@klerick/acl-json-api-nestjs 0.1.0

package/src/lib/wrappers/wrapper-json-method-controller/method-proxy/get-all-proxy.js

@@ -0,0 +1,67 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getAllProxy = getAllProxy;
+const json_api_nestjs_1 = require("@klerick/json-api-nestjs");
+const factories_1 = require("../../../factories");
+const utils_1 = require("../../../utils");
+function getAllProxy(moduleRef) {
+    return async function getAllBind(query) {
+        const extendAbility = moduleRef.get(factories_1.ExtendAbility, { strict: false });
+        const aclPrepared = (0, utils_1.prepareAclQuery)(extendAbility, query);
+        if (!aclPrepared) {
+            return this.getAll(query);
+        }
+        (0, utils_1.validateNoCurrentInRules)(extendAbility, 'getAllProxy');
+        const { transformToJsonApi, aclQueryData, mergedQuery } = aclPrepared;
+        // Fetch entity with ACL conditions - handle errors from invalid ACL rules
+        let result;
+        try {
+            result = await this.getAll(mergedQuery, transformToJsonApi, aclQueryData?.rulesForQuery);
+        }
+        catch (error) {
+            throw (0, utils_1.handleAclQueryError)(error, extendAbility.subject, 'getAllProxy');
+        }
+        // If already transformed by ORM, return as is
+        if (transformToJsonApi) {
+            return result;
+        }
+        // Manual transformation with field filtering
+        const { totalItems, items } = result;
+        const { page } = query;
+        // Build meta
+        const meta = {
+            totalItems,
+            pageNumber: page.number,
+            pageSize: page.size,
+        };
+        // If empty, return immediately
+        if (totalItems === 0 || items.length === 0) {
+            return { meta, data: [] };
+        }
+        const fieldsForCheck = (0, utils_1.extractFieldsForCheck)(moduleRef, items[0], query, aclQueryData);
+        const { entityParamMap } = (0, utils_1.getCurrentEntityAndParamMap)(moduleRef);
+        // Field filtering logic
+        const fieldRestrictions = [];
+        for (const item of items) {
+            const restrictedFields = (0, utils_1.processItemFieldRestrictions)(item, fieldsForCheck, extendAbility, query, aclQueryData);
+            if (restrictedFields.length > 0) {
+                fieldRestrictions.push({
+                    [entityParamMap.primaryColumnName]: Reflect.get(item, entityParamMap.primaryColumnName),
+                    fields: restrictedFields,
+                });
+            }
+        }
+        // Transform data using JsonApiTransformerService
+        const jsonApiTransformerService = moduleRef.get(json_api_nestjs_1.JsonApiTransformerService);
+        const { data, included } = jsonApiTransformerService.transformData(items, query);
+        return {
+            meta: {
+                ...meta,
+                ...(fieldRestrictions.length > 0 && { fieldRestrictions }),
+            },
+            data,
+            ...(included ? { included } : {}),
+        };
+    };
+}
+//# sourceMappingURL=get-all-proxy.js.map

package/src/lib/wrappers/wrapper-json-method-controller/method-proxy/get-all-proxy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"get-all-proxy.js","sourceRoot":"","sources":["../../../../../../../../../libs/acl-permissions/nestjs-acl-permissions/src/lib/wrappers/wrapper-json-method-controller/method-proxy/get-all-proxy.ts"],"names":[],"mappings":";;AAgBA,kCA2GC;AA3HD,8DAIkC;AAElC,kDAAmD;AACnD,0CAOwB;AAExB,SAAgB,WAAW,CACzB,SAAoB;IAEpB,OAAO,KAAK,UAAU,UAAU,CAE9B,KAAoD;QAEpD,MAAM,aAAa,GAAG,SAAS,CAAC,GAAG,CAAC,yBAAa,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;QAEtE,MAAM,WAAW,GAAG,IAAA,uBAAe,EACjC,aAAa,EACb,KAAK,CACN,CAAC;QAEF,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,OAAO,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAC5B,CAAC;QAED,IAAA,gCAAwB,EAAC,aAAa,EAAE,aAAa,CAAC,CAAC;QAEvD,MAAM,EAAE,kBAAkB,EAAE,YAAY,EAAE,WAAW,EAAE,GAAG,WAAW,CAAC;QAGtE,0EAA0E;QAC1E,IAAI,MAA2D,CAAC;QAChE,IAAI,CAAC;YACH,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CACxB,WAAW,EACX,kBAAkB,EAClB,YAAY,EAAE,aAAa,CAC5B,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,IAAA,2BAAmB,EAAC,KAAK,EAAE,aAAa,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;QACzE,CAAC;QAED,8CAA8C;QAC9C,IAAI,kBAAkB,EAAE,CAAC;YACvB,OAAO,MAAM,CAAC;QAChB,CAAC;QAED,6CAA6C;QAC7C,MAAM,EAAE,UAAU,EAAE,KAAK,EAAE,GAAG,MAA4C,CAAC;QAC3E,MAAM,EAAE,IAAI,EAAE,GAAG,KAAK,CAAC;QAEvB,aAAa;QACb,MAAM,IAAI,GAAG;YACX,UAAU;YACV,UAAU,EAAE,IAAI,CAAC,MAAM;YACvB,QAAQ,EAAE,IAAI,CAAC,IAAI;SACpB,CAAC;QAEF,+BAA+B;QAC/B,IAAI,UAAU,KAAK,CAAC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC3C,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC;QAC5B,CAAC;QAED,MAAM,cAAc,GAAG,IAAA,6BAAqB,EAC1C,SAAS,EACT,KAAK,CAAC,CAAC,CAAC,EACR,KAAK,EACL,YAAY,CACb,CAAC;QAEF,MAAM,EAAE,cAAc,EAAE,GAAG,IAAA,mCAA2B,EAAC,SAAS,CAAC,CAAC;QAElE,wBAAwB;QACxB,MAAM,iBAAiB,GAA2C,EAAE,CAAC;QAErE,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,MAAM,gBAAgB,GAAG,IAAA,oCAA4B,EACnD,IAAI,EACJ,cAAc,EACd,aAAa,EACb,KAAK,EACL,YAAY,CACb,CAAC;YAEF,IAAI,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAChC,iBAAiB,CAAC,IAAI,CAAC;oBACrB,CAAC,cAAc,CAAC,iBAAiB,CAAC,EAAE,OAAO,CAAC,GAAG,CAC7C,IAAI,EACJ,cAAc,CAAC,iBAAiB,CACxB;oBACV,MAAM,EAAE,gBAAgB;iBACzB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,iDAAiD;QACjD,MAAM,yBAAyB,GAAG,SAAS,CAAC,GAAG,CAE7C,2CAAyB,CAAC,CAAC;QAE7B,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,GAAG,yBAAyB,CAAC,aAAa,CAChE,KAAK,EACL,KAAK,CACN,CAAC;QAEF,OAAO;YACL,IAAI,EAAE;gBACJ,GAAG,IAAI;gBACP,GAAG,CAAC,iBAAiB,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,iBAAiB,EAAE,CAAC;aAC3D;YACD,IAAI;YACJ,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SAClC,CAAC;IACJ,CAAC,CAAC;AACJ,CAAC"}

package/src/lib/wrappers/wrapper-json-method-controller/method-proxy/get-one-proxy.d.ts

