@entity-access/entity-access 1.0.2 → 1.0.6

package/src/tests/expressions/simple/parse-arrow.ts

@@ -43,4 +43,14 @@ export default function () {
     assert.equal(`starts_with("x"."firstName", $1)`, r.text);
     assert.equal("Akash", r.values[0]);
 
+    const code = "1235";
+    const key = 13434;
+    r = compiler.execute({name, code, key},
+        (p) => (x: KeyCode) =>
+            x.code === Sql.cast.asNumber(p.code) && x.key === Sql.cast.asText(p.key) );
+
+    assert.equal(`("x"."code" = ($1 ::double)) AND ("x"."key" = ($2 ::text))`, r.text);
+
 }
+
+type KeyCode = { name: string, code: number, key: string };

package/src/tests/model/ShoppingContext.ts

@@ -2,9 +2,8 @@ import EntityContext from "../../model/EntityContext.js";
 import Column from "../../decorators/Column.js";
 import ForeignKey from "../../decorators/ForeignKey.js";
 import Table from "../../decorators/Table.js";
-import PostgreSqlDriver from "../../drivers/postgres/PostgreSqlDriver.js";
-import { BaseDriver } from "../../drivers/base/BaseDriver.js";
-import { Console } from "console";
+
+export const statusPublished = "published";
 
 export class ShoppingContext extends EntityContext {
 
@@ -65,6 +64,9 @@ export class Product {
     @Column({ nullable: true })
     public ownerID: number;
 
+    @Column({ dataType: "Char", length: 20})
+    public status: string;
+
     public orderItems: OrderItem[];
 
     public prices: ProductPrice[];
@@ -123,8 +125,10 @@ export class ProductPrice {
     @Column({ nullable: true})
     public endDate?: Date;
 
+    @Column({ })
     public amount: number;
 
+    @Column({})
     public productID: number;
 
     @ForeignKey({

package/src/tests/model/createContext.ts

@@ -1,13 +1,13 @@
 import { IClassOf } from "../../decorators/IClassOf.js";
 import { BaseDriver } from "../../drivers/base/BaseDriver.js";
-import { ShoppingContext } from "./ShoppingContext.js";
+import { ShoppingContext, User, statusPublished } from "./ShoppingContext.js";
+
+const status = statusPublished;
 
 export async function createContext(driver: BaseDriver) {
 
-    const rn = "d" + Date.now();
     const copy = { ... driver } as BaseDriver;
     (copy as any).connectionString = { ... driver.connectionString };
-    copy.connectionString.database = rn;
     Object.setPrototypeOf(copy, Object.getPrototypeOf(driver));
     const context = new ShoppingContext(copy);
 
@@ -28,16 +28,42 @@ export async function createContext(driver: BaseDriver) {
 async function seed(context: ShoppingContext) {
     const now = new Date();
 
-    addHeadPhones(context, now);
+    // add admin user...
+    context.users.add({ dateCreated: new Date()});
+    // add seller
+    const seller = context.users.add({ dateCreated: new Date()});
+
+    addHeadPhones(context, now, seller);
+
+    const clothes = addMaleClothes(context, seller);
+
+    addFemaleClothes(context, seller);
 
-    const maleClothes = addMaleClothes(context);
+    await context.saveChanges();
 
-    const femaleClothes = addFemaleClothes(context);
+    const product = clothes[0];
+    const productPrice = product.prices[0];
+
+    const user = context.users.add({
+        dateCreated: new Date(),
+        orders: [
+            context.orders.add({
+                orderDate: new Date(),
+                orderItems:[
+                    context.orderItems.add({
+                        product,
+                        productPrice,
+                        amount: productPrice.amount
+                    })
+                ]
+            })
+        ]
+    });
 
     await context.saveChanges();
 }
 
-function addFemaleClothes(context: ShoppingContext) {
+function addFemaleClothes(context: ShoppingContext, owner: User) {
     const category = context.categories.add({
         name: "Female Clothes",
         categoryID: "clothes/female"
@@ -48,6 +74,8 @@ function addFemaleClothes(context: ShoppingContext) {
 
     context.products.add({
         name: "White T-Shirt",
+        owner,
+        status,
         categories: [
             context.productCategories.add({
                 category
@@ -64,6 +92,8 @@ function addFemaleClothes(context: ShoppingContext) {
 
     context.products.add({
         name: "Red T-Shirt",
+        status,
+        owner,
         categories: [
             context.productCategories.add({
                 category
@@ -80,6 +110,8 @@ function addFemaleClothes(context: ShoppingContext) {
 
     context.products.add({
         name: "Blue T-Shirt",
+        status,
+        owner,
         categories: [
             context.productCategories.add({
                 category
@@ -96,6 +128,8 @@ function addFemaleClothes(context: ShoppingContext) {
 
     context.products.add({
         name: "Pink T-Shirt",
+        status,
+        owner,
         categories: [
             context.productCategories.add({
                 category
@@ -111,7 +145,7 @@ function addFemaleClothes(context: ShoppingContext) {
     });
 }
 
