admin/twenty
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

feat: add missing abilities (#354)

Browse Source 
feat: add all missing abilities rules on resolvers
This commit is contained in:
Jérémy M
2023-06-22 20:09:17 +02:00
committed by GitHub
parent 4a2797c491
commit c4ad0171b0
21 changed files with 461 additions and 104 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
server/src/ability/ability.factory.ts
View File

@ -45,6 +45,11 @@ export class AbilityFactory {
);
// User
can(AbilityAction.Read, 'User', {
workspaceMember: {
workspaceId: workspace.id,
},
});
can(AbilityAction.Update, 'User', { id: user.id });
cannot(AbilityAction.Delete, 'User');

50
server/src/ability/handlers/comment-thread-target.ability-handler.ts
View File

@ -2,14 +2,24 @@ import { PrismaService } from 'src/database/prisma.service';
import { AbilityAction } from '../ability.action';
import { AppAbility } from '../ability.factory';
import { IAbilityHandler } from '../interfaces/ability-handler.interface';
import { Injectable } from '@nestjs/common';
import {
ExecutionContext,
Injectable,
NotFoundException,
} from '@nestjs/common';
import { CommentThreadTargetWhereInput } from 'src/core/@generated/comment-thread-target/comment-thread-target-where.input';
import { GqlExecutionContext } from '@nestjs/graphql';
import { assert } from 'src/utils/assert';
import { subject } from '@casl/ability';
class CommentThreadTargetArgs {
where?: CommentThreadTargetWhereInput;
}
@Injectable()
export class ManageCommentThreadTargetAbilityHandler
implements IAbilityHandler
{
constructor(private readonly prismaService: PrismaService) {}
async handle(ability: AppAbility) {
return ability.can(AbilityAction.Manage, 'CommentThreadTarget');
}
@ -35,8 +45,21 @@ export class CreateCommentThreadTargetAbilityHandler
export class UpdateCommentThreadTargetAbilityHandler
implements IAbilityHandler
{
handle(ability: AppAbility) {
return ability.can(AbilityAction.Update, 'CommentThreadTarget');
constructor(private readonly prismaService: PrismaService) {}
async handle(ability: AppAbility, context: ExecutionContext) {
const gqlContext = GqlExecutionContext.create(context);
const args = gqlContext.getArgs<CommentThreadTargetArgs>();
const commentThreadTarget =
await this.prismaService.commentThreadTarget.findFirst({
where: args.where,
});
assert(commentThreadTarget, '', NotFoundException);
return ability.can(
AbilityAction.Update,
subject('CommentThreadTarget', commentThreadTarget),
);
}
}
@ -44,7 +67,20 @@ export class UpdateCommentThreadTargetAbilityHandler
export class DeleteCommentThreadTargetAbilityHandler
implements IAbilityHandler
{
handle(ability: AppAbility) {
return ability.can(AbilityAction.Delete, 'CommentThreadTarget');
constructor(private readonly prismaService: PrismaService) {}
async handle(ability: AppAbility, context: ExecutionContext) {
const gqlContext = GqlExecutionContext.create(context);
const args = gqlContext.getArgs<CommentThreadTargetArgs>();
const commentThreadTarget =
await this.prismaService.commentThreadTarget.findFirst({
where: args.where,
});
assert(commentThreadTarget, '', NotFoundException);
return ability.can(
AbilityAction.Delete,
subject('CommentThreadTarget', commentThreadTarget),
);
}
}

48
server/src/ability/handlers/comment-thread.ability-handler.ts
View File

@ -2,12 +2,22 @@ import { PrismaService } from 'src/database/prisma.service';
import { AbilityAction } from '../ability.action';
import { AppAbility } from '../ability.factory';
import { IAbilityHandler } from '../interfaces/ability-handler.interface';
import { Injectable } from '@nestjs/common';
import {
ExecutionContext,
Injectable,
NotFoundException,
} from '@nestjs/common';
import { GqlExecutionContext } from '@nestjs/graphql';
import { CommentThreadWhereInput } from 'src/core/@generated/comment-thread/comment-thread-where.input';
import { assert } from 'src/utils/assert';
import { subject } from '@casl/ability';
class CommentThreadArgs {
where?: CommentThreadWhereInput;
}
@Injectable()
export class ManageCommentThreadAbilityHandler implements IAbilityHandler {
constructor(private readonly prismaService: PrismaService) {}
async handle(ability: AppAbility) {
return ability.can(AbilityAction.Manage, 'CommentThread');
}
@ -29,14 +39,38 @@ export class CreateCommentThreadAbilityHandler implements IAbilityHandler {
@Injectable()
export class UpdateCommentThreadAbilityHandler implements IAbilityHandler {
handle(ability: AppAbility) {
return ability.can(AbilityAction.Update, 'CommentThread');
constructor(private readonly prismaService: PrismaService) {}
async handle(ability: AppAbility, context: ExecutionContext) {
const gqlContext = GqlExecutionContext.create(context);
const args = gqlContext.getArgs<CommentThreadArgs>();
const commentThread = await this.prismaService.commentThread.findFirst({
where: args.where,
});
assert(commentThread, '', NotFoundException);
return ability.can(
AbilityAction.Update,
subject('CommentThread', commentThread),
);
}
}
@Injectable()
export class DeleteCommentThreadAbilityHandler implements IAbilityHandler {
handle(ability: AppAbility) {
return ability.can(AbilityAction.Delete, 'CommentThread');
constructor(private readonly prismaService: PrismaService) {}
async handle(ability: AppAbility, context: ExecutionContext) {
const gqlContext = GqlExecutionContext.create(context);
const args = gqlContext.getArgs<CommentThreadArgs>();
const commentThread = await this.prismaService.commentThread.findFirst({
where: args.where,
});
assert(commentThread, '', NotFoundException);
return ability.can(
AbilityAction.Delete,
subject('CommentThread', commentThread),
);
}
}

