@cryptexlabs/codex-nodejs-common 0.1.18 → 0.1.19

package/lib/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@cryptexlabs/codex-nodejs-common",
-    "version": "0.1.18",
+    "version": "0.1.19",
     "description": "Common code for Assistant applications",
     "main": "lib/src/index.js",
     "repository": "git@gitlab.com:cryptexlabs/public/codex-nodejs-common.git",

package/lib/src/auth/http-authz.action-to-sub-objects.guard.util.d.ts

@@ -0,0 +1,11 @@
+import { ExecutionContext } from "@nestjs/common";
+export declare class HttpAuthzActionToSubObjectsGuardUtil {
+    private readonly context;
+    private readonly action;
+    private _authzGuard;
+    constructor(context: ExecutionContext, action: string);
+    isAuthorized(object: string, objectId: string, subObject: string, subObjectIds: string[], namespace?: string): boolean;
+    get params(): any;
+    get query(): any;
+    get body(): any;
+}

package/lib/src/auth/http-authz.action-to-sub-objects.guard.util.js

@@ -0,0 +1,55 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.HttpAuthzActionToSubObjectsGuardUtil = void 0;
+const http_authz_guard_util_1 = require("./http-authz.guard.util");
+class HttpAuthzActionToSubObjectsGuardUtil {
+    constructor(context, action) {
+        this.context = context;
+        this.action = action;
+        this._authzGuard = new http_authz_guard_util_1.HttpAuthzGuardUtil(context);
+    }
+    isAuthorized(object, objectId, subObject, subObjectIds, namespace) {
+        for (const id of subObjectIds) {
+            let requests = [];
+            if (namespace) {
+                requests = [
+                    {
+                        action: "",
+                        object: namespace,
+                        objectId: "",
+                    },
+                ];
+            }
+            requests = [
+                ...requests,
+                ...[
+                    {
+                        action: "",
+                        object,
+                        objectId,
+                    },
+                    {
+                        action: this.action,
+                        object: subObject,
+                        objectId: id,
+                    },
+                ],
+            ];
+            if (!this._authzGuard.isAuthorized(...requests)) {
+                return false;
+            }
+        }
+        return true;
+    }
+    get params() {
+        return this._authzGuard.params;
+    }
+    get query() {
+        return this._authzGuard.query;
+    }
+    get body() {
+        return this._authzGuard.body;
+    }
+}
+exports.HttpAuthzActionToSubObjectsGuardUtil = HttpAuthzActionToSubObjectsGuardUtil;
+//# sourceMappingURL=http-authz.action-to-sub-objects.guard.util.js.map

package/lib/src/auth/http-authz.action-to-sub-objects.guard.util.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"http-authz.action-to-sub-objects.guard.util.js","sourceRoot":"","sources":["../../../src/auth/http-authz.action-to-sub-objects.guard.util.ts"],"names":[],"mappings":";;;AACA,mEAA6D;AAK7D,MAAa,oCAAoC;IAG/C,YACmB,OAAyB,EACzB,MAAc;QADd,YAAO,GAAP,OAAO,CAAkB;QACzB,WAAM,GAAN,MAAM,CAAQ;QAE/B,IAAI,CAAC,WAAW,GAAG,IAAI,0CAAkB,CAAC,OAAO,CAAC,CAAC;IACrD,CAAC;IASM,YAAY,CACjB,MAAc,EACd,QAAgB,EAChB,SAAiB,EACjB,YAAsB,EACtB,SAAkB;QAElB,KAAK,MAAM,EAAE,IAAI,YAAY,EAAE;YAC7B,IAAI,QAAQ,GAAG,EAAE,CAAC;YAElB,IAAI,SAAS,EAAE;gBACb,QAAQ,GAAG;oBACT;wBACE,MAAM,EAAE,EAAE;wBACV,MAAM,EAAE,SAAS;wBACjB,QAAQ,EAAE,EAAE;qBACb;iBACF,CAAC;aACH;YAED,QAAQ,GAAG;gBACT,GAAG,QAAQ;gBACX,GAAG;oBACD;wBACE,MAAM,EAAE,EAAE;wBACV,MAAM;wBACN,QAAQ;qBACT;oBACD;wBACE,MAAM,EAAE,IAAI,CAAC,MAAM;wBACnB,MAAM,EAAE,SAAS;wBACjB,QAAQ,EAAE,EAAE;qBACb;iBACF;aACF,CAAC;YAEF,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,YAAY,CAAC,GAAG,QAAQ,CAAC,EAAE;gBAC/C,OAAO,KAAK,CAAC;aACd;SACF;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAW,MAAM;QACf,OAAO,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC;IACjC,CAAC;IAED,IAAW,KAAK;QACd,OAAO,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC;IAChC,CAAC;IAED,IAAW,IAAI;QACb,OAAO,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC;IAC/B,CAAC;CACF;AAvED,oFAuEC"}

package/lib/src/auth/http-authz.attach-objects.guard.util.d.ts

@@ -0,0 +1,10 @@
+import { ExecutionContext } from "@nestjs/common";
+export declare class HttpAuthzAttachObjectsGuardUtil {
+    private readonly context;
+    private _util;
+    constructor(context: ExecutionContext);
+    isAuthorized(object: string, objectId: string, attachObject: string, attachObjectIds: string[], namespace?: string): boolean;
+    get params(): any;
+    get query(): any;
+    get body(): any;
+}

