diff --git a/packages/server/assets/accessrequests/typedefs/accessrequests.graphql b/packages/server/assets/accessrequests/typedefs/accessrequests.graphql index 3c9a270d9..8fb239038 100644 --- a/packages/server/assets/accessrequests/typedefs/accessrequests.graphql +++ b/packages/server/assets/accessrequests/typedefs/accessrequests.graphql @@ -3,7 +3,7 @@ extend type Query { Get authed user's stream access request """ streamAccessRequest(streamId: String!): StreamAccessRequest - @hasServerRole(role: SERVER_USER) + @hasServerRole(role: SERVER_GUEST) } extend type Stream { @@ -21,13 +21,13 @@ extend type Mutation { requestId: String! accept: Boolean! role: StreamRole! = STREAM_CONTRIBUTOR - ): Boolean! @hasServerRole(role: SERVER_USER) @hasScope(scope: "users:invite") + ): Boolean! @hasServerRole(role: SERVER_GUEST) @hasScope(scope: "users:invite") """ Request access to a specific stream """ streamAccessRequestCreate(streamId: String!): StreamAccessRequest! - @hasServerRole(role: SERVER_USER) + @hasServerRole(role: SERVER_GUEST) @hasScope(scope: "users:invite") } diff --git a/packages/server/assets/activitystream/typedefs/activity.graphql b/packages/server/assets/activitystream/typedefs/activity.graphql index c648928c6..5783cf0a2 100644 --- a/packages/server/assets/activitystream/typedefs/activity.graphql +++ b/packages/server/assets/activitystream/typedefs/activity.graphql @@ -8,7 +8,9 @@ extend type User { before: DateTime cursor: DateTime limit: Int! = 25 - ): ActivityCollection @hasServerRole(role: SERVER_USER) @hasScope(scope: "users:read") + ): ActivityCollection + @hasServerRole(role: SERVER_GUEST) + @hasScope(scope: "users:read") """ The user's timeline in chronological order @@ -19,7 +21,7 @@ extend type User { cursor: DateTime limit: Int! = 25 ): ActivityCollection - @hasServerRole(role: SERVER_USER) + @hasServerRole(role: SERVER_GUEST) @hasScopes(scopes: ["users:read", "streams:read"]) } @@ -33,7 +35,9 @@ extend type LimitedUser { before: DateTime cursor: DateTime limit: Int! = 25 - ): ActivityCollection @hasServerRole(role: SERVER_USER) @hasScope(scope: "users:read") + ): ActivityCollection + @hasServerRole(role: SERVER_GUEST) + @hasScope(scope: "users:read") """ The user's timeline in chronological order @@ -44,7 +48,7 @@ extend type LimitedUser { cursor: DateTime limit: Int! = 25 ): ActivityCollection - @hasServerRole(role: SERVER_USER) + @hasServerRole(role: SERVER_GUEST) @hasScopes(scopes: ["users:read", "streams:read"]) } @@ -59,7 +63,7 @@ extend type Stream { cursor: DateTime limit: Int! = 25 ): ActivityCollection - @hasServerRole(role: SERVER_USER) + @hasServerRole(role: SERVER_GUEST) @hasScope(scope: "streams:read") } @@ -74,7 +78,7 @@ extend type Branch { cursor: DateTime limit: Int! = 25 ): ActivityCollection - @hasServerRole(role: SERVER_USER) + @hasServerRole(role: SERVER_GUEST) @hasScope(scope: "streams:read") } @@ -89,7 +93,7 @@ extend type Commit { cursor: DateTime limit: Int! = 25 ): ActivityCollection - @hasServerRole(role: SERVER_USER) + @hasServerRole(role: SERVER_GUEST) @hasScope(scope: "streams:read") } diff --git a/packages/server/assets/auth/typedefs/apps.graphql b/packages/server/assets/auth/typedefs/apps.graphql index 85ce003e9..d0d30d168 100644 --- a/packages/server/assets/auth/typedefs/apps.graphql +++ b/packages/server/assets/auth/typedefs/apps.graphql @@ -47,14 +47,14 @@ extend type User { Returns the apps you have authorized. """ authorizedApps: [ServerAppListItem] - @hasServerRole(role: SERVER_USER) + @hasServerRole(role: SERVER_GUEST) @hasScope(scope: "apps:read") """ Returns the apps you have created. """ createdApps: [ServerApp!] - @hasServerRole(role: