huanld/speckle-server
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

allow guest access to selected gql resources

Browse Source
This commit is contained in:
Gergő Jedlicska
2023-07-31 12:29:43 +02:00
parent 42de692f50
commit e9d9fc770c
16 changed files with 72 additions and 68 deletions
Download Patch File Download Diff File Expand all files Collapse all files
packages/server/assets/accessrequests/typedefs/accessrequests.graphql
+3 -3
View File
@@ -3,7 +3,7 @@ extend type Query {
Get authed user's stream access request
"""
streamAccessRequest(streamId: String!): StreamAccessRequest
@hasServerRole(role: SERVER_USER)
@hasServerRole(role: SERVER_GUEST)
}
extend type Stream {
@@ -21,13 +21,13 @@ extend type Mutation {
requestId: String!
accept: Boolean!
role: StreamRole! = STREAM_CONTRIBUTOR
): Boolean! @hasServerRole(role: SERVER_USER) @hasScope(scope: "users:invite")
): Boolean! @hasServerRole(role: SERVER_GUEST) @hasScope(scope: "users:invite")
"""
Request access to a specific stream
"""
streamAccessRequestCreate(streamId: String!): StreamAccessRequest!
@hasServerRole(role: SERVER_USER)
@hasServerRole(role: SERVER_GUEST)
@hasScope(scope: "users:invite")
}
packages/server/assets/activitystream/typedefs/activity.graphql
+11 -7
View File
@@ -8,7 +8,9 @@ extend type User {
before: DateTime
cursor: DateTime
limit: Int! = 25
): ActivityCollection @hasServerRole(role: SERVER_USER) @hasScope(scope: "users:read")
): ActivityCollection
@hasServerRole(role: SERVER_GUEST)
@hasScope(scope: "users:read")
"""
The user's timeline in chronological order
@@ -19,7 +21,7 @@ extend type User {
cursor: DateTime
limit: Int! = 25
): ActivityCollection
@hasServerRole(role: SERVER_USER)
@hasServerRole(role: SERVER_GUEST)
@hasScopes(scopes: ["users:read", "streams:read"])
}
@@ -33,7 +35,9 @@ extend type LimitedUser {
before: DateTime
cursor: DateTime
limit: Int! = 25
): ActivityCollection @hasServerRole(role: SERVER_USER) @hasScope(scope: "users:read")
): ActivityCollection
@hasServerRole(role: SERVER_GUEST)
@hasScope(scope: "users:read")
"""
The user's timeline in chronological order
@@ -44,7 +48,7 @@ extend type LimitedUser {
cursor: DateTime
limit: Int! = 25
): ActivityCollection
@hasServerRole(role: SERVER_USER)
@hasServerRole(role: SERVER_GUEST)
@hasScopes(scopes: ["users:read", "streams:read"])
}
@@ -59,7 +63,7 @@ extend type Stream {
cursor: DateTime
limit: Int! = 25
): ActivityCollection
@hasServerRole(role: SERVER_USER)
@hasServerRole(role: SERVER_GUEST)
@hasScope(scope: "streams:read")
}
@@ -74,7 +78,7 @@ extend type Branch {
cursor: DateTime
limit: Int! = 25
): ActivityCollection
@hasServerRole(role: SERVER_USER)
@hasServerRole(role: SERVER_GUEST)
@hasScope(scope: "streams:read")
}
@@ -89,7 +93,7 @@ extend type Commit {
cursor: DateTime
limit: Int! = 25
): ActivityCollection
@hasServerRole(role: SERVER_USER)
@hasServerRole(role: SERVER_GUEST)
@hasScope(scope: "streams:read")
}
packages/server/assets/auth/typedefs/apps.graphql
+3 -3
View File
@@ -47,14 +47,14 @@ extend type User {
Returns the apps you have authorized.
"""
authorizedApps: [ServerAppListItem]
@hasServerRole(role: SERVER_USER)
@hasServerRole(role: SERVER_GUEST)
@hasScope(scope: "apps:read")
"""
Returns the apps you have created.
"""
createdApps: [ServerApp!]
@hasServerRole(role: SERVER_USER)
@hasServerRole(role: SERVER_GUEST)
@hasScope(scope: "apps:read")
}
@@ -84,7 +84,7 @@ extend type Mutation {
Revokes (de-authorizes) an application that you have previously authorized.
