messages: check permissions
This commit is contained in:
knst-kotov
parent
77759f620d
commit
92595e567c
|
|
@ -97,7 +97,8 @@ async def create_message(_, info, chatId, body, replyTo = None):
|
||||||
"id" : message_id,
|
"id" : message_id,
|
||||||
"author" : user.slug,
|
"author" : user.slug,
|
||||||
"body" : body,
|
"body" : body,
|
||||||
"replyTo" : replyTo
|
"replyTo" : replyTo,
|
||||||
|
"createdAt" : datetime.now().isoformat()
|
||||||
}
|
}
|
||||||
|
|
||||||
await redis.execute("SET", f"chats/{chatId}/messages/{message_id}", json.dumps(new_message))
|
await redis.execute("SET", f"chats/{chatId}/messages/{message_id}", json.dumps(new_message))
|
||||||
|
|
@ -145,7 +146,11 @@ async def update_message(_, info, chatId, id, body):
|
||||||
return { "error" : "message not exist" }
|
return { "error" : "message not exist" }
|
||||||
|
|
||||||
message = json.loads(message)
|
message = json.loads(message)
|
||||||
|
if message["author"] != user.slug:
|
||||||
|
return { "error" : "access denied" }
|
||||||
|
|
||||||
message["body"] = body
|
message["body"] = body
|
||||||
|
message["updatedAt"] = datetime.now().isoformat()
|
||||||
|
|
||||||
await redis.execute("SET", f"chats/{chatId}/messages/{id}", json.dumps(message))
|
await redis.execute("SET", f"chats/{chatId}/messages/{id}", json.dumps(message))
|
||||||
|
|
||||||
|
|
@ -167,6 +172,8 @@ async def delete_message(_, info, chatId, id):
|
||||||
if not message:
|
if not message:
|
||||||
return { "error" : "message not exist" }
|
return { "error" : "message not exist" }
|
||||||
message = json.loads(message)
|
message = json.loads(message)
|
||||||
|
if message["author"] != user.slug:
|
||||||
|
return { "error" : "access denied" }
|
||||||
|
|
||||||
await redis.execute("LREM", f"chats/{chatId}/message_ids", 0, str(id))
|
await redis.execute("LREM", f"chats/{chatId}/message_ids", 0, str(id))
|
||||||
await redis.execute("DEL", f"chats/{chatId}/messages/{id}")
|
await redis.execute("DEL", f"chats/{chatId}/messages/{id}")
|
||||||
|
|
@ -176,9 +183,14 @@ async def delete_message(_, info, chatId, id):
|
||||||
|
|
||||||
return {}
|
return {}
|
||||||
|
|
||||||
|
|
||||||
@subscription.source("chatUpdated")
|
@subscription.source("chatUpdated")
|
||||||
async def message_generator(obj, info, chatId):
|
async def message_generator(obj, info, chatId):
|
||||||
|
|
||||||
|
#TODO: send AUTH header
|
||||||
|
#auth = info.context["request"].auth
|
||||||
|
#if not auth.logged_in:
|
||||||
|
# yield {"error" : auth.error_message or "Please login"}
|
||||||
|
|
||||||
try:
|
try:
|
||||||
subs = MessageSubscription(chatId)
|
subs = MessageSubscription(chatId)
|
||||||
await MessageSubscriptions.register_subscription(subs)
|
await MessageSubscriptions.register_subscription(subs)
|
||||||
|
|
|
||||||
|
|
@ -64,9 +64,10 @@ enum MessageStatus {
|
||||||
DELETED
|
DELETED
|
||||||
}
|
}
|
||||||
|
|
||||||
type MessageWithStatus {
|
type ChatUpdatedResult {
|
||||||
status: MessageStatus!
|
error: String
|
||||||
message: Message!
|
status: MessageStatus
|
||||||
|
message: Message
|
||||||
}
|
}
|
||||||
|
|
||||||
type CreateChatResult {
|
type CreateChatResult {
|
||||||
|
|
@ -186,7 +187,7 @@ type Query {
|
||||||
############################################ Subscription
|
############################################ Subscription
|
||||||
|
|
||||||
type Subscription {
|
type Subscription {
|
||||||
chatUpdated(chatId: String!): MessageWithStatus!
|
chatUpdated(chatId: String!): ChatUpdatedResult!
|
||||||
onlineUpdated: [User!]!
|
onlineUpdated: [User!]!
|
||||||
shoutUpdated: Shout!
|
shoutUpdated: Shout!
|
||||||
userUpdated: User!
|
userUpdated: User!
|
||||||
|
|
@ -259,7 +260,7 @@ type User {
|
||||||
}
|
}
|
||||||
|
|
||||||
type Message {
|
type Message {
|
||||||
author: Int!
|
author: String!
|
||||||
chatRoom: Int!
|
chatRoom: Int!
|
||||||
body: String!
|
body: String!
|
||||||
createdAt: DateTime!
|
createdAt: DateTime!
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user