7c1f79db2a
- Added a comprehensive ban checking system to prevent access for banned users at multiple levels, including database, API, and client-side. - Introduced `bannedUntil` field in the customer model to manage temporary and permanent bans effectively. - Enhanced `BaseService` and various service classes to include ban checks, ensuring that banned users cannot perform actions or access data. - Updated error handling to provide consistent feedback for banned users across the application. - Improved user experience with a dedicated ban check component and a user-friendly ban notification page.
86 lines
2.2 KiB
TypeScript
86 lines
2.2 KiB
TypeScript
import { getClientWithToken } from '../apollo/client';
|
|
import { ERRORS } from '../constants/errors';
|
|
import * as GQL from '../types';
|
|
import { BaseService } from './base';
|
|
import { type VariablesOf } from '@graphql-typed-document-node/core';
|
|
|
|
export class ServicesService extends BaseService {
|
|
async createService(variables: VariablesOf<typeof GQL.CreateServiceDocument>) {
|
|
await this.checkIsBanned();
|
|
|
|
const { customer } = await this._getUser();
|
|
|
|
const { mutate } = await getClientWithToken();
|
|
|
|
const mutationResult = await mutate({
|
|
mutation: GQL.CreateServiceDocument,
|
|
variables: {
|
|
...variables,
|
|
data: {
|
|
...variables.data,
|
|
master: customer?.documentId,
|
|
},
|
|
},
|
|
});
|
|
|
|
const error = mutationResult.errors?.at(0);
|
|
if (error) throw new Error(error.message);
|
|
|
|
return mutationResult.data;
|
|
}
|
|
|
|
async getService(variables: VariablesOf<typeof GQL.GetServiceDocument>) {
|
|
await this.checkIsBanned();
|
|
|
|
const { query } = await getClientWithToken();
|
|
|
|
const result = await query({
|
|
query: GQL.GetServiceDocument,
|
|
variables,
|
|
});
|
|
|
|
return result.data;
|
|
}
|
|
|
|
async getServices(variables: VariablesOf<typeof GQL.GetServicesDocument>) {
|
|
await this.checkIsBanned();
|
|
|
|
const { query } = await getClientWithToken();
|
|
|
|
const result = await query({
|
|
query: GQL.GetServicesDocument,
|
|
variables,
|
|
});
|
|
|
|
return result.data;
|
|
}
|
|
|
|
async updateService(variables: VariablesOf<typeof GQL.UpdateServiceDocument>) {
|
|
await this.checkIsBanned();
|
|
|
|
await this.checkPermission(variables);
|
|
|
|
const { mutate } = await getClientWithToken();
|
|
|
|
const mutationResult = await mutate({
|
|
mutation: GQL.UpdateServiceDocument,
|
|
variables,
|
|
});
|
|
|
|
const error = mutationResult.errors?.at(0);
|
|
if (error) throw new Error(error.message);
|
|
|
|
return mutationResult.data;
|
|
}
|
|
|
|
private async checkPermission(
|
|
variables: Pick<VariablesOf<typeof GQL.GetServiceDocument>, 'documentId'>,
|
|
) {
|
|
const { customer } = await this._getUser();
|
|
|
|
const { service } = await this.getService({ documentId: variables.documentId });
|
|
|
|
if (service?.master?.documentId !== customer?.documentId) throw new Error(ERRORS.NO_PERMISSION);
|
|
}
|
|
}
|