Change insufficient permissions to be an error class

Signed-off-by: trivernis <trivernis@protonmail.com>
pull/28/head
trivernis 4 years ago
parent 123d8159da
commit eaf484596b
Signed by: Trivernis
GPG Key ID: DFFFCC2C7A02DB45

1
.gitignore vendored

@ -2,3 +2,4 @@ node_modules
dist dist
.env .env
.idea .idea
.nyc_output

2344
package-lock.json generated

File diff suppressed because it is too large Load Diff

@ -4,7 +4,7 @@
"description": "", "description": "",
"main": "src/index.js", "main": "src/index.js",
"scripts": { "scripts": {
"test": "echo \"Error: no test specified\" && exit 1", "test": "mocha -r ts-node/register tests/**/*.ts",
"start": "node dist/index.js", "start": "node dist/index.js",
"lint": "eslint --config .eslintrc.json --fix src/**/*.ts", "lint": "eslint --config .eslintrc.json --fix src/**/*.ts",
"start:ci": "node dist/index.js" "start:ci": "node dist/index.js"
@ -13,9 +13,12 @@
"author": "", "author": "",
"license": "ISC", "license": "ISC",
"devDependencies": { "devDependencies": {
"@types/crc": "^3.4.0",
"@types/mocha-steps": "^1.3.0",
"@types/node": "^14.10.0", "@types/node": "^14.10.0",
"@typescript-eslint/eslint-plugin": "^4.1.0", "@typescript-eslint/eslint-plugin": "^4.1.0",
"@typescript-eslint/parser": "^4.1.0", "@typescript-eslint/parser": "^4.1.0",
"chai": "^4.2.0",
"delete": "^1.1.0", "delete": "^1.1.0",
"eslint": "^7.8.1", "eslint": "^7.8.1",
"eslint-config-standard": "^14.1.1", "eslint-config-standard": "^14.1.1",
@ -27,12 +30,19 @@
"gulp-eslint": "^6.0.0", "gulp-eslint": "^6.0.0",
"gulp-nodemon": "^2.5.0", "gulp-nodemon": "^2.5.0",
"gulp-typescript": "^6.0.0-alpha.1", "gulp-typescript": "^6.0.0-alpha.1",
"typescript": "^4.0.2", "mocha": "^8.2.1",
"@types/crc": "^3.4.0" "mocha-steps": "^1.3.0",
"nyc": "^15.1.0",
"ts-node": "^9.0.0",
"typescript": "^4.0.2"
}, },
"dependencies": { "dependencies": {
"@types/chai": "^4.2.14",
"@types/chai-http": "^4.2.0",
"@types/mocha": "^8.0.4",
"apollo-server-express": "^2.17.0", "apollo-server-express": "^2.17.0",
"body-parser": "^1.19.0", "body-parser": "^1.19.0",
"chai-http": "^4.3.0",
"cors": "^2.8.5", "cors": "^2.8.5",
"crc": "^3.8.0", "crc": "^3.8.0",
"dotenv": "^8.2.0", "dotenv": "^8.2.0",

@ -0,0 +1,167 @@
/*
Copyright (C) 2020 Leon Löchner
This file is part of fLotte-API-Server.
fLotte-API-Server is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
fLotte-API-Server is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with fLotte-API-Server. If not, see <https://www.gnu.org/licenses/>.
*/
import { ApolloServer } from 'apollo-server-express';
import bikeResolver from './resolvers/cargoBikeResolver';
import { CargoBikeAPI } from './datasources/db/cargobikeAPI';
import typeDefs from './schema/type-defs';
import 'reflect-metadata';
import { ConnectionOptions, createConnection } from 'typeorm';
import { UserServerAPI } from './datasources/userserver/userserviceAPI';
import express from 'express';
import { requiredPermissions } from './datasources/userserver/permission';
import { CargoBike } from './model/CargoBike';
import { BikeEvent } from './model/BikeEvent';
import { ContactInformation } from './model/ContactInformation';
import { Equipment } from './model/Equipment';
import { LendingStation } from './model/LendingStation';
import { TimeFrame } from './model/TimeFrame';
import { Participant } from './model/Participant';
import { Organisation } from './model/Organisation';
import { Provider } from './model/Provider';
import { Engagement } from './model/Engagement';
import { Workshop } from './model/Workshop';
import { LendingStationAPI } from './datasources/db/lendingstationAPI';
import lendingStationResolvers from './resolvers/lendingStationResolvers';
import { ParticipantAPI } from './datasources/db/participantAPI';
import participantResolvers from './resolvers/participantResolvers';
import { ContactInformationAPI } from './datasources/db/contactinformationAPI';
import providerResolvers from './resolvers/providerResolvers';
import { ProviderAPI } from './datasources/db/providerAPI';
import contactInformationResolvers from './resolvers/contactInformationResolvers';
import { Person } from './model/Person';
import { WorkshopType } from './model/WorkshopType';
import { EngagementType } from './model/EngagementType';
import { EquipmentType } from './model/EquipmentType';
import { BikeEventType } from './model/BikeEventType';
import { WorkshopAPI } from './datasources/db/workshopAPI';
import workshopResolvers from './resolvers/workshopResolvers';
import { ActionLog } from './model/ActionLog';
import actionLogResolvers from './resolvers/actionLogResolvers';
import { ActionLogAPI } from './datasources/db/actionLogAPI';
import bodyParser from 'body-parser';
const cors = require('cors');
require('dotenv').config();
export const userAPI = new UserServerAPI(process.env.RPC_HOST);
export function getConnectionOptions (): ConnectionOptions {
return {
// @ts-ignore
type: process.env.DATABASE_TYPE,
url: process.env.DATABASE_URL,
database: process.env.DATABASE_NAME,
entities: [
CargoBike,
BikeEvent,
BikeEventType,
ContactInformation,
Equipment,
EquipmentType,
LendingStation,
TimeFrame,
Organisation,
Participant,
Provider,
Engagement,
EngagementType,
Workshop,
Person,
WorkshopType,
ActionLog
],
synchronize: true,
logging: false
};
}
export async function getApp (connOptions: ConnectionOptions) {
/**
* Function that is called to authenticate a user by using the user rpc server
* @param req
* @param res
* @param next
*/
async function authenticate (req: any, res: any, next: any) {
if (req.body.operationName === 'IntrospectionQuery') {
next();
} else if (process.env.NODE_ENV === 'develop') {
req.permissions = requiredPermissions.map((e) => e.name);
req.userId = await userAPI.getUserId(req.headers.authorization?.replace('Bearer ', ''));
next();
} else {
const token = req.headers.authorization?.replace('Bearer ', '');
if (token) {
if (await userAPI.validateToken(token)) {
req.permissions = await userAPI.getUserPermissions(token);
req.userId = await userAPI.getUserId(req.headers.authorization?.replace('Bearer ', ''));
next();
} else {
res.status(401);
res.send('Unauthorized');
}
} else {
res.status(401);
res.send('Unauthorized');
}
}
}
try {
await createConnection(connOptions);
} catch (err) {
console.error(err);
}
const server = new ApolloServer({
resolvers: [
bikeResolver,
lendingStationResolvers,
participantResolvers,
providerResolvers,
contactInformationResolvers,
workshopResolvers,
actionLogResolvers
],
typeDefs,
dataSources: () => ({
cargoBikeAPI: new CargoBikeAPI(),
lendingStationAPI: new LendingStationAPI(),
participantAPI: new ParticipantAPI(),
contactInformationAPI: new ContactInformationAPI(),
providerAPI: new ProviderAPI(),
workshopAPI: new WorkshopAPI(),
actionLogAPI: new ActionLogAPI(),
userAPI
}),
context: (req: any) => {
return req;
}
});
const app = express();
app.use(cors());
app.use(bodyParser.json());
app.post('/graphql', authenticate);
app.get(/\/graphql?&.*query=/, authenticate);
server.applyMiddleware({ app });
return app;
}

@ -0,0 +1,7 @@
import { ApolloError } from 'apollo-server-express';
export class PermissionError extends ApolloError {
constructor () {
super('Insufficient permissions.', 'INSUFFICIENT_PERMISSION');
}
}

