setlife-network · rishkwal · Nov 22, 2022 · Nov 30, 2022 · Nov 30, 2022
diff --git a/api/models/Allocation.js b/api/models/Allocation.js
@@ -66,12 +66,14 @@ module.exports = (sequelize) => {
             }
         },
         status: {
+            defaultValue: 'active',
             type: DataTypes.STRING,
-            allowNull: false
+            allowNull: true
         },
         proposed_by_contributor_id: { 
+            defaultValue: 1,
             type: DataTypes.INTEGER,
-            allowNull: false,
+            allowNull: true,
             references: {
                 model: 'Contributors',
                 key: 'id',

diff --git a/api/schema/helpers/projectIdFetcher.js b/api/schema/helpers/projectIdFetcher.js
@@ -0,0 +1,17 @@
+const db = require('../../models')
+
+module.exports = (fieldName, fieldId, operation) => {
+    if (fieldName == 'getProjectById') {
+        return fieldId
+    }
+    if (fieldName == 'getAllocationById' || fieldName == 'updateAllocationById' || fieldName == 'deleteAllocationByI') {
+        console.log( db.models.Allocation.findByPk(fieldId).dataValues.project_id)
+        return db.models.Allocation.findByPk(fieldId).dataValues.project_id
+    }
+    if (fieldName == 'getClientById' || fieldName == 'updateClientById' || fieldName == 'deleteClientByI') {
+        return db.models.Client.findByPk(fieldId).dataValues.project_id
+    }
+    if (fieldName == 'getPaymentById' || fieldName == 'updatePaymentById' || fieldName == 'deletePaymentById') {
+        return db.models.Payment.findByPk(fieldId).dataValues.project_id
+    }
+}
diff --git a/api/schema/index.js b/api/schema/index.js
@@ -7,6 +7,7 @@ const ClientResolver = require('./resolvers/ClientResolver')
 const ContributionResolver = require('./resolvers/ContributionResolver')
 const ConfigResolver = require('./resolvers/ConfigResolver')
 const ContributorResolver = require('./resolvers/ContributorResolver')
+const directiveResolvers = require('./resolvers/DirectiveResolvers')
 const IssueResolver = require('./resolvers/IssueResolver')
 const PaymentResolver = require('./resolvers/PaymentResolver')
 const PermissionResolver = require('./resolvers/PermissionResolver')
@@ -25,7 +26,7 @@ const PaymentType = require('./types/PaymentType')
 const PermissionType = require('./types/PermissionType')
 const ProjectType = require('./types/ProjectType')
 const RateType = require('./types/RateType')
-const TimeEntry = require('./types/TimeEntryType')
+const TimeEntry = require('./types/TimeEntryType');
 
