@paroicms/server
Version:
The ParoiCMS server
49 lines • 2.26 kB
JavaScript
import { ApiError } from "@paroicms/public-server-lib";
import { siteReadyGuard } from "../../graphql/graphql.types.js";
import { permissionGuard } from "../auth/authorization.helper.js";
import { loadAccountRoles } from "../auth/special-account.helper.js";
import { recordEvent } from "../event-log/event-log.service.js";
import { updateAccountRoles } from "./account-role.queries.js";
import { getAccount } from "./account.queries.js";
export const accountRoleResolvers = {
Query: {
accountRoles: async (_parent, { accountId }, { siteContext, httpContext }) => {
siteReadyGuard(siteContext);
await permissionGuard(siteContext, httpContext, "site.manageUsers");
const account = await getAccount(siteContext, accountId);
return await loadAccountRoles(siteContext, account);
},
},
Mutation: {
updateAccountRoles: async (_parent, { accountId, roles }, { siteContext, httpContext }) => {
siteReadyGuard(siteContext);
const authorizedAccount = await permissionGuard(siteContext, httpContext, "site.manageUsers");
if (accountId === authorizedAccount.accountId) {
const currentRoles = await loadAccountRoles(siteContext, authorizedAccount);
if (currentRoles.includes("admin") && !roles.includes("admin")) {
throw new ApiError("Cannot remove your own admin role", 403);
}
}
await updateAccountRoles(siteContext, accountId, roles);
const account = await getAccount(siteContext, accountId);
recordEvent(siteContext, {
eventType: "account.update",
actorId: authorizedAccount.accountId,
targetType: "account",
targetId: accountId,
eventData: {
accountId,
email: account.email,
changedFields: ["roles"],
},
});
return account;
},
},
Account: {
roles: async (parent, _args, { siteContext }) => {
return await loadAccountRoles(siteContext, parent);
},
},
};
//# sourceMappingURL=account-role.resolver.js.map