@ -16,150 +16,13 @@ This file is part of fLotte-API-Server.
You should have received a copy of the GNU General Public License You should have received a copy of the GNU General Public License
along with fLotte-API-Server. If not, see <https://www.gnu.org/licenses/>. along with fLotte-API-Server. If not, see <https://www.gnu.org/licenses/>.
*/ */
import { getApp, getConnectionOptions, userAPI } from './app';
import { ApolloServer } from 'apollo-server-express'; (async () => {
import bikeResolver from './resolvers/cargoBikeResolver'; const app = await getApp(getConnectionOptions());
import { CargoBikeAPI } from './datasources/db/cargobikeAPI';
import typeDefs from './schema/type-defs';
import 'reflect-metadata';
import { ConnectionOptions, createConnection } from 'typeorm';
import { UserServerAPI } from './datasources/userserver/userserviceAPI';
import express from 'express';
import { requiredPermissions } from './datasources/userserver/permission';
import { CargoBike } from './model/CargoBike';
import { BikeEvent } from './model/BikeEvent';
import { ContactInformation } from './model/ContactInformation';
import { Equipment } from './model/Equipment';
import { LendingStation } from './model/LendingStation';
import { TimeFrame } from './model/TimeFrame';
import { Participant } from './model/Participant';
import { Organisation } from './model/Organisation';
import { Provider } from './model/Provider';
import { Engagement } from './model/Engagement';
import { Workshop } from './model/Workshop';
import { LendingStationAPI } from './datasources/db/lendingstationAPI';
import lendingStationResolvers from './resolvers/lendingStationResolvers';
import { ParticipantAPI } from './datasources/db/participantAPI';
import participantResolvers from './resolvers/participantResolvers';
import { ContactInformationAPI } from './datasources/db/contactinformationAPI';
import providerResolvers from './resolvers/providerResolvers';
import { ProviderAPI } from './datasources/db/providerAPI';
import contactInformationResolvers from './resolvers/contactInformationResolvers';
import { Person } from './model/Person';
import { WorkshopType } from './model/WorkshopType';
import { EngagementType } from './model/EngagementType';
import { EquipmentType } from './model/EquipmentType';
import { BikeEventType } from './model/BikeEventType';
import { WorkshopAPI } from './datasources/db/workshopAPI';
import workshopResolvers from './resolvers/workshopResolvers';
import { ActionLog } from './model/ActionLog';
import actionLogResolvers from './resolvers/actionLogResolvers';
import { ActionLogAPI } from './datasources/db/actionLogAPI';
import bodyParser from 'body-parser';
const cors = require('cors');
require('dotenv').config();
const connOptions: ConnectionOptions = { app.listen(4000, async () => {
type: 'postgres', await userAPI.createDefinedPermissions().catch(
url: process.env.POSTGRES_CONNECTION_URL, err => console.log(err));
entities: [
CargoBike,
BikeEvent,
BikeEventType,
ContactInformation,
Equipment,
EquipmentType,
LendingStation,
TimeFrame,
Organisation,
Participant,
Provider,
Engagement,
EngagementType,
Workshop,
Person,
WorkshopType,
ActionLog
],
synchronize: true,
logging: false
};
/**
* Function that is called to authenticate a user by using the user rpc server
* @param req
* @param res
* @param next
*/
async function authenticate (req: any, res: any, next: any) {
if (req.body.operationName === 'IntrospectionQuery') {
next();
} else if (process.env.NODE_ENV === 'develop') {
req.permissions = requiredPermissions.map((e) => e.name);
req.userId = await userAPI.getUserId(req.headers.authorization?.replace('Bearer ', ''));
next();
} else {
const token = req.headers.authorization?.replace('Bearer ', '');
if (token) {
if (await userAPI.validateToken(token)) {
req.permissions = await userAPI.getUserPermissions(token);
req.userId = await userAPI.getUserId(req.headers.authorization?.replace('Bearer ', ''));
next();
} else {
res.status(401);
res.send('Unauthorized');
}
} else {
res.status(401);
res.send('Unauthorized');
}
}
}
function retryConnect (): any {
createConnection(connOptions).catch(error => {
console.log(error);
setTimeout(retryConnect, 3000);
}); });
} })();
retryConnect();
const userAPI = new UserServerAPI(process.env.RPC_HOST);
const server = new ApolloServer({
resolvers: [
bikeResolver,
lendingStationResolvers,
participantResolvers,
providerResolvers,
contactInformationResolvers,
workshopResolvers,
actionLogResolvers
],
typeDefs,
dataSources: () => ({
cargoBikeAPI: new CargoBikeAPI(),
lendingStationAPI: new LendingStationAPI(),
participantAPI: new ParticipantAPI(),
contactInformationAPI: new ContactInformationAPI(),
providerAPI: new ProviderAPI(),
workshopAPI: new WorkshopAPI(),
actionLogAPI: new ActionLogAPI(),
userAPI
}),
context: (req: any) => {
return req;
}
});
const app = express();
app.use(cors());
app.use(bodyParser.json());
app.post('/graphql', authenticate);
app.get(/\/graphql?&.*query=/, authenticate);
server.applyMiddleware({ app });
app.listen(4000, async () => {
await userAPI.createDefinedPermissions().catch(
err => console.log(err));
});

@ -18,7 +18,7 @@ This file is part of fLotte-API-Server.
*/ */
import { Permission } from '../datasources/userserver/permission'; import { Permission } from '../datasources/userserver/permission';
import { GraphQLError } from 'graphql'; import { PermissionError } from '../errors/PermissionError';
export default { export default {
Query: { Query: {
@ -26,21 +26,21 @@ export default {
if (req.permissions.includes(Permission.ReadActionLog)) { if (req.permissions.includes(Permission.ReadActionLog)) {
return dataSources.actionLogAPI.actionLogByUserId(req.userId); return dataSources.actionLogAPI.actionLogByUserId(req.userId);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
actionLogByUser: (_: any, { id }: {id: number}, { dataSources, req }:{dataSources: any, req: any }) => { actionLogByUser: (_: any, { id }: {id: number}, { dataSources, req }:{dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.ReadActionLogAll)) { if (req.permissions.includes(Permission.ReadActionLogAll)) {
return dataSources.actionLogAPI.actionLogByUserId(id); return dataSources.actionLogAPI.actionLogByUserId(id);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
actionLogAll: (_: any, __: any, { dataSources, req }:{dataSources: any, req: any }) => { actionLogAll: (_: any, __: any, { dataSources, req }:{dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.ReadActionLogAll)) { if (req.permissions.includes(Permission.ReadActionLogAll)) {
return dataSources.actionLogAPI.actionLogAll(); return dataSources.actionLogAPI.actionLogAll();
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
} }
} }

