EPESS/epess-web-backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor: enhance schedule retrieval logic in ScheduleSchema

Browse Source 
- Update schedule retrieval to restrict access to authorized centers based on center ownership and mentorship.
- Implement checks to ensure that schedules are only fetched for approved centers.
- Improve error handling for user and center validation during schedule queries, preventing access in subscription contexts.
This commit is contained in:
Ly Tuan Kiet
2024-11-30 21:02:03 +07:00
parent c26bf36084
commit 2c38110183
1 changed files with 40 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
src/Schedule/schedule.schema.ts
View File

@@ -2,7 +2,7 @@ import { Inject, Injectable, Logger } from '@nestjs/common'
import { Pothos, PothosRef, PothosSchema, SchemaBuilderToken } from '@smatch-corp/nestjs-pothos' import { Pothos, PothosRef, PothosSchema, SchemaBuilderToken } from '@smatch-corp/nestjs-pothos'
import { Builder } from '../Graphql/graphql.builder' import { Builder } from '../Graphql/graphql.builder'
import { PrismaService } from '../Prisma/prisma.service' import { PrismaService } from '../Prisma/prisma.service'
import { ScheduleDateStatus, ScheduleStatus } from '@prisma/client' import { CenterStatus, ScheduleDateStatus, ScheduleStatus } from '@prisma/client'
import { ScheduleService } from './schedule.service' import { ScheduleService } from './schedule.service'
import { AppConfigService } from '../AppConfig/appconfig.service' import { AppConfigService } from '../AppConfig/appconfig.service'
import { ScheduleConfigType } from './schedule' import { ScheduleConfigType } from './schedule'
@@ -228,15 +228,16 @@ export class ScheduleSchema extends PothosSchema {
throw new Error('User not found') throw new Error('User not found')
} }
// only return schedule belong to center // only return schedule belong to center
const center = await this.prisma.center.findFirst({ const center = await this.prisma.center.findFirst({
where: { where: {
centerMentors: { AND: [
some: { { OR: [{ centerOwnerId: ctx.http.me.id }, { centerMentors: { some: { mentorId: ctx.http.me.id } } }] },
mentorId: ctx.http.me.id, { centerStatus: CenterStatus.APPROVED },
}, ],
},
}, },
}) })
if (!center) { if (!center) {
throw new Error('Center not found') throw new Error('Center not found')
} }
@@ -254,13 +255,44 @@ export class ScheduleSchema extends PothosSchema {
type: [this.schedule()], type: [this.schedule()],
args: this.builder.generator.findManyArgs('Schedule'), args: this.builder.generator.findManyArgs('Schedule'),
description: 'Retrieve a list of schedules with optional filtering, ordering, and pagination.', description: 'Retrieve a list of schedules with optional filtering, ordering, and pagination.',
resolve: async (query, _root, args, _ctx, _info) => { resolve: async (query, _root, args, ctx, _info) => {
if (ctx.isSubscription) {
throw new Error('Cannot retrieve schedules in subscription')
}
if (!ctx.http?.me?.id) {
throw new Error('User not found')
}
const center = await this.prisma.center.findFirst({
where: {
OR: [{ centerOwnerId: ctx.http.me.id }, { centerMentors: { some: { mentorId: ctx.http.me.id } } }],
},
include: {
centerMentors: true,
},
})
if (!center) {
throw new Error('Center not found')
}
return await this.prisma.schedule.findMany({ return await this.prisma.schedule.findMany({
...query, ...query,
skip: args.skip ?? undefined, skip: args.skip ?? undefined,
take: args.take ?? undefined, take: args.take ?? undefined,
orderBy: args.orderBy ?? undefined, orderBy: args.orderBy ?? undefined,
where: args.filter ?? undefined, where: {
AND: [
{
OR: [
{ managedService: { service: { centerId: center.id } } },
{
managedService: {
service: { center: { centerMentors: { some: { mentorId: ctx.http.me.id } } } },
},
},
],
},
{ managedService: { service: { centerId: center.id } } },
],
},
}) })
}, },
}), }),