feat: add missing abilities (#354)

feat: add all missing abilities rules on resolvers
2023-06-22 20:09:17 +02:00
parent 4a2797c491
commit c4ad0171b0
21 changed files with 461 additions and 104 deletions
--- a/server/src/core/comment/resolvers/comment-thread.resolver.spec.ts
+++ b/server/src/core/comment/resolvers/comment-thread.resolver.spec.ts
@ -4,6 +4,7 @@ import { CommentThreadService } from '../services/comment-thread.service';
 import { CanActivate } from '@nestjs/common';
 import { CreateOneCommentGuard } from 'src/guards/create-one-comment.guard';
 import { CreateOneCommentThreadGuard } from 'src/guards/create-one-comment-thread.guard';
+import { AbilityFactory } from 'src/ability/ability.factory';

 describe('CommentThreadResolver', () => {
  let resolver: CommentThreadResolver;
@ -18,6 +19,10 @@ describe('CommentThreadResolver', () => {
          provide: CommentThreadService,
          useValue: {},
        },
+        {
+          provide: AbilityFactory,
+          useValue: {},
+        },
      ],
    })
      .overrideGuard(CreateOneCommentGuard)
--- a/server/src/core/comment/resolvers/comment-thread.resolver.ts
+++ b/server/src/core/comment/resolvers/comment-thread.resolver.ts
@ -8,13 +8,22 @@ import { CreateOneCommentThreadArgs } from '../../../core/@generated/comment-thr
 import { CreateOneCommentThreadGuard } from '../../../guards/create-one-comment-thread.guard';
 import { FindManyCommentThreadArgs } from '../../../core/@generated/comment-thread/find-many-comment-thread.args';
 import { CommentThreadService } from '../services/comment-thread.service';
-import { prepareFindManyArgs } from 'src/utils/prepare-find-many';
 import { UpdateOneCommentThreadArgs } from 'src/core/@generated/comment-thread/update-one-comment-thread.args';
 import { Prisma } from '@prisma/client';
 import {
  PrismaSelector,
  PrismaSelect,
 } from 'src/decorators/prisma-select.decorator';
+import { AbilityGuard } from 'src/guards/ability.guard';
+import { CheckAbilities } from 'src/decorators/check-abilities.decorator';
+import {
+  CreateCommentThreadAbilityHandler,
+  ReadCommentThreadAbilityHandler,
+  UpdateCommentThreadAbilityHandler,
+} from 'src/ability/handlers/comment-thread.ability-handler';
+import { UserAbility } from 'src/decorators/user-ability.decorator';
+import { AppAbility } from 'src/ability/ability.factory';
+import { accessibleBy } from '@casl/prisma';

@UseGuards(JwtAuthGuard)
@Resolver(() => CommentThread)
@ -25,6 +34,8 @@ export class CommentThreadResolver {
  @Mutation(() => CommentThread, {
    nullable: false,
  })
+  @UseGuards(AbilityGuard)
+  @CheckAbilities(CreateCommentThreadAbilityHandler)
  async createOneCommentThread(
    @Args() args: CreateOneCommentThreadArgs,
    @AuthWorkspace() workspace: Workspace,
@ -53,6 +64,8 @@ export class CommentThreadResolver {
  @Mutation(() => CommentThread, {
    nullable: false,
  })
+  @UseGuards(AbilityGuard)
+  @CheckAbilities(UpdateCommentThreadAbilityHandler)
  async updateOneCommentThread(
    @Args() args: UpdateOneCommentThreadArgs,
    @PrismaSelector({ modelName: 'CommentThread' })
@ -67,19 +80,20 @@ export class CommentThreadResolver {
  }

  @Query(() => [CommentThread])
+  @UseGuards(AbilityGuard)
+  @CheckAbilities(ReadCommentThreadAbilityHandler)
  async findManyCommentThreads(
    @Args() args: FindManyCommentThreadArgs,
-    @AuthWorkspace() workspace: Workspace,
+    @UserAbility() ability: AppAbility,
    @PrismaSelector({ modelName: 'CommentThread' })
    prismaSelect: PrismaSelect<'CommentThread'>,
  ): Promise<Partial<CommentThread>[]> {
-    const preparedArgs = prepareFindManyArgs<FindManyCommentThreadArgs>(
-      args,
-      workspace,
-    );
-
    const result = await this.commentThreadService.findMany({
-      ...preparedArgs,
+      ...args,
+      where: {
+        ...args.where,
+        AND: [accessibleBy(ability).CommentThread],
+      },
      select: prismaSelect.value,
    });

