Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add a viewer root field #92

Merged
merged 2 commits into from
Aug 30, 2015
Merged

Add a viewer root field #92

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
c371897
Add a viewer root field
fson Aug 30, 2015
40ad6c4
Remove the test expecting synchronous validators
fson Aug 30, 2015
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 9 additions & 0 deletions __tests__/integration.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -159,6 +159,15 @@ describe('Integration Tests', () => {
});
});

it('queries viewer', async function () {
const user = TEST_DATA.getIn(['tables', 'User', 0]).toJS();
const credentials = { isAdmin: true, userID: user.id };
assert.deepEqual(
await runQuery(`{viewer{handle}}`, null, credentials),
{ data: { viewer: { handle: user.handle } } }
);
});

it('works with edges and cursor', async function () {
const userId = toReindexID({
type: 'User',
Expand Down
27 changes: 0 additions & 27 deletions __tests__/permissions.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,3 @@
import { forEach } from 'lodash';
import RethinkDB from 'rethinkdb';
import uuid from 'uuid';
import { graphql } from 'graphql';
Expand Down Expand Up @@ -346,30 +345,4 @@ describe('Permissions', () => {


});


it('all root calls have permission validator', async function() {
const context = await getGraphQLContext(conn, {
credentials: {
isAdmin: false,
// User that has no perms
userID: 'banReadUser',
},
});
const rootFields = {
...context.schema.getType('ReindexQueryRoot').getFields(),
...context.schema.getType('ReindexMutationRoot').getFields(),
};
// This test is a bit crude, but I think it works for checking that
// there are no unprotected root calls.
forEach(rootFields, (call) => {
assert.throws(
// We pass parametes so that node knows how to validate
() => call.resolve(context, {
id: { type: 'Micropost' },
}, { rootValue: context }),
/lacks permissions/
);
});
});
});
2 changes: 2 additions & 0 deletions graphQL/builtins/CommonQueryFieldCreators.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,10 +1,12 @@
import { Map } from 'immutable';
import createNode from '../query/createNode';
import createSchemaField from '../query/createSchemaField';
import createViewer from '../query/createViewer';

const CommonQueryFields = Map({
node: createNode,
schema: createSchemaField,
viewer: createViewer,
});

export default CommonQueryFields;
22 changes: 22 additions & 0 deletions graphQL/query/createViewer.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
import checkPermission from '../permissions/checkPermission';
import { getByID } from '../../db/queries/simpleQueries';
import { ID } from '../builtins/ReindexID';

export default function createViewer(typeSets) {
return {
name: 'viewer',
type: typeSets.get('User').type,
async resolve(parent, args, context) {
const { userID } = context.rootValue.credentials;
if (!userID) {
return null;
}
const result = await getByID(
context.rootValue.conn,
new ID({ type: 'User', value: userID }),
);
checkPermission('User', 'read', result, context);
return result;
},
};
}