"""
appRevokeAccess(appId: String!): Boolean
@hasServerRole(role: SERVER_USER)
@hasServerRole(role: SERVER_GUEST)
@hasScope(scope: "apps:write")
}
packages/server/assets/comments/typedefs/comments.gql
+10 -10
View File
@@ -324,7 +324,7 @@ type CommentMutations {
}
extend type Mutation {
commentMutations: CommentMutations! @hasServerRole(role: SERVER_USER)
commentMutations: CommentMutations! @hasServerRole(role: SERVER_GUEST)
"""
Used for broadcasting real time chat head bubbles and status. Does not persist any info.
@@ -334,7 +334,7 @@ extend type Mutation {
resourceId: String!
data: JSONObject
): Boolean!
@hasServerRole(role: SERVER_USER)
@hasServerRole(role: SERVER_GUEST)
@deprecated(reason: "Use broadcastViewerUserActivity")
"""
@@ -345,14 +345,14 @@ extend type Mutation {
commentId: String!
data: JSONObject
): Boolean!
@hasServerRole(role: SERVER_USER)
@hasServerRole(role: SERVER_GUEST)
@deprecated(reason: "Use broadcastViewerUserActivity")
"""
Creates a comment
"""
commentCreate(input: CommentCreateInput!): String!
@hasServerRole(role: SERVER_USER)
@hasServerRole(role: SERVER_GUEST)
@hasScope(scope: "streams:read")
@deprecated(reason: "Use commentMutations version")
@@ -360,7 +360,7 @@ extend type Mutation {
Flags a comment as viewed by you (the logged in user).
"""
commentView(streamId: String!, commentId: String!): Boolean!
@hasServerRole(role: SERVER_USER)
@hasServerRole(role: SERVER_GUEST)
@hasScope(scope: "streams:read")
@deprecated(reason: "Use commentMutations version")
@@ -372,7 +372,7 @@ extend type Mutation {
commentId: String!
archived: Boolean! = true
): Boolean!
@hasServerRole(role: SERVER_USER)
@hasServerRole(role: SERVER_GUEST)
@hasScope(scope: "streams:read")
@deprecated(reason: "Use commentMutations version")
@@ -380,7 +380,7 @@ extend type Mutation {
Edits a comment.
"""
commentEdit(input: CommentEditInput!): Boolean!
@hasServerRole(role: SERVER_USER)
@hasServerRole(role: SERVER_GUEST)
@hasScope(scope: "streams:read")
@deprecated(reason: "Use commentMutations version")
@@ -388,7 +388,7 @@ extend type Mutation {
Adds a reply to a comment.
"""
commentReply(input: ReplyCreateInput!): String!
@hasServerRole(role: SERVER_USER)
@hasServerRole(role: SERVER_GUEST)
@hasScope(scope: "streams:read")
@deprecated(reason: "Use commentMutations version")
}
@@ -457,7 +457,7 @@ extend type Subscription {
- for a specific resource/set of resources: pass in a list of resourceIds (commit or object ids); this sub will get called when *any* of the resources provided get a comment.
"""
commentActivity(streamId: String!, resourceIds: [String]): CommentActivityMessage!
@hasServerRole(role: SERVER_USER)
@hasServerRole(role: SERVER_GUEST)
@hasScope(scope: "streams:read")
@deprecated(reason: "Use projectCommentsUpdated")
@@ -470,7 +470,7 @@ extend type Subscription {
streamId: String!
commentId: String!
): CommentThreadActivityMessage!
@hasServerRole(role: SERVER_USER)
@hasServerRole(role: SERVER_GUEST)
@hasScope(scope: "streams:read")
@deprecated(
reason: "Use projectCommentsUpdated or viewerUserActivityBroadcasted for reply status"
packages/server/assets/comments/typedefs/viewer.gql
+1 -1
View File
@@ -46,7 +46,7 @@ extend type Mutation {
projectId: String!
resourceIdString: String!
message: ViewerUserActivityMessageInput!
): Boolean! @hasServerRole(role: SERVER_USER)
): Boolean! @hasServerRole(role: SERVER_GUEST)
}
extend type Subscription {
packages/server/assets/core/typedefs/branchesAndCommits.graphql
+16 -16
View File
@@ -48,7 +48,7 @@ type Commit {
Will throw an authorization error if active user isn't authorized to see it, for example,
if a stream isn't public and the user doesn't have the appropriate rights.
"""
stream: Stream! @hasServerRole(role: SERVER_USER) @hasScope(scope: "streams:read")
stream: Stream! @hasServerRole(role: SERVER_GUEST) @hasScope(scope: "streams:read")
}
type BranchCollection {
@@ -65,40 +65,40 @@ type CommitCollection {
extend type Mutation {
branchCreate(branch: BranchCreateInput!): String!
