Merge pull request #3431 from SeedCompany/neo4j/current-user

Author: CarsonF

.eslintrc.cjs

@@ -198,6 +198,17 @@ const config = {
     ],
     // TODO Enable this and fix errors (both types & logic changes will be needed)
     '@typescript-eslint/no-unnecessary-condition': 'off',
+
+    // Allow unused session while we migrate
+    '@seedcompany/no-unused-vars': [
+      'warn',
+      {
+        args: 'after-used',
+        ignoreRestSiblings: true,
+        argsIgnorePattern: '(^_|^session$)',
+        varsIgnorePattern: '^_',
+      },
+    ],
   },
   overrides: [
     {

src/components/authentication/authentication.repository.ts

@@ -5,8 +5,8 @@ import { type ID, ServerException, type Session } from '~/common';
 import { DatabaseService, DbTraceLayer, OnIndex } from '~/core/database';
 import {
   ACTIVE,
+  currentUser,
   matchUserGloballyScopedRoles,
-  requestingUser,
   variable,
 } from '~/core/database/query';
 import { type ScopedRole } from '../authorization/dto';
@@ -226,7 +226,7 @@ export class AuthenticationRepository {
     const result = await this.db
       .query()
       .match([
-        requestingUser(session),
+        currentUser,
         relation('out', '', 'password', ACTIVE),
         node('password', 'Property'),
       ])
@@ -243,7 +243,7 @@ export class AuthenticationRepository {
     await this.db
       .query()
       .match([
-        requestingUser(session),
+        currentUser,
         relation('out', '', 'password', ACTIVE),
         node('password', 'Property'),
       ])
@@ -331,7 +331,7 @@ export class AuthenticationRepository {
     await this.db
       .query()
       .match([
-        requestingUser(session),
+        currentUser,
         relation('out', 'oldRel', 'token', ACTIVE),
         node('token', 'Token'),
       ])

src/components/authorization/policies/conditions/creator.condition.ts

@@ -1,5 +1,4 @@
 import { Logger } from '@nestjs/common';
-import { type Query } from 'cypher-query-builder';
 import { inspect, type InspectOptionsStylized } from 'util';
 import {
   type ID,
@@ -11,14 +10,11 @@ import {
 } from '~/common';
 import { type LinkTo } from '~/core/resources';
 import {
-  type AsCypherParams,
   type Condition,
   type IsAllowedParams,
   MissingContextException,
 } from '../../policy/conditions';
 
-const CQL_VAR = 'requestingUser';
-
 export interface HasCreator {
   creator: MaybeSecuredProp<ID | LinkTo<'User'>>;
 }
@@ -49,24 +45,8 @@ class CreatorCondition<TResourceStatic extends ResourceShape<HasCreator>>
     return creator === session.userId;
   }
 
-  setupCypherContext(
-    query: Query,
-    prevApplied: Set<any>,
-    other: AsCypherParams<TResourceStatic>,
-  ) {
-    if (prevApplied.has('creator')) {
-      return query;
-    }
-    prevApplied.add('creator');
-
-    const param = query.params.addParam(other.session.userId, CQL_VAR);
-    Reflect.set(other, CQL_VAR, param);
-
-    return query;
-  }
-
-  asCypherCondition(_query: Query, other: AsCypherParams<TResourceStatic>) {
-    const requester = String(Reflect.get(other, CQL_VAR));
+  asCypherCondition() {
+    const requester = '$currentUser';
     return [
       `node.creator = ${requester}`,
       `exists((node)-[:creator { active: true }]->(:Property { value: ${requester} }))`,

src/components/authorization/policies/conditions/member.condition.ts

@@ -2,10 +2,9 @@ import { type Query } from 'cypher-query-builder';
 import { intersection } from 'lodash';
 import { inspect, type InspectOptionsStylized } from 'util';
 import { type ResourceShape, type Role } from '~/common';
-import { matchProjectScopedRoles, variable } from '~/core/database/query';
+import { matchProjectScopedRoles } from '~/core/database/query';
 import { rolesForScope, type ScopedRole, splitScope } from '../../dto/role.dto';
 import {
-  type AsCypherParams,
   type AsEdgeQLParams,
   type Condition,
   eqlDoesIntersect,
@@ -32,24 +31,8 @@ class MemberCondition<TResourceStatic extends ResourceWithScope>
     return getScope(object).includes('member:true');
   }
 
