feat: add missing abilities (#354)

feat: add all missing abilities rules on resolvers

server/src/ability/ability.factory.ts

@@ -45,6 +45,11 @@ export class AbilityFactory {
     );
 
     // User
+    can(AbilityAction.Read, 'User', {
+      workspaceMember: {
+        workspaceId: workspace.id,
+      },
+    });
     can(AbilityAction.Update, 'User', { id: user.id });
     cannot(AbilityAction.Delete, 'User');
 

server/src/ability/handlers/comment-thread-target.ability-handler.ts

@@ -2,14 +2,24 @@ import { PrismaService } from 'src/database/prisma.service';
 import { AbilityAction } from '../ability.action';
 import { AppAbility } from '../ability.factory';
 import { IAbilityHandler } from '../interfaces/ability-handler.interface';
-import { Injectable } from '@nestjs/common';
+import {
+  ExecutionContext,
+  Injectable,
+  NotFoundException,
+} from '@nestjs/common';
+import { CommentThreadTargetWhereInput } from 'src/core/@generated/comment-thread-target/comment-thread-target-where.input';
+import { GqlExecutionContext } from '@nestjs/graphql';
+import { assert } from 'src/utils/assert';
+import { subject } from '@casl/ability';
+
+class CommentThreadTargetArgs {
+  where?: CommentThreadTargetWhereInput;
+}
 
 @Injectable()
 export class ManageCommentThreadTargetAbilityHandler
   implements IAbilityHandler
 {
-  constructor(private readonly prismaService: PrismaService) {}
-
   async handle(ability: AppAbility) {
     return ability.can(AbilityAction.Manage, 'CommentThreadTarget');
   }
@@ -35,8 +45,21 @@ export class CreateCommentThreadTargetAbilityHandler
 export class UpdateCommentThreadTargetAbilityHandler
   implements IAbilityHandler
 {
-  handle(ability: AppAbility) {
-    return ability.can(AbilityAction.Update, 'CommentThreadTarget');
+  constructor(private readonly prismaService: PrismaService) {}
+
+  async handle(ability: AppAbility, context: ExecutionContext) {
+    const gqlContext = GqlExecutionContext.create(context);
+    const args = gqlContext.getArgs<CommentThreadTargetArgs>();
+    const commentThreadTarget =
+      await this.prismaService.commentThreadTarget.findFirst({
+        where: args.where,
+      });
+    assert(commentThreadTarget, '', NotFoundException);
+
+    return ability.can(
+      AbilityAction.Update,
+      subject('CommentThreadTarget', commentThreadTarget),
+    );
   }
 }
 
@@ -44,7 +67,20 @@ export class UpdateCommentThreadTargetAbilityHandler
 export class DeleteCommentThreadTargetAbilityHandler
   implements IAbilityHandler
 {
-  handle(ability: AppAbility) {
-    return ability.can(AbilityAction.Delete, 'CommentThreadTarget');
+  constructor(private readonly prismaService: PrismaService) {}
+
+  async handle(ability: AppAbility, context: ExecutionContext) {
+    const gqlContext = GqlExecutionContext.create(context);
+    const args = gqlContext.getArgs<CommentThreadTargetArgs>();
+    const commentThreadTarget =
+      await this.prismaService.commentThreadTarget.findFirst({
+        where: args.where,
+      });
+    assert(commentThreadTarget, '', NotFoundException);
+
+    return ability.can(
+      AbilityAction.Delete,
+      subject('CommentThreadTarget', commentThreadTarget),
+    );
   }
 }

server/src/ability/handlers/comment-thread.ability-handler.ts

@@ -2,12 +2,22 @@ import { PrismaService } from 'src/database/prisma.service';
 import { AbilityAction } from '../ability.action';
 import { AppAbility } from '../ability.factory';
 import { IAbilityHandler } from '../interfaces/ability-handler.interface';
-import { Injectable } from '@nestjs/common';
+import {
+  ExecutionContext,
+  Injectable,
+  NotFoundException,
+} from '@nestjs/common';
+import { GqlExecutionContext } from '@nestjs/graphql';
+import { CommentThreadWhereInput } from 'src/core/@generated/comment-thread/comment-thread-where.input';
+import { assert } from 'src/utils/assert';
+import { subject } from '@casl/ability';
+
+class CommentThreadArgs {
+  where?: CommentThreadWhereInput;
+}
 
