Introduce authorizations with Rajska
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
This commit is contained in:
Thomas Citharel
@@ -10,6 +10,7 @@ defmodule Mobilizon.GraphQL.Schema.Actors.ApplicationType do
|
||||
Represents an application
|
||||
"""
|
||||
object :application do
|
||||
meta(:authorize, :all)
|
||||
interfaces([:actor])
|
||||
|
||||
field(:id, :id, description: "Internal ID for this application")
|
||||
|
||||
@@ -9,6 +9,7 @@ defmodule Mobilizon.GraphQL.Schema.Actors.FollowerType do
|
||||
Represents an actor's follower
|
||||
"""
|
||||
object :follower do
|
||||
meta(:authorize, :user)
|
||||
field(:id, :id, description: "The follow ID")
|
||||
field(:target_actor, :actor, description: "What or who the profile follows")
|
||||
field(:actor, :actor, description: "Which profile follows")
|
||||
@@ -30,6 +31,7 @@ defmodule Mobilizon.GraphQL.Schema.Actors.FollowerType do
|
||||
A paginated list of follower objects
|
||||
"""
|
||||
object :paginated_follower_list do
|
||||
meta(:authorize, :user)
|
||||
field(:elements, list_of(:follower), description: "A list of followers")
|
||||
field(:total, :integer, description: "The total number of elements in the list")
|
||||
end
|
||||
@@ -43,6 +45,8 @@ defmodule Mobilizon.GraphQL.Schema.Actors.FollowerType do
|
||||
description: "Whether the follower has been approved by the target actor or not"
|
||||
)
|
||||
|
||||
middleware(Rajska.QueryAuthorization, permit: :user, scope: false)
|
||||
|
||||
resolve(&Followers.update_follower/3)
|
||||
end
|
||||
end
|
||||
|
||||
@@ -29,6 +29,9 @@ defmodule Mobilizon.GraphQL.Schema.Actors.GroupType do
|
||||
Represents a group of actors
|
||||
"""
|
||||
object :group do
|
||||
meta(:authorize, :all)
|
||||
meta(:scope_field?, true)
|
||||
|
||||
interfaces([:actor, :interactable, :activity_object, :action_log_object, :group_search_result])
|
||||
|
||||
field(:id, :id, description: "Internal ID for this group")
|
||||
@@ -77,7 +80,8 @@ defmodule Mobilizon.GraphQL.Schema.Actors.GroupType do
|
||||
)
|
||||
|
||||
# This one should have a privacy setting
|
||||
field :organized_events, :paginated_event_list do
|
||||
field :organized_events, :paginated_event_list,
|
||||
meta: [private: true, rule: :"read:group:events"] do
|
||||
arg(:after_datetime, :datetime,
|
||||
default_value: nil,
|
||||
description: "Filter events that begin after this datetime"
|
||||
@@ -94,7 +98,8 @@ defmodule Mobilizon.GraphQL.Schema.Actors.GroupType do
|
||||
description("A list of the events this actor has organized")
|
||||
end
|
||||
|
||||
field :discussions, :paginated_discussion_list do
|
||||
field :discussions, :paginated_discussion_list,
|
||||
meta: [private: true, rule: :"read:group:discussions"] do
|
||||
arg(:page, :integer,
|
||||
default_value: 1,
|
||||
description: "The page in the paginated discussion list"
|
||||
@@ -111,7 +116,7 @@ defmodule Mobilizon.GraphQL.Schema.Actors.GroupType do
|
||||
description: "Whether the group is opened to all or has restricted access"
|
||||
)
|
||||
|
||||
field :members, :paginated_member_list do
|
||||
field :members, :paginated_member_list, meta: [private: true, rule: :"read:group:members"] do
