@casl/ability
Version:
CASL is an isomorphic authorization JavaScript library which restricts what resources a given user is allowed to access
3 lines (2 loc) • 11.4 kB
JavaScript
import{createFactory as t,$eq as r,$ne as i,$lt as n,$lte as e,$gt as o,$gte as u,$in as f,$nin as a,$all as s,$size as c,$regex as h,$options as v,$elemMatch as l,$exists as d,eq as y,ne as b,lt as p,lte as w,gt as g,gte as A,within as j,nin as m,all as E,size as M,regex as $,elemMatch as O,exists as x,and as F}from"@ucast/mongo2js";function _(t,r){for(var i=0;i<r.length;i++){var n=r[i];n.enumerable=n.enumerable||!1,n.configurable=!0,"value"in n&&(n.writable=!0),Object.defineProperty(t,B(n.key),n)}}function C(t,r,i){return r&&_(t.prototype,r),i&&_(t,i),Object.defineProperty(t,"prototype",{writable:!1}),t}function P(){return P=Object.assign?Object.assign.bind():function(t){for(var r=1;r<arguments.length;r++){var i=arguments[r];for(var n in i)({}).hasOwnProperty.call(i,n)&&(t[n]=i[n])}return t},P.apply(null,arguments)}function S(t,r){t.prototype=Object.create(r.prototype),t.prototype.constructor=t,T(t,r)}function T(t,r){return T=Object.setPrototypeOf?Object.setPrototypeOf.bind():function(t,r){return t.__proto__=r,t},T(t,r)}function k(t,r){if("object"!=typeof t||!t)return t;var i=t[Symbol.toPrimitive];if(void 0!==i){var n=i.call(t,r||"default");if("object"!=typeof n)return n;throw new TypeError("@@toPrimitive must return a primitive value.")}return("string"===r?String:Number)(t)}function B(t){var r=k(t,"string");return"symbol"==typeof r?r:r+""}function R(t){return Array.isArray(t)?t:[t]}var q="__caslSubjectType__";function z(t,r){if(r)if(!Object.hasOwn(r,q))Object.defineProperty(r,q,{value:t});else if(t!==r[q])throw new Error("Trying to cast object to subject type "+t+" but previously it was casted to "+r[q]);return r}var Y=function t(r){var i=typeof r;return i==="string"||i==="function"};var D=function t(r){return r.modelName||r.name};function L(t){return typeof t==="string"?t:D(t)}function N(t){if(Object.hasOwn(t,q))return t[q];return D(t.constructor)}var G={function:function t(r){return r.constructor},string:N};function H(t,r,i){var n=R(r);var e=0;while(e<n.length){var o=n[e++];if(Object.hasOwn(t,o))n=i(n,t[o])}return n}function I(t,r){if(typeof r==="string"&&t.indexOf(r)!==-1)return r;for(var i=0;i<r.length;i++)if(t.indexOf(r[i])!==-1)return r[i];return null}var J=function t(r,i){return r.concat(i)};function K(t,r){if(r in t)throw new Error('Cannot use "'+r+"\" as an alias because it's reserved action.");var i=Object.keys(t);var n=function t(i,n){var e=I(i,n);if(e)throw new Error("Detected cycle "+e+" -> "+i.join(", "));var o=typeof n==="string"&&n===r||i.indexOf(r)!==-1||Array.isArray(n)&&n.indexOf(r)!==-1;if(o)throw new Error('Cannot make an alias to "'+r+'" because this is reserved action');return i.concat(n)};for(var e=0;e<i.length;e++)H(t,i[e],n)}function Q(t,r){if(!r||r.skipValidate!==false)K(t,r&&r.anyAction||"manage");return function(r){return H(t,r,J)}}function U(t,r,i){for(var n=i;n<r.length;n++)t.push(r[n])}function V(t,r){if(!t||!t.length)return r||[];if(!r||!r.length)return t||[];var i=0;var n=0;var e=[];while(i<t.length&&n<r.length)if(t[i].priority<r[n].priority){e.push(t[i]);i++}else{e.push(r[n]);n++}U(e,t,i);U(e,r,n);return e}function W(t,r,i){var n=t.get(r);if(!n){n=i();t.set(r,n)}return n}var X=function t(r){return r};function Z(t,r){if(Array.isArray(t.fields)&&!t.fields.length)throw new Error("`rawRule.fields` cannot be an empty array. https://bit.ly/390miLa");if(t.fields&&!r.fieldMatcher)throw new Error('You need to pass "fieldMatcher" option in order to restrict access by fields');if(t.conditions&&!r.conditionsMatcher)throw new Error('You need to pass "conditionsMatcher" option in order to restrict access by conditions')}var tt=function(){function t(t,r,i){if(i===void 