Skip to content

haskell-gargantext
haskell-gargantext
Commit 15016170 authored by Karen Konou's avatar Karen Konou
Browse files
Options

[GQL] Team management authorization check

parent d9a0e617
Pipeline #2905 failed with stage
    in 40 minutes and 7 seconds
    Hide whitespace changes
    Inline Side-by-side
    Showing with 26 additions and 7 deletions
    src/Gargantext/API/GraphQL/Team.hs
    View file @ 15016170
    ...@@ -13,16 +13,23 @@ import Gargantext.Core.Types (NodeId(..), unNodeId) ...@@ -13,16 +13,23 @@ import Gargantext.Core.Types (NodeId(..), unNodeId)
    import Gargantext.Database.Prelude (HasConnectionPool) import Gargantext.Database.Prelude (HasConnectionPool)
    import Gargantext.Database (HasConfig) import Gargantext.Database (HasConfig)
    import Gargantext.Core.Mail.Types (HasMail) import Gargantext.Core.Mail.Types (HasMail)
    import Gargantext.Database.Query.Table.Node (getNode)
    import Gargantext.API.GraphQL.Utils (authUser, AuthStatus (Invalid, Valid))
    import Gargantext.Database.Schema.Node (NodePoly(Node, _node_id), _node_user_id)
    import Gargantext.API.Admin.Types (HasSettings)
    import Gargantext.Database.Query.Table.User (getUsersWithNodeHyperdata)
    data TeamArgs = TeamArgs import qualified Data.Text as T
    data TeamArgs = TeamArgs
    { team_node_id :: Int } deriving (Generic, GQLType) { team_node_id :: Int } deriving (Generic, GQLType)
    data TeamMember = TeamMember data TeamMember = TeamMember
    { username :: Text { username :: Text
    , shared_folder_id :: Int , shared_folder_id :: Int
    } deriving (Generic, GQLType) } deriving (Generic, GQLType)
    data TeamDeleteMArgs = TeamDeleteMArgs data TeamDeleteMArgs = TeamDeleteMArgs
    { token :: Text { token :: Text
    , shared_folder_id :: Int , shared_folder_id :: Int
    , team_node_id :: Int , team_node_id :: Int
    ...@@ -49,7 +56,19 @@ dbTeam nodeId = do ...@@ -49,7 +56,19 @@ dbTeam nodeId = do
    shared_folder_id = unNodeId fId shared_folder_id = unNodeId fId
    } }
    -- TODO: authorization check, list argument -- TODO: list as argument
    deleteTeamMembership :: (HasConnectionPool env, HasConfig env, HasMail env) => TeamDeleteMArgs -> GqlM' e env [Int] deleteTeamMembership :: (HasConnectionPool env, HasConfig env, HasMail env, HasSettings env) => TeamDeleteMArgs -> GqlM' e env [Int]
    deleteTeamMembership TeamDeleteMArgs { shared_folder_id, team_node_id } = do deleteTeamMembership TeamDeleteMArgs { token, shared_folder_id, team_node_id } = do
    lift $ deleteMemberShip [(NodeId shared_folder_id, NodeId team_node_id)] teamNode <- lift $ getNode $ NodeId team_node_id
    \ No newline at end of file userNodes <- lift (getUsersWithNodeHyperdata $ uId teamNode)
    case userNodes of
    [] -> panic $ "[deleteTeamMembership] User with id " <> T.pack (show $ uId teamNode) <> " doesn't exist."
    (( _, node_u):_) -> do
    testAuthUser <- lift $ authUser (nId node_u) token
    case testAuthUser of
    Invalid -> panic "[deleteTeamMembership] failed to validate user"
    Valid -> do
    lift $ deleteMemberShip [(NodeId shared_folder_id, NodeId team_node_id)]
    where
    uId Node { _node_user_id } = _node_user_id
    nId Node { _node_id } = _node_id
    Markdown is supported
    0% or
    You are about to add 0 people to the discussion. Proceed with caution.
    Finish editing this message first!
    Please register or to comment