all repos — caroster @ 349dbfb1eb7ac2e8859da9c78828f80bedf0c962

[Octree] Group carpool to your event https://caroster.io

fix: :lock: Fix permissions for user notifications
Tim Izzo tim@octree.ch
Tue, 05 Nov 2024 10:15:26 +0100
commit

349dbfb1eb7ac2e8859da9c78828f80bedf0c962

parent

2934f49713e078b9c820ecd136e8016eca67d2bf

4 files changed, 24 insertions(+), 15 deletions(-)

jump to
D backend/src/api/notification/policies/check-find.ts 
@@ -1,12 +0,0 @@ 
-import { errors } from "@strapi/utils";
-
-export default async (policyContext) => {
-  const user = policyContext.state.user;
-  if (!user) throw new errors.ForbiddenError();
-
-  policyContext.args.filters = {
-    ...(policyContext.args.filters || {}),
-    user: { id: { eq: user.id } },
-    event: { id: { notNull: true } },
-  };
-};
M backend/src/graphql/notification/index.tsbackend/src/graphql/notification/index.ts 
@@ -11,6 +11,28 @@ },
       }),
     ],
     resolvers: {
+      Query: {
+        notifications: {
+          async resolve(_root, args, context) {
+            const user = context.state.user;
+            const userNotifications = await strapi.entityService.findMany(
+              "api::notification.notification",
+              {
+                filters: {
+                  user: { id: { $eq: user.id } },
+                  event: { id: { $notNull: true } },
+                },
+                sort: { createdAt: "DESC" },
+                limit: args?.pagination?.limit || 20,
+              }
+            );
+            return {
+              nodes: userNotifications,
+              info: { args, resourceUID: "api::notification.notification" },
+            };
+          },
+        },
+      },
       Mutation: {
         readNotifications: {
           async resolve(_root, args, context) {

@@ -57,7 +79,6 @@ },
     resolversConfig: {
       "Query.notifications": {
         auth: true,
-        policies: ["api::notification.check-find"],
       },
       "Mutation.readNotifications": {
         auth: true,
M frontend/generated/graphql.tsxfrontend/generated/graphql.tsx 
@@ -2684,7 +2684,7 @@ export type ModuleSuspenseQueryHookResult = ReturnType<typeof useModuleSuspenseQuery>;
 export type ModuleQueryResult = Apollo.QueryResult<ModuleQuery, ModuleQueryVariables>;
 export const UserNotificationsDocument = gql`
     query UserNotifications($maxItems: Int = 20) {
-  notifications(pagination: {limit: $maxItems}, sort: "createdAt:DESC") {
+  notifications(pagination: {limit: $maxItems}) {
     data {
       id
       attributes {
M frontend/graphql/notifications.gqlfrontend/graphql/notifications.gql 
@@ -1,5 +1,5 @@ 
 query UserNotifications($maxItems: Int = 20) {
-  notifications(pagination: {limit: $maxItems}, sort: "createdAt:DESC") {
+  notifications(pagination: {limit: $maxItems}) {
     data {
       id
       attributes {