From ebfe9a2eb2db5070723fb80cadcafb8a78bc5ee6 Mon Sep 17 00:00:00 2001 From: Eric Enns <492127+ericenns@users.noreply.github.com> Date: Tue, 6 Aug 2024 16:02:53 -0500 Subject: [PATCH] feat: update node(s) queries to support User and Attachment type (#687) --- app/graphql/irida_schema.rb | 6 ++- app/graphql/schema.graphql | 2 +- app/graphql/types/user_type.rb | 10 +++++ test/graphql/node_query_test.rb | 50 ++++++++++++++++++++++ test/graphql/nodes_query_test.rb | 73 ++++++++++++++++++++++++++++++++ 5 files changed, 139 insertions(+), 2 deletions(-) diff --git a/app/graphql/irida_schema.rb b/app/graphql/irida_schema.rb index 3b1713b109..c6be445ea2 100644 --- a/app/graphql/irida_schema.rb +++ b/app/graphql/irida_schema.rb @@ -31,8 +31,12 @@ def self.resolve_type(_type, object, _ctx) Types::ProjectType when Sample Types::SampleType + when Attachment + Types::AttachmentType + when User + Types::UserType else - raise("Unexpected object: #{obj}") + raise(GraphQL::RequiredImplementationMissingError) end end diff --git a/app/graphql/schema.graphql b/app/graphql/schema.graphql index b984404e49..8536ff8c0d 100644 --- a/app/graphql/schema.graphql +++ b/app/graphql/schema.graphql @@ -1074,7 +1074,7 @@ type UpdateSampleMetadataPayload { """ A user """ -type User { +type User implements Node { """ Datetime of creation. """ diff --git a/app/graphql/types/user_type.rb b/app/graphql/types/user_type.rb index 8ffd5a9a46..04b0e76cb2 100644 --- a/app/graphql/types/user_type.rb +++ b/app/graphql/types/user_type.rb @@ -3,9 +3,19 @@ module Types # User Type class UserType < Types::BaseType + implements GraphQL::Types::Relay::Node description 'A user' field :email, String, null: false, description: 'User email.' field :id, ID, null: false, description: 'ID of the user.' + + def self.authorized?(object, context) + super && + allowed_to?( + :read?, + object, + context: { user: context[:current_user], token: context[:token] } + ) + end end end diff --git a/test/graphql/node_query_test.rb b/test/graphql/node_query_test.rb index e2487305b7..df49491905 100644 --- a/test/graphql/node_query_test.rb +++ b/test/graphql/node_query_test.rb @@ -33,6 +33,28 @@ class NodeQueryTest < ActiveSupport::TestCase } GRAPHQL + NODE_USER_QUERY = <<~GRAPHQL + query($id: ID!) { + node(id: $id) { + id + ... on User { + email + } + } + } + GRAPHQL + + NODE_ATTACHMENT_QUERY = <<~GRAPHQL + query($id: ID!) { + node(id: $id) { + id + ... on Attachment { + attachmentUrl + } + } + } + GRAPHQL + def setup @user = users(:john_doe) end @@ -165,4 +187,32 @@ def setup assert_equal project.to_global_id.to_s, data['id'], 'id should be GlobalID' assert_equal project.name, data['name'] end + + test 'node query for user should be able to return user attributes' do + result = IridaSchema.execute(NODE_USER_QUERY, context: { current_user: @user }, + variables: { id: @user.to_global_id.to_s }) + + assert_nil result['errors'], 'should work and have no errors.' + + data = result['data']['node'] + + assert_not_empty data, 'node type should work' + assert_equal @user.to_global_id.to_s, data['id'], 'id should be GlobalID' + assert_equal @user.email, data['email'] + end + + test 'node query for attachment should be able to return attachment attributes' do + attachment = attachments(:attachment1) + + result = IridaSchema.execute(NODE_ATTACHMENT_QUERY, context: { current_user: @user }, + variables: { id: attachment.to_global_id.to_s }) + + assert_nil result['errors'], 'should work and have no errors.' + + data = result['data']['node'] + + assert_not_empty data, 'node type should work' + assert_equal attachment.to_global_id.to_s, data['id'], 'id should be GlobalID' + assert_not_nil data['attachmentUrl'] + end end diff --git a/test/graphql/nodes_query_test.rb b/test/graphql/nodes_query_test.rb index a71b95ecd5..32861d64d4 100644 --- a/test/graphql/nodes_query_test.rb +++ b/test/graphql/nodes_query_test.rb @@ -44,6 +44,28 @@ class NodesQueryTest < ActiveSupport::TestCase } GRAPHQL + NODES_USERS_QUERY = <<~GRAPHQL + query($ids: [ID!]!) { + nodes(ids: $ids) { + id + ... on User { + email + } + } + } + GRAPHQL + + NODES_ATTACHMENTS_QUERY = <<~GRAPHQL + query($ids: [ID!]!) { + nodes(ids: $ids) { + id + ... on Attachment { + attachmentUrl + } + } + } + GRAPHQL + def setup @user = users(:john_doe) end @@ -234,4 +256,55 @@ def setup assert_equal sample.name, data[0]['name'] end + + test 'nodes query for user should be able to return user attributes' do + result = IridaSchema.execute(NODES_USERS_QUERY, context: { current_user: @user }, + variables: { ids: [@user.to_global_id.to_s] }) + + assert_nil result['errors'], 'should work and have no errors.' + + data = result['data']['nodes'] + + assert_not_empty data, 'nodes type should work' + assert_equal 1, data.length + assert_not_nil data[0]['email'] + end + + test 'nodes query should not allow querying unauthorized users' do + jane_doe = users(:jane_doe) + result = IridaSchema.execute(NODES_USERS_QUERY, context: { current_user: @user }, + variables: { ids: [jane_doe.to_global_id.to_s] }) + + assert_not_nil result['errors'], 'should not work and have errors.' + + error_message = result['errors'][0]['message'] + assert_equal 'An object of type User was hidden due to permissions', error_message + end + + test 'nodes query should work when passed a list of attachment ids' do + attachment = attachments(:attachment1) + + result = IridaSchema.execute(NODES_ATTACHMENTS_QUERY, context: { current_user: @user }, + variables: { ids: [attachment.to_global_id.to_s] }) + + assert_nil result['errors'], 'should work and have no errors.' + + data = result['data']['nodes'] + + assert_not_empty data, 'nodes type should work' + assert_equal 1, data.length + assert_not_nil data[0]['attachmentUrl'] + end + + test 'nodes query should not allow querying unauthorized attachments' do + attachment = attachments(:attachmentI) + + result = IridaSchema.execute(NODES_ATTACHMENTS_QUERY, context: { current_user: @user }, + variables: { ids: [attachment.to_global_id.to_s] }) + + assert_not_nil result['errors'], 'should not work and have errors.' + + error_message = result['errors'][0]['message'] + assert_equal 'An object of type Attachment was hidden due to permissions', error_message + end end