Schema.graphql

query: Query

}

"""
Custom error type interface
"""

interface ErrorResult {

message: String!

code: String!

}

interface File {

id: ID!
type: FileType!
name: String!
bucket: String!
url: Url!
size: Int!

}

"""
Identity
"""

interface IdentityView {

id: ID!
name: String!
isAccessible: Boolean!

}

"""
Reprezentace MyIdentity
"""

interface MyIdentity {

id: ID!
name: String!
isAccessible: Boolean!
systemAdmin: Boolean!
accessibleInstitutes: [InstituteAccess!]!

}

"""
Reprezentace UserHubIdentity
"""

interface UserHubIdentity {

id: ID!

institute(

id: ID! @resource(type: INSTITUTE)

): Institute

institutes: [Institute!]!

systemAdmin: Boolean!

rootUser(

instituteId: ID! @resource(type: INSTITUTE)

): Boolean!

memberBoards(

instituteId: ID! @resource(type: INSTITUTE)

): [MemberBoard!]

examCenters(

instituteId: ID! @resource(type: INSTITUTE)

): [ExamCenter!]

roles(

instituteId: ID! @resource(type: INSTITUTE)

): [Role!]!

permissions(

instituteId: ID! @resource(type: INSTITUTE)

): [AppPermission!]!

modules(

instituteId: ID! @resource(type: INSTITUTE)

): [AppModule!]!

instituteAccess(

instituteId: ID! @resource(type: INSTITUTE)

): InstituteAccess!

}

"""
AddEmailTwoFactorMethodPayload
"""

type AddEmailTwoFactorMethodPayload {

success: Boolean!

}

"""
AddTotpTwoFactorMethodPayload
"""

type AddTotpTwoFactorMethodPayload {

provisioningUri: String!

}

"""
Reprezentace User
"""

type ApiToken implements UserHubIdentity {

id: ID!

institute(

id: ID! @resource(type: INSTITUTE)

): Institute

institutes: [Institute!]!

systemAdmin: Boolean!

rootUser(

instituteId: ID! @resource(type: INSTITUTE)

): Boolean!

memberBoards(

instituteId: ID! @resource(type: INSTITUTE)

): [MemberBoard!]

examCenters(

instituteId: ID! @resource(type: INSTITUTE)

): [ExamCenter!]

roles(

instituteId: ID! @resource(type: INSTITUTE)

): [Role!]!

permissions(

instituteId: ID! @resource(type: INSTITUTE)

): [AppPermission!]!

modules(

instituteId: ID! @resource(type: INSTITUTE)

): [AppModule!]!

instituteAccess(

instituteId: ID! @resource(type: INSTITUTE)

): InstituteAccess!

}

type ApiTokenSelection {

items(

sort: ApiTokenSort! = DEFAULT
sortDirection: SortDirection! = DESC
limit: Int! = 10 @intConstraint(min: 1, max: 100)
offset: Int! = 0 @intConstraint(min: 0)

): [ApiToken!]!

}

"""
ApiToken
"""

type ApiTokenView implements IdentityView {

id: ID!
isAccessible: Boolean!
name: String!

}

"""
Reprezentace aplikace
"""

type App {

id: ID!
name: String!
bridgeUrl: String!
connected: Boolean!
connectedAt: DateTimeMs
modules: [AppModule!]!

}

"""
Describes user's access to application
"""

type AppAccess {

id: ID!
name: String!
modules: [ModuleAccess!]!

}

"""
Reprezentace modulu
"""

type AppModule {

id: ID!
app: App!
slug: String!
name: String!
description: String!
autoAccessible: Boolean!
permissions: [AppPermission!]!
notifications: [AppNotification!]!

}

type AppModuleSelection {

items(

sort: AppModuleSort! = DEFAULT
sortDirection: SortDirection! = DESC
limit: Int! = 10 @intConstraint(min: 1, max: 100)
offset: Int! = 0 @intConstraint(min: 0)

): [AppModule!]!

}

"""
Reprezentace notification
"""

type AppNotification {

id: ID!
slug: ID!
description: String!

}

"""
Reprezentace permission
"""

type AppPermission {

id: ID!
slug: ID!
description: String!
groupLabel: String

}

type AppSelection {

items(

sort: AppSort! = DEFAULT
sortDirection: SortDirection! = DESC
limit: Int! = 10 @intConstraint(min: 1, max: 100)
offset: Int! = 0 @intConstraint(min: 0)

): [App!]!

}

type AudioFile implements File {

id: ID!
type: FileType!
name: String!
bucket: String!
url: Url!
size: Int!
duration: Int!

}

"""
AuthenticatorSelectionCriteria
"""

type AuthenticatorSelectionCriteria {

userVerification: String!

residentKey: String

}

"""
Cannot modify admin user
"""

type CannotModifyAdminUser implements ErrorResult {

message: String!

code: String!

}

"""
Cannot remove autoAccessible module exception
"""

type CannotRemoveAutoAccessibleModule implements ErrorResult {

message: String!

code: String!

}

"""
Cannot remove root user from institute
"""

type CannotRemoveRootUserFromInstitute implements ErrorResult {

message: String!

code: String!

}

"""
ConfirmTotpTwoFactorMethodPayload
"""

type ConfirmTotpTwoFactorMethodPayload {

success: Boolean!

}

"""
ConfirmWebAuthnCredentialPayload
"""

type ConfirmWebAuthnCredentialPayload {

success: Boolean!

}

"""
CreateApiTokenPayload
"""

type CreateApiTokenPayload {

id: String!
name: String!
accessToken: String!
secretToken: String!

}

"""
Create app payload
"""

type CreateAppPayload {

result: App!

}

"""
Create exam center payload
"""

type CreateExamCenterPayload {

result: ExamCenter!

}

"""
Create institute payload
"""

type CreateInstitutePayload {

result: Institute!

}

"""
Create member board payload
"""

type CreateMemberBoardPayload {

result: MemberBoard!

}

"""
Create role payload
"""

type CreateRolePayload {

result: Role!

}

"""
Delete exam center payload
"""

type DeleteExamCenterPayload {

success: Boolean!

}

"""
DeleteIdentityPayload
"""

type DeleteIdentityPayload {

success: Boolean!

}

"""
Delete member board payload
"""

type DeleteMemberBoardPayload {

success: Boolean!

}

"""
Delete role payload
"""

type DeleteRolePayload {

success: Boolean!

