admin/zapishis-client
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
zapishis-client/packages/graphql/api/customers.ts
vchikalkin 7c1f79db2a feat(ban-system): implement multi-level user ban checks across services 
- Added a comprehensive ban checking system to prevent access for banned users at multiple levels, including database, API, and client-side.
- Introduced `bannedUntil` field in the customer model to manage temporary and permanent bans effectively.
- Enhanced `BaseService` and various service classes to include ban checks, ensuring that banned users cannot perform actions or access data.
- Updated error handling to provide consistent feedback for banned users across the application.
- Improved user experience with a dedicated ban check component and a user-friendly ban notification page.
2025-08-26 12:32:22 +03:00

117 lines
3.1 KiB
TypeScript
Raw Blame History

import { getClientWithToken } from '../apollo/client';
import { ERRORS } from '../constants/errors';
import * as GQL from '../types';
import { BaseService } from './base';
import { type VariablesOf } from '@graphql-typed-document-node/core';
export class CustomersService extends BaseService {
async addMasters(variables: VariablesOf<typeof GQL.UpdateCustomerDocument>) {
await this.checkIsBanned();
const newMasterIds = variables.data.masters;
// Проверяем, что пользователь не пытается изменить поле bannedUntil
if (variables.data.bannedUntil !== undefined) {
throw new Error(ERRORS.NO_PERMISSION);
}
const { mutate, query } = await getClientWithToken();
const getMastersResult = await query({
query: GQL.GetMastersDocument,
variables,
});
const existingMasterIds = getMastersResult?.data?.customers
?.at(0)
?.masters.map((x) => x?.documentId);
const newMastersIds = [...new Set([...(existingMasterIds || []), ...(newMasterIds || [])])];
const mutationResult = await mutate({
mutation: GQL.UpdateCustomerDocument,
variables: {
data: { masters: newMastersIds },
documentId: variables.documentId,
},
});
const error = mutationResult.errors?.at(0);
if (error) throw new Error(error.message);
return mutationResult.data;
}
async getClients(variables?: VariablesOf<typeof GQL.GetClientsDocument>) {
await this.checkIsBanned();
const { query } = await getClientWithToken();
const result = await query({
query: GQL.GetClientsDocument,
variables,
});
const customer = result.data.customers.at(0);
return customer;
}
async getCustomer(variables: VariablesOf<typeof GQL.GetCustomerDocument>) {
await this.checkIsBanned();
const { query } = await getClientWithToken();
const result = await query({
query: GQL.GetCustomerDocument,
variables,
});
const customer = result.data.customers.at(0);
return { customer };
}
async getMasters(variables?: VariablesOf<typeof GQL.GetMastersDocument>) {
await this.checkIsBanned();
const { query } = await getClientWithToken();
const result = await query({
query: GQL.GetMastersDocument,
variables,
});
const customer = result.data.customers.at(0);
return customer;
}
async updateCustomer(
variables: Omit<VariablesOf<typeof GQL.UpdateCustomerDocument>, 'documentId'>,
) {
await this.checkIsBanned();
const { customer } = await this._getUser();
// Пров еряем, что пользователь не пытается изменить поле bannedUntil
if (variables.data.bannedUntil !== undefined) {
throw new Error(ERRORS.NO_PERMISSION);
}
const { mutate } = await getClientWithToken();
const mutationResult = await mutate({
mutation: GQL.UpdateCustomerDocument,
variables: {
data: variables.data,
documentId: customer.documentId,
},
});
const error = mutationResult.errors?.at(0);
if (error) throw new Error(error.message);
return mutationResult.data;
}
}
Reference in New Issue View Git Blame Copy Permalink