lldap/server/src/infra/graphql/mutation.rs

181 lines
5.2 KiB
Rust
Raw Normal View History

use crate::domain::handler::{
BackendHandler, CreateUserRequest, GroupId, UpdateGroupRequest, UpdateUserRequest,
};
2021-09-01 08:00:51 +00:00
use juniper::{graphql_object, FieldResult, GraphQLInputObject, GraphQLObject};
use super::api::Context;
#[derive(PartialEq, Eq, Debug)]
/// The top-level GraphQL mutation type.
pub struct Mutation<Handler: BackendHandler> {
_phantom: std::marker::PhantomData<Box<Handler>>,
}
impl<Handler: BackendHandler> Mutation<Handler> {
pub fn new() -> Self {
Self {
_phantom: std::marker::PhantomData,
}
}
}
#[derive(PartialEq, Eq, Debug, GraphQLInputObject)]
/// The details required to create a user.
2021-09-01 08:00:51 +00:00
pub struct CreateUserInput {
id: String,
email: String,
display_name: Option<String>,
first_name: Option<String>,
last_name: Option<String>,
}
2021-09-01 08:00:51 +00:00
#[derive(PartialEq, Eq, Debug, GraphQLInputObject)]
/// The fields that can be updated for a user.
pub struct UpdateUserInput {
id: String,
email: Option<String>,
display_name: Option<String>,
first_name: Option<String>,
last_name: Option<String>,
}
#[derive(PartialEq, Eq, Debug, GraphQLInputObject)]
/// The fields that can be updated for a group.
pub struct UpdateGroupInput {
id: i32,
display_name: Option<String>,
}
2021-09-01 08:00:51 +00:00
#[derive(PartialEq, Eq, Debug, GraphQLObject)]
pub struct Success {
ok: bool,
}
impl Success {
fn new() -> Self {
Self { ok: true }
}
}
#[graphql_object(context = Context<Handler>)]
impl<Handler: BackendHandler + Sync> Mutation<Handler> {
async fn create_user(
context: &Context<Handler>,
2021-09-01 08:00:51 +00:00
user: CreateUserInput,
) -> FieldResult<super::query::User<Handler>> {
if !context.validation_result.is_admin {
return Err("Unauthorized user creation".into());
}
context
.handler
2021-08-31 13:51:55 +00:00
.create_user(CreateUserRequest {
user_id: user.id.clone(),
email: user.email,
display_name: user.display_name,
first_name: user.first_name,
last_name: user.last_name,
})
.await?;
Ok(context
.handler
2021-08-31 13:48:45 +00:00
.get_user_details(&user.id)
.await
.map(Into::into)?)
}
2021-09-01 08:00:51 +00:00
async fn update_user(
context: &Context<Handler>,
user: UpdateUserInput,
) -> FieldResult<Success> {
if !context.validation_result.can_access(&user.id) {
return Err("Unauthorized user update".into());
}
context
.handler
.update_user(UpdateUserRequest {
user_id: user.id,
email: user.email,
display_name: user.display_name,
first_name: user.first_name,
last_name: user.last_name,
})
.await?;
Ok(Success::new())
}
async fn update_group(
context: &Context<Handler>,
group: UpdateGroupInput,
) -> FieldResult<Success> {
if !context.validation_result.is_admin {
return Err("Unauthorized group update".into());
}
if group.id == 1 {
return Err("Cannot change admin group details".into());
}
context
.handler
.update_group(UpdateGroupRequest {
group_id: GroupId(group.id),
display_name: group.display_name,
})
.await?;
Ok(Success::new())
}
async fn add_user_to_group(
context: &Context<Handler>,
user_id: String,
group_id: i32,
) -> FieldResult<Success> {
if !context.validation_result.is_admin {
return Err("Unauthorized group membership modification".into());
}
context
.handler
.add_user_to_group(&user_id, GroupId(group_id))
.await?;
Ok(Success::new())
}
async fn remove_user_from_group(
context: &Context<Handler>,
user_id: String,
group_id: i32,
) -> FieldResult<Success> {
if !context.validation_result.is_admin {
return Err("Unauthorized group membership modification".into());
}
if context.validation_result.user == user_id && group_id == 1 {
return Err("Cannot remove admin rights for current user".into());
}
context
.handler
.remove_user_from_group(&user_id, GroupId(group_id))
.await?;
Ok(Success::new())
}
2021-09-24 07:14:18 +00:00
async fn delete_user(context: &Context<Handler>, user_id: String) -> FieldResult<Success> {
if !context.validation_result.is_admin {
return Err("Unauthorized user deletion".into());
}
if context.validation_result.user == user_id {
return Err("Cannot delete current user".into());
}
2021-09-24 07:14:18 +00:00
context.handler.delete_user(&user_id).await?;
Ok(Success::new())
}
async fn delete_group(context: &Context<Handler>, group_id: i32) -> FieldResult<Success> {
if !context.validation_result.is_admin {
return Err("Unauthorized group deletion".into());
}
if group_id == 1 {
return Err("Cannot delete admin group".into());
}
context.handler.delete_group(GroupId(group_id)).await?;
Ok(Success::new())
}
}