From 19ea8b287909d3beafdde5241af45af2ee3f4ec5 Mon Sep 17 00:00:00 2001 From: Chuck Driesler Date: Mon, 12 May 2025 21:10:47 +0100 Subject: [PATCH] fix(authz): expose canInvite gql queries (#4712) --- packages/frontend-2/lib/common/generated/gql/graphql.ts | 4 ++++ packages/server/assets/core/typedefs/permissions.graphql | 1 + .../assets/workspacesCore/typedefs/permissions.graphql | 1 + packages/server/modules/core/graph/generated/graphql.ts | 4 ++++ .../server/modules/core/graph/resolvers/permissions.ts | 7 +++++++ .../modules/cross-server-sync/graph/generated/graphql.ts | 2 ++ .../modules/workspaces/graph/resolvers/permissions.ts | 7 +++++++ packages/server/test/graphql/generated/graphql.ts | 2 ++ 8 files changed, 28 insertions(+) diff --git a/packages/frontend-2/lib/common/generated/gql/graphql.ts b/packages/frontend-2/lib/common/generated/gql/graphql.ts index 9cab74e08..14a495a9a 100644 --- a/packages/frontend-2/lib/common/generated/gql/graphql.ts +++ b/packages/frontend-2/lib/common/generated/gql/graphql.ts @@ -2586,6 +2586,7 @@ export type ProjectPermissionChecks = { canCreateComment: PermissionCheckResult; canCreateModel: PermissionCheckResult; canDelete: PermissionCheckResult; + canInvite: PermissionCheckResult; canLeave: PermissionCheckResult; canLoad: PermissionCheckResult; canMoveToWorkspace: PermissionCheckResult; @@ -4850,6 +4851,7 @@ export type WorkspacePaymentMethod = typeof WorkspacePaymentMethod[keyof typeof export type WorkspacePermissionChecks = { __typename?: 'WorkspacePermissionChecks'; canCreateProject: PermissionCheckResult; + canInvite: PermissionCheckResult; canMoveProjectToWorkspace: PermissionCheckResult; }; @@ -8414,6 +8416,7 @@ export type ProjectPermissionChecksFieldArgs = { canCreateComment: {}, canCreateModel: {}, canDelete: {}, + canInvite: {}, canLeave: {}, canLoad: {}, canMoveToWorkspace: ProjectPermissionChecksCanMoveToWorkspaceArgs, @@ -9016,6 +9019,7 @@ export type WorkspacePaidPlanPricesFieldArgs = { } export type WorkspacePermissionChecksFieldArgs = { canCreateProject: {}, + canInvite: {}, canMoveProjectToWorkspace: WorkspacePermissionChecksCanMoveProjectToWorkspaceArgs, } export type WorkspacePlanFieldArgs = { diff --git a/packages/server/assets/core/typedefs/permissions.graphql b/packages/server/assets/core/typedefs/permissions.graphql index 39eac16e4..853a2bb97 100644 --- a/packages/server/assets/core/typedefs/permissions.graphql +++ b/packages/server/assets/core/typedefs/permissions.graphql @@ -15,6 +15,7 @@ type ProjectPermissionChecks { canRequestRender: PermissionCheckResult! canPublish: PermissionCheckResult! canLoad: PermissionCheckResult! + canInvite: PermissionCheckResult! } type RootPermissionChecks { diff --git a/packages/server/assets/workspacesCore/typedefs/permissions.graphql b/packages/server/assets/workspacesCore/typedefs/permissions.graphql index 6ab5c5ca5..41e9923e3 100644 --- a/packages/server/assets/workspacesCore/typedefs/permissions.graphql +++ b/packages/server/assets/workspacesCore/typedefs/permissions.graphql @@ -4,5 +4,6 @@ extend type Workspace { type WorkspacePermissionChecks { canCreateProject: PermissionCheckResult! + canInvite: PermissionCheckResult! canMoveProjectToWorkspace(projectId: String): PermissionCheckResult! } diff --git a/packages/server/modules/core/graph/generated/graphql.ts b/packages/server/modules/core/graph/generated/graphql.ts index ab7386fe1..c3add11c1 100644 --- a/packages/server/modules/core/graph/generated/graphql.ts +++ b/packages/server/modules/core/graph/generated/graphql.ts @@ -2609,6 +2609,7 @@ export type ProjectPermissionChecks = { canCreateComment: PermissionCheckResult; canCreateModel: PermissionCheckResult; canDelete: PermissionCheckResult; + canInvite: PermissionCheckResult; canLeave: PermissionCheckResult; canLoad: PermissionCheckResult; canMoveToWorkspace: PermissionCheckResult; @@ -4873,6 +4874,7 @@ export type WorkspacePaymentMethod = typeof