package/lib/src/auth/http-authz.attach-objects.guard.util.js

@@ -0,0 +1,24 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.HttpAuthzAttachObjectsGuardUtil = void 0;
+const http_authz_action_to_sub_objects_guard_util_1 = require("./http-authz.action-to-sub-objects.guard.util");
+class HttpAuthzAttachObjectsGuardUtil {
+    constructor(context) {
+        this.context = context;
+        this._util = new http_authz_action_to_sub_objects_guard_util_1.HttpAuthzActionToSubObjectsGuardUtil(context, "create");
+    }
+    isAuthorized(object, objectId, attachObject, attachObjectIds, namespace) {
+        return this._util.isAuthorized(object, objectId, attachObject, attachObjectIds, namespace);
+    }
+    get params() {
+        return this._util.params;
+    }
+    get query() {
+        return this._util.query;
+    }
+    get body() {
+        return this._util.body;
+    }
+}
+exports.HttpAuthzAttachObjectsGuardUtil = HttpAuthzAttachObjectsGuardUtil;
+//# sourceMappingURL=http-authz.attach-objects.guard.util.js.map

package/lib/src/auth/http-authz.attach-objects.guard.util.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"http-authz.attach-objects.guard.util.js","sourceRoot":"","sources":["../../../src/auth/http-authz.attach-objects.guard.util.ts"],"names":[],"mappings":";;;AACA,+GAAqG;AAKrG,MAAa,+BAA+B;IAG1C,YAA6B,OAAyB;QAAzB,YAAO,GAAP,OAAO,CAAkB;QACpD,IAAI,CAAC,KAAK,GAAG,IAAI,kFAAoC,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;IAC3E,CAAC;IASM,YAAY,CACjB,MAAc,EACd,QAAgB,EAChB,YAAoB,EACpB,eAAyB,EACzB,SAAkB;QAElB,OAAO,IAAI,CAAC,KAAK,CAAC,YAAY,CAC5B,MAAM,EACN,QAAQ,EACR,YAAY,EACZ,eAAe,EACf,SAAS,CACV,CAAC;IACJ,CAAC;IAED,IAAW,MAAM;QACf,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC;IAC3B,CAAC;IAED,IAAW,KAAK;QACd,OAAO,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC;IAC1B,CAAC;IAED,IAAW,IAAI;QACb,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC;IACzB,CAAC;CACF;AAzCD,0EAyCC"}

package/lib/src/auth/http-authz.detach-objects.guard.util.d.ts

@@ -0,0 +1,10 @@
+import { ExecutionContext } from "@nestjs/common";
+export declare class HttpAuthzDetachObjectsGuardUtil {
+    private readonly context;
+    private _util;
+    constructor(context: ExecutionContext);
+    isAuthorized(object: string, objectId: string, detachObject: string, detachObjectIds: string[], namespace?: string): boolean;
+    get params(): any;
+    get query(): any;
+    get body(): any;
+}

package/lib/src/auth/http-authz.detach-objects.guard.util.js

@@ -0,0 +1,24 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.HttpAuthzDetachObjectsGuardUtil = void 0;
+const http_authz_action_to_sub_objects_guard_util_1 = require("./http-authz.action-to-sub-objects.guard.util");
+class HttpAuthzDetachObjectsGuardUtil {
+    constructor(context) {
+        this.context = context;
+        this._util = new http_authz_action_to_sub_objects_guard_util_1.HttpAuthzActionToSubObjectsGuardUtil(context, "delete");
+    }
+    isAuthorized(object, objectId, detachObject, detachObjectIds, namespace) {
+        return this._util.isAuthorized(object, objectId, detachObject, detachObjectIds, namespace);
+    }
+    get params() {
+        return this._util.params;
+    }
+    get query() {
+        return this._util.query;
+    }
+    get body() {
+        return this._util.body;
+    }
+}
+exports.HttpAuthzDetachObjectsGuardUtil = HttpAuthzDetachObjectsGuardUtil;
+//# sourceMappingURL=http-authz.detach-objects.guard.util.js.map

package/lib/src/auth/http-authz.detach-objects.guard.util.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"http-authz.detach-objects.guard.util.js","sourceRoot":"","sources":["../../../src/auth/http-authz.detach-objects.guard.util.ts"],"names":[],"mappings":";;;AACA,+GAAqG;AAKrG,MAAa,+BAA+B;IAG1C,YAA6B,OAAyB;QAAzB,YAAO,GAAP,OAAO,CAAkB;QACpD,IAAI,CAAC,KAAK,GAAG,IAAI,kFAAoC,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;IAC3E,CAAC;IASM,YAAY,CACjB,MAAc,EACd,QAAgB,EAChB,YAAoB,EACpB,eAAyB,EACzB,SAAkB;QAElB,OAAO,IAAI,CAAC,KAAK,CAAC,YAAY,CAC5B,MAAM,EACN,QAAQ,EACR,YAAY,EACZ,eAAe,EACf,SAAS,CACV,CAAC;IACJ,CAAC;IAED,IAAW,MAAM;QACf,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC;IAC3B,CAAC;IAED,IAAW,KAAK;QACd,OAAO,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC;IAC1B,CAAC;IAED,IAAW,IAAI;QACb,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC;IACzB,CAAC;CACF;AAzCD,0EAyCC"}

package/lib/src/auth/{http-authz-guard.util.js → http-authz.guard.util.js}

@@ -55,4 +55,4 @@ class HttpAuthzGuardUtil {
     }
 }
 exports.HttpAuthzGuardUtil = HttpAuthzGuardUtil;
-//# sourceMappingURL=http-authz-guard.util.js.map
+//# sourceMappingURL=http-authz.guard.util.js.map

package/lib/src/auth/{http-authz-guard.util.js.map → http-authz.guard.util.js.map}