}

"""
DeleteTwoFactorMethodResultPayload
"""

type DeleteTwoFactorMethodResultPayload {

success: Boolean!

}

"""
Delete user invitation payload
"""

type DeleteUserInvitationPayload {

success: Boolean!

}

"""
DeleteWebauthnCredentialResultPayload
"""

type DeleteWebauthnCredentialResultPayload {

success: Boolean!

}

"""
DisableWebAuthnResultPayload
"""

type DisableWebAuthnResultPayload {

success: Boolean!

}

type DocumentFile implements File {

id: ID!
type: FileType!
name: String!
bucket: String!
url: Url!
size: Int!

}

"""
EnabledTwoFactorMethod
"""

type EnabledTwoFactorMethod {

id: ID!

type: TwoFactorMethod!

}

"""
Reprezentace exam center
"""

type ExamCenter {

id: ID!
name: String!
contactEmail: EmailAddress

}

"""
ExamCenter was not found in institute exception
"""

type ExamCenterNotFoundInInstitute implements ErrorResult {

message: String!

code: String!

}

type ExamCenterSelection {

items(

sort: ExamCenterSort! = DEFAULT
sortDirection: SortDirection! = DESC
limit: Int! = 10 @intConstraint(min: 1, max: 100)
offset: Int! = 0 @intConstraint(min: 0)

): [ExamCenter!]!

}

"""
ExamCenter
"""

type ExamCenterView {

id: ID!
name: String!
contactEmail: EmailAddress
instituteId: ID!
memberBoardId: ID!
isAccessible: Boolean!

}

"""
Fetch app permissions payload
"""

type FetchAppPermissionsPayload {

success: Boolean!

}

"""
Reprezentace url pro upload souboru
"""

type FileUploadUrlPayload {

url: String!

}

type ImageFile implements File {

id: ID!
type: FileType!
name: String!
bucket: String!
url: Url!
size: Int!
width: Int!
height: Int!

}

"""
Reprezentace institutu
"""

type Institute {

id: ID!
name: String!
modules: [AppModule!]!
logo: File

}

"""
Describes user's access to institute
"""

type InstituteAccess {

id: ID!
name: String!
scope: InstituteScope!
accessibleApps: [AppAccess!]!
isRootUser: Boolean!

}

"""
Describes user's data scope within an institute
"""

type InstituteScope {

memberBoardIds: [String!]

examCenterIds: [String!]

}

type InstituteSelection {

items(

sort: InstituteSort! = DEFAULT
sortDirection: SortDirection! = DESC
limit: Int! = 10 @intConstraint(min: 1, max: 100)
offset: Int! = 0 @intConstraint(min: 0)

): [Institute!]!

}

"""
Institute
"""

type InstituteView {

id: ID!
name: String!
logoFileUrl: Url
isAccessible: Boolean!

}

type InvalidBucket implements ErrorResult {

message: String!

code: String!

}

"""
Invalid country code provided exception.
"""

type InvalidCountryCode implements ErrorResult {

message: String!

code: String!

}

"""
Invalid credentials exception
"""

type InvalidCredentials implements ErrorResult {

message: String!

code: String!

}

type InvalidFileUrl implements ErrorResult {

message: String!

code: String!

}

"""
Old password is invalid exception
"""

type InvalidOldPassword implements ErrorResult {

message: String!

code: String!

}

"""
Invalid TOTP config exception
"""

type InvalidTotpConfig implements ErrorResult {

message: String!

code: String!

}

"""
InviteUserPayload
"""

type InviteUserPayload {

success: Boolean!

}

"""
Reprezentace member boardu
"""

type MemberBoard {

id: ID!
name: String!
contactEmail: EmailAddress
logo: File
examCenters: ExamCenterSelection!

}

"""
MemberBoard was not found in institute exception
"""

type MemberBoardNotFoundInInstitute implements ErrorResult {

message: String!

code: String!

}

type MemberBoardSelection {

items(

sort: MemberBoardSort! = DEFAULT
sortDirection: SortDirection! = DESC
limit: Int! = 10 @intConstraint(min: 1, max: 100)
offset: Int! = 0 @intConstraint(min: 0)

): [MemberBoard!]!

}

"""
Member Board
"""

type MemberBoardView {

id: ID!
name: String!
contactEmail: EmailAddress
instituteId: ID!
logoFileUrl: Url
isAccessible: Boolean!

}

"""
Describes user's access to module
"""

type ModuleAccess {

id: ID!
name: String!
permissions: [String!]!

}

"""
Module was not found in institute exception
"""

type ModuleNotFoundInInstitute implements ErrorResult {

message: String!

code: String!

}

"""
Root type pro mutation operaci
"""

type Mutation {

"App management"

createApp(

input: CreateAppInput!

): CreateAppResult! @admin

updateApp(

id: ID! @resource(type: APP)

input: UpdateAppInput!

): UpdateAppResult! @admin

fetchAppPermissions(

id: ID! @resource(type: APP)

): FetchAppPermissionsResult! @admin

"Role management"

createRole(

input: CreateRoleInput!

): CreateRoleResult! @admin

createInstituteRole(

input: CreateInstituteRoleInput!

): CreateRoleResult! @auth(module: DEFAULT, permission: CREATE_ROLE)

updateRole(

id: ID! @resource(type: ROLE)

input: UpdateRoleInput!

): UpdateRoleResult! @admin

updateInstituteRole(

id: ID! @resource(type: ROLE) @authResource(module: DEFAULT, permission: UPDATE_ROLE)

input: UpdateRoleInput!

): UpdateRoleResult! @auth(module: DEFAULT, permission: UPDATE_ROLE)

deleteRole(

id: ID! @resource(type: ROLE)

): DeleteRoleResult! @admin

deleteInstituteRole(

id: ID! @resource(type: ROLE) @authResource(module: DEFAULT, permission: DELETE_ROLE)

): DeleteRoleResult! @auth(module: DEFAULT, permission: DELETE_ROLE)

"Institute management"

createInstitute(

input: CreateInstituteInput!

): CreateInstituteResult! @admin

updateInstitute(

id: ID! @resource(type: INSTITUTE)

input: UpdateInstituteInput!

): UpdateInstituteResult! @admin

"Member board management"

createMemberBoard(

input: CreateMemberBoardInput!