@@ -0,0 +1,12 @@
+import { ModuleRef } from '@nestjs/core';
+import { OrmService } from '@klerick/json-api-nestjs';
+export declare function getOneProxy<E extends object, IdKey extends string>(moduleRef: ModuleRef): (this: OrmService<E, IdKey>, id: Parameters<OrmService<E, IdKey>["getOne"]>[0], query: Parameters<OrmService<E, IdKey>["getOne"]>[1]) => Promise<E | import("dist/libs/json-api/json-api-nestjs-shared/cjs/src").ResourceObject<E, "object", null, IdKey> | {
+    included?: import("dist/libs/json-api/json-api-nestjs-shared/cjs/src").Include<E, IdKey>[] | undefined;
+    meta: {
+        fieldRestrictions?: {
+            id: IdKey;
+            fields: string[];
+        }[] | undefined;
+    };
+    data: import("dist/libs/json-api/json-api-nestjs-shared/cjs/src").ResourceData<E, IdKey>;
+}>;

package/src/lib/wrappers/wrapper-json-method-controller/method-proxy/get-one-proxy.js

@@ -0,0 +1,50 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getOneProxy = getOneProxy;
+const json_api_nestjs_1 = require("@klerick/json-api-nestjs");
+const factories_1 = require("../../../factories");
+const utils_1 = require("../../../utils");
+function getOneProxy(moduleRef) {
+    return async function getOneBind(id, query) {
+        const extendAbility = moduleRef.get(factories_1.ExtendAbility, { strict: false });
+        const aclPrepared = (0, utils_1.prepareAclQuery)(extendAbility, query);
+        if (!aclPrepared) {
+            return this.getOne(id, query);
+        }
+        (0, utils_1.validateNoCurrentInRules)(extendAbility, 'getOneProxy');
+        const { transformToJsonApi, aclQueryData, mergedQuery } = aclPrepared;
+        // Fetch entity with ACL conditions - handle errors from invalid ACL rules
+        let result;
+        try {
+            result = await this.getOne(id, mergedQuery, transformToJsonApi, aclQueryData?.rulesForQuery);
+        }
+        catch (error) {
+            throw (0, utils_1.handleAclQueryError)(error, extendAbility.subject, 'getOneProxy');
+        }
+        // If already transformed by ORM, return as is
+        if (transformToJsonApi) {
+            return result;
+        }
+        const resultItem = result;
+        const fieldsForCheck = (0, utils_1.extractFieldsForCheck)(moduleRef, resultItem, query, aclQueryData);
+        const { entityParamMap } = (0, utils_1.getCurrentEntityAndParamMap)(moduleRef);
+        const fieldRestrictions = [];
+        const restrictedFields = (0, utils_1.processItemFieldRestrictions)(resultItem, fieldsForCheck, extendAbility, query, aclQueryData);
+        if (restrictedFields.length > 0) {
+            fieldRestrictions.push({
+                [entityParamMap.primaryColumnName]: Reflect.get(resultItem, entityParamMap.primaryColumnName),
+                fields: restrictedFields,
+            });
+        }
+        const jsonApiTransformerService = moduleRef.get(json_api_nestjs_1.JsonApiTransformerService);
+        const { data, included } = jsonApiTransformerService.transformData(resultItem, query);
+        return {
+            meta: {
+                ...(fieldRestrictions.length > 0 && { fieldRestrictions }),
+            },
+            data,
+            ...(included ? { included } : {}),
+        };
+    };
+}
+//# sourceMappingURL=get-one-proxy.js.map

package/src/lib/wrappers/wrapper-json-method-controller/method-proxy/get-one-proxy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"get-one-proxy.js","sourceRoot":"","sources":["../../../../../../../../../libs/acl-permissions/nestjs-acl-permissions/src/lib/wrappers/wrapper-json-method-controller/method-proxy/get-one-proxy.ts"],"names":[],"mappings":";;AAgBA,kCA0FC;AAzGD,8DAIkC;AAClC,kDAAmD;AACnD,0CAOwB;AAExB,SAAgB,WAAW,CACzB,SAAoB;IAEpB,OAAO,KAAK,UAAU,UAAU,CAE9B,EAAiD,EACjD,KAAoD;QAEpD,MAAM,aAAa,GAAG,SAAS,CAAC,GAAG,CAAC,yBAAa,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;QAEtE,MAAM,WAAW,GAAG,IAAA,uBAAe,EACjC,aAAa,EACb,KAAK,CACN,CAAC;QAEF,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,OAAO,IAAI,CAAC,MAAM,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC;QAChC,CAAC;QAED,IAAA,gCAAwB,EAAC,aAAa,EAAE,aAAa,CAAC,CAAC;QAEvD,MAAM,EAAE,kBAAkB,EAAE,YAAY,EAAE,WAAW,EAAE,GAAG,WAAW,CAAC;QAEtE,0EAA0E;QAC1E,IAAI,MAA2D,CAAC;QAEhE,IAAI,CAAC;YACH,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CACxB,EAAE,EACF,WAAW,EACX,kBAAkB,EAClB,YAAY,EAAE,aAAa,CAC5B,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,IAAA,2BAAmB,EAAC,KAAK,EAAE,aAAa,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;QACzE,CAAC;QAED,8CAA8C;QAC9C,IAAI,kBAAkB,EAAE,CAAC;YACvB,OAAO,MAAM,CAAC;QAChB,CAAC;QAED,MAAM,UAAU,GAAG,MAAW,CAAC;QAE/B,MAAM,cAAc,GAAG,IAAA,6BAAqB,EAC1C,SAAS,EACT,UAAU,EACV,KAAK,EACL,YAAY,CACb,CAAC;QAEF,MAAM,EAAE,cAAc,EAAE,GAAG,IAAA,mCAA2B,EAAC,SAAS,CAAC,CAAC;QAElE,MAAM,iBAAiB,GAA2C,EAAE,CAAC;QAErE,MAAM,gBAAgB,GAAG,IAAA,oCAA4B,EACnD,UAAU,EACV,cAAc,EACd,aAAa,EACb,KAAK,EACL,YAAY,CACb,CAAC;QAEF,IAAI,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAChC,iBAAiB,CAAC,IAAI,CAAC;gBACrB,CAAC,cAAc,CAAC,iBAAiB,CAAC,EAAE,OAAO,CAAC,GAAG,CAC7C,UAAU,EACV,cAAc,CAAC,iBAAiB,CACxB;gBACV,MAAM,EAAE,gBAAgB;aACzB,CAAC,CAAC;QACL,CAAC;QAED,MAAM,yBAAyB,GAAG,SAAS,CAAC,GAAG,CAE7C,2CAAyB,CAAC,CAAC;QAE7B,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,GAAG,yBAAyB,CAAC,aAAa,CAChE,UAAU,EACV,KAAK,CACN,CAAC;QAEF,OAAO;YACL,IAAI,EAAE;gBACJ,GAAG,CAAC,iBAAiB,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,iBAAiB,EAAE,CAAC;aAC3D;YACD,IAAI;YACJ,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SAClC,CAAC;IACJ,CAAC,CAAA;AACH,CAAC"}

package/src/lib/wrappers/wrapper-json-method-controller/method-proxy/get-relationship-proxy.d.ts

@@ -0,0 +1,4 @@
+import { OrmService } from '@klerick/json-api-nestjs';
+import { ModuleRef } from '@nestjs/core';
+import { RelationKeys } from '@klerick/json-api-nestjs-shared';
+export declare function getRelationshipProxy<E extends object, IdKey extends string>(moduleRef: ModuleRef): <Rel extends RelationKeys<E, IdKey>>(this: OrmService<E, IdKey>, id: IdKey, rel: Rel) => Promise<import("@klerick/json-api-nestjs-shared").ResourceObjectRelationships<E, IdKey, Rel>>;

package/src/lib/wrappers/wrapper-json-method-controller/method-proxy/get-relationship-proxy.js

