UNPKG

@casl/ability

Version:

CASL is an isomorphic authorization JavaScript library which restricts what resources a given user is allowed to access

casl.js.org

stalniy/casl

3 lines (2 loc) 11.4 kB
1
2
3
import{createFactory as t,$exists as r,$elemMatch as i,$options as n,$regex as e,$size as u,$all as o,$nin as f,$in as a,$gte as s,$gt as c,$lte as h,$lt as v,$ne as l,$eq as d,and as y,exists as b,elemMatch as p,regex as w,size as g,all as A,nin as j,within as m,gte as E,gt as M,lte as $,lt as x,ne as O,eq as F}from"@ucast/mongo2js";function _(t,r){for(var i=0;i<r.length;i++){var n=r[i];n.enumerable=n.enumerable||false,n.configurable=true,"value"in n&&(n.writable=true),Object.defineProperty(t,B(n.key),n)}}function C(t,r,i){return r&&_(t.prototype,r),Object.defineProperty(t,"prototype",{writable:false}),t}function P(){return P=Object.assign?Object.assign.bind():function(t){for(var r=1;r<arguments.length;r++){var i=arguments[r];for(var n in i)({}).hasOwnProperty.call(i,n)&&(t[n]=i[n])}return t},P.apply(null,arguments)}function S(t,r){t.prototype=Object.create(r.prototype),t.prototype.constructor=t,T(t,r)}function T(t,r){return T=Object.setPrototypeOf?Object.setPrototypeOf.bind():function(t,r){return t.__proto__=r,t},T(t,r)}function k(t,r){if("object"!=typeof t||!t)return t;var i=t[Symbol.toPrimitive];if(void 0!==i){var n=i.call(t,r);if("object"!=typeof n)return n;throw new TypeError("@@toPrimitive must return a primitive value.")}return String(t)}function B(t){var r=k(t,"string");return"symbol"==typeof r?r:r+""}var R=Object.hasOwn||function(t,r){return Object.prototype.hasOwnProperty.call(t,r)};function q(t){return Array.isArray(t)?t:[t]}var z="__caslSubjectType__";function Y(t,r){if(r)if(!R(r,z))Object.defineProperty(r,z,{value:t});else if(t!==r[z])throw new Error("Trying to cast object to subject type "+t+" but previously it was casted to "+r[z]);return r}var D=function t(r){var i=typeof r;return i==="string"||i==="function"};var L=function t(r){return r.modelName||r.name};function G(t){return typeof t==="string"?t:L(t)}function H(t){if(R(t,z))return t[z];return L(t.constructor)}var I={function:function t(r){return r.constructor},string:H};function J(t,r,i){var n=q(r);var e=0;while(e<n.length){var u=n[e++];if(R(t,u))n=i(n,t[u])}return n}function K(t,r){if(typeof r==="string"&&t.indexOf(r)!==-1)return r;for(var i=0;i<r.length;i++)if(t.indexOf(r[i])!==-1)return r[i];return null}var N=function t(r,i){return r.concat(i)};function Q(t,r){if(r in t)throw new Error('Cannot use "'+r+"\" as an alias because it's reserved action.");var i=Object.keys(t);var n=function t(i,n){var e=K(i,n);if(e)throw new Error("Detected cycle "+e+" -> "+i.join(", "));var u=typeof n==="string"&&n===r||i.indexOf(r)!==-1||Array.isArray(n)&&n.indexOf(r)!==-1;if(u)throw new Error('Cannot make an alias to "'+r+'" because this is reserved action');return i.concat(n)};for(var e=0;e<i.length;e++)J(t,i[e],n)}function U(t,r){if(!r||r.skipValidate!==false)Q(t,r&&r.anyAction||"manage");return function(r){return J(t,r,N)}}function V(t,r,i){for(var n=i;n<r.length;n++)t.push(r[n])}function W(t,r){if(!t||!t.length)return r||[];if(!r||!r.length)return t||[];var i=0;var n=0;var e=[];while(i<t.length&&n<r.length)if(t[i].priority<r[n].priority){e.push(t[i]);i++}else{e.push(r[n]);n++}V(e,t,i);V(e,r,n);return e}function X(t,r,i){var n=t.get(r);if(!n){n=i();t.set(r,n)}return n}var Z=function t(r){return r};function tt(t,r){if(Array.isArray(t.fields)&&!t.fields.length)throw new Error("`rawRule.fields` cannot be an empty array. https://bit.ly/390miLa");if(t.fields&&!r.fieldMatcher)throw new Error('You need to pass "fieldMatcher" option in order to restrict access by fields');if(t.conditions&&!r.conditionsMatcher)throw new Error('You need to pass "conditionsMatcher" option in order to restrict access by conditions')}var rt=function(){function