mirror of https://github.com/requarks/wiki
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
206 lines
6.2 KiB
206 lines
6.2 KiB
2 years ago
|
import { generateError, generateSuccess } from '../../helpers/graph.mjs'
|
||
|
import safeRegex from 'safe-regex'
|
||
|
import _ from 'lodash-es'
|
||
|
import { v4 as uuid } from 'uuid'
|
||
7 years ago
|
|
||
2 years ago
|
export default {
|
||
7 years ago
|
Query: {
|
||
4 years ago
|
/**
|
||
|
* FETCH ALL GROUPS
|
||
|
*/
|
||
3 years ago
|
async groups () {
|
||
2 years ago
|
return WIKI.db.groups.query().select(
|
||
7 years ago
|
'groups.*',
|
||
2 years ago
|
WIKI.db.groups.relatedQuery('users').count().as('userCount')
|
||
7 years ago
|
)
|
||
7 years ago
|
},
|
||
4 years ago
|
/**
|
||
|
* FETCH A SINGLE GROUP
|
||
|
*/
|
||
3 years ago
|
async groupById(obj, args) {
|
||
2 years ago
|
return WIKI.db.groups.query().findById(args.id)
|
||
7 years ago
|
}
|
||
|
},
|
||
3 years ago
|
Mutation: {
|
||
4 years ago
|
/**
|
||
|
* ASSIGN USER TO GROUP
|
||
|
*/
|
||
3 years ago
|
async assignUserToGroup (obj, args, { req }) {
|
||
4 years ago
|
// Check for guest user
|
||
|
if (args.userId === 2) {
|
||
3 years ago
|
throw new Error('Cannot assign the Guest user to a group.')
|
||
4 years ago
|
}
|
||
|
|
||
|
// Check for valid group
|
||
2 years ago
|
const grp = await WIKI.db.groups.query().findById(args.groupId)
|
||
7 years ago
|
if (!grp) {
|
||
3 years ago
|
throw new Error('Invalid Group ID')
|
||
7 years ago
|
}
|
||
4 years ago
|
|
||
|
// Check assigned permissions for write:groups
|
||
|
if (
|
||
|
WIKI.auth.checkExclusiveAccess(req.user, ['write:groups'], ['manage:groups', 'manage:system']) &&
|
||
|
grp.permissions.some(p => {
|
||
|
const resType = _.last(p.split(':'))
|
||
|
return ['users', 'groups', 'navigation', 'theme', 'api', 'system'].includes(resType)
|
||
|
})
|
||
|
) {
|
||
3 years ago
|
throw new Error('You are not authorized to assign a user to this elevated group.')
|
||
4 years ago
|
}
|
||
|
|
||
|
// Check for valid user
|
||
2 years ago
|
const usr = await WIKI.db.users.query().findById(args.userId)
|
||
7 years ago
|
if (!usr) {
|
||
3 years ago
|
throw new Error('Invalid User ID')
|
||
7 years ago
|
}
|
||
4 years ago
|
|
||
|
// Check for existing relation
|
||
2 years ago
|
const relExist = await WIKI.db.knex('userGroups').where({
|
||
5 years ago
|
userId: args.userId,
|
||
|
groupId: args.groupId
|
||
|
}).first()
|
||
|
if (relExist) {
|
||
3 years ago
|
throw new Error('User is already assigned to group.')
|
||
5 years ago
|
}
|
||
4 years ago
|
|
||
|
// Assign user to group
|
||
7 years ago
|
await grp.$relatedQuery('users').relate(usr.id)
|
||
4 years ago
|
|
||
4 years ago
|
// Revoke tokens for this user
|
||
4 years ago
|
WIKI.auth.revokeUserTokens({ id: usr.id, kind: 'u' })
|
||
|
WIKI.events.outbound.emit('addAuthRevoke', { id: usr.id, kind: 'u' })
|
||
|
|
||
7 years ago
|
return {
|
||
2 years ago
|
operation: generateSuccess('User has been assigned to group.')
|
||
7 years ago
|
}
|
||
7 years ago
|
},
|
||
4 years ago
|
/**
|
||
|
* CREATE NEW GROUP
|
||
|
*/
|
||
3 years ago
|
async createGroup (obj, args, { req }) {
|
||
2 years ago
|
const group = await WIKI.db.groups.query().insertAndFetch({
|
||
6 years ago
|
name: args.name,
|
||
|
permissions: JSON.stringify(WIKI.data.groups.defaultPermissions),
|
||
3 years ago
|
rules: JSON.stringify(WIKI.data.groups.defaultRules.map(r => ({
|
||
|
id: uuid(),
|
||
|
...r
|
||
|
}))),
|
||
6 years ago
|
isSystem: false
|
||
7 years ago
|
})
|
||
6 years ago
|
await WIKI.auth.reloadGroups()
|
||
5 years ago
|
WIKI.events.outbound.emit('reloadGroups')
|
||
7 years ago
|
return {
|
||
2 years ago
|
operation: generateSuccess('Group created successfully.'),
|
||
7 years ago
|
group
|
||
|
}
|
||
7 years ago
|
},
|
||
4 years ago
|
/**
|
||
|
* DELETE GROUP
|
||
|
*/
|
||
3 years ago
|
async deleteGroup (obj, args) {
|
||
4 years ago
|
if (args.id === 1 || args.id === 2) {
|
||
3 years ago
|
throw new Error('Cannot delete this group.')
