UNPKG

@casl/ability

Version:

CASL is an isomorphic authorization JavaScript library which restricts what resources a given user is allowed to access

casl.js.org

stalniy/casl

3 lines (2 loc) 11.5 kB
1
2
3
(function(t,r){typeof exports==="object"&&typeof module!=="undefined"?r(exports,require("@ucast/mongo2js")):typeof define==="function"&&define.amd?define(["exports","@ucast/mongo2js"],r):(t=typeof globalThis!=="undefined"?globalThis:t||self,r(t.casl={},t.ucast.mongo2js))})(this,function(t,r){"use strict";function i(t,r){for(var i=0;i<r.length;i++){var n=r[i];n.enumerable=n.enumerable||false,n.configurable=true,"value"in n&&(n.writable=true),Object.defineProperty(t,s(n.key),n)}}function n(t,r,n){return r&&i(t.prototype,r),Object.defineProperty(t,"prototype",{writable:false}),t}function e(){return e=Object.assign?Object.assign.bind():function(t){for(var r=1;r<arguments.length;r++){var i=arguments[r];for(var n in i)({}).hasOwnProperty.call(i,n)&&(t[n]=i[n])}return t},e.apply(null,arguments)}function o(t,r){t.prototype=Object.create(r.prototype),t.prototype.constructor=t,u(t,r)}function u(t,r){return u=Object.setPrototypeOf?Object.setPrototypeOf.bind():function(t,r){return t.__proto__=r,t},u(t,r)}function f(t,r){if("object"!=typeof t||!t)return t;var i=t[Symbol.toPrimitive];if(void 0!==i){var n=i.call(t,r);if("object"!=typeof n)return n;throw new TypeError("@@toPrimitive must return a primitive value.")}return String(t)}function s(t){var r=f(t,"string");return"symbol"==typeof r?r:r+""}var a=Object.hasOwn||function(t,r){return Object.prototype.hasOwnProperty.call(t,r)};function c(t){return Array.isArray(t)?t:[t]}var h="__caslSubjectType__";function v(t,r){if(r)if(!a(r,h))Object.defineProperty(r,h,{value:t});else if(t!==r[h])throw new Error("Trying to cast object to subject type "+t+" but previously it was casted to "+r[h]);return r}var l=function t(r){var i=typeof r;return i==="string"||i==="function"};var d=function t(r){return r.modelName||r.name};function y(t){return typeof t==="string"?t:d(t)}function b(t){if(a(t,h))return t[h];return d(t.constructor)}var p={function:function t(r){return r.constructor},string:b};function w(t,r,i){var n=c(r);var e=0;while(e<n.length){var o=n[e++];if(a(t,o))n=i(n,t[o])}return n}function g(t,r){if(typeof r==="string"&&t.indexOf(r)!==-1)return r;for(var i=0;i<r.length;i++)if(t.indexOf(r[i])!==-1)return r[i];return null}var A=function t(r,i){return r.concat(i)};function j(t,r){if(r in t)throw new Error('Cannot use "'+r+"\" as an alias because it's reserved action.");var i=Object.keys(t);var n=function t(i,n){var e=g(i,n);if(e)throw new Error("Detected cycle "+e+" -> "+i.join(", "));var o=typeof n==="string"&&n===r||i.indexOf(r)!==-1||Array.isArray(n)&&n.indexOf(r)!==-1;if(o)throw new Error('Cannot make an alias to "'+r+'" because this is reserved action');return i.concat(n)};for(var e=0;e<i.length;e++)w(t,i[e],n)}function m(t,r){if(!r||r.skipValidate!==false)j(t,r&&r.anyAction||"manage");return function(r){return w(t,r,A)}}function E(t,r,i){for(var n=i;n<r.length;n++)t.push(r[n])}function M(t,r){if(!t||!t.length)return r||[];if(!r||!r.length)return t||[];var i=0;var n=0;var e=[];while(i<t.length&&n<r.length)if(t[i].priority<r[n].priority){e.push(t[i]);i++}else{e.push(r[n]);n++}E(e,t,i);E(e,r,n);return e}function $(t,r,i){var n=t.get(r);if(!n){n=i();t.set(r,n)}return n}var x=function t(r){return r};function O(t,r){if(Array.isArray(t.fields)&&!t.fields.length)throw new Error("`rawRule.fields` cannot be an empty array. https://bit.ly/390miLa");if(t.fields&&!r.fieldMatcher)throw new Error('You need to pass "fieldMatcher" option in order to restrict access by fields');if(t.conditions&&!r.conditionsMatcher)throw new Error('You need to pass "conditionsMatcher" option in order to restrict access by conditions')}var F=function(){function t(t,r,i){if(i===void 