|
||||
arg(:name, :string, description: "A name to filter members by")
|
||||
arg(:page, :integer, default_value: 1, description: "The page in the paginated member list")
|
||||
arg(:limit, :integer, default_value: 10, description: "The limit of members per page")
|
||||
@@ -120,7 +125,8 @@ defmodule Mobilizon.GraphQL.Schema.Actors.GroupType do
|
||||
description("A paginated list of group members")
|
||||
end
|
||||
|
||||
field :resources, :paginated_resource_list do
|
||||
field :resources, :paginated_resource_list,
|
||||
meta: [private: true, rule: :"read:group:resources"] do
|
||||
arg(:page, :integer,
|
||||
default_value: 1,
|
||||
description: "The page in the paginated resource list"
|
||||
@@ -138,7 +144,8 @@ defmodule Mobilizon.GraphQL.Schema.Actors.GroupType do
|
||||
description("A paginated list of the posts this group has")
|
||||
end
|
||||
|
||||
field :todo_lists, :paginated_todo_list_list do
|
||||
field :todo_lists, :paginated_todo_list_list,
|
||||
meta: [private: true, rule: :"read:group:todo_lists"] do
|
||||
arg(:page, :integer,
|
||||
default_value: 1,
|
||||
description: "The page in the paginated todo-lists list"
|
||||
@@ -149,7 +156,8 @@ defmodule Mobilizon.GraphQL.Schema.Actors.GroupType do
|
||||
description("A paginated list of the todo lists this group has")
|
||||
end
|
||||
|
||||
field :followers, :paginated_follower_list do
|
||||
field :followers, :paginated_follower_list,
|
||||
meta: [private: true, rule: :"read:group:followers"] do
|
||||
arg(:page, :integer,
|
||||
default_value: 1,
|
||||
description: "The page in the paginated followers list"
|
||||
@@ -166,7 +174,8 @@ defmodule Mobilizon.GraphQL.Schema.Actors.GroupType do
|
||||
description("A paginated list of the followers this group has")
|
||||
end
|
||||
|
||||
field :activity, :paginated_activity_list do
|
||||
field :activity, :paginated_activity_list,
|
||||
meta: [private: true, rule: :"read:group:activities"] do
|
||||
arg(:page, :integer,
|
||||
default_value: 1,
|
||||
description: "The page in the paginated activity items list"
|
||||
@@ -204,6 +213,7 @@ defmodule Mobilizon.GraphQL.Schema.Actors.GroupType do
|
||||
A paginated list of groups
|
||||
"""
|
||||
object :paginated_group_list do
|
||||
meta(:authorize, :all)
|
||||
field(:elements, list_of(:group), description: "A list of groups")
|
||||
field(:total, :integer, description: "The total number of groups in the list")
|
||||
end
|
||||
@@ -215,12 +225,6 @@ defmodule Mobilizon.GraphQL.Schema.Actors.GroupType do
|
||||
value(:private, description: "Visible only to people with the link - or invited")
|
||||
end
|
||||
|
||||
object :group_follow do
|
||||
field(:group, :group, description: "The group followed")
|
||||
field(:profile, :group, description: "The group followed")
|
||||
field(:notify, :boolean, description: "Whether to notify profile from group activity")
|
||||
end
|
||||
|
||||
object :group_queries do
|
||||
@desc "Get all groups"
|
||||
field :groups, :paginated_group_list do
|
||||
@@ -236,12 +240,25 @@ defmodule Mobilizon.GraphQL.Schema.Actors.GroupType do
|
||||
arg(:suspended, :boolean, default_value: false, description: "Filter by suspended status")