t(t,r,i){if(i===void 0)i=0;tt(t,r);this.action=r.resolveAction(t.action);this.subject=t.subject;this.inverted=!!t.inverted;this.conditions=t.conditions;this.reason=t.reason;this.origin=t;this.fields=t.fields?q(t.fields):void 0;this.priority=i;this.t=r}var r=t.prototype;r.i=function t(){if(this.conditions&&!this.u)this.u=this.t.conditionsMatcher(this.conditions);return this.u};r.matchesConditions=function t(r){if(!this.conditions)return true;if(!r||D(r))return!this.inverted;var i=this.i();return i(r)};r.matchesField=function t(r){if(!this.fields)return true;if(!r)return!this.inverted;if(!this.o)this.o=this.t.fieldMatcher(this.fields);return this.o(r)};return C(t,[{key:"ast",get:function t(){var r=this.i();return r?r.ast:void 0}}])}();function it(t,r){var i={value:t,prev:r,next:null};if(r)r.next=i;return i}function nt(t){if(t.next)t.next.prev=t.prev;if(t.prev)t.prev.next=t.next;t.next=t.prev=null}var et=function t(r){return{value:r.value,prev:r.prev,next:r.next}};var ut=function t(){return{rules:[],merged:false}};var ot=function t(){return new Map};var ft=function(){function t(t,r){if(t===void 0)t=[];if(r===void 0)r={};this.h=false;this.v=new Map;this.l={conditionsMatcher:r.conditionsMatcher,fieldMatcher:r.fieldMatcher,resolveAction:r.resolveAction||Z};this.p=r.anyAction||"manage";this.A=r.anySubjectType||"all";this.j=t;this.m=!!r.detectSubjectType;this.M=r.detectSubjectType||H;this.$(t)}var r=t.prototype;r.detectSubjectType=function t(r){if(D(r))return r;if(!r)return this.A;return this.M(r)};r.update=function t(r){var i={rules:r,ability:this,target:this};this.O("update",i);this.j=r;this.$(r);this.O("updated",i);return this};r.$=function t(r){var i=new Map;var n;for(var e=r.length-1;e>=0;e--){var u=r.length-e-1;var o=new rt(r[e],this.l,u);var f=q(o.action);var a=q(o.subject||this.A);if(!this.h&&o.fields)this.h=true;for(var s=0;s<a.length;s++){var c=X(i,a[s],ot);if(n===void 0)n=typeof a[s];if(typeof a[s]!==n&&n!=="mixed")n="mixed";for(var h=0;h<f.length;h++)X(c,f[h],ut).rules.push(o)}}this.v=i;if(n!=="mixed"&&!this.m){var v=I[n]||I.string;this.M=v}};r.possibleRulesFor=function t(r,i){if(i===void 0)i=this.A;if(!D(i))throw new Error('"possibleRulesFor" accepts only subject types (i.e., string or class) as the 2nd parameter');var n=X(this.v,i,ot);var e=X(n,r,ut);if(e.merged)return e.rules;var u=r!==this.p&&n.has(this.p)?n.get(this.p).rules:void 0;var o=W(e.rules,u);if(i!==this.A)o=W(o,this.possibleRulesFor(r,this.A));e.rules=o;e.merged=true;return o};r.rulesFor=function t(r,i,n){var e=this.possibleRulesFor(r,i);if(n&&typeof n!=="string")throw new Error("The 3rd, `field` parameter is expected to be a string. See https://stalniy.github.io/casl/en/api/casl-ability#can-of-pure-ability for details");if(!this.h)return e;return e.filter(function(t){return t.matchesField(n)})};r.actionsFor=function t(r){if(!D(r))throw new Error('"actionsFor" accepts only subject types (i.e., string or class) as a parameter');var i=new Set;var n=this.v.get(r);if(n)Array.from(n.keys()).forEach(function(t){return i.add(t)});var e=r!==this.A?this.v.get(this.A):void 0;if(e)Array.from(e.keys()).forEach(function(t){return i.add(t)});return Array.from(i)};r.on=function t(r,i){this.F=this.F||new Map;var n=this.F;var e=n.get(r)||null;var u=it(i,e);n.set(r,u);return function(){var t=n.get(r);if(!u.next&&!u.prev&&t===u)n.delete(r);else if(u===t)n.set(r,u.prev);nt(u)}};r.O=function t(r,i){if(!this.F)return;var n=this.F.get(r)||null;while(n!