@@ -0,0 +1,50 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getRelationshipProxy = getRelationshipProxy;
+const factories_1 = require("../../../factories");
+const utils_1 = require("../../../utils");
+const ability_1 = require("@casl/ability");
+const common_1 = require("@nestjs/common");
+function getRelationshipProxy(moduleRef) {
+    return async function getOneBind(id, rel) {
+        const extendAbility = moduleRef.get(factories_1.ExtendAbility, { strict: false });
+        const aclPrepared = (0, utils_1.prepareAclQuery)(extendAbility, {
+            include: [rel],
+            fields: null,
+        }, false);
+        if (!aclPrepared) {
+            return this.getRelationship(id, rel);
+        }
+        (0, utils_1.validateNoCurrentInRules)(extendAbility, 'getRelationshipProxy');
+        const { mergedQuery } = aclPrepared;
+        let result;
+        try {
+            result = await this.getOne(id, {
+                fields: null,
+                include: mergedQuery.include,
+            }, false, undefined);
+        }
+        catch (error) {
+            throw (0, utils_1.handleAclQueryError)(error, extendAbility.subject, 'getRelationshipProxy');
+        }
+        const resultItem = result;
+        extendAbility.updateWithInput(resultItem);
+        if (!extendAbility.can(extendAbility.action, (0, ability_1.subject)(extendAbility.subject, resultItem), rel.toString())) {
+            common_1.Logger.debug(`Access denied for (action: ${extendAbility.action}, subject: ${extendAbility.subject}), field ${rel.toString()}`, 'getRelationshipProxy', {
+                subject: resultItem,
+                rules: extendAbility.rules,
+            });
+            throw new common_1.ForbiddenException([
+                {
+                    code: 'forbidden',
+                    message: `not allow "${extendAbility.action}"`,
+                    path: ['action'],
+                },
+            ], {
+                description: `Access denied for ${extendAbility.action} on ${extendAbility.subject}`,
+            });
+        }
+        return this.getRelationship(id, rel);
+    };
+}
+//# sourceMappingURL=get-relationship-proxy.js.map

package/src/lib/wrappers/wrapper-json-method-controller/method-proxy/get-relationship-proxy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"get-relationship-proxy.js","sourceRoot":"","sources":["../../../../../../../../../libs/acl-permissions/nestjs-acl-permissions/src/lib/wrappers/wrapper-json-method-controller/method-proxy/get-relationship-proxy.ts"],"names":[],"mappings":";;AAYA,oDA+EC;AAxFD,kDAAmD;AACnD,0CAIwB;AACxB,2CAAwC;AACxC,2CAA4D;AAE5D,SAAgB,oBAAoB,CAClC,SAAoB;IAEpB,OAAO,KAAK,UAAU,UAAU,CAE9B,EAAS,EACT,GAAQ;QAER,MAAM,aAAa,GAAG,SAAS,CAAC,GAAG,CAAC,yBAAa,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;QAEtE,MAAM,WAAW,GAAG,IAAA,uBAAe,EACjC,aAAa,EACb;YACE,OAAO,EAAE,CAAC,GAAU,CAAC;YACrB,MAAM,EAAE,IAAI;SACb,EACD,KAAK,CACN,CAAC;QACF,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,OAAO,IAAI,CAAC,eAAe,CAAC,EAAE,EAAE,GAAG,CAAC,CAAC;QACvC,CAAC;QAED,IAAA,gCAAwB,EAAC,aAAa,EAAE,sBAAsB,CAAC,CAAC;QAEhE,MAAM,EAAE,WAAW,EAAE,GAAG,WAAW,CAAC;QAEpC,IAAI,MAA2D,CAAC;QAEhE,IAAI,CAAC;YACH,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CACxB,EAAE,EACF;gBACE,MAAM,EAAE,IAAI;gBACZ,OAAO,EAAE,WAAW,CAAC,OAAO;aAC7B,EACD,KAAK,EACL,SAAS,CACV,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,IAAA,2BAAmB,EACvB,KAAK,EACL,aAAa,CAAC,OAAO,EACrB,sBAAsB,CACvB,CAAC;QACJ,CAAC;QAED,MAAM,UAAU,GAAG,MAAW,CAAC;QAC/B,aAAa,CAAC,eAAe,CAAC,UAAU,CAAC,CAAC;QAC1C,IACE,CAAC,aAAa,CAAC,GAAG,CAChB,aAAa,CAAC,MAAM,EACpB,IAAA,iBAAO,EAAC,aAAa,CAAC,OAAO,EAAE,UAAU,CAAC,EAC1C,GAAG,CAAC,QAAQ,EAAE,CACf,EACD,CAAC;YACD,eAAM,CAAC,KAAK,CACV,8BAA8B,aAAa,CAAC,MAAM,cAAc,aAAa,CAAC,OAAO,YAAY,GAAG,CAAC,QAAQ,EAAE,EAAE,EACjH,sBAAsB,EACtB;gBACE,OAAO,EAAE,UAAU;gBACnB,KAAK,EAAE,aAAa,CAAC,KAAK;aAC3B,CACF,CAAC;YACF,MAAM,IAAI,2BAAkB,CAC1B;gBACE;oBACE,IAAI,EAAE,WAAW;oBACjB,OAAO,EAAE,cAAc,aAAa,CAAC,MAAM,GAAG;oBAC9C,IAAI,EAAE,CAAC,QAAQ,CAAC;iBACjB;aACF,EACD;gBACE,WAAW,EAAE,qBAAqB,aAAa,CAAC,MAAM,OAAO,aAAa,CAAC,OAAO,EAAE;aACrF,CACF,CAAC;QACJ,CAAC;QAED,OAAO,IAAI,CAAC,eAAe,CAAC,EAAE,EAAE,GAAG,CAAC,CAAC;IACvC,CAAC,CAAC;AACJ,CAAC"}

package/src/lib/wrappers/wrapper-json-method-controller/method-proxy/index.d.ts

@@ -0,0 +1,9 @@
+export * from './get-all-proxy';
+export * from './get-one-proxy';
+export * from './delete-one-proxy';
+export * from './patch-one-proxy';
+export * from './post-one-proxy';
+export * from './get-relationship-proxy';
+export * from './delete-relationship-proxy';
+export * from './post-relationship-proxy';
+export * from './patch-relationship-proxy';

package/src/lib/wrappers/wrapper-json-method-controller/method-proxy/index.js

@@ -0,0 +1,13 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const tslib_1 = require("tslib");
+tslib_1.__exportStar(require("./get-all-proxy"), exports);
+tslib_1.__exportStar(require("./get-one-proxy"), exports);
+tslib_1.__exportStar(require("./delete-one-proxy"), exports);
+tslib_1.__exportStar(require("./patch-one-proxy"), exports);
+tslib_1.__exportStar(require("./post-one-proxy"), exports);
+tslib_1.__exportStar(require("./get-relationship-proxy"), exports);
+tslib_1.__exportStar(require("./delete-relationship-proxy"), exports);
+tslib_1.__exportStar(require("./post-relationship-proxy"), exports);
+tslib_1.__exportStar(require("./patch-relationship-proxy"), exports);
+//# sourceMappingURL=index.js.map

package/src/lib/wrappers/wrapper-json-method-controller/method-proxy/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../../../../../libs/acl-permissions/nestjs-acl-permissions/src/lib/wrappers/wrapper-json-method-controller/method-proxy/index.ts"],"names":[],"mappings":";;;AAAA,0DAA+B;AAC/B,0DAA+B;AAC/B,6DAAkC;AAClC,4DAAiC;AACjC,2DAAgC;AAChC,mEAAwC;AACxC,sEAA2C;AAC3C,oEAAyC;AACzC,qEAA0C"}

package/src/lib/wrappers/wrapper-json-method-controller/method-proxy/patch-one-proxy.d.ts

@@ -0,0 +1,3 @@
+import { ModuleRef } from '@nestjs/core';
+import { OrmService } from '@klerick/json-api-nestjs';
+export declare function patchOneProxy<E extends object, IdKey extends string>(moduleRef: ModuleRef): (this: OrmService<E, IdKey>, id: Parameters<OrmService<E, IdKey>["patchOne"]>[0], inputData: Parameters<OrmService<E, IdKey>["patchOne"]>[1]) => Promise<import("dist/libs/json-api/json-api-nestjs-shared/cjs/src").ResourceObject<E, "object", null, IdKey>>;

package/src/lib/wrappers/wrapper-json-method-controller/method-proxy/patch-one-proxy.js

