feat: add missing abilities (#354)

feat: add all missing abilities rules on resolvers
2023-06-22 20:09:17 +02:00
parent 4a2797c491
commit c4ad0171b0
21 changed files with 461 additions and 104 deletions
--- a/server/src/core/person/person.resolver.spec.ts
+++ b/server/src/core/person/person.resolver.spec.ts
@ -5,6 +5,7 @@ import { UpdateOneGuard } from 'src/guards/update-one.guard';
 import { CanActivate } from '@nestjs/common';
 import { DeleteManyGuard } from 'src/guards/delete-many.guard';
 import { CreateOneGuard } from 'src/guards/create-one.guard';
+import { AbilityFactory } from 'src/ability/ability.factory';

 describe('PersonResolver', () => {
  let resolver: PersonResolver;
@ -19,6 +20,10 @@ describe('PersonResolver', () => {
          provide: PersonService,
          useValue: {},
        },
+        {
+          provide: AbilityFactory,
+          useValue: {},
+        },
      ],
    })
      .overrideGuard(UpdateOneGuard)
--- a/server/src/core/person/person.resolver.ts
+++ b/server/src/core/person/person.resolver.ts
@ -14,11 +14,21 @@ import { UpdateOneGuard } from '../../guards/update-one.guard';
 import { DeleteManyGuard } from '../../guards/delete-many.guard';
 import { CreateOneGuard } from '../../guards/create-one.guard';
 import { PersonService } from './person.service';
-import { prepareFindManyArgs } from 'src/utils/prepare-find-many';
 import {
  PrismaSelect,
  PrismaSelector,
 } from 'src/decorators/prisma-select.decorator';
+import { AbilityGuard } from 'src/guards/ability.guard';
+import { CheckAbilities } from 'src/decorators/check-abilities.decorator';
+import {
+  CreatePersonAbilityHandler,
+  DeletePersonAbilityHandler,
+  ReadPersonAbilityHandler,
+  UpdatePersonAbilityHandler,
+} from 'src/ability/handlers/person.ability-handler';
+import { UserAbility } from 'src/decorators/user-ability.decorator';
+import { AppAbility } from 'src/ability/ability.factory';
+import { accessibleBy } from '@casl/prisma';

@UseGuards(JwtAuthGuard)
@Resolver(() => Person)
@ -28,19 +38,20 @@ export class PersonResolver {
  @Query(() => [Person], {
    nullable: false,
  })
+  @UseGuards(AbilityGuard)
+  @CheckAbilities(ReadPersonAbilityHandler)
  async findManyPerson(
    @Args() args: FindManyPersonArgs,
-    @AuthWorkspace() workspace: Workspace,
+    @UserAbility() ability: AppAbility,
    @PrismaSelector({ modelName: 'Person' })
    prismaSelect: PrismaSelect<'Person'>,
  ): Promise<Partial<Person>[]> {
-    const preparedArgs = prepareFindManyArgs<FindManyPersonArgs>(
-      args,
-      workspace,
-    );
-
    return this.personService.findMany({
-      ...preparedArgs,
+      ...args,
+      where: {
+        ...args.where,
+        AND: [accessibleBy(ability).Person],
+      },
      select: prismaSelect.value,
    });
  }
@ -49,6 +60,8 @@ export class PersonResolver {
  @Mutation(() => Person, {
    nullable: true,
  })
+  @UseGuards(AbilityGuard)
+  @CheckAbilities(UpdatePersonAbilityHandler)
  async updateOnePerson(
    @Args() args: UpdateOnePersonArgs,
    @PrismaSelector({ modelName: 'Person' })
@ -68,6 +81,8 @@ export class PersonResolver {
  @Mutation(() => AffectedRows, {
    nullable: false,
  })
+  @UseGuards(AbilityGuard)
+  @CheckAbilities(DeletePersonAbilityHandler)
  async deleteManyPerson(
    @Args() args: DeleteManyPersonArgs,
  ): Promise<AffectedRows> {
@ -80,6 +95,8 @@ export class PersonResolver {
  @Mutation(() => Person, {
    nullable: false,
  })
+  @UseGuards(AbilityGuard)
+  @CheckAbilities(CreatePersonAbilityHandler)
  async createOnePerson(
    @Args() args: CreateOnePersonArgs,
    @AuthWorkspace() workspace: Workspace,