|
||||
arg(:page, :integer, default_value: 1, description: "The page in the paginated group list")
|
||||
arg(:limit, :integer, default_value: 10, description: "The limit of groups per page")
|
||||
|
||||
middleware(Rajska.QueryAuthorization,
|
||||
permit: [:administrator, :moderator],
|
||||
scope: Mobilizon.Actors.Actor,
|
||||
args: %{}
|
||||
)
|
||||
|
||||
resolve(&Group.list_groups/3)
|
||||
end
|
||||
|
||||
@desc "Get a group by its ID"
|
||||
field :get_group, :group do
|
||||
arg(:id, non_null(:id), description: "The group ID")
|
||||
|
||||
middleware(Rajska.QueryAuthorization,
|
||||
permit: [:administrator, :moderator],
|
||||
scope: Mobilizon.Actors.Actor
|
||||
)
|
||||
|
||||
resolve(&Group.get_group/3)
|
||||
end
|
||||
|
||||
@@ -251,15 +268,9 @@ defmodule Mobilizon.GraphQL.Schema.Actors.GroupType do
|
||||
description: "The group preferred_username, eventually containing their domain if remote"
|
||||
)
|
||||
|
||||
middleware(Rajska.QueryAuthorization, permit: :all)
|
||||
resolve(&Group.find_group/3)
|
||||
end
|
||||
|
||||
@desc "Get a group by its preferred username"
|
||||
field :group_by_id, :group do
|
||||
arg(:id, non_null(:id), description: "The group local ID")
|
||||
|
||||
resolve(&Group.find_group_by_id/3)
|
||||
end
|
||||
end
|
||||
|
||||
object :group_mutations do
|
||||
@@ -291,7 +302,7 @@ defmodule Mobilizon.GraphQL.Schema.Actors.GroupType do
|
||||
)
|
||||
|
||||
arg(:physical_address, :address_input, description: "The physical address for the group")
|
||||
|
||||
middleware(Rajska.QueryAuthorization, permit: :user, scope: false)
|
||||
resolve(&Group.create_group/3)
|
||||
end
|
||||
|
||||
@@ -323,14 +334,14 @@ defmodule Mobilizon.GraphQL.Schema.Actors.GroupType do
|
||||
)
|
||||
|
||||
arg(:physical_address, :address_input, description: "The physical address for the group")
|
||||
|
||||
middleware(Rajska.QueryAuthorization, permit: :user, scope: false)
|
||||
resolve(&Group.update_group/3)
|
||||
end
|
||||
|
||||
@desc "Delete a group"
|
||||
field :delete_group, :deleted_object do
|
||||
arg(:group_id, non_null(:id), description: "The group ID")
|
||||
|
||||
middleware(Rajska.QueryAuthorization, permit: :user, scope: false)
|
||||
resolve(&Group.delete_group/3)
|
||||
end
|
||||
|
||||
@@ -343,6 +354,7 @@ defmodule Mobilizon.GraphQL.Schema.Actors.GroupType do
|
||||
default_value: true
|
||||
)
|
||||
|
||||
middleware(Rajska.QueryAuthorization, permit: :user, scope: false)
|
||||
resolve(&Group.follow_group/3)
|
||||
end
|
||||
|
||||
@@ -355,13 +367,14 @@ defmodule Mobilizon.GraphQL.Schema.Actors.GroupType do
|
||||
default_value: true
|
||||
)
|
||||
|
||||
middleware(Rajska.QueryAuthorization, permit: :user, scope: false)
|
||||
resolve(&Group.update_group_follow/3)
|
||||
end
|
||||
|
||||
@desc "Unfollow a group"
|
||||
field :unfollow_group, :follower do
|
||||
arg(:group_id, non_null(:id), description: "The group ID")
|
||||
|
||||
middleware(Rajska.QueryAuthorization, permit: :user, scope: false)
|
||||
resolve(&Group.unfollow_group/3)
|
||||
end
|
||||
end
|
||||
|
||||
@@ -10,6 +10,7 @@ defmodule Mobilizon.GraphQL.Schema.Actors.MemberType do
