Introduce authorizations with Rajska
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
This commit is contained in:
Thomas Citharel
@@ -15,6 +15,8 @@ defmodule Mobilizon.GraphQL.Schema.UserType do
|
||||
|
||||
@desc "A local user of Mobilizon"
|
||||
object :user do
|
||||
meta(:authorize, :all)
|
||||
meta(:scope_field?, true)
|
||||
interfaces([:action_log_object])
|
||||
field(:id, :id, description: "The user's ID")
|
||||
field(:email, non_null(:string), description: "The user's email")
|
||||
@@ -63,7 +65,8 @@ defmodule Mobilizon.GraphQL.Schema.UserType do
|
||||
field(:disabled, :boolean, description: "Whether the user is disabled")
|
||||
|
||||
field(:participations, :paginated_participant_list,
|
||||
description: "The list of participations this user has"
|
||||
description: "The list of participations this user has",
|
||||
meta: [private: true]
|
||||
) do
|
||||
arg(:after_datetime, :datetime, description: "Filter participations by event start datetime")
|
||||
|
||||
@@ -83,7 +86,8 @@ defmodule Mobilizon.GraphQL.Schema.UserType do
|
||||
end
|
||||
|
||||
field(:memberships, :paginated_member_list,
|
||||
description: "The list of memberships for this user"
|
||||
description: "The list of memberships for this user",
|
||||
meta: [private: true]
|
||||
) do
|
||||
arg(:name, :string, description: "A name to filter members by")
|
||||
|
||||
@@ -97,7 +101,8 @@ defmodule Mobilizon.GraphQL.Schema.UserType do
|
||||
end
|
||||
|
||||
field(:drafts, :paginated_event_list,
|
||||
description: "The list of draft events this user has created"
|
||||
description: "The list of draft events this user has created",
|
||||
meta: [private: true]
|
||||
) do
|
||||
arg(:page, :integer,
|
||||
default_value: 1,
|
||||
@@ -109,7 +114,8 @@ defmodule Mobilizon.GraphQL.Schema.UserType do
|
||||
end
|
||||
|
||||
field(:followed_group_events, :paginated_followed_group_events,
|
||||
description: "The suggested events from the groups this user follows"
|
||||
description: "The suggested events from the groups this user follows",
|
||||
meta: [private: true]
|
||||
) do
|
||||
arg(:page, :integer,
|
||||
default_value: 1,
|
||||
@@ -128,7 +134,10 @@ defmodule Mobilizon.GraphQL.Schema.UserType do
|
||||
resolve(&User.user_followed_group_events/3)
|
||||
end
|
||||
|
||||
field(:settings, :user_settings, description: "The list of settings for this user") do
|
||||
field(:settings, :user_settings,
|
||||
description: "The list of settings for this user",
|
||||
meta: [private: true]
|
||||
) do
|
||||
resolve(&User.user_settings/3)
|
||||
end
|
||||
|
||||
@@ -142,7 +151,10 @@ defmodule Mobilizon.GraphQL.Schema.UserType do
|
||||
description: "The IP adress the user's currently signed-in with"
|
||||
)
|
||||
|
||||
field(:media, :paginated_media_list, description: "The user's media objects") do
|
||||
field(:media, :paginated_media_list,
|
||||
description: "The user's media objects",
|
||||
meta: [private: true]
|
||||
) do
|
||||
arg(:page, :integer,
|
||||
default_value: 1,
|
||||
description: "The page in the paginated user media list"
|
||||
@@ -158,14 +170,18 @@ defmodule Mobilizon.GraphQL.Schema.UserType do
|
||||
)
|
||||
|
||||
field(:activity_settings, list_of(:activity_setting),
|
||||
resolve: &ActivitySettings.user_activity_settings/3,
|
||||
description: "The user's activity settings"
|
||||
)
|
||||
description: "The user's activity settings",
|
||||
meta: [private: true]
|
||||
) do
|
||||
resolve(&ActivitySettings.user_activity_settings/3)
|
||||
end
|
||||
|
||||
field(:auth_authorized_applications, list_of(:auth_application_token),
|
||||
resolve: &Application.get_user_applications/3,
|
||||
description: "The user's authorized authentication apps"
|
||||
)
|
||||
description: "The user's authorized authentication apps",
|
||||
