feat: group permissions

server/graph/resolvers/group.js

@@ -39,7 +39,9 @@ module.exports = {
     },
     async create(obj, args) {
       const group = await WIKI.models.groups.query().insertAndFetch({
-        name: args.name
+        name: args.name,
+        permissions: JSON.stringify(WIKI.data.groups.defaultPermissions),
+        isSystem: false
       })
       return {
         responseResult: graphHelper.generateSuccess('Group created successfully.'),

server/graph/schemas/authentication.graphql

@@ -38,7 +38,7 @@ type AuthenticationMutation {
 
   updateStrategies(
     strategies: [AuthenticationStrategyInput]
-  ): DefaultResponse
+  ): DefaultResponse @auth(requires: ["manage:system"])
 }
 
 # -----------------------------------------------

server/graph/schemas/group.graphql

@@ -18,11 +18,11 @@ type GroupQuery {
   list(
     filter: String
     orderBy: String
-  ): [GroupMinimal]
+  ): [GroupMinimal] @auth(requires: ["write:groups", "manage:groups", "manage:system"])
 
   single(
     id: Int!
-  ): Group
+  ): Group @auth(requires: ["write:groups", "manage:groups", "manage:system"])
 }
 
 # -----------------------------------------------
@@ -32,26 +32,26 @@ type GroupQuery {
 type GroupMutation {
   create(
     name: String!
-  ): GroupResponse
+  ): GroupResponse @auth(requires: ["write:groups", "manage:groups", "manage:system"])
 
   update(
     id: Int!
     name: String!
-  ): DefaultResponse
+  ): DefaultResponse @auth(requires: ["write:groups", "manage:groups", "manage:system"])
 
   delete(
     id: Int!
-  ): DefaultResponse
+  ): DefaultResponse @auth(requires: ["write:groups", "manage:groups", "manage:system"])
 
   assignUser(
     groupId: Int!
     userId: Int!
-  ): DefaultResponse
+  ): DefaultResponse @auth(requires: ["write:groups", "manage:groups", "manage:system"])
 
   unassignUser(
     groupId: Int!
     userId: Int!
-  ): DefaultResponse
+  ): DefaultResponse @auth(requires: ["write:groups", "manage:groups", "manage:system"])
 }
 
 # -----------------------------------------------
@@ -66,6 +66,7 @@ type GroupResponse {
 type GroupMinimal {
   id: Int!
   name: String!
+  isSystem: Boolean!
   userCount: Int
   createdAt: Date!
   updatedAt: Date!
@@ -74,8 +75,10 @@ type GroupMinimal {
 type Group {
   id: Int!
   name: String!
-  rights: [Right]
-  users: [User]
+  isSystem: Boolean!
+  permissions: [String]!
+  pageRules: [Right]
+  users: [UserMinimal]
   createdAt: Date!
   updatedAt: Date!
 }

server/graph/schemas/localization.graphql

@@ -26,14 +26,14 @@ type LocalizationQuery {
 type LocalizationMutation {
   downloadLocale(
     locale: String!
-  ): DefaultResponse
+  ): DefaultResponse @auth(requires: ["manage:system"])
 
   updateLocale(
     locale: String!
     autoUpdate: Boolean!
     namespacing: Boolean!
     namespaces: [String]!
-  ): DefaultResponse
+  ): DefaultResponse @auth(requires: ["manage:system"])
 }
 
 # -----------------------------------------------

server/graph/schemas/logging.graphql

@@ -22,7 +22,7 @@ type LoggingQuery {
   loggers(
     filter: String
     orderBy: String
-  ): [Logger]
+  ): [Logger] @auth(requires: ["manage:system"])
 }
 
 # -----------------------------------------------
@@ -32,7 +32,7 @@ type LoggingQuery {
 type LoggingMutation {
   updateLoggers(
     loggers: [LoggerInput]
-  ): DefaultResponse
+  ): DefaultResponse @auth(requires: ["manage:system"])
 }
 
 # -----------------------------------------------

server/graph/schemas/page.graphql

@@ -45,7 +45,7 @@ type PageMutation {
     publishStartDate: Date
     tags: [String]!
     title: String!
-  ): PageResponse
+  ): PageResponse @auth(requires: ["write:pages", "manage:pages", "manage:system"])
 
   update(
     id: Int!
@@ -60,11 +60,11 @@ type PageMutation {
     publishStartDate: Date
     tags: [String]
     title: String
-  ): PageResponse
+  ): PageResponse @auth(requires: ["manage:pages", "manage:system"])
 
   delete(
     id: Int!
-  ): DefaultResponse
+  ): DefaultResponse @auth(requires: ["delete:pages", "manage:system"])
 }
 
