break: Change permission messages to include user role

Author: nicola-smartive

src/client/queries.ts

@@ -183,7 +183,7 @@ export const getEntityQuery = (
   role: string,
   visibleRelationsByRole: VisibleRelationsByRole,
   typesWithSubRelations: string[]
-) => `query Admin${model.name} ($id: ID!) {
+) => `query Get${model.name}Entity ($id: ID!) {
   data: ${typeToField(model.name)}(where: { id: $id }) {
     ${displayField(model)}
     ${model.fields.filter(and(isSimpleField, isQueriableBy(role))).map(({ name }) => name)}

src/errors.ts

@@ -26,7 +26,7 @@ export class UserInputError extends GraphQLError {
 }
 
 export class PermissionError extends ForbiddenError {
-  constructor(action: PermissionAction, what: string, why: string) {
-    super(`You do not have sufficient permissions to ${action.toLowerCase()} ${what} (${why}).`);
+  constructor(role: string, action: PermissionAction, what: string, why: string) {
+    super(`Role ${role} does not have sufficient permissions to ${action.toLowerCase()} ${what} (${why}).`);
   }
 }

src/permissions/check.ts

@@ -113,7 +113,7 @@ export const getEntityToMutate = async (
         .map(([key, value]) => `${key}: ${value}`)
         .join(', ')}`
     );
-    throw new PermissionError(action, `this ${model.name}`, 'no available permissions applied');
+    throw new PermissionError(ctx.user.role, action, `this ${model.name}`, 'no available permissions applied');
   }
 
   if (model.parent) {
@@ -139,7 +139,7 @@ export const checkCanWrite = async (
     return;
   }
   if (permissionStack === false) {
-    throw new PermissionError(action, model.plural, 'no applicable permissions');
+    throw new PermissionError(ctx.user.role, action, model.plural, 'no applicable permissions');
   }
 
   // eslint-disable-next-line @typescript-eslint/no-explicit-any -- using `select(1 as any)` to instantiate an "empty" query builder
@@ -157,7 +157,12 @@ export const checkCanWrite = async (
 
     const fieldPermissions = field[action === 'CREATE' ? 'creatable' : 'updatable'];
     if (fieldPermissions && typeof fieldPermissions === 'object' && !fieldPermissions.roles?.includes(ctx.user.role)) {
-      throw new PermissionError(action, `this ${model.name}'s ${field.name}`, 'field permission not available');
+      throw new PermissionError(
+        ctx.user.role,
+        action,
+        `this ${model.name}'s ${field.name}`,
+        'field permission not available'
+      );
     }
 
     linked = true;
@@ -172,7 +177,12 @@ export const checkCanWrite = async (
     }
 
     if (fieldPermissionStack === false || !fieldPermissionStack.length) {
-      throw new PermissionError(action, `this ${model.name}'s ${field.name}`, 'no applicable permissions on data to link');
+      throw new PermissionError(
+        ctx.user.role,
+        action,
+        `this ${model.name}'s ${field.name}`,
+        'no applicable permissions on data to link'
+      );
     }
 
     // eslint-disable-next-line @typescript-eslint/no-floating-promises -- we do not need to await knex here
@@ -187,10 +197,10 @@ export const checkCanWrite = async (
   if (linked) {
     const canMutate = await query;
     if (!canMutate) {
-      throw new PermissionError(action, `this ${model.name}`, 'no linkable entities');
+      throw new PermissionError(ctx.user.role, action, `this ${model.name}`, 'no linkable entities');
     }
   } else if (action === 'CREATE') {
-    throw new PermissionError(action, `this ${model.name}`, 'no linkable entities');
+    throw new PermissionError(ctx.user.role, action, `this ${model.name}`, 'no linkable entities');
   }
 };
 

src/resolvers/selects.ts

@@ -30,6 +30,7 @@ export const applySelects = (node: ResolverNode, query: Knex.QueryBuilder, joins
 
           if (typeof field.queriable === 'object' && !field.queriable.roles?.includes(node.ctx.user.role)) {
             throw new PermissionError(
+              node.ctx.user.role,
               'READ',
               `${node.model.name}'s field "${field.name}"`,
               'field permission not available'