@vendure/core
Version:
A modern, headless ecommerce framework
40 lines • 1.75 kB
JavaScript
;
Object.defineProperty(exports, "__esModule", { value: true });
exports.Allow = exports.PERMISSIONS_METADATA_KEY = void 0;
const common_1 = require("@nestjs/common");
exports.PERMISSIONS_METADATA_KEY = '__permissions__';
/**
* @description
* Attaches metadata to the resolver defining which permissions are required to execute the
* operation, using one or more {@link Permission} values.
*
* In a GraphQL context, it can be applied to top-level queries and mutations as well as field resolvers.
*
* For REST controllers, it can be applied to route handler.
*
* ## Allow and Sessions
* The `@Allow()` decorator is closely linked to the way Vendure manages sessions. For any operation or route that is decorated
* with `@Allow()`, there must be an authenticated session in progress, which would have been created during a prior authentication
* step.
*
* The exception to this is when the operation is decorated with `@Allow(Permission.Owner)`. This is a special permission which is designed
* to give access to certain resources to potentially un-authenticated users. For this reason, any operation decorated with this permission
* will always have an anonymous session created if no session is currently in progress.
*
* For more information see [Understanding Permission.Owner](/reference/typescript-api/common/permission/#understanding-permissionowner).
*
* @example
* ```ts
* \@Allow(Permission.SuperAdmin)
* \@Query()
* getAdministrators() {
* // ...
* }
* ```
*
* @docsCategory request
* @docsPage Allow Decorator
*/
const Allow = (...permissions) => (0, common_1.SetMetadata)(exports.PERMISSIONS_METADATA_KEY, permissions);
exports.Allow = Allow;
//# sourceMappingURL=allow.decorator.js.map