@ -18,8 +18,8 @@ This file is part of fLotte-API-Server.
*/ */
import { Permission } from '../datasources/userserver/permission'; import { Permission } from '../datasources/userserver/permission';
import { GraphQLError } from 'graphql';
import { isLocked, isLockedByMe } from '../datasources/db/utils'; import { isLocked, isLockedByMe } from '../datasources/db/utils';
import { PermissionError } from '../errors/PermissionError';
export default { export default {
Query: { Query: {
@ -27,70 +27,70 @@ export default {
if (req.permissions.includes(Permission.ReadBike)) { if (req.permissions.includes(Permission.ReadBike)) {
return dataSources.cargoBikeAPI.findCargoBikeById(id); return dataSources.cargoBikeAPI.findCargoBikeById(id);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
cargoBikes: (_: any, { offset, limit }: { offset: number, limit: number }, { dataSources, req }: { dataSources: any, req: any }) => { cargoBikes: (_: any, { offset, limit }: { offset: number, limit: number }, { dataSources, req }: { dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.ReadBike)) { if (req.permissions.includes(Permission.ReadBike)) {
return dataSources.cargoBikeAPI.getCargoBikes(offset, limit); return dataSources.cargoBikeAPI.getCargoBikes(offset, limit);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
bikeEvents: (_:any, { offset, limit }: { offset: number, limit: number }, { dataSources, req }: { dataSources: any, req: any }) => { bikeEvents: (_:any, { offset, limit }: { offset: number, limit: number }, { dataSources, req }: { dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.ReadBikeEvent)) { if (req.permissions.includes(Permission.ReadBikeEvent)) {
return dataSources.cargoBikeAPI.bikeEvents(offset, limit); return dataSources.cargoBikeAPI.bikeEvents(offset, limit);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
bikeEventById: (_:any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => { bikeEventById: (_:any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.ReadBikeEvent)) { if (req.permissions.includes(Permission.ReadBikeEvent)) {
return dataSources.cargoBikeAPI.bikeEventById(id); return dataSources.cargoBikeAPI.bikeEventById(id);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
bikeEventTypeByd: (_:any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => { bikeEventTypeByd: (_:any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.ReadBikeEvent)) { if (req.permissions.includes(Permission.ReadBikeEvent)) {
return dataSources.cargoBikeAPI.bikeEventTypeById(id); return dataSources.cargoBikeAPI.bikeEventTypeById(id);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
bikeEventTypes: (_:any, { offset, limit }: { offset: number, limit: number }, { dataSources, req }: { dataSources: any, req: any }) => { bikeEventTypes: (_:any, { offset, limit }: { offset: number, limit: number }, { dataSources, req }: { dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.ReadBikeEvent)) { if (req.permissions.includes(Permission.ReadBikeEvent)) {
return dataSources.cargoBikeAPI.bikeEventTypes(offset, limit); return dataSources.cargoBikeAPI.bikeEventTypes(offset, limit);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
equipment: (_:any, { offset, limit }: { offset: number, limit: number }, { dataSources, req }: { dataSources: any, req: any }) => { equipment: (_:any, { offset, limit }: { offset: number, limit: number }, { dataSources, req }: { dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.ReadEquipment)) { if (req.permissions.includes(Permission.ReadEquipment)) {
return dataSources.cargoBikeAPI.getEquipment(offset, limit); return dataSources.cargoBikeAPI.getEquipment(offset, limit);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
equipmentById: (_:any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => { equipmentById: (_:any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.ReadEquipment)) { if (req.permissions.includes(Permission.ReadEquipment)) {
return dataSources.cargoBikeAPI.equipmentById(id); return dataSources.cargoBikeAPI.equipmentById(id);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
equipmentTypes: (_:any, { offset, limit }: { offset: number, limit: number }, { dataSources, req }: { dataSources: any, req: any }) => { equipmentTypes: (_:any, { offset, limit }: { offset: number, limit: number }, { dataSources, req }: { dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.ReadEquipment)) { if (req.permissions.includes(Permission.ReadEquipment)) {
return dataSources.cargoBikeAPI.equipmentTypes(offset, limit); return dataSources.cargoBikeAPI.equipmentTypes(offset, limit);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
equipmentTypeById: (_:any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => { equipmentTypeById: (_:any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.ReadEquipment)) { if (req.permissions.includes(Permission.ReadEquipment)) {
return dataSources.cargoBikeAPI.equipmentTypeById(id); return dataSources.cargoBikeAPI.equipmentTypeById(id);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
} }
}, },
@ -99,42 +99,42 @@ export default {
if (req.permissions.includes(Permission.ReadEngagement)) { if (req.permissions.includes(Permission.ReadEngagement)) {
return dataSources.participantAPI.currentEngagementByCargoBikeId(parent.id); return dataSources.participantAPI.currentEngagementByCargoBikeId(parent.id);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
engagement (parent: any, { offset, limit }: { offset: number, limit: number }, { dataSources, req }: { dataSources: any, req: any }) { engagement (parent: any, { offset, limit }: { offset: number, limit: number }, { dataSources, req }: { dataSources: any, req: any }) {
if (req.permissions.includes(Permission.ReadEngagement)) { if (req.permissions.includes(Permission.ReadEngagement)) {
return dataSources.participantAPI.engagementByCargoBikeId(offset, limit, parent.id); return dataSources.participantAPI.engagementByCargoBikeId(offset, limit, parent.id);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
participants (parent: any, { offset, limit }: { offset: number, limit: number }, { dataSources, req }: { dataSources: any, req: any }) { // TODO should be done with engagements participants (parent: any, { offset, limit }: { offset: number, limit: number }, { dataSources, req }: { dataSources: any, req: any }) { // TODO should be done with engagements
if (req.permissions.includes(Permission.ReadParticipant)) { if (req.permissions.includes(Permission.ReadParticipant)) {
return dataSources.participantAPI.participantsByCargoBikeId(parent.id); return dataSources.participantAPI.participantsByCargoBikeId(parent.id);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
equipment (parent: any, { offset, limit }: { offset: number, limit: number }, { dataSources, req }: { dataSources: any, req: any }) { equipment (parent: any, { offset, limit }: { offset: number, limit: number }, { dataSources, req }: { dataSources: any, req: any }) {
if (req.permissions.includes(Permission.ReadEquipment)) { if (req.permissions.includes(Permission.ReadEquipment)) {
return dataSources.cargoBikeAPI.equipmentByCargoBikeId(offset, limit, parent.id); return dataSources.cargoBikeAPI.equipmentByCargoBikeId(offset, limit, parent.id);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
lendingStation (parent: any, __: any, { dataSources, req }: { dataSources: any, req: any }) { lendingStation (parent: any, __: any, { dataSources, req }: { dataSources: any, req: any }) {
if (req.permissions.includes(Permission.ReadLendingStation)) { if (req.permissions.includes(Permission.ReadLendingStation)) {
return dataSources.lendingStationAPI.lendingStationByCargoBikeId(parent.id); return dataSources.lendingStationAPI.lendingStationByCargoBikeId(parent.id);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
bikeEvents (parent: any, { offset, limit }: { offset: number, limit: number }, { dataSources, req }: { dataSources: any, req: any }) { bikeEvents (parent: any, { offset, limit }: { offset: number, limit: number }, { dataSources, req }: { dataSources: any, req: any }) {
if (req.permissions.includes(Permission.ReadBikeEvent)) { if (req.permissions.includes(Permission.ReadBikeEvent)) {
return dataSources.cargoBikeAPI.bikeEventsByCargoBikeId(parent.id, offset, limit); return dataSources.cargoBikeAPI.bikeEventsByCargoBikeId(parent.id, offset, limit);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
isLockedByMe: (parent: any, __: any, { req }: { req: any }) => isLockedByMe(parent, { req }), isLockedByMe: (parent: any, __: any, { req }: { req: any }) => isLockedByMe(parent, { req }),
@ -143,21 +143,21 @@ export default {
if (req.permissions.includes(Permission.ReadTimeFrame)) { if (req.permissions.includes(Permission.ReadTimeFrame)) {
return dataSources.lendingStationAPI.timeFramesByCargoBikeId(parent.id); return dataSources.lendingStationAPI.timeFramesByCargoBikeId(parent.id);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
equipmentType (parent: any, __: any, { dataSources, req }: { dataSources: any, req: any }) { equipmentType (parent: any, __: any, { dataSources, req }: { dataSources: any, req: any }) {
if (req.permissions.includes(Permission.ReadEquipment)) { if (req.permissions.includes(Permission.ReadEquipment)) {
return dataSources.cargoBikeAPI.equipmentTypeByCargoBikeId(parent.id); return dataSources.cargoBikeAPI.equipmentTypeByCargoBikeId(parent.id);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
provider (parent: any, __: any, { dataSources, req }: { dataSources: any, req: any }) { provider (parent: any, __: any, { dataSources, req }: { dataSources: any, req: any }) {
if (req.permissions.includes(Permission.ReadProvider)) { if (req.permissions.includes(Permission.ReadProvider)) {
return dataSources.providerAPI.providerByCargoBikeId(parent.id); return dataSources.providerAPI.providerByCargoBikeId(parent.id);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
} }
@ -167,7 +167,7 @@ export default {
if (req.permissions.includes(Permission.ReadBike)) { if (req.permissions.includes(Permission.ReadBike)) {
return dataSources.cargoBikeAPI.cargoBikeByEquipmentId(parent.id); return dataSources.cargoBikeAPI.cargoBikeByEquipmentId(parent.id);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
isLockedByMe: (parent: any, __: any, { req }: { req: any }) => isLockedByMe(parent, { req }), isLockedByMe: (parent: any, __: any, { req }: { req: any }) => isLockedByMe(parent, { req }),
@ -178,28 +178,28 @@ export default {
if (req.permissions.includes(Permission.ReadBike)) { if (req.permissions.includes(Permission.ReadBike)) {
return dataSources.cargoBikeAPI.cargoBikeByEventId(parent.id); return dataSources.cargoBikeAPI.cargoBikeByEventId(parent.id);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
bikeEventType (parent: any, __: any, { dataSources, req }: { dataSources: any, req: any }) { bikeEventType (parent: any, __: any, { dataSources, req }: { dataSources: any, req: any }) {
if (req.permissions.includes(Permission.ReadBikeEvent)) { if (req.permissions.includes(Permission.ReadBikeEvent)) {
return dataSources.cargoBikeAPI.bikeEventTypeByBikeEventId(parent.id); return dataSources.cargoBikeAPI.bikeEventTypeByBikeEventId(parent.id);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
responsible (parent: any, __: any, { dataSources, req }: { dataSources: any, req: any }) { responsible (parent: any, __: any, { dataSources, req }: { dataSources: any, req: any }) {
if (req.permissions.includes(Permission.ReadParticipant)) { if (req.permissions.includes(Permission.ReadParticipant)) {
return dataSources.cargoBikeAPI.responsibleByBikeEventId(parent.id); return dataSources.cargoBikeAPI.responsibleByBikeEventId(parent.id);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
related (parent: any, __: any, { dataSources, req }: { dataSources: any, req: any }) { related (parent: any, __: any, { dataSources, req }: { dataSources: any, req: any }) {
if (req.permissions.includes(Permission.ReadParticipant)) { if (req.permissions.includes(Permission.ReadParticipant)) {
return dataSources.cargoBikeAPI.relatedByBikeEventId(parent.id); return dataSources.cargoBikeAPI.relatedByBikeEventId(parent.id);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
isLockedByMe: (parent: any, __: any, { req }: { req: any }) => isLockedByMe(parent, { req }), isLockedByMe: (parent: any, __: any, { req }: { req: any }) => isLockedByMe(parent, { req }),
@ -214,175 +214,175 @@ export default {
if (req.permissions.includes(Permission.WriteBike)) { if (req.permissions.includes(Permission.WriteBike)) {
return dataSources.cargoBikeAPI.createCargoBike({ cargoBike }); return dataSources.cargoBikeAPI.createCargoBike({ cargoBike });
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
lockCargoBike: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => { lockCargoBike: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.WriteBike)) { if (req.permissions.includes(Permission.WriteBike)) {
return dataSources.cargoBikeAPI.lockCargoBike(id, req.userId); return dataSources.cargoBikeAPI.lockCargoBike(id, req.userId);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
unlockCargoBike: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => { unlockCargoBike: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.WriteBike)) { if (req.permissions.includes(Permission.WriteBike)) {
return dataSources.cargoBikeAPI.unlockCargoBike(id, req.userId); return dataSources.cargoBikeAPI.unlockCargoBike(id, req.userId);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
updateCargoBike: (_: any, { cargoBike }: { cargoBike: any }, { dataSources, req }: { dataSources: any, req: any }) => { updateCargoBike: (_: any, { cargoBike }: { cargoBike: any }, { dataSources, req }: { dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.WriteBike)) { if (req.permissions.includes(Permission.WriteBike)) {
return dataSources.cargoBikeAPI.updateCargoBike(cargoBike, req.userId); return dataSources.cargoBikeAPI.updateCargoBike(cargoBike, req.userId);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
deleteCargoBike: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => { deleteCargoBike: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.DeleteBike)) { if (req.permissions.includes(Permission.DeleteBike)) {
return dataSources.cargoBikeAPI.deleteCargoBike(id, req.userId); return dataSources.cargoBikeAPI.deleteCargoBike(id, req.userId);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
createBikeEvent: (_: any, { bikeEvent }: { bikeEvent: any }, { dataSources, req }: { dataSources: any, req: any }) => { createBikeEvent: (_: any, { bikeEvent }: { bikeEvent: any }, { dataSources, req }: { dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.WriteBikeEvent)) { if (req.permissions.includes(Permission.WriteBikeEvent)) {
return dataSources.cargoBikeAPI.createBikeEvent({ bikeEvent }); return dataSources.cargoBikeAPI.createBikeEvent({ bikeEvent });
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
lockBikeEvent: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => { lockBikeEvent: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.WriteBikeEvent)) { if (req.permissions.includes(Permission.WriteBikeEvent)) {
return dataSources.cargoBikeAPI.lockBikeEvent(id, req.userId); return dataSources.cargoBikeAPI.lockBikeEvent(id, req.userId);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
unlockBikeEvent: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => { unlockBikeEvent: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.WriteBikeEvent)) { if (req.permissions.includes(Permission.WriteBikeEvent)) {
return dataSources.cargoBikeAPI.unlockBikeEvent(id, req.userId); return dataSources.cargoBikeAPI.unlockBikeEvent(id, req.userId);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
updateBikeEvent: (_: any, { bikeEvent }: { bikeEvent: any }, { dataSources, req }: { dataSources: any, req: any }) => { updateBikeEvent: (_: any, { bikeEvent }: { bikeEvent: any }, { dataSources, req }: { dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.WriteBikeEvent)) { if (req.permissions.includes(Permission.WriteBikeEvent)) {
return dataSources.cargoBikeAPI.updateBikeEvent(bikeEvent, req.userId); return dataSources.cargoBikeAPI.updateBikeEvent(bikeEvent, req.userId);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
deleteBikeEvent: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => { deleteBikeEvent: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.DeleteBikeEvent)) { if (req.permissions.includes(Permission.DeleteBikeEvent)) {
return dataSources.cargoBikeAPI.deleteBikeEvent(id, req.userId); return dataSources.cargoBikeAPI.deleteBikeEvent(id, req.userId);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
createEquipment: (_: any, { equipment }: { equipment: any }, { dataSources, req }: { dataSources: any, req: any }) => { createEquipment: (_: any, { equipment }: { equipment: any }, { dataSources, req }: { dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.WriteEquipment)) { if (req.permissions.includes(Permission.WriteEquipment)) {
return dataSources.cargoBikeAPI.createEquipment({ equipment }); return dataSources.cargoBikeAPI.createEquipment({ equipment });
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
lockEquipment: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => { lockEquipment: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.WriteEquipment)) { if (req.permissions.includes(Permission.WriteEquipment)) {
return dataSources.cargoBikeAPI.lockEquipment(id, req.userId); return dataSources.cargoBikeAPI.lockEquipment(id, req.userId);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
unlockEquipment: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => { unlockEquipment: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.WriteEquipment)) { if (req.permissions.includes(Permission.WriteEquipment)) {
return dataSources.cargoBikeAPI.unlockEquipment(id, req.userId); return dataSources.cargoBikeAPI.unlockEquipment(id, req.userId);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
updateEquipment: (_: any, { equipment }: { equipment: any }, { dataSources, req }: { dataSources: any, req: any }) => { updateEquipment: (_: any, { equipment }: { equipment: any }, { dataSources, req }: { dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.WriteEquipment)) { if (req.permissions.includes(Permission.WriteEquipment)) {
return dataSources.cargoBikeAPI.updateEquipment(equipment, req.userId); return dataSources.cargoBikeAPI.updateEquipment(equipment, req.userId);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
deleteEquipment: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => { deleteEquipment: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.DeleteEquipment)) { if (req.permissions.includes(Permission.DeleteEquipment)) {
return dataSources.cargoBikeAPI.deleteEquipment(id, req.userId); return dataSources.cargoBikeAPI.deleteEquipment(id, req.userId);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
createEquipmentType: (_: any, { equipmentType }: { equipmentType: any }, { dataSources, req }: { dataSources: any, req: any }) => { createEquipmentType: (_: any, { equipmentType }: { equipmentType: any }, { dataSources, req }: { dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.WriteEquipmentType)) { if (req.permissions.includes(Permission.WriteEquipmentType)) {
return dataSources.cargoBikeAPI.createEquipmentType(equipmentType); return dataSources.cargoBikeAPI.createEquipmentType(equipmentType);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
lockEquipmentType: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => { lockEquipmentType: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.WriteEquipmentType)) { if (req.permissions.includes(Permission.WriteEquipmentType)) {
return dataSources.cargoBikeAPI.lockEquipmentType(id, req.userId); return dataSources.cargoBikeAPI.lockEquipmentType(id, req.userId);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
unlockEquipmentType: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => { unlockEquipmentType: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.WriteEquipmentType)) { if (req.permissions.includes(Permission.WriteEquipmentType)) {
return dataSources.cargoBikeAPI.unlockEquipmentType(id, req.userId); return dataSources.cargoBikeAPI.unlockEquipmentType(id, req.userId);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
updateEquipmentType: (_: any, { equipmentType }: { equipmentType: any }, { dataSources, req }: { dataSources: any, req: any }) => { updateEquipmentType: (_: any, { equipmentType }: { equipmentType: any }, { dataSources, req }: { dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.WriteEquipmentType)) { if (req.permissions.includes(Permission.WriteEquipmentType)) {
return dataSources.cargoBikeAPI.updateEquipmentType(equipmentType, req.userId); return dataSources.cargoBikeAPI.updateEquipmentType(equipmentType, req.userId);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
deleteEquipmentType: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => { deleteEquipmentType: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.DeleteEquipmentType)) { if (req.permissions.includes(Permission.DeleteEquipmentType)) {
return dataSources.cargoBikeAPI.deleteEquipmentType(id, req.userId); return dataSources.cargoBikeAPI.deleteEquipmentType(id, req.userId);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
createBikeEventType: (_: any, { name }: { name: any }, { dataSources, req }: { dataSources: any, req: any }) => { createBikeEventType: (_: any, { name }: { name: any }, { dataSources, req }: { dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.WriteEventType)) { if (req.permissions.includes(Permission.WriteEventType)) {
return dataSources.cargoBikeAPI.createBikeEventType(name); return dataSources.cargoBikeAPI.createBikeEventType(name);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
lockBikeEventType: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => { lockBikeEventType: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.WriteEventType)) { if (req.permissions.includes(Permission.WriteEventType)) {
return dataSources.cargoBikeAPI.lockBikeEventType(id, req.userId); return dataSources.cargoBikeAPI.lockBikeEventType(id, req.userId);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
unlockBikeEventType: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => { unlockBikeEventType: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.WriteEventType)) { if (req.permissions.includes(Permission.WriteEventType)) {
return dataSources.cargoBikeAPI.unlockBikeEventType(id, req.userId); return dataSources.cargoBikeAPI.unlockBikeEventType(id, req.userId);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
updateBikeEventType: (_: any, { bikeEventType }: { bikeEventType: any }, { dataSources, req }: { dataSources: any, req: any }) => { updateBikeEventType: (_: any, { bikeEventType }: { bikeEventType: any }, { dataSources, req }: { dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.WriteEventType)) { if (req.permissions.includes(Permission.WriteEventType)) {
return dataSources.cargoBikeAPI.updateBikeEventType(bikeEventType, req.userId); return dataSources.cargoBikeAPI.updateBikeEventType(bikeEventType, req.userId);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
deleteBikeEventType: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => { deleteBikeEventType: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.DeleteEventType)) { if (req.permissions.includes(Permission.DeleteEventType)) {
return dataSources.cargoBikeAPI.deleteBikeEventType(id, req.userId); return dataSources.cargoBikeAPI.deleteBikeEventType(id, req.userId);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
} }
} }

