@martinmilo/verve/dist/authorization/core/mixin.js

TypeScript domain modeling library with field-level authorization, business rule validation, and context-aware access control

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.WithAuthorization = WithAuthorization;
const can_1 = require("../decorators/can");
const context_1 = require("../../context");
const errors_1 = require("../../errors");
function WithAuthorization(Base) {
    return class WithAuthorizationMixin extends Base {
        constructor(...args) {
            super(...args);
            // Wrap methods with authorization
            const proto = Object.getPrototypeOf(this);
            const methodNames = Object.getOwnPropertyNames(proto)
                .filter(name => {
                const fn = this[name];
                return typeof fn === 'function' && !!(0, can_1.getCanCondition)(proto, name);
            });
            for (const name of methodNames) {
                const original = this[name];
                const condition = (0, can_1.getCanCondition)(proto, name);
                Object.defineProperty(this, name, {
                    value: (...args) => {
                        var _a, _b, _c;
                        const context = (_c = (_b = (_a = this).getContext) === null || _b === void 0 ? void 0 : _b.call(_a)) !== null && _c !== void 0 ? _c : context_1.Context.get();
                        if (!(condition === null || condition === void 0 ? void 0 : condition(context, this))) {
                            throw new errors_1.VerveError(errors_1.ErrorCode.UNAUTHORIZED_METHOD_CALL, { method: String(name) });
                        }
                        return original.apply(this, args);
                    },
                    writable: false,
                    configurable: false,
                });
            }
        }
    };
}
//# sourceMappingURL=mixin.js.map