 @Injectable()
 export class ManageCommentThreadAbilityHandler implements IAbilityHandler {
-  constructor(private readonly prismaService: PrismaService) {}
-
   async handle(ability: AppAbility) {
     return ability.can(AbilityAction.Manage, 'CommentThread');
   }
@@ -29,14 +39,38 @@ export class CreateCommentThreadAbilityHandler implements IAbilityHandler {
 
 @Injectable()
 export class UpdateCommentThreadAbilityHandler implements IAbilityHandler {
-  handle(ability: AppAbility) {
-    return ability.can(AbilityAction.Update, 'CommentThread');
+  constructor(private readonly prismaService: PrismaService) {}
+
+  async handle(ability: AppAbility, context: ExecutionContext) {
+    const gqlContext = GqlExecutionContext.create(context);
+    const args = gqlContext.getArgs<CommentThreadArgs>();
+    const commentThread = await this.prismaService.commentThread.findFirst({
+      where: args.where,
+    });
+    assert(commentThread, '', NotFoundException);
+
+    return ability.can(
+      AbilityAction.Update,
+      subject('CommentThread', commentThread),
+    );
   }
 }
 
 @Injectable()
 export class DeleteCommentThreadAbilityHandler implements IAbilityHandler {
-  handle(ability: AppAbility) {
-    return ability.can(AbilityAction.Delete, 'CommentThread');
+  constructor(private readonly prismaService: PrismaService) {}
+
+  async handle(ability: AppAbility, context: ExecutionContext) {
+    const gqlContext = GqlExecutionContext.create(context);
+    const args = gqlContext.getArgs<CommentThreadArgs>();
+    const commentThread = await this.prismaService.commentThread.findFirst({
+      where: args.where,
+    });
+    assert(commentThread, '', NotFoundException);
+
+    return ability.can(
+      AbilityAction.Delete,
+      subject('CommentThread', commentThread),
+    );
   }
 }

server/src/ability/handlers/comment.ability-handler.ts

@@ -2,12 +2,22 @@ import { PrismaService } from 'src/database/prisma.service';
 import { AbilityAction } from '../ability.action';
 import { AppAbility } from '../ability.factory';
 import { IAbilityHandler } from '../interfaces/ability-handler.interface';
-import { Injectable } from '@nestjs/common';
+import {
+  ExecutionContext,
+  Injectable,
+  NotFoundException,
+} from '@nestjs/common';
+import { subject } from '@casl/ability';
+import { CommentWhereInput } from 'src/core/@generated/comment/comment-where.input';
+import { GqlExecutionContext } from '@nestjs/graphql';
+import { assert } from 'src/utils/assert';
+
+class CommentArgs {
+  where?: CommentWhereInput;
+}
 
 @Injectable()
 export class ManageCommentAbilityHandler implements IAbilityHandler {
-  constructor(private readonly prismaService: PrismaService) {}
-
   async handle(ability: AppAbility) {
     return ability.can(AbilityAction.Manage, 'Comment');
   }
@@ -29,14 +39,32 @@ export class CreateCommentAbilityHandler implements IAbilityHandler {
 
 @Injectable()
 export class UpdateCommentAbilityHandler implements IAbilityHandler {
-  handle(ability: AppAbility) {
-    return ability.can(AbilityAction.Update, 'Comment');
+  constructor(private readonly prismaService: PrismaService) {}
+
+  async handle(ability: AppAbility, context: ExecutionContext) {
+    const gqlContext = GqlExecutionContext.create(context);
+    const args = gqlContext.getArgs<CommentArgs>();
+    const comment = await this.prismaService.comment.findFirst({
+      where: args.where,
+    });
+    assert(comment, '', NotFoundException);
+
+    return ability.can(AbilityAction.Update, subject('Comment', comment));
   }
 }
 
