diff --git a/backend/src/auth/RIGHTS.ts b/backend/src/auth/RIGHTS.ts index df4d4a2c1..4b9036eed 100644 --- a/backend/src/auth/RIGHTS.ts +++ b/backend/src/auth/RIGHTS.ts @@ -19,8 +19,8 @@ export enum RIGHTS { UPDATE_USER_INFOS = 'UPDATE_USER_INFOS', HAS_ELOPAGE = 'HAS_ELOPAGE', CREATE_TRANSACTION_LINK = 'CREATE_TRANSACTION_LINK', + DELETE_TRANSACTION_LINK = 'DELETE_TRANSACTION_LINK', QUERY_TRANSACTION_LINK = 'QUERY_TRANSACTION_LINK', - // Admin SEARCH_USERS = 'SEARCH_USERS', CREATE_PENDING_CREATION = 'CREATE_PENDING_CREATION', diff --git a/backend/src/auth/ROLES.ts b/backend/src/auth/ROLES.ts index 37a4e3a67..2a86b5bab 100644 --- a/backend/src/auth/ROLES.ts +++ b/backend/src/auth/ROLES.ts @@ -19,6 +19,7 @@ export const ROLE_USER = new Role('user', [ RIGHTS.UPDATE_USER_INFOS, RIGHTS.HAS_ELOPAGE, RIGHTS.CREATE_TRANSACTION_LINK, + RIGHTS.DELETE_TRANSACTION_LINK, ]) export const ROLE_ADMIN = new Role('admin', Object.values(RIGHTS)) // all rights diff --git a/backend/src/graphql/resolver/TransactionLinkResolver.ts b/backend/src/graphql/resolver/TransactionLinkResolver.ts index 4065bb13a..e9fa2f295 100644 --- a/backend/src/graphql/resolver/TransactionLinkResolver.ts +++ b/backend/src/graphql/resolver/TransactionLinkResolver.ts @@ -1,7 +1,7 @@ /* eslint-disable @typescript-eslint/no-explicit-any */ /* eslint-disable @typescript-eslint/explicit-module-boundary-types */ -import { Resolver, Args, Authorized, Ctx, Mutation, Query } from 'type-graphql' +import { Resolver, Args, Arg, Authorized, Ctx, Mutation, Query } from 'type-graphql' import { getCustomRepository } from '@dbTools/typeorm' import { TransactionLink } from '@model/TransactionLink' import { TransactionLink as dbTransactionLink } from '@entity/TransactionLink' @@ -69,6 +69,32 @@ export class TransactionLinkResolver { return new TransactionLink(transactionLink, new User(user)) } + @Authorized([RIGHTS.DELETE_TRANSACTION_LINK]) + @Mutation(() => Boolean) + async deleteTransactionLink(@Arg('id') id: number, @Ctx() context: any): Promise { + const userRepository = getCustomRepository(UserRepository) + const user = await userRepository.findByPubkeyHex(context.pubKey) + + const transactionLink = await dbTransactionLink.findOne({ id }) + if (!transactionLink) { + throw new Error('Transaction Link not found!') + } + + if (transactionLink.userId !== user.id) { + throw new Error('Transaction Link cannot be deleted!') + } + + if (transactionLink.redeemedBy) { + throw new Error('Transaction Link already redeemed!') + } + + await transactionLink.softRemove().catch(() => { + throw new Error('Transaction Link could not be deleted!') + }) + + return true + } + @Authorized([RIGHTS.QUERY_TRANSACTION_LINK]) @Query(() => TransactionLink) async queryTransactionLink(