-function addMaleClothes(context: ShoppingContext) {
+function addMaleClothes(context: ShoppingContext, owner: User) {
     const category = context.categories.add({
         name: "Male Clothes",
         categoryID: "clothes/male"
@@ -120,8 +154,10 @@ function addMaleClothes(context: ShoppingContext) {
     const startDate = new Date();
     const active = true;
 
-    context.products.add({
+    return [context.products.add({
         name: "White T-Shirt",
+        status,
+        owner,
         categories: [
             context.productCategories.add({
                 category
@@ -134,10 +170,11 @@ function addMaleClothes(context: ShoppingContext) {
                 startDate
             })
         ]
-    });
-
+    }),
     context.products.add({
         name: "Red T-Shirt",
+        status,
+        owner,
         categories: [
             context.productCategories.add({
                 category
@@ -150,10 +187,11 @@ function addMaleClothes(context: ShoppingContext) {
                 startDate
             })
         ]
-    });
-
+    }),
     context.products.add({
         name: "Blue T-Shirt",
+        status,
+        owner,
         categories: [
             context.productCategories.add({
                 category
@@ -166,10 +204,11 @@ function addMaleClothes(context: ShoppingContext) {
                 startDate
             })
         ]
-    });
-
+    }),
     context.products.add({
         name: "Pink T-Shirt",
+        status,
+        owner,
         categories: [
             context.productCategories.add({
                 category
@@ -182,11 +221,11 @@ function addMaleClothes(context: ShoppingContext) {
                 startDate
             })
         ]
-    });
+    })];
 }
 
 export const headPhoneCategory = "head-phones";
-function addHeadPhones(context: ShoppingContext, now: Date) {
+function addHeadPhones(context: ShoppingContext, now: Date, owner: User) {
     const category = context.categories.add({
         name: "Headphones",
         categoryID: headPhoneCategory
@@ -197,6 +236,8 @@ function addHeadPhones(context: ShoppingContext, now: Date) {
 
     context.products.add({
         name: "Jabber Head Phones",
+        owner,
+        status,
         categories: [
             context.productCategories.add({
                 category
@@ -213,6 +254,8 @@ function addHeadPhones(context: ShoppingContext, now: Date) {
 
     context.products.add({
         name: "Sony Head Phones",
+        owner,
+        status,
         categories: [
             context.productCategories.add({
                 category
@@ -229,6 +272,8 @@ function addHeadPhones(context: ShoppingContext, now: Date) {
 
     context.products.add({
         name: "Sony Head Phones Black",
+        status,
+        owner,
         categories: [
             context.productCategories.add({
                 category
@@ -245,6 +290,8 @@ function addHeadPhones(context: ShoppingContext, now: Date) {
 
     context.products.add({
         name: "Sony Head Phones Blue",
+        owner,
+        status,
         categories: [
             context.productCategories.add({
                 category
@@ -261,6 +308,8 @@ function addHeadPhones(context: ShoppingContext, now: Date) {
 
     context.products.add({
         name: "Jabber Head Phones Black",
+        status,
+        owner,
         categories: [
             context.productCategories.add({
                 category
@@ -277,6 +326,8 @@ function addHeadPhones(context: ShoppingContext, now: Date) {
 
     context.products.add({
         name: "Jabber Head Phones Blue",
+        owner,
+        status,
         categories: [
             context.productCategories.add({
                 category

package/src/tests/security/ShoppingContextEvents.ts

@@ -0,0 +1,20 @@
+import ContextEvents from "../../model/events/ContextEvents.js";
+import { Order, OrderItem, Product, ProductCategory, ProductPrice, User } from "../model/ShoppingContext.js";
+import { OrderEvents, OrderItemEvents } from "./events/OrderEvents.js";
+import { ProductEvents, ProductCategoryEvents, ProductPriceEvents } from "./events/ProductEvents.js";
+import { UserEvents } from "./events/UserEvents.js";
+
+export class ShoppingContextEvents extends ContextEvents {
+
+    constructor() {
+        super();
+
+        this.register(User, UserEvents);
+        this.register(Product, ProductEvents);
+        this.register(ProductCategory, ProductCategoryEvents);
+        this.register(ProductPrice, ProductPriceEvents);
+        this.register(Order, OrderEvents);
+        this.register(OrderItem, OrderItemEvents);
+    }
+
+}

package/src/tests/security/events/OrderEvents.ts

@@ -0,0 +1,72 @@
+import Inject from "../../../di/di.js";
+import { IEntityQuery } from "../../../model/IFilterWithParameter.js";
+import EntityEvents, { ForeignKeyFilter } from "../../../model/events/EntityEvents.js";
+import { Order, OrderItem, User } from "../../model/ShoppingContext.js";
+import { UserInfo } from "./UserInfo.js";
+
+export class OrderEvents extends EntityEvents<Order> {
+
+    @Inject
+    user: UserInfo;
+
+    filter(query: IEntityQuery<Order>): IEntityQuery<Order> {
+        if (this.user.admin) {
+            return null;
+        }
+        const { userID } = this.user;
+
+        // user can access orders placed by the user or orders with products owned by user
+
+        return query.where({ userID }, (p) => (x) => x.customerID === p.userID || x.orderItems.some((item) => item.product.ownerID === p.userID));
+    }
+
+    modify(query: IEntityQuery<Order>): IEntityQuery<Order> {
+        if (this.user.admin) {
+            return null;
+        }
+        const { userID } = this.user;
+        // user can only modify placed orders
+        return query.where({ userID }, (p) => (x) => x.customerID === p.userID || x.orderItems.some((item) => item.product.ownerID === p.userID));
+    }
+
+    onForeignKeyFilter(filter: ForeignKeyFilter<Order>): IEntityQuery<any> {
+        if (filter.is((x) => x.customer)) {
+            return filter.read();
+        }
+    }
+}
+
+export class OrderItemEvents extends EntityEvents<OrderItem> {
+
+    @Inject
+    user: UserInfo;
+
+    filter(query: IEntityQuery<OrderItem>): IEntityQuery<OrderItem> {
+        if (this.user.admin) {
+            return null;
+        }
+        const { userID } = this.user;
+
+        // user can access orders placed by the user or orders with products owned by user
+
+        return query.where({ userID }, (p) => (x) => x.order.customerID === p.userID || x.product.ownerID === p.userID);
+    }
+
+    modify(query: IEntityQuery<OrderItem>): IEntityQuery<OrderItem> {
+        if (this.user.admin) {
+            return null;
+        }
+        const { userID } = this.user;
+        // user can only modify placed orders
+        return query.where({ userID }, (p) => (x) => x.order.customerID === p.userID || x.product.ownerID === p.userID);
+    }
+
+    onForeignKeyFilter(filter: ForeignKeyFilter<OrderItem>): IEntityQuery<any> {
+        if (filter.is((x) => x.product)) {
+            return filter.read();
+        }
+        if (filter.is((x) => x.productPrice)) {
+            return filter.read();
+        }
+    }
+}

