mirror of
https://github.com/Ocelot-Social-Community/Ocelot-Social.git
synced 2025-12-13 07:46:06 +00:00
43 lines
1021 B
JavaScript
43 lines
1021 B
JavaScript
import { rule, shield, allow } from 'graphql-shield'
|
|
|
|
/*
|
|
* TODO: implement
|
|
* See: https://github.com/Human-Connection/Nitro-Backend/pull/40#pullrequestreview-180898363
|
|
*/
|
|
const isAuthenticated = rule()(async (parent, args, ctx, info) => {
|
|
return ctx.user !== null
|
|
})
|
|
/*
|
|
const isAdmin = rule()(async (parent, args, ctx, info) => {
|
|
return ctx.user.role === 'ADMIN'
|
|
})
|
|
const isModerator = rule()(async (parent, args, ctx, info) => {
|
|
return ctx.user.role === 'MODERATOR'
|
|
})
|
|
*/
|
|
|
|
const isOwner = rule({ cache: 'no_cache' })(async (parent, args, ctx, info) => {
|
|
return ctx.user.id === parent.id
|
|
})
|
|
|
|
// Permissions
|
|
const permissions = shield({
|
|
Query: {
|
|
statistics: allow
|
|
// fruits: and(isAuthenticated, or(isAdmin, isModerator)),
|
|
// customers: and(isAuthenticated, isAdmin)
|
|
},
|
|
Mutation: {
|
|
report: isAuthenticated
|
|
// addFruitToBasket: isAuthenticated
|
|
// CreateUser: allow,
|
|
},
|
|
User: {
|
|
email: isOwner,
|
|
password: isOwner
|
|
}
|
|
// Post: isAuthenticated
|
|
})
|
|
|
|
export default permissions
|