src/resolvers/*: check Permissions for each resolver

4 years ago · 626f0dc563
parent d473d745b0
commit 626f0dc563
9 changed files with 214 additions and 227 deletions
--- a/src/datasources/db/contactinformationAPI.ts
+++ b/src/datasources/db/contactinformationAPI.ts
@ -10,9 +10,6 @@ export class ContactInformationAPI extends DataSource {
        this.connection = getConnection();
    }

-    async contactPersonById (id: number) {
-    }
-
    async numContactInformationById (id: number) {
        return await this.connection.getRepository(ContactInformation)
            .createQueryBuilder('contactInformation')
@ -93,79 +90,4 @@ export class ContactInformationAPI extends DataSource {
            .getMany();
        return res;
    }
-
-    async contactInformationByContactPersonId (id: number) {
-        /* return (await this.connection.getRepository(ContactPerson)
-            .createQueryBuilder('contactPerson')
-            .leftJoinAndSelect('contactPerson.contactInformation', 'contactInformation')
-            .where('"contactPerson".id = :id', { id: id })
-            .getOne())?.contactInformation || new GraphQLError('ContactPerson has no ContactInformtion');
-         */
-    }
-
-    async createContactPerson (contactPerson: any) {
-        /*
-        if (await this.contactInformationById(contactPerson.contactInformationId)) {
-            let inserts: any;
-            try {
-                await this.connection.transaction(async entiyManager => {
-                    inserts = await entiyManager.createQueryBuilder(ContactPerson, 'contactPerson')
-                        .insert()
-                        .values([contactPerson])
-                        .returning('*')
-                        .execute();
-                    await entiyManager.createQueryBuilder()
-                        .relation(ContactPerson, 'contactInformation')
-                        .of(inserts.identifiers[0].id)
-                        .set(contactPerson.contactInformationId);
-                });
-            } catch (e: any) {
-                return new GraphQLError('Transaction could not be completed');
-            }
-            return this.contactPersonById(inserts.identifiers[0].id);
-        } else {
-            return null;
-        }
-         */
-    }
-
-    async updateContactPerson (contactPerson: any) {
-        /*
-        if (await this.contactPersonById(contactPerson.id)) {
-            const contactInformationId = contactPerson.contactInformationId;
-            delete contactPerson.contactInformationId;
-            if (contactInformationId) {
-                if (await this.contactInformationById(contactInformationId)) {
-                    await this.connection.getRepository(ContactPerson)
-                        .createQueryBuilder('contactPerson')
-                        .update(ContactPerson)
-                        .set({ ...contactPerson })
-                        .where('id = :id', { id: contactPerson.id })
-                        .execute();
-                    await this.connection.getRepository(ContactPerson)
-                        .createQueryBuilder('contactPerson')
-                        .relation(ContactPerson, 'contactInformation')
-                        .of(contactPerson.id)
-                        .set(contactInformationId);
-                } else {
-                    // supplied contactinformationId not found
-                    return null;
-                }
-                return this.contactPersonById(contactPerson.id);
-            } else {
-                await this.connection.getRepository(ContactPerson)
-                    .createQueryBuilder('contactPerson')
-                    .update(ContactPerson)
-                    .set({ ...contactPerson })
-                    .where('id = :id', { id: contactPerson.id })
-                    .execute();
-                return this.contactPersonById(contactPerson.id);
-            }
-        } else {
-            // updated bike not found
-            return null;
-        }
-
-         */
-    }
 }
--- a/src/datasources/db/lendingstationAPI.ts
+++ b/src/datasources/db/lendingstationAPI.ts
@ -14,7 +14,7 @@ export class LendingStationAPI extends DataSource {
        this.connection = getConnection();
    }

-    async getLendingStationById ({ id }: { id: any }) {
+    async lendingStationById ({ id }: { id: any }) {
        return await this.connection.manager
            .createQueryBuilder()
            .select('lendingStation')
@ -166,7 +166,7 @@ export class LendingStationAPI extends DataSource {
                .set({ ...lendingStation })
                .where('id = :id', { id: lendingStation.id })
                .execute();
-            return this.getLendingStationById({ id: lendingStation.id });
+            return this.lendingStationById({ id: lendingStation.id });
        } else {
            return new GraphQLError('ID not in database');
        }
--- a/src/resolvers/cargobikeResolver.ts
+++ b/src/resolvers/cargobikeResolver.ts
@ -15,115 +15,164 @@ export default {
            if (req.permissions.includes(Permission.ReadBike)) {
                return dataSources.cargoBikeAPI.getCargoBikes(offset, limit);
            } else {
-                return new GraphQLError('Insufficiant Permissions');
+                return new GraphQLError('Insufficient Permissions');
            }
        },
        bikeEvents: (_:any, { offset, limit }: { offset: number, limit: number }, { dataSources, req }: { dataSources: any, req: any }) => {
-            if (req.permissions.includes(Permission.ReadBike)) {
