refactor: enhance authorization checks and update meeting room collaboration logic

- Updated error messages in DocumentSchema to use 'Unauthorized' for better clarity on access issues. - Removed the deprecated testUpdateDocument field from DocumentSchema to streamline the schema. - Introduced a new updateMeetingRoomCollaborators field in MeetingRoomSchema to manage collaborator additions and removals, ensuring proper authorization checks are in place. - Improved overall error handling for unauthorized access in both DocumentSchema and MeetingRoomSchema.
2024-12-02 21:25:07 +07:00
parent 542312b7d8
commit 02bc5fe691
2 changed files with 45 additions and 29 deletions
--- a/src/MeetingRoom/meetingroom.schema.ts
+++ b/src/MeetingRoom/meetingroom.schema.ts
@@ -75,23 +75,55 @@ export class MeetingRoomSchema extends PothosSchema {
        type: this.meetingRoom(),
        args: {
          input: t.arg({
-            type: this.builder.generator.getCreateInput('MeetingRoom', [
-              'id',
-              'createdAt',
-              'updatedAt',
-              'collaborators',
-            ]),
+            type: this.builder.generator.getCreateInput('MeetingRoom', ['id', 'createdAt', 'updatedAt']),
            required: true,
          }),
        },
        resolve: async (query, _parent, args, ctx: SchemaContext) => {
          if (ctx.isSubscription) throw new Error('Not allowed')
+          if (!ctx.http.me) throw new Error('Unauthorized')
          return await this.prisma.meetingRoom.create({
            ...query,
            data: args.input,
          })
        },
      }),
+      updateMeetingRoomCollaborators: t.prismaField({
+        type: this.meetingRoom(),
+        args: {
+          meetingRoomId: t.arg.string({
+            required: true,
+          }),
+          addCollaborators: t.arg.stringList({
+            required: false,
+          }),
+          removeCollaborators: t.arg.stringList({
+            required: false,
+          }),
+        },
+        resolve: async (query, _parent, args, ctx: SchemaContext) => {
+          if (ctx.isSubscription) throw new Error('Not allowed')
+          if (!ctx.http.me) throw new Error('Unauthorized')
+          return await this.prisma.meetingRoom.update({
+            ...query,
+            where: {
+              id: args.meetingRoomId,
+            },
+            data: {
+              collaborators: {
+                createMany: {
+                  data: args.addCollaborators ? args.addCollaborators.map((id) => ({ userId: id })) : [],
+                },
+                deleteMany: {
+                  userId: {
+                    in: args.removeCollaborators || [],
+                  },
+                },
+              },
+            },
+          })
+        },
+      }),
    }))
  }
 }