feat(permissions): accept more then one role to check for permission

nossas · Dec 4, 2020 · 00fbbbc · 00fbbbc
1 parent 3c9ca94
commit 00fbbbc
Show file tree

Hide file tree

Showing 4 changed files with 18 additions and 9 deletions.
diff --git a/packages/redes-api/src/resolvers/create_match.ts b/packages/redes-api/src/resolvers/create_match.ts
@@ -14,8 +14,14 @@ type Args = {
   input: CreateMatch
 }
 
-const create_match = async (_: void, args: Args, context: Context): Promise<any> => {
-  const { input: { recipient, volunteer, agent, community_id } } = args
+const create_match = async (
+  _: void,
+  args: Args,
+  context: Context
+): Promise<any> => {
+  const {
+    input: { recipient, volunteer, agent, community_id },
+  } = args;
   try {
     const volunteerRes = await create_volunteer_ticket(undefined, {
       input: {
@@ -63,11 +69,11 @@ const create_match = async (_: void, args: Args, context: Context): Promise<any>
       status: "encaminhamento__realizado"
     }
 
-    return await match.create(matchTicket)
-  } catch(e) {
+    return await match.create(matchTicket);
+  } catch (e) {
     logger.error(e)
     return undefined
   }
 }
 
-export default check_user(create_match, Roles.USER)
+export default check_user(create_match, [Roles.USER, Roles.ADMIN]);
diff --git a/packages/redes-api/src/resolvers/create_volunteer_ticket.ts b/packages/redes-api/src/resolvers/create_volunteer_ticket.ts
@@ -84,4 +84,4 @@ const create_volunteer_ticket = async (_: void, args: Args, _context: Context):
   }
 }
 
-export default check_user(create_volunteer_ticket, Roles.USER)
+export default check_user(create_volunteer_ticket, [Roles.USER, Roles.ADMIN]);
diff --git a/packages/redes-api/src/resolvers/update_recipient_ticket.ts b/packages/redes-api/src/resolvers/update_recipient_ticket.ts
@@ -79,4 +79,4 @@ const update_recipient_ticket = async (_: void, args: Args, _context: Context):
   }
 }
 
-export default check_user(update_recipient_ticket, Roles.USER)
+export default check_user(update_recipient_ticket, [Roles.USER, Roles.ADMIN]);
diff --git a/utils/permissions-utils/src/index.ts b/utils/permissions-utils/src/index.ts
@@ -18,7 +18,7 @@ export enum Roles {
 }
 
 // eslint-disable-next-line @typescript-eslint/explicit-module-boundary-types
-export const handle_check_user = ({ fetch, logger }: Options) => (next: any, role: Roles) => async (_: void, args: any, context: Context) => {
+export const handle_check_user = ({ fetch, logger }: Options) => (next: any, role: Roles | [Roles]) => async (_: void, args: any, context: Context) => {
   const get_permission = handle_get_permission({ fetch, logger });
   const { session }: Context = context;
 
@@ -27,7 +27,10 @@ export const handle_check_user = ({ fetch, logger }: Options) => (next: any, rol
     // Get permission on API-GraphQL (Hasura)
     const { permission, user } = await get_permission({ user_id: session.user_id, community_id });
     // Execute only when role is permitted from relationship between community users
-    if (permission?.role === role || user.is_admin) return next(_, args, context);
+    const roleInArray = typeof role === 'number' ? [role] : role
+    if (
+      roleInArray.includes(permission?.role) || user.is_admin
+    ) return next(_, args, context);
   }
   // Permission denied
   throw new Error('invalid_permission');
-Original file line number
+Diff line change
@@ Expand Up @@
       }
     }
-    export default check_user(create_volunteer_ticket, Roles.USER)
+    export default check_user(create_volunteer_ticket, [Roles.USER, Roles.ADMIN]);