Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

GraphQL API: Site Permissions #880

Open
wants to merge 5 commits into
base: the-future
Choose a base branch
from

Conversation

NuckChorris
Copy link
Member

@NuckChorris NuckChorris commented Oct 31, 2020

What

mutation {
  account {
    setSitePermissions(input: { accountId: "5554", permissions: [ADMIN] }) {
      account {
        id
        permissions
      }
    }
  }
}

Why

Whenever we add and remove moderators, I have to pop into a rails console to manually do it. This is the first step to on-site permission management.

Checklist

  • All files pass Rubocop
  • Any complex logic is commented
  • Any new systems have thorough documentation
  • Any user-facing changes are behind a feature flag (or: explain why they can't be)
  • All the tests pass
  • Tests have been added to cover the new code

Copy link
Member

@toyhammered toyhammered left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

couple small questions, but love it!

app/graphql/mutations/account/grant_site_permission.rb Outdated Show resolved Hide resolved
app/graphql/mutations/account/grant_site_permission.rb Outdated Show resolved Hide resolved
app/graphql/mutations/account/revoke_site_permission.rb Outdated Show resolved Hide resolved
app/graphql/types/mutation_type.rb Outdated Show resolved Hide resolved
Base automatically changed from mod-flags to the-future November 1, 2020 02:42
@NuckChorris NuckChorris force-pushed the feature/mod-flags-editing branch from 9b471f3 to 365247d Compare November 1, 2020 03:02
@NuckChorris NuckChorris force-pushed the feature/mod-flags-editing branch from 365247d to 32233c2 Compare November 1, 2020 20:58
@codeclimate
Copy link

codeclimate bot commented Nov 1, 2020

Code Climate has analyzed commit 62ad2f3 and detected 0 issues on this pull request.

View more on Code Climate.

Copy link
Member

@toyhammered toyhammered left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some questions, but looks good for the most part!

Comment on lines +14 to +17
res = Accounts::SetSitePermissions.call(
user: input.account,
permissions: permissions
)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What type of errors can happen here and should we account for them?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

UnknownPermissions could happen due to a programming error but otherwise it won't happen, and the only other ones are RecordNotFound or RecordInvalid which I believe are accounted for automatically

Comment on lines +11 to +13
def load_account(value)
::User.find(value)
end
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we want this here, or inside the mutation?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Here, because we use it in authorized?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ooooh, I see what you've done. If you want to go that route shouldn't we rename the value argument to id to be more specific?

Also unless I am thinking of this wrong from the load_account it takes what that returns and passes that along to the authorized? method (which would be a user) not an input?

I'll test this locally tomorrow because either this won't work at all or you are about to teach me something new (and I'm hoping it is the latter because this really opens up the possibilities).

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think I'm doing anything weird, I'm pretty sure I've just copied it from your stuff… my thinking is that this should run on the input type to load the record and then when authorized? runs it's available as input.account

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So the load_* isn't actually related to an input. Its the graphql-ruby gem magic and it must be in the mutation file itself.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants