pundit-ts
Version:
Authorization library in pure typescript.
160 lines (159 loc) • 7.49 kB
JavaScript
;
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
return new (P || (P = Promise))(function (resolve, reject) {
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
step((generator = generator.apply(thisArg, _arguments || [])).next());
});
};
var __generator = (this && this.__generator) || function (thisArg, body) {
var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g = Object.create((typeof Iterator === "function" ? Iterator : Object).prototype);
return g.next = verb(0), g["throw"] = verb(1), g["return"] = verb(2), typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
function verb(n) { return function (v) { return step([n, v]); }; }
function step(op) {
if (f) throw new TypeError("Generator is already executing.");
while (g && (g = 0, op[0] && (_ = 0)), _) try {
if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
if (y = 0, t) op = [op[0] & 2, t.value];
switch (op[0]) {
case 0: case 1: t = op; break;
case 4: _.label++; return { value: op[1], done: false };
case 5: _.label++; y = op[1]; op = [0]; continue;
case 7: op = _.ops.pop(); _.trys.pop(); continue;
default:
if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }
if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }
if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }
if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }
if (t[2]) _.ops.pop();
_.trys.pop(); continue;
}
op = body.call(thisArg, _);
} catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }
if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
}
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.Pundit = exports.PunditPolicy = exports.punditMatchNothing = void 0;
/**
* punditMatchNothing: This is what your Policy class should return if the
* current context IS NOT authorized to query this entity.
* You should throw a "not authorized" error when your `pundit.filter()`
* call returns this.
*
* Used when the PunditPolicy#filter() decides NOTHING should be matched.
* This serves the same purpose of ActiveRecord's `none` query method.
* See: https://apidock.com/rails/v7.1.3.4/ActiveRecord/QueryMethods/none
*/
exports.punditMatchNothing = Symbol("punditMatchNothing");
/**
* Base class for your policies.
* Extend this class for each of your entities.
* Declare your authorization logic in the `authorize()` method and
* filtering logic in `filter()` and `filterFor()` methods.
*
* You should `.register()` your policies to your own pundit instance
* so your entity will be correctly recognized.
*/
var PunditPolicy = /** @class */ (function () {
function PunditPolicy(cons) {
this.cons = cons;
}
/**
* Build a filter specific for the given action.
* FilterFor parameter can be used to declare different return type for this.
*
* Unlike the filter() method, this method is not required to be implemented.
*/
PunditPolicy.prototype.filterFor = function (context, action) {
throw new Error("Not implemented.");
};
PunditPolicy.prototype.handlesModel = function (object) {
return object instanceof this.cons;
};
PunditPolicy.prototype.handlesModelConstructor = function (cons) {
return cons === this.cons;
};
return PunditPolicy;
}());
exports.PunditPolicy = PunditPolicy;
var Pundit = /** @class */ (function () {
function Pundit(policies) {
if (policies === void 0) { policies = []; }
this.policies = policies;
}
/**
* Register a policy, then, this pundit instance will be able to
* recognize the entity that policy includes.
*/
Pundit.prototype.register = function (policy) {
return new Pundit(this.policies.concat(policy));
};
/**
* Authorize an action on an instance of any of the register()'ed entities.
* `action` type will be determined the type of your object's class.
*/
Pundit.prototype.authorize = function (ctx, object, action) {
return __awaiter(this, void 0, void 0, function () {
var policy;
return __generator(this, function (_a) {
switch (_a.label) {
case 0:
policy = this.policies.find(function (p) { return p.handlesModel(object); });
if (!policy) {
throw new Error("No policy found for model ".concat(object));
}
return [4 /*yield*/, policy.authorize(ctx, object, action)];
case 1: return [2 /*return*/, _a.sent()];
}
});
});
};
/**
* Build a filter for the given entity.
* This filter is supposed to be used in your database queries.
*/
Pundit.prototype.filter = function (context, cons) {
return __awaiter(this, void 0, void 0, function () {
var policy;
return __generator(this, function (_a) {
switch (_a.label) {
case 0:
policy = this.policies.find(function (p) {
return p.handlesModelConstructor(cons);
});
if (!policy) {
throw new Error("No policy found for model constructor ".concat(cons));
}
return [4 /*yield*/, policy.filter(context)];
case 1: return [2 /*return*/, _a.sent()];
}
});
});
};
/**
* Build a filter for specific to an action.
*/
Pundit.prototype.filterFor = function (context, cons, action) {
return __awaiter(this, void 0, void 0, function () {
var policy;
return __generator(this, function (_a) {
switch (_a.label) {
case 0:
policy = this.policies.find(function (p) {
return p.handlesModelConstructor(cons);
});
if (!policy) {
throw new Error("No policy found for model constructor ".concat(cons));
}
return [4 /*yield*/, policy.filterFor(context, action)];
case 1: return [2 /*return*/, _a.sent()];
}
});
});
};
return Pundit;
}());
exports.Pundit = Pundit;