@nest-boot/permission 7.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +21 -0
- package/dist/decorators/can.decorator.d.ts +21 -0
- package/dist/decorators/can.decorator.js +26 -0
- package/dist/decorators/can.decorator.js.map +1 -0
- package/dist/decorators/can.decorator.spec.d.ts +1 -0
- package/dist/decorators/can.decorator.spec.js +46 -0
- package/dist/decorators/can.decorator.spec.js.map +1 -0
- package/dist/enums/permission-action.enum.d.ts +13 -0
- package/dist/enums/permission-action.enum.js +18 -0
- package/dist/enums/permission-action.enum.js.map +1 -0
- package/dist/index.d.ts +16 -0
- package/dist/index.js +33 -0
- package/dist/index.js.map +1 -0
- package/dist/interfaces/can-options.interface.d.ts +10 -0
- package/dist/interfaces/can-options.interface.js +3 -0
- package/dist/interfaces/can-options.interface.js.map +1 -0
- package/dist/interfaces/permission-module-options.interface.d.ts +6 -0
- package/dist/interfaces/permission-module-options.interface.js +3 -0
- package/dist/interfaces/permission-module-options.interface.js.map +1 -0
- package/dist/interfaces/route-argument-metadata-value.interface.d.ts +10 -0
- package/dist/interfaces/route-argument-metadata-value.interface.js +3 -0
- package/dist/interfaces/route-argument-metadata-value.interface.js.map +1 -0
- package/dist/permission.ability-builder.d.ts +7 -0
- package/dist/permission.ability-builder.js +13 -0
- package/dist/permission.ability-builder.js.map +1 -0
- package/dist/permission.constants.d.ts +50 -0
- package/dist/permission.constants.js +54 -0
- package/dist/permission.constants.js.map +1 -0
- package/dist/permission.guard.d.ts +51 -0
- package/dist/permission.guard.js +232 -0
- package/dist/permission.guard.js.map +1 -0
- package/dist/permission.guard.spec.d.ts +1 -0
- package/dist/permission.guard.spec.js +358 -0
- package/dist/permission.guard.spec.js.map +1 -0
- package/dist/permission.module-definition.d.ts +5 -0
- package/dist/permission.module-definition.js +12 -0
- package/dist/permission.module-definition.js.map +1 -0
- package/dist/permission.module.d.ts +4 -0
- package/dist/permission.module.js +24 -0
- package/dist/permission.module.js.map +1 -0
- package/dist/permission.module.spec.d.ts +1 -0
- package/dist/permission.module.spec.js +12 -0
- package/dist/permission.module.spec.js.map +1 -0
- package/dist/tsconfig.build.tsbuildinfo +1 -0
- package/dist/types/build-ability-callback.type.d.ts +4 -0
- package/dist/types/build-ability-callback.type.js +3 -0
- package/dist/types/build-ability-callback.type.js.map +1 -0
- package/dist/types/can-subject-factory.type.d.ts +3 -0
- package/dist/types/can-subject-factory.type.js +3 -0
- package/dist/types/can-subject-factory.type.js.map +1 -0
- package/dist/types/can-subject.type.d.ts +5 -0
- package/dist/types/can-subject.type.js +3 -0
- package/dist/types/can-subject.type.js.map +1 -0
- package/dist/types/permission-ability.type.d.ts +4 -0
- package/dist/types/permission-ability.type.js +3 -0
- package/dist/types/permission-ability.type.js.map +1 -0
- package/dist/types/route-argument-metadata.type.d.ts +3 -0
- package/dist/types/route-argument-metadata.type.js +3 -0
- package/dist/types/route-argument-metadata.type.js.map +1 -0
- package/dist/utils/can.util.d.ts +4 -0
- package/dist/utils/can.util.js +9 -0
- package/dist/utils/can.util.js.map +1 -0
- package/dist/utils/can.util.spec.d.ts +1 -0
- package/dist/utils/can.util.spec.js +34 -0
- package/dist/utils/can.util.spec.js.map +1 -0
- package/dist/utils/get-permission-ability.util.d.ts +3 -0
- package/dist/utils/get-permission-ability.util.js +16 -0
- package/dist/utils/get-permission-ability.util.js.map +1 -0
- package/dist/utils/get-permission-ability.util.spec.d.ts +1 -0
- package/dist/utils/get-permission-ability.util.spec.js +27 -0
- package/dist/utils/get-permission-ability.util.spec.js.map +1 -0
- package/package.json +76 -0
package/LICENSE
ADDED
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
MIT License
|
|
2
|
+
|
|
3
|
+
Copyright (c) 2024 nest-boot
|
|
4
|
+
|
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
6
|
+
of this software and associated documentation files (the "Software"), to deal
|
|
7
|
+
in the Software without restriction, including without limitation the rights
|
|
8
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
9
|
+
copies of the Software, and to permit persons to whom the Software is
|
|
10
|
+
furnished to do so, subject to the following conditions:
|
|
11
|
+
|
|
12
|
+
The above copyright notice and this permission notice shall be included in all
|
|
13
|
+
copies or substantial portions of the Software.
|
|
14
|
+
|
|
15
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
16
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
17
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
18
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
19
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
20
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
|
21
|
+
SOFTWARE.