0)i=0;Z(t,r);this.action=r.resolveAction(t.action);this.subject=t.subject;this.inverted=!!t.inverted;this.conditions=t.conditions;this.reason=t.reason;this.origin=t;this.fields=t.fields?R(t.fields):void 0;this.priority=i;this.t=r}var r=t.prototype;r.i=function t(){if(this.conditions&&!this.o)this.o=this.t.conditionsMatcher(this.conditions);return this.o};r.matchesConditions=function t(r){if(!this.conditions)return true;if(!r||Y(r))return!this.inverted;var i=this.i();return i(r)};r.matchesField=function t(r){if(!this.fields)return true;if(!r)return!this.inverted;if(!this.u)this.u=this.t.fieldMatcher(this.fields);return this.u(r)};return C(t,[{key:"ast",get:function t(){var r=this.i();return r?r.ast:void 0}}])}();function rt(t,r){var i={value:t,prev:r,next:null};if(r)r.next=i;return i}function it(t){if(t.next)t.next.prev=t.prev;if(t.prev)t.prev.next=t.next;t.next=t.prev=null}var nt=function t(r){return{value:r.value,prev:r.prev,next:r.next}};var et=function t(){return{rules:[],merged:false}};var ot=function t(){return new Map};var ut=function(){function t(t,r){if(t===void 0)t=[];if(r===void 0)r={};this.h=false;this.v=new Map;this.l={conditionsMatcher:r.conditionsMatcher,fieldMatcher:r.fieldMatcher,resolveAction:r.resolveAction||X};this.p=r.anyAction||"manage";this.A=r.anySubjectType||"all";this.j=t;this.m=!!r.detectSubjectType;this.M=r.detectSubjectType||N;this.$(t)}var r=t.prototype;r.detectSubjectType=function t(r){if(Y(r))return r;if(!r)return this.A;return this.M(r)};r.update=function t(r){var i={rules:r,ability:this,target:this};this.O("update",i);this.j=r;this.$(r);this.O("updated",i);return this};r.$=function t(r){var i=new Map;var n;for(var e=r.length-1;e>=0;e--){var o=r.length-e-1;var u=new tt(r[e],this.l,o);var f=R(u.action);var a=R(u.subject||this.A);if(!this.h&&u.fields)this.h=true;for(var s=0;s<a.length;s++){var c=W(i,a[s],ot);if(n===void 0)n=typeof a[s];if(typeof a[s]!==n&&n!=="mixed")n="mixed";for(var h=0;h<f.length;h++)W(c,f[h],et).rules.push(u)}}this.v=i;if(n!=="mixed"&&!this.m){var v=G[n]||G.string;this.M=v}};r.possibleRulesFor=function t(r,i){if(i===void 0)i=this.A;if(!Y(i))throw new Error('"possibleRulesFor" accepts only subject types (i.e., string or class) as the 2nd parameter');var n=W(this.v,i,ot);var e=W(n,r,et);if(e.merged)return e.rules;var o=r!==this.p&&n.has(this.p)?n.get(this.p).rules:void 0;var u=V(e.rules,o);if(i!==this.A)u=V(u,this.possibleRulesFor(r,this.A));e.rules=u;e.merged=true;return u};r.rulesFor=function t(r,i,n){var e=this.possibleRulesFor(r,i);if(n&&typeof n!=="string")throw new Error("The 3rd, `field` parameter is expected to be a string. See https://stalniy.github.io/casl/en/api/casl-ability#can-of-pure-ability for details");if(!this.h)return e;return e.filter((function(t){return t.matchesField(n)}))};r.actionsFor=function t(r){if(!Y(r))throw new Error('"actionsFor" accepts only subject types (i.e., string or class) as a parameter');var i=new Set;var n=this.v.get(r);if(n)Array.from(n.keys()).forEach((function(t){return i.add(t)}));var e=r!==this.A?this.v.get(this.A):void 0;if(e)Array.from(e.keys()).forEach((function(t){return i.add(t)}));return Array.from(i)};r.on=function t(r,i){this.F=this.F||new Map;var n=this.F;var e=n.get(r)||null;var o=rt(i,e);n.set(r,o);return function(){var t=n.get(r);if(!o.next&&!o.prev&&t===o)n.delete(r);else if(o===t)n.set(r,o.prev);it(o)}};r.O=function t(r,i){if(!this.F)return;var n=this.F.get(r)||null;while(n!