon Sep 17 00:00:00 2001 From: Claus-Peter Huebner Date: Wed, 21 Jun 2023 02:08:11 +0200 Subject: [PATCH] adapt existing isAdmin treatment --- backend/src/graphql/directive/isAuthorized.ts | 10 ++++--- backend/src/graphql/model/User.ts | 4 ++- backend/src/graphql/model/UserAdmin.ts | 4 ++- backend/src/graphql/resolver/UserResolver.ts | 27 ++++++++++++++----- backend/src/util/communityUser.ts | 2 +- 5 files changed, 35 insertions(+), 12 deletions(-) diff --git a/backend/src/graphql/directive/isAuthorized.ts b/backend/src/graphql/directive/isAuthorized.ts index e41f41151..94aa60ffc 100644 --- a/backend/src/graphql/directive/isAuthorized.ts +++ b/backend/src/graphql/directive/isAuthorized.ts @@ -4,7 +4,7 @@ import { AuthChecker } from 'type-graphql' import { INALIENABLE_RIGHTS } from '@/auth/INALIENABLE_RIGHTS' import { decode, encode } from '@/auth/JWT' import { RIGHTS } from '@/auth/RIGHTS' -import { ROLE_UNAUTHORIZED, ROLE_USER, ROLE_ADMIN } from '@/auth/ROLES' +import { ROLE_UNAUTHORIZED, ROLE_USER, ROLE_ADMIN, ROLE_NAMES, ROLE_MODERATOR } from '@/auth/ROLES' import { Context } from '@/server/context' import { LogError } from '@/server/LogError' @@ -33,10 +33,14 @@ export const isAuthorized: AuthChecker = async ({ context }, rights) => try { const user = await User.findOneOrFail({ where: { gradidoID: decoded.gradidoID }, - relations: ['emailContact'], + relations: ['emailContact', 'userRole'], }) context.user = user - context.role = user.isAdmin ? ROLE_ADMIN : ROLE_USER + context.role = user.userRole + ? user.userRole.role === ROLE_NAMES.ROLE_NAME_ADMIN + ? ROLE_ADMIN + : ROLE_MODERATOR + : ROLE_USER } catch { // in case the database query fails (user deleted) throw new LogError('401 Unauthorized') diff --git a/backend/src/graphql/model/User.ts b/backend/src/graphql/model/User.ts index 5abbdadb7..496f263d9 100644 --- a/backend/src/graphql/model/User.ts +++ b/backend/src/graphql/model/User.ts @@ -18,7 +18,9 @@ export class User { this.createdAt = user.createdAt this.language = user.language this.publisherId = user.publisherId - this.isAdmin = user.isAdmin + if (user.userRole) { + this.isAdmin = user.userRole.createdAt + } this.klickTipp = null this.hasElopage = null this.hideAmountGDD = user.hideAmountGDD diff --git a/backend/src/graphql/model/UserAdmin.ts b/backend/src/graphql/model/UserAdmin.ts index 3e7210874..ff1011468 100644 --- a/backend/src/graphql/model/UserAdmin.ts +++ b/backend/src/graphql/model/UserAdmin.ts @@ -14,7 +14,9 @@ export class UserAdmin { this.hasElopage = hasElopage this.deletedAt = user.deletedAt this.emailConfirmationSend = emailConfirmationSend - this.isAdmin = user.isAdmin + if (user.userRole) { + this.isAdmin = user.userRole?.createdAt + } } @Field(() => Int) diff --git a/backend/src/graphql/resolver/UserResolver.ts b/backend/src/graphql/resolver/UserResolver.ts index cbfd9b5c5..a2ae333a9 100644 --- a/backend/src/graphql/resolver/UserResolver.ts +++ b/backend/src/graphql/resolver/UserResolver.ts @@ -7,6 +7,7 @@ import { ContributionLink as DbContributionLink } from '@entity/ContributionLink import { TransactionLink as DbTransactionLink } from '@entity/TransactionLink' import { User as DbUser } from '@entity/User' import { UserContact as DbUserContact } from '@entity/UserContact' +import { UserRole } from '@entity/UserRole' import i18n from 'i18n' import { Resolver, @@ -38,6 +39,7 @@ import { UserRepository } from '@repository/User' import { subscribe } from '@/apis/KlicktippController' import { encode } from '@/auth/JWT' import { RIGHTS } from '@/auth/RIGHTS' +import { ROLE_NAMES } from '@/auth/ROLES' import { CONFIG } from '@/config' import { sendAccountActivationEmail, @@ -713,7 +715,10 @@ export class UserResolver { @Ctx() context: Context, ): Promise { - const user = await DbUser.findOne({ id: userId }) + const user = await DbUser.findOne({ + where: { id: userId }, + relations: ['userRole'], + }) // user exists ? if (!user) { throw new LogError('Could not find user with given ID', userId) @@ -723,18 +728,24 @@ export class UserResolver { if (moderator.id === userId) { throw new LogError('Administrator can not change his own role') } - // change isAdmin - switch (user.isAdmin) { + // change userRole + switch (user.userRole) { case null: if (isAdmin) { - user.isAdmin = new Date() + user.userRole = UserRole.create() + user.userRole.createdAt = new Date() + user.userRole.role = ROLE_NAMES.ROLE_NAME_ADMIN + user.userRole.userId = user.id } else { throw new LogError('User is already an usual user') } break default: if (!isAdmin) { - user.isAdmin = null + if (user.userRole) { + await UserRole.delete(user.userRole) + } + user.userRole = undefined } else { throw new LogError('User is already admin') } @@ -743,7 +754,11 @@ export class UserResolver { await user.save() await EVENT_ADMIN_USER_ROLE_SET(user, moderator) const newUser = await DbUser.findOne({ id: userId }) - return newUser ? newUser.isAdmin : null + return newUser + ? newUser.userRole && newUser.userRole.role === ROLE_NAMES.ROLE_NAME_ADMIN + ? newUser.userRole.createdAt + : null + : null } @Authorized([RIGHTS.DELETE_USER]) diff --git a/backend/src/util/communityUser.ts b/backend/src/util/communityUser.ts index f96c33470..a8fab134f 100644 --- a/backend/src/util/communityUser.ts +++ b/backend/src/util/communityUser.ts @@ -26,7 +26,7 @@ const communityDbUser: dbUser = { createdAt: new Date(), // emailChecked: false, language: '', - isAdmin: null, + userRole: undefined, publisherId: 0, // default password encryption type passwordEncryptionType: PasswordEncryptionType.NO_PASSWORD,