42
server/src/ability/handlers/comment.ability-handler.ts
View File

@ -2,12 +2,22 @@ import { PrismaService } from 'src/database/prisma.service';
import { AbilityAction } from '../ability.action';
import { AppAbility } from '../ability.factory';
import { IAbilityHandler } from '../interfaces/ability-handler.interface';
import { Injectable } from '@nestjs/common';
import {
ExecutionContext,
Injectable,
NotFoundException,
} from '@nestjs/common';
import { subject } from '@casl/ability';
import { CommentWhereInput } from 'src/core/@generated/comment/comment-where.input';
import { GqlExecutionContext } from '@nestjs/graphql';
import { assert } from 'src/utils/assert';
class CommentArgs {
where?: CommentWhereInput;
}
@Injectable()
export class ManageCommentAbilityHandler implements IAbilityHandler {
constructor(private readonly prismaService: PrismaService) {}
async handle(ability: AppAbility) {
return ability.can(AbilityAction.Manage, 'Comment');
}
@ -29,14 +39,32 @@ export class CreateCommentAbilityHandler implements IAbilityHandler {
@Injectable()
export class UpdateCommentAbilityHandler implements IAbilityHandler {
handle(ability: AppAbility) {
return ability.can(AbilityAction.Update, 'Comment');
constructor(private readonly prismaService: PrismaService) {}
async handle(ability: AppAbility, context: ExecutionContext) {
const gqlContext = GqlExecutionContext.create(context);
const args = gqlContext.getArgs<CommentArgs>();
const comment = await this.prismaService.comment.findFirst({
where: args.where,
});
assert(comment, '', NotFoundException);
return ability.can(AbilityAction.Update, subject('Comment', comment));
}
}
@Injectable()
export class DeleteCommentAbilityHandler implements IAbilityHandler {
handle(ability: AppAbility) {
return ability.can(AbilityAction.Delete, 'Comment');
constructor(private readonly prismaService: PrismaService) {}
async handle(ability: AppAbility, context: ExecutionContext) {
const gqlContext = GqlExecutionContext.create(context);
const args = gqlContext.getArgs<CommentArgs>();
const comment = await this.prismaService.comment.findFirst({
where: args.where,
});
assert(comment, '', NotFoundException);
return ability.can(AbilityAction.Delete, subject('Comment', comment));
}
}

42
server/src/ability/handlers/company.ability-handler.ts
View File

@ -2,12 +2,22 @@ import { PrismaService } from 'src/database/prisma.service';
import { AbilityAction } from '../ability.action';
import { AppAbility } from '../ability.factory';
import { IAbilityHandler } from '../interfaces/ability-handler.interface';
import { Injectable } from '@nestjs/common';
import {
ExecutionContext,
Injectable,
NotFoundException,
} from '@nestjs/common';
import { CompanyWhereInput } from 'src/core/@generated/company/company-where.input';
import { GqlExecutionContext } from '@nestjs/graphql';
import { assert } from 'src/utils/assert';
import { subject } from '@casl/ability';
class CompanyArgs {
where?: CompanyWhereInput;
}
@Injectable()
export class ManageCompanyAbilityHandler implements IAbilityHandler {
constructor(private readonly prismaService: PrismaService) {}
async handle(ability: AppAbility) {
return ability.can(AbilityAction.Manage, 'Company');
}
@ -29,14 +39,32 @@ export class CreateCompanyAbilityHandler implements IAbilityHandler {
@Injectable()
export class UpdateCompanyAbilityHandler implements IAbilityHandler {
handle(ability: AppAbility) {
return ability.can(AbilityAction.Update, 'Company');
constructor(private readonly prismaService: PrismaService) {}
async handle(ability: AppAbility, context: ExecutionContext) {
const gqlContext = GqlExecutionContext.create(context);
const args = gqlContext.getArgs<CompanyArgs>();
const company = await this.prismaService.company.findFirst({
where: args.where,
});
assert(company, '', NotFoundException);
return ability.can(AbilityAction.Update, subject('Company', company));
}
}
@Injectable()
export class DeleteCompanyAbilityHandler implements IAbilityHandler {
handle(ability: AppAbility) {
return ability.can(AbilityAction.Delete, 'Company');
constructor(private readonly prismaService: PrismaService) {}
async handle(ability: AppAbility, context: ExecutionContext) {
const gqlContext = GqlExecutionContext.create(context);
const args = gqlContext.getArgs<CompanyArgs>();
const company = await this.prismaService.company.findFirst({
where: args.where,
});
assert(company, '', NotFoundException);
return ability.can(AbilityAction.Delete, subject('Company', company));
}
}

