@declaro/data 2.0.0-beta.126 → 2.0.0-beta.128

package/src/application/model-controller.ts

@@ -1,52 +1,92 @@
 import type { AuthValidator } from '@declaro/auth'
 import { PermissionValidator, type AnyModelSchema } from '@declaro/core'
 import type { ModelService, ICreateOptions, IUpdateOptions } from '../domain/services/model-service'
+import type { ILoadOptions } from '../domain/services/read-only-model-service'
 import type { InferDetail, InferFilters, InferInput, InferLookup, InferSummary } from '../shared/utils/schema-inference'
 import { ReadOnlyModelController } from './read-only-model-controller'
 
 export class ModelController<TSchema extends AnyModelSchema> extends ReadOnlyModelController<TSchema> {
-    constructor(protected readonly service: ModelService<TSchema>, protected readonly authValidator: AuthValidator) {
+    constructor(
+        protected readonly service: ModelService<TSchema>,
+        protected readonly authValidator: AuthValidator,
+    ) {
         super(service, authValidator)
     }
 
-    async create(input: InferInput<TSchema>): Promise<InferDetail<TSchema>> {
-        this.authValidator.validatePermissions((v) =>
-            v.someOf([
-                this.service.getDescriptor('create', '*').toString(),
-                this.service.getDescriptor('write', '*').toString(),
-            ]),
-        )
-        return this.service.create(input)
+    async createPermissions(input: InferInput<TSchema>, options?: ICreateOptions): Promise<PermissionValidator> {
+        return PermissionValidator.create().someOf([
+            this.service.getDescriptor('create', '*').toString(),
+            this.service.getDescriptor('write', '*').toString(),
+        ])
+    }
+
+    async create(input: InferInput<TSchema>, options?: ICreateOptions): Promise<InferDetail<TSchema>> {
+        const permissions = await this.createPermissions(input, options)
+        this.authValidator.validatePermissions((v) => v.extend(permissions))
+        return this.service.create(input, options)
+    }
+
+    async updatePermissions(
+        lookup: InferLookup<TSchema>,
+        input: InferInput<TSchema>,
+        options?: IUpdateOptions,
+    ): Promise<PermissionValidator> {
+        return PermissionValidator.create().someOf([
+            this.service.getDescriptor('update', '*').toString(),
+            this.service.getDescriptor('write', '*').toString(),
+        ])
+    }
+
+    async update(
+        lookup: InferLookup<TSchema>,
+        input: InferInput<TSchema>,
+        options?: IUpdateOptions,
+    ): Promise<InferDetail<TSchema>> {
+        const permissions = await this.updatePermissions(lookup, input, options)
+        this.authValidator.validatePermissions((v) => v.extend(permissions))
+        return this.service.update(lookup, input, options)
+    }
+
+    async removePermissions(lookup: InferLookup<TSchema>, options?: ILoadOptions): Promise<PermissionValidator> {
+        return PermissionValidator.create().someOf([
+            this.service.getDescriptor('remove', '*').toString(),
+            this.service.getDescriptor('write', '*').toString(),
+        ])
+    }
+
+    async remove(lookup: InferLookup<TSchema>, options?: ILoadOptions): Promise<InferSummary<TSchema>> {
+        const permissions = await this.removePermissions(lookup, options)
+        this.authValidator.validatePermissions((v) => v.extend(permissions))
+        return this.service.remove(lookup, options)
     }
 
-    async update(lookup: InferLookup<TSchema>, input: InferInput<TSchema>): Promise<InferDetail<TSchema>> {
-        this.authValidator.validatePermissions((v) =>
-            v.someOf([
-                this.service.getDescriptor('update', '*').toString(),
-                this.service.getDescriptor('write', '*').toString(),
-            ]),
-        )
-        return this.service.update(lookup, input)
+    async restorePermissions(lookup: InferLookup<TSchema>, options?: ILoadOptions): Promise<PermissionValidator> {
+        return PermissionValidator.create().someOf([
+            this.service.getDescriptor('restore', '*').toString(),
+            this.service.getDescriptor('write', '*').toString(),
+        ])
     }
 