0)i=0;O(t,r);this.action=r.resolveAction(t.action);this.subject=t.subject;this.inverted=!!t.inverted;this.conditions=t.conditions;this.reason=t.reason;this.origin=t;this.fields=t.fields?c(t.fields):void 0;this.priority=i;this.t=r}var r=t.prototype;r.i=function t(){if(this.conditions&&!this.o)this.o=this.t.conditionsMatcher(this.conditions);return this.o};r.matchesConditions=function t(r){if(!this.conditions)return true;if(!r||l(r))return!this.inverted;var i=this.i();return i(r)};r.matchesField=function t(r){if(!this.fields)return true;if(!r)return!this.inverted;if(!this.u)this.u=this.t.fieldMatcher(this.fields);return this.u(r)};return n(t,[{key:"ast",get:function t(){var r=this.i();return r?r.ast:void 0}}])}();function _(t,r){var i={value:t,prev:r,next:null};if(r)r.next=i;return i}function T(t){if(t.next)t.next.prev=t.prev;if(t.prev)t.prev.next=t.next;t.next=t.prev=null}var C=function t(r){return{value:r.value,prev:r.prev,next:r.next}};var P=function t(){return{rules:[],merged:false}};var S=function t(){return new Map};var k=function(){function t(t,r){if(t===void 0)t=[];if(r===void 0)r={};this.h=false;this.v=new Map;this.l={conditionsMatcher:r.conditionsMatcher,fieldMatcher:r.fieldMatcher,resolveAction:r.resolveAction||x};this.p=r.anyAction||"manage";this.A=r.anySubjectType||"all";this.j=t;this.m=!!r.detectSubjectType;this.M=r.detectSubjectType||b;this.$(t)}var r=t.prototype;r.detectSubjectType=function t(r){if(l(r))return r;if(!r)return this.A;return this.M(r)};r.update=function t(r){var i={rules:r,ability:this,target:this};this.O("update",i);this.j=r;this.$(r);this.O("updated",i);return this};r.$=function t(r){var i=new Map;var n;for(var e=r.length-1;e>=0;e--){var o=r.length-e-1;var u=new F(r[e],this.l,o);var f=c(u.action);var s=c(u.subject||this.A);if(!this.h&&u.fields)this.h=true;for(var a=0;a<s.length;a++){var h=$(i,s[a],S);if(n===void 0)n=typeof s[a];if(typeof s[a]!==n&&n!=="mixed")n="mixed";for(var v=0;v<f.length;v++)$(h,f[v],P).rules.push(u)}}this.v=i;if(n!=="mixed"&&!this.m){var l=p[n]||p.string;this.M=l}};r.possibleRulesFor=function t(r,i){if(i===void 0)i=this.A;if(!l(i))throw new Error('"possibleRulesFor" accepts only subject types (i.e., string or class) as the 2nd parameter');var n=$(this.v,i,S);var e=$(n,r,P);if(e.merged)return e.rules;var o=r!==this.p&&n.has(this.p)?n.get(this.p).rules:void 0;var u=M(e.rules,o);if(i!==this.A)u=M(u,this.possibleRulesFor(r,this.A));e.rules=u;e.merged=true;return u};r.rulesFor=function t(r,i,n){var e=this.possibleRulesFor(r,i);if(n&&typeof n!=="string")throw new Error("The 3rd, `field` parameter is expected to be a string. See https://stalniy.github.io/casl/en/api/casl-ability#can-of-pure-ability for details");if(!this.h)return e;return e.filter(function(t){return t.matchesField(n)})};r.actionsFor=function t(r){if(!l(r))throw new Error('"actionsFor" accepts only subject types (i.e., string or class) as a parameter');var i=new Set;var n=this.v.get(r);if(n)Array.from(n.keys()).forEach(function(t){return i.add(t)});var e=r!==this.A?this.v.get(this.A):void 0;if(e)Array.from(e.keys()).forEach(function(t){return i.add(t)});return Array.from(i)};r.on=function t(r,i){this.F=this.F||new Map;var n=this.F;var e=n.get(r)||null;var o=_(i,e);n.set(r,o);return function(){var t=n.get(r);if(!o.next&&!o.prev&&t===o)n.delete(r);else if(o===t)n.set(r,o.prev);T(o)}};r.O=function t(r,i){if(!this.F)return;var n=this.F.get(r)||null;while(n!==null){var e=n.prev?C(n.prev):null;n.value(i);n=e}};return n(t,[{key:"rules",get:function t(){return this.j}}])}();var q=function(t){function PureAbility(){return t.apply(this,arguments)||this}o(PureAbility,t);var r=PureAbility.prototype;r.can=function t(r,i,n){var e=this.relevantRuleFor(r,i,n);return!!e&&!e.inverted};r.relevantRuleFor=function t(r,i,n){var e=this.detectSubjectType(i);var o=this.rulesFor(r,e,n);for(var u=0,f=o.length;u<f;u++)if(o[u].matchesConditions(i))return o[u];return null};r.cannot=function t(r,i,n){return!this.can(r,i,n)};return PureAbility}(k);var B={$eq:r.