): CreateMemberBoardResult! @auth(module: DEFAULT, permission: CREATE_MEMBER_BOARD)

updateMemberBoard(

id: ID! @resource(type: MEMBER_BOARD) @authResource(module: DEFAULT, permission: UPDATE_MEMBER_BOARD)

input: UpdateMemberBoardInput!

): UpdateMemberBoardResult! @auth(module: DEFAULT, permission: UPDATE_MEMBER_BOARD)

deleteMemberBoard(

id: ID! @resource(type: MEMBER_BOARD) @authResource(module: DEFAULT, permission: DELETE_MEMBER_BOARD)

): DeleteMemberBoardResult! @auth(module: DEFAULT, permission: DELETE_MEMBER_BOARD)

"Exam center management"

createExamCenter(

input: CreateExamCenterInput!

): CreateExamCenterResult! @auth(module: DEFAULT, permission: CREATE_EXAM_CENTER)

updateExamCenter(

id: ID! @resource(type: EXAM_CENTER) @authResource(module: DEFAULT, permission: UPDATE_EXAM_CENTER)

input: UpdateExamCenterInput!

): UpdateExamCenterResult! @auth(module: DEFAULT, permission: UPDATE_EXAM_CENTER)

deleteExamCenter(

id: ID! @resource(type: EXAM_CENTER) @authResource(module: DEFAULT, permission: DELETE_EXAM_CENTER)

): DeleteExamCenterResult! @auth(module: DEFAULT, permission: DELETE_EXAM_CENTER)

"Api Token management"

createApiToken(

input: CreateApiTokenInput!

): CreateApiTokenResult! @auth(module: DEFAULT, permission: CREATE_API_TOKEN)

rotateApiToken(

input: RotateApiTokenInput!

): RotateApiTokenResult! @auth(module: DEFAULT, permission: ROTATE_API_TOKEN)

"User management"

inviteUser(

input: InviteUserInput!

): InviteUserResult! @auth(module: DEFAULT, permission: INVITE_USER)

deleteUserInvitation(

id: ID! @resource(type: USER_INVITATION) @authResource(module: DEFAULT, permission: DELETE_USER_INVITATION)

): DeleteUserInvitationResult! @auth(module: DEFAULT, permission: DELETE_USER_INVITATION)

removeUserFromInstitute(

input: RemoveUserFromInstituteInput!

): RemoveUserFromInstituteResult! @auth(module: DEFAULT, permission: REMOVE_USER_FROM_INSTITUTE)

deleteIdentity(

id: ID! @resource(type: USER)

): DeleteIdentityResult! @admin

setUserRoles(

input: SetUserRolesInput!

): SetUserRolesResult! @auth(module: DEFAULT, permission: SET_ROLES_AND_PERMISSIONS)

setUserPermissions(

input: SetUserPermissionsInput!

): SetUserPermissionsResult! @auth(module: DEFAULT, permission: SET_ROLES_AND_PERMISSIONS)

setUserModules(

input: SetUserModulesInput!

): SetUserModulesResult! @auth(module: DEFAULT, permission: SET_ROLES_AND_PERMISSIONS)

setUserExamCenters(

input: SetUserExamCentersInput!

): SetUserExamCentersResult! @auth(module: DEFAULT, permission: SET_DATA_SCOPE)

setUserMemberBoards(

input: SetUserMemberBoardsInput!

): SetUserMemberBoardsResult! @auth(module: DEFAULT, permission: SET_DATA_SCOPE)

updateUser(

input: UpdateUserInput!

): UpdateUserResult! @auth(module: DEFAULT, permission: UPDATE_USER)

"Profile management"

updateProfile(

input: UpdateProfileInput!

): UpdateProfileResult! @loggedIn

updatePassword(

input: UpdatePasswordInput!

): UpdatePasswordResult! @loggedIn

setUserNotifications(

input: SetUserNotificationsInput!

): SetUserNotificationsResult! @loggedIn

addEmailTwoFactorMethod: AddEmailTwoFactorMethodResult! @loggedIn

addTotpTwoFactorMethod(

input: AddTotpTwoFactorMethodInput! = {forceRecreate:false}

): AddTotpTwoFactorMethodResult! @loggedIn

confirmTotpTwoFactorMethod(

input: ConfirmTotpTwoFactorMethodInput!

): ConfirmTotpTwoFactorMethodResult! @loggedIn

setPreferredTwoFactorMethod(

input: SetPreferredTwoFactorMethodInput!

): SetPreferredTwoFactorMethodResult! @loggedIn

deleteTwoFactorMethod(

id: ID! @resource(type: ENABLED_TWO_FACTOR_METHOD)

): DeleteTwoFactorMethodResult! @loggedIn

"WebAuthn credential management"

addWebAuthnCredential: AddWebAuthnCredentialResult! @loggedIn

confirmWebAuthnCredential(

input: ConfirmWebAuthnCredentialInput!

): ConfirmWebAuthnCredentialResult! @loggedIn

deleteWebAuthnCredential(

id: ID!

): DeleteWebauthnCredentialResult! @loggedIn

disableWebAuthn: DisableWebAuthnResultPayload! @loggedIn

validateFile(

input: ValidateFileInput!

): ValidateFileResult!

}

"""
Authenticated api token
"""

type MyApiTokenIdentity implements MyIdentity {

id: ID!
isAccessible: Boolean!
systemAdmin: Boolean!
accessibleInstitutes: [InstituteAccess!]!
name: String!

}

"""
Authenticated user
"""

type MyUserIdentity implements MyIdentity {

id: ID!
isAccessible: Boolean!
systemAdmin: Boolean!
accessibleInstitutes: [InstituteAccess!]!
name: String!
firstName: String!
lastName: String!
email: EmailAddress!
language: Language!

}

"""
REsource with given name already exists exception
"""

type NameAlreadyExists implements ErrorResult {

message: String!

code: String!

}

"""
NoChangePayload
"""

type NoChangePayload {

success: Boolean!

}

"""
Password do not match exception
"""

type PasswordsDoNotMatch implements ErrorResult {

message: String!

code: String!

}

type PdfFile implements File {

id: ID!
type: FileType!
name: String!
bucket: String!
url: Url!
size: Int!

