fix: :ambulance: Fix notifications auth
Tim Izzo tim@5ika.ch
Fri, 22 Mar 2024 09:45:52 +0100
4 files changed,
11 insertions(+),
18 deletions(-)
M
backend/src/api/notification/policies/check-find.ts
→
backend/src/api/notification/policies/check-find.ts
@@ -5,7 +5,8 @@ const user = policyContext.state.user;
if (!user) throw new errors.ForbiddenError(); policyContext.args.filters = { - ...(policyContext.args || {}), + ...(policyContext.args.filters || {}), user: { id: { eq: user.id } }, + event: { id: { notNull: true } }, }; };
M
backend/src/index.ts
→
backend/src/index.ts
@@ -10,6 +10,11 @@ * This gives you an opportunity to extend code.
*/ register(context) { graphqlExtends(context); + + // Because of bug https://github.com/strapi/strapi/issues/17995, we're forced + // to enable "plugin::users-permissions.user" permission for Authenticated role. + context.strapi.controller("plugin::users-permissions.user").find = (ctx) => + ctx.unauthorized(); }, /**
M
frontend/generated/graphql.tsx
→
frontend/generated/graphql.tsx
@@ -211,13 +211,16 @@
export enum Enum_Notification_Type { AddedAsAdmin = 'AddedAsAdmin', ContactTripCreator = 'ContactTripCreator', + DeletedFromTrip = 'DeletedFromTrip', DeletedTrip = 'DeletedTrip', + DeletedYourTrip = 'DeletedYourTrip', EnabledCarosterPlus = 'EnabledCarosterPlus', EventCreated = 'EventCreated', EventEnded = 'EventEnded', EventRecap = 'EventRecap', NewPassengerInYourTrip = 'NewPassengerInYourTrip', NewTrip = 'NewTrip', + NewTripAlert = 'NewTripAlert', PassengerJoinTrip = 'PassengerJoinTrip' }@@ -2137,7 +2140,7 @@ maxItems?: InputMaybe<Scalars['Int']['input']>;
}>; -export type UserNotificationsQuery = { __typename?: 'Query', notifications?: { __typename?: 'NotificationEntityResponseCollection', data: Array<{ __typename?: 'NotificationEntity', id?: string | null, attributes?: { __typename?: 'Notification', type: Enum_Notification_Type, read?: boolean | null, createdAt?: any | null, user?: { __typename?: 'UsersPermissionsUserEntityResponse', data?: { __typename?: 'UsersPermissionsUserEntity', id?: string | null, attributes?: { __typename?: 'UsersPermissionsUser', email: string } | null } | null } | null, event?: { __typename?: 'EventEntityResponse', data?: { __typename?: 'EventEntity', id?: string | null, attributes?: { __typename?: 'Event', name: string, uuid?: string | null } | null } | null } | null } | null }> } | null }; +export type UserNotificationsQuery = { __typename?: 'Query', notifications?: { __typename?: 'NotificationEntityResponseCollection', data: Array<{ __typename?: 'NotificationEntity', id?: string | null, attributes?: { __typename?: 'Notification', type: Enum_Notification_Type, read?: boolean | null, createdAt?: any | null, event?: { __typename?: 'EventEntityResponse', data?: { __typename?: 'EventEntity', id?: string | null, attributes?: { __typename?: 'Event', name: string, uuid?: string | null } | null } | null } | null } | null }> } | null }; export type ReadNotificationsMutationVariables = Exact<{ id?: InputMaybe<Scalars['ID']['input']>;@@ -2855,14 +2858,6 @@ attributes {
type read createdAt - user { - data { - id - attributes { - email - } - } - } event { data { id
M
frontend/graphql/notifications.gql
→
frontend/graphql/notifications.gql
@@ -6,14 +6,6 @@ attributes {
type read createdAt - user { - data { - id - attributes { - email - } - } - } event { data { id