UNPKG

prisma-extension-casl

Version:

Enforce casl abilities on prisma client

github.com/dennemark/prisma-extension-casl

dennemark/prisma-extension-casl

198 lines (179 loc) 7.67 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
import { AbilityTuple, PureAbility } from '@casl/ability'; import { rulesToAST } from '@casl/ability/extra'; import { createPrismaAbility, PrismaQuery } from '@casl/prisma'; import { Prisma } from '@prisma/client'; import { convertCreationTreeToSelect, CreationTree } from './convertCreationTreeToSelect'; import { deepMerge } from './deepMerge'; import { getRuleRelationsQuery } from './getRuleRelationsQuery'; import { relationFieldsByModel } from './helpers'; /** * takes args query and rule relation query * and combines them, while also keeping a mask * of the difference, to later on remove all rule relation * results from query result * * @param args query with { include, select } * @param relationQuery query result of getRuleRelationsQuery * @returns `{ args: mergedQuery, mask: differenc of both queries }` */ function mergeArgsAndRelationQuery(args: any, relationQuery: any) { const mask: Record<string, any> = {} let found = false ;['include', 'select'].map((method) => { if (args[method]) { found = true for (const key in relationQuery) { // relations on relationQuery have a select, since it can also have normal fields if (!(key in args[method])) { if (relationQuery[key].select) { args[method][key] = Object.keys(relationQuery[key].select).length === 0 ? true : relationQuery[key] mask[key] = true } else if (method === 'select') { args[method][key] = relationQuery[key] mask[key] = true } } else if (args[method][key] && typeof args[method][key] === 'object') { // if current field is an object, we recurse merging const child = relationQuery[key].select ? mergeArgsAndRelationQuery(args[method][key], relationQuery[key].select) : { args: args[method][key], mask: true } args[method][key] = child.args mask[key] = child.mask } else if (args[method][key] === true) { // if field is true it expects all fields // but we need to get nested relations, therefore // we convert relation select to include with only relation fields // (relation fields have a select prop) if (relationQuery[key].select) { for (const field in relationQuery[key].select) { if (relationQuery[key].select[field]?.select) { args[method][key] = { include: { ...(args[method][key]?.include ?? {}), [field]: relationQuery[key].select[field] } } mask[key] = { ...(mask?.[key] ?? {}), [field]: true } } } } } } } }) if (found === false) { Object.entries(relationQuery).forEach(([k, v]: [string, any]) => { if (v?.select) { args.include = { ...(args.include ?? {}), [k]: v } mask[k] = args.where ? true : removeNestedIncludeSelect(v.select) } }) } return { args, mask } } /** * recursively removes all selects and includes from a select query to get a clean mask * { posts: { select: { thread: { select: { id: true }}}}} * { posts: { thread: { id: true }}} * @param args select query * @returns mask */ function removeNestedIncludeSelect(args: any) { return typeof args === 'object' ? Object.fromEntries((Object.entries(args) as [string, any]).map(([k, v]): [string, any] => { if (v?.select) { return [k, removeNestedIncludeSelect(v.select)] } else if (v?.include) { return [k, removeNestedIncludeSelect(v.include)] } else { return [k, v] } })) : args } /** * filterQueryResults needs to work with all data that is related to rules * a query might not load this data, therefore we add the rule condition fields * to the query * * we also generate a mask that can be used by filterQueryResults to * remove unused fields * * @param args query * @param abilities Casl prisma abilities * @param action Casl action - preferably create/read/update/delete * @param model prisma model * @returns `{ args: mergedQuery, mask: description of fields that should be removed from result }` */ export function applyRuleRelationsQuery(args: any, abilities: PureAbility<AbilityTuple, PrismaQuery>, action: string, model: Prisma.ModelName, creationTree?: CreationTree) { const creationSelectQuery = creationTree ? convertCreationTreeToSelect(abilities, creationTree) ?? {} : {} const queryRelations = getNestedQueryRelations(args, abilities, action, model, creationSelectQuery === true ? {} : creationSelectQuery) if (!args.select && !args.include) { args.include = {} } // merge rule query relations with current arguments and creates new args and a mask that will be used to remove values that are only necessary to evaluate rules const result = mergeArgsAndRelationQuery(args, queryRelations) if ('include' in result.args && Object.keys(result.args.include!).length === 0) { delete result.args.include } return { ...result, creationTree } } /** * * gets all query relations that are necessary to evaluate rules later on * * @param args query * @param abilities Casl prisma abilities * @param action Casl action - preferably create/read/update/delete * @param model prisma model * @param creationSelectQuery * @returns `{ args: mergedQuery, mask: description of fields that should be removed from result }` */ function getNestedQueryRelations(args: any, abilities: PureAbility<AbilityTuple, PrismaQuery>, action: string, model: Prisma.ModelName, creationSelectQuery: any = {}) { // rulesToAST won't return conditions // if a rule is inverted and if a can rule exists without condition // we therefore create fake ability here // to get our rule relations query // furthermore if we query for action = 'all' we rename rule action to 'all' const ability = createPrismaAbility(abilities.rules.filter((rule) => rule.conditions).map((rule) => { return { ...rule, action: action === 'all' ? action : rule.action, inverted: false } })) try { const ast = rulesToAST(ability, action, model) const queryRelations = getRuleRelationsQuery(model, ast, creationSelectQuery === true ? {} : creationSelectQuery) ;['include', 'select'].map((method) => { if (args && args[method]) { for (const relation in args[method]) { if (model in relationFieldsByModel && relation in relationFieldsByModel[model]) { const relationField = relationFieldsByModel[model][relation] if (relationField) { const nestedQueryRelations = deepMerge( getNestedQueryRelations(args[method][relation], abilities, action === 'all' ? 'all' : 'read', relationField.type as Prisma.ModelName), (typeof queryRelations[relation]?.select === 'object' ? queryRelations[relation]?.select : {}) ) if (nestedQueryRelations && Object.keys(nestedQueryRelations).length > 0) { queryRelations[relation] = { ...(queryRelations[relation] ?? {}), select: nestedQueryRelations } } } } } } }) return queryRelations } catch (e) { console.error(`Your ability relation probably is missing an 'is': [relation]: { is: { id: 0 } }`) throw e } }