}

"""
PublicKeyCredentialCreationOptions
"""

type PublicKeyCredentialCreationOptions {

challenge: String!
timeout: Int!
rp: PublicKeyCredentialRpEntity!
user: PublicKeyCredentialUserEntity!
pubKeyCredParams: [PublicKeyCredentialParameters!]!
authenticatorSelection: AuthenticatorSelectionCriteria
attestation: String
excludeCredentials: [PublicKeyCredentialDescriptor!]!

}

"""
PublicKeyCredentialDescriptor
"""

type PublicKeyCredentialDescriptor {

id: String!
type: String!
transports: [String!]!

}

"""
PublicKeyCredentialParameters
"""

type PublicKeyCredentialParameters {

type: String!

alg: Int!

}

"""
PublicKeyCredentialRpEntity
"""

type PublicKeyCredentialRpEntity {

id: String!

}

"""
PublicKeyCredentialUserEntity
"""

type PublicKeyCredentialUserEntity {

id: String!
name: String!
displayName: String!

}

"""
Root type pro query operaci
"""

type Query {

"Get information about current identity."

me: MyIdentity! @loggedIn

myIdentity: UserHubIdentity! @loggedIn

identities(

filter: IdentityFilter! = {}

): UserHubIdentitySelection! @auth(module: DEFAULT)

users(

filter: IdentityFilter! = {}

): UserSelection! @auth(module: DEFAULT)

apiTokens(

filter: IdentityFilter! = {}

): ApiTokenSelection! @auth(module: DEFAULT)

identity(

id: ID! @resource(type: IDENTITY)

): UserHubIdentity! @auth(module: DEFAULT)

user(

id: ID! @resource(type: USER)

): User! @auth(module: DEFAULT)

apiToken(

id: ID! @resource(type: API_TOKEN)

): ApiToken! @auth(module: DEFAULT)

institutes: InstituteSelection! @auth(module: DEFAULT)

institute(

id: ID! @resource(type: INSTITUTE)

): Institute! @auth(module: DEFAULT)

apps: AppSelection! @auth(module: DEFAULT)

app(

id: ID! @resource(type: APP)

): App! @auth(module: DEFAULT)

modules: AppModuleSelection! @auth(module: DEFAULT)

module(

id: ID! @resource(type: MODULE)

): AppModule! @auth(module: DEFAULT)

memberBoard(

id: ID! @resource(type: MEMBER_BOARD)

): MemberBoard! @auth(module: DEFAULT)

memberBoards(

filter: MemberBoardFilter! = {}

): MemberBoardSelection! @auth(module: DEFAULT)

examCenter(

id: ID! @resource(type: EXAM_CENTER)

): ExamCenter! @auth(module: DEFAULT)

examCenters(

filter: ExamCenterFilter! = {}

): ExamCenterSelection! @auth(module: DEFAULT)

role(

id: ID! @resource(type: ROLE)

): Role! @auth(module: DEFAULT)

roles(

filter: RoleFilter

): RoleSelection! @auth(module: DEFAULT)

userInvitations(

filter: UserInvitationFilter! = {}

): UserInvitationSelection! @auth(module: DEFAULT)

userInvitation(

id: ID! @resource(type: USER_INVITATION)

): UserInvitation! @auth(module: DEFAULT)

fileUploadUrl(

input: FileUploadUrlInput!

): FileUploadUrlResult!

}

"""
Remove user from exam center payload
"""

type RemoveUserFromInstitutePayload {

success: Boolean!

}

"""
Reprezentace role
"""

type Role {

id: ID!
name: String!
global: Boolean!
permissions: [AppPermission!]!

}

"""
Role was not found in institute exception
"""

type RoleNotFoundInInstitute implements ErrorResult {

message: String!

code: String!

}

type RoleSelection {

items(

sort: RoleSort! = DEFAULT
sortDirection: SortDirection! = DESC
limit: Int! = 10 @intConstraint(min: 1, max: 100)
offset: Int! = 0 @intConstraint(min: 0)

): [Role!]!

}

"""
RotateApiTokenPayload
"""

type RotateApiTokenPayload {

id: String!
name: String!
accessToken: String!
secretToken: String!

}

"""
SetPreferredTwoFactorMethodPayload
"""

type SetPreferredTwoFactorMethodPayload {

success: Boolean!

}

"""
SetUserExamCentersPayload
"""

type SetUserExamCentersPayload {

success: Boolean!

}

"""
SetUserMemberBoardsPayload
"""

type SetUserMemberBoardsPayload {

success: Boolean!

}

"""
SetUserModulesPayload
"""

type SetUserModulesPayload {

success: Boolean!

}

"""
SetUserNotificationsPayload
"""

type SetUserNotificationsPayload {

success: Boolean!

}

"""
SetUserPermissionsPayload
"""

type SetUserPermissionsPayload {

success: Boolean!

}

"""
SetUserRolesPayload
"""

type SetUserRolesPayload {

success: Boolean!

}

"""
Resource with given slug already exists exception
"""

type SlugAlreadyExists implements ErrorResult {

message: String!

code: String!

}

"""
Two factor method not enabled
"""

type TwoFactorMethodNotEnabled implements ErrorResult {

message: String!

code: String!

}

type UnableToAnalyzeFile implements ErrorResult {

message: String!

code: String!

}

"""
Unauthorize to set data scope
"""

type UnauthorizedToSetDataScope implements ErrorResult {

message: String!

code: String!

}

"""
Unauthorize to set roles and permissions
"""

type UnauthorizedToSetRolesAndPermissions implements ErrorResult {

message: String!

code: String!

}

type UnknownFileType implements ErrorResult {

message: String!

code: String!

}

"""
Update app payload
"""

type UpdateAppPayload {

result: App!

}

"""
Update exam center payload
"""

type UpdateExamCenterPayload {

result: ExamCenter!

}

"""
Update institute payload
"""

type UpdateInstitutePayload {

result: Institute!

}

"""
Update member board payload
"""

type UpdateMemberBoardPayload {

result: MemberBoard!

}

"""
UpdatePasswordPayload
"""

type UpdatePasswordPayload {

success: Boolean!

}

"""
UpdateProfilePayload
"""

type UpdateProfilePayload {

success: Boolean!

}

"""
Update role payload
"""

type UpdateRolePayload {

result: Role!

}

"""
UpdateUserPayload
"""

type UpdateUserPayload {

success: Boolean!

}

type UrlFile implements File {

id: ID!
type: FileType!
name: String!
bucket: String!
url: Url!
size: Int!

