Closed pedro-gutierrez closed 3 years ago
Is your feature request related to a problem? Please describe.
We currently have GraphQL queries and mutations to deal with users and roles. We also have basic authorisation absinthe middleware that helps us protect resolvers. This ticket is to finish the work started in https://github.com/distributeaid/toolbox/pull/101 and https://github.com/distributeaid/toolbox/pull/99 so that we have a more secure user management api.
Describe the solution you'd like
Protect all queries and mutations in FerryApi.Schema.User with authorisation middleware.
FerryApi.Schema.User
Also make sure that group members have the expected visibility on other users, ie users can see only users from groups they have in common.
Tests must be provided for:
Is your feature request related to a problem? Please describe.
We currently have GraphQL queries and mutations to deal with users and roles. We also have basic authorisation absinthe middleware that helps us protect resolvers. This ticket is to finish the work started in https://github.com/distributeaid/toolbox/pull/101 and https://github.com/distributeaid/toolbox/pull/99 so that we have a more secure user management api.
Describe the solution you'd like
Protect all queries and mutations in
FerryApi.Schema.Userwith authorisation middleware.Also make sure that group members have the expected visibility on other users, ie users can see only users from groups they have in common.
Tests must be provided for: