From 72b0752c2a6244a2fd724a930593502bc82033da Mon Sep 17 00:00:00 2001 From: Chris Trevino Date: Sat, 23 Oct 2021 09:15:22 -0700 Subject: [PATCH 1/4] deleteUser -> removeUserFromOrg --- .../api/src/components/AppContextProvider.ts | 14 +++-- .../api/src/components/orgAuthStrategies.ts | 31 ---------- .../interactors/CreateNewUserInteractor.ts | 4 +- ...> RemoveUserFromOrganizationInteractor.ts} | 62 +++++++++++-------- packages/api/src/resolvers/resolvers.ts | 7 ++- packages/api/src/types.ts | 4 +- packages/schema/schema.gql | 3 +- .../useDeleteSpecialistCallback.ts | 14 ++--- 8 files changed, 62 insertions(+), 77 deletions(-) rename packages/api/src/interactors/{DeleteUserInteractor.ts => RemoveUserFromOrganizationInteractor.ts} (62%) diff --git a/packages/api/src/components/AppContextProvider.ts b/packages/api/src/components/AppContextProvider.ts index 7ebe31746..c86db2dc5 100644 --- a/packages/api/src/components/AppContextProvider.ts +++ b/packages/api/src/components/AppContextProvider.ts @@ -32,7 +32,7 @@ import { InitiatePasswordResetInteractor } from '~interactors/InitiatePasswordRe import { ResetUserPasswordInteractor } from '~interactors/ResetUserPasswordInteractor' import { SetUserPasswordInteractor } from '~interactors/SetUserPasswordInteractor' import { CreateNewUserInteractor } from '~interactors/CreateNewUserInteractor' -import { DeleteUserInteractor } from '~interactors/DeleteUserInteractor' +import { RemoveUserFromOrganizationInteractor } from '~interactors/RemoveUserFromOrganizationInteractor' import { UpdateUserInteractor } from '~interactors/UpdateUserInteractor' import { UpdateUserFCMTokenInteractor } from '~interactors/UpdateUserFCMTokenInteractor' import { MarkMentionSeenInteractor } from '~interactors/MarkMentionSeenInteractor' @@ -69,8 +69,7 @@ import { InputEntityToOrgIdStrategy, InputServiceAnswerEntityToOrgIdStrategy, OrganizationSrcStrategy, - OrgIdArgStrategy, - UserWithinOrgStrategy + OrgIdArgStrategy } from './orgAuthStrategies' const logger = createLogger('app-context-provider') @@ -112,8 +111,7 @@ export class AppContextProvider implements AsyncProvider { new OrgIdArgStrategy(authenticator), new EntityIdToOrgIdStrategy(authenticator), new InputEntityToOrgIdStrategy(authenticator), - new InputServiceAnswerEntityToOrgIdStrategy(authenticator), - new UserWithinOrgStrategy(authenticator) + new InputServiceAnswerEntityToOrgIdStrategy(authenticator) ] return { @@ -214,7 +212,11 @@ export class AppContextProvider implements AsyncProvider { ), setUserPassword: new SetUserPasswordInteractor(localization, userCollection), createNewUser: new CreateNewUserInteractor(localization, mailer, userCollection, config), - deleteUser: new DeleteUserInteractor(localization, userCollection, engagementCollection), + removeUserFromOrganization: new RemoveUserFromOrganizationInteractor( + localization, + userCollection, + engagementCollection + ), updateUser: new UpdateUserInteractor(localization, userCollection), updateUserFCMToken: new UpdateUserFCMTokenInteractor(localization, userCollection), markMentionSeen: new MarkMentionSeenInteractor(localization, userCollection), diff --git a/packages/api/src/components/orgAuthStrategies.ts b/packages/api/src/components/orgAuthStrategies.ts index 73ec4e800..6d835ce7f 100644 --- a/packages/api/src/components/orgAuthStrategies.ts +++ b/packages/api/src/components/orgAuthStrategies.ts @@ -7,7 +7,6 @@ import { OrgAuthDirectiveArgs, RoleType } from '@cbosuite/schema/dist/provider-t import { Authenticator } from '~components' import { ORGANIZATION_TYPE } from '~dto' import { AppContext, OrgAuthEvaluationStrategy } from '~types' -import { empty } from '~utils/noop' abstract class BaseOrgAuthEvaluationStrategy { public constructor(protected authenticator: Authenticator) {} @@ -19,7 +18,6 @@ const ENGAGEMENT_ID_ARG = 'engagementId' const CONTACT_ID_ARG = 'contactId' const TAG_ID_ARG = 'tagId' const ANSWER_ID_ARG = 'answerId' -const USER_ID_ARG = 'userId' export class OrganizationSrcStrategy extends BaseOrgAuthEvaluationStrategy @@ -180,32 +178,3 @@ export class