ocelot-Social-Community/Ocelot-Social
1
0
Fork 0
mirror of https://github.com/Ocelot-Social-Community/Ocelot-Social.git synced 2025-12-13 07:46:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/master' into 37-full-text-search-top-bar

Browse Source
This commit is contained in:
Grzegorz Leoniec 2019-03-06 18:49:34 +01:00
commit fcb51e4eda
No known key found for this signature in database
GPG Key ID: 3AA43686D4EB1377
8 changed files with 201 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
package.json
View File

@ -75,7 +75,7 @@
"babel-eslint": "~10.0.1", "babel-eslint": "~10.0.1",
"babel-jest": "~24.1.0", "babel-jest": "~24.1.0",
"chai": "~4.2.0", "chai": "~4.2.0",
"eslint": "~5.15.0", "eslint": "~5.15.1",
"eslint-config-standard": "~12.0.0", "eslint-config-standard": "~12.0.0",
"eslint-plugin-import": "~2.16.0", "eslint-plugin-import": "~2.16.0",
"eslint-plugin-jest": "~22.3.0", "eslint-plugin-jest": "~22.3.0",

20
src/middleware/permissionsMiddleware.js
View File

@ -25,6 +25,22 @@ const onlyEnabledContent = rule({ cache: 'strict' })(async (parent, args, ctx, i
return !(disabled || deleted) return !(disabled || deleted)
}) })
const isAuthor = rule({ cache: 'no_cache' })(async (parent, args, { user, driver }) => {
if (!user) return false
const session = driver.session()
const { id: postId } = args
const result = await session.run(`
MATCH (post:Post {id: $postId})<-[:WROTE]-(author)
RETURN author
`, { postId })
const [author] = result.records.map((record) => {
return record.get('author')
})
const { properties: { id: authorId } } = author
session.close()
return authorId === user.id
})
// Permissions // Permissions
const permissions = shield({ const permissions = shield({
Query: { Query: {
@ -34,8 +50,8 @@ const permissions = shield({
}, },
Mutation: { Mutation: {
CreatePost: isAuthenticated, CreatePost: isAuthenticated,
// TODO UpdatePost: isOwner, UpdatePost: isAuthor,
// TODO DeletePost: isOwner, DeletePost: isAuthor,
report: isAuthenticated, report: isAuthenticated,
CreateBadge: isAdmin, CreateBadge: isAdmin,
UpdateBadge: isAdmin, UpdateBadge: isAdmin,

3
src/middleware/softDeleteMiddleware.js
View File

@ -19,5 +19,8 @@ export default {
User: async (resolve, root, args, context, info) => { User: async (resolve, root, args, context, info) => {
return resolve(root, setDefaults(args), context, info) return resolve(root, setDefaults(args), context, info)
} }
},
Mutation: async (resolve, root, args, context, info) => {
return resolve(root, setDefaults(args), context, info)
} }
} }

9
src/resolvers/posts.js
View File

@ -2,21 +2,20 @@ import { neo4jgraphql } from 'neo4j-graphql-js'
export default { export default {
Mutation: { Mutation: {
CreatePost: async (object, params, ctx, resolveInfo) => { CreatePost: async (object, params, context, resolveInfo) => {
const result = await neo4jgraphql(object, params, ctx, resolveInfo, false) const result = await neo4jgraphql(object, params, context, resolveInfo, false)
const session = ctx.driver.session() const session = context.driver.session()
await session.run( await session.run(
'MATCH (author:User {id: $userId}), (post:Post {id: $postId}) ' + 'MATCH (author:User {id: $userId}), (post:Post {id: $postId}) ' +
'MERGE (post)<-[:WROTE]-(author) ' + 'MERGE (post)<-[:WROTE]-(author) ' +
'RETURN author', { 'RETURN author', {
userId: ctx.user.id, userId: context.user.id,
postId: result.id postId: result.id
}) })
session.close() session.close()
return result return result
} }
} }
} }

