@things-factory/auth-base 6.2.170 → 6.2.177

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@things-factory/auth-base",
-  "version": "6.2.170",
+  "version": "6.2.177",
   "main": "dist-server/index.js",
   "browser": "dist-client/index.js",
   "things-factory": true,
@@ -43,5 +43,5 @@
     "passport-local": "^1.0.0",
     "popsicle-cookie-jar": "^1.0.0"
   },
-  "gitHead": "5a4f3894a63e770de9320c28a1a3c0f38d070ab5"
+  "gitHead": "853eef803719c588c9808df30dd134263a78d645"
 }

package/server/service/user/user-mutation.ts

@@ -1,9 +1,9 @@
 import { Arg, Ctx, Directive, Mutation, Resolver } from 'type-graphql'
 import { GraphQLEmailAddress } from 'graphql-scalars'
-import { ILike, In, SelectQueryBuilder } from 'typeorm'
+import { ILike, In, SelectQueryBuilder, EntityManager } from 'typeorm'
 
 import { config } from '@things-factory/env'
-import { Domain, getRepository, ObjectRef } from '@things-factory/shell'
+import { Domain, ObjectRef } from '@things-factory/shell'
 
 import { deleteUser as commonDeleteUser, deleteUsers as commonDeleteUsers } from '../../controllers/delete-user'
 import { buildDomainUsersQueryBuilder } from '../../utils/get-domain-users'
@@ -17,13 +17,13 @@ export class UserMutation {
   @Directive('@transaction')
   @Mutation(returns => User, { description: 'To create new user' })
   async createUser(@Arg('user') user: NewUser, @Ctx() context: ResolverContext) {
-    const { domain } = context.state
+    const { domain, tx } = context.state
     const { defaultPassword } = config.get('password')
     const { email } = user
 
     user.email = email.trim()
 
-    const oldUser: User = await getRepository(User).findOne({ where: { email: ILike(user.email) } })
+    const oldUser: User = await tx.getRepository(User).findOne({ where: { email: ILike(user.email) } })
     if (oldUser) {
       throw new Error(context.t('error.x already exists in y', { x: context.t('field.user'), y: 'operato' }))
     }
@@ -34,14 +34,14 @@ export class UserMutation {
 
     const salt = User.generateSalt()
 
-    return await getRepository(User).save({
+    return await tx.getRepository(User).save({
       creator: context.state.user,
       updater: context.state.user,
       ...user,
       domains: [domain],
       roles:
         user.roles && user.roles.length
-          ? await getRepository(Role).findBy({
+          ? await tx.getRepository(Role).findBy({
               id: In(user.roles.map(role => role.id)),
               domain: { id: domain.id }
             })
@@ -55,12 +55,8 @@ export class UserMutation {
   @Directive('@privilege(category: "user", privilege: "mutation", domainOwnerGranted: true)')
   @Directive('@transaction')
   @Mutation(returns => User, { description: 'To modify user information' })
-  async updateUser(
-    @Arg('email', type => GraphQLEmailAddress) email: string,
-    @Arg('patch') patch: UserPatch,
-    @Ctx() context: ResolverContext
-  ) {
-    const { domain, user: updater }: { domain: Domain; user: User } = context.state
+  async updateUser(@Arg('email', type => GraphQLEmailAddress) email: string, @Arg('patch') patch: UserPatch, @Ctx() context: ResolverContext) {
+    const { domain, user: updater, tx }: { domain: Domain; user: User; tx?: EntityManager } = context.state
     const qb: SelectQueryBuilder<User> = buildDomainUsersQueryBuilder(domain.id, 'USER')
     const user: User = await qb
       .andWhere('LOWER(USER.email) = :email', { email: email?.toLowerCase().trim() || '' })
@@ -69,14 +65,16 @@ export class UserMutation {
       .getOne()
 
     if (patch.roles) {
-      patch.roles = await getRepository(Role).find({ where: { id: In(patch.roles.map((r: Partial<Role>) => r.id)) } })
+      patch.roles = await tx.getRepository(Role).find({
+        where: { id: In(patch.roles.map((r: Partial<Role>) => r.id)) }
+      })
     }
 
     if (patch.status && patch.status === 'activated') {
       user.status = UserStatus.ACTIVATED
     }
 