@hasServerRole(role: SERVER_USER)
@hasServerRole(role: SERVER_GUEST)
@hasScope(scope: "streams:write")
branchUpdate(branch: BranchUpdateInput!): Boolean!
@hasServerRole(role: SERVER_USER)
@hasServerRole(role: SERVER_GUEST)
@hasScope(scope: "streams:write")
branchDelete(branch: BranchDeleteInput!): Boolean!
@hasServerRole(role: SERVER_USER)
@hasServerRole(role: SERVER_GUEST)
@hasScope(scope: "streams:write")
commitCreate(commit: CommitCreateInput!): String!
@hasServerRole(role: SERVER_USER)
@hasServerRole(role: SERVER_GUEST)
@hasScope(scope: "streams:write")
commitUpdate(commit: CommitUpdateInput!): Boolean!
@hasServerRole(role: SERVER_USER)
@hasServerRole(role: SERVER_GUEST)
@hasScope(scope: "streams:write")
commitReceive(input: CommitReceivedInput!): Boolean!
@hasServerRole(role: SERVER_USER)
@hasServerRole(role: SERVER_GUEST)
@hasScope(scope: "streams:read")
commitDelete(commit: CommitDeleteInput!): Boolean!
@hasServerRole(role: SERVER_USER)
@hasServerRole(role: SERVER_GUEST)
@hasScope(scope: "streams:write")
"""
Move a batch of commits to a new branch
"""
commitsMove(input: CommitsMoveInput!): Boolean!
@hasServerRole(role: SERVER_USER)
@hasServerRole(role: SERVER_GUEST)
@hasScope(scope: "streams:write")
"""
Delete a batch of commits
"""
commitsDelete(input: CommitsDeleteInput!): Boolean!
@hasServerRole(role: SERVER_USER)
@hasServerRole(role: SERVER_GUEST)
@hasScope(scope: "streams:write")
}
@@ -108,38 +108,38 @@ extend type Subscription {
Subscribe to branch created event
"""
branchCreated(streamId: String!): JSONObject
@hasServerRole(role: SERVER_USER)
@hasServerRole(role: SERVER_GUEST)
@hasScope(scope: "streams:read")
"""
Subscribe to branch updated event.
"""
branchUpdated(streamId: String!, branchId: String): JSONObject
@hasServerRole(role: SERVER_USER)
@hasServerRole(role: SERVER_GUEST)
@hasScope(scope: "streams:read")
"""
Subscribe to branch deleted event
"""
branchDeleted(streamId: String!): JSONObject
@hasServerRole(role: SERVER_USER)
@hasServerRole(role: SERVER_GUEST)
@hasScope(scope: "streams:read")
"""
Subscribe to commit created event
"""
commitCreated(streamId: String!): JSONObject
@hasServerRole(role: SERVER_USER)
@hasServerRole(role: SERVER_GUEST)
@hasScope(scope: "streams:read")
"""
Subscribe to commit updated event.
"""
commitUpdated(streamId: String!, commitId: String): JSONObject
@hasServerRole(role: SERVER_USER)
@hasServerRole(role: SERVER_GUEST)
@hasScope(scope: "streams:read")
"""
Subscribe to commit deleted event
"""
commitDeleted(streamId: String!): JSONObject
@hasServerRole(role: SERVER_USER)
@hasServerRole(role: SERVER_GUEST)
@hasScope(scope: "streams:read")
}
packages/server/assets/core/typedefs/modelsAndVersions.graphql
+2 -2
View File
@@ -164,11 +164,11 @@ type VersionMutations {
extend type Mutation {
modelMutations: ModelMutations!
@hasServerRole(role: SERVER_USER)
@hasServerRole(role: SERVER_GUEST)
@hasScope(scope: "streams:write")
versionMutations: VersionMutations!
@hasServerRole(role: SERVER_USER)
@hasServerRole(role: SERVER_GUEST)
@hasScope(scope: "streams:write")
}
packages/server/assets/core/typedefs/streams.graphql
+10 -10
View File
@@ -10,7 +10,7 @@ extend type Query {
Pass in the `query` parameter to search by name, description or ID.
"""
streams(query: String, limit: Int = 25, cursor: String): StreamCollection
@hasServerRole(role: SERVER_USER)
@hasServerRole(role: SERVER_GUEST)
@hasScope(scope: "streams:read")
"""
@@ -77,7 +77,7 @@ extend type User {
authenticated user, then this will only return discoverable streams.