|
||||
Represents a member of a group
|
||||
"""
|
||||
object :member do
|
||||
meta(:authorize, :user)
|
||||
interfaces([:activity_object])
|
||||
field(:id, :id, description: "The member's ID")
|
||||
field(:parent, :group, description: "Of which the profile is member")
|
||||
@@ -37,6 +38,7 @@ defmodule Mobilizon.GraphQL.Schema.Actors.MemberType do
|
||||
A paginated list of members
|
||||
"""
|
||||
object :paginated_member_list do
|
||||
meta(:authorize, :user)
|
||||
field(:elements, list_of(:member), description: "A list of members")
|
||||
field(:total, :integer, description: "The total number of elements in the list")
|
||||
end
|
||||
@@ -46,6 +48,13 @@ defmodule Mobilizon.GraphQL.Schema.Actors.MemberType do
|
||||
field :join_group, :member do
|
||||
arg(:group_id, non_null(:id), description: "The group ID")
|
||||
|
||||
middleware(Rajska.QueryAuthorization,
|
||||
permit: :user,
|
||||
scope: Mobilizon.Actors.Member,
|
||||
rule: :"write:group_membership",
|
||||
args: %{parent_id: :group_id}
|
||||
)
|
||||
|
||||
resolve(&Group.join_group/3)
|
||||
end
|
||||
|
||||
@@ -53,9 +62,42 @@ defmodule Mobilizon.GraphQL.Schema.Actors.MemberType do
|
||||
field :leave_group, :deleted_object do
|
||||
arg(:group_id, non_null(:id), description: "The group ID")
|
||||
|
||||
middleware(Rajska.QueryAuthorization,
|
||||
permit: :user,
|
||||
scope: Mobilizon.Actors.Member,
|
||||
rule: :"write:group_membership",
|
||||
args: %{parent_id: :group_id}
|
||||
)
|
||||
|
||||
resolve(&Group.leave_group/3)
|
||||
end
|
||||
|
||||
@desc "Accept an invitation to a group"
|
||||
field :accept_invitation, :member do
|
||||
arg(:id, non_null(:id), description: "The member ID")
|
||||
|
||||
middleware(Rajska.QueryAuthorization,
|
||||
permit: :user,
|
||||
scope: Mobilizon.Actors.Member,
|
||||
rule: :"write:group_membership"
|
||||
)
|
||||
|
||||
resolve(&Member.accept_invitation/3)
|
||||
end
|
||||
|
||||
@desc "Reject an invitation to a group"
|
||||
field :reject_invitation, :member do
|
||||
arg(:id, non_null(:id), description: "The member ID")
|
||||
|
||||
middleware(Rajska.QueryAuthorization,
|
||||
permit: :user,
|
||||
scope: Mobilizon.Actors.Member,
|
||||
rule: :"write:group_membership"
|
||||
)
|
||||
|
||||
resolve(&Member.reject_invitation/3)
|
||||
end
|
||||
|
||||
@desc "Invite an actor to join the group"
|
||||
field :invite_member, :member do
|
||||
arg(:group_id, non_null(:id), description: "The group ID")
|
||||
@@ -64,29 +106,29 @@ defmodule Mobilizon.GraphQL.Schema.Actors.MemberType do
|
||||
description: "The targeted person's federated username"
|
||||
)
|
||||
|
||||
middleware(Rajska.QueryAuthorization,
|
||||
permit: :user,
|
||||
scope: Mobilizon.Actors.Member,
|
||||
rule: :"write:group:members",
|
||||
args: %{parent_id: :group_id}
|
||||
)
|
||||
|
||||
resolve(&Member.invite_member/3)
|
||||
end
|
||||
|
||||
@desc "Accept an invitation to a group"
|
||||
field :accept_invitation, :member do
|
||||
arg(:id, non_null(:id), description: "The member ID")
|
||||
|
||||
resolve(&Member.accept_invitation/3)
|
||||
end
|
||||
|
||||
@desc "Reject an invitation to a group"
