mentorenwahl/backend/src/backend/api/schema/mutation.cr

# Mentorenwahl: A fullstack application for assigning mentors to students based on their whishes.
# Copyright (C) 2022  Dominic Grimm
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <https://www.gnu.org/licenses/>.

require "ldap"
require "uuid"
require "uuid/json"
require "random/secure"

module Backend
  module Api
    module Schema
      @[GraphQL::Object]
      class Mutation < GraphQL::BaseMutation
        @[GraphQL::Field]
        # Logs in as *username* with credential *password*
        def login(username : String, password : String) : LoginPayload?
          raise Errors::Authentication.new if username.empty? || password.empty?

          user = Db::User.query.find { var(:username) == username }
          raise Errors::Authentication.new unless user && Ldap.authenticate?(Ldap::DN.uid(username), password)

          token = Db::Token.create!(
            id: UUID.random(Random::Secure),
            iat: Time.utc,
            exp: Time.utc + Backend.config.api.jwt_expiration.minutes,
            active: true,
            user_id: user.id
          )

          LoginPayload.new(
            user: User.new(user),
            token: Auth::Token.new(
              iat: token.iat.to_unix,
              exp: token.exp.to_unix,
              jti: token.id.not_nil!,
              context: Auth::Context.new(user.id.not_nil!)
            ).encode
          )
        end

        @[GraphQL::Field]
        # Logs out of account by revoking token
        def logout(context : Context) : Scalars::UUID?
          context.authenticated!

          jti = context.jti.not_nil!

          token = Db::Token.find!(jti)
          token.active = false
          token.save!

          Scalars::UUID.new(jti)
        end

        @[GraphQL::Field]
        def revoke_token(context : Context, token : Scalars::UUID) : Scalars::UUID
          context.authenticated!

          Db::Token.query.find!(token.value).delete

          Scalars::UUID.new(token.value)
        end

        @[GraphQL::Field]
        # Creates user
        def create_user(context : Context, input : UserCreateInput, check_ldap : Bool = true) : User?
          context.admin!

          raise Errors::LdapUserDoesNotExist.new if check_ldap && begin
                                                      !Ldap::User.from_username(input.username)
                                                    rescue LDAP::Client::AuthError
                                                      true
                                                    end
          user = Db::User.create!(username: input.username, role: input.role.to_db, admin: input.admin)
          Worker::Jobs::CacheLdapUserJob.new(user.id.not_nil!.to_i).enqueue

          User.new(user)
        end

        @[GraphQL::Field]
        # Deletes user by ID
        def delete_user(context : Context, id : Int32) : Int32?
          context.admin!

          user = Db::User.find!(id)
          user.delete

          id
        end

        @[GraphQL::Field]
        # Starts assignment job of mentors to students
        def start_assignment(context : Context) : Bool?
          context.admin!

          Worker::Jobs::AssignStudentsJob.new.enqueue

          true
        end

        # @[GraphQL::Field]
        # # Creates teacher
        # def create_teacher(context : Context, input : TeacherCreateInput) : Teacher
        #   context.admin!

        #   teacher = Db::Teacher.create!(user_id: input.user_id, max_students: input.max_students)
        #   Teacher.new(teacher)
        # end

        @[GraphQL::Field]
        def register_teacher(context : Context, input : TeacherInput) : Teacher?
          context.teacher!(false)
          raise Errors::InvalidPermissions.new if context.user.not_nil!.teacher

          teacher = Db::Teacher.create!(user_id: context.user.not_nil!.id, max_students: input.max_students)
          Teacher.new(teacher)
        end

        # @[GraphQL::Field]
        # # Deletes teacher by ID
        # def delete_teacher(context : Context, id : Int32) : Int32
        #   context.admin!