 @Injectable()
 export class DeleteCommentAbilityHandler implements IAbilityHandler {
-  handle(ability: AppAbility) {
-    return ability.can(AbilityAction.Delete, 'Comment');
+  constructor(private readonly prismaService: PrismaService) {}
+
+  async handle(ability: AppAbility, context: ExecutionContext) {
+    const gqlContext = GqlExecutionContext.create(context);
+    const args = gqlContext.getArgs<CommentArgs>();
+    const comment = await this.prismaService.comment.findFirst({
+      where: args.where,
+    });
+    assert(comment, '', NotFoundException);
+
+    return ability.can(AbilityAction.Delete, subject('Comment', comment));
   }
 }

server/src/ability/handlers/company.ability-handler.ts

@@ -2,12 +2,22 @@ import { PrismaService } from 'src/database/prisma.service';
 import { AbilityAction } from '../ability.action';
 import { AppAbility } from '../ability.factory';
 import { IAbilityHandler } from '../interfaces/ability-handler.interface';
-import { Injectable } from '@nestjs/common';
+import {
+  ExecutionContext,
+  Injectable,
+  NotFoundException,
+} from '@nestjs/common';
+import { CompanyWhereInput } from 'src/core/@generated/company/company-where.input';
+import { GqlExecutionContext } from '@nestjs/graphql';
+import { assert } from 'src/utils/assert';
+import { subject } from '@casl/ability';
+
+class CompanyArgs {
+  where?: CompanyWhereInput;
+}
 
 @Injectable()
 export class ManageCompanyAbilityHandler implements IAbilityHandler {
-  constructor(private readonly prismaService: PrismaService) {}
-
   async handle(ability: AppAbility) {
     return ability.can(AbilityAction.Manage, 'Company');
   }
@@ -29,14 +39,32 @@ export class CreateCompanyAbilityHandler implements IAbilityHandler {
 
 @Injectable()
 export class UpdateCompanyAbilityHandler implements IAbilityHandler {
-  handle(ability: AppAbility) {
-    return ability.can(AbilityAction.Update, 'Company');
+  constructor(private readonly prismaService: PrismaService) {}
+
+  async handle(ability: AppAbility, context: ExecutionContext) {
+    const gqlContext = GqlExecutionContext.create(context);
+    const args = gqlContext.getArgs<CompanyArgs>();
+    const company = await this.prismaService.company.findFirst({
+      where: args.where,
+    });
+    assert(company, '', NotFoundException);
+
+    return ability.can(AbilityAction.Update, subject('Company', company));
   }
 }
 
 @Injectable()
 export class DeleteCompanyAbilityHandler implements IAbilityHandler {
-  handle(ability: AppAbility) {
-    return ability.can(AbilityAction.Delete, 'Company');
+  constructor(private readonly prismaService: PrismaService) {}
+
+  async handle(ability: AppAbility, context: ExecutionContext) {
+    const gqlContext = GqlExecutionContext.create(context);
+    const args = gqlContext.getArgs<CompanyArgs>();
+    const company = await this.prismaService.company.findFirst({
+      where: args.where,
+    });
+    assert(company, '', NotFoundException);
+
+    return ability.can(AbilityAction.Delete, subject('Company', company));
   }
 }

server/src/ability/handlers/person.ability-handler.ts

@@ -2,12 +2,22 @@ import { PrismaService } from 'src/database/prisma.service';
 import { AbilityAction } from '../ability.action';
 import { AppAbility } from '../ability.factory';
 import { IAbilityHandler } from '../interfaces/ability-handler.interface';
-import { Injectable } from '@nestjs/common';
+import {
+  ExecutionContext,
+  Injectable,
+  NotFoundException,
+} from '@nestjs/common';
+import { PersonWhereInput } from 'src/core/@generated/person/person-where.input';
+import { GqlExecutionContext } from '@nestjs/graphql';
+import { assert } from 'src/utils/assert';
+import { subject } from '@casl/ability';
+
+class PersonArgs {
+  where?: PersonWhereInput;
+}
 
 @Injectable()
 export class ManagePersonAbilityHandler implements IAbilityHandler {
-  constructor(private readonly prismaService: PrismaService) {}
-
   async handle(ability: AppAbility) {
     return ability.can(AbilityAction.Manage, 'Person');
   }
@@ -29,14 +39,32 @@ export class CreatePersonAbilityHandler implements IAbilityHandler {
 