-    return await getRepository(User).save({
+    return await tx.getRepository(User).save({
       ...user,
       ...patch,
       updater
@@ -199,12 +197,9 @@ export class UserMutation {
 
   @Directive('@transaction')
   @Mutation(returns => Boolean, { description: 'To invite new user' })
-  async inviteUser(
-    @Arg('email', type => GraphQLEmailAddress) email: string,
-    @Ctx() context: ResolverContext
-  ): Promise<boolean> {
-    const { domain } = context.state
-    const invitee: User = await getRepository(User).findOne({
+  async inviteUser(@Arg('email', type => GraphQLEmailAddress) email: string, @Ctx() context: ResolverContext): Promise<boolean> {
+    const { domain, tx } = context.state
+    const invitee: User = await tx.getRepository(User).findOne({
       where: { email: ILike(email) },
       relations: ['domains']
     })
@@ -218,7 +213,7 @@ export class UserMutation {
       throw new Error(context.t('error.x already exists in y', { x: context.t('field.user'), y: domain.name }))
     }
     invitee.domains = [...existingDomains, domain]
-    await getRepository(User).save(invitee)
+    await tx.getRepository(User).save(invitee)
 
     return true
   }
@@ -226,15 +221,13 @@ export class UserMutation {
   @Directive('@transaction')
   @Directive('@privilege(category: "user", privilege: "mutation", domainOwnerGranted: true)')
   @Mutation(returns => Boolean, { description: 'To delete domain user' })
-  async deleteDomainUser(
-    @Arg('email', type => GraphQLEmailAddress) email: string,
-    @Ctx() context: ResolverContext
-  ): Promise<boolean> {
+  async deleteDomainUser(@Arg('email', type => GraphQLEmailAddress) email: string, @Ctx() context: ResolverContext): Promise<boolean> {
     const { tx, domain } = context.state
 
-    let user: User = await tx
-      .getRepository(User)
-      .findOne({ where: { email: ILike(email) }, relations: ['domains', 'roles', 'roles.domain'] })
+    let user: User = await tx.getRepository(User).findOne({
+      where: { email: ILike(email) },
+      relations: ['domains', 'roles', 'roles.domain']
+    })
     if (!user) {
       throw new Error(context.t('error.failed to find x', { x: context.t('field.user') }))
     }
@@ -258,16 +251,31 @@ export class UserMutation {
   @Directive('@privilege(domainOwnerGranted: true, superUserGranted: true)')
   @Directive('@transaction')
   @Mutation(returns => Boolean, { description: 'To transfer owner of domain' })
-  async transferOwner(
-    @Arg('email', type => GraphQLEmailAddress) email: string,
-    @Ctx() context: ResolverContext
-  ): Promise<boolean> {
-    const { domain } = context.state
-    const user: User = await getRepository(User).findOne({
-      where: { email: ILike(email) }
+  async transferOwner(@Arg('email', type => GraphQLEmailAddress) email: string, @Ctx() context: ResolverContext): Promise<boolean> {
+    const { domain, tx } = context.state
+    const user: User = await tx.getRepository(User).findOne({
+      where: { email: ILike(email) },
+      relations: ['domains', 'roles']
     })
+
+    if (!user) {
+      throw new Error('Failed to find user')
+    }
+
+    if (user.status !== UserStatus.ACTIVATED) {
+      throw new Error('Only activated users are eligible to receive admin privileges.')
+    }
+
+    if (user.domains.map((d: Domain) => d.id).indexOf(domain.id) < 0) {
+      throw new Error(`User is not belongs to current domain`)
+    }
+
+    if (user.roles.filter((r: Role) => r.domainId == domain.id).length == 0) {
+      throw new Error(`Only users with at least one role in this domain are eligible to receive admin privileges.`)
+    }
+
     domain.owner = user.id
-    await getRepository(Domain).save(domain)
+    await tx.getRepository(Domain).save(domain)
 
     return true
   }