42
server/src/ability/handlers/person.ability-handler.ts
View File

@ -2,12 +2,22 @@ import { PrismaService } from 'src/database/prisma.service';
import { AbilityAction } from '../ability.action';
import { AppAbility } from '../ability.factory';
import { IAbilityHandler } from '../interfaces/ability-handler.interface';
import { Injectable } from '@nestjs/common';
import {
ExecutionContext,
Injectable,
NotFoundException,
} from '@nestjs/common';
import { PersonWhereInput } from 'src/core/@generated/person/person-where.input';
import { GqlExecutionContext } from '@nestjs/graphql';
import { assert } from 'src/utils/assert';
import { subject } from '@casl/ability';
class PersonArgs {
where?: PersonWhereInput;
}
@Injectable()
export class ManagePersonAbilityHandler implements IAbilityHandler {
constructor(private readonly prismaService: PrismaService) {}
async handle(ability: AppAbility) {
return ability.can(AbilityAction.Manage, 'Person');
}
@ -29,14 +39,32 @@ export class CreatePersonAbilityHandler implements IAbilityHandler {
@Injectable()
export class UpdatePersonAbilityHandler implements IAbilityHandler {
handle(ability: AppAbility) {
return ability.can(AbilityAction.Update, 'Person');
constructor(private readonly prismaService: PrismaService) {}
async handle(ability: AppAbility, context: ExecutionContext) {
const gqlContext = GqlExecutionContext.create(context);
const args = gqlContext.getArgs<PersonArgs>();
const person = await this.prismaService.person.findFirst({
where: args.where,
});
assert(person, '', NotFoundException);
return ability.can(AbilityAction.Update, subject('Person', person));
}
}
@Injectable()
export class DeletePersonAbilityHandler implements IAbilityHandler {
handle(ability: AppAbility) {
return ability.can(AbilityAction.Delete, 'Person');
constructor(private readonly prismaService: PrismaService) {}
async handle(ability: AppAbility, context: ExecutionContext) {
const gqlContext = GqlExecutionContext.create(context);
const args = gqlContext.getArgs<PersonArgs>();
const person = await this.prismaService.person.findFirst({
where: args.where,
});
assert(person, '', NotFoundException);
return ability.can(AbilityAction.Delete, subject('Person', person));
}
}

48
server/src/ability/handlers/refresh-token.ability-handler.ts
View File

@ -2,12 +2,22 @@ import { PrismaService } from 'src/database/prisma.service';
import { AbilityAction } from '../ability.action';
import { AppAbility } from '../ability.factory';
import { IAbilityHandler } from '../interfaces/ability-handler.interface';
import { Injectable } from '@nestjs/common';
import {
ExecutionContext,
Injectable,
NotFoundException,
} from '@nestjs/common';
import { subject } from '@casl/ability';
import { RefreshTokenWhereInput } from 'src/core/@generated/refresh-token/refresh-token-where.input';
import { GqlExecutionContext } from '@nestjs/graphql';
import { assert } from 'src/utils/assert';
class RefreshTokenArgs {
where?: RefreshTokenWhereInput;
}
@Injectable()
export class ManageRefreshTokenAbilityHandler implements IAbilityHandler {
constructor(private readonly prismaService: PrismaService) {}
async handle(ability: AppAbility) {
return ability.can(AbilityAction.Manage, 'RefreshToken');
}
@ -29,14 +39,38 @@ export class CreateRefreshTokenAbilityHandler implements IAbilityHandler {
@Injectable()
export class UpdateRefreshTokenAbilityHandler implements IAbilityHandler {
handle(ability: AppAbility) {
return ability.can(AbilityAction.Update, 'RefreshToken');
constructor(private readonly prismaService: PrismaService) {}
async handle(ability: AppAbility, context: ExecutionContext) {
const gqlContext = GqlExecutionContext.create(context);
const args = gqlContext.getArgs<RefreshTokenArgs>();
const refreshToken = await this.prismaService.refreshToken.findFirst({
where: args.where,
});
assert(refreshToken, '', NotFoundException);
return ability.can(
AbilityAction.Update,
subject('RefreshToken', refreshToken),
);
}
}
@Injectable()
export class DeleteRefreshTokenAbilityHandler implements IAbilityHandler {
handle(ability: AppAbility) {
return ability.can(AbilityAction.Delete, 'RefreshToken');
constructor(private readonly prismaService: PrismaService) {}
async handle(ability: AppAbility, context: ExecutionContext) {
const gqlContext = GqlExecutionContext.create(context);
const args = gqlContext.getArgs<RefreshTokenArgs>();
const refreshToken = await this.prismaService.refreshToken.findFirst({
where: args.where,
});
assert(refreshToken, '', NotFoundException);
return ability.can(
AbilityAction.Delete,
subject('RefreshToken', refreshToken),
);
}
}