175
src/resolvers/posts.spec.js
View File

@ -3,6 +3,7 @@ import { GraphQLClient } from 'graphql-request'
import { host, login } from '../jest/helpers' import { host, login } from '../jest/helpers'
const factory = Factory() const factory = Factory()
let client
beforeEach(async () => { beforeEach(async () => {
await factory.create('User', { await factory.create('User', {
@ -16,37 +17,44 @@ afterEach(async () => {
}) })
describe('CreatePost', () => { describe('CreatePost', () => {
const mutation = `
mutation {
CreatePost(title: "I am a title", content: "Some content") {
title
content
slug
disabled
deleted
}
}
`
describe('unauthenticated', () => { describe('unauthenticated', () => {
let client
it('throws authorization error', async () => { it('throws authorization error', async () => {
client = new GraphQLClient(host) client = new GraphQLClient(host)
await expect(client.request(`mutation { await expect(client.request(mutation)).rejects.toThrow('Not Authorised')
CreatePost( })
title: "I am a post",
content: "Some content"
) { slug }
}`)).rejects.toThrow('Not Authorised')
}) })
describe('authenticated', () => { describe('authenticated', () => {
let headers let headers
let response
beforeEach(async () => { beforeEach(async () => {
headers = await login({ email: 'test@example.org', password: '1234' }) headers = await login({ email: 'test@example.org', password: '1234' })
client = new GraphQLClient(host, { headers }) client = new GraphQLClient(host, { headers })
response = await client.request(`mutation {
CreatePost(
title: "A title",
content: "Some content"
) { title, content }
}`, { headers })
}) })
it('creates a post', () => { it('creates a post', async () => {
expect(response).toEqual({ CreatePost: { title: 'A title', content: 'Some content' } }) const expected = {
CreatePost: {
title: 'I am a title',
content: 'Some content'
}
}
await expect(client.request(mutation)).resolves.toMatchObject(expected)
}) })
it('assigns the authenticated user as author', async () => { it('assigns the authenticated user as author', async () => {
await client.request(mutation)
const { User } = await client.request(`{ const { User } = await client.request(`{
User(email:"test@example.org") { User(email:"test@example.org") {
contributions { contributions {
@ -54,8 +62,141 @@ describe('CreatePost', () => {
} }
} }
}`, { headers }) }`, { headers })
expect(User).toEqual([ { contributions: [ { title: 'A title' } ] } ]) expect(User).toEqual([ { contributions: [ { title: 'I am a title' } ] } ])
})
describe('disabled and deleted', () => {
it('initially false', async () => {
const expected = { CreatePost: { disabled: false, deleted: false } }
await expect(client.request(mutation)).resolves.toMatchObject(expected)
}) })
}) })
}) })
}) })
describe('UpdatePost', () => {
const mutation = `
mutation($id: ID!, $content: String) {
UpdatePost(id: $id, content: $content) {
id
content
}
}
`
let variables = {
id: 'p1',
content: 'New content'
}
beforeEach(async () => {
const asAuthor = Factory()
await asAuthor.create('User', {
email: 'author@example.org',
password: '1234'
})
await asAuthor.authenticateAs({
email: 'author@example.org',
password: '1234'
})
await asAuthor.create('Post', {
id: 'p1',
content: 'Old content'
})
})
describe('unauthenticated', () => {
it('throws authorization error', async () => {
client = new GraphQLClient(host)
await expect(client.request(mutation, variables)).rejects.toThrow('Not Authorised')
})
})
describe('authenticated but not the author', () => {
let headers
beforeEach(async () => {
headers = await login({ email: 'test@example.org', password: '1234' })
client = new GraphQLClient(host, { headers })
})
it('throws authorization error', async () => {
await expect(client.request(mutation, variables)).rejects.toThrow('Not Authorised')
})
})
describe('authenticated as author', () => {
let headers
beforeEach(async () => {
headers = await login({ email: 'author@example.org', password: '1234' })
client = new GraphQLClient(host, { headers })
})
it('updates a post', async () => {
const expected = { UpdatePost: { id: 'p1', content: 'New content' } }
await expect(client.request(mutation, variables)).resolves.toEqual(expected)
})
})
})
describe('DeletePost', () => {
const mutation = `
mutation($id: ID!) {
DeletePost(id: $id) {
id
content
}
}
`
let variables = {
id: 'p1'
}
beforeEach(async () => {
const asAuthor = Factory()
await asAuthor.create('User', {
email: 'author@example.org',
password: '1234'
})
await asAuthor.authenticateAs({
email: 'author@example.org',
password: '1234'
})
await asAuthor.create('Post', {
id: 'p1',
content: 'To be deleted'
})
})
describe('unauthenticated', () => {
it('throws authorization error', async () => {
client = new GraphQLClient(host)
await expect(client.request(mutation, variables)).rejects.toThrow('Not Authorised')
})
})
describe('authenticated but not the author', () => {
let headers
beforeEach(async () => {
headers = await login({ email: 'test@example.org', password: '1234' })
client = new GraphQLClient(host, { headers })
})
it('throws authorization error', async () => {
await expect(client.request(mutation, variables)).rejects.toThrow('Not Authorised')
})
})
describe('authenticated as author', () => {
let headers
beforeEach(async () => {
headers = await login({ email: 'author@example.org', password: '1234' })
client = new GraphQLClient(host, { headers })
})
it('deletes a post', async () => {
const expected = { DeletePost: { id: 'p1', content: 'To be deleted' } }
await expect(client.request(mutation, variables)).resolves.toEqual(expected)
})
})
})