+            if (req.permissions.includes(Permission.ReadBikeEvent)) {
                return dataSources.cargoBikeAPI.bikeEvents(offset, limit);
            } else {
-                return new GraphQLError('Insufficiant Permissions');
+                return new GraphQLError('Insufficient Permissions');
            }
        },
        bikeEventById: (_:any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => {
-            if (req.permissions.includes(Permission.ReadBike)) {
+            if (req.permissions.includes(Permission.ReadBikeEvent)) {
                return dataSources.cargoBikeAPI.findBikeEventById(id);
            } else {
-                return new GraphQLError('Insufficiant Permissions');
+                return new GraphQLError('Insufficient Permissions');
            }
        },
        bikeEventTypeByd: (_:any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => {
-            if (req.permissions.includes(Permission.ReadBike)) {
+            if (req.permissions.includes(Permission.ReadBikeEvent)) {
                return dataSources.cargoBikeAPI.findBikeEventTypeById(id);
            } else {
-                return new GraphQLError('Insufficiant Permissions');
+                return new GraphQLError('Insufficient Permissions');
+            }
+        },
+        bikeEventTypes: (_:any, { offset, limit }: { offset: number, limit: number }, { dataSources, req }: { dataSources: any, req: any }) => {
+            if (req.permissions.includes(Permission.ReadBikeEvent)) {
+                return dataSources.cargoBikeAPI.bikeEventTypes(offset, limit);
+            } else {
+                return new GraphQLError('Insufficient Permissions');
            }
        },
        equipment: (_:any, { offset, limit }: { offset: number, limit: number }, { dataSources, req }: { dataSources: any, req: any }) => {
-            if (req.permissions.includes(Permission.ReadBike)) {
+            if (req.permissions.includes(Permission.ReadEquipment)) {
                return dataSources.cargoBikeAPI.getEquipment(offset, limit);
            } else {
-                return new GraphQLError('Insufficiant Permissions');
+                return new GraphQLError('Insufficient Permissions');
            }
        },
        equipmentById: (_:any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => {
-            if (req.permissions.includes(Permission.ReadBike)) {
+            if (req.permissions.includes(Permission.ReadEquipment)) {
                return dataSources.cargoBikeAPI.equipmentById(id);
            } else {
-                return new GraphQLError('Insufficiant Permissions');
+                return new GraphQLError('Insufficient Permissions');
            }
        },
        equipmentTypes: (_:any, { offset, limit }: { offset: number, limit: number }, { dataSources, req }: { dataSources: any, req: any }) => {
-            if (req.permissions.includes(Permission.ReadBike)) {
+            if (req.permissions.includes(Permission.ReadEquipment)) {
                return dataSources.cargoBikeAPI.equipmentTypes(offset, limit);
            } else {
-                return new GraphQLError('Insufficiant Permissions');
+                return new GraphQLError('Insufficient Permissions');
            }
        },
        equipmentTypeById: (_:any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => {
-            if (req.permissions.includes(Permission.ReadBike)) {
+            if (req.permissions.includes(Permission.ReadEquipment)) {
                return dataSources.cargoBikeAPI.equipmentTypeById(id);
            } else {
-                return new GraphQLError('Insufficiant Permissions');
-            }
-        },
-        bikeEventTypes: (_:any, { offset, limit }: { offset: number, limit: number }, { dataSources, req }: { dataSources: any, req: any }) => {
-            if (req.permissions.includes(Permission.ReadBike)) {
-                return dataSources.cargoBikeAPI.bikeEventTypes(offset, limit);
-            } else {
-                return new GraphQLError('Insufficiant Permissions');
+                return new GraphQLError('Insufficient Permissions');
            }
        }
    },
    CargoBike: {
        engagement (parent: any, { offset, limit }: { offset: number, limit: number }, { dataSources, req }: { dataSources: any, req: any }) {
+            if (req.permissions.includes(Permission.ReadEngagement)) {
                return dataSources.participantAPI.engagementByCargoBikeId(offset, limit, parent.id);
+            } else {
+                return new GraphQLError('Insufficient Permissions');
+            }
        },
-        coordinator (parent: any, { offset, limit }: { offset: number, limit: number }, { dataSources, req }: { dataSources: any, req: any }) {
-            dataSources.participantAPI.participantByCargoBikeId(parent.id);
+        coordinator (parent: any, { offset, limit }: { offset: number, limit: number }, { dataSources, req }: { dataSources: any, req: any }) { // TODO should be done with engagements
+            if (req.permissions.includes(Permission.ReadParticipant)) {
+                return dataSources.participantAPI.participantByCargoBikeId(parent.id);
+            } else {
+                return new GraphQLError('Insufficient Permissions');
+            }
        },
        equipment (parent: any, { offset, limit }: { offset: number, limit: number }, { dataSources, req }: { dataSources: any, req: any }) {
+            if (req.permissions.includes(Permission.ReadEquipment)) {
