UNPKG

@permitio/permit-prisma

Version:

Prisma extension for integrating Permit.io authorization (RBAC, ABAC, ReBAC) into your Prisma application.

github.com/permitio/permit-prisma

permitio/permit-prisma

85 lines (84 loc) 4.06 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
import { AccessControlModel } from "../models/PermissionModels"; /** * Maps Prisma query operations to Permit.io permission action names. * This function translates Prisma's operation types (like findMany, create, etc.) * into standardized action names used in Permit.io authorization checks. * * @param {string} operation - The Prisma operation name (e.g., "findMany", "create", "update") * @returns {string} The corresponding Permit.io action name (e.g., "read", "create", "update") * * @example * mapOperationToAction("findMany") // Returns "read" * mapOperationToAction("create") // Returns "create" * mapOperationToAction("upsert") // Returns "update" */ export declare function mapOperationToAction(operation: string): string; /** * Maps Prisma model names to Permit.io resource types. * This function converts Prisma model names (typically PascalCase) to Permit.io * resource type identifiers (typically snake_case) unless a custom mapping is provided. * * @param {string} model - The Prisma model name (e.g., "User", "BlogPost") * @param {Record<string, string>} [mapping] - Optional custom mapping from model names to resource types * @returns {string} The corresponding Permit.io resource type identifier * * @example * // Without mapping * mapModelToResourceType("UserProfile") // Returns "user_profile" * * // With custom mapping * const mapping = { "User": "customer" }; * mapModelToResourceType("User", mapping) // Returns "customer" */ export declare function mapModelToResourceType(model: string, mapping?: Record<string, string>): string; /** * Creates a properly formatted resource object for Permit.io permission checks * based on the access control model being used. * * @param {string} resourceType - The Permit.io resource type (e.g., "document", "user") * @param {any} args - Prisma query arguments containing data and/or where clauses * @param {string} operation - The Prisma operation being performed (e.g., "create", "update") * @param {AccessControlModel} [modelType] - The access control model (RBAC, ABAC, or ReBAC) * @returns {string|object} A formatted resource object compatible with Permit.io checks * * @example * // No model type or RBAC - simple string * createResourceObject("document", {}, "read") * // Returns: "document" * * // ABAC - object with attributes * createResourceObject("document", { data: { confidential: true }}, "create", AccessControlModel.ABAC) * // Returns: { type: "document", attributes: { confidential: true }} * * // ReBAC - object with resource ID and attributes * createResourceObject("document", { where: { id: "123" }}, "update", AccessControlModel.ReBAC) * // Returns: { type: "document", key: "123", attributes: {...} } */ export declare function createResourceObject(resourceType: string, args: any, operation: string, modelType?: AccessControlModel): any; /** * Extracts the resource ID from the Prisma query args */ export declare function getResourceId(where: any): string | number | undefined; export declare function getResourceIdForSync(result: any, operation: string): string | null; /** * Extracts attributes from Prisma query arguments to be used in ABAC/ReBAC permission checks. * This function attempts to extract meaningful data attributes from either the `data` object * (in create/update operations) or the `where` object (in read/delete operations). * * @param {any} args - The Prisma query arguments object * @returns {Record<string, any>} An object containing extracted attributes, or an empty object if no attributes found * * @example * // From create/update operation * extractAttributes({ data: { title: "Document", confidential: true }}) * // Returns: { title: "Document", confidential: true } * * // From read/delete operation * extractAttributes({ where: { id: "123", status: "active" }}) * // Returns: { id: "123", status: "active" } * * // When no relevant data is found * extractAttributes({}) * // Returns: {} */ export declare function extractAttributes(args: any): Record<string, any>;