feat: add commands for managing organizations and users
Introduce `AddUserToOrganization`, `RemoveAPIKey`, and `RemoveOrganization` commands to enhance organization management. Implement validation for user addition and API key removal. Update GraphQL schema to support new mutations and add caching for the new events, ensuring that organizations and their relationships are accurately represented in the cache.
This commit is contained in:
+114
-7
@@ -37,6 +37,24 @@ func (r *mutationResolver) AddOrganization(ctx context.Context, name string) (*m
|
||||
return ToGqlOrganization(*org), nil
|
||||
}
|
||||
|
||||
// AddUserToOrganization is the resolver for the addUserToOrganization field.
|
||||
func (r *mutationResolver) AddUserToOrganization(ctx context.Context, organizationID string, userID string) (*model.Organization, error) {
|
||||
sub := middleware.UserFromContext(ctx)
|
||||
org := &domain.Organization{BaseAggregate: eventsourced.BaseAggregateFromString(organizationID)}
|
||||
h, err := r.handler(ctx, org)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
_, err = h.Handle(ctx, &domain.AddUserToOrganization{
|
||||
UserId: userID,
|
||||
Initiator: sub,
|
||||
})
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return ToGqlOrganization(*org), nil
|
||||
}
|
||||
|
||||
// AddAPIKey is the resolver for the addAPIKey field.
|
||||
func (r *mutationResolver) AddAPIKey(ctx context.Context, input *model.InputAPIKey) (*model.APIKey, error) {
|
||||
sub := middleware.UserFromContext(ctx)
|
||||
@@ -71,6 +89,41 @@ func (r *mutationResolver) AddAPIKey(ctx context.Context, input *model.InputAPIK
|
||||
}, nil
|
||||
}
|
||||
|
||||
// RemoveAPIKey is the resolver for the removeAPIKey field.
|
||||
func (r *mutationResolver) RemoveAPIKey(ctx context.Context, organizationID string, keyName string) (*model.Organization, error) {
|
||||
sub := middleware.UserFromContext(ctx)
|
||||
org := &domain.Organization{BaseAggregate: eventsourced.BaseAggregateFromString(organizationID)}
|
||||
h, err := r.handler(ctx, org)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
_, err = h.Handle(ctx, &domain.RemoveAPIKey{
|
||||
KeyName: keyName,
|
||||
Initiator: sub,
|
||||
})
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return ToGqlOrganization(*org), nil
|
||||
}
|
||||
|
||||
// RemoveOrganization is the resolver for the removeOrganization field.
|
||||
func (r *mutationResolver) RemoveOrganization(ctx context.Context, organizationID string) (bool, error) {
|
||||
sub := middleware.UserFromContext(ctx)
|
||||
org := &domain.Organization{BaseAggregate: eventsourced.BaseAggregateFromString(organizationID)}
|
||||
h, err := r.handler(ctx, org)
|
||||
if err != nil {
|
||||
return false, err
|
||||
}
|
||||
_, err = h.Handle(ctx, &domain.RemoveOrganization{
|
||||
Initiator: sub,
|
||||
})
|
||||
if err != nil {
|
||||
return false, err
|
||||
}
|
||||
return true, nil
|
||||
}
|
||||
|
||||
// UpdateSubGraph is the resolver for the updateSubGraph field.
|
||||
func (r *mutationResolver) UpdateSubGraph(ctx context.Context, input model.InputSubGraph) (*model.SubGraph, error) {
|
||||
orgId := middleware.OrganizationFromContext(ctx)
|
||||
@@ -183,13 +236,49 @@ func (r *queryResolver) Organizations(ctx context.Context) ([]*model.Organizatio
|
||||
return ToGqlOrganizations(orgs), nil
|
||||
}
|
||||
|
||||
// AllOrganizations is the resolver for the allOrganizations field.