"""
streams(limit: Int! = 25, cursor: String): StreamCollection!
@hasServerRole(role: SERVER_USER)
@hasServerRole(role: SERVER_GUEST)
@hasScope(scope: "streams:read")
"""
@@ -85,7 +85,7 @@ extend type User {
Note: You can't use this to retrieve another user's favorite streams.
"""
favoriteStreams(limit: Int! = 25, cursor: String): StreamCollection!
@hasServerRole(role: SERVER_USER)
@hasServerRole(role: SERVER_GUEST)
@hasScope(scope: "streams:read")
"""
@@ -99,7 +99,7 @@ extend type LimitedUser {
Returns all discoverable streams that the user is a collaborator on
"""
streams(limit: Int! = 25, cursor: String): StreamCollection!
@hasServerRole(role: SERVER_USER)
@hasServerRole(role: SERVER_GUEST)
@hasScope(scope: "streams:read")
"""
@@ -181,12 +181,12 @@ extend type Mutation {
# Favorite/unfavorite the given stream
streamFavorite(streamId: String!, favorited: Boolean!): Stream
@hasServerRole(role: SERVER_USER)
@hasServerRole(role: SERVER_GUEST)
"""
Remove yourself from stream collaborators (not possible for the owner)
"""
streamLeave(streamId: String!): Boolean! @hasServerRole(role: SERVER_USER)
streamLeave(streamId: String!): Boolean! @hasServerRole(role: SERVER_GUEST)
}
extend type Subscription {
@@ -200,7 +200,7 @@ extend type Subscription {
**NOTE**: If someone shares a stream with you, this subscription will be triggered with an extra value of `sharedBy` in the payload.
"""
userStreamAdded: JSONObject
@hasServerRole(role: SERVER_USER)
@hasServerRole(role: SERVER_GUEST)
@hasScope(scope: "profile:read")
"""
@@ -208,7 +208,7 @@ extend type Subscription {
**NOTE**: If someone revokes your permissions on a stream, this subscription will be triggered with an extra value of `revokedBy` in the payload.
"""
userStreamRemoved: JSONObject
@hasServerRole(role: SERVER_USER)
@hasServerRole(role: SERVER_GUEST)
@hasScope(scope: "profile:read")
#
@@ -220,14 +220,14 @@ extend type Subscription {
Subscribes to stream updated event. Use this in clients/components that pertain only to this stream.
"""
streamUpdated(streamId: String): JSONObject
@hasServerRole(role: SERVER_USER)
@hasServerRole(role: SERVER_GUEST)
@hasScope(scope: "streams:read")
"""
Subscribes to stream deleted event. Use this in clients/components that pertain only to this stream.
"""
streamDeleted(streamId: String): JSONObject
@hasServerRole(role: SERVER_USER)
@hasServerRole(role: SERVER_GUEST)
@hasScope(scope: "streams:read")
}
packages/server/assets/core/typedefs/user.graphql
+3 -3
View File
@@ -8,7 +8,7 @@ extend type Query {
Get the (limited) profile information of another server user
"""
otherUser(id: String!): LimitedUser
@hasServerRole(role: SERVER_USER)
@hasServerRole(role: SERVER_GUEST)
@hasScope(scope: "users:read")
"""
@@ -153,7 +153,7 @@ extend type Mutation {
Delete a user's account.
"""
userDelete(userConfirmation: UserDeleteInput!): Boolean!
@hasServerRole(role: SERVER_USER)
@hasServerRole(role: SERVER_GUEST)
@hasScope(scope: "profile:delete")
adminDeleteUser(userConfirmation: UserDeleteInput!): Boolean!
@@ -165,7 +165,7 @@ extend type Mutation {
"""
Various Active User oriented mutations
"""
activeUserMutations: ActiveUserMutations! @hasServerRole(role: SERVER_USER)
activeUserMutations: ActiveUserMutations! @hasServerRole(role: SERVER_GUEST)
}
input UserRoleInput {
packages/server/assets/emails/typedefs/emails.graphql
+1 -1
View File
@@ -9,5 +9,5 @@ extend type Mutation {
"""
(Re-)send the account verification e-mail
"""
requestVerification: Boolean! @hasServerRole(role: SERVER_USER)
requestVerification: Boolean! @hasServerRole(role: SERVER_GUEST)
}
packages/server/assets/notifications/typedefs/notificationPreferences.graphql
+1 -1
View File
@@ -4,5 +4,5 @@ extend type User {
extend type Mutation {
userNotificationPreferencesUpdate(preferences: JSONObject!): Boolean
@hasServerRole(role: SERVER_USER)
@hasServerRole(role: SERVER_GUEST)
}
packages/server/assets/serverinvites/typedefs/serverInvites.graphql
+3 -3
View File
@@ -25,13 +25,13 @@ extend type Mutation {
Accept or decline a stream invite
"""
streamInviteUse(accept: Boolean!, streamId: String!, token: String!): Boolean!
