Merge pull request #1265 from EcrituresNumeriques/fix/1264

Supprime le champ `user.admin`
EcrituresNumeriques · Feb 13, 2025 · 72479bd · 72479bd
2 parents 5d807f2 + 60a5308
commit 72479bd
Show file tree

Hide file tree

Showing 20 changed files with 271 additions and 167 deletions.
diff --git a/front/.eslintrc.cjs b/front/.eslintrc.cjs
@@ -9,6 +9,7 @@ module.exports = {
     'plugin:react/recommended',
     'plugin:jsonc/recommended-with-json',
     'plugin:jsdoc/recommended-typescript-flavor',
+    'prettier',
   ],
   parserOptions: {
     ecmaFeatures: {

diff --git a/front/package-lock.json b/front/package-lock.json
diff --git a/front/package.json b/front/package.json
@@ -32,8 +32,8 @@
     "@babel/preset-react": "^7.25.7",
     "@geist-ui/core": "^2.3.8",
     "@monaco-editor/react": "~4.6",
-    "@rjsf/core": "~5.22",
-    "@rjsf/validator-ajv8": "~5.22",
+    "@rjsf/core": "^5.24.3",
+    "@rjsf/validator-ajv8": "^5.24.3",
     "@rollup/plugin-graphql": "^2.0.2",
     "@sentry/react": "^8.38.0",
     "@sentry/vite-plugin": "^3.0.0",
@@ -100,6 +100,7 @@
     "@vitest/coverage-v8": "^3.0.3",
     "@welldone-software/why-did-you-render": "~8.0",
     "eslint": "^8.2.0",
+    "eslint-config-prettier": "^10.0.1",
     "eslint-plugin-jsdoc": "^50.6.2",
     "eslint-plugin-jsonc": "^2.5.0",
     "eslint-plugin-react": "^7.27.0",
@@ -113,4 +114,4 @@
     "node": "22.13.1",
     "npm": "10.9.2"
   }
-}
+}
diff --git a/front/src/components/Credentials.graphql b/front/src/components/Credentials.graphql
@@ -3,7 +3,6 @@ query getUserDetails($user: ID!) {
     displayName
     _id
     email
-    admin
     createdAt
     updatedAt
     firstName
@@ -23,7 +22,6 @@ query getFullUserProfile {
     lastName
     institution
     email
-    admin
     createdAt
     updatedAt
     apiToken
@@ -64,7 +62,6 @@ mutation updateUser($user: ID!, $details: UserProfileInput!) {
     displayName
     _id
     email
-    admin
     createdAt
     updatedAt
     firstName

diff --git a/front/src/components/UserInfos.jsx b/front/src/components/UserInfos.jsx
@@ -164,7 +164,6 @@ export default function UserInfos() {
           <Field label={t('user.account.id')}>
             <code>{activeUser._id}</code>
           </Field>
-          {activeUser.admin && <Field label="Admin">✔️</Field>}
           <Field label={t('user.account.createdAt')}>
             <TimeAgo date={activeUser.createdAt} />
           </Field>

diff --git a/graphql/eslint.config.js b/graphql/eslint.config.js
@@ -2,19 +2,20 @@ const globals = require('globals')
 const pluginSecurity = require('eslint-plugin-security')
 const pluginJest = require('eslint-plugin-jest')
 const eslint = require('@eslint/js')
+const eslintConfigPrettier = require('eslint-config-prettier')
 
 module.exports = [
   {
     languageOptions: {
       ecmaVersion: 2022,
       sourceType: 'commonjs',
       globals: {
-        ...globals.node
-      }
-    }
+        ...globals.node,
+      },
+    },
   },
   {
-    files: ["**/*.test.js", "**/tests/**.js"],
+    files: ['**/*.test.js', '**/tests/**.js'],
     plugins: {
       jest: pluginJest,
     },
@@ -23,10 +24,11 @@ module.exports = [
     },
 
     rules: {
-      "security/detect-object-injection": ["off"],
-      "security/detect-non-literal-fs-filename": ["off"],
+      'security/detect-object-injection': ['off'],
+      'security/detect-non-literal-fs-filename': ['off'],
     },
   },
   eslint.configs.recommended,
-  pluginSecurity.configs.recommended
+  pluginSecurity.configs.recommended,
+  eslintConfigPrettier,
 ]
diff --git a/graphql/helpers/token.js b/graphql/helpers/token.js
@@ -11,7 +11,6 @@ module.exports.createJWTToken = async function createJWTToken({
     email: user.email,
     _id: user._id,
     authType: user.authType,
-    admin: Boolean(user.admin),
     session: true,
   }
 