--- a/server/src/core/comment/resolvers/comment.resolver.spec.ts
+++ b/server/src/core/comment/resolvers/comment.resolver.spec.ts
@ -3,6 +3,7 @@ import { CommentResolver } from './comment.resolver';
 import { CommentService } from '../services/comment.service';
 import { CreateOneCommentGuard } from 'src/guards/create-one-comment.guard';
 import { CanActivate } from '@nestjs/common';
+import { AbilityFactory } from 'src/ability/ability.factory';

 describe('CommentResolver', () => {
  let resolver: CommentResolver;
@ -17,6 +18,10 @@ describe('CommentResolver', () => {
          provide: CommentService,
          useValue: {},
        },
+        {
+          provide: AbilityFactory,
+          useValue: {},
+        },
      ],
    })
      .overrideGuard(CreateOneCommentGuard)
--- a/server/src/core/comment/resolvers/comment.resolver.ts
+++ b/server/src/core/comment/resolvers/comment.resolver.ts
@ -12,6 +12,11 @@ import {
  PrismaSelector,
  PrismaSelect,
 } from 'src/decorators/prisma-select.decorator';
+import { AbilityGuard } from 'src/guards/ability.guard';
+import { CheckAbilities } from 'src/decorators/check-abilities.decorator';
+import { CreateCommentAbilityHandler } from 'src/ability/handlers/comment.ability-handler';
+import { AuthUser } from 'src/decorators/auth-user.decorator';
+import { User } from 'src/core/@generated/user/user.model';

@UseGuards(JwtAuthGuard)
@Resolver(() => Comment)
@ -22,8 +27,11 @@ export class CommentResolver {
  @Mutation(() => Comment, {
    nullable: false,
  })
+  @UseGuards(AbilityGuard)
+  @CheckAbilities(CreateCommentAbilityHandler)
  async createOneComment(
    @Args() args: CreateOneCommentArgs,
+    @AuthUser() user: User,
    @AuthWorkspace() workspace: Workspace,
    @PrismaSelector({ modelName: 'Comment' })
    prismaSelect: PrismaSelect<'Comment'>,
--- a/server/src/core/company/company.resolver.spec.ts
+++ b/server/src/core/company/company.resolver.spec.ts
@ -5,6 +5,7 @@ import { UpdateOneGuard } from 'src/guards/update-one.guard';
 import { CanActivate } from '@nestjs/common';
 import { DeleteManyGuard } from 'src/guards/delete-many.guard';
 import { CreateOneGuard } from 'src/guards/create-one.guard';
+import { AbilityFactory } from 'src/ability/ability.factory';

 describe('CompanyResolver', () => {
  let resolver: CompanyResolver;
@ -19,6 +20,10 @@ describe('CompanyResolver', () => {
          provide: CompanyService,
          useValue: {},
        },
+        {
+          provide: AbilityFactory,
+          useValue: {},
+        },
      ],
    })
      .overrideGuard(UpdateOneGuard)
--- a/server/src/core/company/company.resolver.ts
+++ b/server/src/core/company/company.resolver.ts
@ -14,11 +14,21 @@ import { UpdateOneGuard } from '../../guards/update-one.guard';
 import { DeleteManyGuard } from '../../guards/delete-many.guard';
 import { CreateOneGuard } from '../../guards/create-one.guard';
 import { CompanyService } from './company.service';
-import { prepareFindManyArgs } from 'src/utils/prepare-find-many';
 import {
  PrismaSelect,
  PrismaSelector,
 } from 'src/decorators/prisma-select.decorator';
+import { AbilityGuard } from 'src/guards/ability.guard';
+import { CheckAbilities } from 'src/decorators/check-abilities.decorator';
+import {
+  CreateCompanyAbilityHandler,
+  DeleteCompanyAbilityHandler,
+  ReadCompanyAbilityHandler,
+} from 'src/ability/handlers/company.ability-handler';
+import { UserAbility } from 'src/decorators/user-ability.decorator';
+import { AppAbility } from 'src/ability/ability.factory';
+import { accessibleBy } from '@casl/prisma';
+import { UpdateCommentAbilityHandler } from 'src/ability/handlers/comment.ability-handler';

