Skip to content

Commit

Permalink
Bugfix separate close account functions (#4721)
Browse files Browse the repository at this point in the history
* separate close-account mutations into self and other

* refactor close-account tests

* refactor frontend mutation calls
  • Loading branch information
lcampbell2 authored Jul 31, 2023
1 parent d6decd2 commit 7438190
Show file tree
Hide file tree
Showing 5 changed files with 163 additions and 62 deletions.
52 changes: 26 additions & 26 deletions api/src/user/mutations/__tests__/close-account.test.js
Original file line number Diff line number Diff line change
Expand Up @@ -143,7 +143,7 @@ describe('given the closeAccount mutation', () => {
schema,
`
mutation {
closeAccount(input: {}) {
closeAccountSelf(input: {}) {
result {
... on CloseAccountResult {
status
Expand Down Expand Up @@ -221,7 +221,7 @@ describe('given the closeAccount mutation', () => {
schema,
`
mutation {
closeAccount(input: {}) {
closeAccountSelf(input: {}) {
result {
... on CloseAccountResult {
status
Expand Down Expand Up @@ -271,7 +271,7 @@ describe('given the closeAccount mutation', () => {

const expectedResponse = {
data: {
closeAccount: {
closeAccountSelf: {
result: {
status: 'Successfully closed account.',
},
Expand Down Expand Up @@ -303,7 +303,7 @@ describe('given the closeAccount mutation', () => {
schema,
`
mutation {
closeAccount(input: {}) {
closeAccountSelf(input: {}) {
result {
... on CloseAccountResult {
status
Expand Down Expand Up @@ -353,7 +353,7 @@ describe('given the closeAccount mutation', () => {

const expectedResponse = {
data: {
closeAccount: {
closeAccountSelf: {
result: {
status: 'Le compte a été fermé avec succès.',
},
Expand All @@ -370,7 +370,7 @@ describe('given the closeAccount mutation', () => {
schema,
`
mutation {
closeAccount(input: {}) {
closeAccountSelf(input: {}) {
result {
... on CloseAccountResult {
status
Expand Down Expand Up @@ -538,7 +538,7 @@ describe('given the closeAccount mutation', () => {
schema,
`
mutation {
closeAccount(input: {}) {
closeAccountSelf(input: {}) {
result {
... on CloseAccountResult {
status
Expand Down Expand Up @@ -622,7 +622,7 @@ describe('given the closeAccount mutation', () => {
schema,
`
mutation {
closeAccount(input: {}) {
closeAccountSelf(input: {}) {
result {
... on CloseAccountResult {
status
Expand Down Expand Up @@ -677,7 +677,7 @@ describe('given the closeAccount mutation', () => {

const expectedResponse = {
data: {
closeAccount: {
closeAccountSelf: {
result: {
status: 'Successfully closed account.',
},
Expand Down Expand Up @@ -709,7 +709,7 @@ describe('given the closeAccount mutation', () => {
schema,
`
mutation {
closeAccount(input: {}) {
closeAccountSelf(input: {}) {
result {
... on CloseAccountResult {
status
Expand Down Expand Up @@ -764,7 +764,7 @@ describe('given the closeAccount mutation', () => {

const expectedResponse = {
data: {
closeAccount: {
closeAccountSelf: {
result: {
status: 'Le compte a été fermé avec succès.',
},
Expand All @@ -781,7 +781,7 @@ describe('given the closeAccount mutation', () => {
schema,
`
mutation {
closeAccount(input: {
closeAccountOther(input:{
userId: "${toGlobalId('user', user._key)}"
}) {
result {
Expand Down Expand Up @@ -867,7 +867,7 @@ describe('given the closeAccount mutation', () => {
schema,
`
mutation {
closeAccount(input: {
closeAccountOther(input:{
userId: "${toGlobalId('user', '456')}"
}) {
result {
Expand Down Expand Up @@ -907,7 +907,7 @@ describe('given the closeAccount mutation', () => {

