Merge pull request #3172 from SeedCompany/bugfix/normalize-creator

Author: CarsonF

src/common/secured-property.ts

@@ -33,6 +33,8 @@ export type SecuredKeys<Dto extends Record<string, any>> = ConditionalKeys<
 
 export type MaybeSecured<Dto> = Dto | UnsecuredDto<Dto>;
 
+export type MaybeSecuredProp<T> = T | Secured<T>;
+
 /**
  * Converts a DTO to unwrap its secured properties.
  * Non-secured properties are left as is.

src/components/admin/admin.module.ts

@@ -5,6 +5,7 @@ import { AdminEdgeDBRepository } from './admin.edgedb.repository';
 import { AdminEdgeDBService } from './admin.edgedb.service';
 import { AdminRepository } from './admin.repository';
 import { AdminService } from './admin.service';
+import { NormalizeCreatorMigration } from './migrations/normalize-creator.migration';
 
 @Module({
   imports: [AuthorizationModule],
@@ -16,6 +17,7 @@ import { AdminService } from './admin.service';
       // and each will only use their own.
       AdminEdgeDBRepository,
     ),
+    NormalizeCreatorMigration,
   ],
 })
 export class AdminModule {}

src/components/admin/migrations/normalize-creator.migration.ts

@@ -0,0 +1,24 @@
+import { BaseMigration, Migration } from '~/core/database';
+
+@Migration('2024-04-16T19:00:00')
+export class NormalizeCreatorMigration extends BaseMigration {
+  async up() {
+    // Handle RootUser first specially.
+    // Since denormalized creator IDs for RootUser currently reference a non-existent user ID
+    await this.db.query().raw`
+      match (user:RootUser)
+      match (bn)-[r:creator { active: true }]->(oldCreatorProp:Property)
+      where not exists { (:User { id: oldCreatorProp.value }) }
+      create (bn)-[:creator { active: true, createdAt: r.createdAt }]->(user)
+      detach delete oldCreatorProp
+    `.executeAndLogStats();
+
+    await this.db.query().raw`
+      match (bn)-[r:creator { active: true }]->(oldCreatorProp:Property)
+      with bn, r, oldCreatorProp
+      match (user:User { id: oldCreatorProp.value })
+      create (bn)-[:creator { active: true, createdAt: r.createdAt }]->(user)
+      detach delete oldCreatorProp
+    `.executeAndLogStats();
+  }
+}

src/components/authorization/policies/conditions/owner.condition.ts

@@ -1,7 +1,15 @@
 import { Logger } from '@nestjs/common';
 import { Query } from 'cypher-query-builder';
 import { inspect, InspectOptionsStylized } from 'util';
-import { ID, isIdLike, MaybeSecured, ResourceShape, Secured } from '~/common';
+import {
+  ID,
+  isIdLike,
+  MaybeSecured,
+  MaybeSecuredProp,
+  ResourceShape,
+  unwrapSecured,
+} from '~/common';
+import { type LinkTo } from '~/core/resources';
 import { User } from '../../../user/dto';
 import {
   AsCypherParams,
@@ -12,7 +20,7 @@ import {
 const CQL_VAR = 'requestingUser';
 
 export interface HasCreator {
-  creator: ID | Secured<ID>;
+  creator: MaybeSecuredProp<ID | LinkTo<'User'>>;
 }
 
 class OwnerCondition<
@@ -29,11 +37,11 @@ class OwnerCondition<
         return (object as MaybeSecured<User>).id;
       }
       const o = object as MaybeSecured<HasCreator>;
-      return !o.creator
-        ? undefined
-        : isIdLike(o.creator)
-        ? o.creator
-        : o.creator.value;
+      const creator = unwrapSecured(o.creator);
+      if (!creator) {
+        return undefined;
+      }
+      return isIdLike(creator) ? creator : creator.id;
     })();
     if (!creator) {
       Logger.warn(

src/components/post/dto/post.dto.ts

@@ -3,10 +3,9 @@ import { DateTime } from 'luxon';
 import { keys as keysOf } from 'ts-transformer-keys';
 import { BaseNode } from '~/core/database/results';
 import { e } from '~/core/edgedb';
-import { RegisterResource } from '~/core/resources';
+import { LinkTo, RegisterResource } from '~/core/resources';
 import {
   DateTimeField,
-  ID,
   Resource,
   Secured,
   SecuredProps,
@@ -26,7 +25,7 @@ export class Post extends Resource {
 
   readonly parent: BaseNode;
 
-  readonly creator: Secured<ID>;
+  readonly creator: Secured<LinkTo<'User'>>;
 