$eq,$ne:r.$ne,$lt:r.$lt,$lte:r.$lte,$gt:r.$gt,$gte:r.$gte,$in:r.$in,$nin:r.$nin,$all:r.$all,$size:r.$size,$regex:r.$regex,$options:r.$options,$elemMatch:r.$elemMatch,$exists:r.$exists};var R={eq:r.eq,ne:r.ne,lt:r.lt,lte:r.lte,gt:r.gt,gte:r.gte,in:r.within,nin:r.nin,all:r.all,size:r.size,regex:r.regex,elemMatch:r.elemMatch,exists:r.exists,and:r.and};var z=function t(i,n,o){return r.createFactory(e({},B,i),e({},R,n),o)};var Y=r.createFactory(B,R);var D=/[-/\\^$+?.()|[\]{}]/g;var L=/\.?\*+\.?/g;var G=/\*+/;var H=/\./g;function I(t,r,i){var n=i[0]==="*"||t[0]==="."&&t[t.length-1]==="."?"+":"*";var e=t.indexOf("**")===-1?"[^.]":".";var o=t.replace(H,"\\$&").replace(G,e+n);return r+t.length===i.length?"(?:"+o+")?":o}function J(t,r,i){if(t==="."&&(i[r-1]==="*"||i[r+1]==="*"))return t;return"\\"+t}function K(t){var r=t.map(function(t){return t.replace(D,J).replace(L,I)});var i=r.length>1?"(?:"+r.join("|")+")":r[0];return new RegExp("^"+i+"$")}var N=function t(r){var i;return function(t){if(typeof i==="undefined")i=r.every(function(t){return t.indexOf("*")===-1})?null:K(r);return i===null?r.indexOf(t)!==-1:i.test(t)}};var Q=function(t){function Ability(r,i){if(r===void 0)r=[];if(i===void 0)i={};return t.call(this,r,e({conditionsMatcher:Y,fieldMatcher:N},i))||this}o(Ability,t);return Ability}(q);function createMongoAbility(t,r){if(t===void 0)t=[];if(r===void 0)r={};return new q(t,e({conditionsMatcher:Y,fieldMatcher:N},r))}function isAbilityClass(t){return t.prototype!==void 0&&typeof t.prototype.possibleRulesFor==="function"}var U=function(){function t(t){this._=t}var r=t.prototype;r.because=function t(r){this._.reason=r;return this};return t}();var V=function(){function AbilityBuilder(t){var r=this;this.rules=[];this.T=t;this.can=function(t,i,n,e){return r.C(t,i,n,e,false)};this.cannot=function(t,i,n,e){return r.C(t,i,n,e,true)};this.build=function(t){return isAbilityClass(r.T)?new r.T(r.rules,t):r.T(r.rules,t)}}var t=AbilityBuilder.prototype;t.C=function t(r,i,n,e,o){var u={action:r};if(o)u.inverted=o;if(i){u.subject=i;if(Array.isArray(n)||typeof n==="string")u.fields=n;else if(typeof n!=="undefined")u.conditions=n;if(typeof e!=="undefined")u.conditions=e}this.rules.push(u);return new U(u)};return AbilityBuilder}();function defineAbility(t,r){var i=new V(createMongoAbility);var n=t(i.can,i.cannot);if(n&&typeof n.then==="function")return n.then(function(){return i.build(r)});return i.build(r)}var W=function t(r){return'Cannot execute "'+r.action+'" on "'+r.subjectType+'"'};var X=function t(r){this.message=r};X.prototype=Object.create(Error.prototype);var Z=function(t){function ForbiddenError(r){var i;i=t.call(this,"")||this;i.ability=r;if(typeof Error.captureStackTrace==="function"){i.name="ForbiddenError";Error.captureStackTrace(i,i.constructor)}return i}o(ForbiddenError,t);ForbiddenError.setDefaultMessage=function t(r){this.P=typeof r==="string"?function(){return r}:r};ForbiddenError.from=function t(r){return new this(r)};var r=ForbiddenError.prototype;r.setMessage=function t(r){this.message=r;return this};r.throwUnlessCan=function t(r,i,n){var e=this.unlessCan(r,i,n);if(e)throw e};r.unlessCan=function t(r,i,n){var e=this.ability.relevantRuleFor(r,i,n);if(e&&!e.inverted)return;this.action=r;this.subject=i;this.subjectType=y(this.ability.detectSubjectType(i));this.field=n;var o=e?e.reason:"";this.message=this.message||o||this.constructor.P(this);return this};return ForbiddenError}(X);Z.P=W;var tt=Object.freeze({__proto__:null});t.Ability=Q;t.AbilityBuilder=V;t.ForbiddenError=Z;t.PureAbility=q;t.buildMongoQueryMatcher=z;t.createAliasResolver=m;t.createMongoAbility=createMongoAbility;t.defineAbility=defineAbility;t.detectSubjectType=b;t.fieldPatternMatcher=N;t.getDefaultErrorMessage=W;t.hkt=tt;t.mongoQueryMatcher=Y;t.subject=v;t.wrapArray=c}); //# sourceMappingURL=index.js.map