@ -17,10 +17,10 @@ This file is part of fLotte-API-Server.
along with fLotte-API-Server. If not, see <https://www.gnu.org/licenses/>. along with fLotte-API-Server. If not, see <https://www.gnu.org/licenses/>.
*/ */
import { GraphQLError } from 'graphql';
import { Permission } from '../datasources/userserver/permission'; import { Permission } from '../datasources/userserver/permission';
import { Person } from '../model/Person'; import { Person } from '../model/Person';
import { isLocked, isLockedByMe } from '../datasources/db/utils'; import { isLocked, isLockedByMe } from '../datasources/db/utils';
import { PermissionError } from '../errors/PermissionError';
export default { export default {
Query: { Query: {
@ -28,28 +28,28 @@ export default {
if (req.permissions.includes(Permission.ReadPerson)) { if (req.permissions.includes(Permission.ReadPerson)) {
return dataSources.contactInformationAPI.contactInformation(offset, limit); return dataSources.contactInformationAPI.contactInformation(offset, limit);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
contactInformationById: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => { contactInformationById: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.ReadPerson)) { if (req.permissions.includes(Permission.ReadPerson)) {
return dataSources.contactInformationAPI.contactInformationById(id); return dataSources.contactInformationAPI.contactInformationById(id);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
personById: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => { personById: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.ReadPerson)) { if (req.permissions.includes(Permission.ReadPerson)) {
return dataSources.contactInformationAPI.personById(id); return dataSources.contactInformationAPI.personById(id);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
persons: (_: any, { offset, limit }: { offset: number, limit: number }, { dataSources, req }: { dataSources: any, req: any }) => { persons: (_: any, { offset, limit }: { offset: number, limit: number }, { dataSources, req }: { dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.ReadPerson)) { if (req.permissions.includes(Permission.ReadPerson)) {
return dataSources.contactInformationAPI.persons(offset, limit); return dataSources.contactInformationAPI.persons(offset, limit);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
} }
}, },
@ -58,7 +58,7 @@ export default {
if (req.permissions.includes(Permission.ReadPerson)) { if (req.permissions.includes(Permission.ReadPerson)) {
return dataSources.contactInformationAPI.contactInformationByPersonId(parent.id); return dataSources.contactInformationAPI.contactInformationByPersonId(parent.id);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
isLockedByMe: (parent: any, __: any, { req }: { req: any }) => isLockedByMe(parent, { req }), isLockedByMe: (parent: any, __: any, { req }: { req: any }) => isLockedByMe(parent, { req }),
@ -69,7 +69,7 @@ export default {
if (req.permissions.includes(Permission.ReadPerson)) { if (req.permissions.includes(Permission.ReadPerson)) {
return dataSources.contactInformationAPI.personByContactInformationId(parent.id); return dataSources.contactInformationAPI.personByContactInformationId(parent.id);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
isLockedByMe: (parent: any, __: any, { req }: { req: any }) => isLockedByMe(parent, { req }), isLockedByMe: (parent: any, __: any, { req }: { req: any }) => isLockedByMe(parent, { req }),
@ -80,70 +80,70 @@ export default {
if (req.permissions.includes(Permission.WritePerson)) { if (req.permissions.includes(Permission.WritePerson)) {
return dataSources.contactInformationAPI.createPerson(person); return dataSources.contactInformationAPI.createPerson(person);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
lockPerson: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => { lockPerson: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.WritePerson)) { if (req.permissions.includes(Permission.WritePerson)) {
return dataSources.contactInformationAPI.lockPerson(id, req.userId); return dataSources.contactInformationAPI.lockPerson(id, req.userId);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
unlockPerson: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => { unlockPerson: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.WritePerson)) { if (req.permissions.includes(Permission.WritePerson)) {
return dataSources.contactInformationAPI.unlockPerson(id, req.userId); return dataSources.contactInformationAPI.unlockPerson(id, req.userId);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
updatePerson: (_: any, { person }: { person: any }, { dataSources, req }: { dataSources: any, req: any }) => { updatePerson: (_: any, { person }: { person: any }, { dataSources, req }: { dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.WritePerson)) { if (req.permissions.includes(Permission.WritePerson)) {
return dataSources.contactInformationAPI.updatePerson(person, req.userId); return dataSources.contactInformationAPI.updatePerson(person, req.userId);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
deletePerson: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => { deletePerson: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.DeletePerson)) { if (req.permissions.includes(Permission.DeletePerson)) {
return dataSources.contactInformationAPI.deletePerson(id, req.userId); return dataSources.contactInformationAPI.deletePerson(id, req.userId);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
createContactInformation: (_: any, { contactInformation }: { contactInformation: any }, { dataSources, req }: { dataSources: any, req: any }) => { createContactInformation: (_: any, { contactInformation }: { contactInformation: any }, { dataSources, req }: { dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.WritePerson)) { if (req.permissions.includes(Permission.WritePerson)) {
return dataSources.contactInformationAPI.createContactInformation(contactInformation); return dataSources.contactInformationAPI.createContactInformation(contactInformation);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
lockContactInformation: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => { lockContactInformation: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.WritePerson)) { if (req.permissions.includes(Permission.WritePerson)) {
return dataSources.contactInformationAPI.lockContactInformation(id, req.userId); return dataSources.contactInformationAPI.lockContactInformation(id, req.userId);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
unlockContactInformation: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => { unlockContactInformation: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.WritePerson)) { if (req.permissions.includes(Permission.WritePerson)) {
return dataSources.contactInformationAPI.unlockContactInformation(id, req.userId); return dataSources.contactInformationAPI.unlockContactInformation(id, req.userId);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
updateContactInformation: (_: any, { contactInformation }: { contactInformation: any }, { dataSources, req }: { dataSources: any, req: any }) => { updateContactInformation: (_: any, { contactInformation }: { contactInformation: any }, { dataSources, req }: { dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.WritePerson)) { if (req.permissions.includes(Permission.WritePerson)) {
return dataSources.contactInformationAPI.updateContactInformation(contactInformation, req.userId); return dataSources.contactInformationAPI.updateContactInformation(contactInformation, req.userId);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
deleteContactInformation: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => { deleteContactInformation: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.DeletePerson)) { if (req.permissions.includes(Permission.DeletePerson)) {
return dataSources.contactInformationAPI.deleteContactInformation(id, req.userId); return dataSources.contactInformationAPI.deleteContactInformation(id, req.userId);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
} }
} }

