tobkle
diff --git a/‎CHANGELOG.md‎
Lines changed: 5 additions & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎README.md‎
Lines changed: 149 additions & 0 deletions b/‎README.md‎
Lines changed: 149 additions & 0 deletions
diff --git a/‎bin/create-graphql-server.js‎
Lines changed: 63 additions & 24 deletions b/‎bin/create-graphql-server.js‎
Lines changed: 63 additions & 24 deletions
@@ -1,4 +1,9 @@
 
+0.5.5
+
+- Added an authorization generator
+- Added a command add-user to generate user resolvers automatically
+
 0.5.4
 
  - Added the possibility to run "add-type" several times, which overwrites existing types
 
@@ -1,3 +1,152 @@
+*** WORK IN PROGRESS -- NOT YET FINISHED ***
+development is not yet finalized, and not yet tested
+This is to discuss the current approach to introduce a generator for authorizations also.
+
+# Command **add-user**
+To add a new User type, use the following command:
+```bash
+   create-graphql-server add-user path/to/user-input-type.graphql
+```
+
+This generates a new user with the input type file. A new command was necessary, as the user type has a different resolver to handle password and hash.
+
+If important fields with dependent logics are missing, they are added automatically by the generator, such as the fields: **email**, **password**, **role**.
+
+# Authorization for types
+Use the new directive @authorize in the type definition to control the authorization settings:
+```javascript
+	type User
+	@authorize(
+	  create: ["owner"]
+	  read: ["world"]
+	  update: ["owner", "admin"]
+	  delete: ["owner", "admin"]
+	  ownerField: "id"
+	  roleField: "role"
+	  defaultUserRole: 'user',
+	  firstUserRole: 'admin',
+	  adminUserRole: 'admin',
+	)
+	{
+	  email: String!
+	  name: String
+	  role: String!
+	}
+```
+or:
+```javascript
+	type Post
+	@authorize(
+	  create: ["owner"]
+	  read: ["world"]
+	  update: ["owner", "admin"]
+	  delete: ["owner", "admin"]
+	  ownerField: "ownerId"
+	  roleField: "role"
+	)
+	{
+	  post: String!
+	  comment: String
+	  owner: User1 @belongsTo
+	}
+```
+
+Meaning of the directive's arguments:
+* create = Authorization for a create mutation
+* read   = Authorization for a read query
+* update = Authorization for a update mutation
+* delete = Authorization for a delete mutation
+* 
+Add the authorized users in the array with...
+* "owner" = the user, who created the document
+* "world" = everyone is authorized
+* "admin" = the administrator, of the system
+* role    = add any role, in the role field
+
+The generator will create a new folder named authorization. In that folder, a new index.js file is copied into, which hosts the authorization logic. This authorization logic exposes only one central function **authorize()**, which will be called for each resolver's data handler. This authorize function should be only used in the resolver. It can send and receive whether an array or a document. It has the following signature:
+
+```javascript
+const authorized_data = await authorize('TypeName', TypeName, 'mode', user, data);
+```
+whereas: 'TypeName' is a string with the current type name of the resolver, the passed TypeName contains the context of the resolver (Model,...), 'mode' contains a string with any of the available modes of the data access: 'create', 'read', 'update', 'delete', to inform the authorization module, what kind of data operation it shall authorize, user is the context object of the authenticated user, and input is the data which should be checked. The authorize function returns checked and authorized data. If for example one document of the data array is not accessible by the authenticated user, then it is filtered out and not included in the returned array/object.
+
+Also, for each generated type, it creates an additional file in the authorization folder named by its type.js. In that file, all rules for a successfull authorization check is stored. You can adjust this file directly also afterwards as it keeps only data, with the following rules: 
+
+```javascript
+let defaultAuthorization = {
+  name: ObjectTypeDefinition.name.value || 'nameNotFound',
+  field: {
+    ownerField: 'ownerId',
+    roleField: 'role',
+  },
+  rules: [
+    {
+      mode: 'create',
+      roles: ['owner'],
+      removeFields: [],
+    },
+    {
+      mode: 'read',
+      roles: ['owner'],
+      removeFields: [],
+    },
+    {
+      mode: 'update',
+      roles: ['owner', 'admin'],
+      removeFields: [],
+    },
+    {
+      mode: 'delete',
+      roles: ['owner', 'admin'],
+      removeFields: [],
+    },
+  ]
+};
+```
+
+```javascript
+let defaultUserAuthorization = {
+  name: ObjectTypeDefinition.name.value || 'nameNotFound',
+  isUser: true,
+  defaultUserRole: 'user',
+  firstUserRole: 'admin',
+  adminUserRole: 'admin',
+  field: {
+    ownerField: 'id',
+    roleField: 'role',
+  },
+  rules: [
+    {
+      mode: 'create',
+      roles: ['world'],
+      removeFields: ['role'],
+    },
+    {
+      mode: 'read',
+      roles: ['world'],
+      removeFields: [],
+    },
+    {
+      mode: 'update',
+      roles: ['owner'],
+      removeFields: ['role'],
+    },
+    {
+      mode: 'update',
+      roles: ['admin'],
+      removeFields: [],
+    },
+    {
+      mode: 'delete',
+      roles: ['owner', 'admin'],
+      removeFields: [],
+    },
+  ]
+};
+```
+
+If you don't enter any @authorize directive in your input file. It will generate the above rules for you automatically.
+
 # Create GraphQL Server
 