const expectedResponse = {
data: {
closeAccount: {
closeAccountOther: {
result: {
code: 400,
description: "Permission error: Unable to close other user's account.",
Expand All @@ -928,7 +928,7 @@ describe('given the closeAccount mutation', () => {
schema,
`
mutation {
closeAccount(input: {
closeAccountOther(input:{
userId: "${toGlobalId('user', '456')}"
}) {
result {
Expand Down Expand Up @@ -971,7 +971,7 @@ describe('given the closeAccount mutation', () => {

const expectedResponse = {
data: {
closeAccount: {
closeAccountOther: {
result: {
code: 400,
description: 'Unable to close account of an undefined user.',
Expand Down Expand Up @@ -1005,7 +1005,7 @@ describe('given the closeAccount mutation', () => {
schema,
`
mutation {
closeAccount(input: {}) {
closeAccountSelf(input: {}) {
result {
... on CloseAccountResult {
status
Expand Down Expand Up @@ -1069,7 +1069,7 @@ describe('given the closeAccount mutation', () => {
schema,
`
mutation {
closeAccount(input: {}) {
closeAccountSelf(input: {}) {
result {
... on CloseAccountResult {
status
Expand Down Expand Up @@ -1134,7 +1134,7 @@ describe('given the closeAccount mutation', () => {
schema,
`
mutation {
closeAccount(input: {}) {
closeAccountSelf(input: {}) {
result {
... on CloseAccountResult {
status
Expand Down Expand Up @@ -1204,7 +1204,7 @@ describe('given the closeAccount mutation', () => {
schema,
`
mutation {
closeAccount(input: {
closeAccountOther(input:{
userId: "${toGlobalId('user', '456')}"
}) {
result {
Expand Down Expand Up @@ -1244,7 +1244,7 @@ describe('given the closeAccount mutation', () => {

const expectedResponse = {
data: {
closeAccount: {
closeAccountOther: {
result: {
code: 400,
description: "Erreur de permission: Impossible de fermer le compte d'un autre utilisateur.",
Expand All @@ -1265,7 +1265,7 @@ describe('given the closeAccount mutation', () => {
schema,
`
mutation {
closeAccount(input: {
closeAccountOther(input:{
userId: "${toGlobalId('user', '456')}"
}) {
result {
Expand Down Expand Up @@ -1308,7 +1308,7 @@ describe('given the closeAccount mutation', () => {

const expectedResponse = {
data: {
closeAccount: {
closeAccountOther: {
result: {
code: 400,
description: "Impossible de fermer le compte d'un utilisateur non défini.",
Expand Down Expand Up @@ -1342,7 +1342,7 @@ describe('given the closeAccount mutation', () => {
schema,
`
mutation {
closeAccount(input: {}) {
closeAccountSelf(input: {}) {
result {
... on CloseAccountResult {
status
Expand Down Expand Up @@ -1406,7 +1406,7 @@ describe('given the closeAccount mutation', () => {
schema,
`
mutation {
closeAccount(input: {}) {
closeAccountSelf(input: {}) {
result {
... on CloseAccountResult {
status
Expand Down Expand Up @@ -1471,7 +1471,7 @@ describe('given the closeAccount mutation', () => {
schema,
`
mutation {
closeAccount(input: {}) {
closeAccountSelf(input: {}) {
result {
... on CloseAccountResult {
status
Expand Down
143 changes: 114 additions & 29 deletions api/src/user/mutations/close-account.js
Original file line number Diff line number Diff line change
Expand Up @@ -5,9 +5,98 @@ import { logActivity } from '../../audit-logs/mutations/log-activity'

import { closeAccountUnion } from '../unions'

export const closeAccount = new mutationWithClientMutationId({
name: 'CloseAccount',
description: `This mutation allows a user to close their account, or a super admin to close another user's account.`,
export const closeAccountSelf = new mutationWithClientMutationId({
name: 'CloseAccountSelf',
description: `This mutation allows a user to close their account.`,
outputFields: () => ({
result: {
type: closeAccountUnion,
description: '`CloseAccountUnion` returning either a `CloseAccountResult`, or `CloseAccountError` object.',
resolve: (payload) => payload,
},
}),
mutateAndGetPayload: async (
args,
{ i18n, query, collections, transaction, auth: { userRequired }, validators: { cleanseInput } },
) => {
let submittedUserId
if (args?.userId) {
submittedUserId = fromGlobalId(cleanseInput(args.userId)).id
}