 @Injectable()
 export class UpdatePersonAbilityHandler implements IAbilityHandler {
-  handle(ability: AppAbility) {
-    return ability.can(AbilityAction.Update, 'Person');
+  constructor(private readonly prismaService: PrismaService) {}
+
+  async handle(ability: AppAbility, context: ExecutionContext) {
+    const gqlContext = GqlExecutionContext.create(context);
+    const args = gqlContext.getArgs<PersonArgs>();
+    const person = await this.prismaService.person.findFirst({
+      where: args.where,
+    });
+    assert(person, '', NotFoundException);
+
+    return ability.can(AbilityAction.Update, subject('Person', person));
   }
 }
 
 @Injectable()
 export class DeletePersonAbilityHandler implements IAbilityHandler {
-  handle(ability: AppAbility) {
-    return ability.can(AbilityAction.Delete, 'Person');
+  constructor(private readonly prismaService: PrismaService) {}
+
+  async handle(ability: AppAbility, context: ExecutionContext) {
+    const gqlContext = GqlExecutionContext.create(context);
+    const args = gqlContext.getArgs<PersonArgs>();
+    const person = await this.prismaService.person.findFirst({
+      where: args.where,
+    });
+    assert(person, '', NotFoundException);
+
+    return ability.can(AbilityAction.Delete, subject('Person', person));
   }
 }

server/src/ability/handlers/refresh-token.ability-handler.ts

@@ -2,12 +2,22 @@ import { PrismaService } from 'src/database/prisma.service';
 import { AbilityAction } from '../ability.action';
 import { AppAbility } from '../ability.factory';
 import { IAbilityHandler } from '../interfaces/ability-handler.interface';
-import { Injectable } from '@nestjs/common';
+import {
+  ExecutionContext,
+  Injectable,
+  NotFoundException,
+} from '@nestjs/common';
+import { subject } from '@casl/ability';
+import { RefreshTokenWhereInput } from 'src/core/@generated/refresh-token/refresh-token-where.input';
+import { GqlExecutionContext } from '@nestjs/graphql';
+import { assert } from 'src/utils/assert';
+
+class RefreshTokenArgs {
+  where?: RefreshTokenWhereInput;
+}
 
 @Injectable()
 export class ManageRefreshTokenAbilityHandler implements IAbilityHandler {
-  constructor(private readonly prismaService: PrismaService) {}
-
   async handle(ability: AppAbility) {
     return ability.can(AbilityAction.Manage, 'RefreshToken');
   }
@@ -29,14 +39,38 @@ export class CreateRefreshTokenAbilityHandler implements IAbilityHandler {
 
 @Injectable()
 export class UpdateRefreshTokenAbilityHandler implements IAbilityHandler {
-  handle(ability: AppAbility) {
-    return ability.can(AbilityAction.Update, 'RefreshToken');
+  constructor(private readonly prismaService: PrismaService) {}
+
+  async handle(ability: AppAbility, context: ExecutionContext) {
+    const gqlContext = GqlExecutionContext.create(context);
+    const args = gqlContext.getArgs<RefreshTokenArgs>();
+    const refreshToken = await this.prismaService.refreshToken.findFirst({
+      where: args.where,
+    });
+    assert(refreshToken, '', NotFoundException);
+
+    return ability.can(
+      AbilityAction.Update,
+      subject('RefreshToken', refreshToken),
+    );
   }
 }
 