 This is a simple scaffolding tool for GraphQL apps, built on MongoDB.
 
@@ -39,6 +39,7 @@ function usage() {
   console.log(' - create-graphql-server init project-dir');
   console.log(' - create-graphql-server add-type path/to/type.graphql');
   console.log(' - create-graphql-server add-type path');
+  console.log(' - create-graphql-server add-user path/to/UserType.graphql');
   console.log(' - create-graphql-server remove-type path/to/type.graphql');
   console.log(' - create-graphql-server remove-type path');
   console.log(' - create-graphql-server remove-type typename');
@@ -70,18 +71,21 @@ function usage() {
   process.exit(1);
 }
 
-function adjustTypeName(typeName){
+function adjustTypeName(typeName) {
   return typeName.charAt(0).toUpperCase() + typeName.slice(1).toLowerCase();
 }
 
 function getFileUpdateList(inputSchemaFile, mode) {
   let inputSchemaStr = '';
   // in add mode or if a graphql path/file name was provided, the input file must be there,
-  if (mode === 'add' || inputSchemaFile.includes('.graphql') || inputSchemaFile.includes('/')) {
-    if (! fs.existsSync(inputSchemaFile)) {
-      console.error(
-        chalk.bold.red('Error: Cannot read file', inputSchemaFile)
-      );
+  if (
+    mode === 'add-type' ||
+    mode === 'add-user' ||
+    inputSchemaFile.includes('.graphql') ||
+    inputSchemaFile.includes('/')
+  ) {
+    if (!fs.existsSync(inputSchemaFile)) {
+      console.error(chalk.bold.red('Error: Cannot read file', inputSchemaFile));
       console.log('');
       process.exit(1);
     }
@@ -100,7 +104,8 @@ function getFileUpdateList(inputSchemaFile, mode) {
     outputSchemaStr,
     resolversStr,
     modelStr,
-  } = generate(inputSchemaStr);
+    authorizationStr,
+  } = generate(inputSchemaStr, mode);
 
   // do validation checks
   // shouldn't be necessary, but...
@@ -115,7 +120,8 @@ function getFileUpdateList(inputSchemaFile, mode) {
     !modelStr ||
     outputSchemaStr === '' ||
     resolversStr === '' ||
-    modelStr === ''
+    modelStr === '' ||
+    authorizationStr === ''
   ) {
     console.error('Error: Error while generating target Code.');
     process.exit(0);
@@ -153,6 +159,13 @@ function getFileUpdateList(inputSchemaFile, mode) {
       indexPattern: `\nimport ${TypeName} from './${TypeName}';\n` +
         `models.${TypeName} = ${TypeName};\n`,
     },
+    {
+      typePath: path.join('authorization', `${TypeName}.js`),
+      typeString: authorizationStr,
+      indexPath: path.join('authorization', 'index.js'),
+      indexPattern: `\nimport ${TypeName} from './${TypeName}';\n` +
+        `authorizations.${TypeName} = ${TypeName};\n`,
+    },
   ];
 }
 