}

"""
Reprezentace User
"""

type User implements UserHubIdentity {

id: ID!

institute(

id: ID! @resource(type: INSTITUTE)

): Institute

institutes: [Institute!]!

systemAdmin: Boolean!

rootUser(

instituteId: ID! @resource(type: INSTITUTE)

): Boolean!

memberBoards(

instituteId: ID! @resource(type: INSTITUTE)

): [MemberBoard!]

examCenters(

instituteId: ID! @resource(type: INSTITUTE)

): [ExamCenter!]

roles(

instituteId: ID! @resource(type: INSTITUTE)

): [Role!]!

permissions(

instituteId: ID! @resource(type: INSTITUTE)

): [AppPermission!]!

modules(

instituteId: ID! @resource(type: INSTITUTE)

): [AppModule!]!

instituteAccess(

instituteId: ID! @resource(type: INSTITUTE)

): InstituteAccess!

firstName: String!

lastName: String!

email: EmailAddress!

language: Language!

preferredTwoFactorMethod: TwoFactorMethod

enabledTwoFactorMethods: [EnabledTwoFactorMethod!]!

webAuthnCredentials: [WebauthnCredential!]!

notifications(

instituteId: ID! @resource(type: INSTITUTE)

): [AppNotification!]!

}

"""
User is already a member of this institute exception
"""

type UserAlreadyInInstitute implements ErrorResult {

message: String!

code: String!

}

type UserHubIdentitySelection {

items(

sort: IdentitySort! = DEFAULT
sortDirection: SortDirection! = DESC
limit: Int! = 10 @intConstraint(min: 1, max: 100)
offset: Int! = 0 @intConstraint(min: 0)

): [UserHubIdentity!]!

}

"""
Reprezentace user invitation
"""

type UserInvitation {

id: ID!
email: EmailAddress!
author: IdentityView!
institute: Institute!
memberBoards: MemberBoardSelection
examCenters: ExamCenterSelection
roles: RoleSelection!
permissions: [AppPermission!]!
createdAt: DateTimeMs!

}

type UserInvitationSelection {

items(

sort: UserInvitationSort! = DEFAULT
sortDirection: SortDirection! = DESC
limit: Int! = 10 @intConstraint(min: 1, max: 100)
offset: Int! = 0 @intConstraint(min: 0)

): [UserInvitation!]!

}

"""
User was not found in institute exception
"""

type UserNotFoundInInstitute implements ErrorResult {

message: String!

code: String!

}

type UserSelection {

items(

sort: UserSort! = DEFAULT
sortDirection: SortDirection! = DESC
limit: Int! = 10 @intConstraint(min: 1, max: 100)
offset: Int! = 0 @intConstraint(min: 0)

): [User!]!

}

"""
User
"""

type UserView implements IdentityView {

id: ID!
isAccessible: Boolean!
name: String!
firstName: String!
lastName: String!
email: EmailAddress!

}

"""
Reprezentace file
"""

type ValidateFilePayload {

result: File!

}

type VideoFile implements File {

id: ID!
type: FileType!
name: String!
bucket: String!
url: Url!
size: Int!
width: Int!
height: Int!
duration: Int!

}

"""
WebauthnCredential
"""

type WebauthnCredential {

id: ID!
name: String!
lastUsedAt: DateTimeMs!
registeredAt: DateTimeMs!

}

union AddEmailTwoFactorMethodResult = AddEmailTwoFactorMethodPayload | NoChangePayload

union AddTotpTwoFactorMethodResult = AddTotpTwoFactorMethodPayload | NoChangePayload | InvalidTotpConfig

union AddWebAuthnCredentialResult = PublicKeyCredentialCreationOptions

union ConfirmTotpTwoFactorMethodResult = ConfirmTotpTwoFactorMethodPayload | InvalidTotpConfig | InvalidCredentials

union ConfirmWebAuthnCredentialResult = ConfirmWebAuthnCredentialPayload | InvalidCredentials

union CreateAppResult = CreateAppPayload | SlugAlreadyExists

union CreateExamCenterResult = CreateExamCenterPayload | NameAlreadyExists

union CreateInstituteResult = CreateInstitutePayload | SlugAlreadyExists | CannotRemoveAutoAccessibleModule

union CreateMemberBoardResult = CreateMemberBoardPayload | NameAlreadyExists

union CreateRoleResult = CreateRolePayload | NameAlreadyExists

union DeleteExamCenterResult = DeleteExamCenterPayload

union DeleteIdentityResult = DeleteIdentityPayload

union DeleteMemberBoardResult = DeleteMemberBoardPayload

union DeleteRoleResult = DeleteRolePayload

union DeleteTwoFactorMethodResult = DeleteTwoFactorMethodResultPayload

union DeleteUserInvitationResult = DeleteUserInvitationPayload

union DeleteWebauthnCredentialResult = DeleteWebauthnCredentialResultPayload

union DisableWebauthnResult = DeleteWebauthnCredentialResultPayload

union FetchAppPermissionsResult = FetchAppPermissionsPayload

union FileUploadUrlResult = FileUploadUrlPayload | InvalidBucket

union RemoveUserFromInstituteResult = RemoveUserFromInstitutePayload | CannotRemoveRootUserFromInstitute

union RotateApiTokenResult = RotateApiTokenPayload

union SetPreferredTwoFactorMethodResult = SetPreferredTwoFactorMethodPayload | TwoFactorMethodNotEnabled

union SetUserExamCentersResult = SetUserExamCentersPayload | UserNotFoundInInstitute | CannotModifyAdminUser | ExamCenterNotFoundInInstitute

union SetUserMemberBoardsResult = SetUserMemberBoardsPayload | UserNotFoundInInstitute | CannotModifyAdminUser | MemberBoardNotFoundInInstitute

union SetUserModulesResult = SetUserModulesPayload | UserNotFoundInInstitute | CannotModifyAdminUser | ModuleNotFoundInInstitute | CannotRemoveAutoAccessibleModule

union SetUserNotificationsResult = SetUserNotificationsPayload | UserNotFoundInInstitute

union SetUserPermissionsResult = SetUserPermissionsPayload | UserNotFoundInInstitute | CannotModifyAdminUser

union SetUserRolesResult = SetUserRolesPayload | UserNotFoundInInstitute | CannotModifyAdminUser | RoleNotFoundInInstitute

union UpdateAppResult = UpdateAppPayload

union UpdateExamCenterResult = UpdateExamCenterPayload | NameAlreadyExists

union UpdateInstituteResult = UpdateInstitutePayload | CannotRemoveAutoAccessibleModule

union UpdateMemberBoardResult = UpdateMemberBoardPayload | NameAlreadyExists

union UpdatePasswordResult = UpdatePasswordPayload | PasswordsDoNotMatch | InvalidOldPassword

union UpdateProfileResult = UpdateProfilePayload

union UpdateRoleResult = UpdateRolePayload | NameAlreadyExists

union ValidateFileResult = ValidateFilePayload | UnableToAnalyzeFile | UnknownFileType | InvalidFileUrl