                return dataSources.cargoBikeAPI.equipmentByCargoBikeId(offset, limit, parent.id);
+            } else {
+                return new GraphQLError('Insufficient Permissions');
+            }
        },
        lendingStation (parent: any, __: any, { dataSources, req }: { dataSources: any, req: any }) {
+            if (req.permissions.includes(Permission.ReadLendingStation)) {
                return dataSources.lendingStationAPI.lendingStationByCargoBikeId(parent.id);
+            } else {
+                return new GraphQLError('Insufficient Permissions');
+            }
        },
        bikeEvents (parent: any, { offset, limit }: { offset: number, limit: number }, { dataSources, req }: { dataSources: any, req: any }) {
+            if (req.permissions.includes(Permission.ReadBikeEvent)) {
                return dataSources.cargoBikeAPI.bikeEventsByCargoBikeId(parent.id, offset, limit);
+            } else {
+                return new GraphQLError('Insufficient Permissions');
+            }
        },
        isLocked: (parent: any, __: any, { dataSources, req }: { dataSources: any; req: any }) => isLocked(parent, { dataSources, req }),
-        lockedBy (): any {
-            return null;
-        },
        timeFrames (parent: any, __: any, { dataSources, req }: { dataSources: any, req: any }) {
+            if (req.permissions.includes(Permission.ReadTimeFrame)) {
                return dataSources.lendingStationAPI.timeFramesByCargoBikeId(parent.id);
+            } else {
+                return new GraphQLError('Insufficient Permissions');
+            }
        },
        equipmentType (parent: any, __: any, { dataSources, req }: { dataSources: any, req: any }) {
+            if (req.permissions.includes(Permission.ReadEquipment)) {
                return dataSources.cargoBikeAPI.equipmentTypeByCargoBikeId(parent.id);
+            } else {
+                return new GraphQLError('Insufficient Permissions');
+            }
        },
        provider (parent: any, __: any, { dataSources, req }: { dataSources: any, req: any }) {
+            if (req.permissions.includes(Permission.ReadProvider)) {
                return dataSources.providerAPI.providerByCargoBikeId(parent.id);
+            } else {
+                return new GraphQLError('Insufficient Permissions');
+            }
        }

    },
    Equipment: {
        cargoBike (parent: any, __: any, { dataSources, req }: { dataSources: any, req: any }) {
+            if (req.permissions.includes(Permission.ReadBike)) {
                return dataSources.cargoBikeAPI.cargoBikeByEquipmentId(parent.id);
+            } else {
+                return new GraphQLError('Insufficient Permissions');
+            }
        },
        isLocked: (parent: any, __: any, { dataSources, req }: { dataSources: any; req: any }) => isLocked(parent, { dataSources, req })
    },
    BikeEvent: {
        cargoBike (parent: any, __: any, { dataSources, req }: { dataSources: any, req: any }) {
+            if (req.permissions.includes(Permission.ReadBike)) {
                return dataSources.cargoBikeAPI.cargoBikeByEventId(parent.id);
+            } else {
+                return new GraphQLError('Insufficient Permissions');
+            }
        },
        bikeEventType (parent: any, __: any, { dataSources, req }: { dataSources: any, req: any }) {
+            if (req.permissions.includes(Permission.ReadBikeEvent)) {
                return dataSources.cargoBikeAPI.bikeEventTypeByBikeEventId(parent.id);
+            } else {
+                return new GraphQLError('Insufficient Permissions');
+            }
        },
        responsible (parent: any, __: any, { dataSources, req }: { dataSources: any, req: any }) {
+            if (req.permissions.includes(Permission.ReadParticipant)) {
                return dataSources.cargoBikeAPI.responsibleByBikeEventId(parent.id);
+            } else {
+                return new GraphQLError('Insufficient Permissions');
+            }
        },
        related (parent: any, __: any, { dataSources, req }: { dataSources: any, req: any }) {
+            if (req.permissions.includes(Permission.ReadParticipant)) {
                return dataSources.cargoBikeAPI.relatedByBikeEventId(parent.id);
+            } else {
+                return new GraphQLError('Insufficient Permissions');
+            }
        },
        isLocked: (parent: any, __: any, { dataSources, req }: { dataSources: any; req: any }) => isLocked(parent, { dataSources, req })
    },
@ -160,49 +209,49 @@ export default {
            }
        },
        createBikeEvent: (_: any, { bikeEvent }: { bikeEvent: any }, { dataSources, req }: { dataSources: any, req: any }) => {
-            if (req.permissions.includes(Permission.WriteBike)) {
+            if (req.permissions.includes(Permission.WriteBikeEvent)) {
                return dataSources.cargoBikeAPI.createBikeEvent({ bikeEvent });
            } else {
                return new GraphQLError('Insufficient Permissions');
            }
        },
        lockBikeEventById: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => {
-            if (req.permissions.includes(Permission.WriteBike)) {
+            if (req.permissions.includes(Permission.WriteBikeEvent)) {
                return dataSources.cargoBikeAPI.lockBikeEvent(id, req.userId);
            } else {
                return new GraphQLError('Insufficient Permissions');
            }
        },
        unlockBikeEventById: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => {
-            if (req.permissions.includes(Permission.WriteBike)) {