@@ -1 +1 @@
-{"version":3,"file":"http-authz-guard.util.js","sourceRoot":"","sources":["../../../src/auth/http-authz-guard.util.ts"],"names":[],"mappings":";;;AAAA,2CAA6E;AAC7E,oCAAoC;AAEpC,uEAAmE;AAEnE,MAAa,kBAAkB;IAM7B,YAA6B,OAAyB;QAAzB,YAAO,GAAP,OAAO,CAAkB;QACpD,MAAM,OAAO,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC,UAAU,EAAE,CAAC;QACpD,MAAM,mBAAmB,GAAG,OAAO,CAAC,OAAO,CAAC,aAAa,CAAC;QAC1D,IAAI,CAAC,mBAAmB,EAAE;YACxB,MAAM,IAAI,sBAAa,CAAC,cAAc,EAAE,mBAAU,CAAC,YAAY,CAAC,CAAC;SAClE;QACD,MAAM,gBAAgB,GAAG,mBAAmB,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;QACrE,IAAI,gBAAgB,CAAC,MAAM,KAAK,CAAC,EAAE;YACjC,MAAM,IAAI,sBAAa,CAAC,cAAc,EAAE,mBAAU,CAAC,YAAY,CAAC,CAAC;SAClE;QAED,MAAM,WAAW,GAAG,gBAAgB,CAAC,CAAC,CAAC,CAAC;QACxC,MAAM,YAAY,GAAG,GAAG,CAAC,MAAM,CAAC,WAAW,CAAmB,CAAC;QAC/D,IAAI,CAAC,YAAY,EAAE;YACjB,MAAM,IAAI,sBAAa,CAAC,cAAc,EAAE,mBAAU,CAAC,YAAY,CAAC,CAAC;SAClE;QAED,IAAI,CAAC,MAAM,GAAG,YAAY,CAAC;QAC3B,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAC7B,IAAI,CAAC,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC;QAC3B,IAAI,CAAC,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;IAC3B,CAAC;IAEM,YAAY,CAAC,GAAG,aAA8C;QACnE,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC;QAElC,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE;YAC1B,IAAI,IAAI,CAAC,0BAA0B,CAAC,KAAK,EAAE,aAAa,CAAC,EAAE;gBACzD,OAAO,IAAI,CAAC;aACb;SACF;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAEO,0BAA0B,CAChC,KAAa,EACb,aAA8C;QAE9C,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAE/B,MAAM,uBAAuB,GAAG,EAAE,CAAC;QACnC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,EAAE;YACxC,uBAAuB,CAAC,IAAI,CAC1B,IAAI,gDAAsB,CACxB,IAAI,CAAC,MAAM,CAAC,GAAG,EACf,KAAK,CAAC,CAAC,CAAC,EACR,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,EACZ,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,CACb,CACF,CAAC;SACH;QAED,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,aAAa,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE;YAC7C,MAAM,OAAO,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC;YACjC,IAAI,CAAC,uBAAuB,CAAC,CAAC,CAAC,EAAE;gBAC/B,OAAO,KAAK,CAAC;aACd;YACD,MAAM,SAAS,GAAG,uBAAuB,CAAC,CAAC,CAAC,CAAC;YAC7C,IAAI,CAAC,SAAS,CAAC,gBAAgB,CAAC,OAAO,CAAC,EAAE;gBACxC,OAAO,KAAK,CAAC;aACd;SACF;QAED,OAAO,IAAI,CAAC;IACd,CAAC;CACF;AAxED,gDAwEC"}
+{"version":3,"file":"http-authz.guard.util.js","sourceRoot":"","sources":["../../../src/auth/http-authz.guard.util.ts"],"names":[],"mappings":";;;AAAA,2CAA6E;AAC7E,oCAAoC;AAEpC,uEAAmE;AAEnE,MAAa,kBAAkB;IAM7B,YAA6B,OAAyB;QAAzB,YAAO,GAAP,OAAO,CAAkB;QACpD,MAAM,OAAO,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC,UAAU,EAAE,CAAC;QACpD,MAAM,mBAAmB,GAAG,OAAO,CAAC,OAAO,CAAC,aAAa,CAAC;QAC1D,IAAI,CAAC,mBAAmB,EAAE;YACxB,MAAM,IAAI,sBAAa,CAAC,cAAc,EAAE,mBAAU,CAAC,YAAY,CAAC,CAAC;SAClE;QACD,MAAM,gBAAgB,GAAG,mBAAmB,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;QACrE,IAAI,gBAAgB,CAAC,MAAM,KAAK,CAAC,EAAE;YACjC,MAAM,IAAI,sBAAa,CAAC,cAAc,EAAE,mBAAU,CAAC,YAAY,CAAC,CAAC;SAClE;QAED,MAAM,WAAW,GAAG,gBAAgB,CAAC,CAAC,CAAC,CAAC;QACxC,MAAM,YAAY,GAAG,GAAG,CAAC,MAAM,CAAC,WAAW,CAAmB,CAAC;QAC/D,IAAI,CAAC,YAAY,EAAE;YACjB,MAAM,IAAI,sBAAa,CAAC,cAAc,EAAE,mBAAU,CAAC,YAAY,CAAC,CAAC;SAClE;QAED,IAAI,CAAC,MAAM,GAAG,YAAY,CAAC;QAC3B,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAC7B,IAAI,CAAC,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC;QAC3B,IAAI,CAAC,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;IAC3B,CAAC;IAEM,YAAY,CAAC,GAAG,aAA8C;QACnE,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC;QAElC,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE;YAC1B,IAAI,IAAI,CAAC,0BAA0B,CAAC,KAAK,EAAE,aAAa,CAAC,EAAE;gBACzD,OAAO,IAAI,CAAC;aACb;SACF;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAEO,0BAA0B,CAChC,KAAa,EACb,aAA8C;QAE9C,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAE/B,MAAM,uBAAuB,GAAG,EAAE,CAAC;QACnC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,EAAE;YACxC,uBAAuB,CAAC,IAAI,CAC1B,IAAI,gDAAsB,CACxB,IAAI,CAAC,MAAM,CAAC,GAAG,EACf,KAAK,CAAC,CAAC,CAAC,EACR,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,EACZ,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,CACb,CACF,CAAC;SACH;QAED,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,aAAa,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE;YAC7C,MAAM,OAAO,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC;YACjC,IAAI,CAAC,uBAAuB,CAAC,CAAC,CAAC,EAAE;gBAC/B,OAAO,KAAK,CAAC;aACd;YACD,MAAM,SAAS,GAAG,uBAAuB,CAAC,CAAC,CAAC,CAAC;YAC7C,IAAI,CAAC,SAAS,CAAC,gBAAgB,CAAC,OAAO,CAAC,EAAE;gBACxC,OAAO,KAAK,CAAC;aACd;SACF;QAED,OAAO,IAAI,CAAC;IACd,CAAC;CACF;AAxED,gDAwEC"}