   @Field(() => PostType)
   readonly type: PostType;

src/components/post/post.repository.ts

@@ -24,7 +24,6 @@ export class PostRepository extends DtoRepository<typeof Post, [Session] | []>(
 ) {
   async create(input: CreatePost, session: Session) {
     const initialProps = {
-      creator: session.userId,
       type: input.type,
       shareability: input.shareability,
       body: input.body,
@@ -35,8 +34,13 @@ export class PostRepository extends DtoRepository<typeof Post, [Session] | []>(
       .apply(matchRequestingUser(session))
       .apply(await createNode(Post, { initialProps }))
       .apply(
-        createRelationships(Post, 'in', {
-          post: ['BaseNode', input.parentId],
+        createRelationships(Post, {
+          in: {
+            post: ['BaseNode', input.parentId],
+          },
+          out: {
+            creator: ['User', session.userId],
+          },
         }),
       )
       .apply(this.hydrate())
@@ -115,10 +119,16 @@ export class PostRepository extends DtoRepository<typeof Post, [Session] | []>(
           relation('in', '', 'post', ACTIVE),
           node('parent', 'BaseNode'),
         ])
+        .match([
+          node('node'),
+          relation('out', '', 'creator', ACTIVE),
+          node('creator', 'User'),
+        ])
         .apply(matchProps())
         .return<{ dto: DbTypeOf<Post> }>(
           merge('props', {
             parent: 'parent',
+            creator: 'creator { .id }',
           }).as('dto'),
         );
   }

src/components/post/post.resolver.ts

@@ -55,7 +55,7 @@ export class PostResolver {
     @Parent() post: Post,
     @Loader(UserLoader) users: LoaderOf<UserLoader>,
   ): Promise<SecuredUser> {
-    return await mapSecuredValue(post.creator, (id) => users.load(id));
+    return await mapSecuredValue(post.creator, ({ id }) => users.load(id));
   }
 
   @Mutation(() => UpdatePostOutput, {

src/components/progress-report/media/dto/media.dto.ts

@@ -9,11 +9,10 @@ import {
   Variant,
   VariantOf,
 } from '~/common';
-import { SetDbType } from '~/core';
+import { LinkTo, SetDbType } from '~/core';
 import { e } from '~/core/edgedb';
 import { RegisterResource } from '~/core/resources';
 import { FileId, Media } from '../../../file';
-import { User } from '../../../user';
 import { ProgressReport } from '../../dto';
 import { ProgressReportHighlight } from '../../dto/highlights.dto';
 import { MediaCategory } from '../media-category.enum';
@@ -53,7 +52,7 @@ export class ProgressReportMedia extends Resource {
   @IdField()
   readonly variantGroup: VariantGroup;
 
-  readonly creator: IdOf<User>;
+  readonly creator: LinkTo<'User'>;
 }
 
 export type MediaVariant = VariantOf<typeof ProgressReportMedia>;

src/components/progress-report/media/progress-report-media.repository.ts

@@ -12,7 +12,6 @@ import {
 import { DbTypeOf, DtoRepository } from '~/core';
 import {
   ACTIVE,
-  apoc,
   createNode,
   createRelationships,
   filter,
@@ -169,10 +168,14 @@ export class ProgressReportMediaRepository extends DtoRepository<
           baseNodeProps: {
             variant: input.variant.key,
             category: input.category,
-            creator: session.userId,
           },
         }),
       )
+      .apply(
+        createRelationships(this.resource, 'out', {
+          creator: ['User', session.userId],
+        }),
+      )
       .apply(
         createRelationships(this.resource, 'in', {
           child: variable('variantGroup'),
@@ -184,7 +187,10 @@ export class ProgressReportMediaRepository extends DtoRepository<
         }),
       )
       .return<{ dto: Omit<DbTypeOf<ReportMedia>, 'media' | 'file'> }>(
-        apoc.convert.toMap('node').as('dto'),
+        merge('node', {
+          report: 'report.id',
+          creator: 'creator { .id }',
+        }).as('dto'),
       );
     const results = await query.first();
     if (results) {
@@ -262,6 +268,11 @@ export class ProgressReportMediaRepository extends DtoRepository<
             relation('out', '', 'fileNode', ACTIVE),
             node('file', 'File'),
           ],
+          [
+            node('node'),
+            relation('out', '', 'creator', ACTIVE),
+            node('creator', 'User'),
+          ],
         ])
         .subQuery('file', (sub) =>
           sub
@@ -282,6 +293,7 @@ export class ProgressReportMediaRepository extends DtoRepository<
             variantGroup: 'variantGroup.id',
             file: 'file.id',
             media: 'media.id',
+            creator: 'creator { .id }',
             sensitivity: 'sensitivity',
             scope: 'scope',
           }).as('dto'),

src/components/prompts/dto/prompt-response.dto.ts

@@ -18,9 +18,8 @@ import {
   UnsecuredDto,
   Variant,
 } from '~/common';
-import { LinkToUnknown } from '~/core';
+import { LinkTo, LinkToUnknown } from '~/core';
 import { BaseNode } from '~/core/database/results';
-import { User } from '../../user';
 import { Prompt, SecuredPrompt } from './prompt.dto';
 
 @ObjectType()
@@ -46,7 +45,7 @@ export abstract class VariantResponse<Key extends string = string> {
   @Field()
   readonly response: SecuredRichTextNullable;
 
-  readonly creator: Secured<IdOf<User>>;
+  readonly creator: Secured<LinkTo<'User'>>;
 
   @Field(() => DateTime, { nullable: true })
   readonly modifiedAt?: DateTime;
@@ -65,7 +64,7 @@ export class PromptVariantResponse<
     responses: [VariantResponse],
   } satisfies ResourceRelationsShape;
 
-  readonly creator: Secured<IdOf<User>>;
+  readonly creator: Secured<LinkTo<'User'>>;
 
   readonly parent: BaseNode;