Merge pull request #5380 from Ocelot-Social-Community/post-in-group

feat: 🍰 Post In Groups

Author: Mogge

backend/src/db/graphql/authentications.js

@@ -19,6 +19,7 @@ export const signupVerificationMutation = gql`
       nonce: $nonce
       termsAndConditionsAgreedVersion: $termsAndConditionsAgreedVersion
     ) {
+      id
       slug
     }
   }

backend/src/db/graphql/posts.js

@@ -2,15 +2,87 @@ import gql from 'graphql-tag'
 
 // ------ mutations
 
-export const createPostMutation = gql`
-  mutation ($id: ID, $title: String!, $slug: String, $content: String!, $categoryIds: [ID]!) {
-    CreatePost(id: $id, title: $title, slug: $slug, content: $content, categoryIds: $categoryIds) {
-      id
-      slug
+export const createPostMutation = () => {
+  return gql`
+    mutation (
+      $id: ID
+      $title: String!
+      $slug: String
+      $content: String!
+      $categoryIds: [ID]
+      $groupId: ID
+    ) {
+      CreatePost(
+        id: $id
+        title: $title
+        slug: $slug
+        content: $content
+        categoryIds: $categoryIds
+        groupId: $groupId
+      ) {
+        id
+        slug
+        title
+        content
+      }
     }
-  }
-`
+  `
+}
 
 // ------ queries
 
-// fill queries in here
+export const postQuery = () => {
+  return gql`
+    query Post($id: ID!) {
+      Post(id: $id) {
+        id
+        title
+        content
+      }
+    }
+  `
+}
+
+export const filterPosts = () => {
+  return gql`
+    query Post($filter: _PostFilter, $first: Int, $offset: Int, $orderBy: [_PostOrdering]) {
+      Post(filter: $filter, first: $first, offset: $offset, orderBy: $orderBy) {
+        id
+        title
+        content
+      }
+    }
+  `
+}
+
+export const profilePagePosts = () => {
+  return gql`
+    query profilePagePosts(
+      $filter: _PostFilter
+      $first: Int
+      $offset: Int
+      $orderBy: [_PostOrdering]
+    ) {
+      profilePagePosts(filter: $filter, first: $first, offset: $offset, orderBy: $orderBy) {
+        id
+        title
+        content
+      }
+    }
+  `
+}
+
+export const searchPosts = () => {
+  return gql`
+    query ($query: String!, $firstPosts: Int, $postsOffset: Int) {
+      searchPosts(query: $query, firstPosts: $firstPosts, postsOffset: $postsOffset) {
+        postCount
+        posts {
+          id
+          title
+          content
+        }
+      }
+    }
+  `
+}

backend/src/db/seed.js

@@ -709,7 +709,7 @@ const languages = ['de', 'en', 'es', 'fr', 'it', 'pt', 'pl']
 
     await Promise.all([
       mutate({
-        mutation: createPostMutation,
+        mutation: createPostMutation(),
         variables: {
           id: 'p2',
           title: `Nature Philosophy Yoga`,
@@ -718,7 +718,7 @@ const languages = ['de', 'en', 'es', 'fr', 'it', 'pt', 'pl']
         },
       }),
       mutate({
-        mutation: createPostMutation,
+        mutation: createPostMutation(),
         variables: {
           id: 'p7',
           title: 'This is post #7',
@@ -727,7 +727,7 @@ const languages = ['de', 'en', 'es', 'fr', 'it', 'pt', 'pl']
         },
       }),
       mutate({
-        mutation: createPostMutation,
+        mutation: createPostMutation(),
         variables: {
           id: 'p8',
           image: faker.image.unsplash.nature(),
@@ -737,7 +737,7 @@ const languages = ['de', 'en', 'es', 'fr', 'it', 'pt', 'pl']
         },
       }),
       mutate({
-        mutation: createPostMutation,
+        mutation: createPostMutation(),
         variables: {
           id: 'p12',
           title: 'This is post #12',

backend/src/middleware/permissionsMiddleware.js

@@ -1,4 +1,4 @@
-import { rule, shield, deny, allow, or } from 'graphql-shield'
+import { rule, shield, deny, allow, or, and } from 'graphql-shield'
 import { getNeode } from '../db/neo4j'
 import CONFIG from '../config'
 import { validateInviteCode } from '../schema/resolvers/transactions/inviteCodes'
@@ -221,6 +221,34 @@ const isAllowedToLeaveGroup = rule({
   }
 })
 