package/lib/src/auth/index.d.ts

@@ -1,4 +1,5 @@
 export * from "./authenticator.interface";
 export * from "./topic-authorizor.interface";
 export * from "./fake-authenticator";
-export * from "./http-authz-guard.util";
+export * from "./http-authz.guard.util";
+export * from "./http-authz.attach-objects.guard.util";

package/lib/src/auth/index.js

@@ -13,5 +13,6 @@ Object.defineProperty(exports, "__esModule", { value: true });
 __exportStar(require("./authenticator.interface"), exports);
 __exportStar(require("./topic-authorizor.interface"), exports);
 __exportStar(require("./fake-authenticator"), exports);
-__exportStar(require("./http-authz-guard.util"), exports);
+__exportStar(require("./http-authz.guard.util"), exports);
+__exportStar(require("./http-authz.attach-objects.guard.util"), exports);
 //# sourceMappingURL=index.js.map

package/lib/src/auth/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/auth/index.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,4DAA0C;AAC1C,+DAA6C;AAC7C,uDAAqC;AACrC,0DAAwC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/auth/index.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,4DAA0C;AAC1C,+DAA6C;AAC7C,uDAAqC;AACrC,0DAAwC;AACxC,yEAAuD"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@cryptexlabs/codex-nodejs-common",
-  "version": "0.1.18",
+  "version": "0.1.19",
   "description": "Common code for Assistant applications",
   "main": "lib/src/index.js",
   "repository": "git@gitlab.com:cryptexlabs/public/codex-nodejs-common.git",

package/src/auth/http-authz.action-to-sub-objects.guard.util.ts

@@ -0,0 +1,78 @@
+import { ExecutionContext } from "@nestjs/common";
+import { HttpAuthzGuardUtil } from "./http-authz.guard.util";
+
+/**
+ * Authorizes attachments of objects to another object by object id
+ */
+export class HttpAuthzActionToSubObjectsGuardUtil {
+  private _authzGuard: HttpAuthzGuardUtil;
+
+  constructor(
+    private readonly context: ExecutionContext,
+    private readonly action: string
+  ) {
+    this._authzGuard = new HttpAuthzGuardUtil(context);
+  }
+
+  /**
+   * @param {string} object The object name of object A
+   * @param {string} objectId The object ID of object A
+   * @param {string} subObject The object name of objects B
+   * @param {string[]} subObjectIds The object IDs of Objects B to attach to object A
+   * @param {string?} namespace (Optional) The namespace of objects A and B
+   */
+  public isAuthorized(
+    object: string,
+    objectId: string,
+    subObject: string,
+    subObjectIds: string[],
+    namespace?: string
+  ) {
+    for (const id of subObjectIds) {
+      let requests = [];
+
+      if (namespace) {
+        requests = [
+          {
+            action: "",
+            object: namespace,
+            objectId: "",
+          },
+        ];
+      }
+
+      requests = [
+        ...requests,
+        ...[
+          {
+            action: "",
+            object,
+            objectId,
+          },
+          {
+            action: this.action,
+            object: subObject,
+            objectId: id,
+          },
+        ],
+      ];
+
+      if (!this._authzGuard.isAuthorized(...requests)) {
+        return false;
+      }
+    }
+    return true;
+  }
+
+  public get params() {
+    return this._authzGuard.params;
+  }
+
+  public get query() {
+    return this._authzGuard.query;
+  }
+
+  public get body() {
+    return this._authzGuard.body;
+  }
+}