SERVER_USER) + @hasServerRole(role: SERVER_GUEST) @hasScope(scope: "apps:read") } @@ -84,7 +84,7 @@ extend type Mutation { Revokes (de-authorizes) an application that you have previously authorized. """ appRevokeAccess(appId: String!): Boolean - @hasServerRole(role: SERVER_USER) + @hasServerRole(role: SERVER_GUEST) @hasScope(scope: "apps:write") } diff --git a/packages/server/assets/comments/typedefs/comments.gql b/packages/server/assets/comments/typedefs/comments.gql index 0434b9c7d..4244aef30 100644 --- a/packages/server/assets/comments/typedefs/comments.gql +++ b/packages/server/assets/comments/typedefs/comments.gql @@ -324,7 +324,7 @@ type CommentMutations { } extend type Mutation { - commentMutations: CommentMutations! @hasServerRole(role: SERVER_USER) + commentMutations: CommentMutations! @hasServerRole(role: SERVER_GUEST) """ Used for broadcasting real time chat head bubbles and status. Does not persist any info. @@ -334,7 +334,7 @@ extend type Mutation { resourceId: String! data: JSONObject ): Boolean! - @hasServerRole(role: SERVER_USER) + @hasServerRole(role: SERVER_GUEST) @deprecated(reason: "Use broadcastViewerUserActivity") """ @@ -345,14 +345,14 @@ extend type Mutation { commentId: String! data: JSONObject ): Boolean! - @hasServerRole(role: SERVER_USER) + @hasServerRole(role: SERVER_GUEST) @deprecated(reason: "Use broadcastViewerUserActivity") """ Creates a comment """ commentCreate(input: CommentCreateInput!): String! - @hasServerRole(role: SERVER_USER) + @hasServerRole(role: SERVER_GUEST) @hasScope(scope: "streams:read") @deprecated(reason: "Use commentMutations version") @@ -360,7 +360,7 @@ extend type Mutation { Flags a comment as viewed by you (the logged in user). """ commentView(streamId: String!, commentId: String!): Boolean! - @hasServerRole(role: SERVER_USER) + @hasServerRole(role: SERVER_GUEST) @hasScope(scope: "streams:read") @deprecated(reason: "Use commentMutations version") @@ -372,7 +372,7 @@ extend type Mutation { commentId: String! archived: Boolean! = true ): Boolean! - @hasServerRole(role: SERVER_USER) + @hasServerRole(role: SERVER_GUEST) @hasScope(scope: "streams:read") @deprecated(reason: "Use commentMutations version") @@ -380,7 +380,7 @@ extend type Mutation { Edits a comment. """ commentEdit(input: CommentEditInput!): Boolean! - @hasServerRole(role: SERVER_USER) + @hasServerRole(role: SERVER_GUEST) @hasScope(scope: "streams:read") @deprecated(reason: "Use commentMutations version") @@ -388,7 +388,7 @@ extend type Mutation { Adds a reply to a comment. """ commentReply(input: ReplyCreateInput!): String! - @hasServerRole(role: SERVER_USER) + @hasServerRole(role: SERVER_GUEST) @hasScope(scope: "streams:read") @deprecated(reason: "Use commentMutations version") } @@ -457,7 +457,7 @@ extend type Subscription { - for a specific resource/set of resources: pass in a list of resourceIds (commit or object ids); this sub will get called when *any* of the resources provided get a comment. """ commentActivity(streamId: String!, resourceIds: [String]): CommentActivityMessage! - @hasServerRole(role: SERVER_USER) + @hasServerRole(role: SERVER_GUEST) @hasScope(scope: "streams:read") @deprecated(reason: "Use projectCommentsUpdated") @@ -470,7 +470,7 @@ extend type Subscription { streamId: String! commentId: String! ): CommentThreadActivityMessage! - @hasServerRole(role: SERVER_USER) + @hasServerRole(role: SERVER_GUEST) @hasScope(scope: "streams:read") @deprecated( reason: "Use projectCommentsUpdated or viewerUserActivityBroadcasted for reply status" diff --git a/packages/server/assets/comments/typedefs/viewer.gql b/packages/server/assets/comments/typedefs/viewer.gql index 0d5b41d79..41f6b0e18 100644 --- a/packages/server/assets/comments/typedefs/viewer.gql +++ b/packages/server/assets/comments/typedefs/viewer.gql @@ -46,7 +46,7 @@ extend type Mutation { projectId: String! resourceIdString: String! message: ViewerUserActivityMessageInput! - ): Boolean! @hasServerRole(role: SERVER_USER) + ): Boolean! @hasServerRole(role: SERVER_GUEST) } extend type Subscription { diff --git a/packages/server/assets/core/typedefs/branchesAndCommits.graphql b/packages/server/assets/core/typedefs/branchesAndCommits.graphql index 435d63a65..dc0d97469 100644 --- a/packages/server/assets/core/typedefs/branchesAndCommits.graphql +++ b/packages/server/assets/core/typedefs/branchesAndCommits.graphql @@ -48,7 +48,7 @@ type Commit { Will throw an authorization error if active user isn't authorized to see it, for example, if a stream isn't public and the user doesn't have the appropriate rights. """ - stream: Stream! @hasServerRole(role: SERVER_USER) @hasScope(scope: "streams:read") + stream: Stream! @hasServerRole(role: SERVER_GUEST) @hasScope(scope: "streams:read") } type BranchCollection { @@ -65,40 +65,40 @@ type CommitCollection { extend type Mutation { branchCreate(branch: BranchCreateInput!): String! - @hasServerRole(role: SERVER_USER) + @hasServerRole(role: SERVER_GUEST) @hasScope(scope: "streams:write") branchUpdate(branch: BranchUpdateInput!): Boolean! - @hasServerRole(role: SERVER_USER) + @hasServerRole(role: SERVER_GUEST) @hasScope(scope: "streams:write") branchDelete(branch: BranchDeleteInput!): Boolean! - @hasServerRole(role: SERVER_USER) + @hasServerRole(role: SERVER_GUEST) @hasScope(scope: "streams:write") commitCreate(commit: CommitCreateInput!): String! - @hasServerRole(role: SERVER_USER) + @hasServerRole(role: SERVER_GUEST) @hasScope(scope: "streams:write") commitUpdate(commit: CommitUpdateInput!): Boolean! - @hasServerRole(role: SERVER_USER) + @hasServerRole(role: SERVER_GUEST) @hasScope(scope: "streams:write") commitReceive(input: CommitReceivedInput!): Boolean! - @hasServerRole(role: SERVER_USER) + @hasServerRole(role: SERVER_GUEST) @hasScope(scope: "streams:read") commitDelete(commit: CommitDeleteInput!): Boolean! - @hasServerRole(role: SERVER_USER) + @hasServerRole(role: SERVER_GUEST) @hasScope(scope: "streams:write") """ Move a batch of commits to a new branch """ commitsMove(input: CommitsMoveInput!): Boolean! - @hasServerRole(role: SERVER_USER) + @hasServerRole(role: SERVER_GUEST) @hasScope(scope: "streams:write") """ Delete a batch of commits """ commitsDelete(input: CommitsDeleteInput!): Boolean! - @hasServerRole(role: SERVER_USER) + @hasServerRole(role: SERVER_GUEST) @hasScope(scope: "streams:write") } @@ -108,38 +108,38 @@ extend type Subscription { Subscribe to branch created event """ branchCreated(streamId: String!): JSONObject - @hasServerRole(role: SERVER_USER) + @hasServerRole(role: SERVER_GUEST) @hasScope(scope: "streams:read") """ Subscribe to branch updated event. """ branchUpdated(streamId: String!, branchId: String): JSONObject - @hasServerRole(role: SERVER_USER) + @hasServerRole(role: SERVER_GUEST) @hasScope(scope: "streams:read") """ Subscribe to branch deleted event """ branchDeleted(streamId: String!): JSONObject - @hasServerRole(role: SERVER_USER) + @hasServerRole(role: SERVER_GUEST) @hasScope(scope: "streams:read") """ Subscribe to commit created event """ commitCreated(streamId: String!): JSONObject - @hasServerRole(role: SERVER_USER) + @hasServerRole(role: SERVER_GUEST) @hasScope(scope: "streams:read") """ Subscribe to commit updated event. """ commitUpdated(streamId: String!, commitId: String): JSONObject - @hasServerRole(role: SERVER_USER) + @hasServerRole(role: SERVER_GUEST) @hasScope(scope: "streams:read") """ Subscribe to commit deleted event """ commitDeleted(streamId: String!): JSONObject - @hasServerRole(role: SERVER_USER) + @hasServerRole(role: SERVER_GUEST) @hasScope(scope: "streams:read") } diff --git a/packages/server/assets/core/typedefs/modelsAndVersions.graphql b/packages/server/assets/core/typedefs/modelsAndVersions.graphql index 48c71471a..960bcbba9 100644 --- a/packages/server/assets/core/typedefs/modelsAndVersions.graphql +++ b/packages/server/assets/core/typedefs/modelsAndVersions.graphql @@ -164,11 +164,11 @@ type VersionMutations { extend type Mutation { modelMutations: ModelMutations! - @hasServerRole(role: SERVER_USER) + @hasServerRole(role: SERVER_GUEST) @hasScope(scope: "streams:write") versionMutations: VersionMutations! - @hasServerRole(role: SERVER_USER) + @hasServerRole(role: SERVER_GUEST) @hasScope(scope: "streams:write") } diff --git a/packages/server/assets/core/typedefs/streams.graphql b/packages/server/assets/core/typedefs/streams.graphql index c7e962d76..e48f262f0 100644 --- a/packages/server/assets/core/typedefs/streams.graphql +++ b/packages/server/assets/core/typedefs/streams.graphql @@ -10,7 +10,7 @@ extend type Query { Pass in the `query` parameter to search by name, description or ID. """ streams(query: String, limit: Int = 25, cursor: String): StreamCollection - @hasServerRole(role: SERVER_USER) + @hasServerRole(role: SERVER_GUEST) @hasScope(scope: "streams:read") """ @@ -77,7 +77,7 @@ extend type User { authenticated user, then this will only return discoverable streams. """ streams(limit: Int! = 25, cursor: String): StreamCollection! - @hasServerRole(role: SERVER_USER) + @hasServerRole(role: SERVER_GUEST) @hasScope(scope: "streams:read") """ @@ -85,7 +85,7 @@ extend type User { Note: You can't use this to retrieve another user's favorite streams. """ favoriteStreams(limit: Int! = 25, cursor: String): StreamCollection! - @hasServerRole(role: SERVER_USER) + @hasServerRole(role: SERVER_GUEST) @hasScope(scope: "streams:read") """ @@ -99,7 +99,7 @@ extend type LimitedUser { Returns all discoverable streams that the user is a collaborator on """ streams(limit: Int! = 25, cursor: String): StreamCollection! - @hasServerRole(role: SERVER_USER) + @hasServerRole(role: SERVER_GUEST) @hasScope(scope: "streams:read") """ @@ -181,12 +181,12 @@ extend type Mutation { # Favorite/unfavorite the given stream streamFavorite(streamId: String!, favorited: Boolean!): Stream - @hasServerRole(role: SERVER_USER) + @hasServerRole(role: SERVER_GUEST) """ Remove yourself from stream collaborators (not possible for the owner) """ - streamLeave(streamId: String!): Boolean! @hasServerRole(role: SERVER_USER) + streamLeave(streamId: String!): Boolean! @hasServerRole(role: SERVER_GUEST) } extend type Subscription { @@ -200,7 +200,7 @@ extend type Subscription { **NOTE**: If someone shares a stream with you, this subscription will be triggered with an extra value of `sharedBy` in the payload. """ userStreamAdded: JSONObject - @hasServerRole(role: SERVER_USER) + @hasServerRole(role: SERVER_GUEST) @hasScope(scope: "profile:read") """ @@ -208,7 +208,7 @@ extend type Subscription { **NOTE**: If someone revokes your permissions on a stream, this subscription will be triggered with an extra value of `revokedBy` in the payload. """ userStreamRemoved: JSONObject - @hasServerRole(role: SERVER_USER) + @hasServerRole(role: SERVER_GUEST) @hasScope(scope: "profile:read") # @@ -220,14 +220,14 @@ extend type Subscription { Subscribes to stream updated event. Use this in clients/components that pertain only to this stream. """ streamUpdated(streamId: String): JSONObject - @hasServerRole(role: SERVER_USER) + @hasServerRole(role: SERVER_GUEST) @hasScope(scope: "streams:read") """ Subscribes to stream deleted event. Use this in clients/components that pertain only to this stream. """ streamDeleted(streamId: String): JSONObject - @hasServerRole(role: SERVER_USER) + @hasServerRole(role: SERVER_GUEST) @hasScope(scope: "streams:read") } diff --git a/packages/server/assets/core/typedefs/user.graphql b/packages/server/assets/core/typedefs/user.graphql index 1fd08bc7f..ef6f9f2cd 100644 --- a/packages/server/assets/core/typedefs/user.graphql +++ b/packages/server/assets/core/typedefs/user.graphql @@ -8,7 +8,7 @@ extend type Query { Get the (limited) profile information of another server user """ otherUser(id: String!): LimitedUser - @hasServerRole(role: SERVER_USER) + @hasServerRole(role: SERVER_GUEST) @hasScope(scope: "users:read") """ @@ -153,7 +153,7 @@ extend type Mutation { Delete a user's account. """ userDelete(userConfirmation: UserDeleteInput!): Boolean! - @hasServerRole(role: SERVER_USER) + @hasServerRole(role: SERVER_GUEST) @hasScope(scope: "profile:delete") adminDeleteUser(userConfirmation: UserDeleteInput!): Boolean! @@ -165,7 +165,7 @@ extend type Mutation { """ Various Active User oriented mutations """ - activeUserMutations: ActiveUserMutations! @hasServerRole(role: SERVER_USER) + activeUserMutations: ActiveUserMutations! @hasServerRole(role: SERVER_GUEST) } input UserRoleInput { diff --git a/packages/server/assets/emails/typedefs/emails.graphql b/packages/server/assets/emails/typedefs/emails.graphql index 7f601d476..a0deb8516 100644 --- a/packages/server/assets/emails/typedefs/emails.graphql +++ b/packages/server/assets/emails/typedefs/emails.graphql @@ -9,5 +9,5 @@ extend type Mutation { """ (Re-)send the account verification e-mail """ - requestVerification: Boolean! @hasServerRole(role: SERVER_USER) + requestVerification: Boolean! @hasServerRole(role: SERVER_GUEST) } diff --git a/packages/server/assets/notifications/typedefs/notificationPreferences.graphql b/packages/server/assets/notifications/typedefs/notificationPreferences.graphql index a7ea36a71..0e610d991 100644 --- a/packages/server/assets/notifications/typedefs/notificationPreferences.graphql +++ b/packages/server/assets/notifications/typedefs/notificationPreferences.graphql @@ -4,5 +4,5 @@ extend type User { extend type Mutation { userNotificationPreferencesUpdate(preferences: JSONObject!): Boolean - @hasServerRole(role: SERVER_USER) + @hasServerRole(role: SERVER_GUEST) } diff --git a/packages/server/assets/serverinvites/typedefs/serverInvites.graphql b/packages/server/assets/serverinvites/typedefs/serverInvites.graphql index d58562c98..0af142010 100644 --- a/packages/server/assets/serverinvites/typedefs/serverInvites.graphql +++ b/packages/server/assets/serverinvites/typedefs/serverInvites.graphql @@ -25,13 +25,13 @@ extend type Mutation { Accept or decline a stream invite """ streamInviteUse(accept: Boolean!, streamId: String!, token: String!): Boolean! - @hasServerRole(role: SERVER_USER) + @hasServerRole(role: SERVER_GUEST) """ Cancel a pending stream invite. Can only be invoked by a stream owner. """ streamInviteCancel(streamId: String!, inviteId: String!): Boolean! - @hasServerRole(role: SERVER_USER) + @hasServerRole(role: SERVER_GUEST) @hasScope(scope: "users:invite") """ @@ -66,7 +66,7 @@ extend type Query { Get all invitations to streams that the active user has """ streamInvites: [PendingStreamCollaborator!]