-  setupCypherContext(
-    query: Query,
-    prevApplied: Set<any>,
-    other: AsCypherParams<TResourceStatic>,
-  ) {
-    if (prevApplied.has('membership')) {
-      return query;
-    }
-    prevApplied.add('membership');
-
-    const param = query.params.addParam(other.session.userId, 'requestingUser');
-    Reflect.set(other, CQL_VAR, param);
-    return query;
-  }
-
-  asCypherCondition(query: Query, other: AsCypherParams<TResourceStatic>) {
-    const requester = String(Reflect.get(other, CQL_VAR));
-    return `exists((project)-[:member { active: true }]->(:ProjectMember)-[:user]->(:User { id: ${requester} }))`;
+  asCypherCondition() {
+    return 'exists((project)-[:member { active: true }]->(:ProjectMember)-[:user]->(:User { id: $currentUser }))';
   }
 
   setupEdgeQLContext({
@@ -101,7 +84,6 @@ class MemberWithRolesCondition<TResourceStatic extends ResourceWithScope>
 
     return query.apply(
       matchProjectScopedRoles({
-        session: variable('requestingUser'),
         outputVar: CQL_VAR,
       }),
     );

src/components/authorization/policies/conditions/self.condition.ts

@@ -1,17 +1,13 @@
-import { type Query } from 'cypher-query-builder';
 import { inspect, type InspectOptionsStylized } from 'util';
 import { type User } from '../../../user/dto';
 import {
-  type AsCypherParams,
   type AsEdgeQLParams,
   type Condition,
   fqnRelativeTo,
   type IsAllowedParams,
   MissingContextException,
 } from '../../policy/conditions';
 
-const CQL_VAR = 'requestingUser';
-
 class SelfCondition<TResourceStatic extends typeof User>
   implements Condition<TResourceStatic>
 {
@@ -22,25 +18,8 @@ class SelfCondition<TResourceStatic extends typeof User>
     return object.id === session.userId;
   }
 
-  setupCypherContext(
-    query: Query,
-    prevApplied: Set<any>,
-    other: AsCypherParams<TResourceStatic>,
-  ) {
-    if (prevApplied.has('self')) {
-      return query;
-    }
-    prevApplied.add('self');
-
-    const param = query.params.addParam(other.session.userId, CQL_VAR);
-    Reflect.set(other, CQL_VAR, param);
-
-    return query;
-  }
-
-  asCypherCondition(_query: Query, other: AsCypherParams<TResourceStatic>) {
-    const requester = String(Reflect.get(other, CQL_VAR));
-    return `node:User AND node.id = ${requester}`;
+  asCypherCondition() {
+    return 'node:User AND node.id = $currentUser';
   }
 
   asEdgeQLCondition({ namespace }: AsEdgeQLParams<any>) {

src/components/budget/budget-record.repository.ts

@@ -177,7 +177,7 @@ export class BudgetRecordRepository extends DtoRepository<
             node('organization', 'Organization'),
           ])
           .apply(matchChangesetAndChangedProps(view?.changeset))
-          .apply(matchPropsAndProjectSensAndScopedRoles(session, { view }))
+          .apply(matchPropsAndProjectSensAndScopedRoles({ view }))
           .return<{ dto: UnsecuredDto<BudgetRecord> }>(
             merge('props', 'changedProps', {
               parent: 'budget',