@@ -390,16 +403,19 @@ function addPatternToFiles(fileUpdateList) {
 
 function getFilesRecursively(folder, filetype) {
   // getting all files of a path and of a specific filetype recursively
-  let list = [], stats,
-    files = fs.readdirSync(folder);
+  let list = [];
+  let stats;
+  const files = fs.readdirSync(folder);
 
-  files.forEach(file => {
+  files.forEach((file) => {
     stats = fs.lstatSync(path.join(folder, file));
-    if(stats.isDirectory()) {
-      list = list.concat(getFilesRecursively(path.join(folder, file), filetype));
+    if (stats.isDirectory()) {
+      list = list.concat(
+        getFilesRecursively(path.join(folder, file), filetype)
+      );
     } else if (file.includes(filetype)) {
-      console.log('found:', path.join(folder, file)); 
-      list.push(path.join(folder, file)); 
+      console.log('found:', path.join(folder, file));
+      list.push(path.join(folder, file));
     }
   });
 
@@ -408,10 +424,10 @@ function getFilesRecursively(folder, filetype) {
 
 // MAIN FUNCTIONS
 
-function addType(inputSchemaFile, options) {
+function addType(inputSchemaFile, options, mode) {
   // generates a new data type with all its files and <type> references
   console.log(chalk.bold.blue('Running add-type'));
-  const fileUpdateList = getFileUpdateList(inputSchemaFile, 'add');
+  const fileUpdateList = getFileUpdateList(inputSchemaFile, mode);
   checkForFileChanges(fileUpdateList, options['force-update']);
   createTypeFiles(fileUpdateList);
   addPatternToFiles(fileUpdateList);
@@ -455,33 +471,56 @@ if (commands[0] === 'init') {
   if (!inputSchemaFile) {
     usage();
   }
-  if (fs.existsSync(inputSchemaFile) && fs.lstatSync(inputSchemaFile).isDirectory()) {
-    //directory name entered
+  if (
+    fs.existsSync(inputSchemaFile) &&
+    fs.lstatSync(inputSchemaFile).isDirectory()
+  ) {
+    // directory name entered
     const files = getFilesRecursively(inputSchemaFile, '.graphql');
-    files.forEach(file => {
-      addType(file, argv);
+    files.forEach((file) => {
+      addType(file, argv, commands[0]);
     });
   } else {
     // single file entered
-    addType(inputSchemaFile, argv);
+    addType(inputSchemaFile, argv, commands[0]);
   }
   process.exit(0);
 } else if (commands[0] === 'remove-type') {
   const inputSchemaFile = commands[1];
   if (!inputSchemaFile) {
     usage();
   }
-  if (fs.existsSync(inputSchemaFile) && fs.lstatSync(inputSchemaFile).isDirectory()) {
+  if (
+    fs.existsSync(inputSchemaFile) &&
+    fs.lstatSync(inputSchemaFile).isDirectory()
+  ) {
     // directory name entered
     const files = getFilesRecursively(inputSchemaFile, '.graphql');
-    files.forEach(file => {
+    files.forEach((file) => {
       removeType(file, argv);
     });
   } else {
     // single file or type
     removeType(inputSchemaFile, argv);
   }
   process.exit(0);
+} else if (commands[0] === 'add-user') {
+  const inputSchemaFile = commands[1];
+  if (!inputSchemaFile) {
+    usage();
+  }
+  if (
+    fs.existsSync(inputSchemaFile) &&
+    fs.lstatSync(inputSchemaFile).isDirectory()
+  ) {
+    // directory name entered
+    console.error('Please enter a User Type instead of a directory.');
+    process.exit(0);
+  } else {
+    // single file entered
+    addType(inputSchemaFile, argv, commands[0]);
+  }
+  process.exit(0);
 } else {
   usage();
 }