feat: update node(s) queries to support User and Attachment type (#687)

app/graphql/irida_schema.rb

@@ -31,8 +31,12 @@ def self.resolve_type(_type, object, _ctx)
       Types::ProjectType
     when Sample
       Types::SampleType
+    when Attachment
+      Types::AttachmentType
+    when User
+      Types::UserType
     else
-      raise("Unexpected object: #{obj}")
+      raise(GraphQL::RequiredImplementationMissingError)
     end
   end
 

app/graphql/schema.graphql

@@ -1074,7 +1074,7 @@ type UpdateSampleMetadataPayload {
 """
 A user
 """
-type User {
+type User implements Node {
   """
   Datetime of creation.
   """

app/graphql/types/user_type.rb

@@ -3,9 +3,19 @@
 module Types
   # User Type
   class UserType < Types::BaseType
+    implements GraphQL::Types::Relay::Node
     description 'A user'
 
     field :email, String, null: false, description: 'User email.'
     field :id, ID, null: false, description: 'ID of the user.'
+
+    def self.authorized?(object, context)
+      super &&
+        allowed_to?(
+          :read?,
+          object,
+          context: { user: context[:current_user], token: context[:token] }
+        )
+    end
   end
 end

test/graphql/node_query_test.rb

@@ -33,6 +33,28 @@ class NodeQueryTest < ActiveSupport::TestCase
     }
   GRAPHQL
 
+  NODE_USER_QUERY = <<~GRAPHQL
+    query($id: ID!) {
+      node(id: $id) {
+        id
+        ... on User {
+          email
+        }
+      }
+    }
+  GRAPHQL
+
+  NODE_ATTACHMENT_QUERY = <<~GRAPHQL
+    query($id: ID!) {
+      node(id: $id) {
+        id
+        ... on Attachment {
+          attachmentUrl
+        }
+      }
+    }
+  GRAPHQL
+
   def setup
     @user = users(:john_doe)
   end
@@ -165,4 +187,32 @@ def setup
     assert_equal project.to_global_id.to_s, data['id'], 'id should be GlobalID'
     assert_equal project.name, data['name']
   end
+
+  test 'node query for user should be able to return user attributes' do
+    result = IridaSchema.execute(NODE_USER_QUERY, context: { current_user: @user },
+                                                  variables: { id: @user.to_global_id.to_s })
+
+    assert_nil result['errors'], 'should work and have no errors.'
+
+    data = result['data']['node']
+
+    assert_not_empty data, 'node type should work'
+    assert_equal @user.to_global_id.to_s, data['id'], 'id should be GlobalID'
+    assert_equal @user.email, data['email']
+  end
+
+  test 'node query for attachment should be able to return attachment attributes' do
+    attachment = attachments(:attachment1)
+
+    result = IridaSchema.execute(NODE_ATTACHMENT_QUERY, context: { current_user: @user },
+                                                        variables: { id: attachment.to_global_id.to_s })
+
+    assert_nil result['errors'], 'should work and have no errors.'
+
+    data = result['data']['node']
+
+    assert_not_empty data, 'node type should work'
+    assert_equal attachment.to_global_id.to_s, data['id'], 'id should be GlobalID'
+    assert_not_nil data['attachmentUrl']
+  end
 end

test/graphql/nodes_query_test.rb

@@ -44,6 +44,28 @@ class NodesQueryTest < ActiveSupport::TestCase
     }
   GRAPHQL
 
+  NODES_USERS_QUERY = <<~GRAPHQL
+    query($ids: [ID!]!) {
+      nodes(ids: $ids) {
+        id
+        ... on User {
+          email
+        }
+      }
+    }
+  GRAPHQL
+
+  NODES_ATTACHMENTS_QUERY = <<~GRAPHQL
+    query($ids: [ID!]!) {
+      nodes(ids: $ids) {
+        id
+        ... on Attachment {
+          attachmentUrl
+        }
+      }
+    }
+  GRAPHQL
+
   def setup
     @user = users(:john_doe)
   end
@@ -234,4 +256,55 @@ def setup
 
     assert_equal sample.name, data[0]['name']
   end
+
+  test 'nodes query for user should be able to return user attributes' do
+    result = IridaSchema.execute(NODES_USERS_QUERY, context: { current_user: @user },
+                                                    variables: { ids: [@user.to_global_id.to_s] })
+
+    assert_nil result['errors'], 'should work and have no errors.'
+
+    data = result['data']['nodes']
+
+    assert_not_empty data, 'nodes type should work'
+    assert_equal 1, data.length
+    assert_not_nil data[0]['email']
+  end
+
+  test 'nodes query should not allow querying unauthorized users' do
+    jane_doe = users(:jane_doe)
+    result = IridaSchema.execute(NODES_USERS_QUERY, context: { current_user: @user },
+                                                    variables: { ids: [jane_doe.to_global_id.to_s] })
+
+    assert_not_nil result['errors'], 'should not work and have errors.'
+
+    error_message = result['errors'][0]['message']
+    assert_equal 'An object of type User was hidden due to permissions', error_message
+  end
+
+  test 'nodes query should work when passed a list of attachment ids' do
+    attachment = attachments(:attachment1)
+
+    result = IridaSchema.execute(NODES_ATTACHMENTS_QUERY, context: { current_user: @user },
+                                                          variables: { ids: [attachment.to_global_id.to_s] })
+
+    assert_nil result['errors'], 'should work and have no errors.'
+
+    data = result['data']['nodes']
+
+    assert_not_empty data, 'nodes type should work'
+    assert_equal 1, data.length
+    assert_not_nil data[0]['attachmentUrl']
+  end
+
+  test 'nodes query should not allow querying unauthorized attachments' do
+    attachment = attachments(:attachmentI)
+
+    result = IridaSchema.execute(NODES_ATTACHMENTS_QUERY, context: { current_user: @user },
+                                                          variables: { ids: [attachment.to_global_id.to_s] })
+
+    assert_not_nil result['errors'], 'should not work and have errors.'
+
+    error_message = result['errors'][0]['message']
+    assert_equal 'An object of type Attachment was hidden due to permissions', error_message
+  end
 end