diff --git a/graphql/playground.ts b/graphql/playground.ts index d079f5f04..5fba8b79c 100644 --- a/graphql/playground.ts +++ b/graphql/playground.ts @@ -2,17 +2,17 @@ import { ApolloServerPluginLandingPageGraphQLPlayground } from 'apollo-server-co import { isDev } from '../common/util/environment'; const userHeader = { authorization: 'Bearer ' }; -const adminHeader = { authorization: "Basic " }; +const adminHeader = { authorization: `Basic ${isDev ? btoa('admin:' + process.env.ADMIN_AUTH_TOKEN) : 'btoa'}` }; const endpoint = '/apollo'; const loginQuery = `mutation { # Place some random Bearer token in the tab HTTP Headers, then log in using one of these mutations: - # Token Login: + # Token Login: loginToken(token: "authtokenP1") # Log in as Pupil 1 # loginToken(token: "authtokenS1") # Log in as Student 1 - + # Password Login: # loginPassword(email: "test+dev+p1@lern-fair.de" password: "test") # loginPassword(email: "test+dev+s1@lern-fair.de" password: "test") @@ -21,50 +21,50 @@ const loginQuery = `mutation { const meQuery = `query { # Once a session is authenticates (use the same Bearer Token for this query) a user can query their own data through the me query: - # The roles assigned to this session: + # The roles assigned to this session: myRoles - + # All users (except for ADMIN and other technical accounts) can query their data through me: - me { + me { # The userID is unique across all users, and looks like "student/{student.id}" userID # Some data is available for all users: firstname lastname email - + # All users can receive notifications: # To limit the number of data received from the backend, we use pagination with 'take' and 'skip': concreteNotifications(take: 10 skip: 0) { sentAt notification { description } } - + # All users can log in using different secrets (the thing used in loginToken or loginPassword): - secrets { + secrets { type description expiresAt lastUsed } - + # Every user has appointments: - appointments(take: 10 skip: 0) { + appointments(take: 10 skip: 0) { start duration title } - + # Most data is actually stored depending on the user type, these edges are null if the user is not a pupil or student: # Role PUPIL - pupil { + pupil { state schooltype subjectsFormatted { name mandatory } grade aboutMe # ... explore other fields here - + # Course Participants (Role PARTICIPANT): subcoursesJoined { # To check whether users can do something, we use queries prefixed with 'can...' to get this info from the backend @@ -74,51 +74,51 @@ const meQuery = `query { course { name } } subcoursesWaitingList { course { name }} - + # Match Tutees (Role TUTEE): openMatchRequestCount - - matches { + + matches { student { firstname lastname aboutMe } dissolved dissolvedAt } - + # Before matching we ask(ed) pupils to confirm their interest ... tutoringInterestConfirmation { status } # ... or they are screened and need to join a meeting: screenings { status invalidated } } - + # Helpers, historically called Students: # Role STUDENT - student { + student { subjectsFormatted { name grade { min max }} state university languages - + # Before doing stuff at Lern-Fair, we talk to each helper, # these screenings were historically done per role - tutorScreenings { + tutorScreenings { jobStatus knowsCoronaSchoolFrom success } - instructorScreenings { + instructorScreenings { jobStatus knowsCoronaSchoolFrom success } - + # We require a certifciate of conduct from each helper, and deactivate their account if not: certificateOfConductDeactivationDate certificateOfConduct { dateOfInspection dateOfIssue criminalRecords } - + # Course Instructors (Role INSTRUCTOR): canCreateCourse { allowed reason } # Courses are templates for multiple 'Subcourses': - coursesInstructing { + coursesInstructing { id name description @@ -127,29 +127,29 @@ const meQuery = `query { image allowContact } - - subcoursesInstructing { + + subcoursesInstructing { course { id } minGrade maxGrade maxParticipants joinAfterStart - + appointments { start duration title } - + participants { firstname lastname } } - - + + # Match Tutor (Role TUTOR): - matches { + matches { pupil { firstname lastname aboutMe } dissolved dissolvedAt } } - - + + } }`; @@ -158,17 +158,15 @@ const adminQuery = `query { # (1) Start the backend with ADMIN_AUTH_TOKEN=admin npm run web # (2) calculate "Basic " + btoa("admin:" + ADMIN_AUTH_TOKEN), i.e. "Basic YWRtaW46YWRtaW4=" # (3) Place the Basic Auth Token into the 'authorization' header - + # Then just execute any query that fetches any data, i.e. this one to find a specific user - query { - students(where: { email: { contains: "@lern-fair.de" }} take: 100) { - email - firstname - lastname - matches { - active - pupil { firstname lastname } - } + students(where: { email: { contains: "@lern-fair.de" }} take: 100) { + email + firstname + lastname + matches { + dissolved + pupil { firstname lastname } } } }`;