@hasServerRole(role: SERVER_USER)
@hasServerRole(role: SERVER_GUEST)
"""
Cancel a pending stream invite. Can only be invoked by a stream owner.
"""
streamInviteCancel(streamId: String!, inviteId: String!): Boolean!
@hasServerRole(role: SERVER_USER)
@hasServerRole(role: SERVER_GUEST)
@hasScope(scope: "users:invite")
"""
@@ -66,7 +66,7 @@ extend type Query {
Get all invitations to streams that the active user has
"""
streamInvites: [PendingStreamCollaborator!]!
@hasServerRole(role: SERVER_USER)
@hasServerRole(role: SERVER_GUEST)
@hasScope(scope: "streams:read")
}
packages/server/modules/core/graph/resolvers/objects.js
+1 -1
View File
@@ -60,7 +60,7 @@ module.exports = {
},
Mutation: {
async objectCreate(parent, args, context) {
await validateServerRole(context, Roles.Server.User)
await validateServerRole(context, Roles.Server.Guest)
await validateScopes(context.scopes, Scopes.Streams.Write)
await authorizeResolver(
context.userId,
packages/server/modules/core/graph/resolvers/projects.ts
+1 -1
View File
@@ -52,7 +52,7 @@ export = {
await authorizeResolver(context.userId, args.id, Roles.Stream.Reviewer)
if (!stream.isPublic) {
await validateServerRole(context, Roles.Server.User)
await validateServerRole(context, Roles.Server.Guest)
validateScopes(context.scopes, Scopes.Streams.Read)
}
packages/server/modules/core/graph/resolvers/streams.js
+1 -1
View File
@@ -88,7 +88,7 @@ module.exports = {
await authorizeResolver(context.userId, args.id, Roles.Stream.Reviewer)
if (!stream.isPublic) {
await validateServerRole(context, Roles.Server.User)
await validateServerRole(context, Roles.Server.Guest)
await validateScopes(context.scopes, Scopes.Streams.Read)
}
packages/server/modules/core/graph/resolvers/users.js
+5 -5
View File
@@ -32,7 +32,7 @@ module.exports = {
if (!activeUserId) return null
// Only if authenticated - check for server roles & scopes
await validateServerRole(context, Roles.Server.User)
await validateServerRole(context, Roles.Server.Guest)
await validateScopes(context.scopes, Scopes.Profile.Read)
return await getUser(activeUserId)
@@ -46,7 +46,7 @@ module.exports = {
// User wants info about himself and he's not authenticated - just return null
if (!context.auth && !args.id) return null
await validateServerRole(context, Roles.Server.User)
await validateServerRole(context, Roles.Server.Guest)
if (!args.id) await validateScopes(context.scopes, Scopes.Profile.Read)
else await validateScopes(context.scopes, Scopes.Users.Read)
@@ -63,7 +63,7 @@ module.exports = {
},
async userSearch(parent, args, context) {
await validateServerRole(context, Roles.Server.User)
await validateServerRole(context, Roles.Server.Guest)
await validateScopes(context.scopes, Scopes.Profile.Read)
await validateScopes(context.scopes, Scopes.Users.Read)
@@ -130,7 +130,7 @@ module.exports = {
},
Mutation: {
async userUpdate(_parent, args, context) {
await validateServerRole(context, Roles.Server.User)
await validateServerRole(context, Roles.Server.Guest)
await updateUserAndNotify(context.userId, args.user)
return true
},
@@ -162,7 +162,7 @@ module.exports = {
// The below are not really needed anymore as we've added the hasRole and hasScope
// directives in the graphql schema itself.
// Since I am paranoid, I'll leave them here too.
await validateServerRole(context, Roles.Server.User)
await validateServerRole(context, Roles.Server.Guest)
await validateScopes(context.scopes, Scopes.Profile.Delete)
await deleteUser(context.userId, args.user)