package/src/auth/http-authz.attach-objects.guard.util.spec.ts

@@ -0,0 +1,369 @@
+import { ExecutionContext } from "@nestjs/common";
+import * as jwt from "jsonwebtoken";
+import { HttpAuthzAttachObjectsGuardUtil } from "./http-authz.attach-objects.guard.util";
+
+describe(HttpAuthzAttachObjectsGuardUtil.name, () => {
+  it("Should allow super admin to attach a group to a user", () => {
+    const token = jwt.sign(
+      {
+        scopes: [`cool-app:::any:any:any:any:any:any`],
+      },
+      "hello"
+    );
+
+    const context = {
+      switchToHttp: () => ({
+        getRequest: () => ({
+          headers: {
+            authorization: `Bearer ${token}`,
+          },
+          params: {
+            userId: "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
+          },
+          body: ["680dddec-f0b9-4a01-b8b5-be725f946935"],
+        }),
+      }),
+    } as ExecutionContext;
+
+    const util = new HttpAuthzAttachObjectsGuardUtil(context);
+
+    expect(
+      util.isAuthorized(
+        "user",
+        "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
+        "group",
+        ["5d549988-a3bf-49d7-91ae-aeef65a073cc"],
+        "cool-app"
+      )
+    ).toBe(true);
+  });
+
+  it("Should allow someone with permission to attach any group to a user to attach a group to the user", () => {
+    const token = jwt.sign(
+      {
+        scopes: [
+          `cool-app:::user:4d2114ca-24e2-43e5-bddb-d9a6688b8340::group:any:create`,
+        ],
+      },
+      "hello"
+    );
+
+    const context = {
+      switchToHttp: () => ({
+        getRequest: () => ({
+          headers: {
+            authorization: `Bearer ${token}`,
+          },
+        }),
+      }),
+    } as ExecutionContext;
+
+    const util = new HttpAuthzAttachObjectsGuardUtil(context);
+
+    expect(
+      util.isAuthorized(
+        "user",
+        "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
+        "group",
+        ["5d549988-a3bf-49d7-91ae-aeef65a073cc"],
+        "cool-app"
+      )
+    ).toBe(true);
+  });
+
+  it("Should allow someone with permission to do anything to any group on a user to attach a group to the user", () => {
+    const token = jwt.sign(
+      {
+        scopes: [
+          `cool-app:::user:4d2114ca-24e2-43e5-bddb-d9a6688b8340::group:any:any`,
+        ],
+      },
+      "hello"
+    );
+
+    const context = {
+      switchToHttp: () => ({
+        getRequest: () => ({
+          headers: {
+            authorization: `Bearer ${token}`,
+          },
+          params: {
+            userId: "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
+          },
+          body: ["680dddec-f0b9-4a01-b8b5-be725f946935"],
+        }),
+      }),
+    } as ExecutionContext;
+
+    const util = new HttpAuthzAttachObjectsGuardUtil(context);
+
+    expect(
+      util.isAuthorized(
+        "user",
+        "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
+        "group",
+        ["5d549988-a3bf-49d7-91ae-aeef65a073cc"],
+        "cool-app"
+      )
+    ).toBe(true);
+  });
+
+  it("Should allow someone with permission to do anything to any sub object for a user to attach a group to the user", () => {
+    const token = jwt.sign(
+      {
+        scopes: [
+          `cool-app:::user:4d2114ca-24e2-43e5-bddb-d9a6688b8340::any:any:any`,
+        ],
+      },
+      "hello"
+    );
+
+    const context = {
+      switchToHttp: () => ({
+        getRequest: () => ({
+          headers: {
+            authorization: `Bearer ${token}`,
+          },
+          params: {
+            userId: "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
+          },
+          body: ["680dddec-f0b9-4a01-b8b5-be725f946935"],
+        }),
+      }),
+    } as ExecutionContext;
+
+    const util = new HttpAuthzAttachObjectsGuardUtil(context);
+
+    expect(
+      util.isAuthorized(
+        "user",
+        "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
+        "group",
+        ["5d549988-a3bf-49d7-91ae-aeef65a073cc"],
+        "cool-app"
+      )
+    ).toBe(true);
+  });
+
+  it("Should allow someone with permission to attach a specific group to a user to attach the group to the user", () => {
+    const token = jwt.sign(
+      {
+        scopes: [
+          `cool-app:::user:4d2114ca-24e2-43e5-bddb-d9a6688b8340::group:680dddec-f0b9-4a01-b8b5-be725f946935:create`,
+        ],
+      },
+      "hello"
+    );
+
+    const context = {
+      switchToHttp: () => ({
+        getRequest: () => ({
+          headers: {
+            authorization: `Bearer ${token}`,
+          },
+          params: {
+            userId: "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
+          },
+          body: ["680dddec-f0b9-4a01-b8b5-be725f946935"],
+        }),
+      }),
+    } as ExecutionContext;
+
+    const util = new HttpAuthzAttachObjectsGuardUtil(context);
+
+    expect(
+      util.isAuthorized(
+        "user",
+        "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
+        "group",
+        ["680dddec-f0b9-4a01-b8b5-be725f946935"],
+        "cool-app"
+      )
+    ).toBe(true);
+  });
+
+  it("Should not allow someone with permission to attach any group to a different user to attach a group to the user", () => {
+    const token = jwt.sign(
+      {
+        scopes: [
+          `cool-app:::user:55854a66-5a73-4416-b03a-eba4417b691c::group:any:create`,
+        ],
+      },
+      "hello"
+    );
+
+    const context = {
+      switchToHttp: () => ({
+        getRequest: () => ({
+          headers: {
+            authorization: `Bearer ${token}`,
+          },
+          params: {
+            userId: "001d4f53-798b-4a0b-8ef7-330a7bf72147",
+          },
+          body: ["680dddec-f0b9-4a01-b8b5-be725f946935"],
+        }),
+      }),
+    } as ExecutionContext;
+
+    const util = new HttpAuthzAttachObjectsGuardUtil(context);
+
+    expect(
+      util.isAuthorized(
+        "user",
+        "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
+        "group",
+        ["5d549988-a3bf-49d7-91ae-aeef65a073cc"],
+        "cool-app"
+      )
+    ).toBe(false);
+  });
+
+  it("Should not allow someone with permission to do anything to a different user to attach a group to the user", () => {
+    const token = jwt.sign(
+      {
+        scopes: [
+          `cool-app:::user:55854a66-5a73-4416-b03a-eba4417b691c::group:any:any`,
+        ],
+      },
+      "hello"
+    );
+
+    const context = {
+      switchToHttp: () => ({
+        getRequest: () => ({
+          headers: {
+            authorization: `Bearer ${token}`,
+          },
+          params: {
+            userId: "001d4f53-798b-4a0b-8ef7-330a7bf72147",
+          },
+          body: ["680dddec-f0b9-4a01-b8b5-be725f946935"],
+        }),
+      }),
+    } as ExecutionContext;
+
+    const util = new HttpAuthzAttachObjectsGuardUtil(context);
+
+    expect(
+      util.isAuthorized(
+        "user",
+        "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
+        "group",
+        ["5d549988-a3bf-49d7-91ae-aeef65a073cc"],
+        "cool-app"
+      )
+    ).toBe(false);
+  });
+
+  it("Should not allow someone with permission to do anything to any sub object for a different user to attach a group to the user", () => {
+    const token = jwt.sign(
+      {
+        scopes: [
+          `cool-app:::user:55854a66-5a73-4416-b03a-eba4417b691c::any:any:any`,
+        ],
+      },
+      "hello"
+    );
+
+    const context = {
+      switchToHttp: () => ({
+        getRequest: () => ({
+          headers: {
+            authorization: `Bearer ${token}`,
+          },
+          params: {
+            userId: "001d4f53-798b-4a0b-8ef7-330a7bf72147",
+          },
+          body: ["680dddec-f0b9-4a01-b8b5-be725f946935"],
+        }),
+      }),
+    } as ExecutionContext;
+
+    const util = new HttpAuthzAttachObjectsGuardUtil(context);
+
+    expect(
+      util.isAuthorized(
+        "user",
+        "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
+        "group",
+        ["5d549988-a3bf-49d7-91ae-aeef65a073cc"],
+        "cool-app"
+      )
+    ).toBe(false);
+  });
+
+  it("Should not allow someone with permission to attach a specific group to a different user to attach the group to the user", () => {
+    const token = jwt.sign(
+      {
+        scopes: [
+          `cool-app:::user:4d2114ca-24e2-43e5-bddb-d9a6688b8340::group:680dddec-f0b9-4a01-b8b5-be725f946935:create`,
+        ],
+      },
+      "hello"
+    );
+
+    const context = {
+      switchToHttp: () => ({
+        getRequest: () => ({
+          headers: {
+            authorization: `Bearer ${token}`,
+          },
+          params: {
+            userId: "001d4f53-798b-4a0b-8ef7-330a7bf72147",
+          },
+          body: ["680dddec-f0b9-4a01-b8b5-be725f946935"],
+        }),
+      }),
+    } as ExecutionContext;
+
+    const util = new HttpAuthzAttachObjectsGuardUtil(context);
+
+    expect(
+      util.isAuthorized(
+        "user",
+        "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
+        "group",
+        ["5d549988-a3bf-49d7-91ae-aeef65a073cc"],
+        "cool-app"
+      )
+    ).toBe(false);
+  });
+
+  it("Should not allow someone with permission to attach a different specific permission to a user to attach the group to the user", () => {
+    const token = jwt.sign(
+      {
+        scopes: [
+          `cool-app:::user:4d2114ca-24e2-43e5-bddb-d9a6688b8340::group:680dddec-f0b9-4a01-b8b5-be725f946935:create`,
+        ],
+      },
+      "hello"
+    );
+
+    const context = {
+      switchToHttp: () => ({
+        getRequest: () => ({
+          headers: {
+            authorization: `Bearer ${token}`,
+          },
+          params: {
+            userId: "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
+          },
+          body: ["5be3176f-c066-4418-b682-18e16fd07b84"],
+        }),
+      }),
+    } as ExecutionContext;
+
+    const util = new HttpAuthzAttachObjectsGuardUtil(context);
+
+    expect(
+      util.isAuthorized(
+        "user",
+        "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
+        "group",
+        ["5d549988-a3bf-49d7-91ae-aeef65a073cc"],
+        "cool-app"
+      )
+    ).toBe(false);
+  });
+});

