backend/src/graphql/event/administrators.ts (view raw)
1import { errors } from "@strapi/utils";
2
3export default ({ nexus, strapi }) => ({
4 types: [
5 nexus.extendType({
6 type: "Event",
7 definition(t) {
8 t.field("administrators", {
9 type: nexus.list("String"),
10 });
11 },
12 }),
13 nexus.mutationField("addEventAdmin", {
14 type: "EventEntityResponse",
15 args: {
16 eventId: nexus.nonNull("ID"),
17 email: nexus.nonNull("String"),
18 },
19 }),
20 nexus.mutationField("deleteEventAdmin", {
21 type: "EventEntityResponse",
22 args: {
23 eventId: nexus.nonNull("ID"),
24 email: nexus.nonNull("String"),
25 },
26 }),
27 ],
28 resolvers: {
29 Event: {
30 administrators: async (event) => event.administrators?.split(/, ?/),
31 },
32 Mutation: {
33 addEventAdmin: {
34 async resolve(_root, args, context) {
35 // Retrieve targeted event
36 const event = await strapi.entityService.findOne(
37 "api::event.event",
38 args.eventId
39 );
40 if (!event) throw new errors.NotFoundError(`Event not found`);
41
42 const currentAdmins = event.administrators?.split(/, ?/) || [];
43
44 // Check if user is authorized to add event admin
45 const user = context.state.user;
46 if (user.email !== event.email && !currentAdmins.includes(user.email))
47 throw new errors.ForbiddenError();
48
49 // Add email to event's administrators list
50 const sanitizedEmail = args.email.replaceAll(",", "");
51 const administrators = new Set([...currentAdmins, sanitizedEmail]);
52 const updatedEvent = await strapi.entityService.update(
53 "api::event.event",
54 args.eventId,
55 {
56 data: {
57 administrators: [...administrators].join(", "),
58 },
59 }
60 );
61
62 // Create notification for targeted user
63 const targetedUser = await strapi.db
64 .query("plugin::users-permissions.user")
65 .findOne({
66 where: { email: args.email },
67 });
68 if (targetedUser) {
69 strapi.entityService.create("api::notification.notification", {
70 data: {
71 type: "AddedAsAdmin",
72 event: args.eventId,
73 user: targetedUser.id,
74 },
75 });
76 } else
77 strapi.log.warn(
78 `No user with email '${args.email}'. Can't create notification AddedAsAdmin for event ${args.eventId}`
79 );
80
81 // Send formated response
82 const { toEntityResponse } = strapi
83 .plugin("graphql")
84 .service("format").returnTypes;
85 return toEntityResponse(updatedEvent, {
86 args,
87 resourceUID: "api::event.event",
88 });
89 },
90 },
91 deleteEventAdmin: {
92 async resolve(_root, args, context) {
93 // Retrieve targeted event
94 const event = await strapi.entityService.findOne(
95 "api::event.event",
96 args.eventId
97 );
98 if (!event) throw new errors.NotFoundError(`Event not found`);
99
100 const currentAdmins = event.administrators?.split(/, ?/) || [];
101
102 // Check if user is authorized to remove event admin
103 const user = context.state.user;
104 if (user.email !== event.email && !currentAdmins.includes(user.email))
105 throw new errors.ForbiddenError();
106
107 // Remove email from event's administrators list
108 const administrators = currentAdmins
109 .filter((email) => email !== args.email)
110 .join(", ");
111 const updatedEvent = await strapi.entityService.update(
112 "api::event.event",
113 args.eventId,
114 { data: { administrators } }
115 );
116
117 // Send formated response
118 const { toEntityResponse } = strapi
119 .plugin("graphql")
120 .service("format").returnTypes;
121 return toEntityResponse(updatedEvent, {
122 args,
123 resourceUID: "api::event.event",
124 });
125 },
126 },
127 },
128 },
129 resolversConfig: {
130 "Mutation.addEventAdmin": {
131 auth: true,
132 },
133 "Mutation.deleteEventAdmin": {
134 auth: true,
135 },
136 },
137});