WIP

City-of-Helsinki · Dec 11, 2024 · c36a951 · c36a951
1 parent a993056
commit c36a951
Show file tree

Hide file tree

Showing 3 changed files with 34 additions and 6 deletions.
diff --git a/tilavarauspalvelu/api/graphql/extensions/error_codes.py b/tilavarauspalvelu/api/graphql/extensions/error_codes.py
@@ -40,8 +40,10 @@
 HELSINKI_PROFILE_APPLICATION_USER_NOT_FOUND = "HELSINKI_PROFILE_APPLICATION_USER_NOT_FOUND"
 HELSINKI_PROFILE_RESERVATION_USER_MISSING = "HELSINKI_PROFILE_RESERVATION_USER_MISSING"
 HELSINKI_PROFILE_RESERVATION_USER_NOT_FOUND = "HELSINKI_PROFILE_RESERVATION_USER_NOT_FOUND"
+HELSINKI_PROFILE_USER_NOT_FOUND = "HELSINKI_PROFILE_USER_NOT_FOUND"
 HELSINKI_PROFILE_TOKEN_INVALID = "HELSINKI_PROFILE_TOKEN_INVALID"  # noqa: S105 # nosec # NOSONAR
 HELSINKI_PROFILE_USER_MISSING_PROFILE_ID = "HELSINKI_PROFILE_USER_MISSING_PROFILE_ID"
+HELSINKI_PROFILE_KEYCLOAK_REFRESH_TOKEN_EXPIRED = "HELSINKI_PROFILE_KEYCLOAK_REFRESH_TOKEN_EXPIRED"  # noqa: S105 # nosec # NOSONAR
 
 CANNOT_REJECT_APPLICATION_OPTIONS = "CANNOT_REJECT_APPLICATION_OPTIONS"
 CANNOT_REJECT_SECTION_OPTIONS = "CANNOT_REJECT_SECTION_OPTIONS"

diff --git a/tilavarauspalvelu/api/graphql/schema.py b/tilavarauspalvelu/api/graphql/schema.py
@@ -216,9 +216,15 @@ class Query(graphene.ObjectType):
     )
     profile_data = Field(
         HelsinkiProfileDataNode,
-        reservation_id=graphene.Int(),
-        application_id=graphene.Int(),
-        description="Get information about the user, using Helsinki profile if necessary.",
+        user_id=graphene.Int(desctiption="View profile data for this user."),
+        reservation_id=graphene.Int(desctiption="View profile data for this reservation user."),
+        application_id=graphene.Int(desctiption="View profile data for this application user."),
+        description=(
+            "Get information about a user from Helsinki profile. "
+            "If user is not a profile user, still return known information. "
+            "Use only one of 'user_id', 'reservation_id' or 'application_id' to determine what user to get data for. "
+            "This determined required permissions to view the user's info."
+        ),
     )
     #
     # Misc.

diff --git a/tilavarauspalvelu/api/graphql/types/helsinki_profile/types.py b/tilavarauspalvelu/api/graphql/types/helsinki_profile/types.py
@@ -8,15 +8,14 @@
 from query_optimizer.selections import get_field_selections
 
 from tilavarauspalvelu.api.graphql.extensions import error_codes
-from tilavarauspalvelu.models import Application, Reservation
+from tilavarauspalvelu.models import Application, Reservation, User
 from tilavarauspalvelu.tasks import save_personal_info_view_log
 from tilavarauspalvelu.utils.helauth.clients import HelsinkiProfileClient
 from tilavarauspalvelu.utils.helauth.typing import LoginMethod, UserProfileInfo
 
 if TYPE_CHECKING:
     import datetime
 
-    from tilavarauspalvelu.models import User
     from tilavarauspalvelu.typing import AnyUser, GQLInfo
 
 __all__ = [
@@ -45,10 +44,13 @@ def get_data(
         cls,
         info: GQLInfo,
         *,
+        user_id: int | None = None,
         application_id: int | None = None,
         reservation_id: int | None = None,
     ) -> UserProfileInfo:
-        if reservation_id is not None:
+        if user_id is not None:
+            user = cls.get_user(user_id, info=info)
+        elif reservation_id is not None:
             user = cls.get_user_from_reservation(reservation_id, info=info)
         elif application_id is not None:
             user = cls.get_user_from_application(application_id, info=info)
@@ -91,6 +93,11 @@ def get_data(
             session=info.context.session,
             fields=fields,
         )
+        if info.context.session.get("keycloak_refresh_token_expired", False):
+            msg = "Keycloak refresh token is expired. Please log out and back in again."
+            extensions = {"code": error_codes.HELSINKI_PROFILE_KEYCLOAK_REFRESH_TOKEN_EXPIRED}
+            raise GraphQLError(msg, extensions=extensions)
+
         if data is None:
             msg = "Helsinki profile token is not valid and could not be refreshed."
             extensions = {"code": error_codes.HELSINKI_PROFILE_TOKEN_INVALID}
@@ -148,6 +155,19 @@ def get_user_from_reservation(cls, reservation_id: int, info: GQLInfo) -> User:
 
         return user
 
+    @classmethod
+    def get_user(cls, user_id: int, info: GQLInfo) -> User:
+        user: User | None = User.objects.filter(pk=user_id).first()
+        if user is None:
+            msg = f"User with id {user_id} not found."
+            extensions = {"code": error_codes.HELSINKI_PROFILE_USER_NOT_FOUND}
+            raise GraphQLError(msg, extensions=extensions)
+
+        if not info.context.user.permissions.can_view_user(user):
+            raise GQLNodePermissionDeniedError
+
+        return user
+
     def resolve_birthday(root: UserProfileInfo, info: GQLInfo) -> datetime.date | None:
         save_personal_info_view_log.delay(root["pk"], info.context.user.id, "profile.birthday")
         return root["birthday"]