-    async remove(lookup: InferLookup<TSchema>): Promise<InferSummary<TSchema>> {
-        this.authValidator.validatePermissions((v) =>
-            v.someOf([
-                this.service.getDescriptor('remove', '*').toString(),
-                this.service.getDescriptor('write', '*').toString(),
-            ]),
-        )
-        return this.service.remove(lookup)
+    async restore(lookup: InferLookup<TSchema>, options?: ILoadOptions): Promise<InferSummary<TSchema>> {
+        const permissions = await this.restorePermissions(lookup, options)
+        this.authValidator.validatePermissions((v) => v.extend(permissions))
+        return this.service.restore(lookup, options)
     }
 
-    async restore(lookup: InferLookup<TSchema>): Promise<InferSummary<TSchema>> {
-        this.authValidator.validatePermissions((v) =>
-            v.someOf([
-                this.service.getDescriptor('restore', '*').toString(),
-                this.service.getDescriptor('write', '*').toString(),
-            ]),
-        )
-        return this.service.restore(lookup)
+    async upsertPermissions(
+        input: InferInput<TSchema>,
+        options?: ICreateOptions | IUpdateOptions,
+    ): Promise<PermissionValidator> {
+        // Create nested validator for (create AND update) permissions
+        const createAndUpdateValidator = PermissionValidator.create().allOf([
+            this.service.getDescriptor('create', '*').toString(),
+            this.service.getDescriptor('update', '*').toString(),
+        ])
+
+        return PermissionValidator.create().someOf([
+            createAndUpdateValidator,
+            this.service.getDescriptor('write', '*').toString(),
+        ])
     }
 
     /**
@@ -56,16 +96,25 @@ export class ModelController<TSchema extends AnyModelSchema> extends ReadOnlyMod
      * @returns The upserted record.
      */
     async upsert(input: InferInput<TSchema>, options?: ICreateOptions | IUpdateOptions): Promise<InferDetail<TSchema>> {
+        const permissions = await this.upsertPermissions(input, options)
+        this.authValidator.validatePermissions((v) => v.extend(permissions))
+        return this.service.upsert(input, options)
+    }
+
+    async bulkUpsertPermissions(
+        inputs: InferInput<TSchema>[],
+        options?: ICreateOptions | IUpdateOptions,
+    ): Promise<PermissionValidator> {
         // Create nested validator for (create AND update) permissions
         const createAndUpdateValidator = PermissionValidator.create().allOf([
             this.service.getDescriptor('create', '*').toString(),
             this.service.getDescriptor('update', '*').toString(),
         ])
 
-        this.authValidator.validatePermissions((v) =>
-            v.someOf([createAndUpdateValidator, this.service.getDescriptor('write', '*').toString()]),
-        )
-        return this.service.upsert(input, options)
+        return PermissionValidator.create().someOf([
+            createAndUpdateValidator,
+            this.service.getDescriptor('write', '*').toString(),
+        ])
     }
 
     /**
@@ -78,18 +127,19 @@ export class ModelController<TSchema extends AnyModelSchema> extends ReadOnlyMod
         inputs: InferInput<TSchema>[],
         options?: ICreateOptions | IUpdateOptions,
     ): Promise<InferDetail<TSchema>[]> {
-        // Create nested validator for (create AND update) permissions
-        const createAndUpdateValidator = PermissionValidator.create().allOf([
-            this.service.getDescriptor('create', '*').toString(),
-            this.service.getDescriptor('update', '*').toString(),
-        ])
-
-        this.authValidator.validatePermissions((v) =>
-            v.someOf([createAndUpdateValidator, this.service.getDescriptor('write', '*').toString()]),
-        )
+        const permissions = await this.bulkUpsertPermissions(inputs, options)
+        this.authValidator.validatePermissions((v) => v.extend(permissions))
         return this.service.bulkUpsert(inputs, options)
     }
 