@@ -0,0 +1,132 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.patchOneProxy = patchOneProxy;
+const factories_1 = require("../../../factories");
+const utils_1 = require("../../../utils");
+const ability_1 = require("@casl/ability");
+const common_1 = require("@nestjs/common");
+function patchOneProxy(moduleRef) {
+    return async function patchOneBind(id, inputData) {
+        const extendAbility = moduleRef.get(factories_1.ExtendAbility, { strict: false });
+        const aclPrepared = (0, utils_1.prepareAclQuery)(extendAbility, {
+            include: [],
+            fields: null,
+        });
+        if (!aclPrepared) {
+            return this.patchOne(id, inputData);
+        }
+        const { mergedQuery } = aclPrepared;
+        let result;
+        try {
+            result = await this.getOne(id, {
+                fields: null,
+                include: mergedQuery.include,
+            }, false, undefined);
+        }
+        catch (error) {
+            throw (0, utils_1.handleAclQueryError)(error, extendAbility.subject, 'patchOneProxy');
+        }
+        const resultItem = result;
+        const { relationships, attributes } = inputData;
+        const relationshipsToChange = Object.keys(relationships || {});
+        let loadedRelations = {};
+        if (relationships) {
+            try {
+                loadedRelations = await this.loadRelations(relationships);
+            }
+            catch (error) {
+                throw (0, utils_1.handleAclQueryError)(error, extendAbility.subject, 'patchOneProxy');
+            }
+        }
+        const { currentEntity: entityClass, entityParamMapService } = (0, utils_1.getCurrentEntityAndParamMap)(moduleRef);
+        const extractor = utils_1.ExtractFieldPaths.getInstance(entityParamMapService);
+        const currentEntityPropsOnly = extractor.props(resultItem, entityClass);
+        const mergedEntity = {
+            ...currentEntityPropsOnly,
+            ...(attributes || {}),
+            ...loadedRelations,
+        };
+        // Detect changed attributes by comparing old (DB) vs new (request) values
+        // Coverage: ~90% of real-world use cases
+        //
+        // Comparison strategy:
+        // - Primitives (string, number, boolean, null): strict equality (===)
+        // - Objects/Arrays: JSON.stringify comparison
+        //
+        // Known edge cases (acceptable tradeoffs):
+        // 1. JSONB fields with different key order may trigger false positives:
+        //    { a: 1, b: 2 } !== { b: 2, a: 1 } (content identical, but detected as different)
+        // 2. Circular references: Not expected in JSON API requests (would fail JSON.parse)
+        // 3. Date objects: try to use toISOString() for comparison
+        //
+        // If you encounter issues, please create a GitHub issue with your use case.
+        const changedAttributes = [];
+        if (attributes) {
+            for (const attrKey of Object.keys(attributes)) {
+                let currentValue = currentEntityPropsOnly[attrKey];
+                let newValue = attributes[attrKey];
+                newValue =
+                    newValue !== null && typeof newValue === 'object'
+                        ? newValue instanceof Date ? newValue.toISOString() : JSON.stringify(newValue)
+                        : newValue;
+                currentValue =
+                    currentValue !== null && typeof currentValue === 'object'
+                        ? currentValue instanceof Date ? currentValue.toISOString() : JSON.stringify(currentValue)
+                        : currentValue;
+                if (currentValue !== newValue) {
+                    changedAttributes.push(attrKey);
+                }
+            }
+        }
+        const changedFields = [...changedAttributes, ...relationshipsToChange];
+        // Entity for check contains:
+        // - Root level: NEW values (merged entity after applying changes)
+        // - __current: OLD values (entity as loaded from DB)
+        // This enables rules to compare old vs new values, e.g.:
+        // - Allow removing only self: { '__current.coAuthorIds': { $in: [@input.userId] }, 'coAuthorIds': { $nin: [@input.userId] } }
+        const entityForCheck = {
+            ...mergedEntity,
+            __current: resultItem,
+        };
+        extendAbility.updateWithInput(entityForCheck);
+        // Entity-level check
+        if (!extendAbility.can(extendAbility.action, (0, ability_1.subject)(extendAbility.subject, entityForCheck))) {
+            common_1.Logger.debug(`Access denied for (action: ${extendAbility.action}, subject: ${extendAbility.subject})`, 'patchOneProxy', {
+                subject: entityForCheck,
+                rules: extendAbility.rules,
+            });
+            throw new common_1.ForbiddenException([
+                {
+                    code: 'forbidden',
+                    message: `not allow "${extendAbility.action}"`,
+                    path: ['action'],
+                },
+            ], {
+                description: `Access denied for ${extendAbility.action} on ${extendAbility.subject}`,
+            });
+        }
+        // Field-level checks for changed fields
+        for (const field of changedFields) {
+            if (!extendAbility.can(extendAbility.action, (0, ability_1.subject)(extendAbility.subject, entityForCheck), field)) {
+                common_1.Logger.debug(`Field-level access denied for field '${field}'`, 'patchOneProxy', {
+                    field,
+                    currentValue: entityForCheck.__current[field],
+                    newValue: entityForCheck[field],
+                    subject: entityForCheck,
+                    rules: extendAbility.rules,
+                });
+                throw new common_1.ForbiddenException([
+                    {
+                        code: 'forbidden',
+                        message: `not allow to modify field "${field}"`,
+                        path: ['data', 'attributes', field],
+                    },
+                ], {
+                    description: `Field-level access denied for ${field}`,
+                });
+            }
+        }
+        return this.patchOne(id, inputData);
+    };
+}
+//# sourceMappingURL=patch-one-proxy.js.map