+const isMemberOfGroup = rule({
+  cache: 'no_cache',
+})(async (_parent, args, { user, driver }) => {
+  if (!(user && user.id)) return false
+  const { groupId } = args
+  if (!groupId) return true
+  const userId = user.id
+  const session = driver.session()
+  const readTxPromise = session.readTransaction(async (transaction) => {
+    const transactionResponse = await transaction.run(
+      `
+        MATCH (User {id: $userId})-[membership:MEMBER_OF]->(Group {id: $groupId})
+        RETURN membership.role AS role
+      `,
+      { groupId, userId },
+    )
+    return transactionResponse.records.map((record) => record.get('role'))[0]
+  })
+  try {
+    const role = await readTxPromise
+    return ['usual', 'admin', 'owner'].includes(role)
+  } catch (error) {
+    throw new Error(error)
+  } finally {
+    session.close()
+  }
+})
+
 const isAuthor = rule({
   cache: 'no_cache',
 })(async (_parent, args, { user, driver }) => {
@@ -271,8 +299,6 @@ export default shield(
   {
     Query: {
       '*': deny,
-      findPosts: allow,
-      findUsers: allow,
       searchResults: allow,
       searchPosts: allow,
       searchUsers: allow,
@@ -316,7 +342,7 @@ export default shield(
       JoinGroup: isAllowedToJoinGroup,
       LeaveGroup: isAllowedToLeaveGroup,
       ChangeGroupMemberRole: isAllowedToChangeGroupMemberRole,
-      CreatePost: isAuthenticated,
+      CreatePost: and(isAuthenticated, isMemberOfGroup),
       UpdatePost: isAuthor,
       DeletePost: isAuthor,
       fileReport: isAuthenticated,

backend/src/middleware/slugifyMiddleware.spec.js

@@ -366,7 +366,7 @@ describe('slugifyMiddleware', () => {
       it('generates a slug based on title', async () => {
         await expect(
           mutate({
-            mutation: createPostMutation,
+            mutation: createPostMutation(),
             variables,
           }),
         ).resolves.toMatchObject({
@@ -382,7 +382,7 @@ describe('slugifyMiddleware', () => {
       it('generates a slug based on given slug', async () => {
         await expect(
           mutate({
-            mutation: createPostMutation,
+            mutation: createPostMutation(),
             variables: {
               ...variables,
               slug: 'the-post',
@@ -417,7 +417,7 @@ describe('slugifyMiddleware', () => {
       it('chooses another slug', async () => {
         await expect(
           mutate({
-            mutation: createPostMutation,
+            mutation: createPostMutation(),
             variables: {
               ...variables,
               title: 'Pre-existing post',
@@ -440,7 +440,7 @@ describe('slugifyMiddleware', () => {
           try {
             await expect(
               mutate({
-                mutation: createPostMutation,
+                mutation: createPostMutation(),
                 variables: {
                   ...variables,
                   title: 'Pre-existing post',

backend/src/middleware/userInteractions.js

@@ -31,7 +31,7 @@ const setPostCounter = async (postId, relation, context) => {
 }
 
 const userClickedPost = async (resolve, root, args, context, info) => {
-  if (args.id) {
+  if (args.id && context.user) {
     await setPostCounter(args.id, 'CLICKED', context)
   }
   return resolve(root, args, context, info)