package/src/tests/security/events/ProductEvents.ts

@@ -0,0 +1,92 @@
+import EntityAccessError from "../../../common/EntityAccessError.js";
+import Inject from "../../../di/di.js";
+import { IEntityQuery } from "../../../model/IFilterWithParameter.js";
+import EntityEvents from "../../../model/events/EntityEvents.js";
+import { Product, ProductCategory, ProductPrice } from "../../model/ShoppingContext.js";
+import { UserInfo } from "./UserInfo.js";
+const statusPublished = "published";
+
+export class ProductEvents extends EntityEvents<Product> {
+
+    @Inject
+    user: UserInfo;
+
+    filter(query: IEntityQuery<Product>): IEntityQuery<Product> {
+        const { userID } = this.user;
+
+        // admin can access everything so return null
+        if (this.user.admin) {
+            return null;
+        }
+        // everyone can read published or own products
+        return query.where({ userID, statusPublished }, (p) => (x) => x.ownerID === p.userID || x.status === p.statusPublished);
+    }
+
+    modify(query: IEntityQuery<Product>): IEntityQuery<Product> {
+        const { userID } = this.user;
+
+        // admin can access everything so return null
+        if (this.user.admin) {
+            return null;
+        }
+
+        // customer can modify its own products
+        return query.where({ userID }, (p) => (x) => x.ownerID === p.userID);
+    }
+
+}
+
+export class ProductCategoryEvents extends EntityEvents<ProductCategory> {
+
+    @Inject
+    user: UserInfo;
+
+    filter(query: IEntityQuery<ProductCategory>): IEntityQuery<ProductCategory> {
+        return null;
+    }
+
+    modify(query: IEntityQuery<ProductCategory>): IEntityQuery<ProductCategory> {
+        const { userID } = this.user;
+
+        // admin can access everything so return null
+        if (this.user.admin) {
+            return null;
+        }
+
+        EntityAccessError.throw("Access denied");
+    }
+
+}
+
+
+export class ProductPriceEvents extends EntityEvents<ProductPrice> {
+
+    @Inject
+    user: UserInfo;
+
+    filter(query: IEntityQuery<ProductPrice>): IEntityQuery<ProductPrice> {
+
+        const { userID } = this.user;
+
+        // admin can access everything so return null
+        if (this.user.admin) {
+            return null;
+        }
+
+        // user can view prices of only published or own products
+        return query.where({ userID, statusPublished } , (p) => (x) => x.product.status === p.statusPublished || x.product.ownerID === p.userID);
+    }
+
+    modify(query: IEntityQuery<ProductPrice>): IEntityQuery<ProductPrice> {
+        const { userID } = this.user;
+
+        // admin can access everything so return null
+        if (this.user.admin) {
+            return null;
+        }
+
+        // user can only edit its own prices
+        return query.where({ userID }, (p) => (x) => x.product.ownerID === p.userID);
+    }
+
+}

package/src/tests/security/events/UserEvents.ts

@@ -0,0 +1,28 @@
+import Inject from "../../../di/di.js";
+import { IEntityQuery } from "../../../model/IFilterWithParameter.js";
+import EntityEvents from "../../../model/events/EntityEvents.js";
+import { User } from "../../model/ShoppingContext.js";
+import { UserInfo } from "./UserInfo.js";
+export class UserEvents extends EntityEvents<User> {
+
+    @Inject
+    user: UserInfo;
+
+    filter(query: IEntityQuery<User>): IEntityQuery<User> {
+        if (this.user.admin) {
+            return null;
+        }
+        const { userID } = this.user;
+        return query.where({ userID }, (p) => (x) => x.userID === p.userID
+            || x.orders.some(
+                (op) => op.orderItems.some((oi) => oi.product.ownerID === p.userID)));
+    }
+
+    modify(query: IEntityQuery<User>): IEntityQuery<User> {
+        if (this.user.admin) {
+            return null;
+        }
+        const { userID } = this.user;
+        return query.where({ userID}, (p) => (x) => x.userID === p.userID);
+    }
+}

package/src/tests/security/events/UserInfo.ts

@@ -0,0 +1,7 @@
+import { RegisterScoped } from "../../../di/di.js";
+
+@RegisterScoped
+export class UserInfo {
+    public userID: number;
+    public admin: boolean;
+}

package/src/tests/security/tests/include-items.ts

@@ -0,0 +1,19 @@
+import assert from "assert";
+import { TestConfig } from "../../TestConfig.js";
+import { createContext } from "../../model/createContext.js";
+import { ShoppingContext } from "../../model/ShoppingContext.js";
+import Logger from "../../../common/Logger.js";
+
+export default async function (this: TestConfig) {
+
+    const old = await createContext(this.driver);
+
+    const context = new ShoppingContext(old.driver, void 0, Logger.instance);
+    const order = await context.orders.all()
+        .where({id: 0}, (p) => (x) => x.orderID > p.id)
+        .include((x) => x.orderItems.forEach((oi) => oi.productPrice.product))
+        .first();
+
+    assert.notEqual(null, order);
+
+}

