Support GraphQL mutations

[mattstein]

Description

This PR-in-progress adds mutation support to approximate front-end controller actions via the GraphQL API.

There’s some architectural gray area—at least for me—since GraphQL includes a concept of customizable schemas and tokens, where a Craft User session may or may not be relevant or available depending on how the plugin is used. It seems like it’s best to support plugin settings wherever possible rather than duplicating them, keeping the schema components simple.

Comments are saved using SCENARIO_LIVE, mimicking Craft’s own elements+GraphQL. It seems like this scenario was previously unused and safe to set up exclusively for use via GraphQL.

This randomly adds a comment query for getting a single comment in addition to the existing comments one—mostly for fun and to follow the pattern used by first-party element types.

Features

GraphQL features to be supported and tested.

✓: supported and tested

• [x] comment creation via saveComment
  • [x] mutation as guest
  • [x] + nesting/target selection
  • [x] mutation as user
  • [x] custom fields
• [x] comment editing via saveComment with ID
  • [x] edit as guest
  • [x] edit own comments (user)
  • [x] cannot edit others’ comments (user)
  • [x] custom fields
• [x] comment upvote/downvote via voteComment
  • [x] vote up or down as guest
  • [x] vote up or down as user
• [x] comment flagging via flagComment
  • [x] flag as guest
  • [x] flag as user
• [x] comment subscribe/unsubscribe via subscribeComment
  • [x] cannot toggle as guest
  • [x] can toggle as user
• [x] comment deletion via deleteComment
  • [x] cannot delete any comments as guest
  • [x] delete own comments (user)

Validation

Exhaustive list of settings to check against. (Some may already be supported and just need testing.)

✓: supported and tested

• [x] honors Allow Guest Comments setting
  • [x] honors Guest Notice setting with custom “must log in” message
• [x] honors Require Email and Name for Guests setting
• [x] honors Maximum Reply Depth setting
• [x] honors Maximum Comments per-user setting
• [x] honors Allow Subscriber Notifications setting
• [x] honors Allow Per-Comment Subscriber Notifications setting
• [x] honors Enable Voting setting
• [x] honors Enable Guest Voting setting
• [x] honors Enable Flagging setting
• [x] honors Enable Guest Flagging setting
• [x] honors Maximum Comment Length setting
• [x] honors Minimum Time Between Comments setting
• [x] honors individual per-element-type permissions (Settings → Permissions)

[engram-design]

Thanks so much for starting this @mattstein - amazing work! I'll review everything shortly.

[mattstein]

Sure thing @engram-design, just sneaking this draft PR in now that I’ve got a good start.

I noted quick examples of what’s working right now, but validation and schema components need fine-tuning to account for the plugin settings and user-limited actions. Still thinking through those a bit, but happy to talk through this at any point!

[mattstein]

Finally have this to a place that’s worth reviewing, @engram-design! Some interfaces may need adjustment (commentId instead of id, etc.), but I fleshed out the PR description for a better summary of what’s going on here.

[engram-design]

Nice work - I've been following along! I'll dive into review in the coming days.

[engram-design]

Thanks again for your work on this!