feat: user management public api (#6722)

Co-authored-by: jdolle <[email protected]>

Author: n1ru4l

.changeset/hot-actors-cheer.md

@@ -0,0 +1,14 @@
+---
+'hive': major
+---
+
+Add mutation fields for managing users to the public api schema.
+
+- `Mutation.assignMemberRole`
+- `Mutation.createMemberRole`
+- `Mutation.deleteMemberRole`
+- `Mutation.deleteOrganizationInvitation`
+- `Mutation.inviteToOrganizationByEmail`
+- `Mutation.updateMemberRole`
+
+**BREAKING CHANGE**: This renames and changes the types for existing types within the private GraphQL schema.

integration-tests/testkit/flow.ts

@@ -82,9 +82,13 @@ export function createOrganization(input: CreateOrganizationInput, authToken: st
                   }
                 }
                 memberRoles {
-                  id
-                  name
-                  locked
+                  edges {
+                    node {
+                      id
+                      name
+                      isLocked
+                    }
+                  }
                 }
                 rateLimit {
                   retentionInDays
@@ -139,11 +143,13 @@ export function inviteToOrganization(input: InviteToOrganizationByEmailInput, au
       mutation inviteToOrganization($input: InviteToOrganizationByEmailInput!) {
         inviteToOrganizationByEmail(input: $input) {
           ok {
-            id
-            createdAt
-            expiresAt
-            email
-            code
+            createdOrganizationInvitation {
+              id
+              createdAt
+              expiresAt
+              email
+              code
+            }
           }
           error {
             message
@@ -230,16 +236,18 @@ export function getOrganizationMembers(selector: OrganizationSelectorInput, auth
       query getOrganizationMembers($selector: OrganizationSelectorInput!) {
         organization(reference: { bySelector: $selector }) {
           members {
-            nodes {
-              id
-              user {
-                id
-                email
-              }
-              role {
+            edges {
+              node {
                 id
-                name
-                permissions
+                user {
+                  id
+                  email
+                }
+                role {
+                  id
+                  name
+                  permissions
+                }
               }
             }
           }
@@ -675,11 +683,15 @@ export function createMemberRole(input: CreateMemberRoleInput, authToken: string
               id
               slug
               memberRoles {
-                id
-                name
-                description
-                locked
-                permissions
+                edges {
+                  node {
+                    id
+                    name
+                    description
+                    isLocked
+                    permissions
+                  }
+                }
               }
             }
           }
@@ -733,11 +745,15 @@ export function deleteMemberRole(input: DeleteMemberRoleInput, authToken: string
               id
               slug
               memberRoles {
-                id
-                name
-                description
-                locked
-                permissions
+                edges {
+                  node {
+                    id
+                    name
+                    description
+                    isLocked
+                    permissions
+                  }
+                }
               }
             }
           }
@@ -764,7 +780,7 @@ export function updateMemberRole(input: UpdateMemberRoleInput, authToken: string
               id
               name
               description
-              locked
+              isLocked
               permissions
             }
           }

integration-tests/testkit/seed.ts

@@ -183,13 +183,17 @@ export function initSeed() {
             async inviteMember(
               email = '[email protected]',
               inviteToken = ownerToken,
-              roleId?: string,
+              memberRoleId?: string,
             ) {
               const inviteResult = await inviteToOrganization(
                 {
+                  organization: {
+                    bySelector: {
+                      organizationSlug: organization.slug,
+                    },
+                  },
                   email,
-                  organizationSlug: organization.slug,
-                  roleId,
+                  memberRoleId,
                 },
                 inviteToken,
               ).then(r => r.expectNoGraphQLErrors());
@@ -205,7 +209,7 @@ export function initSeed() {
                 ownerToken,
               ).then(r => r.expectNoGraphQLErrors());
 
-              const members = membersResult.organization?.members?.nodes;
+              const members = membersResult.organization?.members?.edges?.map(edge => edge.node);
 
               if (!members) {
                 throw new Error(`Could not get members for org ${organization.slug}`);
@@ -848,13 +852,18 @@ export function initSeed() {
 
               const invitationResult = await inviteToOrganization(
                 {
-                  organizationSlug: organization.slug,
+                  organization: {
+                    bySelector: {
+                      organizationSlug: organization.slug,
+                    },
+                  },
                   email: memberEmail,
                 },
                 inviteToken,
               ).then(r => r.expectNoGraphQLErrors());
 
-              const code = invitationResult.inviteToOrganizationByEmail.ok?.code;
+              const code =
+                invitationResult.inviteToOrganizationByEmail.ok?.createdOrganizationInvitation.code;
 
               if (!code) {
                 throw new Error(
@@ -890,9 +899,17 @@ export function initSeed() {
                 ) {
                   const memberRoleAssignmentResult = await assignMemberRole(
                     {
-                      organizationSlug: organization.slug,
-                      userId: input.userId,
-                      roleId: input.roleId,
+                      organization: {
+                        bySelector: {
+                          organizationSlug: organization.slug,
+                        },
+                      },
+                      member: {
+                        byId: input.userId,
+                      },
+                      memberRole: {
+                        byId: input.roleId,
+                      },
                       resources: input.resources ?? {
                         mode: GraphQLSchema.ResourceAssignmentModeType.All,
                         projects: [],
@@ -908,15 +925,16 @@ export function initSeed() {
                   return memberRoleAssignmentResult.assignMemberRole.ok?.updatedMember;
                 },
                 async deleteMemberRole(
-                  roleId: string,
+                  memberRoleId: string,
                   options: { useMemberToken?: boolean } = {
                     useMemberToken: false,
                   },
                 ) {
                   const memberRoleDeletionResult = await deleteMemberRole(
                     {
-                      organizationSlug: organization.slug,
-                      roleId,
+                      memberRole: {
+                        byId: memberRoleId,
+                      },
                     },
                     options.useMemberToken ? memberToken : ownerToken,
                   ).then(r => r.expectNoGraphQLErrors());
@@ -941,7 +959,11 @@ export function initSeed() {
                   });
                   const memberRoleCreationResult = await createMemberRole(
                     {
-                      organizationSlug: organization.slug,
+                      organization: {
+                        bySelector: {
+                          organizationSlug: organization.slug,
+                        },
+                      },
                       name,
                       description: 'some description',
                       selectedPermissions: permissions,
@@ -965,9 +987,9 @@ export function initSeed() {
                   }
 