|
||||
field :reject_invitation, :member do
|
||||
arg(:id, non_null(:id), description: "The member ID")
|
||||
|
||||
resolve(&Member.reject_invitation/3)
|
||||
end
|
||||
|
||||
@desc """
|
||||
Approve a membership request
|
||||
"""
|
||||
field :approve_member, :member do
|
||||
arg(:member_id, non_null(:id), description: "The member ID")
|
||||
|
||||
middleware(Rajska.QueryAuthorization,
|
||||
permit: :user,
|
||||
scope: Mobilizon.Actors.Member,
|
||||
rule: :"write:group:members",
|
||||
args: %{parent_id: :member_id}
|
||||
)
|
||||
|
||||
resolve(&Member.approve_member/3)
|
||||
end
|
||||
|
||||
@@ -96,6 +138,13 @@ defmodule Mobilizon.GraphQL.Schema.Actors.MemberType do
|
||||
field :reject_member, :member do
|
||||
arg(:member_id, non_null(:id), description: "The member ID")
|
||||
|
||||
middleware(Rajska.QueryAuthorization,
|
||||
permit: :user,
|
||||
scope: Mobilizon.Actors.Member,
|
||||
rule: :"write:group:members",
|
||||
args: %{parent_id: :member_id}
|
||||
)
|
||||
|
||||
resolve(&Member.reject_member/3)
|
||||
end
|
||||
|
||||
@@ -106,6 +155,13 @@ defmodule Mobilizon.GraphQL.Schema.Actors.MemberType do
|
||||
arg(:member_id, non_null(:id), description: "The member ID")
|
||||
arg(:role, non_null(:member_role_enum), description: "The new member role")
|
||||
|
||||
middleware(Rajska.QueryAuthorization,
|
||||
permit: :user,
|
||||
scope: Mobilizon.Actors.Member,
|
||||
rule: :"write:group:members",
|
||||
args: %{parent_id: :member_id}
|
||||
)
|
||||
|
||||
resolve(&Member.update_member/3)
|
||||
end
|
||||
|
||||
@@ -118,6 +174,13 @@ defmodule Mobilizon.GraphQL.Schema.Actors.MemberType do
|
||||
description: "Whether the member should be excluded from the group"
|
||||
)
|
||||
|
||||
middleware(Rajska.QueryAuthorization,
|
||||
permit: :user,
|
||||
scope: Mobilizon.Actors.Member,
|
||||
rule: :"write:group:members",
|
||||
args: %{parent_id: :member_id}
|
||||
)
|
||||
|
||||
resolve(&Member.remove_member/3)
|
||||
end
|
||||
end
|
||||
|
||||
@@ -16,6 +16,8 @@ defmodule Mobilizon.GraphQL.Schema.Actors.PersonType do
|
||||
Represents a person identity
|
||||
"""
|
||||
object :person do
|
||||
meta(:authorize, :all)
|
||||
meta(:scope_field?, true)
|
||||
interfaces([:actor, :action_log_object])
|
||||
field(:id, :id, description: "Internal ID for this person")
|
||||
|
||||
@@ -72,7 +74,8 @@ defmodule Mobilizon.GraphQL.Schema.Actors.PersonType do
|
||||
|
||||
# This one should have a privacy setting
|
||||
field(:organized_events, :paginated_event_list,
|
||||
description: "A list of the events this actor has organized"
|
||||
description: "A list of the events this actor has organized",
|
||||
meta: [private: true, rule: :"read:profile:organized_events"]
|
||||
) do
|
||||
arg(:page, :integer, default_value: 1, description: "The page in the paginated event list")
|
||||
arg(:limit, :integer, default_value: 10, description: "The limit of events per page")
|
||||
@@ -81,7 +84,8 @@ defmodule Mobilizon.GraphQL.Schema.Actors.PersonType do
|
||||
|
||||
@desc "The list of events this person goes to"
|
||||
field(:participations, :paginated_participant_list,
|
||||
description: "The list of events this person goes to"
