all repos — caroster @ 07bd55954ab0463c5a5c9302ff739974c536db9e

[Octree] Group carpool to your event https://caroster.io

fix: :ambulance: Fix notifications auth
Tim Izzo tim@5ika.ch
Fri, 22 Mar 2024 09:45:52 +0100
commit

07bd55954ab0463c5a5c9302ff739974c536db9e

parent

c8b3141cd41075f5a37d541d2a56fb34ee53fae7

4 files changed, 11 insertions(+), 18 deletions(-)

jump to
M backend/src/api/notification/policies/check-find.tsbackend/src/api/notification/policies/check-find.ts 
@@ -5,7 +5,8 @@ const user = policyContext.state.user;
   if (!user) throw new errors.ForbiddenError();
 
   policyContext.args.filters = {
-    ...(policyContext.args || {}),
+    ...(policyContext.args.filters || {}),
     user: { id: { eq: user.id } },
+    event: { id: { notNull: true } },
   };
 };
M backend/src/index.tsbackend/src/index.ts 
@@ -10,6 +10,11 @@ * This gives you an opportunity to extend code.
    */
   register(context) {
     graphqlExtends(context);
+
+    // Because of bug https://github.com/strapi/strapi/issues/17995, we're forced
+    // to enable "plugin::users-permissions.user" permission for Authenticated role.
+    context.strapi.controller("plugin::users-permissions.user").find = (ctx) =>
+      ctx.unauthorized();
   },
 
   /**
M frontend/generated/graphql.tsxfrontend/generated/graphql.tsx 
@@ -211,13 +211,16 @@ 
 export enum Enum_Notification_Type {
   AddedAsAdmin = 'AddedAsAdmin',
   ContactTripCreator = 'ContactTripCreator',
+  DeletedFromTrip = 'DeletedFromTrip',
   DeletedTrip = 'DeletedTrip',
+  DeletedYourTrip = 'DeletedYourTrip',
   EnabledCarosterPlus = 'EnabledCarosterPlus',
   EventCreated = 'EventCreated',
   EventEnded = 'EventEnded',
   EventRecap = 'EventRecap',
   NewPassengerInYourTrip = 'NewPassengerInYourTrip',
   NewTrip = 'NewTrip',
+  NewTripAlert = 'NewTripAlert',
   PassengerJoinTrip = 'PassengerJoinTrip'
 }
 

@@ -2137,7 +2140,7 @@ maxItems?: InputMaybe<Scalars['Int']['input']>;
 }>;
 
 
-export type UserNotificationsQuery = { __typename?: 'Query', notifications?: { __typename?: 'NotificationEntityResponseCollection', data: Array<{ __typename?: 'NotificationEntity', id?: string | null, attributes?: { __typename?: 'Notification', type: Enum_Notification_Type, read?: boolean | null, createdAt?: any | null, user?: { __typename?: 'UsersPermissionsUserEntityResponse', data?: { __typename?: 'UsersPermissionsUserEntity', id?: string | null, attributes?: { __typename?: 'UsersPermissionsUser', email: string } | null } | null } | null, event?: { __typename?: 'EventEntityResponse', data?: { __typename?: 'EventEntity', id?: string | null, attributes?: { __typename?: 'Event', name: string, uuid?: string | null } | null } | null } | null } | null }> } | null };
+export type UserNotificationsQuery = { __typename?: 'Query', notifications?: { __typename?: 'NotificationEntityResponseCollection', data: Array<{ __typename?: 'NotificationEntity', id?: string | null, attributes?: { __typename?: 'Notification', type: Enum_Notification_Type, read?: boolean | null, createdAt?: any | null, event?: { __typename?: 'EventEntityResponse', data?: { __typename?: 'EventEntity', id?: string | null, attributes?: { __typename?: 'Event', name: string, uuid?: string | null } | null } | null } | null } | null }> } | null };
 
 export type ReadNotificationsMutationVariables = Exact<{
   id?: InputMaybe<Scalars['ID']['input']>;

@@ -2855,14 +2858,6 @@ attributes {
         type
         read
         createdAt
-        user {
-          data {
-            id
-            attributes {
-              email
-            }
-          }
-        }
         event {
           data {
             id
M frontend/graphql/notifications.gqlfrontend/graphql/notifications.gql 
@@ -6,14 +6,6 @@ attributes {
         type
         read
         createdAt
-        user {
-          data {
-            id
-            attributes {
-              email
-            }
-          }
-        }
         event {
           data {
             id