diff --git a/graph/resolvers/settings.js b/graph/resolvers/settings.js index 7d12c8a91..30e614c38 100644 --- a/graph/resolvers/settings.js +++ b/graph/resolvers/settings.js @@ -8,14 +8,14 @@ const Settings = {}; // PROTECTED_SETTINGS are the settings keys that must be protected for only some // eyes. -const PROTECTED_SETTINGS = [ - 'premodLinksEnable', - 'autoCloseStream', - 'wordlist', - 'domains', -]; +const PROTECTED_SETTINGS = { + 'premodLinksEnable': [VIEW_PROTECTED_SETTINGS], + 'autoCloseStream': [VIEW_PROTECTED_SETTINGS], + 'wordlist': [VIEW_PROTECTED_SETTINGS], + 'domains': [VIEW_PROTECTED_SETTINGS], +}; // decorate the fields on the settings resolver with a permission check. -decorateWithPermissionCheck(Settings, VIEW_PROTECTED_SETTINGS, ...PROTECTED_SETTINGS); +decorateWithPermissionCheck(Settings, PROTECTED_SETTINGS); module.exports = Settings; diff --git a/graph/resolvers/util.js b/graph/resolvers/util.js index 497f640a9..cf3162679 100644 --- a/graph/resolvers/util.js +++ b/graph/resolvers/util.js @@ -18,18 +18,17 @@ const decorateWithTags = (typeResolver) => { * permission checks. * * @param {Object} typeResolver the type resolver - * @param {String} permission the permission constant used to check against the user - * @param {Array} fields the fields to apply this check to + * @param {Object} protect the object with field -> Array of permissions */ -const decorateWithPermissionCheck = (typeResolver, permission, ...fields) => { - for (const field of fields) { +const decorateWithPermissionCheck = (typeResolver, protect) => { + for (const [field, permissions] of Object.entries(protect)) { let fieldResolver = (obj) => obj[field]; if (field in typeResolver) { fieldResolver = typeResolver[field]; } typeResolver[field] = (obj, args, ctx, info) => { - if (!ctx.user || !ctx.user.can(permission)) { + if (!ctx.user || !ctx.user.can(...permissions)) { return null; } diff --git a/graph/typeDefs.graphql b/graph/typeDefs.graphql index 682f2c690..982ee04bd 100644 --- a/graph/typeDefs.graphql +++ b/graph/typeDefs.graphql @@ -1209,9 +1209,11 @@ type RootMutation { removeTag(tag: ModifyTagInput!): ModifyTagResponse! # updateSettings will update the global settings. + # Mutation is restricted. updateSettings(input: UpdateSettingsInput!): UpdateSettingsResponse! # updateWordlist will update the given Wordlist. + # Mutation is restricted. updateWordlist(input: UpdateWordlistInput!): UpdateWordlistResponse! # Ignore comments by another user diff --git a/perms/index.js b/perms/index.js index be6e7a2cd..a6b459efe 100644 --- a/perms/index.js +++ b/perms/index.js @@ -41,11 +41,8 @@ const findGrant = (user, perms) => { */ module.exports = (user, ...perms) => { - // make sure all the passed permissions are not typos - const missingPerms = perms.filter((perm) => { - return allPermissions.indexOf(perm) === -1; - }); - + // Make sure all the passed permissions are not typos. + const missingPerms = perms.filter((perm) => !allPermissions.includes(perm)); if (missingPerms.length > 0) { throw new Error(`${missingPerms.join(' ')} are not valid permissions.`); }