@ -18,9 +18,9 @@ This file is part of fLotte-API-Server.
*/ */
import { Permission } from '../datasources/userserver/permission'; import { Permission } from '../datasources/userserver/permission';
import { GraphQLError } from 'graphql';
import { LendingStation } from '../model/LendingStation'; import { LendingStation } from '../model/LendingStation';
import { isLocked, isLockedByMe } from '../datasources/db/utils'; import { isLocked, isLockedByMe } from '../datasources/db/utils';
import { PermissionError } from '../errors/PermissionError';
export default { export default {
Query: { Query: {
@ -28,28 +28,28 @@ export default {
if (req.permissions.includes(Permission.ReadLendingStation)) { if (req.permissions.includes(Permission.ReadLendingStation)) {
return dataSources.lendingStationAPI.lendingStationById(id); return dataSources.lendingStationAPI.lendingStationById(id);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
lendingStations: (_: any, { offset, limit }: { offset: number, limit: number }, { dataSources, req }: { dataSources: any, req: any }) => { lendingStations: (_: any, { offset, limit }: { offset: number, limit: number }, { dataSources, req }: { dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.ReadLendingStation)) { if (req.permissions.includes(Permission.ReadLendingStation)) {
return dataSources.lendingStationAPI.lendingStations(offset, limit); return dataSources.lendingStationAPI.lendingStations(offset, limit);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
timeFrameById: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => { timeFrameById: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.ReadTimeFrame)) { if (req.permissions.includes(Permission.ReadTimeFrame)) {
return dataSources.lendingStationAPI.timeFrameById(id); return dataSources.lendingStationAPI.timeFrameById(id);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
timeFrames: (_: any, { offset, limit }: { offset: number, limit: number }, { dataSources, req }: { dataSources: any, req: any }) => { timeFrames: (_: any, { offset, limit }: { offset: number, limit: number }, { dataSources, req }: { dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.ReadTimeFrame)) { if (req.permissions.includes(Permission.ReadTimeFrame)) {
return dataSources.lendingStationAPI.timeFrames(offset, limit); return dataSources.lendingStationAPI.timeFrames(offset, limit);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
} }
}, },
@ -58,42 +58,42 @@ export default {
if (req.permissions.includes(Permission.ReadTimeFrame)) { if (req.permissions.includes(Permission.ReadTimeFrame)) {
return dataSources.lendingStationAPI.timeFramesByLendingStationId(parent.id); return dataSources.lendingStationAPI.timeFramesByLendingStationId(parent.id);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
numCargoBikes (parent: any, __: any, { dataSources, req }: { dataSources: any, req: any }) { numCargoBikes (parent: any, __: any, { dataSources, req }: { dataSources: any, req: any }) {
if (req.permissions.includes(Permission.ReadBike)) { if (req.permissions.includes(Permission.ReadBike)) {
return dataSources.lendingStationAPI.numCargoBikesByLendingStationId(parent.id); return dataSources.lendingStationAPI.numCargoBikesByLendingStationId(parent.id);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
cargoBikes (parent: any, __: any, { dataSources, req }: { dataSources: any, req: any }) { cargoBikes (parent: any, __: any, { dataSources, req }: { dataSources: any, req: any }) {
if (req.permissions.includes(Permission.ReadBike)) { if (req.permissions.includes(Permission.ReadBike)) {
return dataSources.lendingStationAPI.cargoBikesByLendingStationId(parent.id); return dataSources.lendingStationAPI.cargoBikesByLendingStationId(parent.id);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
contactInformationIntern (parent: any, __: any, { dataSources, req }: { dataSources: any, req: any }) { contactInformationIntern (parent: any, __: any, { dataSources, req }: { dataSources: any, req: any }) {
if (req.permissions.includes(Permission.ReadPerson)) { if (req.permissions.includes(Permission.ReadPerson)) {
return dataSources.contactInformationAPI.contactInternByLendingStationId(parent.id); return dataSources.contactInformationAPI.contactInternByLendingStationId(parent.id);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
contactInformationExtern (parent: any, __: any, { dataSources, req }: { dataSources: any, req: any }) { contactInformationExtern (parent: any, __: any, { dataSources, req }: { dataSources: any, req: any }) {
if (req.permissions.includes(Permission.ReadPerson)) { if (req.permissions.includes(Permission.ReadPerson)) {
return dataSources.contactInformationAPI.contactExternByLendingStationId(parent.id); return dataSources.contactInformationAPI.contactExternByLendingStationId(parent.id);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
organisation (parent: any, __: any, { dataSources, req }: { dataSources: any, req: any }) { organisation (parent: any, __: any, { dataSources, req }: { dataSources: any, req: any }) {
if (req.permissions.includes(Permission.ReadOrganisation)) { if (req.permissions.includes(Permission.ReadOrganisation)) {
return dataSources.providerAPI.organisationByLendingStationId(parent.id); return dataSources.providerAPI.organisationByLendingStationId(parent.id);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
isLockedByMe: (parent: any, __: any, { req }: { req: any }) => isLockedByMe(parent, { req }), isLockedByMe: (parent: any, __: any, { req }: { req: any }) => isLockedByMe(parent, { req }),
@ -116,14 +116,14 @@ export default {
if (req.permissions.includes(Permission.ReadBike)) { if (req.permissions.includes(Permission.ReadBike)) {
return dataSources.cargoBikeAPI.cargoBikeByTimeFrameId(parent.id); return dataSources.cargoBikeAPI.cargoBikeByTimeFrameId(parent.id);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
lendingStation (parent: any, __: any, { dataSources, req }: { dataSources: any, req: any }) { lendingStation (parent: any, __: any, { dataSources, req }: { dataSources: any, req: any }) {
if (req.permissions.includes(Permission.ReadLendingStation)) { if (req.permissions.includes(Permission.ReadLendingStation)) {
return dataSources.lendingStationAPI.lendingStationByTimeFrameId(parent.id); return dataSources.lendingStationAPI.lendingStationByTimeFrameId(parent.id);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
isLockedByMe: (parent: any, __: any, { req }: { req: any }) => isLockedByMe(parent, { req }), isLockedByMe: (parent: any, __: any, { req }: { req: any }) => isLockedByMe(parent, { req }),
@ -134,70 +134,70 @@ export default {
if (req.permissions.includes(Permission.WriteLendingStation)) { if (req.permissions.includes(Permission.WriteLendingStation)) {
return dataSources.lendingStationAPI.createLendingStation(lendingStation); return dataSources.lendingStationAPI.createLendingStation(lendingStation);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
lockLendingStation: (_: any, { id }:{ id: number }, { dataSources, req }:{dataSources: any, req: any }) => { lockLendingStation: (_: any, { id }:{ id: number }, { dataSources, req }:{dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.WriteLendingStation)) { if (req.permissions.includes(Permission.WriteLendingStation)) {
return dataSources.lendingStationAPI.lockLendingStationById(id, req.userId); return dataSources.lendingStationAPI.lockLendingStationById(id, req.userId);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
unlockLendingStation: (_: any, { id }:{ id: number }, { dataSources, req }:{dataSources: any, req: any }) => { unlockLendingStation: (_: any, { id }:{ id: number }, { dataSources, req }:{dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.WriteLendingStation)) { if (req.permissions.includes(Permission.WriteLendingStation)) {
return dataSources.lendingStationAPI.unlockLendingStationById(id, req.userId); return dataSources.lendingStationAPI.unlockLendingStationById(id, req.userId);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
updateLendingStation: (_: any, { lendingStation }:{ lendingStation: LendingStation }, { dataSources, req }:{dataSources: any, req: any }) => { updateLendingStation: (_: any, { lendingStation }:{ lendingStation: LendingStation }, { dataSources, req }:{dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.WriteLendingStation)) { if (req.permissions.includes(Permission.WriteLendingStation)) {
return dataSources.lendingStationAPI.updateLendingStation(lendingStation, req.userId); return dataSources.lendingStationAPI.updateLendingStation(lendingStation, req.userId);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
deleteLendingStation: (_: any, { id }:{ id: number }, { dataSources, req }:{dataSources: any, req: any }) => { deleteLendingStation: (_: any, { id }:{ id: number }, { dataSources, req }:{dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.DeleteLendingStation)) { if (req.permissions.includes(Permission.DeleteLendingStation)) {
return dataSources.lendingStationAPI.deleteLendingStationById(id, req.userId); return dataSources.lendingStationAPI.deleteLendingStationById(id, req.userId);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
createTimeFrame: (_: any, { timeFrame }:{ timeFrame: LendingStation }, { dataSources, req }:{dataSources: any, req: any }) => { createTimeFrame: (_: any, { timeFrame }:{ timeFrame: LendingStation }, { dataSources, req }:{dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.WriteTimeFrame)) { if (req.permissions.includes(Permission.WriteTimeFrame)) {
return dataSources.lendingStationAPI.createTimeFrame(timeFrame); return dataSources.lendingStationAPI.createTimeFrame(timeFrame);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
lockTimeFrame: (_: any, { id }:{ id: number }, { dataSources, req }:{dataSources: any, req: any }) => { lockTimeFrame: (_: any, { id }:{ id: number }, { dataSources, req }:{dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.WriteTimeFrame)) { if (req.permissions.includes(Permission.WriteTimeFrame)) {
return dataSources.lendingStationAPI.lockTimeFrame(id, req.userId); return dataSources.lendingStationAPI.lockTimeFrame(id, req.userId);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
unlockTimeFrame: (_: any, { id }:{ id: number }, { dataSources, req }:{dataSources: any, req: any }) => { unlockTimeFrame: (_: any, { id }:{ id: number }, { dataSources, req }:{dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.WriteTimeFrame)) { if (req.permissions.includes(Permission.WriteTimeFrame)) {
return dataSources.lendingStationAPI.unlockTimeFrame(id, req.userId); return dataSources.lendingStationAPI.unlockTimeFrame(id, req.userId);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
updateTimeFrame: (_: any, { timeFrame }:{ timeFrame: LendingStation }, { dataSources, req }:{dataSources: any, req: any }) => { updateTimeFrame: (_: any, { timeFrame }:{ timeFrame: LendingStation }, { dataSources, req }:{dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.WriteTimeFrame)) { if (req.permissions.includes(Permission.WriteTimeFrame)) {
return dataSources.lendingStationAPI.updateTimeFrame(timeFrame, req.userId); return dataSources.lendingStationAPI.updateTimeFrame(timeFrame, req.userId);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
deleteTimeFrame: (_: any, { id }:{ id: number }, { dataSources, req }:{dataSources: any, req: any }) => { deleteTimeFrame: (_: any, { id }:{ id: number }, { dataSources, req }:{dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.DeleteTimeFrame)) { if (req.permissions.includes(Permission.DeleteTimeFrame)) {
return dataSources.lendingStationAPI.deleteTimeFrame(id, req.userId); return dataSources.lendingStationAPI.deleteTimeFrame(id, req.userId);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
} }
} }

