PII permission and frontend fixes.

Squidex · Sep 19, 2024 · c0ff1e1 · c0ff1e1
1 parent 25e6c6c
commit c0ff1e1
Show file tree

Hide file tree

Showing 21 changed files with 340 additions and 239 deletions.
diff --git a/backend/src/Squidex.Domain.Apps.Entities/Contents/GraphQL/GraphQLExecutionContext.cs b/backend/src/Squidex.Domain.Apps.Entities/Contents/GraphQL/GraphQLExecutionContext.cs
@@ -12,6 +12,7 @@
 using Squidex.Domain.Apps.Entities.Contents.GraphQL.Cache;
 using Squidex.Domain.Apps.Entities.Contents.Queries;
 using Squidex.Infrastructure;
+using Squidex.Shared;
 using Squidex.Shared.Users;
 
 namespace Squidex.Domain.Apps.Entities.Contents.GraphQL;
@@ -28,6 +29,8 @@ public sealed class GraphQLExecutionContext : QueryExecutionContext
 
     public override Context Context { get; }
 
+    public bool CanExposePII { get; }
+
     public GraphQLExecutionContext(
         IDataLoaderContextAccessor dataLoaders,
         IAssetQueryService assetQuery,
@@ -58,6 +61,8 @@ public GraphQLExecutionContext(
         {
             batchSize = Math.Max(MinBatchSize, Math.Min(MaxBatchSize, batchSize));
         }
+
+        CanExposePII = Context.UserPermissions.Allows(PermissionIds.ForApp(PermissionIds.AppPii, context.App.Name));
     }
 
     public async ValueTask<IUser?> FindUserAsync(RefToken refToken,

diff --git a/backend/src/Squidex.Domain.Apps.Entities/Contents/GraphQL/Types/UserGraphType.cs b/backend/src/Squidex.Domain.Apps.Entities/Contents/GraphQL/Types/UserGraphType.cs
@@ -35,15 +35,15 @@ public UserGraphType()
         AddField(new FieldType
         {
             Name = "displayName",
-            Resolver = Resolve(x => x.Claims.DisplayName()),
+            Resolver = ResolveOrHide(x => x.Claims.DisplayName()),
             ResolvedType = Scalars.String,
             Description = FieldDescriptions.UserDisplayName
         });
 
         AddField(new FieldType
         {
             Name = "email",
-            Resolver = Resolve(x => x.Email),
+            Resolver = ResolveOrHide(x => x.Email),
             ResolvedType = Scalars.String,
             Description = FieldDescriptions.UserEmail
         });
@@ -55,4 +55,17 @@ private static IFieldResolver Resolve<T>(Func<IUser, T> resolver)
     {
         return Resolvers.Sync(resolver);
     }
+
+    private static IFieldResolver ResolveOrHide(Func<IUser, string?> resolver)
+    {
+        return Resolvers.Sync<IUser, string?>((source, _, context) =>
+        {
+            if (context.CanExposePII)
+            {
+                return resolver(source);
+            }
+
+            return "Hidden";
+        });
+    }
 }
diff --git a/backend/src/Squidex.Shared/PermissionIds.cs b/backend/src/Squidex.Shared/PermissionIds.cs
@@ -103,6 +103,9 @@ public static class PermissionIds
     // App Usage
     public const string AppUsage = "squidex.apps.{app}.usage";
 
+    // App Expose Users
+    public const string AppPii = "squidex.apps.{app}.pii";
+
     // App Comments
     public const string AppComments = "squidex.apps.{app}.comments";
     public const string AppCommentsRead = "squidex.apps.{app}.comments.read";

diff --git a/backend/src/Squidex/appsettings.json b/backend/src/Squidex/appsettings.json
@@ -168,7 +168,7 @@
         "hideDateTimeModeButton": false,
 
         // Show the exposed values as information on the apps overview page.
-        "showInfo": false,
+        "showInfo": true,
 
         // The number of content items for dropdown selector.
         "referencesDropdownItemCount": 100

diff --git a/backend/src/Squidex/wwwroot/editor/squidex-editor.css b/backend/src/Squidex/wwwroot/editor/squidex-editor.css