package/src/auth/http-authz.attach-objects.guard.util.ts

@@ -0,0 +1,48 @@
+import { ExecutionContext } from "@nestjs/common";
+import { HttpAuthzActionToSubObjectsGuardUtil } from "./http-authz.action-to-sub-objects.guard.util";
+
+/**
+ * Authorizes attachments of objects to another object by object id
+ */
+export class HttpAuthzAttachObjectsGuardUtil {
+  private _util: HttpAuthzActionToSubObjectsGuardUtil;
+
+  constructor(private readonly context: ExecutionContext) {
+    this._util = new HttpAuthzActionToSubObjectsGuardUtil(context, "create");
+  }
+
+  /**
+   * @param {string} object The object name of object A
+   * @param {string} objectId The object ID of object A
+   * @param {string} attachObject The object name of objects B
+   * @param {string[]} attachObjectIds The object IDs of Objects B to attach to object A
+   * @param {string?} namespace (Optional) The namespace of objects A and B
+   */
+  public isAuthorized(
+    object: string,
+    objectId: string,
+    attachObject: string,
+    attachObjectIds: string[],
+    namespace?: string
+  ) {
+    return this._util.isAuthorized(
+      object,
+      objectId,
+      attachObject,
+      attachObjectIds,
+      namespace
+    );
+  }
+
+  public get params() {
+    return this._util.params;
+  }
+
+  public get query() {
+    return this._util.query;
+  }
+
+  public get body() {
+    return this._util.body;
+  }
+}