@ -17,9 +17,9 @@ This file is part of fLotte-API-Server.
along with fLotte-API-Server. If not, see <https://www.gnu.org/licenses/>. along with fLotte-API-Server. If not, see <https://www.gnu.org/licenses/>.
*/ */
import { GraphQLError } from 'graphql';
import { Permission } from '../datasources/userserver/permission'; import { Permission } from '../datasources/userserver/permission';
import { isLocked, isLockedByMe } from '../datasources/db/utils'; import { isLocked, isLockedByMe } from '../datasources/db/utils';
import { PermissionError } from '../errors/PermissionError';
export default { export default {
Query: { Query: {
@ -27,42 +27,42 @@ export default {
if (req.permissions.includes(Permission.ReadParticipant)) { if (req.permissions.includes(Permission.ReadParticipant)) {
return dataSources.participantAPI.getParticipantById(id); return dataSources.participantAPI.getParticipantById(id);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
participants: (_: any, { offset, limit }: { offset: number, limit: number }, { dataSources, req }: { dataSources: any, req: any }) => { participants: (_: any, { offset, limit }: { offset: number, limit: number }, { dataSources, req }: { dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.ReadParticipant)) { if (req.permissions.includes(Permission.ReadParticipant)) {
return dataSources.participantAPI.getParticipants(offset, limit); return dataSources.participantAPI.getParticipants(offset, limit);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
engagementById: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => { engagementById: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.ReadEngagement)) { if (req.permissions.includes(Permission.ReadEngagement)) {
return dataSources.participantAPI.engagementById(id); return dataSources.participantAPI.engagementById(id);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
engagements: (_: any, { offset, limit }: { offset: number, limit: number }, { dataSources, req }: { dataSources: any, req: any }) => { engagements: (_: any, { offset, limit }: { offset: number, limit: number }, { dataSources, req }: { dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.ReadEngagement)) { if (req.permissions.includes(Permission.ReadEngagement)) {
return dataSources.participantAPI.engagements(offset, limit); return dataSources.participantAPI.engagements(offset, limit);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
engagementTypeById: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => { engagementTypeById: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.ReadEngagement)) { if (req.permissions.includes(Permission.ReadEngagement)) {
return dataSources.participantAPI.engagementTypeById(id); return dataSources.participantAPI.engagementTypeById(id);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
engagementTypes: (_: any, { offset, limit }: { offset: number, limit: number }, { dataSources, req }: { dataSources: any, req: any }) => { engagementTypes: (_: any, { offset, limit }: { offset: number, limit: number }, { dataSources, req }: { dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.ReadEngagement)) { if (req.permissions.includes(Permission.ReadEngagement)) {
return dataSources.participantAPI.engagementTypes(offset, limit); return dataSources.participantAPI.engagementTypes(offset, limit);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
} }
}, },
@ -71,21 +71,21 @@ export default {
if (req.permissions.includes(Permission.ReadEngagement)) { if (req.permissions.includes(Permission.ReadEngagement)) {
return dataSources.participantAPI.engagementByParticipantId(parent.id); return dataSources.participantAPI.engagementByParticipantId(parent.id);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
contactInformation (parent: any, _: any, { dataSources, req }: { dataSources: any, req: any }) { contactInformation (parent: any, _: any, { dataSources, req }: { dataSources: any, req: any }) {
if (req.permissions.includes(Permission.ReadPerson)) { if (req.permissions.includes(Permission.ReadPerson)) {
return (dataSources.participantAPI.contactInformationByParticipantId(parent.id)); return (dataSources.participantAPI.contactInformationByParticipantId(parent.id));
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
workshops (parent: any, _: any, { dataSources, req }: { dataSources: any, req: any }) { workshops (parent: any, _: any, { dataSources, req }: { dataSources: any, req: any }) {
if (req.permissions.includes(Permission.ReadWorkshop)) { if (req.permissions.includes(Permission.ReadWorkshop)) {
return (dataSources.participantAPI.workshopsByParticipantId(parent.id)); return (dataSources.participantAPI.workshopsByParticipantId(parent.id));
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
isLockedByMe: (parent: any, __: any, { req }: { req: any }) => isLockedByMe(parent, { req }), isLockedByMe: (parent: any, __: any, { req }: { req: any }) => isLockedByMe(parent, { req }),
@ -96,21 +96,21 @@ export default {
if (req.permissions.includes(Permission.ReadBike)) { if (req.permissions.includes(Permission.ReadBike)) {
return dataSources.cargoBikeAPI.findCargoBikeByEngagementId(parent.id); return dataSources.cargoBikeAPI.findCargoBikeByEngagementId(parent.id);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
participant (parent: any, _: any, { dataSources, req }: { dataSources: any, req: any }) { participant (parent: any, _: any, { dataSources, req }: { dataSources: any, req: any }) {
if (req.permissions.includes(Permission.ReadParticipant)) { if (req.permissions.includes(Permission.ReadParticipant)) {
return dataSources.participantAPI.participantByEngagementId(parent.id); return dataSources.participantAPI.participantByEngagementId(parent.id);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
engagementType (parent: any, _: any, { dataSources, req }: { dataSources: any; req: any }) { engagementType (parent: any, _: any, { dataSources, req }: { dataSources: any; req: any }) {
if (req.permissions.includes(Permission.ReadEngagement)) { if (req.permissions.includes(Permission.ReadEngagement)) {
return dataSources.participantAPI.engagementTypeByEngagementId(parent.id); return dataSources.participantAPI.engagementTypeByEngagementId(parent.id);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
from (parent: any) { from (parent: any) {
@ -128,105 +128,105 @@ export default {
if (req.permissions.includes(Permission.WriteParticipant)) { if (req.permissions.includes(Permission.WriteParticipant)) {
return dataSources.participantAPI.createParticipant(participant); return dataSources.participantAPI.createParticipant(participant);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
lockParticipant: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => { lockParticipant: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.WriteParticipant)) { if (req.permissions.includes(Permission.WriteParticipant)) {
return dataSources.participantAPI.lockParticipant(id, req.userId); return dataSources.participantAPI.lockParticipant(id, req.userId);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
unlockParticipant: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => { unlockParticipant: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.WriteParticipant)) { if (req.permissions.includes(Permission.WriteParticipant)) {
return dataSources.participantAPI.unlockeParticipant(id, req.userId); return dataSources.participantAPI.unlockeParticipant(id, req.userId);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
updateParticipant: (_: any, { participant }: { participant: any }, { dataSources, req }: { dataSources: any, req: any }) => { updateParticipant: (_: any, { participant }: { participant: any }, { dataSources, req }: { dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.WriteParticipant)) { if (req.permissions.includes(Permission.WriteParticipant)) {
return dataSources.participantAPI.updateParticipant(participant, req.userId); return dataSources.participantAPI.updateParticipant(participant, req.userId);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
deleteParticipant: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => { deleteParticipant: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.DeleteParticipant)) { if (req.permissions.includes(Permission.DeleteParticipant)) {
return dataSources.participantAPI.deleteParticipant(id, req.userId); return dataSources.participantAPI.deleteParticipant(id, req.userId);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
createEngagement: (_: any, { engagement }: { engagement: any }, { dataSources, req }: { dataSources: any, req: any }) => { createEngagement: (_: any, { engagement }: { engagement: any }, { dataSources, req }: { dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.WriteEngagement)) { if (req.permissions.includes(Permission.WriteEngagement)) {
return dataSources.participantAPI.createEngagement(engagement); return dataSources.participantAPI.createEngagement(engagement);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
lockEngagement: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => { lockEngagement: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.WriteEngagement)) { if (req.permissions.includes(Permission.WriteEngagement)) {
return dataSources.participantAPI.lockEngagement(id, req.userId); return dataSources.participantAPI.lockEngagement(id, req.userId);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
unlockEngagement: (_: any, { id }: {id: number }, { dataSources, req }: { dataSources: any, req: any }) => { unlockEngagement: (_: any, { id }: {id: number }, { dataSources, req }: { dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.WriteEngagement)) { if (req.permissions.includes(Permission.WriteEngagement)) {
return dataSources.participantAPI.unlockEngagement(id, req.userId); return dataSources.participantAPI.unlockEngagement(id, req.userId);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
updateEngagement: (_: any, { engagement }: { engagement: any }, { dataSources, req }: { dataSources: any, req: any }) => { updateEngagement: (_: any, { engagement }: { engagement: any }, { dataSources, req }: { dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.WriteEngagement)) { if (req.permissions.includes(Permission.WriteEngagement)) {
return dataSources.participantAPI.updateEngagement(engagement, req.userId); return dataSources.participantAPI.updateEngagement(engagement, req.userId);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
deleteEngagement: (_: any, { id }: {id: number }, { dataSources, req }: { dataSources: any, req: any }) => { deleteEngagement: (_: any, { id }: {id: number }, { dataSources, req }: { dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.DeleteEngagement)) { if (req.permissions.includes(Permission.DeleteEngagement)) {
return dataSources.participantAPI.deleteEngagement(id, req.userId); return dataSources.participantAPI.deleteEngagement(id, req.userId);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
createEngagementType: (_: any, { engagementType }: { engagementType: any }, { dataSources, req }: { dataSources: any, req: any }) => { createEngagementType: (_: any, { engagementType }: { engagementType: any }, { dataSources, req }: { dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.WriteEngagementType)) { if (req.permissions.includes(Permission.WriteEngagementType)) {
return dataSources.participantAPI.createEngagementType(engagementType); return dataSources.participantAPI.createEngagementType(engagementType);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
lockEngagementType: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => { lockEngagementType: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.WriteEngagementType)) { if (req.permissions.includes(Permission.WriteEngagementType)) {
return dataSources.participantAPI.lockEngagementType(id, req.userId); return dataSources.participantAPI.lockEngagementType(id, req.userId);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
unlockEngagementType: (_: any, { id }: {id: number }, { dataSources, req }: { dataSources: any, req: any }) => { unlockEngagementType: (_: any, { id }: {id: number }, { dataSources, req }: { dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.WriteEngagementType)) { if (req.permissions.includes(Permission.WriteEngagementType)) {
return dataSources.participantAPI.unlockEngagementType(id, req.userId); return dataSources.participantAPI.unlockEngagementType(id, req.userId);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
updateEngagementType: (_: any, { engagementType }: { engagementType: any }, { dataSources, req }: { dataSources: any, req: any }) => { updateEngagementType: (_: any, { engagementType }: { engagementType: any }, { dataSources, req }: { dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.WriteEngagementType)) { if (req.permissions.includes(Permission.WriteEngagementType)) {
return dataSources.participantAPI.updateEngagementType(engagementType, req.userId); return dataSources.participantAPI.updateEngagementType(engagementType, req.userId);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
deleteEngagementType: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => { deleteEngagementType: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.DeleteEngagementType)) { if (req.permissions.includes(Permission.DeleteEngagementType)) {
return dataSources.participantAPI.deleteEngagementType(id, req.userId); return dataSources.participantAPI.deleteEngagementType(id, req.userId);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
} }
} }