42
server/src/ability/handlers/user.ability-handler.ts
View File

@ -2,12 +2,22 @@ import { PrismaService } from 'src/database/prisma.service';
import { AbilityAction } from '../ability.action';
import { AppAbility } from '../ability.factory';
import { IAbilityHandler } from '../interfaces/ability-handler.interface';
import { Injectable } from '@nestjs/common';
import {
ExecutionContext,
Injectable,
NotFoundException,
} from '@nestjs/common';
import { assert } from 'src/utils/assert';
import { UserWhereInput } from 'src/core/@generated/user/user-where.input';
import { GqlExecutionContext } from '@nestjs/graphql';
import { subject } from '@casl/ability';
class UserArgs {
where?: UserWhereInput;
}
@Injectable()
export class ManageUserAbilityHandler implements IAbilityHandler {
constructor(private readonly prismaService: PrismaService) {}
async handle(ability: AppAbility) {
return ability.can(AbilityAction.Manage, 'User');
}
@ -29,14 +39,32 @@ export class CreateUserAbilityHandler implements IAbilityHandler {
@Injectable()
export class UpdateUserAbilityHandler implements IAbilityHandler {
handle(ability: AppAbility) {
return ability.can(AbilityAction.Update, 'User');
constructor(private readonly prismaService: PrismaService) {}
async handle(ability: AppAbility, context: ExecutionContext) {
const gqlContext = GqlExecutionContext.create(context);
const args = gqlContext.getArgs<UserArgs>();
const user = await this.prismaService.user.findFirst({
where: args.where,
});
assert(user, '', NotFoundException);
return ability.can(AbilityAction.Update, subject('User', user));
}
}
@Injectable()
export class DeleteUserAbilityHandler implements IAbilityHandler {
handle(ability: AppAbility) {
return ability.can(AbilityAction.Delete, 'User');
constructor(private readonly prismaService: PrismaService) {}
async handle(ability: AppAbility, context: ExecutionContext) {
const gqlContext = GqlExecutionContext.create(context);
const args = gqlContext.getArgs<UserArgs>();
const user = await this.prismaService.user.findFirst({
where: args.where,
});
assert(user, '', NotFoundException);
return ability.can(AbilityAction.Delete, subject('User', user));
}
}

48
server/src/ability/handlers/workspace-member.ability-handler.ts
View File

@ -2,12 +2,22 @@ import { PrismaService } from 'src/database/prisma.service';
import { AbilityAction } from '../ability.action';
import { AppAbility } from '../ability.factory';
import { IAbilityHandler } from '../interfaces/ability-handler.interface';
import { Injectable } from '@nestjs/common';
import {
ExecutionContext,
Injectable,
NotFoundException,
} from '@nestjs/common';
import { subject } from '@casl/ability';
import { WorkspaceMemberWhereInput } from 'src/core/@generated/workspace-member/workspace-member-where.input';
import { GqlExecutionContext } from '@nestjs/graphql';
import { assert } from 'src/utils/assert';
class WorksapceMemberArgs {
where?: WorkspaceMemberWhereInput;
}
@Injectable()
export class ManageWorkspaceMemberAbilityHandler implements IAbilityHandler {
constructor(private readonly prismaService: PrismaService) {}
async handle(ability: AppAbility) {
return ability.can(AbilityAction.Manage, 'WorkspaceMember');
}
@ -29,14 +39,38 @@ export class CreateWorkspaceMemberAbilityHandler implements IAbilityHandler {
@Injectable()
export class UpdateWorkspaceMemberAbilityHandler implements IAbilityHandler {
handle(ability: AppAbility) {
return ability.can(AbilityAction.Update, 'WorkspaceMember');
constructor(private readonly prismaService: PrismaService) {}
async handle(ability: AppAbility, context: ExecutionContext) {
const gqlContext = GqlExecutionContext.create(context);
const args = gqlContext.getArgs<WorksapceMemberArgs>();
const workspaceMember = await this.prismaService.workspaceMember.findFirst({
where: args.where,
});
assert(workspaceMember, '', NotFoundException);
return ability.can(
AbilityAction.Update,
subject('WorkspaceMember', workspaceMember),
);
}
}
@Injectable()
export class DeleteWorkspaceMemberAbilityHandler implements IAbilityHandler {
handle(ability: AppAbility) {
return ability.can(AbilityAction.Delete, 'WorkspaceMember');
constructor(private readonly prismaService: PrismaService) {}
async handle(ability: AppAbility, context: ExecutionContext) {
const gqlContext = GqlExecutionContext.create(context);
const args = gqlContext.getArgs<WorksapceMemberArgs>();
const workspaceMember = await this.prismaService.workspaceMember.findFirst({
where: args.where,
});
assert(workspaceMember, '', NotFoundException);
return ability.can(
AbilityAction.Delete,
subject('WorkspaceMember', workspaceMember),
);
}
}