|
||
4 years ago
|
}
|
||
|
|
||
2 years ago
|
await WIKI.db.groups.query().deleteById(args.id)
|
||
4 years ago
|
|
||
|
WIKI.auth.revokeUserTokens({ id: args.id, kind: 'g' })
|
||
|
WIKI.events.outbound.emit('addAuthRevoke', { id: args.id, kind: 'g' })
|
||
|
|
||
6 years ago
|
await WIKI.auth.reloadGroups()
|
||
5 years ago
|
WIKI.events.outbound.emit('reloadGroups')
|
||
4 years ago
|
|
||
7 years ago
|
return {
|
||
2 years ago
|
operation: generateSuccess('Group has been deleted.')
|
||
7 years ago
|
}
|
||
7 years ago
|
},
|
||
4 years ago
|
/**
|
||
|
* UNASSIGN USER FROM GROUP
|
||
|
*/
|
||
3 years ago
|
async unassignUserFromGroup (obj, args) {
|
||
4 years ago
|
if (args.userId === 2) {
|
||
3 years ago
|
throw new Error('Cannot unassign Guest user')
|
||
4 years ago
|
}
|
||
|
if (args.userId === 1 && args.groupId === 1) {
|
||
3 years ago
|
throw new Error('Cannot unassign Administrator user from Administrators group.')
|
||
4 years ago
|
}
|
||
2 years ago
|
const grp = await WIKI.db.groups.query().findById(args.groupId)
|
||
7 years ago
|
if (!grp) {
|
||
3 years ago
|
throw new Error('Invalid Group ID')
|
||
7 years ago
|
}
|
||
2 years ago
|
const usr = await WIKI.db.users.query().findById(args.userId)
|
||
7 years ago
|
if (!usr) {
|
||
3 years ago
|
throw new Error('Invalid User ID')
|
||
7 years ago
|
}
|
||
7 years ago
|
await grp.$relatedQuery('users').unrelate().where('userId', usr.id)
|
||
4 years ago
|
|
||
|
WIKI.auth.revokeUserTokens({ id: usr.id, kind: 'u' })
|
||
|
WIKI.events.outbound.emit('addAuthRevoke', { id: usr.id, kind: 'u' })
|
||
|
|
||
7 years ago
|
return {
|
||
2 years ago
|
operation: generateSuccess('User has been unassigned from group.')
|
||
7 years ago
|
}
|
||
7 years ago
|
},
|
||
4 years ago
|
/**
|
||
|
* UPDATE GROUP
|
||
|
*/
|
||
3 years ago
|
async updateGroup (obj, args, { req }) {
|
||
4 years ago
|
// Check for unsafe regex page rules
|
||
5 years ago
|
if (_.some(args.pageRules, pr => {
|
||
6 years ago
|
return pr.match === 'REGEX' && !safeRegex(pr.path)
|
||
6 years ago
|
})) {
|
||
3 years ago
|
throw new Error('Some Page Rules contains unsafe or exponential time regex.')
|
||
6 years ago
|
}
|
||
|
|
||
4 years ago
|
// Set default redirect on login value
|
||
4 years ago
|
if (_.isEmpty(args.redirectOnLogin)) {
|
||
|
args.redirectOnLogin = '/'
|
||
|
}
|
||
|
|
||
4 years ago
|
// Check assigned permissions for write:groups
|
||
|
if (
|
||
|
WIKI.auth.checkExclusiveAccess(req.user, ['write:groups'], ['manage:groups', 'manage:system']) &&
|
||
|
args.permissions.some(p => {
|
||
|
const resType = _.last(p.split(':'))
|
||
|
return ['users', 'groups', 'navigation', 'theme', 'api', 'system'].includes(resType)
|
||
|
})
|
||
|
) {
|
||
3 years ago
|
throw new Error('You are not authorized to manage this group or assign these permissions.')
|
||
4 years ago
|
}
|
||
|
|
||
3 years ago
|
// Check assigned permissions for manage:groups
|
||
|
if (
|
||
|
WIKI.auth.checkExclusiveAccess(req.user, ['manage:groups'], ['manage:system']) &&
|
||
|
args.permissions.some(p => _.last(p.split(':')) === 'system')
|
||
|
) {
|
||
3 years ago
|
throw new Error('You are not authorized to manage this group or assign the manage:system permissions.')
|
||
3 years ago
|
}
|
||
|
|
||
4 years ago
|
// Update group
|
||
2 years ago
|
await WIKI.db.groups.query().patch({
|
||
6 years ago
|
name: args.name,
|
||
4 years ago
|
redirectOnLogin: args.redirectOnLogin,
|
||
6 years ago
|
permissions: JSON.stringify(args.permissions),
|
||
|
pageRules: JSON.stringify(args.pageRules)
|
||
|
}).where('id', args.id)
|
||
6 years ago
|
|
||
4 years ago
|
// Revoke tokens for this group
|
||
4 years ago
|
WIKI.auth.revokeUserTokens({ id: args.id, kind: 'g' })
|
||
|
WIKI.events.outbound.emit('addAuthRevoke', { id: args.id, kind: 'g' })
|
||
|
|
||
4 years ago
|
// Reload group permissions
|
||
6 years ago
|
await WIKI.auth.reloadGroups()
|
||
5 years ago
|
WIKI.events.outbound.emit('reloadGroups')
|
||
6 years ago
|
|
||
7 years ago
|
return {
|
||
2 years ago
|
operation: generateSuccess('Group has been updated.')
|
||
7 years ago
|
}
|
||
7 years ago
|
}
|
||
7 years ago
|
},
|
||
7 years ago
|
Group: {
|
||
4 years ago
|
users (grp) {
|
||
7 years ago
|
return grp.$relatedQuery('users')
|
||
7 years ago
|
}
|
||
|
}
|
||
|
}
|