Merge pull request #19 from JoinColony/feat/2213-edit-streams-using-p…

…ermissions

Feat: Handle UpdateStreamingPaymentMetadata mutation

src/queries.ts

@@ -20,10 +20,38 @@ export const getColonyRole = /* GraphQL */ `
   }
 `;
 
+export const getAllColonyRoles = /* GraphQL */ `
+  query GetAllColonyRoles($targetAddress: ID!, $colonyAddress: ID!) {
+    getRoleByTargetAddressAndColony(
+      targetAddress: $targetAddress
+      colonyAddress: { eq: $colonyAddress }
+    ) {
+      items {
+        id
+        role_0
+        role_1
+        role_2
+        role_3
+        role_5
+        role_6
+      }
+    }
+  }
+`;
+
 export const getColonyTokens = /* GraphQL */ `
   query GetColonyFromToken($tokenColonyId: ID!) {
     getColonyTokens(id: $tokenColonyId) {
       colonyID
     }
   }
 `;
+
+export const getStreamingPayment = /* GraphQL */ `
+  query GetStreamingPayment($streamingPaymentId: ID!) {
+    getStreamingPayment(id: $streamingPaymentId) {
+      id
+      nativeDomainId
+    }
+  }
+`;

src/routes/graphql/mutations.ts

@@ -1,9 +1,15 @@
 import { Request } from 'express-serve-static-core';
-import { ColonyRole } from '@colony/core';
+import { ColonyRole, Id } from '@colony/core';
 
 import { logger, detectOperation, tryFetchGraphqlQuery } from '~helpers';
-import { MutationOperations } from '~types';
-import { getColonyAction, getColonyRole, getColonyTokens } from '~queries';
+import { MutationOperations, UserRole } from '~types';
+import {
+  getAllColonyRoles,
+  getColonyAction,
+  getColonyRole,
+  getColonyTokens,
+  getStreamingPayment,
+} from '~queries';
 
 const hasMutationPermissions = async (
   operationName: string,
@@ -160,6 +166,39 @@ const hasMutationPermissions = async (
       case MutationOperations.CreateAnnotation: {
         return true;
       }
+      case MutationOperations.UpdateStreamingPaymentMetadata: {
+        const {
+          input: { id: streamingPaymentId },
+        } = JSON.parse(variables);
+        try {
+          // We need to check if the user has permissions in the domain the streaming payment was created in or the root domain
+          const { nativeDomainId } = await tryFetchGraphqlQuery(
+            getStreamingPayment,
+            {
+              streamingPaymentId,
+            },
+          );
+          const [colonyAddress] = streamingPaymentId.split('_');
+
+          const { items: userRoles }: { items: UserRole[] } =
+            await tryFetchGraphqlQuery(getAllColonyRoles, {
+              targetAddress: userAddress,
+              colonyAddress,
+            });
+
+          return userRoles.some((item) => {
+            const [, roleDomainId] = item.id.split('_');
+            const matchesDomain =
+              roleDomainId === String(nativeDomainId) ||
+              roleDomainId === String(Id.RootDomain);
+            const hasRole = !!item[`role_${ColonyRole.Administration}`];
+            return matchesDomain && hasRole;
+          });
+        } catch (error) {
+          // silent
+          return false;
+        }
+      }
       /**
        * Metadata can be created as part of the motion process, so we need to allow
        * those mutations even for users with no permissions

src/types.ts

@@ -52,6 +52,7 @@ export enum MutationOperations {
    */
   CreateExpenditureMetadata = 'createExpenditureMetadata',
   CreateStreamingPaymentMetadata = 'createStreamingPaymentMetadata',
+  UpdateStreamingPaymentMetadata = 'updateStreamingPaymentMetadata',
 }
 
 export enum HttpStatuses {
@@ -123,3 +124,13 @@ export interface RouteHandler {
   url: Urls;
   handler: RequestHandler;
 }
+
+export type UserRole = {
+  id: string;
+  role_0: boolean | null;
+  role_1: boolean | null;
+  role_2: boolean | null;
+  role_3: boolean | null;
+  role_5: boolean | null;
+  role_6: boolean | null;
+};