        #   teacher = Db::Teacher.find!(id)
        #   teacher.delete

        #   id
        # end

        # @[GraphQL::Field]
        # # Self register as teacher
        # def register_teacher(context : Context, input : TeacherInput) : Teacher
        #   context.teacher! external_check: false

        #   Teacher.new(
        #     Db::Teacher.create!(user_id: context.user.not_nil!.id, max_students: input.max_students)
        #   )
        # end

        # @[GraphQL::Field]
        # # Creates student
        # def create_student(context : Context, input : StudentCreateInput) : Student
        #   context.admin!

        #   user = Db::User.find!(input.user_id)
        #   raise "User not a student" unless user.role.to_api.student?

        #   student = Db::Student.create!(user_id: user.id)
        #   Student.new(student)
        # end

        # @[GraphQL::Field]
        # # Deletes student by ID
        # def delete_student(context : Context, id : Int32) : Int32
        #   context.admin!

        #   student = Db::Student.find!(id)
        #   student.delete

        #   id
        # end

        # @[GraphQL::Field]
        # # Self register as student
        # def register_student(context : Context) : Student
        #   context.student! external_check: false

        #   Student.new(
        #     Db::Student.create!(user_id: context.user.not_nil!.id)
        #   )
        # end

        @[GraphQL::Field]
        # Creates vote for authenticated user's student
        def create_vote(context : Context, input : VoteCreateInput) : Vote?
          context.student!

          raise Errors::DuplicateTeachers.new if input.teacher_ids.uniq.size != input.teacher_ids.size
          raise Errors::NotEnoughTeachers.new if input.teacher_ids.size < Backend.config.minimum_teacher_selection_count
          teacher_role_count = Db::User.query.where(role: Db::UserRole::Teacher).count
          raise Errors::TeachersNotRegistered.new if teacher_role_count != Db::Teacher.query.count || teacher_role_count.zero?

          input.teacher_ids.each do |id|
            teacher = Db::Teacher.find(id)

            if teacher.nil?
              raise Errors::TeachersNotFound.new
              # elsif teacher.user.skif != context.user.not_nil!.skif
              #   if teacher.user.skif
              #     raise "Teacher is SKIF, student is not"
              #   else
              #     raise "Teacher is not SKIF, student is"
              #   end
            end
          end

          student = context.external.not_nil!.as(Db::Student)
          vote = Db::Vote.create!(student_id: student.id)
          Db::TeacherVote.import(input.teacher_ids.map_with_index { |id, i| Db::TeacherVote.new({vote_id: vote.id, teacher_id: id, priority: i}) })

          Vote.new(vote)
        end
      end
    end
  end
end
Added GNU GPLv3 as license 2022-02-10 07:43:47 +00:00			`# Mentorenwahl: A fullstack application for assigning mentors to students based on their whishes.`
			`# Copyright (C) 2022 Dominic Grimm`
Fixed file license headers 2022-03-07 13:06:02 +00:00			`#`
Added GNU GPLv3 as license 2022-02-10 07:43:47 +00:00			`# This program is free software: you can redistribute it and/or modify`
			`# it under the terms of the GNU General Public License as published by`
			`# the Free Software Foundation, either version 3 of the License, or`
			`# (at your option) any later version.`
Fixed file license headers 2022-03-07 13:06:02 +00:00			`#`
Added GNU GPLv3 as license 2022-02-10 07:43:47 +00:00			`# This program is distributed in the hope that it will be useful,`
			`# but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`# GNU General Public License for more details.`
Fixed file license headers 2022-03-07 13:06:02 +00:00			`#`
Added GNU GPLv3 as license 2022-02-10 07:43:47 +00:00			`# You should have received a copy of the GNU General Public License`
			`# along with this program. If not, see <https://www.gnu.org/licenses/>.`