WorkspacePaymentMethod[keyof typeof export type WorkspacePermissionChecks = { __typename?: 'WorkspacePermissionChecks'; canCreateProject: PermissionCheckResult; + canInvite: PermissionCheckResult; canMoveProjectToWorkspace: PermissionCheckResult; }; @@ -6802,6 +6804,7 @@ export type ProjectPermissionChecksResolvers; canCreateModel?: Resolver; canDelete?: Resolver; + canInvite?: Resolver; canLeave?: Resolver; canLoad?: Resolver; canMoveToWorkspace?: Resolver>; @@ -7550,6 +7553,7 @@ export type WorkspacePaidPlanPricesResolvers = { canCreateProject?: Resolver; + canInvite?: Resolver; canMoveProjectToWorkspace?: Resolver>; __isTypeOf?: IsTypeOfResolverFn; }; diff --git a/packages/server/modules/core/graph/resolvers/permissions.ts b/packages/server/modules/core/graph/resolvers/permissions.ts index d03f2dde4..497457800 100644 --- a/packages/server/modules/core/graph/resolvers/permissions.ts +++ b/packages/server/modules/core/graph/resolvers/permissions.ts @@ -106,6 +106,13 @@ export default { userId: ctx.userId }) return Authz.toGraphqlResult(canLoad) + }, + canInvite: async (parent, _args, ctx) => { + const canInvite = await ctx.authPolicies.project.canInvite({ + projectId: parent.projectId, + userId: ctx.userId + }) + return Authz.toGraphqlResult(canInvite) } }, ModelPermissionChecks: { diff --git a/packages/server/modules/cross-server-sync/graph/generated/graphql.ts b/packages/server/modules/cross-server-sync/graph/generated/graphql.ts index 8c66bcc96..0a51ac5fa 100644 --- a/packages/server/modules/cross-server-sync/graph/generated/graphql.ts +++ b/packages/server/modules/cross-server-sync/graph/generated/graphql.ts @@ -2589,6 +2589,7 @@ export type ProjectPermissionChecks = { canCreateComment: PermissionCheckResult; canCreateModel: PermissionCheckResult; canDelete: PermissionCheckResult; + canInvite: PermissionCheckResult; canLeave: PermissionCheckResult; canLoad: PermissionCheckResult; canMoveToWorkspace: PermissionCheckResult; @@ -4853,6 +4854,7 @@ export type WorkspacePaymentMethod = typeof WorkspacePaymentMethod[keyof typeof export type WorkspacePermissionChecks = { __typename?: 'WorkspacePermissionChecks'; canCreateProject: PermissionCheckResult; + canInvite: PermissionCheckResult; canMoveProjectToWorkspace: PermissionCheckResult; }; diff --git a/packages/server/modules/workspaces/graph/resolvers/permissions.ts b/packages/server/modules/workspaces/graph/resolvers/permissions.ts index da09cec95..fe776c30a 100644 --- a/packages/server/modules/workspaces/graph/resolvers/permissions.ts +++ b/packages/server/modules/workspaces/graph/resolvers/permissions.ts @@ -15,6 +15,13 @@ export default { }) return Authz.toGraphqlResult(canCreateProject) }, + canInvite: async (parent, _args, ctx) => { + const canInvite = await ctx.authPolicies.workspace.canInvite({ + workspaceId: parent.workspaceId, + userId: ctx.userId + }) + return Authz.toGraphqlResult(canInvite) + }, canMoveProjectToWorkspace: async (parent, args, ctx) => { const canMoveProjectToWorkspace = await ctx.authPolicies.project.canMoveToWorkspace({ diff --git a/packages/server/test/graphql/generated/graphql.ts b/packages/server/test/graphql/generated/graphql.ts index ea0fd3085..96742d948 100644 --- a/packages/server/test/graphql/generated/graphql.ts +++ b/packages/server/test/graphql/generated/graphql.ts @@ -2590,6 +2590,7 @@ export type ProjectPermissionChecks = { canCreateComment: PermissionCheckResult; canCreateModel: PermissionCheckResult; canDelete: PermissionCheckResult; + canInvite: PermissionCheckResult; canLeave: PermissionCheckResult; canLoad: PermissionCheckResult; canMoveToWorkspace: PermissionCheckResult; @@ -4854,6 +4855,7 @@ export type WorkspacePaymentMethod = typeof WorkspacePaymentMethod[keyof typeof export type WorkspacePermissionChecks = { __typename?: 'WorkspacePermissionChecks'; canCreateProject: PermissionCheckResult; + canInvite: PermissionCheckResult; canMoveProjectToWorkspace: PermissionCheckResult; };