Home Explore Help
Sign In
mirrors
/
wikijs
mirror of https://github.com/Requarks/wiki.git
2
0
Fork 0
Files Issues 0 Wiki
Tree: dd48f28827
Branches Tags
wikijs
/
server
/
graph
/
resolvers
/
group.js

group.js 6.5 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210 
  1. const graphHelper = require('../../helpers/graph')
    2. 

  2. const safeRegex = require('safe-regex')
    3. 

  3. const _ = require('lodash')
    4. 

  4. const gql = require('graphql')
    5. 

  5. 

  6. /* global WIKI */
    7. 

  7. 

  8. module.exports = {
    9. 

  9.   Query: {
    10. 

  10.     async groups () { return {} }
    11. 

  11.   },
    12. 

  12.   Mutation: {
    13. 

  13.     async groups () { return {} }
    14. 

  14.   },
    15. 

  15.   GroupQuery: {
    16. 

  16.     /**
    17. 

  17.      * FETCH ALL GROUPS
    18. 

  18.      */
    19. 

  19.     async list () {
    20. 

  20.       return WIKI.models.groups.query().select(
    21. 

  21.         'groups.*',
    22. 

  22.         WIKI.models.groups.relatedQuery('users').count().as('userCount')
    23. 

  23.       )
    24. 

  24.     },
    25. 

  25.     /**
    26. 

  26.      * FETCH A SINGLE GROUP
    27. 

  27.      */
    28. 

  28.     async single(obj, args) {
    29. 

  29.       return WIKI.models.groups.query().findById(args.id)
    30. 

  30.     }
    31. 

  31.   },
    32. 

  32.   GroupMutation: {
    33. 

  33.     /**
    34. 

  34.      * ASSIGN USER TO GROUP
    35. 

  35.      */
    36. 

  36.     async assignUser (obj, args, { req }) {
    37. 

  37.       // Check for guest user
    38. 

  38.       if (args.userId === 2) {
    39. 

  39.         throw new gql.GraphQLError('Cannot assign the Guest user to a group.')
    40. 

  40.       }
    41. 

  41. 

  42.       // Check for valid group
    43. 

  43.       const grp = await WIKI.models.groups.query().findById(args.groupId)
    44. 

  44.       if (!grp) {
    45. 

  45.         throw new gql.GraphQLError('Invalid Group ID')
    46. 

  46.       }
    47. 

  47. 

  48.       // Check assigned permissions for write:groups
    49. 

  49.       if (
    50. 

  50.         WIKI.auth.checkExclusiveAccess(req.user, ['write:groups'], ['manage:groups', 'manage:system']) &&
    51. 

  51.         grp.permissions.some(p => {
    52. 

  52.           const resType = _.last(p.split(':'))
    53. 

  53.           return ['users', 'groups', 'navigation', 'theme', 'api', 'system'].includes(resType)
    54. 

  54.         })
    55. 

  55.       ) {
    56. 

  56.         throw new gql.GraphQLError('You are not authorized to assign a user to this elevated group.')
    57. 

  57.       }
    58. 

  58. 

  59.       // Check for valid user
    60. 

  60.       const usr = await WIKI.models.users.query().findById(args.userId)
    61. 

  61.       if (!usr) {
    62. 

  62.         throw new gql.GraphQLError('Invalid User ID')
    63. 

  63.       }
    64. 

  64. 

  65.       // Check for existing relation
    66. 

  66.       const relExist = await WIKI.models.knex('userGroups').where({
    67. 

  67.         userId: args.userId,
    68. 

  68.         groupId: args.groupId
    69. 

  69.       }).first()
    70. 

  70.       if (relExist) {
    71. 

  71.         throw new gql.GraphQLError('User is already assigned to group.')
    72. 

  72.       }
    73. 

  73. 

  74.       // Assign user to group
    75. 

  75.       await grp.$relatedQuery('users').relate(usr.id)
    76. 

  76. 

  77.       // Revoke tokens for this user
    78. 

  78.       WIKI.auth.revokeUserTokens({ id: usr.id, kind: 'u' })
    79. 

  79.       WIKI.events.outbound.emit('addAuthRevoke', { id: usr.id, kind: 'u' })
    80. 

  80. 

  81.       return {
    82. 

  82.         responseResult: graphHelper.generateSuccess('User has been assigned to group.')
    83. 

  83.       }
    84. 

  84.     },
    85. 

  85.     /**
    86. 

  86.      * CREATE NEW GROUP
    87. 

  87.      */
    88. 

  88.     async create (obj, args, { req }) {
    89. 

  89.       const group = await WIKI.models.groups.query().insertAndFetch({
    90. 

  90.         name: args.name,
    91. 

  91.         permissions: JSON.stringify(WIKI.data.groups.defaultPermissions),
    92. 

  92.         pageRules: JSON.stringify(WIKI.data.groups.defaultPageRules),
    93. 

  93.         isSystem: false
    94. 

  94.       })
    95. 

  95.       await WIKI.auth.reloadGroups()
    96. 

  96.       WIKI.events.outbound.emit('reloadGroups')
    97. 

  97.       return {
    98. 

  98.         responseResult: graphHelper.generateSuccess('Group created successfully.'),
    99. 

  99.         group
    100. 

  100.       }
    101. 

  101.     },
    102. 

  102.     /**
    103. 

  103.      * DELETE GROUP
    104. 

  104.      */
    105. 

  105.     async delete (obj, args) {
    106. 

  106.       if (args.id === 1 || args.id === 2) {
    107. 

  107.         throw new gql.GraphQLError('Cannot delete this group.')
    108. 