Added LDAP login support 2022-02-06 15:42:08 +00:00			`require "ldap"`
Update codebase 2022-10-31 08:47:26 +00:00			`require "uuid"`
Rewrite frontend in rust with yew 2022-11-04 20:23:36 +00:00			`require "uuid/json"`
			`require "random/secure"`
Added login page 2022-02-02 14:38:36 +00:00
Added worker 2022-01-23 08:12:57 +00:00			`module Backend`
Added LDAP environment vars and functions 2022-02-05 13:31:35 +00:00			`module Api`
Added worker 2022-01-23 08:12:57 +00:00			`module Schema`
			`@[GraphQL::Object]`
			`class Mutation < GraphQL::BaseMutation`
			`@[GraphQL::Field]`
Documented Api 2022-02-09 13:35:35 +00:00			`# Logs in as username with credential password`
Agent oriented logged in state 2022-11-05 20:27:49 +00:00			`def login(username : String, password : String) : LoginPayload?`
Rewrite frontend in rust with yew 2022-11-04 20:23:36 +00:00			`raise Errors::Authentication.new if username.empty? \|\| password.empty?`
Added login page 2022-02-02 14:38:36 +00:00
Literally rewrote everything database related for clear ORM 2022-04-05 18:26:22 +00:00			`user = Db::User.query.find { var(:username) == username }`
Rewrite frontend in rust with yew 2022-11-04 20:23:36 +00:00			`raise Errors::Authentication.new unless user && Ldap.authenticate?(Ldap::DN.uid(username), password)`
Added worker 2022-01-23 08:12:57 +00:00
Update frontend dockerfile 2022-11-13 17:41:53 +00:00			`token = Db::Token.create!(`
			`id: UUID.random(Random::Secure),`
			`iat: Time.utc,`
			`exp: Time.utc + Backend.config.api.jwt_expiration.minutes,`
Update ci 2022-11-21 18:48:53 +00:00			`active: true,`
Update frontend dockerfile 2022-11-13 17:41:53 +00:00			`user_id: user.id`
			`)`

Added worker 2022-01-23 08:12:57 +00:00			`LoginPayload.new(`
			`user: User.new(user),`
Update codebase 2022-10-31 08:47:26 +00:00			`token: Auth::Token.new(`
Update frontend dockerfile 2022-11-13 17:41:53 +00:00			`iat: token.iat.to_unix,`
			`exp: token.exp.to_unix,`
			`jti: token.id.not_nil!,`
Update codebase 2022-10-31 08:47:26 +00:00			`context: Auth::Context.new(user.id.not_nil!)`
			`).encode`
Added worker 2022-01-23 08:12:57 +00:00			`)`
			`end`

Update ci 2022-11-21 18:48:53 +00:00			`@[GraphQL::Field]`
			`# Logs out of account by revoking token`
			`def logout(context : Context) : Scalars::UUID?`
			`context.authenticated!`

			`jti = context.jti.not_nil!`

			`token = Db::Token.find!(jti)`
			`token.active = false`
			`token.save!`

			`Scalars::UUID.new(jti)`
			`end`

			`@[GraphQL::Field]`
			`def revoke_token(context : Context, token : Scalars::UUID) : Scalars::UUID`
			`context.authenticated!`

			`Db::Token.query.find!(token.value).delete`

			`Scalars::UUID.new(token.value)`
			`end`

Added worker 2022-01-23 08:12:57 +00:00			`@[GraphQL::Field]`
Documented Api 2022-02-09 13:35:35 +00:00			`# Creates user`
Update frontend 2022-11-12 21:50:06 +00:00			`def create_user(context : Context, input : UserCreateInput, check_ldap : Bool = true) : User?`
Added worker 2022-01-23 08:12:57 +00:00			`context.admin!`

Rewrite frontend in rust with yew 2022-11-04 20:23:36 +00:00			`raise Errors::LdapUserDoesNotExist.new if check_ldap && begin`
			`!Ldap::User.from_username(input.username)`
			`rescue LDAP::Client::AuthError`
			`true`
			`end`
Update codebase 2022-10-31 08:47:26 +00:00			`user = Db::User.create!(username: input.username, role: input.role.to_db, admin: input.admin)`
Fixed jobs 2022-03-08 07:15:35 +00:00			`Worker::Jobs::CacheLdapUserJob.new(user.id.not_nil!.to_i).enqueue`
Added worker 2022-01-23 08:12:57 +00:00
			`User.new(user)`
			`end`

