ocelot-Social-Community/Ocelot-Social
1
0
Fork 0
mirror of https://github.com/Ocelot-Social-Community/Ocelot-Social.git synced 2025-12-13 07:46:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' into distinct-shouts-and-follows

Browse Source
This commit is contained in:
Grzegorz Leoniec 2019-03-05 12:54:24 +01:00 committed by GitHub
commit c27204d56e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 195 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
src/middleware/permissionsMiddleware.js
View File

@ -25,6 +25,22 @@ const onlyEnabledContent = rule({ cache: 'strict' })(async (parent, args, ctx, i
return !(disabled || deleted) return !(disabled || deleted)
}) })
const isAuthor = rule({ cache: 'no_cache' })(async (parent, args, { user, driver }) => {
if (!user) return false
const session = driver.session()
const { id: postId } = args
const result = await session.run(`
MATCH (post:Post {id: $postId})<-[:WROTE]-(author)
RETURN author
`, { postId })
const [author] = result.records.map((record) => {
return record.get('author')
})
const { properties: { id: authorId } } = author
session.close()
return authorId === user.id
})
// Permissions // Permissions
const permissions = shield({ const permissions = shield({
Query: { Query: {
@ -34,8 +50,8 @@ const permissions = shield({
}, },
Mutation: { Mutation: {
CreatePost: isAuthenticated, CreatePost: isAuthenticated,
// TODO UpdatePost: isOwner, UpdatePost: isAuthor,
// TODO DeletePost: isOwner, DeletePost: isAuthor,
report: isAuthenticated, report: isAuthenticated,
CreateBadge: isAdmin, CreateBadge: isAdmin,
UpdateBadge: isAdmin, UpdateBadge: isAdmin,

3
src/middleware/softDeleteMiddleware.js
View File

@ -19,5 +19,8 @@ export default {
User: async (resolve, root, args, context, info) => { User: async (resolve, root, args, context, info) => {
return resolve(root, setDefaults(args), context, info) return resolve(root, setDefaults(args), context, info)
} }
},
Mutation: async (resolve, root, args, context, info) => {
return resolve(root, setDefaults(args), context, info)
} }
} }

9
src/resolvers/posts.js
View File

@ -2,21 +2,20 @@ import { neo4jgraphql } from 'neo4j-graphql-js'
export default { export default {
Mutation: { Mutation: {
CreatePost: async (object, params, ctx, resolveInfo) => { CreatePost: async (object, params, context, resolveInfo) => {
const result = await neo4jgraphql(object, params, ctx, resolveInfo, false) const result = await neo4jgraphql(object, params, context, resolveInfo, false)
const session = ctx.driver.session() const session = context.driver.session()
await session.run( await session.run(
'MATCH (author:User {id: $userId}), (post:Post {id: $postId}) ' + 'MATCH (author:User {id: $userId}), (post:Post {id: $postId}) ' +
'MERGE (post)<-[:WROTE]-(author) ' + 'MERGE (post)<-[:WROTE]-(author) ' +
'RETURN author', { 'RETURN author', {
userId: ctx.user.id, userId: context.user.id,
postId: result.id postId: result.id
}) })
session.close() session.close()
return result return result
} }
} }
} }

