extend type Query { """ users gets all users for a given organization from BSP api, if nil use NEP-Organization. """ users( """ optional bannerEdgeId is the edge id of of the organization to get users for """ bannerEdgeId: String @hasBannerAccess(field: "bannerEdgeId") ): [User!] """ UserData returns a users banners and roles from the BSP api """ userData( """ username must be the bsl fully qualified username. example: `acct:edge-dev0-edge-b413cb@xwtest` """ username: String! ): UserData! @hasRole( roles: [ EDGE_BANNER_VIEWER EDGE_ORG_ADMIN EDGE_BANNER_ADMIN EDGE_BANNER_OPERATOR ] ) """ WhoAmI returns a list of queries/mutations that the logged in user can perform. """ whoAmI: User! @hasRole( roles: [ EDGE_BANNER_VIEWER EDGE_ORG_ADMIN EDGE_BANNER_ADMIN EDGE_BANNER_OPERATOR ] ) # username will be retrieved from token """ user returns the user's profile. """ user( """ username must be the bsl fully qualified username. example: `acct:edge-dev0-edge-b413cb@xwtest` """ username: String! ): User! @hasRole( roles: [ EDGE_BANNER_VIEWER EDGE_ORG_ADMIN EDGE_BANNER_ADMIN EDGE_BANNER_OPERATOR ] ) """ sessionUserEdgeRole returns the current session user edge roles """ sessionUserEdgeRole: [String!] @hasRole( roles: [ EDGE_BANNER_VIEWER EDGE_ORG_ADMIN EDGE_BANNER_ADMIN EDGE_BANNER_OPERATOR ] ) } # Mutation returns generated.MutationResolver implementation. extend type Mutation { """ Register creates a user using BSP api and returns the username. """ register( """ firstName is the first name of the user to be created """ firstName: String! """ lastName is the last name of the user to be created """ lastName: String! """ username is the username of the user to be created """ username: String! """ email is the email of the user to be created """ email: String! """ password is the password of the user to be created. keep it secret, keep it safe """ password: String! """ organization is the bsl organization the user will be created in under /customer/ or whatever the root org is set to for that edge env """ organization: String! ): String! """ Login makes a request login to BSP api and returns a signed jwt token with a list of roles. """ login( username: String! password: String! organization: String! ): AuthPayload! loginWithOkta( oktaToken: String! refreshToken: String! organization: String! ): OktaAuthPayload! verifyOktaToken(oktaToken: String!): Boolean! """ UpdateUserPassword makes a request to BSP api to reset a user's password """ updateUserPassword( username: String! newPassword: String! organization: String! ): EdgeResponsePayload! """ DeleteUser deletes a user in BSP. """ deleteUser(username: String!): Boolean! @hasRole(roles: [EDGE_ORG_ADMIN]) """ Logout clears a user's session. """ logout: Boolean! """ ForgotPassword recovers a user's password in BSL, an email is sent to the user's email. """ forgotPassword( """ The bsl username without any organization """ username: String! """ The bsl organization associated with the user """ organization: String! ): Boolean! """ UpdatePasswordWithToken takes in a bsl one time use token and resets the users password. """ updatePasswordWithToken( """ token is the bsl token sent in the first step of the password reset process through email """ token: String! """ organization is the organization the token/user belong to """ organization: String! """ newPassword is the new value the user the token belongs to password will be set to """ newPassword: String! ): Boolean! """ TokenExchange exchanges the token to refresh the 15 mins timeframe """ tokenExchange: String! @hasRole( roles: [ EDGE_BANNER_VIEWER EDGE_ORG_ADMIN EDGE_BANNER_ADMIN EDGE_BANNER_OPERATOR EDGE_SUPER_ADMIN ] ) """ SessionRefresh exchanges the okta token to refresh the 15 mins timeframe """ sessionRefresh(provider: AuthProvider!): String! @hasRole( roles: [ EDGE_BANNER_VIEWER EDGE_ORG_ADMIN EDGE_BANNER_ADMIN EDGE_BANNER_OPERATOR EDGE_SUPER_ADMIN ] ) updateUserProfile( """ user is the user data to be updated """ user: UpdateUser! ): User! @hasRole( roles: [ EDGE_BANNER_VIEWER EDGE_ORG_ADMIN EDGE_BANNER_ADMIN EDGE_BANNER_OPERATOR ] ) }