Compare revisions

jgutix · jgutix · Yannis Barlas · Yannis Barlas · Yannis Barlas · c49b88d6
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,18 @@

 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.

+## [1.1.0](https://gitlab.coko.foundation/cokoapps/server/compare/v1.0.0...v1.1.0) (2020-05-20)
+
+
+### Features
+
+* **middleware:** add helpers for authorization middleware ([f17b265](https://gitlab.coko.foundation/cokoapps/server/commit/f17b2655d50764289a88e4fae5852f302e4bddc0))
+
+
+### Bug Fixes
+
+* **middleware:** ensure rules are not empty before applying shield ([557dc56](https://gitlab.coko.foundation/cokoapps/server/commit/557dc56dc2cf5d628aeca56422e8a78b61dd8c90))
+
 ## [1.0.0](https://gitlab.coko.foundation/cokoapps/server/compare/v0.1.0...v1.0.0) (2020-05-11)



--- a/README.md
+++ b/README.md
@@ -41,6 +41,7 @@ If you place this file in `server/app.js`, starting the server should work autom
 The server provides authorization checks through using `graphql-shield`.  
 You can access all of shield's exports (eg. `rule`, `and`, `or` etc.) through `@coko/server/authorization`.  
 The only exception is `shield`, which is used internally by the server.
+Besides shield's exports, two helpers, `isAdmin` and `isAuthenticated` are provided.

 To get started, declare your permissions in any file you want:

@@ -54,6 +55,9 @@ const permissions = {
    myQuery: rule()(async (parent, args, ctx, info) => {
      // my auth logic here
    }),
+    // using provided helpers
+    anotherQuery: isAdmin,
+    yetAnotherQuery: isAuthenticated,
  },
  Mutation: {
    myMutation: rule()(async (parent, args, ctx, info) => {

--- a/authorization.js
+++ b/authorization.js
@@ -9,6 +9,8 @@ const {
  not,
 } = require('graphql-shield')

+const { isAdmin, isAuthenticated } = require('./src/helpers')
+
 module.exports = {
  rule,
  inputRule,
@@ -18,4 +20,6 @@ module.exports = {
  chain,
  or,
  not,
+  isAuthenticated,
+  isAdmin,
 }
--- a/package.json
+++ b/package.json
 {
  "name": "@coko/server",
-  "version": "1.0.0",
+  "version": "1.1.0",
  "description": "A tweaked version of pubsweet-server for use by Coko's projects",
  "main": "src/index.js",
  "scripts": {

--- a/src/graphqlSchema.js
+++ b/src/graphqlSchema.js
 const config = require('config')
-
+const isEmpty = require('lodash/isEmpty')
 const { applyMiddleware } = require('graphql-middleware')
 const { shield } = require('graphql-shield')
 let schema = require('pubsweet-server/src/graphql/schema')

-if (config.has('permissions')) {
-  schema = applyMiddleware(schema, shield(config.get('permissions')))
+const permissions = config.has('permissions') && config.get('permissions')
+
+if (permissions && !isEmpty(permissions)) {
+  schema = applyMiddleware(schema, shield(permissions))
 }

 module.exports = schema
--- a/src/helpers.js
+++ b/src/helpers.js
+const { rule } = require('graphql-shield')
+
+const isAuthenticated = rule()(async (parent, args, ctx, info) => {
+  return !!ctx.user
+})
+
+const isAdmin = rule()(
+  async (parent, args, { user: userId, connectors: { User } }, info) => {
+    if (!userId) {
+      return false
+    }
+
+    const user = await User.model.findById(userId)
+    return user.admin
+  },
+)
+
+module.exports = {
+  isAuthenticated,
+  isAdmin,
+}
No results found