"""
AddTotpTwoFactorMethodInput
"""

input AddTotpTwoFactorMethodInput {

forceRecreate: Boolean! = false

}

"""
AttestationResponseInput
"""

input AttestationResponseInput {

clientDataJSON: String!
attestationObject: String!
authenticatorData: String = null
transports: [String] = null
publicKey: String = null
publicKeyAlgorithm: Int = null

}

"""
ClientExtensionResultsInput
"""

input ClientExtensionResultsInput {

appid: Boolean = null
credProps: CredentialPropertiesOutputInput = null
hmacCreateSecret: Boolean = null

}

"""
SetTwoFactorInput
"""

input ConfirmTotpTwoFactorMethodInput {

otp: String!

}

"""
ConfirmWebAuthnCredentialInput
"""

input ConfirmWebAuthnCredentialInput {

id: String!
name: String! @stringConstraint(minLength: 1, maxLength: 30)
authenticatorAttachment: String = null
type: String!
rawId: String!
response: AttestationResponseInput!

}

"""
Input pro přidání ApiToken
"""

input CreateApiTokenInput {

name: String! @stringConstraint(minLength: 1, maxLength: 200)
instituteId: ID! @resource(type: INSTITUTE) @authResource(module: DEFAULT, permission: CREATE_API_TOKEN)
examCenterIds: [ID!] @listConstraint(unique: true) @resource(type: EXAM_CENTER)
memberBoardIds: [ID!] @listConstraint(unique: true) @resource(type: MEMBER_BOARD)
permissionIds: [ID!] @optional @listConstraint(unique: true) @resource(type: PERMISSION)
roleIds: [ID!] @optional @listConstraint(unique: true) @resource(type: ROLE)
moduleIds: [ID!] @optional @listConstraint(unique: true) @resource(type: MODULE)

}

"""
Input pro přidání aplikace
"""

input CreateAppInput {

name: String! @stringConstraint(minLength: 1, maxLength: 30)
slug: String! @stringConstraint(minLength: 1, maxLength: 30)
bridgeUrl: String! @stringConstraint(minLength: 1, maxLength: 200)

}

"""
Input pro pridani exam center
"""

input CreateExamCenterInput {

name: String! @stringConstraint(minLength: 1, maxLength: 30)
memberBoardId: ID! @resource(type: MEMBER_BOARD) @authResource(module: DEFAULT, permission: CREATE_EXAM_CENTER)
contactEmail: EmailAddress = null

}

"""
Input pro přidání institutu
"""

input CreateInstituteInput {

name: String! @stringConstraint(minLength: 1, maxLength: 30)
slug: String! @stringConstraint(minLength: 1, maxLength: 30)
moduleIds: [ID!]! @listConstraint(unique: true) @resource(type: MODULE)
rootUserEmail: EmailAddress!
logoFileId: ID = null @resource(type: FILE)

}

"""
Input pro pridani role s institutem
"""

input CreateInstituteRoleInput {

name: String! @stringConstraint(minLength: 1, maxLength: 30)
permissions: [ID!] @listConstraint(unique: true) @resource(type: PERMISSION)
instituteId: ID! @resource(type: INSTITUTE) @authResource(module: DEFAULT, permission: CREATE_ROLE)

}

"""
Input pro pridani member boardu
"""

input CreateMemberBoardInput {

name: String! @stringConstraint(minLength: 1, maxLength: 30)
instituteId: ID! @resource(type: INSTITUTE) @authResource(module: DEFAULT, permission: CREATE_MEMBER_BOARD)
contactEmail: EmailAddress = null
logoFileId: ID = null @resource(type: FILE)

}

"""
Input pro pridani role bez institutu
"""

input CreateRoleInput {

permissions: [ID!] @listConstraint(unique: true) @resource(type: PERMISSION)

}

"""
CredentialPropertiesOutputInput
"""

input CredentialPropertiesOutputInput {

rk: Boolean = null

}

"""
Filter exam center
"""

input ExamCenterFilter {

name: String @optional
instituteId: ID @optional @resource(type: INSTITUTE)
memberBoardId: ID @optional @resource(type: MEMBER_BOARD)

}

"""
File generate url input
"""

input FileUploadUrlInput {

bucket: Bucket!

}

"""
Filter identity
"""

input IdentityFilter {

instituteId: ID @resource(type: INSTITUTE) @optional

}

"""
Input pro přidání User
"""

input InviteUserInput {

email: EmailAddress!
instituteId: ID! @resource(type: INSTITUTE) @authResource(module: DEFAULT, permission: INVITE_USER)
examCenterIds: [ID!] @listConstraint(unique: true) @resource(type: EXAM_CENTER)
memberBoardIds: [ID!] @listConstraint(unique: true) @resource(type: MEMBER_BOARD)
permissionIds: [ID!] @optional @listConstraint(unique: true) @resource(type: PERMISSION)
roleIds: [ID!] @optional @listConstraint(unique: true) @resource(type: ROLE)
moduleIds: [ID!] @optional @listConstraint(unique: true) @resource(type: MODULE)

}

input ListConstraintInput {

minItems: Int = null @intConstraint(min: 0)
maxItems: Int = null @intConstraint(min: 0)
unique: Boolean! = false
innerList: ListConstraintInput = null

}

"""
Filter meber boardu
"""

input MemberBoardFilter {

instituteId: ID @resource(type: INSTITUTE) @optional

}

input ObjectConstraintInput {

from: [String!]! @listConstraint(minItems: 1)

}

"""
Input pro smazani usera z institutu
"""

input RemoveUserFromInstituteInput {

userId: ID! @resource(type: USER)

instituteId: ID! @resource(type: INSTITUTE) @authResource(module: DEFAULT, permission: REMOVE_USER_FROM_INSTITUTE)

}

"""
Filter na role
"""

input RoleFilter {

instituteId: ID @resource(type: INSTITUTE)

}

"""
Input pro rotaci API tokenu
"""

input RotateApiTokenInput {

tokenId: ID! @resource(type: API_TOKEN)

instituteId: ID! @resource(type: INSTITUTE) @authResource(module: DEFAULT, permission: ROTATE_API_TOKEN)

}

"""
SetPreferredTwoFactorMethodInput
"""

input SetPreferredTwoFactorMethodInput {

preferredTwoFactorMethod: TwoFactorMethod!