package/src/lib/wrappers/wrapper-json-method-controller/method-proxy/patch-one-proxy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"patch-one-proxy.js","sourceRoot":"","sources":["../../../../../../../../../libs/acl-permissions/nestjs-acl-permissions/src/lib/wrappers/wrapper-json-method-controller/method-proxy/patch-one-proxy.ts"],"names":[],"mappings":";;AAYA,sCA0LC;AApMD,kDAAmD;AACnD,0CAKwB;AACxB,2CAAwC;AACxC,2CAA4D;AAE5D,SAAgB,aAAa,CAC3B,SAAoB;IAEpB,OAAO,KAAK,UAAU,YAAY,CAEhC,EAAmD,EACnD,SAA0D;QAE1D,MAAM,aAAa,GAAG,SAAS,CAAC,GAAG,CAAC,yBAAa,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;QACtE,MAAM,WAAW,GAAG,IAAA,uBAAe,EACjC,aAAa,EACb;YACE,OAAO,EAAE,EAAE;YACX,MAAM,EAAE,IAAI;SACb,CACF,CAAC;QACF,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,OAAO,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,SAAS,CAAC,CAAC;QACtC,CAAC;QACD,MAAM,EAAE,WAAW,EAAE,GAAG,WAAW,CAAC;QACpC,IAAI,MAA2D,CAAC;QAEhE,IAAI,CAAC;YACH,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CACxB,EAAE,EACF;gBACE,MAAM,EAAE,IAAI;gBACZ,OAAO,EAAE,WAAW,CAAC,OAAO;aAC7B,EACD,KAAK,EACL,SAAS,CACV,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,IAAA,2BAAmB,EAAC,KAAK,EAAE,aAAa,CAAC,OAAO,EAAE,eAAe,CAAC,CAAC;QAC3E,CAAC;QACD,MAAM,UAAU,GAAG,MAAW,CAAC;QAE/B,MAAM,EAAE,aAAa,EAAE,UAAU,EAAE,GAAG,SAAS,CAAC;QAEhD,MAAM,qBAAqB,GAAG,MAAM,CAAC,IAAI,CAAC,aAAa,IAAI,EAAE,CAAC,CAAC;QAE/D,IAAI,eAAe,GAAiC,EAAE,CAAC;QAEvD,IAAI,aAAa,EAAE,CAAC;YAClB,IAAI,CAAC;gBACH,eAAe,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,aAAa,CAAC,CAAC;YAC5D,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,MAAM,IAAA,2BAAmB,EACvB,KAAK,EACL,aAAa,CAAC,OAAO,EACrB,eAAe,CAChB,CAAC;YACJ,CAAC;QACH,CAAC;QAED,MAAM,EAAE,aAAa,EAAE,WAAW,EAAE,qBAAqB,EAAE,GACzD,IAAA,mCAA2B,EAAI,SAAS,CAAC,CAAC;QAE5C,MAAM,SAAS,GAAG,yBAAiB,CAAC,WAAW,CAAC,qBAAqB,CAAC,CAAC;QACvE,MAAM,sBAAsB,GAAG,SAAS,CAAC,KAAK,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;QAExE,MAAM,YAAY,GAAG;YACnB,GAAG,sBAAsB;YACzB,GAAG,CAAC,UAAU,IAAI,EAAE,CAAC;YACrB,GAAG,eAAe;SACd,CAAC;QAEP,0EAA0E;QAC1E,yCAAyC;QACzC,EAAE;QACF,uBAAuB;QACvB,sEAAsE;QACtE,8CAA8C;QAC9C,EAAE;QACF,2CAA2C;QAC3C,wEAAwE;QACxE,sFAAsF;QACtF,oFAAoF;QACpF,2DAA2D;QAC3D,EAAE;QACF,4EAA4E;QAC5E,MAAM,iBAAiB,GAAa,EAAE,CAAC;QACvC,IAAI,UAAU,EAAE,CAAC;YACf,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;gBAC9C,IAAI,YAAY,GAAI,sBAAkD,CACpE,OAAO,CACR,CAAC;gBACF,IAAI,QAAQ,GAAI,UAAsC,CAAC,OAAO,CAAC,CAAC;gBAChE,QAAQ;oBACN,QAAQ,KAAK,IAAI,IAAI,OAAO,QAAQ,KAAK,QAAQ;wBAC/C,CAAC,CAAC,QAAQ,YAAY,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC;wBAC9E,CAAC,CAAC,QAAQ,CAAC;gBACf,YAAY;oBACV,YAAY,KAAK,IAAI,IAAI,OAAO,YAAY,KAAK,QAAQ;wBACvD,CAAC,CAAC,YAAY,YAAY,IAAI,CAAC,CAAC,CAAC,YAAY,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC;wBAC1F,CAAC,CAAC,YAAY,CAAC;gBAEnB,IAAI,YAAY,KAAK,QAAQ,EAAE,CAAC;oBAC9B,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;gBAClC,CAAC;YACH,CAAC;QACH,CAAC;QAED,MAAM,aAAa,GAAG,CAAC,GAAG,iBAAiB,EAAE,GAAG,qBAAqB,CAAC,CAAC;QAEvE,6BAA6B;QAC7B,kEAAkE;QAClE,qDAAqD;QACrD,yDAAyD;QACzD,8HAA8H;QAC9H,MAAM,cAAc,GAAG;YACrB,GAAG,YAAY;YACf,SAAS,EAAE,UAAU;SACjB,CAAC;QAEP,aAAa,CAAC,eAAe,CAAC,cAAc,CAAC,CAAC;QAE9C,qBAAqB;QACrB,IACE,CAAC,aAAa,CAAC,GAAG,CAChB,aAAa,CAAC,MAAM,EACpB,IAAA,iBAAO,EAAC,aAAa,CAAC,OAAO,EAAE,cAAc,CAAC,CAC/C,EACD,CAAC;YACD,eAAM,CAAC,KAAK,CACV,8BAA8B,aAAa,CAAC,MAAM,cAAc,aAAa,CAAC,OAAO,GAAG,EACxF,eAAe,EACf;gBACE,OAAO,EAAE,cAAc;gBACvB,KAAK,EAAE,aAAa,CAAC,KAAK;aAC3B,CACF,CAAC;YACF,MAAM,IAAI,2BAAkB,CAC1B;gBACE;oBACE,IAAI,EAAE,WAAW;oBACjB,OAAO,EAAE,cAAc,aAAa,CAAC,MAAM,GAAG;oBAC9C,IAAI,EAAE,CAAC,QAAQ,CAAC;iBACjB;aACF,EACD;gBACE,WAAW,EAAE,qBAAqB,aAAa,CAAC,MAAM,OAAO,aAAa,CAAC,OAAO,EAAE;aACrF,CACF,CAAC;QACJ,CAAC;QAED,wCAAwC;QACxC,KAAK,MAAM,KAAK,IAAI,aAAa,EAAE,CAAC;YAClC,IACE,CAAC,aAAa,CAAC,GAAG,CAChB,aAAa,CAAC,MAAM,EACpB,IAAA,iBAAO,EAAC,aAAa,CAAC,OAAO,EAAE,cAAc,CAAC,EAC9C,KAAK,CACN,EACD,CAAC;gBACD,eAAM,CAAC,KAAK,CACV,wCAAwC,KAAK,GAAG,EAChD,eAAe,EACf;oBACE,KAAK;oBACL,YAAY,EACT,cAAsB,CAAC,SACzB,CAAC,KAAK,CAAC;oBACR,QAAQ,EAAG,cAA0C,CAAC,KAAK,CAAC;oBAC5D,OAAO,EAAE,cAAc;oBACvB,KAAK,EAAE,aAAa,CAAC,KAAK;iBAC3B,CACF,CAAC;gBAEF,MAAM,IAAI,2BAAkB,CAC1B;oBACE;wBACE,IAAI,EAAE,WAAW;wBACjB,OAAO,EAAE,8BAA8B,KAAK,GAAG;wBAC/C,IAAI,EAAE,CAAC,MAAM,EAAE,YAAY,EAAE,KAAK,CAAC;qBACpC;iBACF,EACD;oBACE,WAAW,EAAE,iCAAiC,KAAK,EAAE;iBACtD,CACF,CAAC;YACJ,CAAC;QACH,CAAC;QAED,OAAO,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,SAAS,CAAC,CAAC;IACtC,CAAC,CAAC;AACJ,CAAC"}

package/src/lib/wrappers/wrapper-json-method-controller/method-proxy/patch-relationship-proxy.d.ts

@@ -0,0 +1,4 @@
+import { OrmService, PatchRelationshipData } from '@klerick/json-api-nestjs';
+import { ModuleRef } from '@nestjs/core';
+import { RelationKeys } from '@klerick/json-api-nestjs-shared';
+export declare function patchRelationshipProxy<E extends object, IdKey extends string>(moduleRef: ModuleRef): <Rel extends RelationKeys<E, IdKey>>(this: OrmService<E, IdKey>, id: IdKey, rel: Rel, input: PatchRelationshipData) => Promise<import("@klerick/json-api-nestjs-shared").ResourceObjectRelationships<E, IdKey, Rel>>;

package/src/lib/wrappers/wrapper-json-method-controller/method-proxy/patch-relationship-proxy.js