src/components/budget/budget.repository.ts

@@ -22,7 +22,6 @@ import {
   merge,
   oncePerProject,
   paginate,
-  requestingUser,
   sorting,
 } from '~/core/database/query';
 import { type FileId } from '../file/dto';
@@ -90,7 +89,7 @@ export class BudgetRepository extends DtoRepository<
         node('node', label),
       ])
       .where({ 'node.id': inArray(ids) })
-      .apply(matchPropsAndProjectSensAndScopedRoles(session, { view }))
+      .apply(matchPropsAndProjectSensAndScopedRoles({ view }))
       .apply(matchChangesetAndChangedProps(view?.changeset))
       .return<{ dto: UnsecuredDto<Budget> }>(
         merge('props', 'changedProps', {
@@ -110,7 +109,6 @@ export class BudgetRepository extends DtoRepository<
         relation('in', '', 'budget', ACTIVE),
         node('project', 'Project', pickBy({ id: filter?.projectId })),
       ])
-      .match(requestingUser(session))
       .apply(
         this.privileges.forUser(session).filterToReadable({
           wrapContext: oncePerProject,

src/components/ceremony/ceremony.repository.ts

@@ -13,7 +13,6 @@ import {
   matchPropsAndProjectSensAndScopedRoles,
   oncePerProject,
   paginate,
-  requestingUser,
   sorting,
 } from '~/core/database/query';
 import {
@@ -64,7 +63,7 @@ export class CeremonyRepository extends DtoRepository<
           relation('out', '', ACTIVE),
           node('node'),
         ])
-        .apply(matchPropsAndProjectSensAndScopedRoles(session))
+        .apply(matchPropsAndProjectSensAndScopedRoles())
         .return<{ dto: UnsecuredDto<Ceremony> }>('props as dto');
   }
 
@@ -84,7 +83,6 @@ export class CeremonyRepository extends DtoRepository<
             ]
           : []),
       ])
-      .match(requestingUser(session))
       .apply(
         this.privileges.forUser(session).filterToReadable({
           wrapContext: oncePerProject,

src/components/comments/comment-thread.repository.ts

@@ -6,9 +6,9 @@ import {
   ACTIVE,
   createNode,
   createRelationships,
+  currentUser,
   merge,
   paginate,
-  requestingUser,
   sorting,
 } from '~/core/database/query';
 import { CommentRepository } from './comment.repository';
@@ -31,7 +31,7 @@ export class CommentThreadRepository extends DtoRepository(CommentThread) {
         .apply(
           createRelationships(CommentThread, {
             in: { commentThread: ['BaseNode', parent] },
-            out: { creator: ['User', session.userId] },
+            out: { creator: currentUser },
           }),
         )
         .return('node as thread');
@@ -83,7 +83,6 @@ export class CommentThreadRepository extends DtoRepository(CommentThread) {
   ) {
     const result = await this.db
       .query()
-      .match(requestingUser(session))
       .match([
         node('node', 'CommentThread'),
         ...(parent

src/components/comments/comment.repository.ts

@@ -8,10 +8,10 @@ import {
   ACTIVE,
   createNode,
   createRelationships,
+  currentUser,
   matchProps,
   merge,
   paginate,
-  requestingUser,
   sorting,
   variable,
 } from '~/core/database/query';
@@ -51,7 +51,7 @@ export class CommentRepository extends DtoRepository(Comment) {
       .apply(
         createRelationships(Comment, {
           in: { comment: variable('thread') },
-          out: { creator: ['User', session.userId] },
+          out: { creator: currentUser },
         }),
       )
       .return<{ id: ID; threadId: ID }>([
@@ -92,7 +92,6 @@ export class CommentRepository extends DtoRepository(Comment) {
   async list(threadId: ID, input: CommentListInput, session: Session) {
     const result = await this.db
       .query()
-      .match(requestingUser(session))
       .match([
         node('thread', 'CommentThread', { id: threadId }),
         relation('out', '', 'comment', ACTIVE),