 @Injectable()
 export class DeleteRefreshTokenAbilityHandler implements IAbilityHandler {
-  handle(ability: AppAbility) {
-    return ability.can(AbilityAction.Delete, 'RefreshToken');
+  constructor(private readonly prismaService: PrismaService) {}
+
+  async handle(ability: AppAbility, context: ExecutionContext) {
+    const gqlContext = GqlExecutionContext.create(context);
+    const args = gqlContext.getArgs<RefreshTokenArgs>();
+    const refreshToken = await this.prismaService.refreshToken.findFirst({
+      where: args.where,
+    });
+    assert(refreshToken, '', NotFoundException);
+
+    return ability.can(
+      AbilityAction.Delete,
+      subject('RefreshToken', refreshToken),
+    );
   }
 }

server/src/ability/handlers/user.ability-handler.ts

@@ -2,12 +2,22 @@ import { PrismaService } from 'src/database/prisma.service';
 import { AbilityAction } from '../ability.action';
 import { AppAbility } from '../ability.factory';
 import { IAbilityHandler } from '../interfaces/ability-handler.interface';
-import { Injectable } from '@nestjs/common';
+import {
+  ExecutionContext,
+  Injectable,
+  NotFoundException,
+} from '@nestjs/common';
+import { assert } from 'src/utils/assert';
+import { UserWhereInput } from 'src/core/@generated/user/user-where.input';
+import { GqlExecutionContext } from '@nestjs/graphql';
+import { subject } from '@casl/ability';
+
+class UserArgs {
+  where?: UserWhereInput;
+}
 
 @Injectable()
 export class ManageUserAbilityHandler implements IAbilityHandler {
-  constructor(private readonly prismaService: PrismaService) {}
-
   async handle(ability: AppAbility) {
     return ability.can(AbilityAction.Manage, 'User');
   }
@@ -29,14 +39,32 @@ export class CreateUserAbilityHandler implements IAbilityHandler {
 
 @Injectable()
 export class UpdateUserAbilityHandler implements IAbilityHandler {
-  handle(ability: AppAbility) {
-    return ability.can(AbilityAction.Update, 'User');
+  constructor(private readonly prismaService: PrismaService) {}
+
+  async handle(ability: AppAbility, context: ExecutionContext) {
+    const gqlContext = GqlExecutionContext.create(context);
+    const args = gqlContext.getArgs<UserArgs>();
+    const user = await this.prismaService.user.findFirst({
+      where: args.where,
+    });
+    assert(user, '', NotFoundException);
+
+    return ability.can(AbilityAction.Update, subject('User', user));
   }
 }
 
 @Injectable()
 export class DeleteUserAbilityHandler implements IAbilityHandler {
-  handle(ability: AppAbility) {
-    return ability.can(AbilityAction.Delete, 'User');
+  constructor(private readonly prismaService: PrismaService) {}
+
+  async handle(ability: AppAbility, context: ExecutionContext) {
+    const gqlContext = GqlExecutionContext.create(context);
+    const args = gqlContext.getArgs<UserArgs>();
+    const user = await this.prismaService.user.findFirst({
+      where: args.where,
+    });
+    assert(user, '', NotFoundException);
+
+    return ability.can(AbilityAction.Delete, subject('User', user));
   }
 }

server/src/ability/handlers/workspace-member.ability-handler.ts

@@ -2,12 +2,22 @@ import { PrismaService } from 'src/database/prisma.service';
 import { AbilityAction } from '../ability.action';
 import { AppAbility } from '../ability.factory';
 import { IAbilityHandler } from '../interfaces/ability-handler.interface';
-import { Injectable } from '@nestjs/common';
+import {
+  ExecutionContext,
+  Injectable,
+  NotFoundException,
+} from '@nestjs/common';
+import { subject } from '@casl/ability';
+import { WorkspaceMemberWhereInput } from 'src/core/@generated/workspace-member/workspace-member-where.input';
+import { GqlExecutionContext } from '@nestjs/graphql';
+import { assert } from 'src/utils/assert';
+
+class WorksapceMemberArgs {
+  where?: WorkspaceMemberWhereInput;
+}
 
 @Injectable()
 export class ManageWorkspaceMemberAbilityHandler implements IAbilityHandler {
-  constructor(private readonly prismaService: PrismaService) {}
-
   async handle(ability: AppAbility) {
     return ability.can(AbilityAction.Manage, 'WorkspaceMember');
   }
@@ -29,14 +39,38 @@ export class CreateWorkspaceMemberAbilityHandler implements IAbilityHandler {
 