@@ -0,0 +1,68 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.patchRelationshipProxy = patchRelationshipProxy;
+const factories_1 = require("../../../factories");
+const utils_1 = require("../../../utils");
+const ability_1 = require("@casl/ability");
+const common_1 = require("@nestjs/common");
+function patchRelationshipProxy(moduleRef) {
+    return async function patchRelationshipBind(id, rel, input) {
+        const extendAbility = moduleRef.get(factories_1.ExtendAbility, { strict: false });
+        const aclPrepared = (0, utils_1.prepareAclQuery)(extendAbility, {
+            include: [rel],
+            fields: null,
+        }, false);
+        if (!aclPrepared) {
+            return this.patchRelationship(id, rel, input);
+        }
+        const { mergedQuery } = aclPrepared;
+        let result;
+        try {
+            result = await this.getOne(id, {
+                fields: null,
+                include: mergedQuery.include,
+            }, false, undefined);
+        }
+        catch (error) {
+            throw (0, utils_1.handleAclQueryError)(error, extendAbility.subject, 'patchRelationshipProxy');
+        }
+        const oldResult = result;
+        // Transform input to relationships format for loadRelations
+        const relationshipsData = {
+            [rel]: input,
+        };
+        let loadedRelations;
+        try {
+            loadedRelations = await this.loadRelations(relationshipsData);
+        }
+        catch (error) {
+            throw (0, utils_1.handleAclQueryError)(error, extendAbility.subject, 'patchRelationshipProxy');
+        }
+        // Entity for check contains:
+        // - Root level: old entity + NEW relationships (replacing old ones)
+        // - __current: old entity with OLD relationships (as loaded from DB)
+        const entityToCheck = {
+            ...oldResult,
+            [rel]: loadedRelations[rel.toString()], // NEW relationships (overwrite old)
+            __current: oldResult, // OLD entity with OLD relationships
+        };
+        extendAbility.updateWithInput(entityToCheck);
+        if (!extendAbility.can(extendAbility.action, (0, ability_1.subject)(extendAbility.subject, entityToCheck), rel.toString())) {
+            common_1.Logger.debug(`Access denied for (action: ${extendAbility.action}, subject: ${extendAbility.subject}), field ${rel.toString()}`, 'patchRelationshipProxy', {
+                subject: entityToCheck,
+                rules: extendAbility.rules,
+            });
+            throw new common_1.ForbiddenException([
+                {
+                    code: 'forbidden',
+                    message: `not allow "${extendAbility.action}"`,
+                    path: ['action'],
+                },
+            ], {
+                description: `Access denied for ${extendAbility.action} on ${extendAbility.subject}`,
+            });
+        }
+        return this.patchRelationship(id, rel, input);
+    };
+}
+//# sourceMappingURL=patch-relationship-proxy.js.map

package/src/lib/wrappers/wrapper-json-method-controller/method-proxy/patch-relationship-proxy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"patch-relationship-proxy.js","sourceRoot":"","sources":["../../../../../../../../../libs/acl-permissions/nestjs-acl-permissions/src/lib/wrappers/wrapper-json-method-controller/method-proxy/patch-relationship-proxy.ts"],"names":[],"mappings":";;AAQA,wDAyGC;AA9GD,kDAAmD;AACnD,0CAAsE;AACtE,2CAAwC;AACxC,2CAA4D;AAE5D,SAAgB,sBAAsB,CACpC,SAAoB;IAEpB,OAAO,KAAK,UAAU,qBAAqB,CAEzC,EAAS,EACT,GAAQ,EACR,KAA4B;QAE5B,MAAM,aAAa,GAAG,SAAS,CAAC,GAAG,CAAC,yBAAa,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;QAEtE,MAAM,WAAW,GAAG,IAAA,uBAAe,EACjC,aAAa,EACb;YACE,OAAO,EAAE,CAAC,GAAU,CAAC;YACrB,MAAM,EAAE,IAAI;SACb,EACD,KAAK,CACN,CAAC;QACF,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,OAAO,IAAI,CAAC,iBAAiB,CAAC,EAAE,EAAE,GAAG,EAAE,KAAK,CAAC,CAAC;QAChD,CAAC;QAED,MAAM,EAAE,WAAW,EAAE,GAAG,WAAW,CAAC;QAEpC,IAAI,MAA2D,CAAC;QAEhE,IAAI,CAAC;YACH,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CACxB,EAAE,EACF;gBACE,MAAM,EAAE,IAAI;gBACZ,OAAO,EAAE,WAAW,CAAC,OAAO;aAC7B,EACD,KAAK,EACL,SAAS,CACV,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,IAAA,2BAAmB,EACvB,KAAK,EACL,aAAa,CAAC,OAAO,EACrB,wBAAwB,CACzB,CAAC;QACJ,CAAC;QAED,MAAM,SAAS,GAAG,MAAW,CAAC;QAE9B,4DAA4D;QAC5D,MAAM,iBAAiB,GAAG;YACxB,CAAC,GAAG,CAAC,EAAE,KAAK;SAC2B,CAAC;QAE1C,IAAI,eAA6C,CAAC;QAElD,IAAI,CAAC;YACH,eAAe,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,iBAAiB,CAAC,CAAC;QAChE,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,IAAA,2BAAmB,EACvB,KAAK,EACL,aAAa,CAAC,OAAO,EACrB,wBAAwB,CACzB,CAAC;QACJ,CAAC;QAED,6BAA6B;QAC7B,oEAAoE;QACpE,qEAAqE;QACrE,MAAM,aAAa,GAAG;YACpB,GAAG,SAAS;YACZ,CAAC,GAAG,CAAC,EAAE,eAAe,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC,EAAG,oCAAoC;YAC7E,SAAS,EAAE,SAAS,EAAU,oCAAoC;SAC9D,CAAC;QAEP,aAAa,CAAC,eAAe,CAAC,aAAa,CAAC,CAAC;QAC7C,IACE,CAAC,aAAa,CAAC,GAAG,CAChB,aAAa,CAAC,MAAM,EACpB,IAAA,iBAAO,EAAC,aAAa,CAAC,OAAO,EAAE,aAAa,CAAC,EAC7C,GAAG,CAAC,QAAQ,EAAE,CACf,EACD,CAAC;YACD,eAAM,CAAC,KAAK,CACV,8BAA8B,aAAa,CAAC,MAAM,cAAc,aAAa,CAAC,OAAO,YAAY,GAAG,CAAC,QAAQ,EAAE,EAAE,EACjH,wBAAwB,EACxB;gBACE,OAAO,EAAE,aAAa;gBACtB,KAAK,EAAE,aAAa,CAAC,KAAK;aAC3B,CACF,CAAC;YACF,MAAM,IAAI,2BAAkB,CAC1B;gBACE;oBACE,IAAI,EAAE,WAAW;oBACjB,OAAO,EAAE,cAAc,aAAa,CAAC,MAAM,GAAG;oBAC9C,IAAI,EAAE,CAAC,QAAQ,CAAC;iBACjB;aACF,EACD;gBACE,WAAW,EAAE,qBAAqB,aAAa,CAAC,MAAM,OAAO,aAAa,CAAC,OAAO,EAAE;aACrF,CACF,CAAC;QACJ,CAAC;QAED,OAAO,IAAI,CAAC,iBAAiB,CAAC,EAAE,EAAE,GAAG,EAAE,KAAK,CAAC,CAAC;IAChD,CAAC,CAAC;AACJ,CAAC"}

package/src/lib/wrappers/wrapper-json-method-controller/method-proxy/post-one-proxy.d.ts

@@ -0,0 +1,3 @@
+import { ModuleRef } from '@nestjs/core';
+import { OrmService } from '@klerick/json-api-nestjs';
+export declare function postOneProxy<E extends object, IdKey extends string>(moduleRef: ModuleRef): (this: OrmService<E, IdKey>, inputData: Parameters<OrmService<E, IdKey>["postOne"]>[0]) => Promise<import("dist/libs/json-api/json-api-nestjs-shared/cjs/src").ResourceObject<E, "object", null, IdKey>>;

package/src/lib/wrappers/wrapper-json-method-controller/method-proxy/post-one-proxy.js

