fix: sanatize FeedToken
This commit is contained in:
setop
@@ -2,6 +2,8 @@ defmodule Mobilizon.GraphQL.Resolvers.FeedToken do
|
||||
@moduledoc """
|
||||
Handles the feed tokens-related GraphQL calls.
|
||||
"""
|
||||
import Ecto.Query
|
||||
alias Mobilizon.Storage.Repo
|
||||
|
||||
alias Mobilizon.Actors.Actor
|
||||
alias Mobilizon.Events
|
||||
@@ -41,6 +43,40 @@ defmodule Mobilizon.GraphQL.Resolvers.FeedToken do
|
||||
{:error, dgettext("errors", "You are not allowed to create a feed token if not connected")}
|
||||
end
|
||||
|
||||
@doc """
|
||||
Retrieve a feed token for actor, if actor belongs to logged user
|
||||
"""
|
||||
@spec actor_tokens(any, map, map) :: {:ok, map} | {:error, String.t()}
|
||||
def actor_tokens(
|
||||
%Actor{id: actor_id},
|
||||
_args,
|
||||
%{context: %{current_user: %User{} = user}}
|
||||
) do
|
||||
case User.owns_actor(user, actor_id) do
|
||||
{:is_owned, %Actor{}} ->
|
||||
res =
|
||||
actor_id
|
||||
|> feed_token_for_actor_query()
|
||||
|> Repo.all()
|
||||
|> Enum.map(&to_short_uuid/1)
|
||||
|
||||
{:ok, res}
|
||||
|
||||
{:is_owned, _} ->
|
||||
{:error, dgettext("errors", "You don't have permission to get this token")}
|
||||
end
|
||||
end
|
||||
|
||||
@spec actor_tokens(any, map, map) :: {:error, String.t()}
|
||||
def actor_tokens(_parent, _args, %{}) do
|
||||
{:error, dgettext("errors", "You are not allowed to get a feed token if not connected")}
|
||||
end
|
||||
|
||||
@spec feed_token_for_actor_query(integer) :: Ecto.Query.t()
|
||||
defp feed_token_for_actor_query(actor_id) do
|
||||
from(tk in FeedToken, where: tk.actor_id == ^actor_id, preload: [:actor, :user])
|
||||
end
|
||||
|
||||
@doc """
|
||||
Delete a feed token
|
||||
"""
|
||||
|
||||
@@ -4,10 +4,7 @@ defmodule Mobilizon.GraphQL.Schema.Actors.PersonType do
|
||||
"""
|
||||
use Absinthe.Schema.Notation
|
||||
|
||||
import Absinthe.Resolution.Helpers, only: [dataloader: 2]
|
||||
|
||||
alias Mobilizon.Events
|
||||
alias Mobilizon.GraphQL.Resolvers.{Conversation, Media, Person}
|
||||
alias Mobilizon.GraphQL.Resolvers.{Conversation, FeedToken, Media, Person}
|
||||
alias Mobilizon.GraphQL.Schema
|
||||
|
||||
import_types(Schema.Events.FeedTokenType)
|
||||
@@ -64,13 +61,7 @@ defmodule Mobilizon.GraphQL.Schema.Actors.PersonType do
|
||||
)
|
||||
|
||||
field(:feed_tokens, list_of(:feed_token),
|
||||
resolve:
|
||||
dataloader(
|
||||
Events,
|
||||
callback: fn feed_tokens, _parent, _args ->
|
||||
{:ok, Enum.map(feed_tokens, &Map.put(&1, :token, ShortUUID.encode!(&1.token)))}
|
||||
end
|
||||
),
|
||||
resolve: &FeedToken.actor_tokens/3,
|
||||
description: "A list of the feed tokens for this person"
|
||||
)
|
||||
|
||||
|
||||
Reference in New Issue
Block a user