                   const createdRole =
-                    memberRoleCreationResult.createMemberRole.ok?.updatedOrganization.memberRoles?.find(
-                      r => r.name === name,
-                    );
+                    memberRoleCreationResult.createMemberRole.ok?.updatedOrganization.memberRoles?.edges.find(
+                      e => e.node.name === name,
+                    )?.node;
 
                   if (!createdRole) {
                     throw new Error(
@@ -990,8 +1012,9 @@ export function initSeed() {
                 ) {
                   const memberRoleUpdateResult = await updateMemberRole(
                     {
-                      organizationSlug: organization.slug,
-                      roleId: role.id,
+                      memberRole: {
+                        byId: role.id,
+                      },
                       name: role.name,
                       description: role.description,
                       selectedPermissions: permissions,

integration-tests/tests/api/oidc-integrations/crud.spec.ts

@@ -798,7 +798,7 @@ describe('restrictions', () => {
     expect(refetchedOrg.organization?.oidcIntegration?.oidcUserAccessOnly).toEqual(true);
 
     const invitation = await inviteMember('[email protected]');
-    const invitationCode = invitation.ok?.code;
+    const invitationCode = invitation.ok?.createdOrganizationInvitation.code;
 
     if (!invitationCode) {
       throw new Error('No invitation code');
@@ -865,7 +865,7 @@ describe('restrictions', () => {
     ).toEqual(false);
 
     const invitation = await inviteMember('[email protected]');
-    const invitationCode = invitation.ok?.code;
+    const invitationCode = invitation.ok?.createdOrganizationInvitation.code;
 
     if (!invitationCode) {
       throw new Error('No invitation code');
@@ -887,7 +887,7 @@ describe('restrictions', () => {
       const { organization, inviteMember, joinMemberUsingCode } = await createOrg();
 
       const invitation = await inviteMember('[email protected]');
-      const invitationCode = invitation.ok?.code;
+      const invitationCode = invitation.ok?.createdOrganizationInvitation.code;
 
       if (!invitationCode) {
         throw new Error('No invitation code');

integration-tests/tests/api/organization/members.spec.ts

@@ -104,7 +104,7 @@ test.concurrent('email invitation', async ({ expect }) => {
 
   const inviteEmail = seed.generateEmail();
   const invitationResult = await inviteMember(inviteEmail);
-  const inviteCode = invitationResult.ok?.code;
+  const inviteCode = invitationResult.ok?.createdOrganizationInvitation.code;
   expect(inviteCode).toBeDefined();
 
   const sentEmails = await history();
@@ -120,7 +120,7 @@ test.concurrent(
 
     // Invite
     const invitationResult = await inviteMember();
-    const inviteCode = invitationResult.ok!.code;
+    const inviteCode = invitationResult.ok!.createdOrganizationInvitation.code;
     expect(inviteCode).toBeDefined();
 
     // Join
@@ -150,9 +150,10 @@ const OrganizationInvitationsQuery = graphql(`
     organization: organizationBySlug(organizationSlug: $organizationSlug) {
       id
       invitations {
-        total
-        nodes {
-          id
+        edges {
+          node {
+            id
+          }
         }
       }
     }

integration-tests/tests/api/policy/policy-access.spec.ts

@@ -54,7 +54,7 @@ describe('Policy Access', () => {
         const { createOrg } = await initSeed().createOwner();
         const { organization, createProject, inviteAndJoinMember } = await createOrg();
         const { project } = await createProject(ProjectType.Single);
-        const adminRole = organization.memberRoles?.find(r => r.name === 'Admin');
+        const adminRole = organization.memberRoles?.edges.find(e => e.node.name === 'Admin')?.node;
 
         if (!adminRole) {
           throw new Error('Admin role not found');
@@ -183,7 +183,9 @@ describe('Policy Access', () => {
       async ({ expect }) => {
         const { createOrg } = await initSeed().createOwner();
         const { organization, inviteAndJoinMember } = await createOrg();
-        const adminRole = organization.memberRoles?.find(r => r.name === 'Admin');
+        const adminRole = organization.memberRoles?.edges.find(
+          edge => edge.node.name === 'Admin',
+        )?.node;
 
         if (!adminRole) {
           throw new Error('Admin role not found');

integration-tests/tests/api/target/crud.spec.ts

@@ -168,15 +168,15 @@ test.concurrent('organization member user can create a target', async ({ expect
   const inviteMemberResult = await inviteMember(
     orgMemberEmail,
     undefined,
-    organization.memberRoles?.find(role => role.name === 'Admin')?.id,
+    organization.memberRoles?.edges?.find(edge => edge.node.name === 'Admin')?.node.id,
   );
 
   if (inviteMemberResult.ok == null) {
     throw new Error('Invite did not succeed' + JSON.stringify(inviteMemberResult));
   }
 
   const joinMemberUsingCodeResult = await joinMemberUsingCode(
-    inviteMemberResult.ok.code,
+    inviteMemberResult.ok.createdOrganizationInvitation.code,
     orgMemberToken,
   ).then(r => r.expectNoGraphQLErrors());