			`@[GraphQL::Field]`
Documented Api 2022-02-09 13:35:35 +00:00			`# Deletes user by ID`
Update frontend 2022-11-12 21:50:06 +00:00			`def delete_user(context : Context, id : Int32) : Int32?`
Added worker 2022-01-23 08:12:57 +00:00			`context.admin!`

			`user = Db::User.find!(id)`
Literally rewrote everything database related for clear ORM 2022-04-05 18:26:22 +00:00			`user.delete`
Added worker 2022-01-23 08:12:57 +00:00
			`id`
			`end`

			`@[GraphQL::Field]`
Start working on assignment 2022-04-14 14:44:49 +00:00			`# Starts assignment job of mentors to students`
Add bulma css 2022-11-23 19:17:14 +00:00			`def start_assignment(context : Context) : Bool?`
Start working on assignment 2022-04-14 14:44:49 +00:00			`context.admin!`

			`Worker::Jobs::AssignStudentsJob.new.enqueue`

			`true`
			`end`

Update codebase 2022-10-31 08:47:26 +00:00			`# @[GraphQL::Field]`
			`# # Creates teacher`
			`# def create_teacher(context : Context, input : TeacherCreateInput) : Teacher`
			`# context.admin!`
Added worker 2022-01-23 08:12:57 +00:00
Update codebase 2022-10-31 08:47:26 +00:00			`# teacher = Db::Teacher.create!(user_id: input.user_id, max_students: input.max_students)`
			`# Teacher.new(teacher)`
			`# end`
Added worker 2022-01-23 08:12:57 +00:00
Update frontend 2022-11-12 21:50:06 +00:00			`@[GraphQL::Field]`
			`def register_teacher(context : Context, input : TeacherInput) : Teacher?`
			`context.teacher!(false)`
			`raise Errors::InvalidPermissions.new if context.user.not_nil!.teacher`

			`teacher = Db::Teacher.create!(user_id: context.user.not_nil!.id, max_students: input.max_students)`
			`Teacher.new(teacher)`
			`end`

