demarches-normaliennes/app/graphql/api/v2/context.rb

class API::V2::Context < GraphQL::Query::Context
  # This method is used to check if a given fragment is used in the given query. We need that in
  # order to maintain backward compatibility for Types de Champ that we extended in later iterations
  # of our schema. If it is an introspection query, we assume all fragments are present.
  def has_fragment?(fragment_name)
    return true if query.nil?
    return true if introspection?

    self[:has_fragment] ||= Hash.new do |hash, fragment_name|
      visitor = HasFragment.new(query.document, fragment_name)
      visitor.visit
      hash[fragment_name] = visitor.found
    end
    self[:has_fragment][fragment_name]
  end

  def has_fragments?(fragment_names)
    fragment_names.any? { has_fragment?(_1) }
  end

  def introspection?
    query.selected_operation.name == "IntrospectionQuery"
  end

  def internal_use?
    self[:internal_use]
  end

  def current_administrateur
    unless self[:administrateur_id]
      raise GraphQL::ExecutionError.new("Pour effectuer cette opération, vous avez besoin d’un jeton au nouveau format. Vous pouvez l’obtenir dans votre interface administrateur.", extensions: { code: :deprecated_token })
    end
    Administrateur.find(self[:administrateur_id])
  end

  def authorized_demarche?(demarche, opendata: false)
    if internal_use?
      return true
    end

    if opendata && demarche.opendata?
      return true
    end

    # We are caching authorization logic because it is called for each node
    # of the requested graph and can be expensive. Context is reset per request so it is safe.
    self[:authorized] ||= Hash.new do |hash, demarche_id|
      hash[demarche_id] = if self[:administrateur_id]
        demarche.administrateurs.map(&:id).include?(self[:administrateur_id])
      elsif self[:token]
        APIToken.find_and_verify(self[:token], demarche.administrateurs).present?
      end
    end

    self[:authorized][demarche.id]
  end

  # This is a query AST visitor that we use to check
  # if a fragment with a given name is used in the given document.
  # We check for both inline and standalone fragments.
  class HasFragment < GraphQL::Language::Visitor
    def initialize(document, fragment_name)
      super(document)
      @fragment_name = fragment_name.to_s
      @found = false
    end

    attr_reader :found

    def on_inline_fragment(node, parent)
      if node.type.name == @fragment_name
        @found = true
      end

      super
    end

    def on_fragment_definition(node, parent)
      if node.type.name == @fragment_name
        @found = true
      end

      super
    end
  end
end
-												zeitwerk: Api -> API

											
										
										
											2020-08-05 18:40:47 +02:00
+								class API::V2::Context < GraphQL::Query::Context
-												fix(graphql): remove deprecated options from introspection query

											
										
										
											2023-01-19 19:37:58 +01:00
+								  # This method is used to check if a given fragment is used in the given query. We need that in
 								  # order to maintain backward compatibility for Types de Champ that we extended in later iterations
 								  # of our schema. If it is an introspection query, we assume all fragments are present.
-												fix(graphql): detect custom champs in fragment definitions

											
										
										
											2022-04-11 22:35:51 +02:00
+								  def has_fragment?(fragment_name)
-												fix(graphql): remove deprecated options from introspection query

											
										
										
											2023-01-19 19:37:58 +01:00
+								    return true if query.nil?
 								    return true if introspection?
-												fix(graphql): detect custom champs in fragment definitions

											
										
										
											2022-04-11 22:35:51 +02:00
+								    self[:has_fragment] ||= Hash.new do |hash, fragment_name|
 								      visitor = HasFragment.new(query.document, fragment_name)
-												GraphQL: add has_fragment to context

											
										
										
											2020-12-18 11:16:18 +01:00
+								      visitor.visit
-												fix(graphql): detect custom champs in fragment definitions

											
										
										
											2022-04-11 22:35:51 +02:00
+								      hash[fragment_name] = visitor.found
-												GraphQL: add has_fragment to context

											
										
										
											2020-12-18 11:16:18 +01:00
+								    end
-												fix(graphql): detect custom champs in fragment definitions

											
										
										
											2022-04-11 22:35:51 +02:00
+								    self[:has_fragment][fragment_name]
-												GraphQL: add has_fragment to context

											
										
										
											2020-12-18 11:16:18 +01:00
+								  end
-												fix(graphql): remove deprecated options from introspection query

											
										
