UNPKG

@clickup/ent-framework

Version:

A PostgreSQL graph-database-alike library with microsharding and row-level security

github.com/clickup/ent-framework

clickup/ent-framework

55 lines (49 loc) 1.72 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
import type { EntAccessError } from "../errors/EntAccessError"; import type { Predicate } from "../predicates/Predicate"; import { FuncToPredicate } from "../predicates/Predicate"; import type { VC } from "../VC"; /** * Each Rule evaluates to some Decision (or throws). */ export type RuleDecision = "ALLOW" | "TOLERATE" | "SKIP" | "DENY"; /** * A full debug info about some Rule decision (which Rule produced this * decision, what was thrown etc.). */ export interface RuleResult { decision: RuleDecision; rule: Rule<object>; cause: EntAccessError | null; } /** * A base class which can e.g. accept not only a predicate, but also a plain JS * lambda function as a predicate. Also has a logic of "glueing" the rule name * with the predicate name. * * Each Rule must either: * - throw (or return DENY) if it disallows access immediately, * - return ALLOW if the access is granted (so no other rules will run), * - return TOLERATE if it's okay with the row, but wants others' votes too, * - or return SKIP to fully delegate the decision to the next rule. * * See more comments in rules.ts. * * Each rule carries a predicate which it calls and then decides, how to * interpret the result. */ export abstract class Rule<TInput> { readonly predicate: Predicate<TInput>; readonly name: string; abstract evaluate(vc: VC, input: TInput): Promise<RuleResult>; constructor( predicate: | Predicate<TInput> | ((vc: VC, input: TInput) => Promise<boolean> | boolean), ) { this.predicate = predicate instanceof Function ? new FuncToPredicate<TInput>(predicate) : predicate; this.name = this.constructor.name + ":" + this.predicate.name; } }