42
server/src/ability/handlers/workspace.ability-handler.ts
View File

@ -2,12 +2,22 @@ import { PrismaService } from 'src/database/prisma.service';
import { AbilityAction } from '../ability.action';
import { AppAbility } from '../ability.factory';
import { IAbilityHandler } from '../interfaces/ability-handler.interface';
import { Injectable } from '@nestjs/common';
import {
ExecutionContext,
Injectable,
NotFoundException,
} from '@nestjs/common';
import { subject } from '@casl/ability';
import { WorkspaceWhereInput } from 'src/core/@generated/workspace/workspace-where.input';
import { GqlExecutionContext } from '@nestjs/graphql';
import { assert } from 'src/utils/assert';
class WorksapceArgs {
where?: WorkspaceWhereInput;
}
@Injectable()
export class ManageWorkspaceAbilityHandler implements IAbilityHandler {
constructor(private readonly prismaService: PrismaService) {}
async handle(ability: AppAbility) {
return ability.can(AbilityAction.Manage, 'Workspace');
}
@ -29,14 +39,32 @@ export class CreateWorkspaceAbilityHandler implements IAbilityHandler {
@Injectable()
export class UpdateWorkspaceAbilityHandler implements IAbilityHandler {
handle(ability: AppAbility) {
return ability.can(AbilityAction.Update, 'Workspace');
constructor(private readonly prismaService: PrismaService) {}
async handle(ability: AppAbility, context: ExecutionContext) {
const gqlContext = GqlExecutionContext.create(context);
const args = gqlContext.getArgs<WorksapceArgs>();
const workspace = await this.prismaService.workspace.findFirst({
where: args.where,
});
assert(workspace, '', NotFoundException);
return ability.can(AbilityAction.Update, subject('Workspace', workspace));
}
}
@Injectable()
export class DeleteWorkspaceAbilityHandler implements IAbilityHandler {
handle(ability: AppAbility) {
return ability.can(AbilityAction.Delete, 'Workspace');
constructor(private readonly prismaService: PrismaService) {}
async handle(ability: AppAbility, context: ExecutionContext) {
const gqlContext = GqlExecutionContext.create(context);
const args = gqlContext.getArgs<WorksapceArgs>();
const workspace = await this.prismaService.workspace.findFirst({
where: args.where,
});
assert(workspace, '', NotFoundException);
return ability.can(AbilityAction.Delete, subject('Workspace', workspace));
}
}

5
server/src/core/comment/resolvers/comment-thread.resolver.spec.ts
View File

@ -4,6 +4,7 @@ import { CommentThreadService } from '../services/comment-thread.service';
import { CanActivate } from '@nestjs/common';
import { CreateOneCommentGuard } from 'src/guards/create-one-comment.guard';
import { CreateOneCommentThreadGuard } from 'src/guards/create-one-comment-thread.guard';
import { AbilityFactory } from 'src/ability/ability.factory';
describe('CommentThreadResolver', () => {
let resolver: CommentThreadResolver;
@ -18,6 +19,10 @@ describe('CommentThreadResolver', () => {
provide: CommentThreadService,
useValue: {},
},
{
provide: AbilityFactory,
useValue: {},
},
],
})
.overrideGuard(CreateOneCommentGuard)