package/src/auth/http-authz.detach-objects.guard.util.spec.ts

@@ -0,0 +1,369 @@
+import { ExecutionContext } from "@nestjs/common";
+import * as jwt from "jsonwebtoken";
+import { HttpAuthzDetachObjectsGuardUtil } from "./http-authz.detach-objects.guard.util";
+
+describe(HttpAuthzDetachObjectsGuardUtil.name, () => {
+  it("Should allow super admin to detach a group to a user", () => {
+    const token = jwt.sign(
+      {
+        scopes: [`cool-app:::any:any:any:any:any:any`],
+      },
+      "hello"
+    );
+
+    const context = {
+      switchToHttp: () => ({
+        getRequest: () => ({
+          headers: {
+            authorization: `Bearer ${token}`,
+          },
+          params: {
+            userId: "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
+          },
+          body: ["680dddec-f0b9-4a01-b8b5-be725f946935"],
+        }),
+      }),
+    } as ExecutionContext;
+
+    const util = new HttpAuthzDetachObjectsGuardUtil(context);
+
+    expect(
+      util.isAuthorized(
+        "user",
+        "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
+        "group",
+        ["5d549988-a3bf-49d7-91ae-aeef65a073cc"],
+        "cool-app"
+      )
+    ).toBe(true);
+  });
+
+  it("Should allow someone with permission to detach any group to a user to detach a group from the user", () => {
+    const token = jwt.sign(
+      {
+        scopes: [
+          `cool-app:::user:4d2114ca-24e2-43e5-bddb-d9a6688b8340::group:any:delete`,
+        ],
+      },
+      "hello"
+    );
+
+    const context = {
+      switchToHttp: () => ({
+        getRequest: () => ({
+          headers: {
+            authorization: `Bearer ${token}`,
+          },
+        }),
+      }),
+    } as ExecutionContext;
+
+    const util = new HttpAuthzDetachObjectsGuardUtil(context);
+
+    expect(
+      util.isAuthorized(
+        "user",
+        "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
+        "group",
+        ["5d549988-a3bf-49d7-91ae-aeef65a073cc"],
+        "cool-app"
+      )
+    ).toBe(true);
+  });
+
+  it("Should allow someone with permission to do anything to any group on a user to detach a group from the user", () => {
+    const token = jwt.sign(
+      {
+        scopes: [
+          `cool-app:::user:4d2114ca-24e2-43e5-bddb-d9a6688b8340::group:any:any`,
+        ],
+      },
+      "hello"
+    );
+
+    const context = {
+      switchToHttp: () => ({
+        getRequest: () => ({
+          headers: {
+            authorization: `Bearer ${token}`,
+          },
+          params: {
+            userId: "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
+          },
+          body: ["680dddec-f0b9-4a01-b8b5-be725f946935"],
+        }),
+      }),
+    } as ExecutionContext;
+
+    const util = new HttpAuthzDetachObjectsGuardUtil(context);
+
+    expect(
+      util.isAuthorized(
+        "user",
+        "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
+        "group",
+        ["5d549988-a3bf-49d7-91ae-aeef65a073cc"],
+        "cool-app"
+      )
+    ).toBe(true);
+  });
+
+  it("Should allow someone with permission to do anything to any sub object for a user to detach a group from the user", () => {
+    const token = jwt.sign(
+      {
+        scopes: [
+          `cool-app:::user:4d2114ca-24e2-43e5-bddb-d9a6688b8340::any:any:any`,
+        ],
+      },
+      "hello"
+    );
+
+    const context = {
+      switchToHttp: () => ({
+        getRequest: () => ({
+          headers: {
+            authorization: `Bearer ${token}`,
+          },
+          params: {
+            userId: "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
+          },
+          body: ["680dddec-f0b9-4a01-b8b5-be725f946935"],
+        }),
+      }),
+    } as ExecutionContext;
+
+    const util = new HttpAuthzDetachObjectsGuardUtil(context);
+
+    expect(
+      util.isAuthorized(
+        "user",
+        "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
+        "group",
+        ["5d549988-a3bf-49d7-91ae-aeef65a073cc"],
+        "cool-app"
+      )
+    ).toBe(true);
+  });
+
+  it("Should allow someone with permission to detach a specific group to a user to detach the group to the user", () => {
+    const token = jwt.sign(
+      {
+        scopes: [
+          `cool-app:::user:4d2114ca-24e2-43e5-bddb-d9a6688b8340::group:680dddec-f0b9-4a01-b8b5-be725f946935:delete`,
+        ],
+      },
+      "hello"
+    );
+
+    const context = {
+      switchToHttp: () => ({
+        getRequest: () => ({
+          headers: {
+            authorization: `Bearer ${token}`,
+          },
+          params: {
+            userId: "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
+          },
+          body: ["680dddec-f0b9-4a01-b8b5-be725f946935"],
+        }),
+      }),
+    } as ExecutionContext;
+
+    const util = new HttpAuthzDetachObjectsGuardUtil(context);
+
+    expect(
+      util.isAuthorized(
+        "user",
+        "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
+        "group",
+        ["680dddec-f0b9-4a01-b8b5-be725f946935"],
+        "cool-app"
+      )
+    ).toBe(true);
+  });
+
+  it("Should not allow someone with permission to detach any group to a different user to detach a group from the user", () => {
+    const token = jwt.sign(
+      {
+        scopes: [
+          `cool-app:::user:55854a66-5a73-4416-b03a-eba4417b691c::group:any:create`,
+        ],
+      },
+      "hello"
+    );
+
+    const context = {
+      switchToHttp: () => ({
+        getRequest: () => ({
+          headers: {
+            authorization: `Bearer ${token}`,
+          },
+          params: {
+            userId: "001d4f53-798b-4a0b-8ef7-330a7bf72147",
+          },
+          body: ["680dddec-f0b9-4a01-b8b5-be725f946935"],
+        }),
+      }),
+    } as ExecutionContext;
+
+    const util = new HttpAuthzDetachObjectsGuardUtil(context);
+
+    expect(
+      util.isAuthorized(
+        "user",
+        "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
+        "group",
+        ["5d549988-a3bf-49d7-91ae-aeef65a073cc"],
+        "cool-app"
+      )
+    ).toBe(false);
+  });
+
+  it("Should not allow someone with permission to do anything to a different user to detach a group from the user", () => {
+    const token = jwt.sign(
+      {
+        scopes: [
+          `cool-app:::user:55854a66-5a73-4416-b03a-eba4417b691c::group:any:any`,
+        ],
+      },
+      "hello"
+    );
+
+    const context = {
+      switchToHttp: () => ({
+        getRequest: () => ({
+          headers: {
+            authorization: `Bearer ${token}`,
+          },
+          params: {
+            userId: "001d4f53-798b-4a0b-8ef7-330a7bf72147",
+          },
+          body: ["680dddec-f0b9-4a01-b8b5-be725f946935"],
+        }),
+      }),
+    } as ExecutionContext;
+
+    const util = new HttpAuthzDetachObjectsGuardUtil(context);
+
+    expect(
+      util.isAuthorized(
+        "user",
+        "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
+        "group",
+        ["5d549988-a3bf-49d7-91ae-aeef65a073cc"],
+        "cool-app"
+      )
+    ).toBe(false);
+  });
+
+  it("Should not allow someone with permission to do anything to any sub object for a different user to detach a group from the user", () => {
+    const token = jwt.sign(
+      {
+        scopes: [
+          `cool-app:::user:55854a66-5a73-4416-b03a-eba4417b691c::any:any:any`,
+        ],
+      },
+      "hello"
+    );
+
+    const context = {
+      switchToHttp: () => ({
+        getRequest: () => ({
+          headers: {
+            authorization: `Bearer ${token}`,
+          },
+          params: {
+            userId: "001d4f53-798b-4a0b-8ef7-330a7bf72147",
+          },
+          body: ["680dddec-f0b9-4a01-b8b5-be725f946935"],
+        }),
+      }),
+    } as ExecutionContext;
+
+    const util = new HttpAuthzDetachObjectsGuardUtil(context);
+
+    expect(
+      util.isAuthorized(
+        "user",
+        "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
+        "group",
+        ["5d549988-a3bf-49d7-91ae-aeef65a073cc"],
+        "cool-app"
+      )
+    ).toBe(false);
+  });
+
+  it("Should not allow someone with permission to detach a specific group to a different user to detach the group to the user", () => {
+    const token = jwt.sign(
+      {
+        scopes: [
+          `cool-app:::user:4d2114ca-24e2-43e5-bddb-d9a6688b8340::group:680dddec-f0b9-4a01-b8b5-be725f946935:create`,
+        ],
+      },
+      "hello"
+    );
+
+    const context = {
+      switchToHttp: () => ({
+        getRequest: () => ({
+          headers: {
+            authorization: `Bearer ${token}`,
+          },
+          params: {
+            userId: "001d4f53-798b-4a0b-8ef7-330a7bf72147",
+          },
+          body: ["680dddec-f0b9-4a01-b8b5-be725f946935"],
+        }),
+      }),
+    } as ExecutionContext;
+
+    const util = new HttpAuthzDetachObjectsGuardUtil(context);
+
+    expect(
+      util.isAuthorized(
+        "user",
+        "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
+        "group",
+        ["5d549988-a3bf-49d7-91ae-aeef65a073cc"],
+        "cool-app"
+      )
+    ).toBe(false);
+  });
+
+  it("Should not allow someone with permission to detach a different specific permission to a user to detach the group to the user", () => {
+    const token = jwt.sign(
+      {
+        scopes: [
+          `cool-app:::user:4d2114ca-24e2-43e5-bddb-d9a6688b8340::group:680dddec-f0b9-4a01-b8b5-be725f946935:create`,
+        ],
+      },
+      "hello"
+    );
+
+    const context = {
+      switchToHttp: () => ({
+        getRequest: () => ({
+          headers: {
+            authorization: `Bearer ${token}`,
+          },
+          params: {
+            userId: "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
+          },
+          body: ["5be3176f-c066-4418-b682-18e16fd07b84"],
+        }),
+      }),
+    } as ExecutionContext;
+
+    const util = new HttpAuthzDetachObjectsGuardUtil(context);
+
+    expect(
+      util.isAuthorized(
+        "user",
+        "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
+        "group",
+        ["5d549988-a3bf-49d7-91ae-aeef65a073cc"],
+        "cool-app"
+      )
+    ).toBe(false);
+  });
+});