@@ -0,0 +1,73 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.postOneProxy = postOneProxy;
+const factories_1 = require("../../../factories");
+const utils_1 = require("../../../utils");
+const ability_1 = require("@casl/ability");
+const common_1 = require("@nestjs/common");
+function postOneProxy(moduleRef) {
+    return async function postOneBind(inputData) {
+        const extendAbility = moduleRef.get(factories_1.ExtendAbility, { strict: false });
+        if (!extendAbility ||
+            extendAbility.rules.length === 0 ||
+            (!extendAbility.hasConditions && !extendAbility.hasFields)) {
+            return this.postOne(inputData);
+        }
+        (0, utils_1.validateNoCurrentInRules)(extendAbility, 'postOneProxy');
+        const { relationships, attributes } = inputData;
+        let loadedRelations = {};
+        if (relationships) {
+            try {
+                loadedRelations = await this.loadRelations(relationships);
+            }
+            catch (error) {
+                throw (0, utils_1.handleAclQueryError)(error, extendAbility.subject, 'postOneProxy');
+            }
+        }
+        const resultEntity = {
+            ...(attributes || {}),
+            ...loadedRelations,
+        };
+        const changedAttributes = [
+            ...Object.keys(attributes || {}),
+            ...Object.keys(loadedRelations),
+        ];
+        extendAbility.updateWithInput(resultEntity);
+        if (!extendAbility.can(extendAbility.action, (0, ability_1.subject)(extendAbility.subject, resultEntity))) {
+            common_1.Logger.debug(`Access denied for (action: ${extendAbility.action}, subject: ${extendAbility.subject})`, 'postOneProxy', {
+                subject: resultEntity,
+                rules: extendAbility.rules,
+            });
+            throw new common_1.ForbiddenException([
+                {
+                    code: 'forbidden',
+                    message: `not allow "${extendAbility.action}"`,
+                    path: ['action'],
+                },
+            ], {
+                description: `Access denied for ${extendAbility.action} on ${extendAbility.subject}`,
+            });
+        }
+        for (const field of changedAttributes) {
+            if (!extendAbility.can(extendAbility.action, (0, ability_1.subject)(extendAbility.subject, resultEntity), field)) {
+                common_1.Logger.debug(`Field-level access denied for field '${field}'`, 'postOneProxy', {
+                    field,
+                    value: resultEntity[field],
+                    subject: resultEntity,
+                    rules: extendAbility.rules,
+                });
+                throw new common_1.ForbiddenException([
+                    {
+                        code: 'forbidden',
+                        message: `not allow to set field "${field}"`,
+                        path: ['data', 'attributes', field],
+                    },
+                ], {
+                    description: `Field-level access denied for ${field}`,
+                });
+            }
+        }
+        return this.postOne(inputData);
+    };
+}
+//# sourceMappingURL=post-one-proxy.js.map

package/src/lib/wrappers/wrapper-json-method-controller/method-proxy/post-one-proxy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"post-one-proxy.js","sourceRoot":"","sources":["../../../../../../../../../libs/acl-permissions/nestjs-acl-permissions/src/lib/wrappers/wrapper-json-method-controller/method-proxy/post-one-proxy.ts"],"names":[],"mappings":";;AAOA,oCA6GC;AAlHD,kDAAmD;AACnD,0CAA+E;AAC/E,2CAAwC;AACxC,2CAA4D;AAE5D,SAAgB,YAAY,CAC1B,SAAoB;IAEpB,OAAO,KAAK,UAAU,WAAW,CAE/B,SAAyD;QAEzD,MAAM,aAAa,GAAG,SAAS,CAAC,GAAG,CAAC,yBAAa,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;QACtE,IACE,CAAC,aAAa;YACd,aAAa,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC;YAChC,CAAC,CAAC,aAAa,CAAC,aAAa,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,EAC1D,CAAC;YACD,OAAO,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QACjC,CAAC;QAED,IAAA,gCAAwB,EAAC,aAAa,EAAE,cAAc,CAAC,CAAC;QAExD,MAAM,EAAE,aAAa,EAAE,UAAU,EAAE,GAAG,SAAS,CAAC;QAEhD,IAAI,eAAe,GAAiC,EAAE,CAAC;QAEvD,IAAI,aAAa,EAAE,CAAC;YAClB,IAAI,CAAC;gBACH,eAAe,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,aAAa,CAAC,CAAC;YAC5D,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,MAAM,IAAA,2BAAmB,EACvB,KAAK,EACL,aAAa,CAAC,OAAO,EACrB,cAAc,CACf,CAAC;YACJ,CAAC;QACH,CAAC;QAED,MAAM,YAAY,GAAG;YACnB,GAAG,CAAC,UAAU,IAAI,EAAE,CAAC;YACrB,GAAG,eAAe;SACd,CAAC;QAEP,MAAM,iBAAiB,GAAa;YAClC,GAAG,MAAM,CAAC,IAAI,CAAC,UAAU,IAAI,EAAE,CAAC;YAChC,GAAG,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC;SAChC,CAAC;QAEF,aAAa,CAAC,eAAe,CAAC,YAAY,CAAC,CAAC;QAE5C,IACE,CAAC,aAAa,CAAC,GAAG,CAChB,aAAa,CAAC,MAAM,EACpB,IAAA,iBAAO,EAAC,aAAa,CAAC,OAAO,EAAE,YAAY,CAAC,CAC7C,EACD,CAAC;YACD,eAAM,CAAC,KAAK,CACV,8BAA8B,aAAa,CAAC,MAAM,cAAc,aAAa,CAAC,OAAO,GAAG,EACxF,cAAc,EACd;gBACE,OAAO,EAAE,YAAY;gBACrB,KAAK,EAAE,aAAa,CAAC,KAAK;aAC3B,CACF,CAAC;YACF,MAAM,IAAI,2BAAkB,CAC1B;gBACE;oBACE,IAAI,EAAE,WAAW;oBACjB,OAAO,EAAE,cAAc,aAAa,CAAC,MAAM,GAAG;oBAC9C,IAAI,EAAE,CAAC,QAAQ,CAAC;iBACjB;aACF,EACD;gBACE,WAAW,EAAE,qBAAqB,aAAa,CAAC,MAAM,OAAO,aAAa,CAAC,OAAO,EAAE;aACrF,CACF,CAAC;QACJ,CAAC;QAED,KAAK,MAAM,KAAK,IAAI,iBAAiB,EAAE,CAAC;YACtC,IACE,CAAC,aAAa,CAAC,GAAG,CAChB,aAAa,CAAC,MAAM,EACpB,IAAA,iBAAO,EAAC,aAAa,CAAC,OAAO,EAAE,YAAY,CAAC,EAC5C,KAAK,CACN,EACD,CAAC;gBACD,eAAM,CAAC,KAAK,CACV,wCAAwC,KAAK,GAAG,EAChD,cAAc,EACd;oBACE,KAAK;oBACL,KAAK,EAAG,YAAwC,CAAC,KAAK,CAAC;oBACvD,OAAO,EAAE,YAAY;oBACrB,KAAK,EAAE,aAAa,CAAC,KAAK;iBAC3B,CACF,CAAC;gBAEF,MAAM,IAAI,2BAAkB,CAC1B;oBACE;wBACE,IAAI,EAAE,WAAW;wBACjB,OAAO,EAAE,2BAA2B,KAAK,GAAG;wBAC5C,IAAI,EAAE,CAAC,MAAM,EAAE,YAAY,EAAE,KAAK,CAAC;qBACpC;iBACF,EACD;oBACE,WAAW,EAAE,iCAAiC,KAAK,EAAE;iBACtD,CACF,CAAC;YACJ,CAAC;QACH,CAAC;QACD,OAAO,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IACjC,CAAC,CAAC;AACJ,CAAC"}

package/src/lib/wrappers/wrapper-json-method-controller/method-proxy/post-relationship-proxy.d.ts

