From debda80db165601119c39fe4dd543ae5f05d75b2 Mon Sep 17 00:00:00 2001 From: Wyatt Johnson Date: Mon, 20 Nov 2017 10:32:46 -0700 Subject: [PATCH] fixed query issues --- graph/resolvers/index.js | 2 + graph/resolvers/user.js | 14 ++--- graph/resolvers/user_state.js | 13 +++++ perms/constants/query.js | 2 +- perms/reducers/query.js | 2 +- test/server/graph/queries/user.js | 87 +++++++++++++++++++++++++++++++ 6 files changed, 111 insertions(+), 9 deletions(-) create mode 100644 graph/resolvers/user_state.js create mode 100644 test/server/graph/queries/user.js diff --git a/graph/resolvers/index.js b/graph/resolvers/index.js index 69ae9ca3e..8296d41d5 100644 --- a/graph/resolvers/index.js +++ b/graph/resolvers/index.js @@ -22,6 +22,7 @@ const TagLink = require('./tag_link'); const Tag = require('./tag'); const UserError = require('./user_error'); const User = require('./user'); +const UserState = require('./user_state'); const ValidationUserError = require('./validation_user_error'); const plugins = require('../../services/plugins'); @@ -49,6 +50,7 @@ let resolvers = { Tag, UserError, User, + UserState, ValidationUserError, }; diff --git a/graph/resolvers/user.js b/graph/resolvers/user.js index daf1c5899..1dadbbd9b 100644 --- a/graph/resolvers/user.js +++ b/graph/resolvers/user.js @@ -6,7 +6,8 @@ const { SEARCH_OTHERS_COMMENTS, UPDATE_USER_ROLES, SEARCH_COMMENT_METRICS, - LIST_OWN_TOKENS + LIST_OWN_TOKENS, + VIEW_USER_STATUS } = require('../../perms/constants'); const User = { @@ -83,12 +84,11 @@ const User = { } }, - // suspension({id, suspension}, _, {user}) { - // if (user.id !== id && !user.can(VIEW_SUSPENSION_INFO)) { - // return null; - // } - // return suspension; - // } + state(user, args, ctx) { + if (ctx.user && (ctx.user.id === user.id || ctx.user.can(VIEW_USER_STATUS))) { + return user; + } + } }; // Decorate the User type resolver with a tags field. diff --git a/graph/resolvers/user_state.js b/graph/resolvers/user_state.js new file mode 100644 index 000000000..7aa7fa50a --- /dev/null +++ b/graph/resolvers/user_state.js @@ -0,0 +1,13 @@ +const { + VIEW_USER_STATUS +} = require('../../perms/constants'); + +const UserState = { + status: (user, args, ctx) => { + if (ctx.user && (ctx.user.id === user.id || ctx.user.can(VIEW_USER_STATUS))) { + return user.status; + } + } +}; + +module.exports = UserState; diff --git a/perms/constants/query.js b/perms/constants/query.js index 780cc77a0..65174ef8d 100644 --- a/perms/constants/query.js +++ b/perms/constants/query.js @@ -7,6 +7,6 @@ module.exports = { SEARCH_COMMENT_METRICS: 'SEARCH_COMMENT_METRICS', LIST_OWN_TOKENS: 'LIST_OWN_TOKENS', SEARCH_COMMENT_STATUS_HISTORY: 'SEARCH_COMMENT_STATUS_HISTORY', - VIEW_SUSPENSION_INFO: 'VIEW_SUSPENSION_INFO', VIEW_PROTECTED_SETTINGS: 'VIEW_PROTECTED_SETTINGS', + VIEW_USER_STATUS: 'VIEW_USER_STATUS' }; diff --git a/perms/reducers/query.js b/perms/reducers/query.js index 395bad83f..b044cf3f1 100644 --- a/perms/reducers/query.js +++ b/perms/reducers/query.js @@ -10,7 +10,7 @@ module.exports = (user, perm) => { case types.SEARCH_OTHERS_COMMENTS: case types.SEARCH_COMMENT_METRICS: case types.SEARCH_COMMENT_STATUS_HISTORY: - case types.VIEW_SUSPENSION_INFO: + case types.VIEW_USER_STATUS: case types.VIEW_PROTECTED_SETTINGS: return check(user, ['ADMIN', 'MODERATOR']); diff --git a/test/server/graph/queries/user.js b/test/server/graph/queries/user.js new file mode 100644 index 000000000..ccd9bdfcf --- /dev/null +++ b/test/server/graph/queries/user.js @@ -0,0 +1,87 @@ +const {graphql} = require('graphql'); + +const schema = require('../../../../graph/schema'); +const Context = require('../../../../graph/context'); +const SettingsService = require('../../../../services/settings'); +const UserModel = require('../../../../models/user'); +const UsersService = require('../../../../services/users'); + +const chai = require('chai'); +chai.use(require('chai-datetime')); +const {expect} = chai; + +describe('graph.queries.user', () => { + let user; + beforeEach(async () => { + await SettingsService.init(); + + user = await UsersService.createLocalUser('usernameA@example.com', 'password', 'usernameA'); + }); + + describe('state', () => { + + const meQuery = ` + query Me { + me { + state { + status { + username { + status + } + } + } + } + } + `; + + it('can query me', async () => { + const ctx = new Context({user}); + + const {data, errors} = await graphql(schema, meQuery, {}, ctx); + + expect(errors).to.be.undefined; + expect(data.me).to.not.be.null; + expect(data.me.state).not.to.be.null; + expect(data.me.state.status.username.status).to.be.equal('SET'); + }); + + const query = ` + query User($user_id: ID!) { + user(id: $user_id) { + state { + status { + username { + status + } + } + } + } + } + `; + + [ + {roles: [], can: false}, + {roles: ['STAFF'], can: false}, + {roles: ['STAFF', 'MODERATOR'], can: true}, + {roles: ['STAFF', 'MODERATOR', 'ADMIN'], can: true}, + ].forEach(({roles, can}) => { + it(`${can ? 'can' : 'can not'} query with roles = ${roles.length > 0 ? roles : ''}`, async () => { + const actor = new UserModel({roles}); + const ctx = new Context({user: actor}); + + const {data, errors} = await graphql(schema, query, {}, ctx, { + user_id: user.id, + }); + + expect(errors).to.be.undefined; + if (!can) { + expect(data.user).to.be.null; + } else { + expect(data.user).to.not.be.null; + expect(data.user.state).not.to.be.null; + expect(data.user.state.status.username.status).to.be.equal('SET'); + } + }); + }); + }); +});