package/src/tests/security/tests/place-order.ts

@@ -0,0 +1,104 @@
+import assert from "assert";
+import Logger from "../../../common/Logger.js";
+import { ServiceProvider } from "../../../di/di.js";
+import { BaseDriver } from "../../../drivers/base/BaseDriver.js";
+import ContextEvents from "../../../model/events/ContextEvents.js";
+import { TestConfig } from "../../TestConfig.js";
+import { ShoppingContext, User } from "../../model/ShoppingContext.js";
+import { createContext } from "../../model/createContext.js";
+import { ShoppingContextEvents } from "../ShoppingContextEvents.js";
+import { UserInfo } from "../events/UserInfo.js";
+
+export default async function(this: TestConfig) {
+
+    const customer = await createUser(this);
+
+    await addNewOrder.call(this, customer);
+
+    try {
+        await addNewOrder.call(this, customer, 1);
+        assert.fail("No error thrown");
+    } catch(error) {
+
+    }
+
+    await getNewOrders.call(this);
+
+}
+
+async function getNewOrders(this: TestConfig) {
+    const scope = ServiceProvider.global.createScope();
+    try {
+        const user = new UserInfo();
+        user.userID = 2;
+        scope.add(Logger, Logger.instance);
+        scope.add(BaseDriver, this.driver);
+        scope.add(UserInfo, user);
+        scope.add(ContextEvents, new ShoppingContextEvents());
+        const context = scope.create(ShoppingContext);
+        context.verifyFilters = true;
+
+        const order = await context.orders.all().first();
+
+        order.orderDate = new Date();
+        await context.saveChanges();
+
+    } finally {
+        scope.dispose();
+    }
+}
+
+async function addNewOrder(this: TestConfig, customer: User, userID?) {
+    const scope = ServiceProvider.global.createScope();
+    try {
+        const user = new UserInfo();
+        user.userID = userID ?? customer.userID;
+        scope.add(Logger, Logger.instance);
+        scope.add(BaseDriver, this.driver);
+        scope.add(UserInfo, user);
+        scope.add(ContextEvents, new ShoppingContextEvents());
+        const context = scope.create(ShoppingContext);
+        context.verifyFilters = true;
+
+        // get first headphone...
+        const headPhone = await context.products.all().firstOrFail();
+        const headPhonePrice = await context.productPrices.where({ id: headPhone.productID }, (p) => (x) => x.productID === p.id).firstOrFail();
+
+        context.orders.add({
+            customer,
+            orderDate: new Date(),
+            orderItems: [
+                context.orderItems.add({
+                    product: headPhone,
+                    productPrice: headPhonePrice,
+                    amount: headPhonePrice.amount,
+                })
+            ]
+        });
+
+        await context.saveChanges();
+
+        // lets filter the orders
+
+        const f = context.orders.filtered();
+        const myOrders = await f.count();
+        assert.equal(1, myOrders);
+
+        const all = await context.orders.all().count();
+        assert.notEqual(all, myOrders);
+
+    } finally {
+        scope.dispose();
+    }
+}
+
+async function createUser(config: TestConfig) {
+    const context = await createContext(config.driver);
+    config.driver.connectionString.database = context.driver.connectionString.database;
+    const user = context.users.add({
+        dateCreated: new Date()
+    });
+    await context.saveChanges();
+    return user;
+}
+

package/test.js

@@ -40,10 +40,8 @@ export default class TestRunner {
                 options: {
                     encrypt: true, // for azure
                     trustServerCertificate: true // change to true for local dev / self-signed certs
-                },
-                debug: true
+                }
             })
-
         ];
     }
 
@@ -89,14 +87,17 @@ export default class TestRunner {
 
 }
 
+const testDb = !process.argv.includes("no-db");
 
-await TestRunner.runAll("./dist/tests", true);
+await TestRunner.runAll("./dist/tests", testDb);
 
 let exitCode = 0;
+let failed = 0;
 
 for (const { error, name } of results) {
     if (error) {
         exitCode = 1;
+        failed++;
         console.error(`${name} failed`);
         console.error(error?.stack ?? error);
         continue;
@@ -104,4 +105,10 @@ for (const { error, name } of results) {
     console.log(`${name} executed.`);
 }
 
+if (exitCode === 0) {
+    console.log(`${results.length} tests ran successfully.`);
+} else {
+    console.log(`${failed} Tests out of ${results.length} failed.`);
+}
+
 process.exit(exitCode);

package/tsconfig.json

@@ -2,10 +2,12 @@
     "compilerOptions": {
         "target": "ESNext",
         "module":"NodeNext",
+        "incremental": true,
         "sourceMap": true,
         "declaration": true,
         "declarationMap": true,
         "outDir": "dist",
+        "skipDefaultLibCheck": true,
         "experimentalDecorators": true,
         "emitDecoratorMetadata": true,
         "lib": [

package/src/decorators/parser/MemberParser.ts

@@ -1,8 +0,0 @@
-export default class NameParser {
-    public static parseMember(text: ((a: any) => any)) {
-        const t: string = text.toString();
-
-        const index = t.lastIndexOf(".");
-        return t.substring(index + 1);
-    }
-}