mirror of
https://github.com/wassname/talk.git
synced 2026-06-30 06:14:52 +08:00
Chi Vinh Le
160 lines
2.9 KiB
JavaScript
160 lines
2.9 KiB
JavaScript
const { decorateWithPermissionCheck, getRequestedFields } = require('./util');
|
|
const {
|
|
SEARCH_ASSETS,
|
|
SEARCH_OTHERS_COMMENTS,
|
|
SEARCH_OTHER_USERS,
|
|
} = require('../../perms/constants');
|
|
|
|
const RootQuery = {
|
|
assets(
|
|
_,
|
|
{ query },
|
|
{
|
|
loaders: { Assets },
|
|
}
|
|
) {
|
|
return Assets.getByQuery(query);
|
|
},
|
|
asset(
|
|
_,
|
|
query,
|
|
{
|
|
loaders: { Assets },
|
|
}
|
|
) {
|
|
if (query.id) {
|
|
return Assets.getByID.load(query.id);
|
|
}
|
|
|
|
return Assets.getByURL(query.url);
|
|
},
|
|
settings(
|
|
_,
|
|
args,
|
|
{
|
|
loaders: { Settings },
|
|
},
|
|
info
|
|
) {
|
|
// Get the fields we want from the settings.
|
|
const fields = getRequestedFields(info);
|
|
|
|
// Load only the requested fields.
|
|
return Settings.select(...fields);
|
|
},
|
|
|
|
// This endpoint is used for loading moderation queues, so hide it in the
|
|
// event that we aren't an admin.
|
|
async comments(
|
|
_,
|
|
{ query },
|
|
{
|
|
loaders: { Comments },
|
|
}
|
|
) {
|
|
return Comments.getByQuery(query);
|
|
},
|
|
|
|
comment(
|
|
_,
|
|
{ id },
|
|
{
|
|
loaders: { Comments },
|
|
}
|
|
) {
|
|
return Comments.get.load(id);
|
|
},
|
|
|
|
async commentCount(
|
|
_,
|
|
{ query },
|
|
{
|
|
loaders: { Comments, Assets },
|
|
}
|
|
) {
|
|
const { asset_url, asset_id } = query;
|
|
if (
|
|
(!asset_id || asset_id.length === 0) &&
|
|
asset_url &&
|
|
asset_url.length > 0
|
|
) {
|
|
let asset = await Assets.findByUrl(asset_url);
|
|
if (asset) {
|
|
query.asset_id = asset.id;
|
|
}
|
|
}
|
|
|
|
return Comments.getCountByQuery(query);
|
|
},
|
|
|
|
async userCount(
|
|
_,
|
|
{ query },
|
|
{
|
|
loaders: { Users },
|
|
}
|
|
) {
|
|
return Users.getCountByQuery(query);
|
|
},
|
|
|
|
// This returns the current user, ensure that if we aren't logged in, we
|
|
// return null.
|
|
me(_, args, { user }) {
|
|
if (user == null) {
|
|
return null;
|
|
}
|
|
|
|
return user;
|
|
},
|
|
|
|
// this returns an arbitrary user
|
|
user(
|
|
_,
|
|
{ id },
|
|
{
|
|
loaders: { Users },
|
|
}
|
|
) {
|
|
return Users.getByID.load(id);
|
|
},
|
|
|
|
// This endpoint is used for loading the user moderation queues (users whose username has been flagged),
|
|
// so hide it in the event that we aren't an admin.
|
|
users(
|
|
_,
|
|
{ query },
|
|
{
|
|
loaders: { Users },
|
|
}
|
|
) {
|
|
return Users.getByQuery(query);
|
|
},
|
|
};
|
|
|
|
// Protect some query fields that are privileged.
|
|
decorateWithPermissionCheck(RootQuery, {
|
|
assets: [SEARCH_ASSETS],
|
|
users: [SEARCH_OTHER_USERS],
|
|
userCount: [SEARCH_OTHER_USERS],
|
|
commentCount: [SEARCH_OTHERS_COMMENTS],
|
|
});
|
|
|
|
// Protect the user field so only users who have permission to look up another
|
|
// user may do so as well as a user looking up themselves.
|
|
decorateWithPermissionCheck(
|
|
RootQuery,
|
|
{
|
|
user: [SEARCH_OTHER_USERS],
|
|
},
|
|
(obj, { id }, { user }) => {
|
|
if (user && user.id === id) {
|
|
return true;
|
|
}
|
|
|
|
// We don't return false because we want to fallthrough to the permission
|
|
// check if the custom check fails.
|
|
}
|
|
);
|
|
|
|
module.exports = RootQuery;
|