From 384167c659c4df4ae653bfdab24e755acce5ea20 Mon Sep 17 00:00:00 2001 From: getlarge Date: Thu, 14 May 2020 13:37:15 +0200 Subject: [PATCH] Fix subscription permission handling --- src/engine/action/Action.ts | 4 ++-- src/graphqlProtocol/resolver.ts | 38 ++++++++++++++++----------------- 2 files changed, 20 insertions(+), 22 deletions(-) diff --git a/src/engine/action/Action.ts b/src/engine/action/Action.ts index f9c6d081..3d2e6072 100644 --- a/src/engine/action/Action.ts +++ b/src/engine/action/Action.ts @@ -56,7 +56,7 @@ export class Action { private _output: any; resolve: Function; type: string; - permissions: Function | Permission | Permission[]; + permissions: Permission | Permission[]; private _permissions: Function | Permission | Permission[]; private _defaultPermissions: Permission | Permission[]; descriptionPermissions: string | boolean; @@ -252,7 +252,7 @@ export class Action { this._defaultPermissions = defaultPermissions; } - getPermissions(): Function | Permission | Permission[] { + getPermissions(): Permission | Permission[] { if ((!this._permissions && !this._defaultPermissions) || this.permissions) { return this.permissions; } diff --git a/src/graphqlProtocol/resolver.ts b/src/graphqlProtocol/resolver.ts index 44f8ccbe..bf1c40f0 100644 --- a/src/graphqlProtocol/resolver.ts +++ b/src/graphqlProtocol/resolver.ts @@ -43,7 +43,10 @@ import { serializeValues, } from '../engine/helpers'; import { validateMutationPayload } from '../engine/validation'; -import { buildActionPermissionFilter } from '../engine/permission/Permission'; +import { + buildActionPermissionFilter, + Permission, +} from '../engine/permission/Permission'; const AccessDeniedError = new CustomError( 'Access denied', @@ -473,28 +476,26 @@ export const handleSubscriptionPermission = async ( entitySubscription: Subscription, input: any, ) => { - const permission = entity.getPermissions(); - - console.log('handleSubscriptionPermission', { permission }); - - if (!permission) { + const permissionsMap = entity.getPermissions(); + if ( + !permissionsMap || + !permissionsMap.subscriptions || + !Object.keys(permissionsMap.subscriptions).length + ) { return null; } - const subPermission = permission.subscriptions; - if (!subPermission) { - return null; - } + const subPermissions = ([] as Permission[]).concat( + ...Object.values(permissionsMap.subscriptions as Permission | Permission[]), + ); const { userId, userRoles } = context; - console.log('handleSubscriptionPermission', { subPermission }); - const { where: permissionWhere, lookupPermissionEntity, } = await buildActionPermissionFilter( - subPermission, + subPermissions, userId, userRoles, entitySubscription, @@ -506,10 +507,10 @@ export const handleSubscriptionPermission = async ( throw AccessDeniedError; } - console.log('handleSubscriptionPermission', { - permissionWhere, - lookupPermissionEntity, - }); + // console.log('handleSubscriptionPermission', { + // permissionWhere, + // lookupPermissionEntity, + // }); // only if non-empty where clause if (Object.keys(permissionWhere).length > 0) { @@ -541,7 +542,6 @@ export const getSubscriptionResolver = ( idResolver: Function, ) => { const storageType = entity.storageType; - // const protocolConfiguration = ProtocolGraphQL.getProtocolConfiguration() as ProtocolGraphQLConfiguration; const nestedPayloadResolver = getNestedPayloadResolver( entity, @@ -688,8 +688,6 @@ export const getSubscriptionPayloadResolver = ( ret[typeName] = result; } - // console.log('getSubscriptionPayloadResolver', JSON.stringify(ret, null, 2)); - return ret; }; };