meta: [private: true, rule: :forbid_app_access]
|
||||
) do
|
||||
resolve(&Application.get_user_applications/3)
|
||||
end
|
||||
end
|
||||
|
||||
@desc "The list of roles an user can have"
|
||||
@@ -177,12 +193,14 @@ defmodule Mobilizon.GraphQL.Schema.UserType do
|
||||
|
||||
@desc "Token"
|
||||
object :refreshed_token do
|
||||
meta(:authorize, :all)
|
||||
field(:access_token, non_null(:string), description: "Generated access token")
|
||||
field(:refresh_token, non_null(:string), description: "Generated refreshed token")
|
||||
end
|
||||
|
||||
@desc "Users list"
|
||||
object :users do
|
||||
meta(:authorize, [:administrator, :moderator])
|
||||
field(:total, non_null(:integer), description: "Total elements")
|
||||
field(:elements, non_null(list_of(:user)), description: "User elements")
|
||||
end
|
||||
@@ -196,6 +214,7 @@ defmodule Mobilizon.GraphQL.Schema.UserType do
|
||||
A set of user settings
|
||||
"""
|
||||
object :user_settings do
|
||||
meta(:authorize, :user)
|
||||
field(:timezone, :string, description: "The timezone for this user")
|
||||
|
||||
field(:notification_on_day, :boolean,
|
||||
@@ -254,6 +273,7 @@ defmodule Mobilizon.GraphQL.Schema.UserType do
|
||||
end
|
||||
|
||||
object :location do
|
||||
meta(:authorize, :user)
|
||||
field(:range, :integer, description: "The range in kilometers the user wants to see events")
|
||||
|
||||
field(:geohash, :string, description: "A geohash representing the user's preferred location")
|
||||
@@ -276,11 +296,13 @@ defmodule Mobilizon.GraphQL.Schema.UserType do
|
||||
@desc "Get an user"
|
||||
field :user, :user do
|
||||
arg(:id, non_null(:id))
|
||||
middleware(Rajska.QueryAuthorization, permit: [:administrator, :moderator], scope: false)
|
||||
resolve(&User.find_user/3)
|
||||
end
|
||||
|
||||
@desc "Get the current user"
|
||||
field :logged_user, :user do
|
||||
middleware(Rajska.QueryAuthorization, permit: :user, scope: false)
|
||||
resolve(&User.get_current_user/3)
|
||||
end
|
||||
|
||||
@@ -297,7 +319,7 @@ defmodule Mobilizon.GraphQL.Schema.UserType do
|
||||
|
||||
arg(:sort, :sortable_user_field, default_value: :id, description: "Sort column")
|
||||
arg(:direction, :sort_direction, default_value: :desc, description: "Sort direction")
|
||||
|
||||
middleware(Rajska.QueryAuthorization, permit: [:administrator, :moderator], scope: false)
|
||||
resolve(&User.list_users/3)
|
||||
end
|
||||
end
|
||||
@@ -308,7 +330,7 @@ defmodule Mobilizon.GraphQL.Schema.UserType do
|
||||
arg(:email, non_null(:string), description: "The new user's email")
|
||||
arg(:password, non_null(:string), description: "The new user's password")
|
||||
arg(:locale, :string, description: "The new user's locale")
|
||||
|
||||
middleware(Rajska.QueryAuthorization, permit: :all)
|
||||
resolve(&User.create_user/3)
|
||||
end
|
||||
|
||||
@@ -318,6 +340,7 @@ defmodule Mobilizon.GraphQL.Schema.UserType do
|
||||
description: "The token that will be used to validate the user"
|
||||
)
|
||||
|
||||
middleware(Rajska.QueryAuthorization, permit: :all)
|
||||
resolve(&User.validate_user/3)
|
||||
end
|
||||
|
||||
@@ -325,6 +348,7 @@ defmodule Mobilizon.GraphQL.Schema.UserType do
|
||||
field :resend_confirmation_email, type: :string do
|
||||
arg(:email, non_null(:string), description: "The email used to register")
|
||||
arg(:locale, :string, description: "The user's locale")
|
||||
middleware(Rajska.QueryAuthorization, permit: :all)
|
||||
resolve(&User.resend_confirmation_email/3)
|
||||
end
|
||||
|
||||
@@ -332,6 +356,7 @@ defmodule Mobilizon.GraphQL.Schema.UserType do
|
||||
field :send_reset_password, type: :string do
|
||||
arg(:email, non_null(:string), description: "The user's email")
|
||||
arg(:locale, :string, description: "The user's locale")
|
||||