 # -----------------------------------------------

server/graph/schemas/rendering.graphql

@@ -18,7 +18,7 @@ type RenderingQuery {
   renderers(
     filter: String
     orderBy: String
-  ): [Renderer]
+  ): [Renderer] @auth(requires: ["manage:system"])
 }
 
 # -----------------------------------------------
@@ -28,7 +28,7 @@ type RenderingQuery {
 type RenderingMutation {
   updateRenderers(
     renderers: [RendererInput]
-  ): DefaultResponse
+  ): DefaultResponse @auth(requires: ["manage:system"])
 }
 
 # -----------------------------------------------

server/graph/schemas/search.graphql

@@ -18,7 +18,7 @@ type SearchQuery {
   searchEngines(
     filter: String
     orderBy: String
-  ): [SearchEngine]
+  ): [SearchEngine] @auth(requires: ["manage:system"])
 }
 
 # -----------------------------------------------
@@ -28,7 +28,7 @@ type SearchQuery {
 type SearchMutation {
   updateSearchEngines(
     searchEngines: [SearchEngineInput]
-  ): DefaultResponse
+  ): DefaultResponse @auth(requires: ["manage:system"])
 }
 
 # -----------------------------------------------

server/graph/schemas/storage.graphql

@@ -18,7 +18,7 @@ type StorageQuery {
   targets(
     filter: String
     orderBy: String
-  ): [StorageTarget]
+  ): [StorageTarget] @auth(requires: ["manage:system"])
 }
 
 # -----------------------------------------------
@@ -28,7 +28,7 @@ type StorageQuery {
 type StorageMutation {
   updateTargets(
     targets: [StorageTargetInput]
-  ): DefaultResponse
+  ): DefaultResponse @auth(requires: ["manage:system"])
 }
 
 # -----------------------------------------------

server/graph/schemas/system.graphql

@@ -15,7 +15,7 @@ extend type Mutation {
 # -----------------------------------------------
 
 type SystemQuery {
-  info: SystemInfo
+  info: SystemInfo @auth(requires: ["manage:system"])
 }
 
 # -----------------------------------------------

server/graph/schemas/theming.graphql

@@ -15,8 +15,8 @@ extend type Mutation {
 # -----------------------------------------------
 
 type ThemingQuery {
-  themes: [ThemingTheme]
-  config: ThemingConfig
+  themes: [ThemingTheme] @auth(requires: ["manage:theme", "manage:system"])
+  config: ThemingConfig @auth(requires: ["manage:theme", "manage:system"])
 }
 
 # -----------------------------------------------
@@ -27,7 +27,7 @@ type ThemingMutation {
   setConfig(
     theme: String!
     darkMode: Boolean!
-  ): DefaultResponse
+  ): DefaultResponse @auth(requires: ["manage:theme", "manage:system"])
 }
 
 # -----------------------------------------------

server/graph/schemas/user.graphql

@@ -18,15 +18,15 @@ type UserQuery {
   list(
     filter: String
     orderBy: String
-  ): [UserMinimal]
+  ): [UserMinimal] @auth(requires: ["write:users", "manage:users", "manage:system"])
 
   search(
     query: String!
-  ): [UserMinimal]
+  ): [UserMinimal] @auth(requires: ["write:groups", "manage:groups", "write:users", "manage:users", "manage:system"])
 
   single(
     id: Int!
-  ): User
+  ): User @auth(requires: ["manage:users", "manage:system"])
 }
 
 # -----------------------------------------------
@@ -41,7 +41,7 @@ type UserMutation {
     provider: String!
     providerId: String
     role: UserRole!
-  ): UserResponse
+  ): UserResponse @auth(requires: ["write:users", "manage:users", "manage:system"])
 
   update(
     id: Int!
@@ -50,11 +50,11 @@ type UserMutation {
     provider: String
     providerId: String
     role: UserRole
-  ): UserResponse
+  ): UserResponse @auth(requires: ["manage:users", "manage:system"])
 
   delete(
     id: Int!
-  ): DefaultResponse
+  ): DefaultResponse @auth(requires: ["manage:users", "manage:system"])
 
   resetPassword(
     id: Int!