backend/src/schema/resolvers/groups.js

@@ -261,8 +261,15 @@ export default {
         const leaveGroupCypher = `
           MATCH (member:User {id: $userId})-[membership:MEMBER_OF]->(group:Group {id: $groupId})
           DELETE membership
+          WITH member, group
+          OPTIONAL MATCH (p:Post)-[:IN]->(group)
+          WHERE NOT group.groupType = 'public' 
+          WITH member, group, collect(p) AS posts
+          FOREACH (post IN posts |
+            MERGE (member)-[:CANNOT_SEE]->(post))
           RETURN member {.*, myRoleInGroup: NULL}
         `
+
         const transactionResponse = await transaction.run(leaveGroupCypher, { groupId, userId })
         const [member] = await transactionResponse.records.map((record) => record.get('member'))
         return member
@@ -279,8 +286,22 @@ export default {
       const { groupId, userId, roleInGroup } = params
       const session = context.driver.session()
       const writeTxResultPromise = session.writeTransaction(async (transaction) => {
+        let postRestrictionCypher = ''
+        if (['usual', 'admin', 'owner'].includes(roleInGroup)) {
+          postRestrictionCypher = `
+            WITH group, member, membership
+            FOREACH (restriction IN [(member)-[r:CANNOT_SEE]->(:Post)-[:IN]->(group) | r] |
+              DELETE restriction)`
+        } else {
+          postRestrictionCypher = `
+            WITH group, member, membership
+            FOREACH (post IN [(p:Post)-[:IN]->(group) | p] |
+              MERGE (member)-[:CANNOT_SEE]->(post))`
+        }
+
         const joinGroupCypher = `
-          MATCH (member:User {id: $userId}), (group:Group {id: $groupId})
+          MATCH (member:User {id: $userId})
+          MATCH (group:Group {id: $groupId})
           MERGE (member)-[membership:MEMBER_OF]->(group)
           ON CREATE SET
             membership.createdAt = toString(datetime()),
@@ -289,8 +310,10 @@ export default {
           ON MATCH SET
             membership.updatedAt = toString(datetime()),
             membership.role = $roleInGroup
+          ${postRestrictionCypher}
           RETURN member {.*, myRoleInGroup: membership.role}
         `
+
         const transactionResponse = await transaction.run(joinGroupCypher, {
           groupId,
           userId,
@@ -313,6 +336,7 @@ export default {
       undefinedToNull: ['deleted', 'disabled', 'locationName', 'about'],
       hasMany: {
         categories: '-[:CATEGORIZED]->(related:Category)',
+        posts: '<-[:IN]-(related:Post)',
       },
       hasOne: {
         avatar: '-[:AVATAR_IMAGE]->(related:Image)',

backend/src/schema/resolvers/helpers/filterInvisiblePosts.js

@@ -0,0 +1,47 @@
+import { mergeWith, isArray } from 'lodash'
+
+const getInvisiblePosts = async (context) => {
+  const session = context.driver.session()
+  const readTxResultPromise = await session.readTransaction(async (transaction) => {
+    let cypher = ''
+    const { user } = context
+    if (user && user.id) {
+      cypher = `
+        MATCH (post:Post)<-[:CANNOT_SEE]-(user:User { id: $userId })
+        RETURN collect(post.id) AS invisiblePostIds`
+    } else {
+      cypher = `
+        MATCH (post:Post)-[:IN]->(group:Group)
+        WHERE NOT group.groupType = 'public'
+        RETURN collect(post.id) AS invisiblePostIds`
+    }
+    const invisiblePostIdsResponse = await transaction.run(cypher, {
+      userId: user ? user.id : null,
+    })
+    return invisiblePostIdsResponse.records.map((record) => record.get('invisiblePostIds'))
+  })
+  try {
+    const [invisiblePostIds] = readTxResultPromise
+    return invisiblePostIds
+  } finally {
+    session.close()
+  }
+}
+
+export const filterInvisiblePosts = async (params, context) => {
+  const invisiblePostIds = await getInvisiblePosts(context)
+  if (!invisiblePostIds.length) return params
+
+  params.filter = mergeWith(
+    params.filter,
+    {
+      id_not_in: invisiblePostIds,
+    },
+    (objValue, srcValue) => {
+      if (isArray(objValue)) {
+        return objValue.concat(srcValue)
+      }
+    },
+  )
+  return params
+}