|
||||
description: "The list of events this person goes to",
|
||||
meta: [private: true, rule: :"read:profile:participations"]
|
||||
) do
|
||||
arg(:event_id, :id, description: "Filter by event ID")
|
||||
|
||||
@@ -97,7 +101,8 @@ defmodule Mobilizon.GraphQL.Schema.Actors.PersonType do
|
||||
|
||||
@desc "The list of groups this person is member of"
|
||||
field(:memberships, :paginated_member_list,
|
||||
description: "The list of group this person is member of"
|
||||
description: "The list of group this person is member of",
|
||||
meta: [private: true, rule: :"read:profile:memberships"]
|
||||
) do
|
||||
arg(:group, :string, description: "Filter by group federated username")
|
||||
arg(:group_id, :id, description: "Filter by group ID")
|
||||
@@ -113,7 +118,8 @@ defmodule Mobilizon.GraphQL.Schema.Actors.PersonType do
|
||||
|
||||
@desc "The list of groups this person follows"
|
||||
field(:follows, :paginated_follower_list,
|
||||
description: "The list of groups this person follows"
|
||||
description: "The list of groups this person follows",
|
||||
meta: [private: true, rule: :"read:profile:follows"]
|
||||
) do
|
||||
arg(:group, :string, description: "Filter by group federated username")
|
||||
|
||||
@@ -131,6 +137,7 @@ defmodule Mobilizon.GraphQL.Schema.Actors.PersonType do
|
||||
A paginated list of persons
|
||||
"""
|
||||
object :paginated_person_list do
|
||||
meta(:authorize, :all)
|
||||
field(:elements, list_of(:person), description: "A list of persons")
|
||||
field(:total, :integer, description: "The total number of persons in the list")
|
||||
end
|
||||
@@ -138,23 +145,46 @@ defmodule Mobilizon.GraphQL.Schema.Actors.PersonType do
|
||||
object :person_queries do
|
||||
@desc "Get the current actor for the logged-in user"
|
||||
field :logged_person, :person do
|
||||
middleware(Rajska.QueryAuthorization,
|
||||
permit: :user,
|
||||
scope: Mobilizon.Actors.Actor,
|
||||
args: %{}
|
||||
)
|
||||
|
||||
resolve(&Person.get_current_person/3)
|
||||
end
|
||||
|
||||
@desc "Get a person by its (federated) username"
|
||||
field :fetch_person, :person do
|
||||
arg(:preferred_username, non_null(:string), description: "The person's federated username")
|
||||
|
||||
middleware(Rajska.QueryAuthorization,
|
||||
permit: :user,
|
||||
scope: Mobilizon.Actors.Actor,
|
||||
args: %{preferred_username: :preferred_username}
|
||||
)
|
||||
|
||||
resolve(&Person.fetch_person/3)
|
||||
end
|
||||
|
||||
@desc "Get a person by its ID"
|
||||
field :person, :person do
|
||||
arg(:id, non_null(:id), description: "The person ID")
|
||||
middleware(Rajska.QueryAuthorization, permit: :all)
|
||||
resolve(&Person.get_person/3)
|
||||
end
|
||||
|
||||
@desc "Get the persons for an user"
|
||||
field :identities, list_of(:person) do
|
||||
deprecate("Use the loggedUser query instead")
|
||||
|
||||
middleware(Rajska.QueryAuthorization,
|
||||
permit: [:user, :moderator, :administrator],
|
||||
scope: Mobilizon.Actors.Actor,
|
||||
args: %{},
|
||||
rule: :user_self_identities
|
||||
)
|
||||
|
||||
resolve(&Person.identities/3)
|
||||
end
|
||||
|
||||