+    async permanentlyDeleteFromTrashPermissions(lookup: InferLookup<TSchema>): Promise<PermissionValidator> {
+        return PermissionValidator.create().someOf([
+            this.service.getDescriptor('permanently-delete-from-trash', '*').toString(),
+            this.service.getDescriptor('permanently-delete', '*').toString(),
+            this.service.getDescriptor('empty-trash', '*').toString(),
+        ])
+    }
+
     /**
      * Permanently deletes a specific entity from the trash.
      * Requires 'permanently-delete-from-trash', 'permanently-delete', or 'empty-trash' permission.
@@ -97,16 +147,15 @@ export class ModelController<TSchema extends AnyModelSchema> extends ReadOnlyMod
      * @returns The permanently deleted entity summary
      */
     async permanentlyDeleteFromTrash(lookup: InferLookup<TSchema>): Promise<InferSummary<TSchema>> {
-        this.authValidator.validatePermissions((v) =>
-            v.someOf([
-                this.service.getDescriptor('permanently-delete-from-trash', '*').toString(),
-                this.service.getDescriptor('permanently-delete', '*').toString(),
-                this.service.getDescriptor('empty-trash', '*').toString(),
-            ]),
-        )
+        const permissions = await this.permanentlyDeleteFromTrashPermissions(lookup)
+        this.authValidator.validatePermissions((v) => v.extend(permissions))
         return this.service.permanentlyDeleteFromTrash(lookup)
     }
 
+    async permanentlyDeletePermissions(lookup: InferLookup<TSchema>): Promise<PermissionValidator> {
+        return PermissionValidator.create().someOf([this.service.getDescriptor('permanently-delete', '*').toString()])
+    }
+
     /**
      * Permanently deletes an entity without moving it to trash first.
      * Requires 'permanently-delete' permission.
@@ -114,12 +163,15 @@ export class ModelController<TSchema extends AnyModelSchema> extends ReadOnlyMod
      * @returns The permanently deleted entity summary
      */
     async permanentlyDelete(lookup: InferLookup<TSchema>): Promise<InferSummary<TSchema>> {
-        this.authValidator.validatePermissions((v) =>
-            v.someOf([this.service.getDescriptor('permanently-delete', '*').toString()]),
-        )
+        const permissions = await this.permanentlyDeletePermissions(lookup)
+        this.authValidator.validatePermissions((v) => v.extend(permissions))
         return this.service.permanentlyDelete(lookup)
     }
 
+    async emptyTrashPermissions(filters?: InferFilters<TSchema>): Promise<PermissionValidator> {
+        return PermissionValidator.create().someOf([this.service.getDescriptor('empty-trash', '*').toString()])
+    }
+
     /**
      * Empties the trash by permanently deleting entities that have been marked as removed.
      * Requires 'empty-trash' permission.
@@ -127,9 +179,8 @@ export class ModelController<TSchema extends AnyModelSchema> extends ReadOnlyMod
      * @returns The count of entities permanently deleted
      */
     async emptyTrash(filters?: InferFilters<TSchema>): Promise<number> {
-        this.authValidator.validatePermissions((v) =>
-            v.someOf([this.service.getDescriptor('empty-trash', '*').toString()]),
-        )
+        const permissions = await this.emptyTrashPermissions(filters)
+        this.authValidator.validatePermissions((v) => v.extend(permissions))
         return this.service.emptyTrash(filters)
     }
 }

package/src/application/read-only-model-controller.ts

@@ -1,6 +1,6 @@
 import type { AuthValidator } from '@declaro/auth'
 import {} from '@declaro/auth'
-import type { AnyModelSchema } from '@declaro/core'
+import { PermissionValidator, type AnyModelSchema } from '@declaro/core'
 import type { ILoadOptions, ISearchOptions, ReadOnlyModelService } from '../domain/services/read-only-model-service'
 import type { InferDetail, InferFilters, InferLookup, InferSearchResults } from '../shared/utils/schema-inference'
 