|
||||
func (r *queryResolver) AllOrganizations(ctx context.Context) ([]*model.Organization, error) {
|
||||
// Check if user has admin role
|
||||
if !middleware.UserHasRole(ctx, "admin") {
|
||||
return nil, fmt.Errorf("unauthorized: admin role required")
|
||||
}
|
||||
|
||||
orgs := r.Cache.AllOrganizations()
|
||||
return ToGqlOrganizations(orgs), nil
|
||||
}
|
||||
|
||||
// Supergraph is the resolver for the supergraph field.
|
||||
func (r *queryResolver) Supergraph(ctx context.Context, ref string, isAfter *string) (model.Supergraph, error) {
|
||||
orgId := middleware.OrganizationFromContext(ctx)
|
||||
_, err := r.apiKeyCanAccessRef(ctx, ref, false)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
userId := middleware.UserFromContext(ctx)
|
||||
|
||||
r.Logger.Info("Supergraph query",
|
||||
"ref", ref,
|
||||
"orgId", orgId,
|
||||
"userId", userId,
|
||||
)
|
||||
|
||||
// If authenticated with API key (organization), check access
|
||||
if orgId != "" {
|
||||
_, err := r.apiKeyCanAccessRef(ctx, ref, false)
|
||||
if err != nil {
|
||||
r.Logger.Error("API key cannot access ref", "error", err, "ref", ref)
|
||||
return nil, err
|
||||
}
|
||||
} else if userId != "" {
|
||||
// For user authentication, check if user has access to ref through their organizations
|
||||
userOrgs := r.Cache.OrganizationsByUser(userId)
|
||||
if len(userOrgs) == 0 {
|
||||
r.Logger.Error("User has no organizations", "userId", userId)
|
||||
return nil, fmt.Errorf("user has no access to any organizations")
|
||||
}
|
||||
// Use the first organization's ID for querying
|
||||
orgId = userOrgs[0].ID.String()
|
||||
r.Logger.Info("Using organization from user context", "orgId", orgId)
|
||||
} else {
|
||||
return nil, fmt.Errorf("no authentication provided")
|
||||
}
|
||||
|
||||
after := ""
|
||||
if isAfter != nil {
|
||||
after = *isAfter
|
||||
@@ -241,16 +330,34 @@ func (r *queryResolver) Supergraph(ctx context.Context, ref string, isAfter *str
|
||||
// LatestSchema is the resolver for the latestSchema field.
|
||||
func (r *queryResolver) LatestSchema(ctx context.Context, ref string) (*model.SchemaUpdate, error) {
|
||||
orgId := middleware.OrganizationFromContext(ctx)
|
||||
userId := middleware.UserFromContext(ctx)
|
||||
|
||||
r.Logger.Info("LatestSchema query",
|
||||
"ref", ref,
|
||||
"orgId", orgId,
|
||||
"userId", userId,
|
||||
)
|
||||
|
||||
_, err := r.apiKeyCanAccessRef(ctx, ref, false)
|
||||
if err != nil {
|
||||
r.Logger.Error("API key cannot access ref", "error", err, "ref", ref)
|
||||
return nil, err
|
||||
// If authenticated with API key (organization), check access
|
||||
if orgId != "" {
|
||||
_, err := r.apiKeyCanAccessRef(ctx, ref, false)
|
||||
if err != nil {
|
||||
r.Logger.Error("API key cannot access ref", "error", err, "ref", ref)
|
||||
return nil, err
|
||||
}
|
||||
} else if userId != "" {
|
||||
// For user authentication, check if user has access to ref through their organizations
|
||||
userOrgs := r.Cache.OrganizationsByUser(userId)
|
||||
if len(userOrgs) == 0 {
|
||||
r.Logger.Error("User has no organizations", "userId", userId)
|
||||
return nil, fmt.Errorf("user has no access to any organizations")
|
||||
}
|
||||
// Use the first organization's ID for querying
|
||||
// In a real-world scenario, you might want to check which org has access to this ref
|
||||
orgId = userOrgs[0].ID.String()
|
||||
r.Logger.Info("Using organization from user context", "orgId", orgId)
|
||||
} else {
|
||||
return nil, fmt.Errorf("no authentication provided")
|
||||
}
|
||||
|
||||
// Get current services and schema
|
||||
|
||||
Reference in New Issue
Block a user