 @Injectable()
 export class UpdateWorkspaceMemberAbilityHandler implements IAbilityHandler {
-  handle(ability: AppAbility) {
-    return ability.can(AbilityAction.Update, 'WorkspaceMember');
+  constructor(private readonly prismaService: PrismaService) {}
+
+  async handle(ability: AppAbility, context: ExecutionContext) {
+    const gqlContext = GqlExecutionContext.create(context);
+    const args = gqlContext.getArgs<WorksapceMemberArgs>();
+    const workspaceMember = await this.prismaService.workspaceMember.findFirst({
+      where: args.where,
+    });
+    assert(workspaceMember, '', NotFoundException);
+
+    return ability.can(
+      AbilityAction.Update,
+      subject('WorkspaceMember', workspaceMember),
+    );
   }
 }
 
 @Injectable()
 export class DeleteWorkspaceMemberAbilityHandler implements IAbilityHandler {
-  handle(ability: AppAbility) {
-    return ability.can(AbilityAction.Delete, 'WorkspaceMember');
+  constructor(private readonly prismaService: PrismaService) {}
+
+  async handle(ability: AppAbility, context: ExecutionContext) {
+    const gqlContext = GqlExecutionContext.create(context);
+    const args = gqlContext.getArgs<WorksapceMemberArgs>();
+    const workspaceMember = await this.prismaService.workspaceMember.findFirst({
+      where: args.where,
+    });
+    assert(workspaceMember, '', NotFoundException);
+
+    return ability.can(
+      AbilityAction.Delete,
+      subject('WorkspaceMember', workspaceMember),
+    );
   }
 }

server/src/ability/handlers/workspace.ability-handler.ts

@@ -2,12 +2,22 @@ import { PrismaService } from 'src/database/prisma.service';
 import { AbilityAction } from '../ability.action';
 import { AppAbility } from '../ability.factory';
 import { IAbilityHandler } from '../interfaces/ability-handler.interface';
-import { Injectable } from '@nestjs/common';
+import {
+  ExecutionContext,
+  Injectable,
+  NotFoundException,
+} from '@nestjs/common';
+import { subject } from '@casl/ability';
+import { WorkspaceWhereInput } from 'src/core/@generated/workspace/workspace-where.input';
+import { GqlExecutionContext } from '@nestjs/graphql';
+import { assert } from 'src/utils/assert';
+
+class WorksapceArgs {
+  where?: WorkspaceWhereInput;
+}
 
 @Injectable()
 export class ManageWorkspaceAbilityHandler implements IAbilityHandler {
-  constructor(private readonly prismaService: PrismaService) {}
-
   async handle(ability: AppAbility) {
     return ability.can(AbilityAction.Manage, 'Workspace');
   }
@@ -29,14 +39,32 @@ export class CreateWorkspaceAbilityHandler implements IAbilityHandler {
 
 @Injectable()
 export class UpdateWorkspaceAbilityHandler implements IAbilityHandler {
-  handle(ability: AppAbility) {
-    return ability.can(AbilityAction.Update, 'Workspace');
+  constructor(private readonly prismaService: PrismaService) {}
+
+  async handle(ability: AppAbility, context: ExecutionContext) {
+    const gqlContext = GqlExecutionContext.create(context);
+    const args = gqlContext.getArgs<WorksapceArgs>();
+    const workspace = await this.prismaService.workspace.findFirst({
+      where: args.where,
+    });
+    assert(workspace, '', NotFoundException);
+
+    return ability.can(AbilityAction.Update, subject('Workspace', workspace));
   }
 }
 
 @Injectable()
 export class DeleteWorkspaceAbilityHandler implements IAbilityHandler {
-  handle(ability: AppAbility) {
-    return ability.can(AbilityAction.Delete, 'Workspace');
+  constructor(private readonly prismaService: PrismaService) {}
+
+  async handle(ability: AppAbility, context: ExecutionContext) {
+    const gqlContext = GqlExecutionContext.create(context);
+    const args = gqlContext.getArgs<WorksapceArgs>();
+    const workspace = await this.prismaService.workspace.findFirst({
+      where: args.where,
+    });
+    assert(workspace, '', NotFoundException);
+
+    return ability.can(AbilityAction.Delete, subject('Workspace', workspace));
   }
 }