2
src/seed/factories/organizations.js
View File

@ -4,7 +4,7 @@ import uuid from 'uuid/v4'
export default function create (params) { export default function create (params) {
const { const {
id = uuid(), id = uuid(),
name = faker.comany.companyName(), name = faker.company.companyName(),
description = faker.company.catchPhrase(), description = faker.company.catchPhrase(),
disabled = false, disabled = false,
deleted = false deleted = false

4
src/seed/seed-db.js
View File

@ -82,12 +82,12 @@ import Factory from './factories'
await Promise.all([ await Promise.all([
asAdmin.create('Post', { id: 'p0' }), asAdmin.create('Post', { id: 'p0' }),
asModerator.create('Post', { id: 'p1' }), asModerator.create('Post', { id: 'p1' }),
asUser.create('Post', { id: 'p2' }), asUser.create('Post', { id: 'p2', deleted: true }),
asTick.create('Post', { id: 'p3' }), asTick.create('Post', { id: 'p3' }),
asTrick.create('Post', { id: 'p4' }), asTrick.create('Post', { id: 'p4' }),
asTrack.create('Post', { id: 'p5' }), asTrack.create('Post', { id: 'p5' }),
asAdmin.create('Post', { id: 'p6' }), asAdmin.create('Post', { id: 'p6' }),
asModerator.create('Post', { id: 'p7' }), asModerator.create('Post', { id: 'p7', disabled: true }),
asUser.create('Post', { id: 'p8' }), asUser.create('Post', { id: 'p8' }),
asTick.create('Post', { id: 'p9' }), asTick.create('Post', { id: 'p9' }),
asTrick.create('Post', { id: 'p10' }), asTrick.create('Post', { id: 'p10' }),

8
yarn.lock
View File

@ -2582,10 +2582,10 @@ eslint-visitor-keys@^1.0.0:
resolved "https://registry.yarnpkg.com/eslint-visitor-keys/-/eslint-visitor-keys-1.0.0.tgz#3f3180fb2e291017716acb4c9d6d5b5c34a6a81d" resolved "https://registry.yarnpkg.com/eslint-visitor-keys/-/eslint-visitor-keys-1.0.0.tgz#3f3180fb2e291017716acb4c9d6d5b5c34a6a81d"
integrity sha512-qzm/XxIbxm/FHyH341ZrbnMUpe+5Bocte9xkmFMzPMjRaZMcXww+MpBptFvtU+79L362nqiLhekCxCxDPaUMBQ== integrity sha512-qzm/XxIbxm/FHyH341ZrbnMUpe+5Bocte9xkmFMzPMjRaZMcXww+MpBptFvtU+79L362nqiLhekCxCxDPaUMBQ==
eslint@~5.15.0: eslint@~5.15.1:
version "5.15.0" version "5.15.1"
resolved "https://registry.yarnpkg.com/eslint/-/eslint-5.15.0.tgz#f313a2f7c7628d39adeefdba4a9c41f842012c9e" resolved "https://registry.yarnpkg.com/eslint/-/eslint-5.15.1.tgz#8266b089fd5391e0009a047050795b1d73664524"
integrity sha512-xwG7SS5JLeqkiR3iOmVgtF8Y6xPdtr6AAsN6ph7Q6R/fv+3UlKYoika8SmNzmb35qdRF+RfTY35kMEdtbi+9wg== integrity sha512-NTcm6vQ+PTgN3UBsALw5BMhgO6i5EpIjQF/Xb5tIh3sk9QhrFafujUOczGz4J24JBlzWclSB9Vmx8d+9Z6bFCg==
dependencies: dependencies:
"@babel/code-frame" "^7.0.0" "@babel/code-frame" "^7.0.0"
ajv "^6.9.1" ajv "^6.9.1"