==null){var e=n.prev?nt(n.prev):null;n.value(i);n=e}};return C(t,[{key:"rules",get:function t(){return this.j}}])}();var ft=function(t){function PureAbility(){return t.apply(this,arguments)||this}S(PureAbility,t);var r=PureAbility.prototype;r.can=function t(r,i,n){var e=this.relevantRuleFor(r,i,n);return!!e&&!e.inverted};r.relevantRuleFor=function t(r,i,n){var e=this.detectSubjectType(i);var o=this.rulesFor(r,e,n);for(var u=0,f=o.length;u<f;u++)if(o[u].matchesConditions(i))return o[u];return null};r.cannot=function t(r,i,n){return!this.can(r,i,n)};return PureAbility}(ut);var at={$eq:r,$ne:i,$lt:n,$lte:e,$gt:o,$gte:u,$in:f,$nin:a,$all:s,$size:c,$regex:h,$options:v,$elemMatch:l,$exists:d};var st={eq:y,ne:b,lt:p,lte:w,gt:g,gte:A,in:j,nin:m,all:E,size:M,regex:$,elemMatch:O,exists:x,and:F};var ct=function r(i,n,e){return t(P({},at,i),P({},st,n),e)};var ht=t(at,st);var vt=/[-/\\^$+?.()|[\]{}]/g;var lt=/\.?\*+\.?/g;var dt=/\*+/;var yt=/\./g;function bt(t,r,i){var n=i[0]==="*"||t[0]==="."&&t[t.length-1]==="."?"+":"*";var e=t.indexOf("**")===-1?"[^.]":".";var o=t.replace(yt,"\\$&").replace(dt,e+n);return r+t.length===i.length?"(?:"+o+")?":o}function pt(t,r,i){if(t==="."&&(i[r-1]==="*"||i[r+1]==="*"))return t;return"\\"+t}function wt(t){var r=t.map((function(t){return t.replace(vt,pt).replace(lt,bt)}));var i=r.length>1?"(?:"+r.join("|")+")":r[0];return new RegExp("^"+i+"$")}var gt=function t(r){var i;return function(t){if(typeof i==="undefined")i=r.every((function(t){return t.indexOf("*")===-1}))?null:wt(r);return i===null?r.indexOf(t)!==-1:i.test(t)}};var At=function(t){function Ability(r,i){if(r===void 0)r=[];if(i===void 0)i={};return t.call(this,r,P({conditionsMatcher:ht,fieldMatcher:gt},i))||this}S(Ability,t);return Ability}(ft);function createMongoAbility(t,r){if(t===void 0)t=[];if(r===void 0)r={};return new ft(t,P({conditionsMatcher:ht,fieldMatcher:gt},r))}function isAbilityClass(t){return t.prototype!==void 0&&typeof t.prototype.possibleRulesFor==="function"}var jt=function(){function t(t){this._=t}var r=t.prototype;r.because=function t(r){this._.reason=r;return this};return t}();var mt=function(){function AbilityBuilder(t){var r=this;this.rules=[];this.C=t;this.can=function(t,i,n,e){return r.P(t,i,n,e,false)};this.cannot=function(t,i,n,e){return r.P(t,i,n,e,true)};this.build=function(t){return isAbilityClass(r.C)?new r.C(r.rules,t):r.C(r.rules,t)}}var t=AbilityBuilder.prototype;t.P=function t(r,i,n,e,o){var u={action:r};if(o)u.inverted=o;if(i){u.subject=i;if(Array.isArray(n)||typeof n==="string")u.fields=n;else if(typeof n!=="undefined")u.conditions=n;if(typeof e!=="undefined")u.conditions=e}this.rules.push(u);return new jt(u)};return AbilityBuilder}();function defineAbility(t,r){var i=new mt(createMongoAbility);var n=t(i.can,i.cannot);if(n&&typeof n.then==="function")return n.then((function(){return i.build(r)}));return i.build(r)}var Et=function t(r){return'Cannot execute "'+r.action+'" on "'+r.subjectType+'"'};var Mt=function t(r){this.message=r};Mt.prototype=Object.create(Error.prototype);var $t=function(t){function ForbiddenError(r){var i;i=t.call(this,"")||this;i.ability=r;if(typeof Error.captureStackTrace==="function"){i.name="ForbiddenError";Error.captureStackTrace(i,i.constructor)}return i}S(ForbiddenError,t);ForbiddenError.setDefaultMessage=function t(r){this.S=typeof r==="string"?function(){return r}:r};ForbiddenError.from=function t(r){return new this(r)};var r=ForbiddenError.prototype;r.setMessage=function t(r){this.message=r;return this};r.throwUnlessCan=function t(r,i,n){var e=this.unlessCan(r,i,n);if(e)throw e};r.unlessCan=function t(r,i,n){var e=this.ability.relevantRuleFor(r,i,n);if(e&&!e.inverted)return;this.action=r;this.subject=i;this.subjectType=L(this.ability.detectSubjectType(i));this.field=n;var o=e?e.reason:"";this.message=this.message||o||this.constructor.S(this);return this};return ForbiddenError}(Mt);$t.S=Et;var Ot=Object.freeze({__proto__:null});export{At as Ability,mt as AbilityBuilder,$t as ForbiddenError,ft as PureAbility,ct as buildMongoQueryMatcher,Q as createAliasResolver,createMongoAbility,defineAbility,N as detectSubjectType,gt as fieldPatternMatcher,Et as getDefaultErrorMessage,Ot as hkt,ht as mongoQueryMatcher,z as subject,R as wrapArray};
//# sourceMappingURL=index.js.map