==null){var e=n.prev?et(n.prev):null;n.value(i);n=e}};return C(t,[{key:"rules",get:function t(){return this.j}}])}();var at=function(t){function PureAbility(){return t.apply(this,arguments)||this}S(PureAbility,t);var r=PureAbility.prototype;r.can=function t(r,i,n){var e=this.relevantRuleFor(r,i,n);return!!e&&!e.inverted};r.relevantRuleFor=function t(r,i,n){var e=this.detectSubjectType(i);var u=this.rulesFor(r,e,n);for(var o=0,f=u.length;o<f;o++)if(u[o].matchesConditions(i))return u[o];return null};r.cannot=function t(r,i,n){return!this.can(r,i,n)};return PureAbility}(ft);var st={$eq:d,$ne:l,$lt:v,$lte:h,$gt:c,$gte:s,$in:a,$nin:f,$all:o,$size:u,$regex:e,$options:n,$elemMatch:i,$exists:r};var ct={eq:F,ne:O,lt:x,lte:$,gt:M,gte:E,in:m,nin:j,all:A,size:g,regex:w,elemMatch:p,exists:b,and:y};var ht=function r(i,n,e){return t(P({},st,i),P({},ct,n),e)};var vt=t(st,ct);var lt=/[-/\\^$+?.()|[\]{}]/g;var dt=/\.?\*+\.?/g;var yt=/\*+/;var bt=/\./g;function pt(t,r,i){var n=i[0]==="*"||t[0]==="."&&t[t.length-1]==="."?"+":"*";var e=t.indexOf("**")===-1?"[^.]":".";var u=t.replace(bt,"\\$&").replace(yt,e+n);return r+t.length===i.length?"(?:"+u+")?":u}function wt(t,r,i){if(t==="."&&(i[r-1]==="*"||i[r+1]==="*"))return t;return"\\"+t}function gt(t){var r=t.map(function(t){return t.replace(lt,wt).replace(dt,pt)});var i=r.length>1?"(?:"+r.join("|")+")":r[0];return new RegExp("^"+i+"$")}var At=function t(r){var i;return function(t){if(typeof i==="undefined")i=r.every(function(t){return t.indexOf("*")===-1})?null:gt(r);return i===null?r.indexOf(t)!==-1:i.test(t)}};var jt=function(t){function Ability(r,i){if(r===void 0)r=[];if(i===void 0)i={};return t.call(this,r,P({conditionsMatcher:vt,fieldMatcher:At},i))||this}S(Ability,t);return Ability}(at);function createMongoAbility(t,r){if(t===void 0)t=[];if(r===void 0)r={};return new at(t,P({conditionsMatcher:vt,fieldMatcher:At},r))}function isAbilityClass(t){return t.prototype!==void 0&&typeof t.prototype.possibleRulesFor==="function"}var mt=function(){function t(t){this._=t}var r=t.prototype;r.because=function t(r){this._.reason=r;return this};return t}();var Et=function(){function AbilityBuilder(t){var r=this;this.rules=[];this.C=t;this.can=function(t,i,n,e){return r.P(t,i,n,e,false)};this.cannot=function(t,i,n,e){return r.P(t,i,n,e,true)};this.build=function(t){return isAbilityClass(r.C)?new r.C(r.rules,t):r.C(r.rules,t)}}var t=AbilityBuilder.prototype;t.P=function t(r,i,n,e,u){var o={action:r};if(u)o.inverted=u;if(i){o.subject=i;if(Array.isArray(n)||typeof n==="string")o.fields=n;else if(typeof n!=="undefined")o.conditions=n;if(typeof e!=="undefined")o.conditions=e}this.rules.push(o);return new mt(o)};return AbilityBuilder}();function defineAbility(t,r){var i=new Et(createMongoAbility);var n=t(i.can,i.cannot);if(n&&typeof n.then==="function")return n.then(function(){return i.build(r)});return i.build(r)}var Mt=function t(r){return'Cannot execute "'+r.action+'" on "'+r.subjectType+'"'};var $t=function t(r){this.message=r};$t.prototype=Object.create(Error.prototype);var xt=function(t){function ForbiddenError(r){var i;i=t.call(this,"")||this;i.ability=r;if(typeof Error.captureStackTrace==="function"){i.name="ForbiddenError";Error.captureStackTrace(i,i.constructor)}return i}S(ForbiddenError,t);ForbiddenError.setDefaultMessage=function t(r){this.S=typeof r==="string"?function(){return r}:r};ForbiddenError.from=function t(r){return new this(r)};var r=ForbiddenError.prototype;r.setMessage=function t(r){this.message=r;return this};r.throwUnlessCan=function t(r,i,n){var e=this.unlessCan(r,i,n);if(e)throw e};r.unlessCan=function t(r,i,n){var e=this.ability.relevantRuleFor(r,i,n);if(e&&!e.inverted)return;this.action=r;this.subject=i;this.subjectType=G(this.ability.detectSubjectType(i));this.field=n;var u=e?e.reason:"";this.message=this.message||u||this.constructor.S(this);return this};return ForbiddenError}($t);xt.S=Mt;var Ot=Object.freeze({__proto__:null});export{jt as Ability,Et as AbilityBuilder,xt as ForbiddenError,at as PureAbility,ht as buildMongoQueryMatcher,U as createAliasResolver,createMongoAbility,defineAbility,H as detectSubjectType,At as fieldPatternMatcher,Mt as getDefaultErrorMessage,Ot as hkt,vt as mongoQueryMatcher,Y as subject,q as wrapArray}; //# sourceMappingURL=index.js.map