@txstate-mws/graphql-server/dist-esm/service.d.ts

A simple graphql server designed to work with typegraphql.

import { type Context, type Type } from './context';
export declare abstract class BaseService<AuthType = any> {
    protected ctx: Context<AuthType>;
    constructor(ctx: Context<AuthType>);
    get loaders(): import("dataloader-factory").DataLoaderFactory<Context<AuthType>>;
    get auth(): AuthType | undefined;
    svc<T extends BaseService>(ServiceType: Type<T>): T;
    timing(...messages: string[]): void;
    requireAuth(): void;
}
/**
 * Use this as a base class for your service to add a removeUnauthorized method that can
 * help you filter out objects the current user isn't allowed to see.
 */
export declare abstract class AuthorizedService<AuthType = any, ObjType = any, RedactedType = ObjType> extends BaseService<AuthType> {
    removeUnauthorized(object: ObjType | undefined): Promise<RedactedType | ObjType | undefined>;
    removeUnauthorized(objects: ObjType[]): Promise<RedactedType[] | ObjType[]>;
    /**
     * Override this method for any services that need to hide certain properties
     * from unauthorized users. For example, a User record might be visible to everyone
     * for directory purposes, but User.socialSecurityNumber needs to be removed
     * for all but the most privileged viewers.
     *
     * Do NOT mutate the object given, it will be cached in various dataloaders and you
     * don't want to alter the cache. Return a new cloned object instead. You may find
     * the txstate-utils functions clone, pick, and omit functions especially helpful.
     *
     * Removing foreign key info in this function can be problematic.
     */
    protected removeProperties(object: ObjType): Promise<RedactedType | ObjType>;
    /**
     * Override this method for any services that need to filter the entire object
     * from unauthorized users. For example an Address record may only be visible
     * under a certain context where user is looking at their own address. Returning
     * a false would filter out the address object so that an undefined would be
     * returned or the object would be remove from lists.
     */
    protected mayView(obj: ObjType): Promise<boolean>;
}
/**
 * This class is the same idea as AuthorizedService but it expects you to have everything you
 * need to authorize release of an object already loaded, so that you will not have to make any
 * async calls. If you can do that, it will greatly improve performance as you will not have to make
 * several new promises per array element, which is rather expensive.
 */
export declare abstract class AuthorizedServiceSync<AuthType = any, ObjType = any, RedactedType = ObjType> extends BaseService<AuthType> {
    removeUnauthorized(object: ObjType | undefined): RedactedType | ObjType | undefined;
    removeUnauthorized(objects: ObjType[]): RedactedType[] | ObjType[];
    /**
     * Override this method for any services that need to hide certain properties
     * from unauthorized users. For example, a User record might be visible to everyone
     * for directory purposes, but User.socialSecurityNumber needs to be removed
     * for all but the most privileged viewers.
     *
     * Do NOT mutate the object given, it will be cached in various dataloaders and you
     * don't want to alter the cache. Return a new cloned object instead. You may find
     * the txstate-utils functions clone, pick, and omit especially helpful.
     *
     * Removing foreign key info in this function can be problematic.
     */
    protected removeProperties(object: ObjType): RedactedType | ObjType;
    /**
     * Override this method for any services that need to filter the entire object
     * from unauthorized users. For example an Address record may only be visible
     * under a certain context where user is looking at their own address. Returning
     * a false would filter out the address object so that an undefined would be
     * returned or the object would be remove from lists.
     */
    protected mayView(obj: ObjType): boolean;
}