shyft
Version:
Model driven GraphQL API framework
107 lines (106 loc) • 5.2 kB
JavaScript
;
var __assign = (this && this.__assign) || function () {
__assign = Object.assign || function(t) {
for (var s, i = 1, n = arguments.length; i < n; i++) {
s = arguments[i];
for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p))
t[p] = s[p];
}
return t;
};
return __assign.apply(this, arguments);
};
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
return new (P || (P = Promise))(function (resolve, reject) {
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
step((generator = generator.apply(thisArg, _arguments || [])).next());
});
};
var __generator = (this && this.__generator) || function (thisArg, body) {
var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g;
return g = { next: verb(0), "throw": verb(1), "return": verb(2) }, typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
function verb(n) { return function (v) { return step([n, v]); }; }
function step(op) {
if (f) throw new TypeError("Generator is already executing.");
while (_) try {
if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
if (y = 0, t) op = [op[0] & 2, t.value];
switch (op[0]) {
case 0: case 1: t = op; break;
case 4: _.label++; return { value: op[1], done: false };
case 5: _.label++; y = op[1]; op = [0]; continue;
case 7: op = _.ops.pop(); _.trys.pop(); continue;
default:
if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }
if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }
if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }
if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }
if (t[2]) _.ops.pop();
_.trys.pop(); continue;
}
op = body.call(thisArg, _);
} catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }
if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
}
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.handlePermission = exports.loadPermission = exports.applyPermission = exports.PERMISSION_TYPES = void 0;
var __1 = require("..");
exports.PERMISSION_TYPES = {
read: 10,
find: 20,
mutation: 30,
};
var applyPermission = function (where, permissionWhere) {
if (!permissionWhere) {
return where;
}
var newWhere = __assign({}, where);
newWhere.$and.push(permissionWhere);
return newWhere;
};
exports.applyPermission = applyPermission;
var loadPermission = function (entity, permissionType, entityMutation) {
if (!entity.permissions) {
return null;
}
else if (permissionType === exports.PERMISSION_TYPES.read) {
return entity.permissions.read;
}
else if (permissionType === exports.PERMISSION_TYPES.find) {
return entity.permissions.find;
}
else if (permissionType === exports.PERMISSION_TYPES.mutation) {
if (!entity.permissions.mutations) {
return null;
}
var mutationName = entityMutation.name;
return entity.permissions.mutations[mutationName];
}
throw new __1.CustomError("Unknown permission type '" + permissionType + "'", 'PermissionTypeError');
};
exports.loadPermission = loadPermission;
var handlePermission = function (context, entity, permissionType, entityMutation, input) { return __awaiter(void 0, void 0, void 0, function () {
var permission, userId, userRoles, permissionFilter;
return __generator(this, function (_a) {
switch (_a.label) {
case 0:
permission = exports.loadPermission(entity, permissionType, entityMutation);
if (!permission) {
return [2 /*return*/, null];
}
userId = context.userId, userRoles = context.userRoles;
return [4 /*yield*/, __1.buildPermissionFilter(permission, userId, userRoles, entity, input, context)];
case 1:
permissionFilter = _a.sent();
if (!permissionFilter) {
throw new __1.CustomError('Access denied', 'PermissionError', 403);
}
return [2 /*return*/, permissionFilter];
}
});
}); };
exports.handlePermission = handlePermission;