30
server/src/core/comment/resolvers/comment-thread.resolver.ts
View File

@ -8,13 +8,22 @@ import { CreateOneCommentThreadArgs } from '../../../core/@generated/comment-thr
import { CreateOneCommentThreadGuard } from '../../../guards/create-one-comment-thread.guard';
import { FindManyCommentThreadArgs } from '../../../core/@generated/comment-thread/find-many-comment-thread.args';
import { CommentThreadService } from '../services/comment-thread.service';
import { prepareFindManyArgs } from 'src/utils/prepare-find-many';
import { UpdateOneCommentThreadArgs } from 'src/core/@generated/comment-thread/update-one-comment-thread.args';
import { Prisma } from '@prisma/client';
import {
PrismaSelector,
PrismaSelect,
} from 'src/decorators/prisma-select.decorator';
import { AbilityGuard } from 'src/guards/ability.guard';
import { CheckAbilities } from 'src/decorators/check-abilities.decorator';
import {
CreateCommentThreadAbilityHandler,
ReadCommentThreadAbilityHandler,
UpdateCommentThreadAbilityHandler,
} from 'src/ability/handlers/comment-thread.ability-handler';
import { UserAbility } from 'src/decorators/user-ability.decorator';
import { AppAbility } from 'src/ability/ability.factory';
import { accessibleBy } from '@casl/prisma';
@UseGuards(JwtAuthGuard)
@Resolver(() => CommentThread)
@ -25,6 +34,8 @@ export class CommentThreadResolver {
@Mutation(() => CommentThread, {
nullable: false,
})
@UseGuards(AbilityGuard)
@CheckAbilities(CreateCommentThreadAbilityHandler)
async createOneCommentThread(
@Args() args: CreateOneCommentThreadArgs,
@AuthWorkspace() workspace: Workspace,
@ -53,6 +64,8 @@ export class CommentThreadResolver {
@Mutation(() => CommentThread, {
nullable: false,
})
@UseGuards(AbilityGuard)
@CheckAbilities(UpdateCommentThreadAbilityHandler)
async updateOneCommentThread(
@Args() args: UpdateOneCommentThreadArgs,
@PrismaSelector({ modelName: 'CommentThread' })
@ -67,19 +80,20 @@ export class CommentThreadResolver {
}
@Query(() => [CommentThread])
@UseGuards(AbilityGuard)
@CheckAbilities(ReadCommentThreadAbilityHandler)
async findManyCommentThreads(
@Args() args: FindManyCommentThreadArgs,
@AuthWorkspace() workspace: Workspace,
@UserAbility() ability: AppAbility,
@PrismaSelector({ modelName: 'CommentThread' })
prismaSelect: PrismaSelect<'CommentThread'>,
): Promise<Partial<CommentThread>[]> {
const preparedArgs = prepareFindManyArgs<FindManyCommentThreadArgs>(
args,
workspace,
);
const result = await this.commentThreadService.findMany({
...preparedArgs,
...args,
where: {
...args.where,
AND: [accessibleBy(ability).CommentThread],
},
select: prismaSelect.value,
});

5
server/src/core/comment/resolvers/comment.resolver.spec.ts
View File

@ -3,6 +3,7 @@ import { CommentResolver } from './comment.resolver';
import { CommentService } from '../services/comment.service';
import { CreateOneCommentGuard } from 'src/guards/create-one-comment.guard';
import { CanActivate } from '@nestjs/common';
import { AbilityFactory } from 'src/ability/ability.factory';
describe('CommentResolver', () => {
let resolver: CommentResolver;
@ -17,6 +18,10 @@ describe('CommentResolver', () => {
provide: CommentService,
useValue: {},
},
{
provide: AbilityFactory,
useValue: {},
},
],
})
.overrideGuard(CreateOneCommentGuard)

8
server/src/core/comment/resolvers/comment.resolver.ts
View File

@ -12,6 +12,11 @@ import {
PrismaSelector,
PrismaSelect,
} from 'src/decorators/prisma-select.decorator';
import { AbilityGuard } from 'src/guards/ability.guard';
import { CheckAbilities } from 'src/decorators/check-abilities.decorator';
import { CreateCommentAbilityHandler } from 'src/ability/handlers/comment.ability-handler';
import { AuthUser } from 'src/decorators/auth-user.decorator';
import { User } from 'src/core/@generated/user/user.model';
@UseGuards(JwtAuthGuard)
@Resolver(() => Comment)
@ -22,8 +27,11 @@ export class CommentResolver {
@Mutation(() => Comment, {
nullable: false,
})
@UseGuards(AbilityGuard)
@CheckAbilities(CreateCommentAbilityHandler)
async createOneComment(
@Args() args: CreateOneCommentArgs,
@AuthUser() user: User,
@AuthWorkspace() workspace: Workspace,
@PrismaSelector({ modelName: 'Comment' })
prismaSelect: PrismaSelect<'Comment'>,