@UseGuards(JwtAuthGuard)
@Resolver(() => Company)
@ -26,18 +36,20 @@ export class CompanyResolver {
  constructor(private readonly companyService: CompanyService) {}

  @Query(() => [Company])
+  @UseGuards(AbilityGuard)
+  @CheckAbilities(ReadCompanyAbilityHandler)
  async findManyCompany(
    @Args() args: FindManyCompanyArgs,
-    @AuthWorkspace() workspace: Workspace,
+    @UserAbility() ability: AppAbility,
    @PrismaSelector({ modelName: 'Company' })
    prismaSelect: PrismaSelect<'Company'>,
  ): Promise<Partial<Company>[]> {
-    const preparedArgs = prepareFindManyArgs<FindManyCompanyArgs>(
-      args,
-      workspace,
-    );
    return this.companyService.findMany({
-      ...preparedArgs,
+      ...args,
+      where: {
+        ...args.where,
+        AND: [accessibleBy(ability).Company],
+      },
      select: prismaSelect.value,
    });
  }
@ -46,6 +58,8 @@ export class CompanyResolver {
  @Mutation(() => Company, {
    nullable: true,
  })
+  @UseGuards(AbilityGuard)
+  @CheckAbilities(UpdateCommentAbilityHandler)
  async updateOneCompany(
    @Args() args: UpdateOneCompanyArgs,
    @PrismaSelector({ modelName: 'Company' })
@ -65,6 +79,8 @@ export class CompanyResolver {
  @Mutation(() => AffectedRows, {
    nullable: false,
  })
+  @UseGuards(AbilityGuard)
+  @CheckAbilities(DeleteCompanyAbilityHandler)
  async deleteManyCompany(
    @Args() args: DeleteManyCompanyArgs,
  ): Promise<AffectedRows> {
@ -77,6 +93,8 @@ export class CompanyResolver {
  @Mutation(() => Company, {
    nullable: false,
  })
+  @UseGuards(AbilityGuard)
+  @CheckAbilities(CreateCompanyAbilityHandler)
  async createOneCompany(
    @Args() args: CreateOneCompanyArgs,
    @AuthWorkspace() workspace: Workspace,
--- a/server/src/core/person/person.resolver.spec.ts
+++ b/server/src/core/person/person.resolver.spec.ts
@ -5,6 +5,7 @@ import { UpdateOneGuard } from 'src/guards/update-one.guard';
 import { CanActivate } from '@nestjs/common';
 import { DeleteManyGuard } from 'src/guards/delete-many.guard';
 import { CreateOneGuard } from 'src/guards/create-one.guard';
+import { AbilityFactory } from 'src/ability/ability.factory';

 describe('PersonResolver', () => {
  let resolver: PersonResolver;
@ -19,6 +20,10 @@ describe('PersonResolver', () => {
          provide: PersonService,
          useValue: {},
        },
+        {
+          provide: AbilityFactory,
+          useValue: {},
+        },
      ],
    })
      .overrideGuard(UpdateOneGuard)
--- a/server/src/core/person/person.resolver.ts
+++ b/server/src/core/person/person.resolver.ts
@ -14,11 +14,21 @@ import { UpdateOneGuard } from '../../guards/update-one.guard';
 import { DeleteManyGuard } from '../../guards/delete-many.guard';
 import { CreateOneGuard } from '../../guards/create-one.guard';
 import { PersonService } from './person.service';
-import { prepareFindManyArgs } from 'src/utils/prepare-find-many';
 import {
  PrismaSelect,
  PrismaSelector,
 } from 'src/decorators/prisma-select.decorator';
+import { AbilityGuard } from 'src/guards/ability.guard';
+import { CheckAbilities } from 'src/decorators/check-abilities.decorator';
+import {
+  CreatePersonAbilityHandler,
+  DeletePersonAbilityHandler,
+  ReadPersonAbilityHandler,
+  UpdatePersonAbilityHandler,
+} from 'src/ability/handlers/person.ability-handler';
+import { UserAbility } from 'src/decorators/user-ability.decorator';
+import { AppAbility } from 'src/ability/ability.factory';
+import { accessibleBy } from '@casl/prisma';