+            if (req.permissions.includes(Permission.WriteBikeEvent)) {
                return dataSources.cargoBikeAPI.unlockBikeEvent(id, req.userId);
            } else {
                return new GraphQLError('Insufficient Permissions');
            }
        },
        createEquipment: (_: any, { equipment }: { equipment: any }, { dataSources, req }: { dataSources: any, req: any }) => {
-            if (req.permissions.includes(Permission.WriteBike)) {
+            if (req.permissions.includes(Permission.WriteEquipment)) {
                return dataSources.cargoBikeAPI.createEquipment({ equipment });
            } else {
                return new GraphQLError('Insufficient Permissions');
            }
        },
        lockEquipmentById: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => {
-            if (req.permissions.includes(Permission.WriteBike)) {
+            if (req.permissions.includes(Permission.WriteEquipment)) {
                return dataSources.cargoBikeAPI.lockEquipment(id, req.userId);
            } else {
                return new GraphQLError('Insufficient Permissions');
            }
        },
        unlockEquipmentById: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => {
-            if (req.permissions.includes(Permission.WriteBike)) {
+            if (req.permissions.includes(Permission.WriteEquipment)) {
                return dataSources.cargoBikeAPI.unlockEquipment(id, req.userId);
            } else {
                return new GraphQLError('Insufficient Permissions');
            }
        },
        updateEquipment: (_: any, { equipment }: { equipment: any }, { dataSources, req }: { dataSources: any, req: any }) => {
-            if (req.permissions.includes(Permission.WriteBike)) {
+            if (req.permissions.includes(Permission.WriteEquipment)) {
                return dataSources.cargoBikeAPI.updateEquipment(equipment, req.userId);
            } else {
                return new GraphQLError('Insufficient Permissions');
--- a/src/resolvers/contactinformationResolvers.ts
+++ b/src/resolvers/contactinformationResolvers.ts
@ -34,16 +34,6 @@ export default {
            }
        }
    },
-    ContactPerson: {
-        contactInformation: (parent: any, __: any, { dataSources, req }: { dataSources: any, req: any }) => {
-            if (req.permissions.includes(Permission.ReadBike)) {
-                return dataSources.contactInformationAPI.contactInformationByContactPersonId(parent.id);
-            } else {
-                return new GraphQLError('Insufficient Permissions');
-            }
-        },
-        isLocked: (parent: any, __: any, { dataSources, req }: { dataSources: any; req: any }) => isLocked(parent, { dataSources, req })
-    },
    Person: {
        contactInformation: (parent: Person, __: any, { dataSources, req }: { dataSources: any, req: any }) => {
            if (req.permissions.includes(Permission.ReadPerson)) {
@ -65,22 +55,8 @@ export default {
        isLocked: (parent: any, __: any, { dataSources, req }: { dataSources: any; req: any }) => isLocked(parent, { dataSources, req })
    },
    Mutation: {
-        createContactPerson: (_: any, { contactPerson }: { contactPerson: any }, { dataSources, req }: { dataSources: any, req: any }) => {
-            if (req.permissions.includes(Permission.WriteBike)) {
-                return dataSources.contactInformationAPI.createContactPerson(contactPerson);
-            } else {
-                return new GraphQLError('Insufficient Permissions');
-            }
-        },
-        updateContactPerson: (_: any, { contactPerson }: { contactPerson: any }, { dataSources, req }: { dataSources: any, req: any }) => {
-            if (req.permissions.includes(Permission.WriteBike)) {
-                return dataSources.contactInformationAPI.updateContactPerson(contactPerson);
-            } else {
-                return new GraphQLError('Insufficient Permissions');
-            }
-        },
        createContactInformation: (_: any, { contactInformation }: { contactInformation: any }, { dataSources, req }: { dataSources: any, req: any }) => {
-            if (req.permissions.includes(Permission.WriteBike)) {
+            if (req.permissions.includes(Permission.WritePerson)) {
                return dataSources.contactInformationAPI.createContactInformation(contactInformation);
            } else {
                return new GraphQLError('Insufficient Permissions');
--- a/src/resolvers/lendingstationResolvers.ts
+++ b/src/resolvers/lendingstationResolvers.ts
@ -6,28 +6,28 @@ import { isLocked } from '../datasources/db/utils';
 export default {
    Query: {
        lendingStationById: (_: any, { id }: { id: any }, { dataSources, req }: { dataSources: any, req: any }) => {
-            if (req.permissions.includes(Permission.ReadBike)) {
-                return dataSources.lendingStationAPI.getLendingStationById({ id });
+            if (req.permissions.includes(Permission.ReadLendingStation)) {
+                return dataSources.lendingStationAPI.lendingStationById({ id });
            } else {
                return new GraphQLError('Insufficient Permissions');
            }
        },
        lendingStations: (_: any, { offset, limit }: { offset: number, limit: number }, { dataSources, req }: { dataSources: any, req: any }) => {
-            if (req.permissions.includes(Permission.ReadBike)) {
+            if (req.permissions.includes(Permission.ReadLendingStation)) {
                return dataSources.lendingStationAPI.lendingStations(offset, limit);
            } else {