@@ -0,0 +1,4 @@
+import { OrmService, PostRelationshipData } from '@klerick/json-api-nestjs';
+import { ModuleRef } from '@nestjs/core';
+import { RelationKeys } from '@klerick/json-api-nestjs-shared';
+export declare function postRelationshipProxy<E extends object, IdKey extends string>(moduleRef: ModuleRef): <Rel extends RelationKeys<E, IdKey>>(this: OrmService<E, IdKey>, id: IdKey, rel: Rel, input: PostRelationshipData) => Promise<import("@klerick/json-api-nestjs-shared").ResourceObjectRelationships<E, IdKey, Rel>>;

package/src/lib/wrappers/wrapper-json-method-controller/method-proxy/post-relationship-proxy.js

@@ -0,0 +1,66 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.postRelationshipProxy = postRelationshipProxy;
+const factories_1 = require("../../../factories");
+const utils_1 = require("../../../utils");
+const ability_1 = require("@casl/ability");
+const common_1 = require("@nestjs/common");
+function postRelationshipProxy(moduleRef) {
+    return async function postRelationshipBind(id, rel, input) {
+        const extendAbility = moduleRef.get(factories_1.ExtendAbility, { strict: false });
+        const aclPrepared = (0, utils_1.prepareAclQuery)(extendAbility, {
+            include: [],
+            fields: null,
+        }, false);
+        if (!aclPrepared) {
+            return this.postRelationship(id, rel, input);
+        }
+        (0, utils_1.validateNoCurrentInRules)(extendAbility, 'postRelationshipProxy');
+        const { mergedQuery } = aclPrepared;
+        let result;
+        try {
+            result = await this.getOne(id, {
+                fields: null,
+                include: mergedQuery.include,
+            }, false, undefined);
+        }
+        catch (error) {
+            throw (0, utils_1.handleAclQueryError)(error, extendAbility.subject, 'postRelationshipProxy');
+        }
+        const resultItem = result;
+        // Transform input to relationships format for loadRelations
+        const relationshipsData = {
+            [rel]: input,
+        };
+        let loadedRelations;
+        try {
+            loadedRelations = await this.loadRelations(relationshipsData);
+        }
+        catch (error) {
+            throw (0, utils_1.handleAclQueryError)(error, extendAbility.subject, 'postRelationshipProxy');
+        }
+        // Merge entity with relations being added
+        const entityToCheck = {
+            ...resultItem,
+            ...loadedRelations,
+        };
+        extendAbility.updateWithInput(entityToCheck);
+        if (!extendAbility.can(extendAbility.action, (0, ability_1.subject)(extendAbility.subject, entityToCheck), rel.toString())) {
+            common_1.Logger.debug(`Access denied for (action: ${extendAbility.action}, subject: ${extendAbility.subject}), field ${rel.toString()}`, 'postRelationshipProxy', {
+                subject: entityToCheck,
+                rules: extendAbility.rules,
+            });
+            throw new common_1.ForbiddenException([
+                {
+                    code: 'forbidden',
+                    message: `not allow "${extendAbility.action}"`,
+                    path: ['action'],
+                },
+            ], {
+                description: `Access denied for ${extendAbility.action} on ${extendAbility.subject}`,
+            });
+        }
+        return this.postRelationship(id, rel, input);
+    };
+}
+//# sourceMappingURL=post-relationship-proxy.js.map

package/src/lib/wrappers/wrapper-json-method-controller/method-proxy/post-relationship-proxy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"post-relationship-proxy.js","sourceRoot":"","sources":["../../../../../../../../../libs/acl-permissions/nestjs-acl-permissions/src/lib/wrappers/wrapper-json-method-controller/method-proxy/post-relationship-proxy.ts"],"names":[],"mappings":";;AAYA,sDAwGC;AAjHD,kDAAmD;AACnD,0CAIwB;AACxB,2CAAwC;AACxC,2CAA4D;AAE5D,SAAgB,qBAAqB,CACnC,SAAoB;IAEpB,OAAO,KAAK,UAAU,oBAAoB,CAExC,EAAS,EACT,GAAQ,EACR,KAA2B;QAE3B,MAAM,aAAa,GAAG,SAAS,CAAC,GAAG,CAAC,yBAAa,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;QAEtE,MAAM,WAAW,GAAG,IAAA,uBAAe,EACjC,aAAa,EACb;YACE,OAAO,EAAE,EAAE;YACX,MAAM,EAAE,IAAI;SACb,EACD,KAAK,CACN,CAAC;QACF,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,OAAO,IAAI,CAAC,gBAAgB,CAAC,EAAE,EAAE,GAAG,EAAE,KAAK,CAAC,CAAC;QAC/C,CAAC;QAED,IAAA,gCAAwB,EAAC,aAAa,EAAE,uBAAuB,CAAC,CAAC;QAEjE,MAAM,EAAE,WAAW,EAAE,GAAG,WAAW,CAAC;QAEpC,IAAI,MAA2D,CAAC;QAEhE,IAAI,CAAC;YACH,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CACxB,EAAE,EACF;gBACE,MAAM,EAAE,IAAI;gBACZ,OAAO,EAAE,WAAW,CAAC,OAAO;aAC7B,EACD,KAAK,EACL,SAAS,CACV,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,IAAA,2BAAmB,EACvB,KAAK,EACL,aAAa,CAAC,OAAO,EACrB,uBAAuB,CACxB,CAAC;QACJ,CAAC;QAED,MAAM,UAAU,GAAG,MAAW,CAAC;QAE/B,4DAA4D;QAC5D,MAAM,iBAAiB,GAAG;YACxB,CAAC,GAAG,CAAC,EAAE,KAAK;SAC0B,CAAC;QAEzC,IAAI,eAA6C,CAAC;QAElD,IAAI,CAAC;YACH,eAAe,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,iBAAiB,CAAC,CAAC;QAChE,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,IAAA,2BAAmB,EACvB,KAAK,EACL,aAAa,CAAC,OAAO,EACrB,uBAAuB,CACxB,CAAC;QACJ,CAAC;QAED,0CAA0C;QAC1C,MAAM,aAAa,GAAG;YACpB,GAAG,UAAU;YACb,GAAG,eAAe;SACd,CAAC;QAEP,aAAa,CAAC,eAAe,CAAC,aAAa,CAAC,CAAC;QAC7C,IACE,CAAC,aAAa,CAAC,GAAG,CAChB,aAAa,CAAC,MAAM,EACpB,IAAA,iBAAO,EAAC,aAAa,CAAC,OAAO,EAAE,aAAa,CAAC,EAC7C,GAAG,CAAC,QAAQ,EAAE,CACf,EACD,CAAC;YACD,eAAM,CAAC,KAAK,CACV,8BAA8B,aAAa,CAAC,MAAM,cAAc,aAAa,CAAC,OAAO,YAAY,GAAG,CAAC,QAAQ,EAAE,EAAE,EACjH,uBAAuB,EACvB;gBACE,OAAO,EAAE,aAAa;gBACtB,KAAK,EAAE,aAAa,CAAC,KAAK;aAC3B,CACF,CAAC;YACF,MAAM,IAAI,2BAAkB,CAC1B;gBACE;oBACE,IAAI,EAAE,WAAW;oBACjB,OAAO,EAAE,cAAc,aAAa,CAAC,MAAM,GAAG;oBAC9C,IAAI,EAAE,CAAC,QAAQ,CAAC;iBACjB;aACF,EACD;gBACE,WAAW,EAAE,qBAAqB,aAAa,CAAC,MAAM,OAAO,aAAa,CAAC,OAAO,EAAE;aACrF,CACF,CAAC;QACJ,CAAC;QAED,OAAO,IAAI,CAAC,gBAAgB,CAAC,EAAE,EAAE,GAAG,EAAE,KAAK,CAAC,CAAC;IAC/C,CAAC,CAAC;AACJ,CAAC"}