195
src/resolvers/posts.spec.js
View File

@ -3,6 +3,7 @@ import { GraphQLClient } from 'graphql-request'
import { host, login } from '../jest/helpers' import { host, login } from '../jest/helpers'
const factory = Factory() const factory = Factory()
let client
beforeEach(async () => { beforeEach(async () => {
await factory.create('User', { await factory.create('User', {
@ -16,46 +17,186 @@ afterEach(async () => {
}) })
describe('CreatePost', () => { describe('CreatePost', () => {
const mutation = `
mutation {
CreatePost(title: "I am a title", content: "Some content") {
title
content
slug
disabled
deleted
}
}
`
describe('unauthenticated', () => { describe('unauthenticated', () => {
let client
it('throws authorization error', async () => { it('throws authorization error', async () => {
client = new GraphQLClient(host) client = new GraphQLClient(host)
await expect(client.request(`mutation { await expect(client.request(mutation)).rejects.toThrow('Not Authorised')
CreatePost( })
title: "I am a post", })
content: "Some content"
) { slug } describe('authenticated', () => {
}`)).rejects.toThrow('Not Authorised') let headers
beforeEach(async () => {
headers = await login({ email: 'test@example.org', password: '1234' })
client = new GraphQLClient(host, { headers })
}) })
describe('authenticated', () => { it('creates a post', async () => {
let headers const expected = {
let response CreatePost: {
beforeEach(async () => { title: 'I am a title',
headers = await login({ email: 'test@example.org', password: '1234' }) content: 'Some content'
client = new GraphQLClient(host, { headers }) }
response = await client.request(`mutation { }
CreatePost( await expect(client.request(mutation)).resolves.toMatchObject(expected)
title: "A title", })
content: "Some content"
) { title, content }
}`, { headers })
})
it('creates a post', () => { it('assigns the authenticated user as author', async () => {
expect(response).toEqual({ CreatePost: { title: 'A title', content: 'Some content' } }) await client.request(mutation)
}) const { User } = await client.request(`{
it('assigns the authenticated user as author', async () => {
const { User } = await client.request(`{
User(email:"test@example.org") { User(email:"test@example.org") {
contributions { contributions {
title title
} }
} }
}`, { headers }) }`, { headers })
expect(User).toEqual([ { contributions: [ { title: 'A title' } ] } ]) expect(User).toEqual([ { contributions: [ { title: 'I am a title' } ] } ])
})
describe('disabled and deleted', () => {
it('initially false', async () => {
const expected = { CreatePost: { disabled: false, deleted: false } }
await expect(client.request(mutation)).resolves.toMatchObject(expected)
}) })
}) })
}) })
}) })
describe('UpdatePost', () => {
const mutation = `
mutation($id: ID!, $content: String) {
UpdatePost(id: $id, content: $content) {
id
content
}
}
`
let variables = {
id: 'p1',
content: 'New content'
}
beforeEach(async () => {
const asAuthor = Factory()
await asAuthor.create('User', {
email: 'author@example.org',
password: '1234'
})
await asAuthor.authenticateAs({
email: 'author@example.org',
password: '1234'
})
await asAuthor.create('Post', {
id: 'p1',
content: 'Old content'
})
})
describe('unauthenticated', () => {
it('throws authorization error', async () => {
client = new GraphQLClient(host)
await expect(client.request(mutation, variables)).rejects.toThrow('Not Authorised')
})
})
describe('authenticated but not the author', () => {
let headers
beforeEach(async () => {
headers = await login({ email: 'test@example.org', password: '1234' })
client = new GraphQLClient(host, { headers })
})
it('throws authorization error', async () => {
await expect(client.request(mutation, variables)).rejects.toThrow('Not Authorised')
})
})
describe('authenticated as author', () => {
let headers
beforeEach(async () => {
headers = await login({ email: 'author@example.org', password: '1234' })
client = new GraphQLClient(host, { headers })
})
it('updates a post', async () => {
const expected = { UpdatePost: { id: 'p1', content: 'New content' } }
await expect(client.request(mutation, variables)).resolves.toEqual(expected)
})
})
})
describe('DeletePost', () => {
const mutation = `
mutation($id: ID!) {
DeletePost(id: $id) {
id
content
}
}
`
let variables = {
id: 'p1'
}
beforeEach(async () => {
const asAuthor = Factory()
await asAuthor.create('User', {
email: 'author@example.org',
password: '1234'
})
await asAuthor.authenticateAs({
email: 'author@example.org',
password: '1234'
})
await asAuthor.create('Post', {
id: 'p1',
content: 'To be deleted'
})
})
describe('unauthenticated', () => {
it('throws authorization error', async () => {
client = new GraphQLClient(host)
await expect(client.request(mutation, variables)).rejects.toThrow('Not Authorised')
})
})
describe('authenticated but not the author', () => {
let headers
beforeEach(async () => {
headers = await login({ email: 'test@example.org', password: '1234' })
client = new GraphQLClient(host, { headers })
})
it('throws authorization error', async () => {
await expect(client.request(mutation, variables)).rejects.toThrow('Not Authorised')
})
})
describe('authenticated as author', () => {
let headers
beforeEach(async () => {
headers = await login({ email: 'author@example.org', password: '1234' })
client = new GraphQLClient(host, { headers })
})
it('deletes a post', async () => {
const expected = { DeletePost: { id: 'p1', content: 'To be deleted' } }
await expect(client.request(mutation, variables)).resolves.toEqual(expected)
})
})
})

4
src/seed/seed-db.js
View File

@ -82,12 +82,12 @@ import Factory from './factories'
await Promise.all([ await Promise.all([
asAdmin.create('Post', { id: 'p0' }), asAdmin.create('Post', { id: 'p0' }),
asModerator.create('Post', { id: 'p1' }), asModerator.create('Post', { id: 'p1' }),
asUser.create('Post', { id: 'p2' }), asUser.create('Post', { id: 'p2', deleted: true }),
asTick.create('Post', { id: 'p3' }), asTick.create('Post', { id: 'p3' }),
asTrick.create('Post', { id: 'p4' }), asTrick.create('Post', { id: 'p4' }),
asTrack.create('Post', { id: 'p5' }), asTrack.create('Post', { id: 'p5' }),
asAdmin.create('Post', { id: 'p6' }), asAdmin.create('Post', { id: 'p6' }),
asModerator.create('Post', { id: 'p7' }), asModerator.create('Post', { id: 'p7', disabled: true }),
asUser.create('Post', { id: 'p8' }), asUser.create('Post', { id: 'p8' }),
asTick.create('Post', { id: 'p9' }), asTick.create('Post', { id: 'p9' }),
asTrick.create('Post', { id: 'p10' }), asTrick.create('Post', { id: 'p10' }),