                return new GraphQLError('Insufficient Permissions');
            }
        },
        timeFrameById: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => {
-            if (req.permissions.includes(Permission.ReadBike)) {
+            if (req.permissions.includes(Permission.ReadTimeFrame)) {
                return dataSources.lendingStationAPI.timeFrameById(id);
            } else {
                return new GraphQLError('Insufficient Permissions');
            }
        },
        timeframes: (_: any, { offset, limit }: { offset: number, limit: number }, { dataSources, req }: { dataSources: any, req: any }) => {
-            if (req.permissions.includes(Permission.ReadBike)) {
+            if (req.permissions.includes(Permission.ReadTimeFrame)) {
                return dataSources.lendingStationAPI.timeFrames(offset, limit);
            } else {
                return new GraphQLError('Insufficient Permissions');
@ -36,13 +36,25 @@ export default {
    },
    LendingStation: {
        timeFrames (parent: any, __: any, { dataSources, req }: { dataSources: any, req: any }) {
+            if (req.permissions.includes(Permission.ReadTimeFrame)) {
                return dataSources.lendingStationAPI.timeFramesByLendingStationId(parent.id);
+            } else {
+                return new GraphQLError('Insufficient Permissions');
+            }
        },
        numCargoBikes (parent: any, __: any, { dataSources, req }: { dataSources: any, req: any }) {
+            if (req.permissions.includes(Permission.ReadBike)) {
                return dataSources.lendingStationAPI.numCargoBikesByLendingStationId(parent.id);
+            } else {
+                return new GraphQLError('Insufficient Permissions');
+            }
        },
        cargoBikes (parent: any, __: any, { dataSources, req }: { dataSources: any, req: any }) {
+            if (req.permissions.includes(Permission.ReadBike)) {
                return dataSources.lendingStationAPI.cargoBikesByLendingStationId(parent.id);
+            } else {
+                return new GraphQLError('Insufficient Permissions');
+            }
        },
        isLocked: (parent: any, __: any, { dataSources, req }: { dataSources: any; req: any }) => isLocked(parent, { dataSources, req })
    },
@ -60,47 +72,59 @@ export default {
            return (str.length > 0) ? str : null;
        },
        cargoBike (parent: any, __: any, { dataSources, req }: { dataSources: any, req: any }) {
+            if (req.permissions.includes(Permission.ReadBike)) {
                return dataSources.cargoBikeAPI.cargoBikeByTimeFrameId(parent.id);
+            } else {
+                return new GraphQLError('Insufficient Permissions');
+            }
        },
        lendingStation (parent: any, __: any, { dataSources, req }: { dataSources: any, req: any }) {
+            if (req.permissions.includes(Permission.ReadLendingStation)) {
                return dataSources.lendingStationAPI.lendingStationByTimeFrameId(parent.id);
+            } else {
+                return new GraphQLError('Insufficient Permissions');
+            }
        },
        isLocked: (parent: any, __: any, { dataSources, req }: { dataSources: any; req: any }) => isLocked(parent, { dataSources, req })
    },
    Mutation: {
        createLendingStation: (_: any, { lendingStation }:{ lendingStation: LendingStation }, { dataSources, req }:{dataSources: any, req: any }) => {
-            if (req.permissions.includes(Permission.WriteBike)) {
+            if (req.permissions.includes(Permission.WriteLendingStation)) {
                return dataSources.lendingStationAPI.createLendingStation(lendingStation);
            } else {
                return new GraphQLError('Insufficient Permissions');
            }
        },
        lockLendingStationById: (_: any, { id }:{ id: number }, { dataSources, req }:{dataSources: any, req: any }) => {
-            if (req.permissions.includes(Permission.WriteBike)) {
+            if (req.permissions.includes(Permission.WriteLendingStation)) {
                return dataSources.lendingStationAPI.lockLendingStationById(id, req.userId);
            } else {
                return new GraphQLError('Insufficient Permissions');
            }
        },
        unlockLendingStationById: (_: any, { id }:{ id: number }, { dataSources, req }:{dataSources: any, req: any }) => {
+            if (req.permissions.includes(Permission.WriteLendingStation)) {
                return dataSources.lendingStationAPI.unlockLendingStationById(id, req.userId);
+            } else {
+                return new GraphQLError('Insufficient Permissions');
+            }
        },
        updateLendingStation: (_: any, { lendingStation }:{ lendingStation: LendingStation }, { dataSources, req }:{dataSources: any, req: any }) => {
-            if (req.permissions.includes(Permission.WriteBike)) {
+            if (req.permissions.includes(Permission.WriteLendingStation)) {
                return dataSources.lendingStationAPI.updateLendingStation({ lendingStation });
            } else {
                return new GraphQLError('Insufficient Permissions');
            }
        },
        createTimeFrame: (_: any, { timeFrame }:{ timeFrame: LendingStation }, { dataSources, req }:{dataSources: any, req: any }) => {
-            if (req.permissions.includes(Permission.WriteBike)) {
+            if (req.permissions.includes(Permission.WriteTimeFrame)) {
                return dataSources.lendingStationAPI.createTimeFrame(timeFrame);
            } else {
                return new GraphQLError('Insufficient Permissions');