InputServiceAnswerEntityToOrgIdStrategy ) } } - -export class UserWithinOrgStrategy - extends BaseOrgAuthEvaluationStrategy - implements OrgAuthEvaluationStrategy -{ - public name = 'UserWithinOrg' - public isApplicable(_src: any, resolverArgs: any): boolean { - return resolverArgs[USER_ID_ARG] != null - } - public async isAuthorized( - _src: any, - directiveArgs: OrgAuthDirectiveArgs, - resolverArgs: any, - { requestCtx, collections: { users } }: AppContext - ): Promise { - const userIdArg = resolverArgs[USER_ID_ARG] - const { item: user } = await users.itemById(userIdArg) - if (user) { - const userOrgs = new Set(user.roles.map((r) => r.org_id) ?? empty) - for (const orgId of userOrgs) { - // only admins can take actions on user entities in their org - if (this.authenticator.isAuthorized(requestCtx.identity, orgId, RoleType.Admin)) { - return true - } - } - } - return false - } -} diff --git a/packages/api/src/interactors/CreateNewUserInteractor.ts b/packages/api/src/interactors/CreateNewUserInteractor.ts index 72554b104..318b8fe64 100644 --- a/packages/api/src/interactors/CreateNewUserInteractor.ts +++ b/packages/api/src/interactors/CreateNewUserInteractor.ts @@ -24,9 +24,7 @@ export class CreateNewUserInteractor ) {} public async execute({ user }: MutationCreateNewUserArgs): Promise { - const checkUser = await this.users.count({ - email: user.email - }) + const checkUser = await this.users.count({ email: user.email }) if (checkUser !== 0) { return new FailedResponse(this.localization.t('mutation.createNewUser.emailExist')) diff --git a/packages/api/src/interactors/DeleteUserInteractor.ts b/packages/api/src/interactors/RemoveUserFromOrganizationInteractor.ts similarity index 62% rename from packages/api/src/interactors/DeleteUserInteractor.ts rename to packages/api/src/interactors/RemoveUserFromOrganizationInteractor.ts index 93c6d9fc3..7d887736b 100644 --- a/packages/api/src/interactors/DeleteUserInteractor.ts +++ b/packages/api/src/interactors/RemoveUserFromOrganizationInteractor.ts @@ -2,13 +2,18 @@ * Copyright (c) Microsoft. All rights reserved. * Licensed under the MIT license. See LICENSE file in the project. */ -import { MutationDeleteUserArgs, VoidResponse } from '@cbosuite/schema/dist/provider-types' +import { + MutationRemoveUserFromOrganizationArgs, + VoidResponse +} from '@cbosuite/schema/dist/provider-types' import { Localization } from '~components' import { EngagementCollection, UserCollection } from '~db' import { Interactor, RequestContext } from '~types' import { FailedResponse, SuccessVoidResponse } from '~utils/response' -export class DeleteUserInteractor implements Interactor { +export class RemoveUserFromOrganizationInteractor + implements Interactor +{ public constructor( private readonly localization: Localization, private readonly users: UserCollection, @@ -16,53 +21,50 @@ export class DeleteUserInteractor implements Interactor { - // Delete user - try { - await this.users.deleteItem({ id: userId }) - } catch (error) { + const { item: user } = await this.users.itemById(userId) + if (!user) { return new FailedResponse(this.localization.t('mutation.deleteUser.fail')) } - // Remove all engagements with user + // Remove org permissinos + const newRoles = user.roles.filter((r) => r.org_id !== orgId) try { + if (newRoles.length === 0) { + await this.users.deleteItem({ id: userId }) + } else { + await this.users.updateItem({ id: userId }, { $set: { roles: newRoles } }) + } + + // Remove all engagements with user await this.engagements.deleteItems({ user_id: userId }) - } catch (error) { - return new FailedResponse(this.localization.t('mutation.deleteUser.fail')) - } - // Remove all remaining engagement actions with user - try { - const remainingEngagementsOnOrg = await this.engagements.items( - {}, - { org_id: identity?.roles[0]?.org_id } - ) - if (remainingEngagementsOnOrg.items) { - for (const engagement of remainingEngagementsOnOrg.items) { + // Remove all remaining engagement actions with user + const { items: remainingEngagements } = await this.engagements.items({}, { org_id: orgId }) + if (remainingEngagements) { + for (const engagement of remainingEngagements) { const newActions = [] - let removedUser = false + let isUpdated = false for (const action of engagement.actions) { // If action was created by user, do not added it to the newActions list if (action.user_id === userId) { - removedUser = true + isUpdated = true continue } - // If action tags the user, remove the tag if (action.tagged_user_id === userId) { action.tagged_user_id = undefined - removedUser = true + isUpdated = true } - // Add the action back to the engagment actions newActions.push(action) } // Only update the engagement actions if a user was removed - if (removedUser) { + if (isUpdated) { await this.engagements.updateItem( { id: engagement.id }, { @@ -78,6 +80,16 @@ export class DeleteUserInteractor implements Interactor & IResolvers = { updateUser: async (_, args, { requestCtx, interactors: { updateUser } }) => updateUser.execute(args, requestCtx), - deleteUser: async (_, args, { requestCtx, interactors: { deleteUser } }) => - deleteUser.execute(args, requestCtx), + removeUserFromOrganization: async ( + _, + args, + { requestCtx, interactors: { removeUserFromOrganization } } + ) => removeUserFromOrganization.execute(args, requestCtx), updateUserFCMToken: async (_, args, { requestCtx, interactors: { updateUserFCMToken } }) => updateUserFCMToken.execute(args, requestCtx), diff --git a/packages/api/src/types.ts b/packages/api/src/types.ts index b295c7a88..39b658954 100644 --- a/packages/api/src/types.ts +++ b/packages/api/src/types.ts @@ -23,7 +23,7 @@ import { QueryServicesArgs, QueryUserArgs, MutationResetUserPasswordArgs, - MutationDeleteUserArgs, + MutationRemoveUserFromOrganizationArgs, MutationArchiveContactArgs, QueryContactArgs, QueryContactsArgs, @@ -139,7 +139,7 @@ export interface BuiltAppContext { resetUserPassword: Interactor setUserPassword: Interactor createNewUser: Interactor - deleteUser: Interactor + removeUserFromOrganization: Interactor updateUser: Interactor updateUserFCMToken: Interactor markMentionSeen: Interactor diff --git a/packages/schema/schema.gql b/packages/schema/schema.gql index e3d4132c0..a3167d1ac 100644 --- a/packages/schema/schema.gql +++ b/packages/schema/schema.gql @@ -113,7 +113,8 @@ type Mutation { # # Delete user # - deleteUser(userId: String!): VoidResponse @orgAuth(requires: ADMIN) + removeUserFromOrganization(userId: String!, orgId: String!): VoidResponse + @orgAuth(requires: ADMIN) # # Update user FCM Token diff --git a/packages/webapp/src/hooks/api/useSpecialist/useDeleteSpecialistCallback.ts b/packages/webapp/src/hooks/api/useSpecialist/useDeleteSpecialistCallback.ts index 0f0aedd72..41bacca07 100644 --- a/packages/webapp/src/hooks/api/useSpecialist/useDeleteSpecialistCallback.ts +++ b/packages/webapp/src/hooks/api/useSpecialist/useDeleteSpecialistCallback.ts @@ -7,7 +7,7 @@ import { VoidResponse, Organization, StatusType, - MutationDeleteUserArgs + MutationRemoveUserFromOrganizationArgs } from '@cbosuite/schema/dist/client-types' import { MessageResponse } from '../types' import { useToasts } from '~hooks/useToasts' @@ -17,29 +17,29 @@ import { organizationState } from '~store' import { useCallback } from 'react' const DELETE_SPECIALIST = gql` - mutation deleteUser($userId: String!) { - deleteUser(userId: $userId) { + mutation removeUserFromOrganization(orgId: $orgId, $userId: String!) { + removeUserFromOrganization(orgId: $orgId, userId: $userId) { message status } } ` -export type DeleteSpecialistCallback = (userId: string) => Promise +export type DeleteSpecialistCallback = (orgId: string, userId: string) => Promise export function useDeleteSpecialistCallback(): DeleteSpecialistCallback { const { c } = useTranslation() const { success, failure } = useToasts() - const [deleteUser] = useMutation(DELETE_SPECIALIST) + const [deleteUser] = useMutation(DELETE_SPECIALIST) const [organization, setOrg] = useRecoilState(organizationState) return useCallback( - async (userId) => { + async (orgId: string, userId: string) => { const result: MessageResponse = { status: StatusType.Failed } try { await deleteUser({ - variables: { userId }, + variables: { userId, orgId }, update(cache, { data }) { const updateUserResp = data.deleteUser as VoidResponse From 604b07210602ae9d1cbebb823925aa7c4c99d58f Mon Sep 17 00:00:00 2001 From: Chris Trevino Date: Sat, 23 Oct 2021 09:16:55 -0700 Subject: [PATCH 2/4] pass orgId into removeuser --- .../webapp/src/components/forms/EditSpecialistForm/index.tsx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/webapp/src/components/forms/EditSpecialistForm/index.tsx b/packages/webapp/src/components/forms/EditSpecialistForm/index.tsx index 1caf15853..04b3e7902 100644 --- a/packages/webapp/src/components/forms/EditSpecialistForm/index.tsx +++ b/packages/webapp/src/components/forms/EditSpecialistForm/index.tsx @@ -110,7 +110,7 @@ export const EditSpecialistForm: StandardFC = wrap( } const handleDeleteSpecialist = async (sid: string) => { - await deleteSpecialist(sid) + await deleteSpecialist(orgId, sid) setShowModal(false) closeForm() } From c9c2c8e95b7cb233a73622341bf75256c95fcc33 Mon Sep 17 00:00:00 2001 From: Chris Trevino Date: Sat, 23 Oct 2021 09:18:22 -0700 Subject: [PATCH 3/4] restore UserWithOrg orgauth strategy for PW resets --- .../api/src/components/orgAuthStrategies.ts | 31 +++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/packages/api/src/components/orgAuthStrategies.ts b/packages/api/src/components/orgAuthStrategies.ts index 6d835ce7f..6b50d4e77 100644 --- a/packages/api/src/components/orgAuthStrategies.ts +++ b/packages/api/src/components/orgAuthStrategies.ts @@ -7,6 +7,7 @@ import { OrgAuthDirectiveArgs, RoleType } from '@cbosuite/schema/dist/provider-t import { Authenticator } from '~components' import { ORGANIZATION_TYPE } from '~dto' import { AppContext, OrgAuthEvaluationStrategy } from '~types' +import { empty } from '~utils/noop' abstract class BaseOrgAuthEvaluationStrategy { public constructor(protected authenticator: Authenticator) {} @@ -18,6 +19,7 @@ const ENGAGEMENT_ID_ARG = 'engagementId' const CONTACT_ID_ARG = 'contactId' const TAG_ID_ARG = 'tagId' const ANSWER_ID_ARG = 'answerId' +const USER_ID_ARG = 'userId' export class OrganizationSrcStrategy extends BaseOrgAuthEvaluationStrategy @@ -178,3 +180,32 @@ export class InputServiceAnswerEntityToOrgIdStrategy ) } } + +export class UserWithinOrgStrategy + extends BaseOrgAuthEvaluationStrategy + implements OrgAuthEvaluationStrategy +{ + public name = 'UserWithinOrg' + public isApplicable(_src: any, resolverArgs: any): boolean { + return resolverArgs[USER_ID_ARG] != null + } + public async isAuthorized( + _src: any, + directiveArgs: OrgAuthDirectiveArgs, + resolverArgs: any, + { requestCtx, collections: { users } }: AppContext + ): Promise { + const userIdArg = resolverArgs[USER_ID_ARG] + const { item: user } = await users.itemById(userIdArg) + if (user) { + const userOrgs = new Set(user.roles.map((r) => r.org_id) ?? empty) + for (const orgId of userOrgs) { + // only admins can take actions on user entities in their org (e.g. resetPassword) + if (this.authenticator.isAuthorized(requestCtx.identity, orgId, RoleType.Admin)) { + return true + } + } + } + return false + } +} From 7194f2dd06712f64112c7e06bc3db14ded3baf43 Mon Sep 17 00:00:00 2001 From: Chris Trevino Date: Sat, 23 Oct 2021 11:39:58 -0700 Subject: [PATCH 4/4] fix graphql mutation syntax --- .../src/hooks/api/useSpecialist/useDeleteSpecialistCallback.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/webapp/src/hooks/api/useSpecialist/useDeleteSpecialistCallback.ts b/packages/webapp/src/hooks/api/useSpecialist/useDeleteSpecialistCallback.ts index 41bacca07..e83fdf6af 100644 --- a/packages/webapp/src/hooks/api/useSpecialist/useDeleteSpecialistCallback.ts +++ b/packages/webapp/src/hooks/api/useSpecialist/useDeleteSpecialistCallback.ts @@ -17,7 +17,7 @@ import { organizationState } from '~store' import { useCallback } from 'react' const DELETE_SPECIALIST = gql` - mutation removeUserFromOrganization(orgId: $orgId, $userId: String!) { + mutation removeUserFromOrganization($orgId: String!, $userId: String!) { removeUserFromOrganization(orgId: $orgId, userId: $userId) { message status