@accounter/server
Version:
Accounter GraphQL server
40 lines (39 loc) • 2.08 kB
TypeScript
import { AdminContextProvider } from '../../admin-context/providers/admin-context.provider.js';
import type { AdminContext } from '../../admin-context/types.js';
import { AuthContextProvider } from './auth-context.provider.js';
/**
* Single, reusable entry point for request-level business scope decisions.
*
* Resolvers and providers should use this rather than re-implementing scope
* narrowing or reaching into the admin context per module:
* - reads default to all accessible businesses, narrowed by request args;
* - writes require an explicit, membership-validated single target;
* - per-business preferences are resolved within the authorized read scope.
*/
export declare class ScopeProvider {
private authContextProvider;
private adminContextProvider;
constructor(authContextProvider: AuthContextProvider, adminContextProvider: AdminContextProvider);
private requireAuthContext;
/**
* The effective read scope: the request's authorized scope
* (header ∩ memberships, resolved by the auth context) narrowed by the
* optionally-provided args business ids. Defaults to all accessible
* businesses. Throws when args request a business outside the authorized
* scope (callers must reject, never broaden).
*/
getReadScope(argsBusinessIds?: string[]): Promise<string[]>;
/**
* Validate and return the single write-target business. Writes always take an
* explicit business id (never inferred from the read scope); the target must
* be one of the user's memberships.
*/
resolveWriteTarget(requestedBusinessId: string | null | undefined): Promise<string>;
/**
* Resolve a single business preference (e.g. `defaultLocalCurrency`) for a
* specific business within the authorized read scope. Replaces per-field
* reads of the request's single admin context, so multi-business reads can
* resolve preferences from each row's owning business.
*/
getBusinessPreference<K extends keyof AdminContext>(businessId: string, key: K): Promise<AdminContext[K] | null>;
}