diff --git a/graphql/migrations/20250212122400-user-delete-admin.js b/graphql/migrations/20250212122400-user-delete-admin.js
@@ -0,0 +1,17 @@
+exports.up = async function (db) {
+  const mongo = await db._run('getDbInstance', true)
+  try {
+    await mongo.collection('users').updateMany({}, { $unset: { admin: '' } })
+  } finally {
+    await mongo.close()
+  }
+}
+
+exports.down = async function (db) {
+  const mongo = await db._run('getDbInstance', true)
+  try {
+    await mongo.collection('users').updateMany({}, { $set: { admin: false } })
+  } finally {
+    await mongo.close()
+  }
+}
diff --git a/graphql/models/user.js b/graphql/models/user.js
@@ -46,10 +46,6 @@ const userSchema = new Schema(
         return bcrypt.hashSync(password, 10)
       },
     },
-    admin: {
-      type: Boolean,
-      default: false,
-    },
     firstName: String,
     lastName: String,
     institution: String,
@@ -87,6 +83,9 @@ userSchema.methods.createDefaultArticle =
     })
 
     await newArticle.createNewVersion({ mode: 'MINOR', user: this })
+
+    this.articles.push(newArticle)
+    return this.save()
   }
 
 userSchema.statics.assessLogin = async function assessLogin(query) {

diff --git a/graphql/package-lock.json b/graphql/package-lock.json
diff --git a/graphql/package.json b/graphql/package.json
@@ -59,6 +59,7 @@
     "@shelf/jest-mongodb": "~4.3",
     "@types/jest": "~29.5",
     "eslint": "~8.57",
+    "eslint-config-prettier": "^10.0.1",
     "eslint-plugin-jest": "~28.9",
     "eslint-plugin-security": "~3.0",
     "jest": "~29.7",
@@ -68,4 +69,4 @@
     "node": "22.13.1",
     "npm": "10.9.2"
   }
-}
+}
diff --git a/graphql/policies/isUser.test.js b/graphql/policies/isUser.test.js
@@ -3,16 +3,20 @@ const UserModel = require('../models/user.js')
 
 const user = '63977de2f83aa77c5f92cb1c'
 const sameUserObject = new UserModel({ _id: user })
-const sameUserToken = { _id: user, email: '[email protected]', admin: false, session: true, authType: 'oidc' }
+const sameUserToken = {
+  _id: user,
+  email: '[email protected]',
+  session: true,
+  authType: 'oidc',
+}
 
-const differentUserObject = new UserModel({ _id: '00000de2f83aa77c5f92dc2f'})
+const differentUserObject = new UserModel({ _id: '00000de2f83aa77c5f92dc2f' })
 
 const adminToken = { admin: true, roles: ['read'], readonly: true }
 
-
 describe('isUser', () => {
   test('without token, no args.user', () => {
-    expect(() => isUser({ }, { token: {} })).toThrow(/Unauthorized/)
+    expect(() => isUser({}, { token: {} })).toThrow(/Unauthorized/)
   })
 
   test('without token, explicit args.user', () => {
@@ -28,14 +32,23 @@ describe('isUser', () => {
   })
 
   test('with token, implicit user is token user', () => {
-    expect(isUser({}, { token: sameUserToken, user: sameUserObject })).toEqual({ userId: sameUserToken._id })
+    expect(isUser({}, { token: sameUserToken, user: sameUserObject })).toEqual({
+      userId: sameUserToken._id,
+    })
   })
 
   test('with token, explicit user is same as user token', () => {
-    expect(isUser({ user }, { token: sameUserToken, user: sameUserObject })).toEqual({ userId: user })
+    expect(
+      isUser({ user }, { token: sameUserToken, user: sameUserObject })
+    ).toEqual({ userId: user })
   })
 
   test('with token, explicit user is different than user token', () => {
-    expect(() => isUser({ user: differentUserObject.id }, { token: sameUserToken, user: sameUserObject })).toThrow(/Forbidden/)
+    expect(() =>
+      isUser(
+        { user: differentUserObject.id },
+        { token: sameUserToken, user: sameUserObject }
+      )
+    ).toThrow(/Forbidden/)
   })
 })
diff --git a/graphql/resolvers/articleResolver.js b/graphql/resolvers/articleResolver.js
@@ -336,8 +336,8 @@ module.exports = {
   },
 
   Article: {
-    async workspaces(article, _, { user }) {
-      if (user.admin) {
+    async workspaces(article, _, { user, token }) {
+      if (token.admin) {
         return Workspace.find({ articles: article._id })
       }
       return Workspace.find({