51 lines
1.3 KiB
Go
51 lines
1.3 KiB
Go
package api
|
|
|
|
import (
|
|
"context"
|
|
"errors"
|
|
|
|
"github.com/99designs/gqlgen/graphql"
|
|
"reichard.io/imagini/graph/model"
|
|
)
|
|
|
|
/**
|
|
* This is used to validate whether the users role is adequate for the requested resource.
|
|
**/
|
|
func (api *API) hasMinRoleDirective(ctx context.Context, obj interface{}, next graphql.Resolver, role model.Role) (res interface{}, err error) {
|
|
authContext := ctx.Value("auth").(*model.AuthContext)
|
|
accessToken, err := api.validateTokens(authContext.AuthResponse, authContext.AuthRequest)
|
|
if err != nil {
|
|
return nil, errors.New("Access Denied")
|
|
}
|
|
authContext.AccessToken = &accessToken
|
|
|
|
userRole, ok := accessToken.Get("role")
|
|
if !ok {
|
|
return nil, errors.New("Access Denied")
|
|
}
|
|
|
|
if userRole == model.RoleAdmin.String() {
|
|
return next(ctx)
|
|
}
|
|
|
|
if userRole == role.String() {
|
|
return next(ctx)
|
|
}
|
|
|
|
return nil, errors.New("Role Not Authenticated")
|
|
}
|
|
|
|
/**
|
|
* This is needed but not used. Meta is used for Gorm.
|
|
**/
|
|
func (api *API) metaDirective(ctx context.Context, obj interface{}, next graphql.Resolver, gorm *string) (res interface{}, err error) {
|
|
return next(ctx)
|
|
}
|
|
|
|
/**
|
|
* This overrides the response so fields with an @isPrivate directive are always nil.
|
|
**/
|
|
func (api *API) isPrivateDirective(ctx context.Context, obj interface{}, next graphql.Resolver) (res interface{}, err error) {
|
|
return nil, errors.New("Private Field")
|
|
}
|