 //merge types
 const typeDefs = mergeTypeDefs([
@@ -60,5 +61,6 @@ const resolvers = mergeResolvers([
 // Export generated schema
 module.exports = makeExecutableSchema({
     typeDefs,
-    resolvers
+    resolvers,
+    directiveResolvers
 });
diff --git a/api/schema/resolvers/DirectiveResolvers.js b/api/schema/resolvers/DirectiveResolvers.js
@@ -0,0 +1,40 @@
+const fetchProjectId = require('../helpers/projectIdFetcher')
+
+module.exports = {
+    authorizedContributor: async (next, src, args, { models, cookies }, operation ) => {
+        if (!cookies.userSession) {
+            return new Error('User not logged in')
+        }
+        return next();
+    },
+    authorizedProjectContributor: async (next, src, args, { models, cookies }, operation) => {
+        //You get the contributor id of the contributor who needs access to that specific project
+        const contributor_id = cookies.userSession
+        const project_id = operation.fieldNodes[0].arguments[0].value.value
+        console.log(contributor_id)
+        console.log(project_id)
+        const permission = await models.Permission.findOne({ where: { project_id: project_id, contributor_id: contributor_id } })
+        if (!permission) {
+            return new Error('Contributor not authorized')
+        }
+        return next();
+    },
+    authorizedProjectAdmin: async (next, src, args, { models, cookies }, operation) => {
+
+        const contributor_id = cookies.userSession
+        const fieldName = operation.fieldName
+        const fieldId = operation.variableValues.id
+        // const fieldId = operation.fieldNodes[0].arguments[0].value.value
+        const project_id = fetchProjectId(fieldName, fieldId, operation)
+        console.log(fieldName)
+        console.log(project_id)
+        console.log(contributor_id)
+        const permission = await models.Permission.findOne({ where: { project_id: project_id, contributor_id: contributor_id } })
+        if (!permission) {
+            return new Error('Contributor not authorized')
+        } else if ( permission.dataValues.type != 'owner' ) {
+            return new Error('Only Project Admin is authorized')
+        }
+        return next(); 
+    },
+}
diff --git a/api/schema/types/AllocationType.js b/api/schema/types/AllocationType.js
@@ -1,6 +1,7 @@
 const { gql } = require('apollo-server')
 //TODO: Change this when rates table added
 module.exports = gql`
+    directive @authorizedProjectAdmin on FIELD_DEFINITION
 
     type Allocation {
         id: Int!
@@ -45,8 +46,8 @@ module.exports = gql`
     }
 
     type Query {
-        getAllocationById(id: Int!): Allocation
-        getAllocations(contributorId: Int, projectId: Int): [Allocation]
+        getAllocationById(id: Int!): Allocation @authorizedProjectAdmin
+        getAllocations(contributorId: Int, projectId: Int): [Allocation] 
     }
 
     type Mutation {

diff --git a/api/schema/types/ClientType.js b/api/schema/types/ClientType.js
@@ -1,6 +1,7 @@
 const { gql } = require('apollo-server')
 
 module.exports = gql`
+    directive @authorizedContributor on FIELD_DEFINITION
 
     type Client {
         id: Int!
@@ -34,12 +35,12 @@ module.exports = gql`
     }
 
     type Query {
-        getClientById(id: Int!): Client
-        getClients: [Client]
-        getActiveClients: [Client]
-        getInactiveClients: [Client]
-        getActiveClientsCount: Int!
-        getInactiveClientsCount: Int!
+        getClientById(id: Int!): Client 
+        getClients: [Client] 
+        getActiveClients: [Client] 
+        getInactiveClients: [Client] 
+        getActiveClientsCount: Int! 
+        getInactiveClientsCount: Int! 
     }
 
     type Mutation {

diff --git a/api/schema/types/ProjectType.js b/api/schema/types/ProjectType.js
@@ -1,6 +1,7 @@
 const { gql } = require('apollo-server')
 
 module.exports = gql`
+    directive @authorizedProjectContributor on FIELD_DEFINITION
 
     type Project {
         id: Int!
@@ -121,7 +122,7 @@ module.exports = gql`
     }
 
     type Query {
-        getProjectById(id: Int!): Project
+        getProjectById(id: Int!): Project @authorizedProjectAdmin
         getProjects: [Project]
         getActiveProjects: [Project]
         getActiveProjectsCount(clientId: Int): Int!

diff --git a/api/schema/types/RateType.js b/api/schema/types/RateType.js
@@ -1,6 +1,7 @@
 const { gql } = require('apollo-server')
 
 module.exports = gql`
+
     type Rate {
         id: Int!
         active: Boolean!

diff --git a/server.js b/server.js
@@ -235,10 +235,12 @@ app.post('/api/webhooks/customer/delete', async (req, res) => {
 
 const server = new ApolloServer({
     schema,
-    context: ({ req }) => ({
-        ...db,
-        cookies: req.session
-    }),
+    context: ({ req }) => {
+        return {
+            ...db,
+            cookies: req.session
+        }
+    },
     introspection: true,
     playground: {
         settings: {