@@ -10,39 +10,61 @@ export class ReadOnlyModelController<TSchema extends AnyModelSchema> {
         protected readonly authValidator: AuthValidator,
     ) {}
 
+    async loadPermissions(lookup: InferLookup<TSchema>): Promise<PermissionValidator> {
+        return PermissionValidator.create().someOf([
+            this.service.getDescriptor('load', '*').toString(),
+            this.service.getDescriptor('read', '*').toString(),
+        ])
+    }
+
     async load(lookup: InferLookup<TSchema>, options?: ILoadOptions): Promise<InferDetail<TSchema>> {
-        this.authValidator.validatePermissions((v) =>
-            v.someOf([
-                this.service.getDescriptor('load', '*').toString(),
-                this.service.getDescriptor('read', '*').toString(),
-            ]),
-        )
+        const permissions = await this.loadPermissions(lookup)
+        this.authValidator.validatePermissions((v) => v.extend(permissions))
         return this.service.load(lookup, options)
     }
 
+    async loadManyPermissions(lookups: InferLookup<TSchema>[]): Promise<PermissionValidator> {
+        return PermissionValidator.create().someOf([
+            this.service.getDescriptor('loadMany', '*').toString(),
+            this.service.getDescriptor('read', '*').toString(),
+        ])
+    }
+
     async loadMany(lookups: InferLookup<TSchema>[], options?: ILoadOptions): Promise<InferDetail<TSchema>[]> {
-        this.authValidator.validatePermissions((v) =>
-            v.someOf([
-                this.service.getDescriptor('loadMany', '*').toString(),
-                this.service.getDescriptor('read', '*').toString(),
-            ]),
-        )
+        const permissions = await this.loadManyPermissions(lookups)
+        this.authValidator.validatePermissions((v) => v.extend(permissions))
         return this.service.loadMany(lookups, options)
     }
 
+    async searchPermissions(
+        input: InferFilters<TSchema>,
+        options?: ISearchOptions<TSchema>,
+    ): Promise<PermissionValidator> {
+        return PermissionValidator.create().someOf([
+            this.service.getDescriptor('search', '*').toString(),
+            this.service.getDescriptor('read', '*').toString(),
+        ])
+    }
+
     async search(
         input: InferFilters<TSchema>,
         options?: ISearchOptions<TSchema>,
     ): Promise<InferSearchResults<TSchema>> {
-        this.authValidator.validatePermissions((v) =>
-            v.someOf([
-                this.service.getDescriptor('search', '*').toString(),
-                this.service.getDescriptor('read', '*').toString(),
-            ]),
-        )
+        const permissions = await this.searchPermissions(input, options)
+        this.authValidator.validatePermissions((v) => v.extend(permissions))
         return this.service.search(input, options)
     }
 
+    async countPermissions(
+        input: InferFilters<TSchema>,
+        options?: ISearchOptions<TSchema>,
+    ): Promise<PermissionValidator> {
+        return PermissionValidator.create().someOf([
+            this.service.getDescriptor('count', '*').toString(),
+            this.service.getDescriptor('read', '*').toString(),
+        ])
+    }
+
     /**
      * Count the number of records matching the given filters.
      * @param input The filters to apply to the count operation.
@@ -50,12 +72,8 @@ export class ReadOnlyModelController<TSchema extends AnyModelSchema> {
      * @returns The count of matching records.
      */
     async count(input: InferFilters<TSchema>, options?: ISearchOptions<TSchema>): Promise<number> {
-        this.authValidator.validatePermissions((v) =>
-            v.someOf([
-                this.service.getDescriptor('count', '*').toString(),
-                this.service.getDescriptor('read', '*').toString(),
-            ]),
-        )
+        const permissions = await this.countPermissions(input, options)
+        this.authValidator.validatePermissions((v) => v.extend(permissions))
         return this.service.count(input, options)
     }
 }