UNPKG

@casl/ability

Version:

CASL is an isomorphic authorization JavaScript library which restricts what resources a given user is allowed to access

casl.js.org

stalniy/casl

3 lines (2 loc) 2.45 kB
1
2
3
"use strict";var t=require("@ucast/mongo2js");function n(t){return Array.isArray(t)?t:[t]}const r=new Set(["__proto__","constructor","prototype"]);function e(t,n,e){let o=t;let s=n;if(n.indexOf(".")!==-1){const e=n.split(".");s=e.pop();o=e.reduce((t,n)=>{if(r.has(n))return t;t[n]=t[n]||{};return t[n]},t)}if(!r.has(s))o[s]=e}const o=t=>Array.isArray(t)?t.join(","):t;function s(t,r){return t.map(t=>{const e=[o(t.action||t.actions),typeof r==="function"?n(t.subject).map(r).join(","):o(t.subject),t.conditions||0,t.inverted?1:0,t.fields?o(t.fields):0,t.reason||""];while(e.length>0&&!e[e.length-1])e.pop();return e})}function i(t,n){return t.map(([t,r,e,o,s,i])=>{const u=r.split(",");const c={inverted:!!o,action:t.split(","),subject:typeof n==="function"?u.map(n):u};if(e)c.conditions=e;if(s)c.fields=s.split(",");if(i)c.reason=i;return c})}function u(t,n,r,e){const o=t.detectSubjectType(r);const s=t.possibleRulesFor(n,o);const i=new Set;const u=i.delete.bind(i);const c=i.add.bind(i);let f=s.length;while(f--){const t=s[f];if(t.matchesConditions(r)){const n=t.inverted?u:c;e.fieldsFrom(t).forEach(n)}}return Array.from(i)}class c{constructor(t,n,r){this.t=t;this.o=n;this.i=r}ofType(t){return u(this.t,this.o,t,{fieldsFrom:this.u(t)})}of(t){return u(this.t,this.o,t,{fieldsFrom:this.u(this.t.detectSubjectType(t))})}u(t){return n=>n.fields||this.i(t)}}function f(t,n,r){return t.rulesFor(n,r).reduce((t,n)=>{if(n.inverted||!n.conditions)return t;return Object.keys(n.conditions).reduce((t,r)=>{const o=n.conditions[r];if(!o||o.constructor!==Object)e(t,r,o);return t},t)},{})}function l(t,n,r,e){const o=[];const s=[];const i=t.rulesFor(n,r);for(let t=0;t<i.length;t++){const n=i[t];const r=n.inverted?o:s;if(!n.conditions)if(n.inverted)break;else return o.length?{$and:o}:{};else r.push(e(n))}if(!s.length)return null;return o.length?{$or:s,$and:o}:{$or:s}}function h(n){if(!n.ast)throw new Error(`Ability rule "${JSON.stringify(n)}" does not have "ast" property. So, cannot be used to generate AST`);return n.inverted?new t.CompoundCondition("not",[n.ast]):n.ast}function p(n,r,e){const o=l(n,r,e,h);if(o===null)return null;if(!o.$and)return o.$or?t.buildOr(o.$or):t.buildAnd([]);if(o.$or)o.$and.push(t.buildOr(o.$or));return t.buildAnd(o.$and)}exports.AccessibleFields=c;exports.packRules=s;exports.permittedFieldsOf=u;exports.rulesToAST=p;exports.rulesToFields=f;exports.rulesToQuery=l;exports.unpackRules=i; //# sourceMappingURL=index.js.map