mirror of
https://github.com/Ocelot-Social-Community/Ocelot-Social.git
synced 2025-12-13 07:46:06 +00:00
81 lines
2.1 KiB
JavaScript
81 lines
2.1 KiB
JavaScript
import { rule, shield, allow, or } from 'graphql-shield'
|
|
|
|
/*
|
|
* TODO: implement
|
|
* See: https://github.com/Human-Connection/Nitro-Backend/pull/40#pullrequestreview-180898363
|
|
*/
|
|
const isAuthenticated = rule()(async (parent, args, ctx, info) => {
|
|
return ctx.user !== null
|
|
})
|
|
|
|
const isModerator = rule()(async (parent, args, { user }, info) => {
|
|
return user && (user.role === 'moderator' || user.role === 'admin')
|
|
})
|
|
|
|
const isAdmin = rule()(async (parent, args, { user }, info) => {
|
|
return user && (user.role === 'admin')
|
|
})
|
|
|
|
const isMyOwn = rule({ cache: 'no_cache' })(async (parent, args, context, info) => {
|
|
return context.user.id === parent.id
|
|
})
|
|
|
|
const onlyEnabledContent = rule({ cache: 'strict' })(async (parent, args, ctx, info) => {
|
|
const { disabled, deleted } = args
|
|
return !(disabled || deleted)
|
|
})
|
|
|
|
const isAuthor = rule({ cache: 'no_cache' })(async (parent, args, { user, driver }) => {
|
|
if (!user) return false
|
|
const session = driver.session()
|
|
const { id: postId } = args
|
|
const result = await session.run(`
|
|
MATCH (post:Post {id: $postId})<-[:WROTE]-(author)
|
|
RETURN author
|
|
`, { postId })
|
|
const [author] = result.records.map((record) => {
|
|
return record.get('author')
|
|
})
|
|
const { properties: { id: authorId } } = author
|
|
session.close()
|
|
return authorId === user.id
|
|
})
|
|
|
|
// Permissions
|
|
const permissions = shield({
|
|
Query: {
|
|
statistics: allow,
|
|
currentUser: allow,
|
|
Post: or(onlyEnabledContent, isModerator)
|
|
},
|
|
Mutation: {
|
|
CreatePost: isAuthenticated,
|
|
UpdatePost: isAuthor,
|
|
DeletePost: isAuthor,
|
|
report: isAuthenticated,
|
|
CreateBadge: isAdmin,
|
|
UpdateBadge: isAdmin,
|
|
DeleteBadge: isAdmin,
|
|
AddUserBadges: isAdmin,
|
|
// AddBadgeRewarded: isAdmin,
|
|
// RemoveBadgeRewarded: isAdmin,
|
|
reward: isAdmin,
|
|
unreward: isAdmin,
|
|
// addFruitToBasket: isAuthenticated
|
|
follow: isAuthenticated,
|
|
unfollow: isAuthenticated,
|
|
shout: isAuthenticated,
|
|
unshout: isAuthenticated,
|
|
changePassword: isAuthenticated,
|
|
enable: isModerator,
|
|
disable: isModerator
|
|
// CreateUser: allow,
|
|
},
|
|
User: {
|
|
email: isMyOwn,
|
|
password: isMyOwn
|
|
}
|
|
})
|
|
|
|
export default permissions
|