Check for permissions in person api

2fc23bc9 · Julian · 043ec38b · 2fc23bc9
Commit 2fc23bc9 authored 2 years ago by Julian
--- a/aleksis/core/schema/person.py
+++ b/aleksis/core/schema/person.py
@@ -47,6 +47,71 @@ class PersonType(DjangoObjectType):
    can_impersonate_person = graphene.Boolean()
    can_invite_person = graphene.Boolean()

+    def resolve_street(root, info, **kwargs):  # noqa
+        if info.context.user.has_perm("core.view_address_rule", root):
+            return root.street
+        return None
+
+    def resolve_housenumber(root, info, **kwargs):  # noqa
+        if info.context.user.has_perm("core.view_address_rule", root):
+            return root.housenumber
+        return None
+
+    def resolve_postal_code(root, info, **kwargs):  # noqa
+        if info.context.user.has_perm("core.view_address_rule", root):
+            return root.postal_code
+        return None
+
+    def resolve_place(root, info, **kwargs):  # noqa
+        if info.context.user.has_perm("core.view_address_rule", root):
+            return root.place
+        return None
+
+    def resolve_phone_number(root, info, **kwargs):  # noqa
+        if info.context.user.has_perm("core.view_contact_details_rule", root):
+            return root.phone_number
+        return None
+
+    def resolve_mobile_number(root, info, **kwargs):  # noqa
+        if info.context.user.has_perm("core.view_contact_details_rule", root):
+            return root.mobile_number
+        return None
+
+    def resolve_email(root, info, **kwargs):  # noqa
+        if info.context.user.has_perm("core.view_contact_details_rule", root):
+            return root.email
+        return None
+
+    def resolve_date_of_birth(root, info, **kwargs):  # noqa
+        if info.context.user.has_perm("core.view_personal_details_rule", root):
+            return root.date_of_birth
+        return None
+
+    def resolve_place_of_birth(root, info, **kwargs):  # noqa
+        if info.context.user.has_perm("core.view_personal_details_rule", root):
+            return root.place_of_birth
+        return None
+
+    def resolve_children(root, info, **kwargs):  # noqa
+        if info.context.user.has_perm("core.view_personal_details_rule", root):
+            return root.children.all()
+        return []
+
+    def resolve_guardians(root, info, **kwargs):  # noqa
+        if info.context.user.has_perm("core.view_personal_details_rule", root):
+            return root.guardians.all()
+        return []
+
+    def resolve_member_of(root, info, **kwargs):  # noqa
+        if info.context.user.has_perm("core.view_person_groups_rule", root):
+            return root.member_of.all()
+        return []
+
+    def resolve_owner_of(root, info, **kwargs):  # noqa
+        if info.context.user.has_perm("core.view_person_groups_rule", root):
+            return root.owner_of.all()
+        return []
+
    def resolve_username(root, info, **kwargs):  # noqa
        return root.user.username if root.user else None