1extend type Query {
2 """
3 users gets all users for a given organization from BSP api, if nil use NEP-Organization.
4 """
5 users(
6 """
7 optional bannerEdgeId is the edge id of of the organization to get users for
8 """
9 bannerEdgeId: String @hasBannerAccess(field: "bannerEdgeId")
10 ): [User!]
11
12 """
13 UserData returns a users banners and roles from the BSP api
14 """
15 userData(
16 """
17 username must be the bsl fully qualified username. example: `acct:edge-dev0-edge-b413cb@xwtest`
18 """
19 username: String!
20 ): UserData!
21 @hasRole(
22 roles: [
23 EDGE_BANNER_VIEWER
24 EDGE_ORG_ADMIN
25 EDGE_BANNER_ADMIN
26 EDGE_BANNER_OPERATOR
27 ]
28 )
29
30 """
31 WhoAmI returns a list of queries/mutations that the logged in user can perform.
32 """
33 whoAmI: User!
34 @hasRole(
35 roles: [
36 EDGE_BANNER_VIEWER
37 EDGE_ORG_ADMIN
38 EDGE_BANNER_ADMIN
39 EDGE_BANNER_OPERATOR
40 ]
41 ) # username will be retrieved from token
42 """
43 user returns the user's profile.
44 """
45 user(
46 """
47 username must be the bsl fully qualified username. example: `acct:edge-dev0-edge-b413cb@xwtest`
48 """
49 username: String!
50 ): User!
51 @hasRole(
52 roles: [
53 EDGE_BANNER_VIEWER
54 EDGE_ORG_ADMIN
55 EDGE_BANNER_ADMIN
56 EDGE_BANNER_OPERATOR
57 ]
58 )
59
60 """
61 sessionUserEdgeRole returns the current session user edge roles
62 """
63 sessionUserEdgeRole: [String!]
64 @hasRole(
65 roles: [
66 EDGE_BANNER_VIEWER
67 EDGE_ORG_ADMIN
68 EDGE_BANNER_ADMIN
69 EDGE_BANNER_OPERATOR
70 ]
71 )
72}
73
74# Mutation returns generated.MutationResolver implementation.
75extend type Mutation {
76 """
77 Register creates a user using BSP api and returns the username.
78 """
79 register(
80 """
81 firstName is the first name of the user to be created
82 """
83 firstName: String!
84 """
85 lastName is the last name of the user to be created
86 """
87 lastName: String!
88 """
89 username is the username of the user to be created
90 """
91 username: String!
92 """
93 email is the email of the user to be created
94 """
95 email: String!
96 """
97 password is the password of the user to be created. keep it secret, keep it safe
98 """
99 password: String!
100 """
101 organization is the bsl organization the user will be created in under /customer/ or whatever the root org is set to for that edge env
102 """
103 organization: String!
104 ): String!
105
106 """
107 Login makes a request login to BSP api and returns a signed jwt token with a list of roles.
108 """
109 login(
110 username: String!
111 password: String!
112 organization: String!
113 ): AuthPayload!
114
115 loginWithOkta(
116 oktaToken: String!
117 refreshToken: String!
118 organization: String!
119 ): OktaAuthPayload!
120
121 verifyOktaToken(oktaToken: String!): Boolean!
122
123 """
124 UpdateUserPassword makes a request to BSP api to reset a user's password
125 """
126 updateUserPassword(
127 username: String!
128 newPassword: String!
129 organization: String!
130 ): EdgeResponsePayload!
131
132 """
133 DeleteUser deletes a user in BSP.
134 """
135 deleteUser(username: String!): Boolean! @hasRole(roles: [EDGE_ORG_ADMIN])
136
137 """
138 Logout clears a user's session.
139 """
140 logout: Boolean!
141
142 """
143 ForgotPassword recovers a user's password in BSL, an email is sent to the user's email.
144 """
145 forgotPassword(
146 """
147 The bsl username without any organization
148 """
149 username: String!
150 """
151 The bsl organization associated with the user
152 """
153 organization: String!
154 ): Boolean!
155
156 """
157 UpdatePasswordWithToken takes in a bsl one time use token and resets the users password.
158 """
159 updatePasswordWithToken(
160 """
161 token is the bsl token sent in the first step of the password reset process through email
162 """
163 token: String!
164 """
165 organization is the organization the token/user belong to
166 """
167 organization: String!
168 """
169 newPassword is the new value the user the token belongs to password will be set to
170 """
171 newPassword: String!
172 ): Boolean!
173
174 """
175 TokenExchange exchanges the token to refresh the 15 mins timeframe
176 """
177 tokenExchange: String!
178 @hasRole(
179 roles: [
180 EDGE_BANNER_VIEWER
181 EDGE_ORG_ADMIN
182 EDGE_BANNER_ADMIN
183 EDGE_BANNER_OPERATOR
184 EDGE_SUPER_ADMIN
185 ]
186 )
187
188 """
189 SessionRefresh exchanges the okta token to refresh the 15 mins timeframe
190 """
191 sessionRefresh(provider: AuthProvider!): String!
192 @hasRole(
193 roles: [
194 EDGE_BANNER_VIEWER
195 EDGE_ORG_ADMIN
196 EDGE_BANNER_ADMIN
197 EDGE_BANNER_OPERATOR
198 EDGE_SUPER_ADMIN
199 ]
200 )
201
202 updateUserProfile(
203 """
204 user is the user data to be updated
205 """
206 user: UpdateUser!
207 ): User!
208 @hasRole(
209 roles: [
210 EDGE_BANNER_VIEWER
211 EDGE_ORG_ADMIN
212 EDGE_BANNER_ADMIN
213 EDGE_BANNER_OPERATOR
214 ]
215 )
216}
View as plain text