@@ -172,6 +202,13 @@ defmodule Mobilizon.GraphQL.Schema.Actors.PersonType do
|
||||
arg(:suspended, :boolean, default_value: false, description: "Filter by suspended status")
|
||||
arg(:page, :integer, default_value: 1, description: "The page in the paginated person list")
|
||||
arg(:limit, :integer, default_value: 10, description: "The limit of persons per page")
|
||||
|
||||
middleware(Rajska.QueryAuthorization,
|
||||
permit: [:administrator, :moderator],
|
||||
scope: Mobilizon.Actors.Actor,
|
||||
args: %{}
|
||||
)
|
||||
|
||||
resolve(&Person.list_persons/3)
|
||||
end
|
||||
end
|
||||
@@ -195,6 +232,13 @@ defmodule Mobilizon.GraphQL.Schema.Actors.PersonType do
|
||||
"The banner for the profile, either as an object or directly the ID of an existing media"
|
||||
)
|
||||
|
||||
middleware(Rajska.QueryAuthorization,
|
||||
permit: :user,
|
||||
scope: Mobilizon.Actors.Actor,
|
||||
args: %{},
|
||||
rule: :"write:profile:create"
|
||||
)
|
||||
|
||||
resolve(&Person.create_person/3)
|
||||
end
|
||||
|
||||
@@ -216,6 +260,12 @@ defmodule Mobilizon.GraphQL.Schema.Actors.PersonType do
|
||||
"The banner for the profile, either as an object or directly the ID of an existing media"
|
||||
)
|
||||
|
||||
middleware(Rajska.QueryAuthorization,
|
||||
permit: :user,
|
||||
scope: Mobilizon.Actors.Actor,
|
||||
rule: :"write:profile:update"
|
||||
)
|
||||
|
||||
resolve(&Person.update_person/3)
|
||||
end
|
||||
|
||||
@@ -223,6 +273,12 @@ defmodule Mobilizon.GraphQL.Schema.Actors.PersonType do
|
||||
field :delete_person, :person do
|
||||
arg(:id, non_null(:id), description: "The person's ID")
|
||||
|
||||
middleware(Rajska.QueryAuthorization,
|
||||
permit: :user,
|
||||
scope: Mobilizon.Actors.Actor,
|
||||
rule: :"write:profile:delete"
|
||||
)
|
||||
|
||||
resolve(&Person.delete_person/3)
|
||||
end
|
||||
|
||||
@@ -245,6 +301,8 @@ defmodule Mobilizon.GraphQL.Schema.Actors.PersonType do
|
||||
"The banner for the profile, either as an object or directly the ID of an existing media"
|
||||
)
|
||||
|
||||
middleware(Rajska.QueryAuthorization, permit: :all, scope: Mobilizon.Actors.Actor, args: %{})
|
||||
|
||||
resolve(&Person.register_person/3)
|
||||
end
|
||||
end
|
||||
@@ -254,6 +312,12 @@ defmodule Mobilizon.GraphQL.Schema.Actors.PersonType do
|
||||
field :event_person_participation_changed, :person do
|
||||
arg(:person_id, non_null(:id), description: "The person's ID")
|
||||
|
||||
middleware(Rajska.QueryAuthorization,
|
||||
permit: :user,
|
||||
scope: Mobilizon.Actors.Actor,
|
||||
args: %{id: :person_id}
|
||||
)
|
||||
|
||||
config(fn args, _ ->
|
||||
{:ok, topic: args.person_id}
|
||||
end)
|
||||
@@ -264,6 +328,12 @@ defmodule Mobilizon.GraphQL.Schema.Actors.PersonType do
|
||||
arg(:person_id, non_null(:id), description: "The person's ID")
|
||||
arg(:group, non_null(:string), description: "The group's federated username")
|
||||
|
||||
middleware(Rajska.QueryAuthorization,
|
||||
permit: :user,
|
||||
scope: Mobilizon.Actors.Actor,
|
||||
args: %{id: :person_id}
|
||||
)
|
||||
|
||||
config(fn args, _ ->
|
||||
{:ok, topic: [args.group, args.person_id]}
|
||||
end)
|
||||
|
||||
Reference in New Issue
Block a user