diff --git a/src/Document/document.schema.ts b/src/Document/document.schema.ts index 5ab8977..478b8a4 100644 --- a/src/Document/document.schema.ts +++ b/src/Document/document.schema.ts @@ -199,7 +199,7 @@ export class DocumentSchema extends PothosSchema { resolve: async (query, _parent, args, ctx: SchemaContext) => { if (ctx.isSubscription) throw new Error('Not allowed') const userId = ctx.http?.me?.id - if (!userId) throw new Error('User not found') + if (!userId) throw new Error('Unauthorized') return await this.prisma.document.create({ ...query, data: { @@ -216,26 +216,6 @@ export class DocumentSchema extends PothosSchema { }, }), - testUpdateDocument: t.field({ - type: this.documentDelta(), - args: { - documentId: t.arg({ type: 'String', required: true }), - pageIndex: t.arg({ type: 'Int', required: true }), - }, - resolve: async (_root, args, ctx: SchemaContext) => { - if (ctx.isSubscription) throw new Error('Not allowed') - const delta = new Delta().insert('test') - const documentDelta = { - documentId: args.documentId, - pageIndex: args.pageIndex, - delta, - senderId: ctx.http?.me?.id, - } - ctx.http.pubSub.publish(`${DocumentEvent.CHANGED}.${args.documentId}`, documentDelta) - return documentDelta - }, - }), - eventDocumentChanged: t.field({ type: this.documentDelta(), args: { @@ -304,7 +284,7 @@ export class DocumentSchema extends PothosSchema { }, resolve: async (query, _parent, args, ctx: SchemaContext) => { if (ctx.isSubscription) throw new Error('Not allowed') - if (!ctx.http?.me?.id) throw new Error('User not found') + if (!ctx.http?.me?.id) throw new Error('Unauthorized') // check if user is owner or collaborator const document = await this.prisma.document.findUnique({ where: { id: args.documentId }, @@ -313,7 +293,11 @@ export class DocumentSchema extends PothosSchema { }, }) if (!document) throw new Error('Document not found') - if (!document.isPublic && !document.collaborators.some((c) => c.userId === ctx.http?.me?.id && c.writable)) + if ( + !document.isPublic || + !document.collaborators.some((c) => c.userId === ctx.http?.me?.id && c.writable) || + document.ownerId !== ctx.http?.me?.id + ) throw new Error('User is not owner or collaborator of document') return await this.prisma.document.update({ ...query, diff --git a/src/MeetingRoom/meetingroom.schema.ts b/src/MeetingRoom/meetingroom.schema.ts index f227f47..c487a98 100644 --- a/src/MeetingRoom/meetingroom.schema.ts +++ b/src/MeetingRoom/meetingroom.schema.ts @@ -75,23 +75,55 @@ export class MeetingRoomSchema extends PothosSchema { type: this.meetingRoom(), args: { input: t.arg({ - type: this.builder.generator.getCreateInput('MeetingRoom', [ - 'id', - 'createdAt', - 'updatedAt', - 'collaborators', - ]), + type: this.builder.generator.getCreateInput('MeetingRoom', ['id', 'createdAt', 'updatedAt']), required: true, }), }, resolve: async (query, _parent, args, ctx: SchemaContext) => { if (ctx.isSubscription) throw new Error('Not allowed') + if (!ctx.http.me) throw new Error('Unauthorized') return await this.prisma.meetingRoom.create({ ...query, data: args.input, }) }, }), + updateMeetingRoomCollaborators: t.prismaField({ + type: this.meetingRoom(), + args: { + meetingRoomId: t.arg.string({ + required: true, + }), + addCollaborators: t.arg.stringList({ + required: false, + }), + removeCollaborators: t.arg.stringList({ + required: false, + }), + }, + resolve: async (query, _parent, args, ctx: SchemaContext) => { + if (ctx.isSubscription) throw new Error('Not allowed') + if (!ctx.http.me) throw new Error('Unauthorized') + return await this.prisma.meetingRoom.update({ + ...query, + where: { + id: args.meetingRoomId, + }, + data: { + collaborators: { + createMany: { + data: args.addCollaborators ? args.addCollaborators.map((id) => ({ userId: id })) : [], + }, + deleteMany: { + userId: { + in: args.removeCollaborators || [], + }, + }, + }, + }, + }) + }, + }), })) } }