@ -17,9 +17,9 @@ This file is part of fLotte-API-Server.
along with fLotte-API-Server. If not, see <https://www.gnu.org/licenses/>. along with fLotte-API-Server. If not, see <https://www.gnu.org/licenses/>.
*/ */
import { GraphQLError } from 'graphql';
import { Permission } from '../datasources/userserver/permission'; import { Permission } from '../datasources/userserver/permission';
import { isLocked, isLockedByMe } from '../datasources/db/utils'; import { isLocked, isLockedByMe } from '../datasources/db/utils';
import { PermissionError } from '../errors/PermissionError';
export default { export default {
Query: { Query: {
@ -27,28 +27,28 @@ export default {
if (req.permissions.includes(Permission.ReadProvider)) { if (req.permissions.includes(Permission.ReadProvider)) {
return dataSources.providerAPI.provider(offset, limit); return dataSources.providerAPI.provider(offset, limit);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
providerById: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => { providerById: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.ReadProvider)) { if (req.permissions.includes(Permission.ReadProvider)) {
return dataSources.providerAPI.providerById(id); return dataSources.providerAPI.providerById(id);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
organisations: (_: any, { offset, limit }: { offset: number, limit: number }, { dataSources, req }: { dataSources: any, req: any }) => { organisations: (_: any, { offset, limit }: { offset: number, limit: number }, { dataSources, req }: { dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.ReadOrganisation)) { if (req.permissions.includes(Permission.ReadOrganisation)) {
return dataSources.providerAPI.organisations(offset, limit); return dataSources.providerAPI.organisations(offset, limit);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
organisationById: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => { organisationById: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.ReadOrganisation)) { if (req.permissions.includes(Permission.ReadOrganisation)) {
return dataSources.providerAPI.organisationById(id); return dataSources.providerAPI.organisationById(id);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
} }
}, },
@ -57,21 +57,21 @@ export default {
if (req.permissions.includes(Permission.ReadBike)) { if (req.permissions.includes(Permission.ReadBike)) {
return dataSources.cargoBikeAPI.cargoBikesByProviderId(parent.id); return dataSources.cargoBikeAPI.cargoBikesByProviderId(parent.id);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
organisation: (parent: any, __: any, { dataSources, req }: { dataSources: any, req: any }) => { organisation: (parent: any, __: any, { dataSources, req }: { dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.ReadOrganisation)) { if (req.permissions.includes(Permission.ReadOrganisation)) {
return dataSources.providerAPI.organisationByProviderId(parent.id); return dataSources.providerAPI.organisationByProviderId(parent.id);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
privatePerson: (parent: any, __: any, { dataSources, req }: { dataSources: any, req: any }) => { privatePerson: (parent: any, __: any, { dataSources, req }: { dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.ReadPerson)) { if (req.permissions.includes(Permission.ReadPerson)) {
return dataSources.providerAPI.privatePersonByProviderId(parent.id); return dataSources.providerAPI.privatePersonByProviderId(parent.id);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
isLockedByMe: (parent: any, __: any, { req }: { req: any }) => isLockedByMe(parent, { req }), isLockedByMe: (parent: any, __: any, { req }: { req: any }) => isLockedByMe(parent, { req }),
@ -82,21 +82,21 @@ export default {
if (req.permissions.includes(Permission.ReadProvider)) { if (req.permissions.includes(Permission.ReadProvider)) {
return dataSources.providerAPI.providerByOrganisationId(parent.id); return dataSources.providerAPI.providerByOrganisationId(parent.id);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
contactInformation: (parent: any, __: any, { dataSources, req }: { dataSources: any, req: any }) => { contactInformation: (parent: any, __: any, { dataSources, req }: { dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.ReadPerson)) { if (req.permissions.includes(Permission.ReadPerson)) {
return dataSources.providerAPI.contactInformationByOrganisationId(parent.id); return dataSources.providerAPI.contactInformationByOrganisationId(parent.id);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
lendingStations: (parent: any, __: any, { dataSources, req }: { dataSources: any, req: any }) => { lendingStations: (parent: any, __: any, { dataSources, req }: { dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.ReadLendingStation)) { if (req.permissions.includes(Permission.ReadLendingStation)) {
return dataSources.providerAPI.lendingStationByOrganisationId(parent.id); return dataSources.providerAPI.lendingStationByOrganisationId(parent.id);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
isLockedByMe: (parent: any, __: any, { req }: { req: any }) => isLockedByMe(parent, { req }), isLockedByMe: (parent: any, __: any, { req }: { req: any }) => isLockedByMe(parent, { req }),
@ -107,70 +107,70 @@ export default {
if (req.permissions.includes(Permission.WriteProvider)) { if (req.permissions.includes(Permission.WriteProvider)) {
return dataSources.providerAPI.createProvider(provider); return dataSources.providerAPI.createProvider(provider);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
lockProvider: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => { lockProvider: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.WriteProvider)) { if (req.permissions.includes(Permission.WriteProvider)) {
return dataSources.providerAPI.lockProvider(id, req.userId); return dataSources.providerAPI.lockProvider(id, req.userId);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
unlockProvider: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => { unlockProvider: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.WriteProvider)) { if (req.permissions.includes(Permission.WriteProvider)) {
return dataSources.providerAPI.unlockProvider(id, req.userId); return dataSources.providerAPI.unlockProvider(id, req.userId);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
updateProvider: (_: any, { provider }: { provider: any }, { dataSources, req }: { dataSources: any, req: any }) => { updateProvider: (_: any, { provider }: { provider: any }, { dataSources, req }: { dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.WriteProvider)) { if (req.permissions.includes(Permission.WriteProvider)) {
return dataSources.providerAPI.updateProvider(provider, req.userId); return dataSources.providerAPI.updateProvider(provider, req.userId);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
deleteProvider: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => { deleteProvider: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.DeleteProvider)) { if (req.permissions.includes(Permission.DeleteProvider)) {
return dataSources.providerAPI.deleteProvider(id, req.userId); return dataSources.providerAPI.deleteProvider(id, req.userId);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
createOrganisation: (_: any, { organisation }: { organisation: any }, { dataSources, req }: { dataSources: any, req: any }) => { createOrganisation: (_: any, { organisation }: { organisation: any }, { dataSources, req }: { dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.WriteOrganisation)) { if (req.permissions.includes(Permission.WriteOrganisation)) {
return dataSources.providerAPI.createOrganisation(organisation); return dataSources.providerAPI.createOrganisation(organisation);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
lockOrganisation: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => { lockOrganisation: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.WriteOrganisation)) { if (req.permissions.includes(Permission.WriteOrganisation)) {
return dataSources.providerAPI.lockOrganisation(id, req.userId); return dataSources.providerAPI.lockOrganisation(id, req.userId);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
unlockOrganisation: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => { unlockOrganisation: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.WriteOrganisation)) { if (req.permissions.includes(Permission.WriteOrganisation)) {
return dataSources.providerAPI.unlockOrganisation(id, req.userId); return dataSources.providerAPI.unlockOrganisation(id, req.userId);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
updateOrganisation: (_: any, { organisation }: { organisation: any }, { dataSources, req }: { dataSources: any, req: any }) => { updateOrganisation: (_: any, { organisation }: { organisation: any }, { dataSources, req }: { dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.WriteOrganisation)) { if (req.permissions.includes(Permission.WriteOrganisation)) {
return dataSources.providerAPI.updateOrganisation(organisation, req.userId); return dataSources.providerAPI.updateOrganisation(organisation, req.userId);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
deleteOrganisation: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => { deleteOrganisation: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.DeleteOrganisation)) { if (req.permissions.includes(Permission.DeleteOrganisation)) {
return dataSources.providerAPI.deleteOrganisation(id, req.userId); return dataSources.providerAPI.deleteOrganisation(id, req.userId);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
} }
} }