  108.       }
    109. 

  109. 

  110.       await WIKI.models.groups.query().deleteById(args.id)
    111. 

  111. 

  112.       WIKI.auth.revokeUserTokens({ id: args.id, kind: 'g' })
    113. 

  113.       WIKI.events.outbound.emit('addAuthRevoke', { id: args.id, kind: 'g' })
    114. 

  114. 

  115.       await WIKI.auth.reloadGroups()
    116. 

  116.       WIKI.events.outbound.emit('reloadGroups')
    117. 

  117. 

  118.       return {
    119. 

  119.         responseResult: graphHelper.generateSuccess('Group has been deleted.')
    120. 

  120.       }
    121. 

  121.     },
    122. 

  122.     /**
    123. 

  123.      * UNASSIGN USER FROM GROUP
    124. 

  124.      */
    125. 

  125.     async unassignUser (obj, args) {
    126. 

  126.       if (args.userId === 2) {
    127. 

  127.         throw new gql.GraphQLError('Cannot unassign Guest user')
    128. 

  128.       }
    129. 

  129.       if (args.userId === 1 && args.groupId === 1) {
    130. 

  130.         throw new gql.GraphQLError('Cannot unassign Administrator user from Administrators group.')
    131. 

  131.       }
    132. 

  132.       const grp = await WIKI.models.groups.query().findById(args.groupId)
    133. 

  133.       if (!grp) {
    134. 

  134.         throw new gql.GraphQLError('Invalid Group ID')
    135. 

  135.       }
    136. 

  136.       const usr = await WIKI.models.users.query().findById(args.userId)
    137. 

  137.       if (!usr) {
    138. 

  138.         throw new gql.GraphQLError('Invalid User ID')
    139. 

  139.       }
    140. 

  140.       await grp.$relatedQuery('users').unrelate().where('userId', usr.id)
    141. 

  141. 

  142.       WIKI.auth.revokeUserTokens({ id: usr.id, kind: 'u' })
    143. 

  143.       WIKI.events.outbound.emit('addAuthRevoke', { id: usr.id, kind: 'u' })
    144. 

  144. 

  145.       return {
    146. 

  146.         responseResult: graphHelper.generateSuccess('User has been unassigned from group.')
    147. 

  147.       }
    148. 

  148.     },
    149. 

  149.     /**
    150. 

  150.      * UPDATE GROUP
    151. 

  151.      */
    152. 

  152.     async update (obj, args, { req }) {
    153. 

  153.       // Check for unsafe regex page rules
    154. 

  154.       if (_.some(args.pageRules, pr => {
    155. 

  155.         return pr.match === 'REGEX' && !safeRegex(pr.path)
    156. 

  156.       })) {
    157. 

  157.         throw new gql.GraphQLError('Some Page Rules contains unsafe or exponential time regex.')
    158. 

  158.       }
    159. 

  159. 

  160.       // Set default redirect on login value
    161. 

  161.       if (_.isEmpty(args.redirectOnLogin)) {
    162. 

  162.         args.redirectOnLogin = '/'
    163. 

  163.       }
    164. 

  164. 

  165.       // Check assigned permissions for write:groups
    166. 

  166.       if (
    167. 

  167.         WIKI.auth.checkExclusiveAccess(req.user, ['write:groups'], ['manage:groups', 'manage:system']) &&
    168. 

  168.         args.permissions.some(p => {
    169. 

  169.           const resType = _.last(p.split(':'))
    170. 

  170.           return ['users', 'groups', 'navigation', 'theme', 'api', 'system'].includes(resType)
    171. 

  171.         })
    172. 

  172.       ) {
    173. 

  173.         throw new gql.GraphQLError('You are not authorized to manage this group or assign these permissions.')
    174. 

  174.       }
    175. 

  175. 

  176.       // Check assigned permissions for manage:groups
    177. 

  177.       if (
    178. 

  178.         WIKI.auth.checkExclusiveAccess(req.user, ['manage:groups'], ['manage:system']) &&
    179. 

  179.         args.permissions.some(p => _.last(p.split(':')) === 'system')
    180. 

  180.       ) {
    181. 

  181.         throw new gql.GraphQLError('You are not authorized to manage this group or assign the manage:system permissions.')
    182. 

  182.       }
    183. 

  183. 

  184.       // Update group
    185. 

  185.       await WIKI.models.groups.query().patch({
    186. 

  186.         name: args.name,
    187. 

  187.         redirectOnLogin: args.redirectOnLogin,
    188. 

  188.         permissions: JSON.stringify(args.permissions),
    189. 

  189.         pageRules: JSON.stringify(args.pageRules)
    190. 

  190.       }).where('id', args.id)
    191. 

  191. 

  192.       // Revoke tokens for this group
    193. 

  193.       WIKI.auth.revokeUserTokens({ id: args.id, kind: 'g' })
    194. 

  194.       WIKI.events.outbound.emit('addAuthRevoke', { id: args.id, kind: 'g' })
    195. 

  195. 

  196.       // Reload group permissions
    197. 

  197.       await WIKI.auth.reloadGroups()
    198. 

  198.       WIKI.events.outbound.emit('reloadGroups')
    199. 

  199. 

  200.       return {
    201. 

  201.         responseResult: graphHelper.generateSuccess('Group has been updated.')
    202. 

  202.       }
    203. 

  203.     }
    204. 

  204.   },
    205. 

  205.   Group: {
    206. 

  206.     users (grp) {
    207. 

  207.       return grp.$relatedQuery('users')
    208. 

  208.     }
    209. 

  209.   }
    210. 

  210. }
    211.