UNPKG

@accounter/server

Version:
45 lines 1.7 kB
import { __decorate, __metadata, __param } from "tslib"; import { GraphQLError } from 'graphql'; import { Inject, Injectable, Scope } from 'graphql-modules'; import { AuthContextProvider } from './auth-context.provider.js'; let AuthorizationProvider = class AuthorizationProvider { authProvider; constructor(authProvider) { this.authProvider = authProvider; } async requireAuth() { const auth = await this.authProvider.getAuthContext(); if (!auth?.user) { throw new GraphQLError('Authentication required', { extensions: { code: 'UNAUTHENTICATED' }, }); } return auth.user; } async requireRole(allowedRoles) { const user = await this.requireAuth(); if (!allowedRoles.includes(user.roleId)) { throw new GraphQLError(`Access denied. Required roles: ${allowedRoles.join(', ')}`, { extensions: { code: 'FORBIDDEN' }, }); } return user; } async requireBusinessOwner() { return this.requireRole(['business_owner']); } async canWrite() { // Employee is read-only; scraper is excluded unless a domain service explicitly allows it. return this.requireRole(['business_owner', 'accountant']); } async canManageUsers() { return this.requireRole(['business_owner']); } }; AuthorizationProvider = __decorate([ Injectable({ scope: Scope.Operation, global: true }), __param(0, Inject(AuthContextProvider)), __metadata("design:paramtypes", [AuthContextProvider]) ], AuthorizationProvider); export { AuthorizationProvider }; //# sourceMappingURL=authorization.provider.js.map