@ -18,9 +18,9 @@ This file is part of fLotte-API-Server.
*/ */
import { Permission } from '../datasources/userserver/permission'; import { Permission } from '../datasources/userserver/permission';
import { GraphQLError } from 'graphql';
import { isLocked, isLockedByMe } from '../datasources/db/utils'; import { isLocked, isLockedByMe } from '../datasources/db/utils';
import { Participant } from '../model/Participant'; import { Participant } from '../model/Participant';
import { PermissionError } from '../errors/PermissionError';
export default { export default {
Query: { Query: {
@ -28,28 +28,28 @@ export default {
if (req.permissions.includes(Permission.ReadWorkshop)) { if (req.permissions.includes(Permission.ReadWorkshop)) {
return dataSources.workshopAPI.workshopTypeById(id); return dataSources.workshopAPI.workshopTypeById(id);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
workshopTypes: (_: any, { offset, limit }: { offset: number, limit: number }, { dataSources, req }: { dataSources: any, req: any }) => { workshopTypes: (_: any, { offset, limit }: { offset: number, limit: number }, { dataSources, req }: { dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.ReadWorkshop)) { if (req.permissions.includes(Permission.ReadWorkshop)) {
return dataSources.workshopAPI.workshopTypes(offset, limit); return dataSources.workshopAPI.workshopTypes(offset, limit);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
workshopById: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => { workshopById: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.ReadWorkshop)) { if (req.permissions.includes(Permission.ReadWorkshop)) {
return dataSources.workshopAPI.workshopById(id); return dataSources.workshopAPI.workshopById(id);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
workshops: (_: any, { offset, limit }: { offset: number, limit: number }, { dataSources, req }: { dataSources: any, req: any }) => { workshops: (_: any, { offset, limit }: { offset: number, limit: number }, { dataSources, req }: { dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.ReadWorkshop)) { if (req.permissions.includes(Permission.ReadWorkshop)) {
return dataSources.workshopAPI.workshops(offset, limit); return dataSources.workshopAPI.workshops(offset, limit);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
} }
}, },
@ -58,21 +58,21 @@ export default {
if (req.permissions.includes(Permission.ReadParticipant)) { if (req.permissions.includes(Permission.ReadParticipant)) {
return dataSources.workshopAPI.trainer1ByWorkshopId(parent.id); return dataSources.workshopAPI.trainer1ByWorkshopId(parent.id);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
trainer2: (parent: any, __:any, { dataSources, req }: { dataSources: any, req: any }) => { trainer2: (parent: any, __:any, { dataSources, req }: { dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.ReadParticipant)) { if (req.permissions.includes(Permission.ReadParticipant)) {
return dataSources.workshopAPI.trainer2ByWorkshopId(parent.id); return dataSources.workshopAPI.trainer2ByWorkshopId(parent.id);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
participants (parent: any, _: any, { dataSources, req }: { dataSources: any; req: any }): Promise<Participant[]> | GraphQLError { participants (parent: any, _: any, { dataSources, req }: { dataSources: any; req: any }): Promise<Participant[]> {
if (req.permissions.includes(Permission.ReadParticipant)) { if (req.permissions.includes(Permission.ReadParticipant)) {
return dataSources.workshopAPI.participantsByWorkshopId(parent.id); return dataSources.workshopAPI.participantsByWorkshopId(parent.id);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
isLockedByMe: (parent: any, __: any, { req }: { req: any }) => isLockedByMe(parent, { req }), isLockedByMe: (parent: any, __: any, { req }: { req: any }) => isLockedByMe(parent, { req }),
@ -87,70 +87,70 @@ export default {
if (req.permissions.includes(Permission.WriteWorkshop)) { if (req.permissions.includes(Permission.WriteWorkshop)) {
return dataSources.workshopAPI.createWorkshop(workshop); return dataSources.workshopAPI.createWorkshop(workshop);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
lockWorkshop: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => { lockWorkshop: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.WriteWorkshop)) { if (req.permissions.includes(Permission.WriteWorkshop)) {
return dataSources.workshopAPI.lockWorkshop(id, req.userId); return dataSources.workshopAPI.lockWorkshop(id, req.userId);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
unlockWorkshop: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => { unlockWorkshop: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.WriteWorkshop)) { if (req.permissions.includes(Permission.WriteWorkshop)) {
return dataSources.workshopAPI.unlockWorkshop(id, req.userId); return dataSources.workshopAPI.unlockWorkshop(id, req.userId);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
updateWorkshop: (_: any, { workshop }: { workshop: number }, { dataSources, req }: { dataSources: any, req: any }) => { updateWorkshop: (_: any, { workshop }: { workshop: number }, { dataSources, req }: { dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.WriteWorkshop)) { if (req.permissions.includes(Permission.WriteWorkshop)) {
return dataSources.workshopAPI.updateWorkshop(workshop, req.userId); return dataSources.workshopAPI.updateWorkshop(workshop, req.userId);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
deleteWorkshop: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => { deleteWorkshop: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.DeleteWorkshop)) { if (req.permissions.includes(Permission.DeleteWorkshop)) {
return dataSources.workshopAPI.deleteWorkshop(id, req.userId); return dataSources.workshopAPI.deleteWorkshop(id, req.userId);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
createWorkshopType: (_: any, { workshopType }: { workshopType: any }, { dataSources, req }: { dataSources: any, req: any }) => { createWorkshopType: (_: any, { workshopType }: { workshopType: any }, { dataSources, req }: { dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.WriteWorkshopType)) { if (req.permissions.includes(Permission.WriteWorkshopType)) {
return dataSources.workshopAPI.createWorkshopType(workshopType); return dataSources.workshopAPI.createWorkshopType(workshopType);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
lockWorkshopType: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => { lockWorkshopType: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.WriteWorkshopType)) { if (req.permissions.includes(Permission.WriteWorkshopType)) {
return dataSources.workshopAPI.lockWorkshopType(id, req.userId); return dataSources.workshopAPI.lockWorkshopType(id, req.userId);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
unlockWorkshopType: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => { unlockWorkshopType: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.WriteWorkshopType)) { if (req.permissions.includes(Permission.WriteWorkshopType)) {
return dataSources.workshopAPI.unlockWorkshopType(id, req.userId); return dataSources.workshopAPI.unlockWorkshopType(id, req.userId);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
updateWorkshopType: (_: any, { workshopType }: { workshopType: any }, { dataSources, req }: { dataSources: any, req: any }) => { updateWorkshopType: (_: any, { workshopType }: { workshopType: any }, { dataSources, req }: { dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.WriteWorkshopType)) { if (req.permissions.includes(Permission.WriteWorkshopType)) {
return dataSources.workshopAPI.updateWorkshopType(workshopType, req.userId); return dataSources.workshopAPI.updateWorkshopType(workshopType, req.userId);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
}, },
deleteWorkshopType: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => { deleteWorkshopType: (_: any, { id }: { id: number }, { dataSources, req }: { dataSources: any, req: any }) => {
if (req.permissions.includes(Permission.DeleteWorkshopType)) { if (req.permissions.includes(Permission.DeleteWorkshopType)) {
return dataSources.workshopAPI.deleteWorkshopType(id, req.userId); return dataSources.workshopAPI.deleteWorkshopType(id, req.userId);
} else { } else {
return new GraphQLError('Insufficient Permissions'); throw new PermissionError();
} }
} }
} }

@ -0,0 +1,70 @@
function gql (strings: TemplateStringsArray) {
}
export const CREATE_CARGO_BIKE = gql`
mutation {
createCargoBike(
cargoBike: {
group: KL
name: "Test"
modelName: "cool"
numberOfWheels: 1
forCargo: true
forChildren: false
numberOfChildren: 2
technicalEquipment: {
bicycleShift: "shift"
isEBike: false
hasLightSystem:false
}
dimensionsAndLoad: {
hasCoverBox: true
lockable:false
boxLength: 0.1
boxWidth: 0.2
boxHeight:0.3
maxWeightBox: 1.1
maxWeightLuggageRack: 1.2
maxWeightTotal: 1.3
bikeLength:2.1
}
security: {frameNumber: "bla"}
insuranceData: {name:"in"
benefactor: "ben"
billing: "bill"
noPnP: "noP"
maintenanceResponsible: "someone"
maintenanceBenefactor: "mben"
hasFixedRate: true}
taxes: {costCenter:"cost"}
}
) {
id
insuranceData{
maintenanceResponsible
}
equipmentType {
id
name
}
provider {
id
organisation{
id
}
}
lendingStation {
id
name
cargoBikes {
id
}
}
}
}`;
export const GET_CARGO_BIKE = gql`{
cargoBikes(offset: 0, limit: 1) {
id
}
}`;

@ -0,0 +1,65 @@
/* eslint no-unused-expressions: 0 */
import * as chai from 'chai';
import { expect } from 'chai';
import { describe, it, before, after } from 'mocha';
import { step } from 'mocha-steps';
import chaiHttp from 'chai-http';
// @ts-ignore
import * as queries from './testQueries';
import { getApp, getConnectionOptions } from '../src/app';
import { getConnection } from 'typeorm';
chai.use(chaiHttp);
const chaiLib = <any>chai;
const request = chaiLib.default.request;
// @ts-ignore
chai.request = request;
process.env.NODE_ENV = 'develop';
function getAppServer () {
return getApp(getConnectionOptions());
}
describe('cargo bike resolver', () => {
let agent: any = null;
before(async () => {
const app = await getAppServer();
const connection = getConnection();
await connection.dropDatabase();
await connection.synchronize();
agent = chai.request.agent(app).post('/graphql').type('json');
});
step('creates cargo bikes', (done) => {
agent.send({
query: queries.CREATE_CARGO_BIKE
}).end((err: any, res: any) => {
debugger;
expect(err).to.be.null;
expect(res).to.have.status(200);
expect(res).to.be.json;
expect(res.body.errors).to.be.undefined;
done();
});
});
step('returns cargo bike data', (done) => {
agent.send({
query: queries.GET_CARGO_BIKE
}).end((err: any, res: any) => {
expect(err).to.be.null;
expect(res).to.have.status(200);
expect(res).to.be.json;
expect(res.body.errors).to.be.undefined;
expect(res.body.data.cargoBikes).not.to.be.empty;
});
});
after(async () => {
await getConnection().dropDatabase();
});
});

@ -12,13 +12,14 @@
"module": "commonjs", "module": "commonjs",
"esModuleInterop": true, "esModuleInterop": true,
"experimentalDecorators": true, "experimentalDecorators": true,
"emitDecoratorMetadata": true "emitDecoratorMetadata": true,
"resolveJsonModule": true
}, },
"include": [ "include": [
"src/**/*" "src/**/*"
], ],
"exclude": [ "exclude": [
"node_modules", "node_modules",
"**/*.spec.ts" "src/**/*.spec.ts"
] ]
} }

Loading…
Cancel
Save