add permission to rubrics, awards and divisions #1526
Conversation
johnmeshulam
left a comment
johnmeshulam
left a comment
There was a problem hiding this comment.
Few small things:
1 - don't use MutationError, you can create a new ResolverError class
2- If the main divisions resolver checks division assignment, lets remove it from the other resolver checks
3- for the awards and rubrics checks, lets not check the root (since reports for example can query awards), instead:
-
Create an awardWinnerResolver which will resolve the winner field, and restrict only that resolver. The restriction should be either judge-advisor, or any user if the awards have been locked (use placeholder logic for locking for now)
-
Use the existing rubricDataResolver to restrict access only to the rubric data to the allowed roles
johnmeshulam
left a comment
johnmeshulam
left a comment
There was a problem hiding this comment.
In addition to these comments: The login page's voluntees graphql, we also query divisions.
Maybe we should make some of the division fields public to solve this, it willm still break login:
| /** | ||
| * Resolver for Judging.rubrics field. | ||
| * Fetches rubrics for teams in a division, optionally filtered by team IDs or category. | ||
| * Only accessible to lead-judge and judge-advisor roles. |
| > = async (division: DivisionWithId, args: AwardsArgs, context: GraphQLContext) => { | ||
| try { | ||
| // Check authorization | ||
| if (!allowedRoles.has(context.user.role)) { |
There was a problem hiding this comment.
This checks auth on awards resolver without winners
| * @param _args - Unused arguments | ||
| * @param context - GraphQL context containing user information | ||
| */ | ||
| export const divisionAwardsWinnersResolver: GraphQLFieldResolver< |
Description
Please include a summary of the changes made, and the related issue.
List any dependencies that are required for this change.
Closes # (issue)
Type of change
Please delete options that are not relevant.
Screenshots
Please provide screenshots of changes made to UI components.
Checklist