Hide sensitive user fields from GQL filter and sort

sillsdev · Nov 27, 2024 · 7885c5d · 7885c5d
1 parent 11277c3
commit 7885c5d
Show file tree

Hide file tree

Showing 2 changed files with 36 additions and 39 deletions.
diff --git a/backend/LexBoxApi/GraphQL/CustomTypes/UserGqlConfiguration.cs b/backend/LexBoxApi/GraphQL/CustomTypes/UserGqlConfiguration.cs
@@ -1,4 +1,6 @@
-using LexBoxApi.Auth.Attributes;
+using HotChocolate.Data.Filters;
+using HotChocolate.Data.Sorting;
+using LexBoxApi.Auth.Attributes;
 using LexCore.Entities;
 
 namespace LexBoxApi.GraphQL.CustomTypes;
@@ -11,6 +13,7 @@ protected override void Configure(IObjectTypeDescriptor<User> descriptor)
         descriptor.Ignore(u => u.Salt);
         descriptor.Ignore(u => u.PasswordHash);
         descriptor.Ignore(u => u.CanLogin());
+        descriptor.Ignore(u => u.GoogleId);
 
         descriptor.Field(u => u.Email).AdminRequired();
         descriptor.Field(u => u.EmailVerified).AdminRequired();
@@ -19,3 +22,34 @@ protected override void Configure(IObjectTypeDescriptor<User> descriptor)
         descriptor.Field(u => u.Locked).AdminRequired();
     }
 }
+
+[ObjectType]
+public class UserFilterType : FilterInputType<User>
+{
+    protected override void Configure(
+        IFilterInputTypeDescriptor<User> descriptor)
+    {
+        descriptor.BindFieldsExplicitly();
+        descriptor.AllowOr();
+        descriptor.Field(t => t.Name);
+        descriptor.Field(t => t.Email);
+        descriptor.Field(t => t.IsAdmin);
+        descriptor.Field(t => t.CreatedById);
+        descriptor.Field(t => t.Username);
+        descriptor.Field(t => t.Id);
+    }
+}
+
+[ObjectType]
+public class UserSortType : SortInputType<User>
+{
+    protected override void Configure(
+        ISortInputTypeDescriptor<User> descriptor)
+    {
+        descriptor.BindFieldsExplicitly();
+        descriptor.Field(t => t.Name);
+        descriptor.Field(t => t.Email);
+        descriptor.Field(t => t.Username);
+        descriptor.Field(t => t.CreatedDate);
+    }
+}
diff --git a/frontend/schema.graphql b/frontend/schema.graphql
@@ -134,7 +134,7 @@ type CreateProjectPayload {
 }
 
 type CreateProjectResponse {
-  id: UUID
+  id: UUID!
   result: CreateProjectResult!
 }
 
@@ -546,7 +546,6 @@ type User {
   createdById: UUID
   createdBy: User
   usersICreated: [User!]!
-  googleId: String
   organizations: [OrgMember!]!
   id: UUID!
   createdDate: DateTime!
@@ -900,13 +899,6 @@ input ListFilterInputTypeOfProjectUsersFilterInput {
   any: Boolean @cost(weight: "10")
 }
 
-input ListFilterInputTypeOfUserFilterInput {
-  all: UserFilterInput @cost(weight: "10")
-  none: UserFilterInput @cost(weight: "10")
-  some: UserFilterInput @cost(weight: "10")
-  any: Boolean @cost(weight: "10")
-}
-
 input OrgMemberFilterInput {
   and: [OrgMemberFilterInput!]
   or: [OrgMemberFilterInput!]
@@ -1141,46 +1133,17 @@ input UserFilterInput {
   or: [UserFilterInput!]
   name: StringOperationFilterInput
   email: StringOperationFilterInput
-  localizationCode: StringOperationFilterInput
   isAdmin: BooleanOperationFilterInput
-  passwordHash: StringOperationFilterInput
-  salt: StringOperationFilterInput
-  passwordStrength: IntOperationFilterInput
-  lastActive: DateTimeOperationFilterInput
-  emailVerified: BooleanOperationFilterInput
-  canCreateProjects: BooleanOperationFilterInput
   createdById: UuidOperationFilterInput
-  createdBy: UserFilterInput
-  usersICreated: ListFilterInputTypeOfUserFilterInput
-  locked: BooleanOperationFilterInput
   username: StringOperationFilterInput
-  googleId: StringOperationFilterInput
-  projects: ListFilterInputTypeOfProjectUsersFilterInput
-  organizations: ListFilterInputTypeOfOrgMemberFilterInput
   id: UuidOperationFilterInput
-  createdDate: DateTimeOperationFilterInput
-  updatedDate: DateTimeOperationFilterInput
 }
 
 input UserSortInput {
   name: SortEnumType @cost(weight: "10")
   email: SortEnumType @cost(weight: "10")
-  localizationCode: SortEnumType @cost(weight: "10")
-  isAdmin: SortEnumType @cost(weight: "10")
-  passwordHash: SortEnumType @cost(weight: "10")
-  salt: SortEnumType @cost(weight: "10")
-  passwordStrength: SortEnumType @cost(weight: "10")
-  lastActive: SortEnumType @cost(weight: "10")
-  emailVerified: SortEnumType @cost(weight: "10")
-  canCreateProjects: SortEnumType @cost(weight: "10")
-  createdById: SortEnumType @cost(weight: "10")
-  createdBy: UserSortInput @cost(weight: "10")
-  locked: SortEnumType @cost(weight: "10")
   username: SortEnumType @cost(weight: "10")
-  googleId: SortEnumType @cost(weight: "10")
-  id: SortEnumType @cost(weight: "10")
   createdDate: SortEnumType @cost(weight: "10")
-  updatedDate: SortEnumType @cost(weight: "10")
 }
 
 input UuidOperationFilterInput {