            }
        },
        lockTimeFrame: (_: any, { id }:{ id: number }, { dataSources, req }:{dataSources: any, req: any }) => {
-            if (req.permissions.includes(Permission.WriteBike)) {
+            if (req.permissions.includes(Permission.WriteTimeFrame)) {
                return dataSources.lendingStationAPI.lockTimeFrame(id, req.userId);
            } else {
                return new GraphQLError('Insufficient Permissions');
--- a/src/resolvers/participantResolvers.ts
+++ b/src/resolvers/participantResolvers.ts
@ -1,47 +1,46 @@
 import { GraphQLError } from 'graphql';
 import { Permission } from '../datasources/userserver/permission';
-import { EngagementType } from '../model/EngagementType';
 import { isLocked } from '../datasources/db/utils';

 export default {
    Query: {
        participantById: (_: any, { id }: { id: any }, { dataSources, req }: { dataSources: any, req: any }) => {
-            if (req.permissions.includes(Permission.ReadBike)) {
+            if (req.permissions.includes(Permission.ReadParticipant)) {
                return dataSources.participantAPI.getParticipantById(id);
            } else {
                return new GraphQLError('Insufficient Permissions');
            }
        },
        participants: (_: any, { offset, limit }: { offset: number, limit: number }, { dataSources, req }: { dataSources: any, req: any }) => {
-            if (req.permissions.includes(Permission.ReadBike)) {
+            if (req.permissions.includes(Permission.ReadParticipant)) {
                return dataSources.participantAPI.getParticipants(offset, limit);
            } else {
                return new GraphQLError('Insufficient Permissions');
            }
        },
        engagementById: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => {
-            if (req.permissions.includes(Permission.ReadBike)) {
+            if (req.permissions.includes(Permission.ReadEngagement)) {
                return dataSources.participantAPI.engagementById(id);
            } else {
                return new GraphQLError('Insufficient Permissions');
            }
        },
        engagements: (_: any, { offset, limit }: { offset: number, limit: number }, { dataSources, req }: { dataSources: any, req: any }) => {
-            if (req.permissions.includes(Permission.ReadBike)) {
+            if (req.permissions.includes(Permission.ReadEngagement)) {
                return dataSources.participantAPI.engagements(offset, limit);
            } else {
                return new GraphQLError('Insufficient Permissions');
            }
        },
        engagementTypeById: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => {
-            if (req.permissions.includes(Permission.ReadBike)) {
+            if (req.permissions.includes(Permission.ReadEngagement)) {
                return dataSources.participantAPI.engagementTypeById(id);
            } else {
                return new GraphQLError('Insufficient Permissions');
            }
        },
        engagementTypes: (_: any, { offset, limit }: { offset: number, limit: number }, { dataSources, req }: { dataSources: any, req: any }) => {
-            if (req.permissions.includes(Permission.ReadBike)) {
+            if (req.permissions.includes(Permission.ReadEngagement)) {
                return dataSources.participantAPI.engagementTypes(offset, limit);
            } else {
                return new GraphQLError('Insufficient Permissions');
@ -50,22 +49,42 @@ export default {
    },
    Participant: {
        engagement (parent: any, _: any, { dataSources, req }: { dataSources: any, req: any }) {
+            if (req.permissions.includes(Permission.ReadEngagement)) {
                return dataSources.participantAPI.engagementByParticipantId(parent.id);
+            } else {
+                return new GraphQLError('Insufficient Permissions');
+            }
        },
        contactInformation (parent: any, _: any, { dataSources, req }: { dataSources: any, req: any }) {
+            if (req.permissions.includes(Permission.ReadPerson)) {
                return (dataSources.participantAPI.contactInformationByParticipantId(parent.id));
+            } else {
+                return new GraphQLError('Insufficient Permissions');
+            }
        },
        isLocked: (parent: any, __: any, { dataSources, req }: { dataSources: any; req: any }) => isLocked(parent, { dataSources, req })
    },
    Engagement: {
        cargoBike (parent: any, _: any, { dataSources, req }: { dataSources: any, req: any }) {
+            if (req.permissions.includes(Permission.ReadBike)) {
                return dataSources.cargoBikeAPI.findCargoBikeByEngagementId(parent.id);
+            } else {
+                return new GraphQLError('Insufficient Permissions');
+            }
        },
        participant (parent: any, _: any, { dataSources, req }: { dataSources: any, req: any }) {
+            if (req.permissions.includes(Permission.ReadParticipant)) {
                return dataSources.participantAPI.participantByEngagementId(parent.id);
+            } else {
+                return new GraphQLError('Insufficient Permissions');
+            }
        },
-        engagementType (parent: any, _: any, { dataSources, req }: { dataSources: any; req: any }): Promise<EngagementType> {
+        engagementType (parent: any, _: any, { dataSources, req }: { dataSources: any; req: any }) {
+            if (req.permissions.includes(Permission.ReadEngagement)) {
                return dataSources.participantAPI.engagementTypeByEngagementId(parent.id);
