|
1 | 1 | import { User } from "~/src/graphql/types/User/User"; |
2 | 2 | import { TalawaGraphQLError } from "~/src/utilities/TalawaGraphQLError"; |
| 3 | +import type { GraphQLContext } from "../../context"; |
3 | 4 | import { Fund } from "./Fund"; |
4 | 5 |
|
5 | | -Fund.implement({ |
6 | | - fields: (t) => ({ |
7 | | - updater: t.field({ |
8 | | - description: "User who last updated the fund.", |
9 | | - resolve: async (parent, _args, ctx) => { |
10 | | - if (!ctx.currentClient.isAuthenticated) { |
11 | | - throw new TalawaGraphQLError({ |
12 | | - extensions: { |
13 | | - code: "unauthenticated", |
14 | | - }, |
15 | | - }); |
16 | | - } |
| 6 | +const authenticateUser = async (ctx: GraphQLContext) => { |
| 7 | + if (!ctx.currentClient.isAuthenticated) { |
| 8 | + throw new TalawaGraphQLError({ |
| 9 | + extensions: { code: "unauthenticated" }, |
| 10 | + }); |
| 11 | + } |
17 | 12 |
|
18 | | - const currentUserId = ctx.currentClient.user.id; |
| 13 | + const currentUserId = ctx.currentClient.user.id; |
19 | 14 |
|
20 | | - const currentUser = await ctx.drizzleClient.query.usersTable.findFirst({ |
21 | | - with: { |
22 | | - organizationMembershipsWhereMember: { |
23 | | - columns: { |
24 | | - role: true, |
25 | | - }, |
26 | | - where: (fields, operators) => |
27 | | - operators.eq(fields.organizationId, parent.organizationId), |
28 | | - }, |
29 | | - }, |
30 | | - where: (fields, operators) => operators.eq(fields.id, currentUserId), |
31 | | - }); |
32 | | - |
33 | | - if (currentUser === undefined) { |
34 | | - throw new TalawaGraphQLError({ |
35 | | - extensions: { |
36 | | - code: "unauthenticated", |
37 | | - }, |
38 | | - }); |
39 | | - } |
| 15 | + const currentUser = await ctx.drizzleClient.query.usersTable.findFirst({ |
| 16 | + with: { |
| 17 | + organizationMembershipsWhereMember: { |
| 18 | + columns: { role: true }, |
| 19 | + }, |
| 20 | + }, |
| 21 | + where: (fields, operators) => operators.eq(fields.id, currentUserId), |
| 22 | + }); |
40 | 23 |
|
41 | | - const currentUserOrganizationMembership = |
42 | | - currentUser.organizationMembershipsWhereMember[0]; |
| 24 | + if (currentUser === undefined) { |
| 25 | + throw new TalawaGraphQLError({ |
| 26 | + extensions: { |
| 27 | + code: "unauthenticated", |
| 28 | + }, |
| 29 | + }); |
| 30 | + } |
43 | 31 |
|
44 | | - if ( |
45 | | - currentUser.role !== "administrator" && |
46 | | - (currentUserOrganizationMembership === undefined || |
47 | | - currentUserOrganizationMembership.role !== "administrator") |
48 | | - ) { |
49 | | - throw new TalawaGraphQLError({ |
50 | | - extensions: { |
51 | | - code: "unauthorized_action", |
52 | | - }, |
53 | | - }); |
54 | | - } |
| 32 | + return currentUser; |
| 33 | +}; |
55 | 34 |
|
56 | | - if (parent.updaterId === null) { |
57 | | - return null; |
58 | | - } |
| 35 | +const resolveUpdater = async ( |
| 36 | + parent: Fund, |
| 37 | + _: unknown, |
| 38 | + ctx: GraphQLContext, |
| 39 | +) => { |
| 40 | + const currentUser = await authenticateUser(ctx); |
| 41 | + const currentUserId = ctx.currentClient.user?.id; |
59 | 42 |
|
60 | | - if (parent.updaterId === currentUserId) { |
61 | | - return currentUser; |
62 | | - } |
| 43 | + const currentUserOrganizationMembership = |
| 44 | + currentUser.organizationMembershipsWhereMember?.[0]; |
63 | 45 |
|
64 | | - const updaterId = parent.updaterId; |
| 46 | + if ( |
| 47 | + currentUser.role !== "administrator" && |
| 48 | + (currentUserOrganizationMembership === undefined || |
| 49 | + currentUserOrganizationMembership.role !== "administrator") |
| 50 | + ) { |
| 51 | + throw new TalawaGraphQLError({ |
| 52 | + extensions: { |
| 53 | + code: "unauthorized_action", |
| 54 | + }, |
| 55 | + }); |
| 56 | + } |
65 | 57 |
|
66 | | - const existingUser = await ctx.drizzleClient.query.usersTable.findFirst( |
67 | | - { |
68 | | - where: (fields, operators) => operators.eq(fields.id, updaterId), |
69 | | - }, |
70 | | - ); |
| 58 | + if (parent.updaterId === null) { |
| 59 | + return null; |
| 60 | + } |
| 61 | + if (parent.updaterId === currentUserId) { |
| 62 | + return currentUser; |
| 63 | + } |
71 | 64 |
|
72 | | - // Updater id existing but the associated user not existing is a business logic error and probably means that the corresponding data in the database is in a corrupted state. It must be investigated and fixed as soon as possible to prevent additional data corruption. |
73 | | - if (existingUser === undefined) { |
74 | | - ctx.log.error( |
75 | | - "Postgres select operation returned an empty array for a fund's updater id that isn't null.", |
76 | | - ); |
| 65 | + const updaterId = parent.updaterId; |
77 | 66 |
|
78 | | - throw new TalawaGraphQLError({ |
79 | | - extensions: { |
80 | | - code: "unexpected", |
81 | | - }, |
82 | | - }); |
83 | | - } |
| 67 | + const existingUser = await ctx.drizzleClient.query.usersTable.findFirst({ |
| 68 | + where: (fields, operators) => operators.eq(fields.id, updaterId), |
| 69 | + }); |
84 | 70 |
|
85 | | - return existingUser; |
| 71 | + if (existingUser === undefined) { |
| 72 | + ctx.log.error( |
| 73 | + "Postgres select operation returned an empty array for a fund's updater id that isn't null.", |
| 74 | + ); |
| 75 | + throw new TalawaGraphQLError({ |
| 76 | + extensions: { |
| 77 | + code: "unexpected", |
86 | 78 | }, |
| 79 | + }); |
| 80 | + } |
| 81 | + |
| 82 | + return existingUser; |
| 83 | +}; |
| 84 | + |
| 85 | +Fund.implement({ |
| 86 | + fields: (t) => ({ |
| 87 | + updater: t.field({ |
| 88 | + description: "User who last updated the fund.", |
| 89 | + resolve: resolveUpdater, |
87 | 90 | type: User, |
88 | 91 | }), |
89 | 92 | }), |
90 | 93 | }); |
| 94 | + |
| 95 | +export { resolveUpdater }; |
0 commit comments