}

"""
Input pro pridani usera do exam center
"""

input SetUserExamCentersInput {

userId: ID! @resource(type: USER)
instituteId: ID! @resource(type: INSTITUTE) @authResource(module: DEFAULT, permission: SET_DATA_SCOPE)
examCenterIds: [ID!] @listConstraint(unique: true) @resource(type: EXAM_CENTER)

}

"""
Input pro pridani usera do member boardu
"""

input SetUserMemberBoardsInput {

userId: ID! @resource(type: USER)
instituteId: ID! @resource(type: INSTITUTE) @authResource(module: DEFAULT, permission: SET_DATA_SCOPE)
memberBoardIds: [ID!] @listConstraint(unique: true) @resource(type: MEMBER_BOARD)

}

"""
Input pro pridani usera do app
"""

input SetUserModulesInput {

userId: ID! @resource(type: USER)
instituteId: ID! @resource(type: INSTITUTE) @authResource(module: DEFAULT, permission: SET_ROLES_AND_PERMISSIONS)
moduleIds: [ID!]! @listConstraint(unique: true) @resource(type: MODULE)

}

"""
Input pro pridani usera do exam center
"""

input SetUserNotificationsInput {

instituteId: ID! @resource(type: INSTITUTE)

notificationIds: [ID!]! @listConstraint(unique: true) @resource(type: NOTIFICATION)

}

"""
Input pro pridani usera do exam center
"""

input SetUserPermissionsInput {

userId: ID! @resource(type: USER)
instituteId: ID! @resource(type: INSTITUTE) @authResource(module: DEFAULT, permission: SET_ROLES_AND_PERMISSIONS)
permissionIds: [ID!]! @listConstraint(unique: true) @resource(type: PERMISSION)

}

"""
Input pro pridani usera do exam center
"""

input SetUserRolesInput {

userId: ID! @resource(type: USER)
instituteId: ID! @resource(type: INSTITUTE) @authResource(module: DEFAULT, permission: SET_ROLES_AND_PERMISSIONS)
roleIds: [ID!]! @listConstraint(unique: true) @resource(type: ROLE)

}

"""
Input pro update aplikace
"""

input UpdateAppInput {

bridgeUrl: String! @stringConstraint(minLength: 1, maxLength: 200)

}

"""
Input pro update exam center
"""

input UpdateExamCenterInput {

contactEmail: EmailAddress

}

"""
Input pro update institutu
"""

input UpdateInstituteInput {

name: String @optional @stringConstraint(minLength: 1, maxLength: 30)
moduleIds: [ID!] @optional @listConstraint(unique: true) @resource(type: MODULE)
logoFileId: ID @resource(type: FILE)

}

"""
Input pro update member boardu
"""

input UpdateMemberBoardInput {

name: String! @stringConstraint(minLength: 1, maxLength: 30)
contactEmail: EmailAddress
logoFileId: ID @resource(type: FILE)

}

"""
Inpot pro update hesla
"""

input UpdatePasswordInput {

oldPassword: String!
newPassword: String! @stringConstraint(minLength: 8, regex: "/^(?=.*?[A-Z])(?=.*?[a-z])(?=.*?[0-9])(?=.*?[#?!@$%^&*_\\-\\.]).{0,}$/")
newPasswordConfirmation: String! @stringConstraint(minLength: 8, regex: "/^(?=.*?[A-Z])(?=.*?[a-z])(?=.*?[0-9])(?=.*?[#?!@$%^&*_\\-\\.]).{0,}$/")

}

"""
Input pro update usera
"""

input UpdateProfileInput {

firstName: String @optional @stringConstraint(minLength: 1, maxLength: 200)
lastName: String @optional @stringConstraint(minLength: 1, maxLength: 200)
language: Language @optional

}

"""
Input pro update role
"""

input UpdateRoleInput {

permissions: [ID!] @listConstraint(unique: true) @resource(type: PERMISSION)

}

"""
Input pro update Usera
"""

input UpdateUserInput {

userId: ID! @resource(type: USER)
instituteId: ID! @resource(type: INSTITUTE) @authResource(module: DEFAULT, permission: UPDATE_USER)
examCenterIds: [ID!] @listConstraint(unique: true) @resource(type: EXAM_CENTER)
memberBoardIds: [ID!] @listConstraint(unique: true) @resource(type: MEMBER_BOARD)
permissionIds: [ID!] @optional @listConstraint(unique: true) @resource(type: PERMISSION)
roleIds: [ID!] @optional @listConstraint(unique: true) @resource(type: ROLE)
moduleIds: [ID!] @optional @listConstraint(unique: true) @resource(type: MODULE)

}

"""
Filter user invitation
"""

input UserInvitationFilter {

instituteId: ID @optional @resource(type: INSTITUTE)

email: String @optional

}

"""
File upload validation input
"""

input ValidateFileInput {

fileUrl: Url!

