feat: set and update user role

server/schema/user/user.datasources.js

@@ -178,32 +178,33 @@ const updateDetails = (id, fields, session, authToken, mid) =>
     { new: true }
   );
 
-const getCustomClaims = async (id) => {
+const getCustomClaims = async (email) => {
   try {
-    const _user = await UserModel.findById(id, 'email');
-    if (!_user) {
+    const _fbUser = await admin.auth().getUserByEmail(email);
+    if (!_fbUser) {
       throw APIError('NOT_FOUND', null, { reason: 'The requested user does not exist.' });
     }
-    const _fbUser = await admin.auth().getUserByEmail(_user.email);
     const userRecord = await admin.auth().getUser(_fbUser.uid);
     return userRecord.customClaims;
   } catch (error) {
     throw FirebaseAuthError(error, { reason: "Cannot find user's roles" });
   }
 };
-const updateRoles = async (id, roles) => {
+const updateRoles = async (email, roles) => {
   try {
-    const _user = await UserModel.findById(id);
-    if (!_user) {
+    console.log('Update roles called');
+    const _fbUser = await admin.auth().getUserByEmail(email);
+    console.log(_fbUser);
+    if (!_fbUser) {
       throw APIError('NOT_FOUND', null, { reason: 'The requested user does not exist.' });
     }
-
-    const _fbUser = await admin.auth().getUserByEmail(_user.email);
     await admin.auth().setCustomUserClaims(_fbUser.uid, {
       ..._fbUser.customClaims,
       roles,
     });
-    return _user;
+    const customClaims = await getCustomClaims(email);
+    console.log(customClaims);
+    return customClaims.roles;
   } catch (error) {
     throw FirebaseAuthError(error, { reason: "The user's roles could not be updated." });
   }

server/schema/user/user.mutation.js

@@ -27,7 +27,7 @@ const {
   // GraphQLDate,
   // GraphQLTime,
   // GraphQLDateTime,
-  // GraphQLJSON,
+  GraphQLJSON,
   // GraphQLJSONObject,
 } = require('../scalars');
 
@@ -145,8 +145,12 @@ module.exports = new GraphQLObjectType({
       resolve: setUserBan,
     },
     setUserRoles: {
-      type: UserType,
+      type: GraphQLJSON,
       args: {
+        email: {
+          description: "The user's email id",
+          type: new GraphQLNonNull(GraphQLString),
+        },
         id: {
           description: "The user's mongo ID.",
           type: new GraphQLNonNull(GraphQLID),

server/schema/user/user.query.js

@@ -72,9 +72,9 @@ module.exports = new GraphQLObjectType({
       description: 'Get user roles',
       type: GraphQLJSON,
       args: {
-        id: {
-          description: "The user's mongo ID.",
-          type: new GraphQLNonNull(GraphQLID),
+        email: {
+          description: "The user's email id",
+          type: new GraphQLNonNull(GraphQLString),
         },
       },
       resolve: getUserCustomClaims,

server/schema/user/user.resolver.js

@@ -53,7 +53,7 @@ const canUpdateUser = (id, mid, session, authToken, decodedToken, fieldNodes, ne
 
   if (
     mid !== id &&
-    _fields.some((item) => !PUBLIC_FIELDS.includes(item)) &&
+    _fields?.some((item) => !PUBLIC_FIELDS.includes(item)) &&
     !UserPermission.exists(session, authToken, decodedToken, 'user.read.all')
   ) {
     throw APIError('FORBIDDEN', null, {
@@ -522,25 +522,24 @@ module.exports = {
       throw FirebaseAuthError(error);
     }
   },
-  getUserCustomClaims: async (_parent, { id }, { API: { User } }) => {
+  getUserCustomClaims: async (_parent, { email }, { API: { User } }) => {
     try {
-      const customClaims = await User.getCustomClaims(id);
+      const customClaims = await User.getCustomClaims(email);
       return customClaims;
     } catch (error) {
       return FirebaseAuthError(error);
     }
   },
   setUserRoles: async (
     _parent,
-    { id, roles },
+    { email, id, roles },
     { mid, session, authToken, decodedToken, API: { User } },
     { fieldNodes }
   ) => {
     try {
       canUpdateUser(id, mid, session, authToken, decodedToken, fieldNodes, true);
 
-      const _user = await User.updateRoles(id, roles);
-
+      const _user = await User.updateRoles(email, roles);
       return _user;
     } catch (error) {
       return FirebaseAuthError(error);