Skip to content

Commit e42fbfe

Browse files
NarwhalChenNarwhalChen
committed
feat: enforce admin role requirement for dashboard queries and mutations
1 parent 3c423d7 commit e42fbfe

File tree

1 file changed

+23
-0
lines changed

1 file changed

+23
-0
lines changed

backend/src/dashboard/dashboard.resolver.ts

Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -33,27 +33,31 @@ export class DashboardResolver {
3333
private readonly authService: AuthService,
3434
) {}
3535

36+
@RequireRoles('Admin')
3637
@Query(() => [User])
3738
async dashboardUsers(
3839
@Args('filter', { nullable: true }) filter?: UserFilterInput,
3940
): Promise<User[]> {
4041
return await this.dashboardService.findUsers(filter);
4142
}
4243

44+
@RequireRoles('Admin')
4345
@Query(() => User)
4446
async dashboardUser(
4547
@Args('id', { type: () => ID }) id: string,
4648
): Promise<User> {
4749
return this.dashboardService.findUserById(id);
4850
}
4951

52+
@RequireRoles('Admin')
5053
@Mutation(() => User)
5154
async createDashboardUser(
5255
@Args('input') input: CreateUserInput,
5356
): Promise<User> {
5457
return this.dashboardService.createUser(input);
5558
}
5659

60+
@RequireRoles('Admin')
5761
@Mutation(() => User)
5862
async updateDashboardUser(
5963
@Args('id', { type: () => ID }) id: string,
@@ -62,6 +66,7 @@ export class DashboardResolver {
6266
return this.dashboardService.updateUser(id, input);
6367
}
6468

69+
@RequireRoles('Admin')
6570
@Mutation(() => Boolean)
6671
async deleteDashboardUser(
6772
@Args('id', { type: () => ID }) id: string,
@@ -70,20 +75,23 @@ export class DashboardResolver {
7075
}
7176

7277
// Chat Management
78+
@RequireRoles('Admin')
7379
@Query(() => [Chat])
7480
async dashboardChats(
7581
@Args('filter', { nullable: true }) filter?: ChatFilterInput,
7682
): Promise<Chat[]> {
7783
return this.dashboardService.findChats(filter);
7884
}
7985

86+
@RequireRoles('Admin')
8087
@Query(() => Chat)
8188
async dashboardChat(
8289
@Args('id', { type: () => ID }) id: string,
8390
): Promise<Chat> {
8491
return this.dashboardService.findChatById(id);
8592
}
8693

94+
@RequireRoles('Admin')
8795
@Mutation(() => Chat)
8896
async createDashboardChat(
8997
@GetUserIdFromToken() userId: string,
@@ -92,6 +100,7 @@ export class DashboardResolver {
92100
return this.dashboardService.createChat(input, userId);
93101
}
94102

103+
@RequireRoles('Admin')
95104
@Mutation(() => Chat)
96105
async updateDashboardChat(
97106
@Args('id', { type: () => ID }) id: string,
@@ -100,6 +109,7 @@ export class DashboardResolver {
100109
return this.dashboardService.updateChat(id, input);
101110
}
102111

112+
@RequireRoles('Admin')
103113
@Mutation(() => Boolean)
104114
async deleteDashboardChat(
105115
@Args('id', { type: () => ID }) id: string,
@@ -108,20 +118,23 @@ export class DashboardResolver {
108118
}
109119

110120
// Project Management
121+
@RequireRoles('Admin')
111122
@Query(() => [Project])
112123
async dashboardProjects(
113124
@Args('filter', { nullable: true }) filter?: ProjectFilterInput,
114125
): Promise<Project[]> {
115126
return this.dashboardService.findProjects(filter);
116127
}
117128

129+
@RequireRoles('Admin')
118130
@Query(() => Project)
119131
async dashboardProject(
120132
@Args('id', { type: () => ID }) id: string,
121133
): Promise<Project> {
122134
return this.dashboardService.findProjectById(id);
123135
}
124136

137+
@RequireRoles('Admin')
125138
@Mutation(() => Chat)
126139
async createDashboardProject(
127140
@GetUserIdFromToken() userId: string,
@@ -130,6 +143,7 @@ export class DashboardResolver {
130143
return await this.dashboardService.createProject(input, userId);
131144
}
132145

146+
@RequireRoles('Admin')
133147
@Mutation(() => Project)
134148
async updateDashboardProject(
135149
@Args('id', { type: () => ID }) id: string,
@@ -138,32 +152,38 @@ export class DashboardResolver {
138152
return this.dashboardService.updateProject(id, input);
139153
}
140154

155+
@RequireRoles('Admin')
141156
@Mutation(() => Boolean)
142157
async deleteDashboardProject(
143158
@Args('id', { type: () => ID }) id: string,
144159
): Promise<boolean> {
145160
return this.dashboardService.deleteProject(id);
146161
}
147162

163+
// Role Management
164+
@RequireRoles('Admin')
148165
@Query(() => [Role])
149166
async dashboardRoles(): Promise<Role[]> {
150167
return this.dashboardService.findRoles();
151168
}
152169

170+
@RequireRoles('Admin')
153171
@Query(() => Role)
154172
async dashboardRole(
155173
@Args('id', { type: () => ID }) id: string,
156174
): Promise<Role> {
157175
return this.dashboardService.findRoleById(id);
158176
}
159177

178+
@RequireRoles('Admin')
160179
@Mutation(() => Role)
161180
async createDashboardRole(
162181
@Args('input') input: CreateRoleInput,
163182
): Promise<Role> {
164183
return this.dashboardService.createRole(input);
165184
}
166185

186+
@RequireRoles('Admin')
167187
@Mutation(() => Role)
168188
async updateDashboardRole(
169189
@Args('id', { type: () => ID }) id: string,
@@ -172,13 +192,16 @@ export class DashboardResolver {
172192
return this.dashboardService.updateRole(id, input);
173193
}
174194

195+
@RequireRoles('Admin')
175196
@Mutation(() => Boolean)
176197
async deleteDashboardRole(
177198
@Args('id', { type: () => ID }) id: string,
178199
): Promise<boolean> {
179200
return this.dashboardService.deleteRole(id);
180201
}
181202

203+
// Dashboard Stats
204+
@RequireRoles('Admin')
182205
@Query(() => DashboardStats)
183206
async dashboardStats(): Promise<DashboardStats> {
184207
return this.dashboardService.getDashboardStats();

0 commit comments

Comments
 (0)