5
server/src/core/company/company.resolver.spec.ts
View File

@ -5,6 +5,7 @@ import { UpdateOneGuard } from 'src/guards/update-one.guard';
import { CanActivate } from '@nestjs/common';
import { DeleteManyGuard } from 'src/guards/delete-many.guard';
import { CreateOneGuard } from 'src/guards/create-one.guard';
import { AbilityFactory } from 'src/ability/ability.factory';
describe('CompanyResolver', () => {
let resolver: CompanyResolver;
@ -19,6 +20,10 @@ describe('CompanyResolver', () => {
provide: CompanyService,
useValue: {},
},
{
provide: AbilityFactory,
useValue: {},
},
],
})
.overrideGuard(UpdateOneGuard)

32
server/src/core/company/company.resolver.ts
View File

@ -14,11 +14,21 @@ import { UpdateOneGuard } from '../../guards/update-one.guard';
import { DeleteManyGuard } from '../../guards/delete-many.guard';
import { CreateOneGuard } from '../../guards/create-one.guard';
import { CompanyService } from './company.service';
import { prepareFindManyArgs } from 'src/utils/prepare-find-many';
import {
PrismaSelect,
PrismaSelector,
} from 'src/decorators/prisma-select.decorator';
import { AbilityGuard } from 'src/guards/ability.guard';
import { CheckAbilities } from 'src/decorators/check-abilities.decorator';
import {
CreateCompanyAbilityHandler,
DeleteCompanyAbilityHandler,
ReadCompanyAbilityHandler,
} from 'src/ability/handlers/company.ability-handler';
import { UserAbility } from 'src/decorators/user-ability.decorator';
import { AppAbility } from 'src/ability/ability.factory';
import { accessibleBy } from '@casl/prisma';
import { UpdateCommentAbilityHandler } from 'src/ability/handlers/comment.ability-handler';
@UseGuards(JwtAuthGuard)
@Resolver(() => Company)
@ -26,18 +36,20 @@ export class CompanyResolver {
constructor(private readonly companyService: CompanyService) {}
@Query(() => [Company])
@UseGuards(AbilityGuard)
@CheckAbilities(ReadCompanyAbilityHandler)
async findManyCompany(
@Args() args: FindManyCompanyArgs,
@AuthWorkspace() workspace: Workspace,
@UserAbility() ability: AppAbility,
@PrismaSelector({ modelName: 'Company' })
prismaSelect: PrismaSelect<'Company'>,
): Promise<Partial<Company>[]> {
const preparedArgs = prepareFindManyArgs<FindManyCompanyArgs>(
args,
workspace,
);
return this.companyService.findMany({
...preparedArgs,
...args,
where: {
...args.where,
AND: [accessibleBy(ability).Company],
},
select: prismaSelect.value,
});
}
@ -46,6 +58,8 @@ export class CompanyResolver {
@Mutation(() => Company, {
nullable: true,
})
@UseGuards(AbilityGuard)
@CheckAbilities(UpdateCommentAbilityHandler)
async updateOneCompany(
@Args() args: UpdateOneCompanyArgs,
@PrismaSelector({ modelName: 'Company' })
@ -65,6 +79,8 @@ export class CompanyResolver {
@Mutation(() => AffectedRows, {
nullable: false,
})
@UseGuards(AbilityGuard)
@CheckAbilities(DeleteCompanyAbilityHandler)
async deleteManyCompany(
@Args() args: DeleteManyCompanyArgs,
): Promise<AffectedRows> {
@ -77,6 +93,8 @@ export class CompanyResolver {
@Mutation(() => Company, {
nullable: false,
})
@UseGuards(AbilityGuard)
@CheckAbilities(CreateCompanyAbilityHandler)
async createOneCompany(
@Args() args: CreateOneCompanyArgs,
@AuthWorkspace() workspace: Workspace,

5
server/src/core/person/person.resolver.spec.ts
View File

@ -5,6 +5,7 @@ import { UpdateOneGuard } from 'src/guards/update-one.guard';
import { CanActivate } from '@nestjs/common';
import { DeleteManyGuard } from 'src/guards/delete-many.guard';
import { CreateOneGuard } from 'src/guards/create-one.guard';
import { AbilityFactory } from 'src/ability/ability.factory';
describe('PersonResolver', () => {
let resolver: PersonResolver;
@ -19,6 +20,10 @@ describe('PersonResolver', () => {
provide: PersonService,
useValue: {},
},
{
provide: AbilityFactory,
useValue: {},
},
],
})
.overrideGuard(UpdateOneGuard)