! - @hasServerRole(role: SERVER_USER) + @hasServerRole(role: SERVER_GUEST) @hasScope(scope: "streams:read") } diff --git a/packages/server/modules/core/graph/resolvers/objects.js b/packages/server/modules/core/graph/resolvers/objects.js index 0b9eb0e5c..bc9b28901 100644 --- a/packages/server/modules/core/graph/resolvers/objects.js +++ b/packages/server/modules/core/graph/resolvers/objects.js @@ -60,7 +60,7 @@ module.exports = { }, Mutation: { async objectCreate(parent, args, context) { - await validateServerRole(context, Roles.Server.User) + await validateServerRole(context, Roles.Server.Guest) await validateScopes(context.scopes, Scopes.Streams.Write) await authorizeResolver( context.userId, diff --git a/packages/server/modules/core/graph/resolvers/projects.ts b/packages/server/modules/core/graph/resolvers/projects.ts index 6a0b4d63a..acefd66f0 100644 --- a/packages/server/modules/core/graph/resolvers/projects.ts +++ b/packages/server/modules/core/graph/resolvers/projects.ts @@ -52,7 +52,7 @@ export = { await authorizeResolver(context.userId, args.id, Roles.Stream.Reviewer) if (!stream.isPublic) { - await validateServerRole(context, Roles.Server.User) + await validateServerRole(context, Roles.Server.Guest) validateScopes(context.scopes, Scopes.Streams.Read) } diff --git a/packages/server/modules/core/graph/resolvers/streams.js b/packages/server/modules/core/graph/resolvers/streams.js index 941ba633d..d5fd76b34 100644 --- a/packages/server/modules/core/graph/resolvers/streams.js +++ b/packages/server/modules/core/graph/resolvers/streams.js @@ -88,7 +88,7 @@ module.exports = { await authorizeResolver(context.userId, args.id, Roles.Stream.Reviewer) if (!stream.isPublic) { - await validateServerRole(context, Roles.Server.User) + await validateServerRole(context, Roles.Server.Guest) await validateScopes(context.scopes, Scopes.Streams.Read) } diff --git a/packages/server/modules/core/graph/resolvers/users.js b/packages/server/modules/core/graph/resolvers/users.js index 4df63920a..04e3e8556 100644 --- a/packages/server/modules/core/graph/resolvers/users.js +++ b/packages/server/modules/core/graph/resolvers/users.js @@ -32,7 +32,7 @@ module.exports = { if (!activeUserId) return null // Only if authenticated - check for server roles & scopes - await validateServerRole(context, Roles.Server.User) + await validateServerRole(context, Roles.Server.Guest) await validateScopes(context.scopes, Scopes.Profile.Read) return await getUser(activeUserId) @@ -46,7 +46,7 @@ module.exports = { // User wants info about himself and he's not authenticated - just return null if (!context.auth && !args.id) return null - await validateServerRole(context, Roles.Server.User) + await validateServerRole(context, Roles.Server.Guest) if (!args.id) await validateScopes(context.scopes, Scopes.Profile.Read) else await validateScopes(context.scopes, Scopes.Users.Read) @@ -63,7 +63,7 @@ module.exports = { }, async userSearch(parent, args, context) { - await validateServerRole(context, Roles.Server.User) + await validateServerRole(context, Roles.Server.Guest) await validateScopes(context.scopes, Scopes.Profile.Read) await validateScopes(context.scopes, Scopes.Users.Read) @@ -130,7 +130,7 @@ module.exports = { }, Mutation: { async userUpdate(_parent, args, context) { - await validateServerRole(context, Roles.Server.User) + await validateServerRole(context, Roles.Server.Guest) await updateUserAndNotify(context.userId, args.user) return true }, @@ -162,7 +162,7 @@ module.exports = { // The below are not really needed anymore as we've added the hasRole and hasScope // directives in the graphql schema itself. // Since I am paranoid, I'll leave them here too. - await validateServerRole(context, Roles.Server.User) + await validateServerRole(context, Roles.Server.Guest) await validateScopes(context.scopes, Scopes.Profile.Delete) await deleteUser(context.userId, args.user)