diff --git a/src/CollaborationSession/collaborationsession.schema.ts b/src/CollaborationSession/collaborationsession.schema.ts index 2aa0e5d..b5cf1b8 100644 --- a/src/CollaborationSession/collaborationsession.schema.ts +++ b/src/CollaborationSession/collaborationsession.schema.ts @@ -75,6 +75,7 @@ export class CollaborationSessionSchema extends PothosSchema { 'Retrieve a single collaboration session by its unique identifier.', resolve: async (_query, _root, args, ctx, _info) => { if (ctx.isSubscription) throw new Error('Not allowed') + if (!ctx.http.me) throw new Error('Cannot get your info') const scheduleDate = await this.prisma.scheduleDate.findUnique({ where: { id: args.scheduleDateId, @@ -96,8 +97,19 @@ export class CollaborationSessionSchema extends PothosSchema { throw new Error('User not allowed') } /* ---------- use case 2 : center mentor get collaboration session by schedule date id --------- */ - if (ctx.http.me?.role !== Role.CENTER_MENTOR) - throw new Error('Mentor does not created collaboration session yet') + if ( + ctx.http.me.role !== Role.CENTER_MENTOR && + ctx.http.me.role !== Role.CENTER_OWNER + ) { + if (!collaborationSession) + throw new Error( + 'Mentor does not created collaboration session yet', + ) + throw new Error('User not allowed') + } + // check if user is participant + if (!scheduleDate.participantIds.includes(ctx.http.me.id)) + throw new Error('User not allowed') // check if order is exist in schedule date if (!scheduleDate.orderId) throw new Error('Order not found') const order = await this.prisma.order.findUnique({ @@ -131,7 +143,7 @@ export class CollaborationSessionSchema extends PothosSchema { data: { scheduleDateId: scheduleDate.id, // assign chat room - chatRoomId: order.chatRoomId, + chatRoomId: chatRoom.id, }, }) // case after start time and before end time, mark as late diff --git a/src/User/user.schema.ts b/src/User/user.schema.ts index 1bb1b54..8075867 100644 --- a/src/User/user.schema.ts +++ b/src/User/user.schema.ts @@ -8,7 +8,6 @@ import { import { Builder, SchemaContext } from '../Graphql/graphql.builder' import { PrismaService } from '../Prisma/prisma.service' import { clerkClient } from '@clerk/express' -import { UnauthorizedException } from '@nestjs/common' import { MailService } from '../Mail/mail.service' import { MessageSchema } from 'src/Message/message.schema' import { @@ -441,8 +440,8 @@ export class UserSchema extends PothosSchema { } // check context is admin - if (ctx.http.me?.role !== 'ADMIN') { - throw new UnauthorizedException(`Only admin can invite moderator`) + if (ctx.http.me?.role !== Role.ADMIN) { + throw new Error(`Only admin can invite moderator`) } return this.prisma.$transaction(async (tx) => { let user @@ -507,6 +506,43 @@ export class UserSchema extends PothosSchema { return message }, }), + banUser: t.field({ + type: 'String', + args: { + userId: t.arg({ type: 'String', required: true }), + }, + resolve: async (_parent, args, ctx) => { + if (ctx.isSubscription) { + throw new Error('Not allowed') + } + if ( + ctx.http.me?.role !== Role.ADMIN && + ctx.http.me?.role !== Role.MODERATOR + ) { + throw new Error(`Only admin or moderator can ban user`) + } + if (args.userId === ctx.http.me?.id) { + throw new Error(`Cannot ban yourself`) + } + // get banning user info + const banningUser = await this.prisma.user.findUnique({ + where: { id: args.userId }, + }) + if (!banningUser) { + throw new Error(`User ${args.userId} not found`) + } + // if banning user is moderator or admin, throw error + if ( + banningUser.role === Role.MODERATOR || + banningUser.role === Role.ADMIN + ) { + throw new Error(`Cannot ban moderator or admin`) + } + // ban user from clerk + await clerkClient.users.banUser(args.userId) + return 'Banned' + }, + }), })) // Subscription section