Add Privacy Policy related improvements

various thing to make sure we're GDPR, et al compliant

api/src/graphql/subjectAccessRequests.sdl.js

@@ -0,0 +1,39 @@
+export const schema = gql`
+  type SubjectAccessRequest {
+    id: String!
+    comment: String!
+    payload: String!
+    user: User!
+    userId: String!
+    createdAt: DateTime!
+    updatedAt: DateTime!
+  }
+
+  type Query {
+    subjectAccessRequests: [SubjectAccessRequest!]!
+    subjectAccessRequest(id: String!): SubjectAccessRequest
+  }
+
+  input CreateSubjectAccessRequestInput {
+    comment: String!
+    payload: String!
+    userId: String!
+  }
+
+  input UpdateSubjectAccessRequestInput {
+    comment: String
+    payload: String
+    userId: String
+  }
+
+  type Mutation {
+    createSubjectAccessRequest(
+      input: CreateSubjectAccessRequestInput!
+    ): SubjectAccessRequest!
+    updateSubjectAccessRequest(
+      id: String!
+      input: UpdateSubjectAccessRequestInput!
+    ): SubjectAccessRequest!
+    deleteSubjectAccessRequest(id: String!): SubjectAccessRequest!
+  }
+`

api/src/graphql/users.sdl.js

@@ -12,6 +12,7 @@ export const schema = gql`
     Part(partTitle: String): Part
     Reaction: [PartReaction]!
     Comment: [Comment]!
+    SubjectAccessRequest: [SubjectAccessRequest]!
   }
 
   type Query {

api/src/services/helpers.js

@@ -1,3 +1,10 @@
+import { v2 as cloudinary } from 'cloudinary'
+cloudinary.config({
+  cloud_name: 'irevdev',
+  api_key: process.env.CLOUDINARY_API_KEY,
+  api_secret: process.env.CLOUDINARY_API_SECRET,
+})
+
 export const foreignKeyReplacement = (input) => {
   let output = input
   const foreignKeys = Object.keys(input).filter((k) => k.match(/Id$/))
@@ -28,3 +35,14 @@ export const generateUniqueString = async (
   const newSeed = count === 1 ? `${seed}_${count}` : seed.slice(0, -1) + count
   return generateUniqueString(newSeed, isUniqueCallback, count)
 }
+
+export const destroyImage = ({ publicId }) =>
+  new Promise((resolve, reject) => {
+    cloudinary.uploader.destroy(publicId, (error, result) => {
+      if (error) {
+        reject(error)
+        return
+      }
+      resolve(result)
+    })
+  })

api/src/services/parts/parts.js

@@ -3,6 +3,7 @@ import {
   foreignKeyReplacement,
   enforceAlphaNumeric,
   generateUniqueString,
+  destroyImage,
 } from 'src/services/helpers'
 import { requireAuth } from 'src/lib/auth'
 import { requireOwnership } from 'src/lib/owner'
@@ -74,10 +75,18 @@ export const updatePart = async ({ id, input }) => {
   if (input.title) {
     input.title = enforceAlphaNumeric(input.title)
   }
-  return db.part.update({
+  const originalPart = await db.part.findOne({ where: { id } })
+  const imageToDestroy =
+    originalPart.mainImage !== input.mainImage && originalPart.mainImage
+  const update = await db.part.update({
     data: foreignKeyReplacement(input),
     where: { id },
   })
+  if (imageToDestroy) {
+    // destroy after the db has been updated
+    destroyImage({ publicId: imageToDestroy })
+  }
+  return update
 }
 
 export const deletePart = async ({ id }) => {

api/src/services/subjectAccessRequests/subjectAccessRequests.js

@@ -0,0 +1,42 @@
+import { db } from 'src/lib/db'
+import { requireAuth } from 'src/lib/auth'
+import { foreignKeyReplacement } from 'src/services/helpers'
+
+export const subjectAccessRequests = () => {
+  requireAuth({ role: 'admin' })
+  return db.subjectAccessRequest.findMany()
+}
+
+export const subjectAccessRequest = ({ id }) => {
+  requireAuth({ role: 'admin' })
+  return db.subjectAccessRequest.findOne({
+    where: { id },
+  })
+}
+
+export const createSubjectAccessRequest = ({ input }) => {
+  requireAuth({ role: 'admin' })
+  return db.subjectAccessRequest.create({
+    data: foreignKeyReplacement(input),
+  })
+}
+
+export const updateSubjectAccessRequest = ({ id, input }) => {
+  requireAuth({ role: 'admin' })
+  return db.subjectAccessRequest.update({
+    data: foreignKeyReplacement(input),
+    where: { id },
+  })
+}
+
+export const deleteSubjectAccessRequest = ({ id }) => {
+  requireAuth({ role: 'admin' })
+  return db.subjectAccessRequest.delete({
+    where: { id },
+  })
+}
+
+export const SubjectAccessRequest = {
+  user: (_obj, { root }) =>
+    db.subjectAccessRequest.findOne({ where: { id: root.id } }).user(),
+}

api/src/services/subjectAccessRequests/subjectAccessRequests.test.js

@@ -0,0 +1,9 @@
+/*
+import { subjectAccessRequests } from './subjectAccessRequests'
+*/
+
+describe('subjectAccessRequests', () => {
+  it('returns true', () => {
+    expect(true).toBe(true)
+  })
+})

api/src/services/users/users.js

@@ -2,7 +2,7 @@ import { db } from 'src/lib/db'
 import { requireAuth } from 'src/lib/auth'
 import { requireOwnership } from 'src/lib/owner'
 import { UserInputError } from '@redwoodjs/api'
-import { enforceAlphaNumeric } from 'src/services/helpers'
+import { enforceAlphaNumeric, destroyImage } from 'src/services/helpers'
 
 export const users = () => {
   requireAuth({ role: 'admin' })
@@ -51,10 +51,18 @@ export const updateUserByUserName = async ({ userName, input }) => {
       `You've tried to used a protected word as you userName, try something other than `
     )
   }
-  return db.user.update({
+  const originalPart = await db.user.findOne({ where: { userName } })
+  const imageToDestroy =
+    originalPart.image !== input.image && originalPart.image
+  const update = await db.user.update({
     data: input,
     where: { userName },
   })
+  if (imageToDestroy) {
+    // destroy after the db has been updated
+    destroyImage({ publicId: imageToDestroy })
+  }
+  return update
 }
 
 export const deleteUser = ({ id }) => {
@@ -80,4 +88,6 @@ export const User = {
     db.user.findOne({ where: { id: root.id } }).Reaction(),
   Comment: (_obj, { root }) =>
     db.user.findOne({ where: { id: root.id } }).Comment(),
+  SubjectAccessRequest: (_obj, { root }) =>
+    db.user.findOne({ where: { id: root.id } }).SubjectAccessRequest(),
 }