@n4it/crud-policy/lib/guards/PolicyGuard.js

NestJs CRUD for RESTful APIs - policy

"use strict";
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
    return c > 3 && r && Object.defineProperty(target, key, r), r;
};
var __metadata = (this && this.__metadata) || function (k, v) {
    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.createPolicyGuard = void 0;
const common_1 = require("@nestjs/common");
const core_1 = require("@nestjs/core");
const constants_1 = require("../constants");
const validate_1 = require("../utils/validate");
const get_relevant_id_1 = require("../utils/get-relevant-id");
const createGetAndValidateResourceId = (opts) => {
    if (!opts.extractors) {
        return () => null;
    }
    const { getResourceIdFromBody, getResourceIdFromParams } = opts.extractors;
    return (0, get_relevant_id_1.createRequestEntityIdGetter)(getResourceIdFromBody, getResourceIdFromParams);
};
const createPolicyGuard = (opts) => {
    const getAndValidateResourceId = createGetAndValidateResourceId(opts);
    let PolicyGuard = class PolicyGuard {
        reflector;
        constructor(reflector) {
            this.reflector = reflector;
        }
        canActivate(context) {
            const requiredPolicies = this.reflector.getAllAndOverride(constants_1.POLICY_NAME_METADATA, [context.getHandler(), context.getClass()]);
            if (!requiredPolicies) {
                return true;
            }
            const { user, params, body } = context.switchToHttp().getRequest();
            const entityId = getAndValidateResourceId(params, body);
            const isAllowed = (0, validate_1.validatePolicies)(requiredPolicies, user[opts.userPolicyField] ?? [], entityId);
            if (!isAllowed) {
                throw new common_1.ForbiddenException();
            }
            return true;
        }
    };
    PolicyGuard = __decorate([
        (0, common_1.Injectable)(),
        __metadata("design:paramtypes", [core_1.Reflector])
    ], PolicyGuard);
    return PolicyGuard;
};
exports.createPolicyGuard = createPolicyGuard;
//# sourceMappingURL=PolicyGuard.js.map