33
server/src/core/person/person.resolver.ts
View File

@ -14,11 +14,21 @@ import { UpdateOneGuard } from '../../guards/update-one.guard';
import { DeleteManyGuard } from '../../guards/delete-many.guard';
import { CreateOneGuard } from '../../guards/create-one.guard';
import { PersonService } from './person.service';
import { prepareFindManyArgs } from 'src/utils/prepare-find-many';
import {
PrismaSelect,
PrismaSelector,
} from 'src/decorators/prisma-select.decorator';
import { AbilityGuard } from 'src/guards/ability.guard';
import { CheckAbilities } from 'src/decorators/check-abilities.decorator';
import {
CreatePersonAbilityHandler,
DeletePersonAbilityHandler,
ReadPersonAbilityHandler,
UpdatePersonAbilityHandler,
} from 'src/ability/handlers/person.ability-handler';
import { UserAbility } from 'src/decorators/user-ability.decorator';
import { AppAbility } from 'src/ability/ability.factory';
import { accessibleBy } from '@casl/prisma';
@UseGuards(JwtAuthGuard)
@Resolver(() => Person)
@ -28,19 +38,20 @@ export class PersonResolver {
@Query(() => [Person], {
nullable: false,
})
@UseGuards(AbilityGuard)
@CheckAbilities(ReadPersonAbilityHandler)
async findManyPerson(
@Args() args: FindManyPersonArgs,
@AuthWorkspace() workspace: Workspace,
@UserAbility() ability: AppAbility,
@PrismaSelector({ modelName: 'Person' })
prismaSelect: PrismaSelect<'Person'>,
): Promise<Partial<Person>[]> {
const preparedArgs = prepareFindManyArgs<FindManyPersonArgs>(
args,
workspace,
);
return this.personService.findMany({
...preparedArgs,
...args,
where: {
...args.where,
AND: [accessibleBy(ability).Person],
},
select: prismaSelect.value,
});
}
@ -49,6 +60,8 @@ export class PersonResolver {
@Mutation(() => Person, {
nullable: true,
})
@UseGuards(AbilityGuard)
@CheckAbilities(UpdatePersonAbilityHandler)
async updateOnePerson(
@Args() args: UpdateOnePersonArgs,
@PrismaSelector({ modelName: 'Person' })
@ -68,6 +81,8 @@ export class PersonResolver {
@Mutation(() => AffectedRows, {
nullable: false,
})
@UseGuards(AbilityGuard)
@CheckAbilities(DeletePersonAbilityHandler)
async deleteManyPerson(
@Args() args: DeleteManyPersonArgs,
): Promise<AffectedRows> {
@ -80,6 +95,8 @@ export class PersonResolver {
@Mutation(() => Person, {
nullable: false,
})
@UseGuards(AbilityGuard)
@CheckAbilities(CreatePersonAbilityHandler)
async createOnePerson(
@Args() args: CreateOnePersonArgs,
@AuthWorkspace() workspace: Workspace,

5
server/src/core/user/user.resolver.spec.ts
View File

@ -1,6 +1,7 @@
import { Test, TestingModule } from '@nestjs/testing';
import { UserResolver } from './user.resolver';
import { UserService } from './user.service';
import { AbilityFactory } from 'src/ability/ability.factory';
describe('UserResolver', () => {
let resolver: UserResolver;
@ -13,6 +14,10 @@ describe('UserResolver', () => {
provide: UserService,
useValue: {},
},
{
provide: AbilityFactory,
useValue: {},
},
],
}).compile();

13
server/src/core/user/user.resolver.ts
View File

@ -11,6 +11,12 @@ import {
PrismaSelect,
PrismaSelector,
} from 'src/decorators/prisma-select.decorator';
import { AbilityGuard } from 'src/guards/ability.guard';
import { CheckAbilities } from 'src/decorators/check-abilities.decorator';
import { ReadUserAbilityHandler } from 'src/ability/handlers/user.ability-handler';
import { UserAbility } from 'src/decorators/user-ability.decorator';
import { AppAbility } from 'src/ability/ability.factory';
import { accessibleBy } from '@casl/prisma';
@UseGuards(JwtAuthGuard)
@Resolver(() => User)
@ -21,9 +27,12 @@ export class UserResolver {
@Query(() => [User], {
nullable: false,
})
@UseGuards(AbilityGuard)
@CheckAbilities(ReadUserAbilityHandler)
async findManyUser(
@Args() args: FindManyUserArgs,
@AuthWorkspace() workspace: Workspace,
@UserAbility() ability: AppAbility,
@PrismaSelector({ modelName: 'User' })
prismaSelect: PrismaSelect<'User'>,
): Promise<Partial<User>[]> {
@ -31,9 +40,7 @@ export class UserResolver {
...args,
where: {
...args.where,
workspaceMember: {
is: { workspace: { is: { id: { equals: workspace.id } } } },
},
AND: [accessibleBy(ability).User],
},
select: prismaSelect.value,
});

15
server/src/utils/prepare-find-many.ts
View File

@ -1,15 +0,0 @@
import { Workspace } from '@prisma/client';
type FindManyArgsType = { where?: object; orderBy?: object };
export const prepareFindManyArgs = <T extends FindManyArgsType>(
args: T,
workspace: Workspace,
): T => {
args.where = {
...args.where,
...{ workspace: { is: { id: { equals: workspace.id } } } },
};
return args;
};