backend/src/graphql/event/administrators.ts (view raw)
1import { errors } from "@strapi/utils";
2
3export default ({ nexus, strapi }) => ({
4 types: [
5 nexus.extendType({
6 type: "Event",
7 definition(t) {
8 t.field("administrators", {
9 type: nexus.list("String"),
10 });
11 },
12 }),
13 nexus.mutationField("addEventAdmin", {
14 type: "EventEntityResponse",
15 args: {
16 eventId: nexus.nonNull("ID"),
17 email: nexus.nonNull("String"),
18 },
19 }),
20 nexus.mutationField("deleteEventAdmin", {
21 type: "EventEntityResponse",
22 args: {
23 eventId: nexus.nonNull("ID"),
24 email: nexus.nonNull("String"),
25 },
26 }),
27 ],
28 resolvers: {
29 Event: {
30 administrators: (event) => event.administrators?.split(/, ?/).filter(Boolean) || [],
31 },
32 Mutation: {
33 addEventAdmin: {
34 async resolve(_root, args, context) {
35 // Retrieve targeted event
36 const event = await strapi.entityService.findOne(
37 "api::event.event",
38 args.eventId
39 );
40 if (!event) throw new errors.NotFoundError(`Event not found`);
41
42 const currentAdmins = event.administrators?.split(/, ?/).filter(Boolean) || [];
43
44 // Check if user is authorized to add event admin
45 const user = context.state.user;
46 if (user.email !== event.email && !currentAdmins.includes(user.email))
47 throw new errors.ForbiddenError();
48
49 // Add email to event's administrators list
50 const sanitizedEmail = args.email.replaceAll(",", "");
51 const administrators = new Set([...currentAdmins, sanitizedEmail]);
52 const updatedEvent = await strapi.entityService.update(
53 "api::event.event",
54 args.eventId,
55 {
56 data: {
57 administrators: [...administrators].join(", "),
58 },
59 }
60 );
61
62 // Create notification for targeted user
63 const targetedUser = await strapi.db
64 .query("plugin::users-permissions.user")
65 .findOne({
66 where: { email: args.email },
67 });
68 if (targetedUser) {
69 strapi.entityService.create("api::notification.notification", {
70 data: {
71 type: "AddedAsAdmin",
72 event: args.eventId,
73 user: targetedUser.id,
74 },
75 });
76 } else
77 strapi.log.warn(
78 `No user with email '${args.email}'. Can't create notification AddedAsAdmin for event ${args.eventId}`
79 );
80
81 // Send formated response
82 const { toEntityResponse } = strapi
83 .plugin("graphql")
84 .service("format").returnTypes;
85 return toEntityResponse(updatedEvent, {
86 args,
87 resourceUID: "api::event.event",
88 });
89 },
90 },
91 deleteEventAdmin: {
92 async resolve(_root, args, context) {
93 // Retrieve targeted event
94 const event = await strapi.entityService.findOne(
95 "api::event.event",
96 args.eventId
97 );
98 if (!event) throw new errors.NotFoundError(`Event not found`);
99
100 const currentAdmins = event.administrators?.split(/, ?/) || [];
101
102 // Check if user is authorized to remove event admin
103 const user = context.state.user;
104 if (user.email !== event.email && !currentAdmins.includes(user.email))
105 throw new errors.ForbiddenError();
106
107 // Remove email from event's administrators list
108 const administratorsArray = currentAdmins.filter(
109 (email) => email !== args.email
110 );
111
112 const administrators = administratorsArray.join(", ");
113
114 const updatedEvent = await strapi.entityService.update(
115 "api::event.event",
116 args.eventId,
117 { data: { administrators } }
118 );
119
120 // Send formated response
121 const { toEntityResponse } = strapi
122 .plugin("graphql")
123 .service("format").returnTypes;
124 return toEntityResponse(updatedEvent, {
125 args,
126 resourceUID: "api::event.event",
127 });
128 },
129 },
130 },
131 },
132 resolversConfig: {
133 "Mutation.addEventAdmin": {
134 auth: true,
135 },
136 "Mutation.deleteEventAdmin": {
137 auth: true,
138 },
139 },
140});