+            } else {
+                return new GraphQLError('Insufficient Permissions');
+            }
        },
        from (parent: any, __: any, { dataSources, req }: { dataSources: any, req: any }) {
            return (parent.dateRange as string).split(',')[0].replace('[', '');
@ -78,21 +97,21 @@ export default {
    },
    Mutation: {
        createParticipant: (_: any, { participant }: { participant: any }, { dataSources, req }: { dataSources: any, req: any }) => {
-            if (req.permissions.includes(Permission.WriteBike)) {
+            if (req.permissions.includes(Permission.WriteParticipant)) {
                return dataSources.participantAPI.createParticipant(participant);
            } else {
                return new GraphQLError('Insufficient Permissions');
            }
        },
        createEngagement: (_: any, { engagement }: { engagement: any }, { dataSources, req }: { dataSources: any, req: any }) => {
-            if (req.permissions.includes(Permission.WriteBike)) {
+            if (req.permissions.includes(Permission.WriteEngagement)) {
                return dataSources.participantAPI.createEngagement(engagement);
            } else {
                return new GraphQLError('Insufficient Permissions');
            }
        },
        createEngagementType: (_: any, { engagementType }: { engagementType: any }, { dataSources, req }: { dataSources: any, req: any }) => {
-            if (req.permissions.includes(Permission.WriteBike)) {
+            if (req.permissions.includes(Permission.WriteEngagementType)) {
                return dataSources.participantAPI.createEngagementType(engagementType);
            } else {
                return new GraphQLError('Insufficient Permissions');
--- a/src/resolvers/providerResolvers.ts
+++ b/src/resolvers/providerResolvers.ts
@ -5,28 +5,28 @@ import { isLocked } from '../datasources/db/utils';
 export default {
    Query: {
        providers: (_: any, { offset, limit }: { offset: number, limit: number }, { dataSources, req }: { dataSources: any, req: any }) => {
-            if (req.permissions.includes(Permission.ReadBike)) {
+            if (req.permissions.includes(Permission.ReadProvider)) {
                return dataSources.providerAPI.provider(offset, limit);
            } else {
                return new GraphQLError('Insufficient Permissions');
            }
        },
        providerById: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => {
-            if (req.permissions.includes(Permission.ReadBike)) {
+            if (req.permissions.includes(Permission.ReadProvider)) {
                return dataSources.providerAPI.providerById(id);
            } else {
                return new GraphQLError('Insufficient Permissions');
            }
        },
        organisations: (_: any, { offset, limit }: { offset: number, limit: number }, { dataSources, req }: { dataSources: any, req: any }) => {
-            if (req.permissions.includes(Permission.ReadBike)) {
+            if (req.permissions.includes(Permission.ReadOrganisation)) {
                return dataSources.providerAPI.organisations(offset, limit);
            } else {
                return new GraphQLError('Insufficient Permissions');
            }
        },
        organisationById: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => {
-            if (req.permissions.includes(Permission.ReadBike)) {
+            if (req.permissions.includes(Permission.ReadOrganisation)) {
                return dataSources.providerAPI.organisationById(id);
            } else {
                return new GraphQLError('Insufficient Permissions');
@ -42,32 +42,48 @@ export default {
            }
        },
        organisation: (parent: any, __: any, { dataSources, req }: { dataSources: any, req: any }) => {
+            if (req.permissions.includes(Permission.ReadOrganisation)) {
                return dataSources.providerAPI.organisationByProviderId(parent.id);
+            } else {
+                return new GraphQLError('Insufficient Permissions');
+            }
        },
        privatePerson: (parent: any, __: any, { dataSources, req }: { dataSources: any, req: any }) => {
+            if (req.permissions.includes(Permission.ReadPerson)) {
                return dataSources.providerAPI.privatePersonByProviderId(parent.id);
+            } else {
+                return new GraphQLError('Insufficient Permissions');
+            }
        },
        isLocked: (parent: any, __: any, { dataSources, req }: { dataSources: any; req: any }) => isLocked(parent, { dataSources, req })
    },
    Organisation: {
        provider: (parent: any, __: any, { dataSources, req }: { dataSources: any, req: any }) => {
+            if (req.permissions.includes(Permission.ReadProvider)) {
                return dataSources.providerAPI.providerByOrganisationId(parent.id);
+            } else {
+                return new GraphQLError('Insufficient Permissions');
+            }
        },
        contactInformation: (parent: any, __: any, { dataSources, req }: { dataSources: any, req: any }) => {
+            if (req.permissions.includes(Permission.ReadPerson)) {
                return dataSources.providerAPI.contactInformationByOrganisationId(parent.id);
+            } else {
+                return new GraphQLError('Insufficient Permissions');
+            }
        },
        isLocked: (parent: any, __: any, { dataSources, req }: { dataSources: any; req: any }) => isLocked(parent, { dataSources, req })
    },
    Mutation: {