@UseGuards(JwtAuthGuard)
@Resolver(() => Person)
@ -28,19 +38,20 @@ export class PersonResolver {
  @Query(() => [Person], {
    nullable: false,
  })
+  @UseGuards(AbilityGuard)
+  @CheckAbilities(ReadPersonAbilityHandler)
  async findManyPerson(
    @Args() args: FindManyPersonArgs,
-    @AuthWorkspace() workspace: Workspace,
+    @UserAbility() ability: AppAbility,
    @PrismaSelector({ modelName: 'Person' })
    prismaSelect: PrismaSelect<'Person'>,
  ): Promise<Partial<Person>[]> {
-    const preparedArgs = prepareFindManyArgs<FindManyPersonArgs>(
-      args,
-      workspace,
-    );
-
    return this.personService.findMany({
-      ...preparedArgs,
+      ...args,
+      where: {
+        ...args.where,
+        AND: [accessibleBy(ability).Person],
+      },
      select: prismaSelect.value,
    });
  }
@ -49,6 +60,8 @@ export class PersonResolver {
  @Mutation(() => Person, {
    nullable: true,
  })
+  @UseGuards(AbilityGuard)
+  @CheckAbilities(UpdatePersonAbilityHandler)
  async updateOnePerson(
    @Args() args: UpdateOnePersonArgs,
    @PrismaSelector({ modelName: 'Person' })
@ -68,6 +81,8 @@ export class PersonResolver {
  @Mutation(() => AffectedRows, {
    nullable: false,
  })
+  @UseGuards(AbilityGuard)
+  @CheckAbilities(DeletePersonAbilityHandler)
  async deleteManyPerson(
    @Args() args: DeleteManyPersonArgs,
  ): Promise<AffectedRows> {
@ -80,6 +95,8 @@ export class PersonResolver {
  @Mutation(() => Person, {
    nullable: false,
  })
+  @UseGuards(AbilityGuard)
+  @CheckAbilities(CreatePersonAbilityHandler)
  async createOnePerson(
    @Args() args: CreateOnePersonArgs,
    @AuthWorkspace() workspace: Workspace,
--- a/server/src/core/user/user.resolver.spec.ts
+++ b/server/src/core/user/user.resolver.spec.ts
@ -1,6 +1,7 @@
 import { Test, TestingModule } from '@nestjs/testing';
 import { UserResolver } from './user.resolver';
 import { UserService } from './user.service';
+import { AbilityFactory } from 'src/ability/ability.factory';

 describe('UserResolver', () => {
  let resolver: UserResolver;
@ -13,6 +14,10 @@ describe('UserResolver', () => {
          provide: UserService,
          useValue: {},
        },
+        {
+          provide: AbilityFactory,
+          useValue: {},
+        },
      ],
    }).compile();

--- a/server/src/core/user/user.resolver.ts
+++ b/server/src/core/user/user.resolver.ts
@ -11,6 +11,12 @@ import {
  PrismaSelect,
  PrismaSelector,
 } from 'src/decorators/prisma-select.decorator';
+import { AbilityGuard } from 'src/guards/ability.guard';
+import { CheckAbilities } from 'src/decorators/check-abilities.decorator';
+import { ReadUserAbilityHandler } from 'src/ability/handlers/user.ability-handler';
+import { UserAbility } from 'src/decorators/user-ability.decorator';
+import { AppAbility } from 'src/ability/ability.factory';
+import { accessibleBy } from '@casl/prisma';

@UseGuards(JwtAuthGuard)
@Resolver(() => User)
@ -21,9 +27,12 @@ export class UserResolver {
  @Query(() => [User], {
    nullable: false,
  })
+  @UseGuards(AbilityGuard)
+  @CheckAbilities(ReadUserAbilityHandler)
  async findManyUser(
    @Args() args: FindManyUserArgs,
    @AuthWorkspace() workspace: Workspace,
+    @UserAbility() ability: AppAbility,
    @PrismaSelector({ modelName: 'User' })
    prismaSelect: PrismaSelect<'User'>,
  ): Promise<Partial<User>[]> {
@ -31,9 +40,7 @@ export class UserResolver {
      ...args,
      where: {
        ...args.where,
-        workspaceMember: {
-          is: { workspace: { is: { id: { equals: workspace.id } } } },
-        },
+        AND: [accessibleBy(ability).User],
      },
      select: prismaSelect.value,
    });