										
											2023-01-19 19:37:58 +01:00
+								  def has_fragments?(fragment_names)
 								    fragment_names.any? { has_fragment?(_1) }
 								  end
 								  def introspection?
 								    query.selected_operation.name == "IntrospectionQuery"
 								  end
-												Add a way to authoraize any query through context

											
										
										
											2021-01-28 13:52:14 +01:00
+								  def internal_use?
 								    self[:internal_use]
 								  end
-												feat(graphql): expose current_administrateur when using new tokens

											
										
										
											2022-11-24 15:25:14 +01:00
+								  def current_administrateur
 								    unless self[:administrateur_id]
-												feat(graphql): implement add/remove instructeurs via API

											
										
										
											2023-01-10 17:20:22 +01:00
+								      raise GraphQL::ExecutionError.new("Pour effectuer cette opération, vous avez besoin d’un jeton au nouveau format. Vous pouvez l’obtenir dans votre interface administrateur.", extensions: { code: :deprecated_token })
-												feat(graphql): expose current_administrateur when using new tokens

											
										
										
											2022-11-24 15:25:14 +01:00
+								    end
 								    Administrateur.find(self[:administrateur_id])
 								  end
-												fix(graphql): annotationDescriptors should not be exposed as opendata

											
										
										
											2022-11-25 13:33:10 +01:00
+								  def authorized_demarche?(demarche, opendata: false)
-												Add a way to authoraize any query through context

											
										
										
											2021-01-28 13:52:14 +01:00
+								    if internal_use?
 								      return true
 								    end
-												fix(graphql): annotationDescriptors should not be exposed as opendata

											
										
										
											2022-11-25 13:33:10 +01:00
+								    if opendata && demarche.opendata?
 								      return true
 								    end
-												Add a way to authoraize any query through context

											
										
										
											2021-01-28 13:52:14 +01:00
+								    # We are caching authorization logic because it is called for each node
 								    # of the requested graph and can be expensive. Context is reset per request so it is safe.
 								    self[:authorized] ||= Hash.new do |hash, demarche_id|
-												fix(api): on fixe avec avec des tests le prob de token

											
										
										
											2023-01-19 17:40:19 +01:00
+								      hash[demarche_id] = if self[:administrateur_id]
-												feat(api_token): api v2 use new token

											
										
										
											2022-11-30 10:14:23 +01:00
+								        demarche.administrateurs.map(&:id).include?(self[:administrateur_id])
-												fix(api): on fixe avec avec des tests le prob de token

											
										
										
											2023-01-19 17:40:19 +01:00
+								      elsif self[:token]
 								        APIToken.find_and_verify(self[:token], demarche.administrateurs).present?
-												Add a way to authoraize any query through context

											
										
										
											2021-01-28 13:52:14 +01:00
+								      end
 								    end
 								    self[:authorized][demarche.id]
 								  end
-												fix(graphql): detect custom champs in fragment definitions

											
										
										
											2022-04-11 22:35:51 +02:00
+								  # This is a query AST visitor that we use to check
 								  # if a fragment with a given name is used in the given document.
 								  # We check for both inline and standalone fragments.
-												GraphQL: add has_fragment to context

											
										
										
											2020-12-18 11:16:18 +01:00
+								  class HasFragment < GraphQL::Language::Visitor
-												fix(graphql): detect custom champs in fragment definitions

											
										
										
											2022-04-11 22:35:51 +02:00
+								    def initialize(document, fragment_name)
-												GraphQL: add has_fragment to context

											
										
										
											2020-12-18 11:16:18 +01:00
+								      super(document)
-												fix(graphql): detect custom champs in fragment definitions

											
										
										
											2022-04-11 22:35:51 +02:00
+								      @fragment_name = fragment_name.to_s
-												GraphQL: add has_fragment to context

											
										
										
											2020-12-18 11:16:18 +01:00
+								      @found = false
 								    end
 								    attr_reader :found
 								    def on_inline_fragment(node, parent)
-												fix(graphql): detect custom champs in fragment definitions

											
										
										
											2022-04-11 22:35:51 +02:00
+								      if node.type.name == @fragment_name
 								        @found = true
 								      end
 								      super
 								    end
 								    def on_fragment_definition(node, parent)
 								      if node.type.name == @fragment_name
-												GraphQL: add has_fragment to context

											
										
										
											2020-12-18 11:16:18 +01:00
+								        @found = true
 								      end
 								      super
 								    end
 								  end
 								end