package/src/auth/http-authz.detach-objects.guard.util.ts

@@ -0,0 +1,48 @@
+import { ExecutionContext } from "@nestjs/common";
+import { HttpAuthzActionToSubObjectsGuardUtil } from "./http-authz.action-to-sub-objects.guard.util";
+
+/**
+ * Authorizes detachment of objects to another object by object id
+ */
+export class HttpAuthzDetachObjectsGuardUtil {
+  private _util: HttpAuthzActionToSubObjectsGuardUtil;
+
+  constructor(private readonly context: ExecutionContext) {
+    this._util = new HttpAuthzActionToSubObjectsGuardUtil(context, "delete");
+  }
+
+  /**
+   * @param {string} object The object name of object A
+   * @param {string} objectId The object ID of object A
+   * @param {string} detachObject The object name of objects B
+   * @param {string[]} detachObjectIds The object IDs of Objects B to attach to object A
+   * @param {string?} namespace (Optional) The namespace of objects A and B
+   */
+  public isAuthorized(
+    object: string,
+    objectId: string,
+    detachObject: string,
+    detachObjectIds: string[],
+    namespace?: string
+  ) {
+    return this._util.isAuthorized(
+      object,
+      objectId,
+      detachObject,
+      detachObjectIds,
+      namespace
+    );
+  }
+
+  public get params() {
+    return this._util.params;
+  }
+
+  public get query() {
+    return this._util.query;
+  }
+
+  public get body() {
+    return this._util.body;
+  }
+}

package/src/auth/{http-authz-guard.util.spec.ts → http-authz.guard.util.spec.ts}

@@ -2,7 +2,7 @@ import { ExecutionContext } from "@nestjs/common";
 import { instance, mock, when } from "ts-mockito";
 import { HttpArgumentsHost } from "@nestjs/common/interfaces/features/arguments-host.interface";
 import * as jwt from "jsonwebtoken";
-import { HttpAuthzGuardUtil } from "./http-authz-guard.util";
+import { HttpAuthzGuardUtil } from "./http-authz.guard.util";
 
 describe("HttpAuthzGuardUtil", () => {
   let mockedExecutionContext: ExecutionContext;

package/src/auth/index.ts

@@ -1,4 +1,5 @@
 export * from "./authenticator.interface";
 export * from "./topic-authorizor.interface";
 export * from "./fake-authenticator";
-export * from "./http-authz-guard.util";
+export * from "./http-authz.guard.util";
+export * from "./http-authz.attach-objects.guard.util";