const user = await userRequired()

const userId = user._id
const targetUserName = user.userName

// Setup Trans action
const trx = await transaction(collections)

try {
await trx.step(
() => query`
WITH affiliations, organizations, users
FOR v, e IN 1..1 INBOUND ${userId} affiliations
REMOVE { _key: e._key } IN affiliations
OPTIONS { waitForSync: true }
`,
)
} catch (err) {
console.error(
`Trx step error occurred when removing users remaining affiliations when user: ${user._key} attempted to close account: ${userId}: ${err}`,
)
throw new Error(i18n._(t`Unable to close account. Please try again.`))
}

try {
await trx.step(
() => query`
WITH users
REMOVE PARSE_IDENTIFIER(${userId}).key
IN users OPTIONS { waitForSync: true }
`,
)
} catch (err) {
console.error(
`Trx step error occurred when removing user: ${user._key} attempted to close account: ${userId}: ${err}`,
)
throw new Error(i18n._(t`Unable to close account. Please try again.`))
}

try {
await trx.commit()
} catch (err) {
console.error(`Trx commit error occurred when user: ${user._key} attempted to close account: ${userId}: ${err}`)
throw new Error(i18n._(t`Unable to close account. Please try again.`))
}

console.info(`User: ${user._key} successfully closed user: ${userId} account.`)
await logActivity({
transaction,
collections,
query,
initiatedBy: {
id: user._key,
userName: user.userName,
role: submittedUserId ? 'SUPER_ADMIN' : '',
},
action: 'delete',
target: {
resource: targetUserName, // name of resource being acted upon
resourceType: 'user', // user, org, domain
},
})

return {
_type: 'regular',
status: i18n._(t`Successfully closed account.`),
}
},
})

export const closeAccountOther = new mutationWithClientMutationId({
name: 'CloseAccountOther',
description: `This mutation allows a super admin to close another user's account.`,
inputFields: () => ({
userId: {
type: GraphQLID,
Expand Down Expand Up @@ -42,36 +131,32 @@ export const closeAccount = new mutationWithClientMutationId({

let userId = ''
let targetUserName = ''
if (submittedUserId) {
const permission = await checkSuperAdmin()
if (!permission) {
console.warn(
`User: ${user._key} attempted to close user: ${submittedUserId} account, but requesting user is not a super admin.`,
)
return {
_type: 'error',
code: 400,
description: i18n._(t`Permission error: Unable to close other user's account.`),
}

const permission = await checkSuperAdmin()
if (!permission) {
console.warn(
`User: ${user._key} attempted to close user: ${submittedUserId} account, but requesting user is not a super admin.`,
)
return {
_type: 'error',
code: 400,
description: i18n._(t`Permission error: Unable to close other user's account.`),
}
}

const checkUser = await loadUserByKey.load(submittedUserId)
if (typeof checkUser === 'undefined') {
console.warn(
`User: ${user._key} attempted to close user: ${submittedUserId} account, but requested user is undefined.`,
)
return {
_type: 'error',
code: 400,
description: i18n._(t`Unable to close account of an undefined user.`),
}
const checkUser = await loadUserByKey.load(submittedUserId)
if (typeof checkUser === 'undefined') {
console.warn(
`User: ${user._key} attempted to close user: ${submittedUserId} account, but requested user is undefined.`,
)
return {
_type: 'error',
code: 400,
description: i18n._(t`Unable to close account of an undefined user.`),
}
userId = checkUser._id
targetUserName = checkUser.userName
} else {
userId = user._id
targetUserName = user.userName
}
userId = checkUser._id
targetUserName = checkUser.userName

// Setup Trans action
const trx = await transaction(collections)
Expand Down
Loading

0 comments on commit 7438190

Please sign in to comment.