Add backend for group invitations

For #887
2025-11-04 18:00:41 +01:00
parent 249c5bf178
commit bb71ec763c
6 changed files with 196 additions and 0 deletions
--- a/lib/graphql/resolvers/invitation.ex
+++ b/lib/graphql/resolvers/invitation.ex
@@ -0,0 +1,57 @@
+defmodule Mobilizon.GraphQL.Resolvers.Invitation do
+  @moduledoc """
+  Handles the invitation-related GraphQL calls
+  """
+
+  alias Mobilizon.Actors
+  alias Mobilizon.Actors.Actor
+  alias Mobilizon.Invitations
+  import Mobilizon.Web.Gettext
+
+  defp authorize_group_admin(%Actor{id: actor_id}, group_id) do
+    if Actors.administrator?(actor_id, group_id) do
+      :ok
+    else
+      {:error, dgettext("errors", "Profile is not administrator for the group")}
+    end
+  end
+
+  def create_invitation(_parent, %{group_id: group_id} = args, %{
+        context: %{current_actor: %Actor{} = updater_actor}
+      }) do
+    with :ok <- authorize_group_admin(updater_actor, group_id),
+         {:ok, invitation} <- Invitations.create_invitation(args) do
+      {:ok, invitation}
+    else
+      {:error, _} ->
+        {:error, dgettext("errors", "could not create invitation")}
+
+      error ->
+        error
+    end
+  end
+
+  def list_invitations(_parent, %{group_id: group_id}, %{
+        context: %{current_actor: %Actor{} = updater_actor}
+      }) do
+    with :ok <- authorize_group_admin(updater_actor, group_id) do
+      {:ok, Invitations.list_invitations(group_id)}
+    end
+  end
+
+  def update_invitation(_parent, %{group_id: group_id, token: token} = args, %{
+        context: %{current_actor: %Actor{} = updater_actor}
+      }) do
+    with :ok <- authorize_group_admin(updater_actor, group_id) do
+      Invitations.update_invitation_by_token(group_id, token, args)
+    end
+  end
+
+  def delete_invitation(_parent, %{group_id: group_id, token: token}, %{
+        context: %{current_actor: %Actor{} = updater_actor}
+      }) do
+    with :ok <- authorize_group_admin(updater_actor, group_id) do
+      Invitations.delete_invitation_by_token(group_id, token)
+    end
+  end
+end
--- a/lib/graphql/schema.ex
+++ b/lib/graphql/schema.ex
@@ -56,6 +56,7 @@ defmodule Mobilizon.GraphQL.Schema do
  import_types(Schema.FollowedGroupActivityType)
  import_types(Schema.AuthApplicationType)
  import_types(Schema.ConversationType)
+  import_types(Schema.InvitationType)

  @desc "A struct containing the id of the deleted object"
  object :deleted_object do
@@ -177,6 +178,7 @@ defmodule Mobilizon.GraphQL.Schema do
    import_fields(:post_queries)
    import_fields(:statistics_queries)
    import_fields(:auth_application_queries)
+    import_fields(:invitation_queries)
  end

  @desc """
@@ -205,6 +207,7 @@ defmodule Mobilizon.GraphQL.Schema do
    import_fields(:push_mutations)
    import_fields(:activity_setting_mutations)
    import_fields(:auth_application_mutations)
+    import_fields(:invitation_mutations)
  end

  @desc """
--- a/lib/graphql/schema/invitation.ex
+++ b/lib/graphql/schema/invitation.ex
@@ -0,0 +1,50 @@
+defmodule Mobilizon.GraphQL.Schema.InvitationType do
+  @moduledoc """
+  Schema representation for Invitation
+  """
+  use Absinthe.Schema.Notation
+  alias Mobilizon.GraphQL.Resolvers.Invitation
+
+  @desc "A local invitation to a Mobilizon group"
+  object :invitation do
+    meta(:authorize, :user)
+    field(:token, :string, description: "The invitation token")
+    field(:label, :string, description: "The invitation label")
+  end
+
+  object :invitation_mutations do
+    @desc "Create an invitation for a group"
+    field :create_invitation, type: :invitation do
+      arg(:group_id, non_null(:id), description: "ID of the group")
+      arg(:label, :string, description: "Label")
+      middleware(Rajska.QueryAuthorization, permit: :user, scope: false)
+      resolve(&Invitation.create_invitation/3)
+    end
+
+    @desc "Update an invitation for a group"
+    field :update_invitation, type: :invitation do
+      arg(:group_id, non_null(:id), description: "ID of the group")
+      arg(:token, :string, description: "Token")
+      arg(:label, :string, description: "Label")
+      middleware(Rajska.QueryAuthorization, permit: :user, scope: false)
+      resolve(&Invitation.update_invitation/3)
+    end
+
+    @desc "Delete an invitation for a group"
+    field :delete_invitation, type: :invitation do
+      arg(:group_id, non_null(:id), description: "ID of the group")
+      arg(:token, :string, description: "Token")
+      middleware(Rajska.QueryAuthorization, permit: :user, scope: false)
+      resolve(&Invitation.delete_invitation/3)
+    end
+  end
+
+  object :invitation_queries do
+    @desc "List all invitations for a group"
+    field :list_invitations, non_null(list_of(:invitation)) do
+      arg(:group_id, non_null(:id), description: "ID of the group")
+      middleware(Rajska.QueryAuthorization, permit: :user, scope: false)
+      resolve(&Invitation.list_invitations/3)
+    end
+  end
+end