middleware(Rajska.QueryAuthorization, permit: :all)
|
||||
resolve(&User.send_reset_password/3)
|
||||
end
|
||||
|
||||
@@ -343,6 +368,7 @@ defmodule Mobilizon.GraphQL.Schema.UserType do
|
||||
|
||||
arg(:password, non_null(:string), description: "The new password")
|
||||
arg(:locale, :string, default_value: "en", description: "The user's locale")
|
||||
middleware(Rajska.QueryAuthorization, permit: :all)
|
||||
resolve(&User.reset_password/3)
|
||||
end
|
||||
|
||||
@@ -350,24 +376,28 @@ defmodule Mobilizon.GraphQL.Schema.UserType do
|
||||
field :login, type: :login do
|
||||
arg(:email, non_null(:string), description: "The user's email")
|
||||
arg(:password, non_null(:string), description: "The user's password")
|
||||
middleware(Rajska.QueryAuthorization, permit: :all)
|
||||
resolve(&User.login_user/3)
|
||||
end
|
||||
|
||||
@desc "Refresh a token"
|
||||
field :refresh_token, type: :refreshed_token do
|
||||
arg(:refresh_token, non_null(:string), description: "A refresh token")
|
||||
middleware(Rajska.QueryAuthorization, permit: :all)
|
||||
resolve(&User.refresh_token/3)
|
||||
end
|
||||
|
||||
@desc "Logout an user, deleting a refresh token"
|
||||
field :logout, :string do
|
||||
arg(:refresh_token, non_null(:string))
|
||||
middleware(Rajska.QueryAuthorization, permit: :user, scope: false)
|
||||
resolve(&User.logout/3)
|
||||
end
|
||||
|
||||
@desc "Change default actor for user"
|
||||
field :change_default_actor, :user do
|
||||
arg(:preferred_username, non_null(:string), description: "The actor preferred_username")
|
||||
middleware(Rajska.QueryAuthorization, permit: :user, scope: false)
|
||||
resolve(&User.change_default_actor/3)
|
||||
end
|
||||
|
||||
@@ -375,6 +405,7 @@ defmodule Mobilizon.GraphQL.Schema.UserType do
|
||||
field :change_password, :user do
|
||||
arg(:old_password, non_null(:string), description: "The user's current password")
|
||||
arg(:new_password, non_null(:string), description: "The user's new password")
|
||||
middleware(Rajska.QueryAuthorization, permit: :user, scope: false)
|
||||
resolve(&User.change_password/3)
|
||||
end
|
||||
|
||||
@@ -382,6 +413,7 @@ defmodule Mobilizon.GraphQL.Schema.UserType do
|
||||
field :change_email, :user do
|
||||
arg(:email, non_null(:string), description: "The user's new email")
|
||||
arg(:password, non_null(:string), description: "The user's current password")
|
||||
middleware(Rajska.QueryAuthorization, permit: :user, scope: false)
|
||||
resolve(&User.change_email/3)
|
||||
end
|
||||
|
||||
@@ -391,6 +423,7 @@ defmodule Mobilizon.GraphQL.Schema.UserType do
|
||||
description: "The token that will be used to validate the email change"
|
||||
)
|
||||
|
||||
middleware(Rajska.QueryAuthorization, permit: :all)
|
||||
resolve(&User.validate_email/3)
|
||||
end
|
||||
|
||||
@@ -398,6 +431,7 @@ defmodule Mobilizon.GraphQL.Schema.UserType do
|
||||
field :delete_account, :deleted_object do
|
||||
arg(:password, :string, description: "The user's password")
|
||||
arg(:user_id, :id, description: "The user's ID")
|
||||
middleware(Rajska.QueryAuthorization, permit: :user, scope: false)
|
||||
resolve(&User.delete_account/3)
|
||||
end
|
||||
|
||||
@@ -435,12 +469,14 @@ defmodule Mobilizon.GraphQL.Schema.UserType do
|
||||
description: "A geohash of the user's preferred location, where they want to see events"
|
||||
)
|
||||
|
||||
middleware(Rajska.QueryAuthorization, permit: :user, scope: false)
|
||||
resolve(&User.set_user_setting/3)
|
||||
end
|
||||
|
||||
@desc "Update the user's locale"
|
||||
field :update_locale, :user do
|
||||
arg(:locale, :string, description: "The user's new locale")
|
||||
middleware(Rajska.QueryAuthorization, permit: :user, scope: false)
|
||||
resolve(&User.update_locale/3)
|
||||
end
|
||||
end
|
||||
|
||||
Reference in New Issue
Block a user