}

"""
DateTimeMs type - string which contains valid date in ISO8601 format.
"""

scalar DateTimeMs @specifiedBy(url: "https://datatracker.ietf.org/doc/html/rfc3339#section-5.6")

"""
EmailAddress type - string which contains valid email address.
"""

scalar EmailAddress @specifiedBy(url: "https://datatracker.ietf.org/doc/html/rfc5322#section-3.4.1")

"""
Json type - string which contains valid JSON.
"""

scalar Json @specifiedBy(url: "https://datatracker.ietf.org/doc/html/rfc7159")

"""
Url type - string which contains valid URL (Uniform Resource Locator).
"""

scalar Url @specifiedBy(url: "https://datatracker.ietf.org/doc/html/rfc3986")

"""
Řazení api token
"""

enum ApiTokenSort {

DEFAULT

}

"""
Řazení uživatele
"""

enum AppModuleSort {

DEFAULT

}

"""
Řazení uživatele
"""

enum AppSort {

DEFAULT

}

"""
Aws buckets supported by this application
"""

enum Bucket {

default

}

"""
Razeni exam center
"""

enum ExamCenterSort {

DEFAULT

}

"""
Type of file
"""

enum FileType {

IMAGE
AUDIO
VIDEO
PDF
URL
DOCUMENT

}

"""
Řazení identity
"""

enum IdentitySort {

DEFAULT

}

"""
Řazení uživatele
"""

enum InstituteSort {

DEFAULT

}

"""
Supported languages
"""

enum Language {

AA
AB
AE
AF
AK
AM
AN
AR
AS
AV
AY
AZ
BA
BE
BG
BH
BI
BM
BN
BO
BR
BS
CA
CE
CH
CO
CR
CS
CU
CV
CY
DA
DE
DV
DZ
EE
EL
EN
EO
ES
ET
EU
FA
FF
FI
FJ
FO
FR
FY
GA
GD
GL
GN
GU
GV
HA
HE
HI
HO
HR
HT
HU
HY
HZ
IA
ID
IE
IG
II
IK
IO
IS
IT
IU
JA
JV
KA
KG
KI
KJ
KK
KL
KM
KN
KO
KR
KS
KU
KV
KW
KY
LA
LB
LG
LI
LN
LO
LT
LU
LV
MG
MH
MI
MK
ML
MN
MR
MS
MT
MY
NA
NB
ND
NE
NG
NL
NN
NO
NR
NV
NY
OC
OJ
OM
OR
OS
PA
PI
PL
PS
PT
QU
RM
RN
RO
RU
RW
SA
SC
SD
SE
SG
SI
SK
SL
SM
SN
SO
SQ
SR
SS
ST
SU
SV
SW
TA
TE
TG
TH
TI
TK
TL
TN
TO
TR
TS
TT
TW
TY
UG
UK
UR
UZ
VE
VI
VO
WA
WO
XH
YI
YO
ZA
ZH
ZU

}

"""
Razeni member boardu
"""

enum MemberBoardSort {

DEFAULT

}

"""
Modules supported by this application
"""

enum Module {

DEFAULT

}

"""
Permissions supported by this application
"""

enum Permission {

INVITE_USER
DELETE_USER_INVITATION
REMOVE_USER_FROM_INSTITUTE
SET_ROLES_AND_PERMISSIONS
UPDATE_USER
SET_DATA_SCOPE
CREATE_API_TOKEN
ROTATE_API_TOKEN
CREATE_MEMBER_BOARD
UPDATE_MEMBER_BOARD
DELETE_MEMBER_BOARD
CREATE_EXAM_CENTER
UPDATE_EXAM_CENTER
DELETE_EXAM_CENTER
CREATE_ROLE
UPDATE_ROLE
DELETE_ROLE

}

"""
Typ entity
"""

enum ResourceType {

APP
MODULE
PERMISSION
NOTIFICATION
ROLE
INSTITUTE
USER
API_TOKEN
IDENTITY
USER_INVITATION
MEMBER_BOARD
EXAM_CENTER
ENABLED_TWO_FACTOR_METHOD
FILE

}

"""
Razeni roli
"""

enum RoleSort {

DEFAULT

}

"""
Sorting direction
"""

enum SortDirection {

ASC

DESC

}

"""
Methods of 2FA
"""

enum TwoFactorMethod {

TOTP

}

"""
Razeni user invitation
"""

enum UserInvitationSort {

DEFAULT

}

"""
Řazení uživatele
"""

enum UserSort {

DEFAULT

}

"""
Only system admin can perform this action.
"""

directive @admin on FIELD_DEFINITION

"""
Only user with given permission can perform this action.
"""

directive @auth(

module: Module!

permission: Permission

) on FIELD_DEFINITION

"""
Only user with given permission can perform this action.
"""

directive @authResource(

module: Module!

permission: Permission

) repeatable on ARGUMENT_DEFINITION | INPUT_FIELD_DEFINITION

"""
Graphpinator floatConstraint directive.
"""

directive @floatConstraint(

min: Float
max: Float
oneOf: [Float!] @listConstraint(minItems: 1)

) on FIELD_DEFINITION | ARGUMENT_DEFINITION | INPUT_FIELD_DEFINITION | VARIABLE_DEFINITION

"""
Graphpinator intConstraint directive.
"""

directive @intConstraint(

min: Int
max: Int
oneOf: [Int!] @listConstraint(minItems: 1)

) on FIELD_DEFINITION | ARGUMENT_DEFINITION | INPUT_FIELD_DEFINITION | VARIABLE_DEFINITION

"""
Graphpinator listConstraint directive.
"""

directive @listConstraint(

minItems: Int = null @intConstraint(min: 0)
maxItems: Int = null @intConstraint(min: 0)
unique: Boolean! = false
innerList: ListConstraintInput = null

) on FIELD_DEFINITION | ARGUMENT_DEFINITION | INPUT_FIELD_DEFINITION | VARIABLE_DEFINITION

"""
Only logged in user can perform this action.
"""

directive @loggedIn on FIELD_DEFINITION

"""
Graphpinator objectConstraint directive.
"""

directive @objectConstraint(

atLeastOne: [String!] @listConstraint(minItems: 1)
atMostOne: [String!] @listConstraint(minItems: 1)
exactlyOne: [String!] @listConstraint(minItems: 1)
atLeast: ObjectConstraintInput
atMost: ObjectConstraintInput
exactly: ObjectConstraintInput

) repeatable on OBJECT | INTERFACE | INPUT_OBJECT

"""
Input value for this argument can be either omitted or have non-null value.
"""

directive @optional on ARGUMENT_DEFINITION | INPUT_FIELD_DEFINITION

directive @resource(

type: ResourceType!

) on ARGUMENT_DEFINITION | INPUT_FIELD_DEFINITION

"""
Only root user can perform this action.
"""

directive @root on FIELD_DEFINITION

"""
Graphpinator stringConstraint directive.
"""

directive @stringConstraint(

minLength: Int @intConstraint(min: 0)
maxLength: Int @intConstraint(min: 0)
regex: String
oneOf: [String!] @listConstraint(minItems: 1)

) on FIELD_DEFINITION | ARGUMENT_DEFINITION | INPUT_FIELD_DEFINITION | VARIABLE_DEFINITION