        createProvider: (_: any, { provider }: { provider: number }, { dataSources, req }: { dataSources: any, req: any }) => {
-            if (req.permissions.includes(Permission.WriteBike)) {
+            if (req.permissions.includes(Permission.WriteProvider)) {
                return dataSources.providerAPI.createProvider(provider);
            } else {
                return new GraphQLError('Insufficient Permissions');
            }
        },
        createOrganisation: (_: any, { organisation }: { organisation: any }, { dataSources, req }: { dataSources: any, req: any }) => {
-            if (req.permissions.includes(Permission.WriteProvider)) {
+            if (req.permissions.includes(Permission.WriteOrganisation)) {
                return dataSources.providerAPI.createOrganisation(organisation);
            } else {
                return new GraphQLError('Insufficient Permissions');
--- a/src/resolvers/workshopResolvers.ts
+++ b/src/resolvers/workshopResolvers.ts
@ -5,28 +5,28 @@ import { isLocked } from '../datasources/db/utils';
 export default {
    Query: {
        workshopTypeById: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => {
-            if (req.permissions.includes(Permission.ReadBike)) {
+            if (req.permissions.includes(Permission.ReadWorkshop)) {
                return dataSources.workshopAPI.workshopTypeById(id);
            } else {
                return new GraphQLError('Insufficient Permissions');
            }
        },
        workshopTypes: (_: any, { offset, limit }: { offset: number, limit: number }, { dataSources, req }: { dataSources: any, req: any }) => {
-            if (req.permissions.includes(Permission.ReadBike)) {
+            if (req.permissions.includes(Permission.ReadWorkshop)) {
                return dataSources.workshopAPI.workshopTypes(offset, limit);
            } else {
                return new GraphQLError('Insufficient Permissions');
            }
        },
        workshopById: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => {
-            if (req.permissions.includes(Permission.ReadBike)) {
+            if (req.permissions.includes(Permission.ReadWorkshop)) {
                return dataSources.workshopAPI.workshopById(id);
            } else {
                return new GraphQLError('Insufficient Permissions');
            }
        },
        workshops: (_: any, { offset, limit }: { offset: number, limit: number }, { dataSources, req }: { dataSources: any, req: any }) => {
-            if (req.permissions.includes(Permission.ReadBike)) {
+            if (req.permissions.includes(Permission.ReadWorkshop)) {
                return dataSources.workshopAPI.workshops(offset, limit);
            } else {
                return new GraphQLError('Insufficient Permissions');
@ -35,10 +35,18 @@ export default {
    },
    Workshop: {
        trainer1: (parent: any, __:any, { dataSources, req }: { dataSources: any, req: any }) => {
+            if (req.permissions.includes(Permission.ReadParticipant)) {
                return dataSources.workshopAPI.trainer1ByWorkshopId(parent.id);
+            } else {
+                return new GraphQLError('Insufficient Permissions');
+            }
        },
        trainer2: (parent: any, __:any, { dataSources, req }: { dataSources: any, req: any }) => {
+            if (req.permissions.includes(Permission.ReadParticipant)) {
                return dataSources.workshopAPI.trainer2ByWorkshopId(parent.id);
+            } else {
+                return new GraphQLError('Insufficient Permissions');
+            }
        },
        isLocked: (parent: any, __: any, { dataSources, req }: { dataSources: any; req: any }) => isLocked(parent, { dataSources, req })
    },
@ -47,7 +55,7 @@ export default {
    },
    Mutation: {
        createWorkshop: (_: any, { workshop }: { workshop: number }, { dataSources, req }: { dataSources: any, req: any }) => {
-            if (req.permissions.includes(Permission.WriteWorkshopType)) {
+            if (req.permissions.includes(Permission.WriteWorkshop)) {
                return dataSources.workshopAPI.createWorkshop(workshop);
            } else {
                return new GraphQLError('Insufficient Permissions');
--- a/src/schema/type-defs.ts
+++ b/src/schema/type-defs.ts
@ -633,28 +633,6 @@ input ContactInformationUpdateInput {
    note: String
 }

-"describes Relation of Contact to Provider"
-type ContactPerson {
-    id: ID!
-    intern: Boolean!
-    contactInformation: ContactInformation!
-    isLocked: Boolean!
-    "null if not locked by other user"
-    lockedBy: ID
-    lockedUntil: Date
-}
-
-input ContactPersonCreateInput {
-    intern: Boolean!
-    contactInformationId: ID!
-}
-
-input ContactPersonUpdateInput {
-    id: ID!
-    intern: Boolean
-    contactInformationId: ID
-}
-
 type Organisation {
    id: ID!
    name: String!
@ -904,13 +882,8 @@ type Mutation {
    createEngagementType(engagementType: EngagementTypeCreateInput!): EngagementType!
    "create Engagement"
    createEngagement(engagement: EngagementCreateInput): Engagement!
-    "createContactPerson, return null if contactInformationId does not exist"
-    createContactPerson(contactPerson: ContactPersonCreateInput): ContactPerson
-    updateContactPerson(contactPerson: ContactPersonUpdateInput): ContactPerson
-    "create Provider, if cargoBikeIds or contactPersonIds are not valid, provider will still be created"
    createProvider(provider: ProviderCreateInput!): Provider!
    createOrganisation(organisation: OrganisationCreateInput!): Organisation!
-    
 }

 `;