Update codebase 2022-10-31 08:47:26 +00:00			`# @[GraphQL::Field]`
			`# # Deletes teacher by ID`
			`# def delete_teacher(context : Context, id : Int32) : Int32`
			`# context.admin!`
Added worker 2022-01-23 08:12:57 +00:00
Update codebase 2022-10-31 08:47:26 +00:00			`# teacher = Db::Teacher.find!(id)`
			`# teacher.delete`
Added worker 2022-01-23 08:12:57 +00:00
Update codebase 2022-10-31 08:47:26 +00:00			`# id`
			`# end`
Added worker 2022-01-23 08:12:57 +00:00
Update codebase 2022-10-31 08:47:26 +00:00			`# @[GraphQL::Field]`
			`# # Self register as teacher`
			`# def register_teacher(context : Context, input : TeacherInput) : Teacher`
			`# context.teacher! external_check: false`
Added worker 2022-01-23 08:12:57 +00:00
Update codebase 2022-10-31 08:47:26 +00:00			`# Teacher.new(`
			`# Db::Teacher.create!(user_id: context.user.not_nil!.id, max_students: input.max_students)`
			`# )`
			`# end`
Added worker 2022-01-23 08:12:57 +00:00
Update codebase 2022-10-31 08:47:26 +00:00			`# @[GraphQL::Field]`
			`# # Creates student`
			`# def create_student(context : Context, input : StudentCreateInput) : Student`
			`# context.admin!`
Added worker 2022-01-23 08:12:57 +00:00
Update codebase 2022-10-31 08:47:26 +00:00			`# user = Db::User.find!(input.user_id)`
			`# raise "User not a student" unless user.role.to_api.student?`
Added worker 2022-01-23 08:12:57 +00:00
Update codebase 2022-10-31 08:47:26 +00:00			`# student = Db::Student.create!(user_id: user.id)`
			`# Student.new(student)`
			`# end`
Added worker 2022-01-23 08:12:57 +00:00
Update codebase 2022-10-31 08:47:26 +00:00			`# @[GraphQL::Field]`
			`# # Deletes student by ID`
			`# def delete_student(context : Context, id : Int32) : Int32`
			`# context.admin!`
Added worker 2022-01-23 08:12:57 +00:00
Update codebase 2022-10-31 08:47:26 +00:00			`# student = Db::Student.find!(id)`
			`# student.delete`
Added worker 2022-01-23 08:12:57 +00:00
Update codebase 2022-10-31 08:47:26 +00:00			`# id`
			`# end`
Added worker 2022-01-23 08:12:57 +00:00
Update codebase 2022-10-31 08:47:26 +00:00			`# @[GraphQL::Field]`
			`# # Self register as student`
			`# def register_student(context : Context) : Student`
			`# context.student! external_check: false`
Added self registration 2022-02-15 19:59:56 +00:00
Update codebase 2022-10-31 08:47:26 +00:00			`# Student.new(`
			`# Db::Student.create!(user_id: context.user.not_nil!.id)`
			`# )`
			`# end`
Added self registration 2022-02-15 19:59:56 +00:00
Added worker 2022-01-23 08:12:57 +00:00			`@[GraphQL::Field]`
Documented Api 2022-02-09 13:35:35 +00:00			`# Creates vote for authenticated user's student`
Update frontend 2022-11-12 21:50:06 +00:00			`def create_vote(context : Context, input : VoteCreateInput) : Vote?`
Added worker 2022-01-23 08:12:57 +00:00			`context.student!`

Rewrite frontend in rust with yew 2022-11-04 20:23:36 +00:00			`raise Errors::DuplicateTeachers.new if input.teacher_ids.uniq.size != input.teacher_ids.size`
			`raise Errors::NotEnoughTeachers.new if input.teacher_ids.size < Backend.config.minimum_teacher_selection_count`
Literally rewrote everything database related for clear ORM 2022-04-05 18:26:22 +00:00			`teacher_role_count = Db::User.query.where(role: Db::UserRole::Teacher).count`
Rewrite frontend in rust with yew 2022-11-04 20:23:36 +00:00			`raise Errors::TeachersNotRegistered.new if teacher_role_count != Db::Teacher.query.count \|\| teacher_role_count.zero?`
Fix vote teacher selection can be empty 2022-03-08 09:54:30 +00:00
Added worker 2022-01-23 08:12:57 +00:00			`input.teacher_ids.each do \|id\|`
			`teacher = Db::Teacher.find(id)`

			`if teacher.nil?`
Rewrite frontend in rust with yew 2022-11-04 20:23:36 +00:00			`raise Errors::TeachersNotFound.new`
Update codebase 2022-10-31 08:47:26 +00:00			`# elsif teacher.user.skif != context.user.not_nil!.skif`
			`# if teacher.user.skif`
			`# raise "Teacher is SKIF, student is not"`
			`# else`
			`# raise "Teacher is not SKIF, student is"`
			`# end`
Added worker 2022-01-23 08:12:57 +00:00			`end`
			`end`

			`student = context.external.not_nil!.as(Db::Student)`
			`vote = Db::Vote.create!(student_id: student.id)`
Literally rewrote everything database related for clear ORM 2022-04-05 18:26:22 +00:00			`Db::TeacherVote.import(input.teacher_ids.map_with_index { \|id, i\| Db::TeacherVote.new({vote_id: vote.id, teacher_id: id, priority: i}) })`
Added worker 2022-01-23 08:12:57 +00:00
			`Vote.new(vote)`
			`end`
			`end`
			`end`
			`end`
			`end`