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
import type { Subject } from "@casl/ability";
|
|
2
|
+
import type { CustomDecorator } from "@nestjs/common";
|
|
3
|
+
import type { PermissionAction } from "../enums/permission-action.enum";
|
|
4
|
+
import type { CanOptions } from "../interfaces/can-options.interface";
|
|
5
|
+
import { CAN_METADATA } from "../permission.constants";
|
|
6
|
+
import type { CanSubject } from "../types/can-subject.type";
|
|
7
|
+
/**
|
|
8
|
+
* Declares that the current route requires the given action on the given subject.
|
|
9
|
+
*
|
|
10
|
+
* @param action - Permission action that must be allowed.
|
|
11
|
+
* @param subject - Permission subject type or subject resolver factory to check.
|
|
12
|
+
* @returns Nest custom metadata decorator.
|
|
13
|
+
*/
|
|
14
|
+
export declare function Can<T extends Subject = Subject>(action: PermissionAction, subject: CanSubject<T>): CustomDecorator<typeof CAN_METADATA>;
|
|
15
|
+
/**
|
|
16
|
+
* Declares route permission requirements using the full options object.
|
|
17
|
+
*
|
|
18
|
+
* @param options - Permission decorator options.
|
|
19
|
+
* @returns Nest custom metadata decorator.
|
|
20
|
+
*/
|
|
21
|
+
export declare function Can<T extends Subject = Subject>(options: CanOptions<T>): CustomDecorator<typeof CAN_METADATA>;
|
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.Can = Can;
|
|
4
|
+
const common_1 = require("@nestjs/common");
|
|
5
|
+
const permission_constants_1 = require("../permission.constants");
|
|
6
|
+
/**
|
|
7
|
+
* Creates permission metadata for the current route handler.
|
|
8
|
+
*
|
|
9
|
+
* @param actionOrOptions - Permission action or full options object.
|
|
10
|
+
* @param subject - Permission subject used with the positional overload.
|
|
11
|
+
* @returns Nest custom metadata decorator.
|
|
12
|
+
*/
|
|
13
|
+
function Can(actionOrOptions, subject) {
|
|
14
|
+
if (typeof actionOrOptions === "object") {
|
|
15
|
+
return (0, common_1.SetMetadata)(permission_constants_1.CAN_METADATA, actionOrOptions);
|
|
16
|
+
}
|
|
17
|
+
if (!subject) {
|
|
18
|
+
throw new TypeError("Permission subject is required.");
|
|
19
|
+
}
|
|
20
|
+
const options = {
|
|
21
|
+
action: actionOrOptions,
|
|
22
|
+
subject,
|
|
23
|
+
};
|
|
24
|
+
return (0, common_1.SetMetadata)(permission_constants_1.CAN_METADATA, options);
|
|
25
|
+
}
|
|
26
|
+
//# sourceMappingURL=can.decorator.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"can.decorator.js","sourceRoot":"","sources":["../../src/decorators/can.decorator.ts"],"names":[],"mappings":";;AAsCA,kBAkBC;AAtDD,2CAA6C;AAI7C,kEAAuD;AAyBvD;;;;;;GAMG;AACH,SAAgB,GAAG,CACjB,eAAiD,EACjD,OAAuB;IAEvB,IAAI,OAAO,eAAe,KAAK,QAAQ,EAAE,CAAC;QACxC,OAAO,IAAA,oBAAW,EAAC,mCAAY,EAAE,eAAe,CAAC,CAAC;IACpD,CAAC;IAED,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,MAAM,IAAI,SAAS,CAAC,iCAAiC,CAAC,CAAC;IACzD,CAAC;IAED,MAAM,OAAO,GAAkB;QAC7B,MAAM,EAAE,eAAe;QACvB,OAAO;KACR,CAAC;IAEF,OAAO,IAAA,oBAAW,EAAC,mCAAY,EAAE,OAAO,CAAC,CAAC;AAC5C,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export {};
|
|
@@ -0,0 +1,46 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
const common_1 = require("@nestjs/common");
|
|
4
|
+
const permission_action_enum_1 = require("../enums/permission-action.enum");
|
|
5
|
+
const permission_constants_1 = require("../permission.constants");
|
|
6
|
+
const can_decorator_1 = require("./can.decorator");
|
|
7
|
+
jest.mock("@nestjs/common", () => ({
|
|
8
|
+
SetMetadata: jest.fn((key, value) => ({ key, value })),
|
|
9
|
+
}));
|
|
10
|
+
class Subject {
|
|
11
|
+
}
|
|
12
|
+
describe("Can", () => {
|
|
13
|
+
beforeEach(() => {
|
|
14
|
+
jest.mocked(common_1.SetMetadata).mockClear();
|
|
15
|
+
});
|
|
16
|
+
it("stores action and subject metadata from positional arguments", () => {
|
|
17
|
+
expect((0, can_decorator_1.Can)(permission_action_enum_1.PermissionAction.READ, Subject)).toEqual({
|
|
18
|
+
key: permission_constants_1.CAN_METADATA,
|
|
19
|
+
value: {
|
|
20
|
+
action: permission_action_enum_1.PermissionAction.READ,
|
|
21
|
+
subject: Subject,
|
|
22
|
+
},
|
|
23
|
+
});
|
|
24
|
+
});
|
|
25
|
+
it("stores subject factory as positional subject argument", () => {
|
|
26
|
+
const subjectFactory = jest.fn();
|
|
27
|
+
expect((0, can_decorator_1.Can)(permission_action_enum_1.PermissionAction.READ, subjectFactory)).toEqual({
|
|
28
|
+
key: permission_constants_1.CAN_METADATA,
|
|
29
|
+
value: {
|
|
30
|
+
action: permission_action_enum_1.PermissionAction.READ,
|
|
31
|
+
subject: subjectFactory,
|
|
32
|
+
},
|
|
33
|
+
});
|
|
34
|
+
});
|
|
35
|
+
it("stores full permission options when an options object is provided", () => {
|
|
36
|
+
const options = {
|
|
37
|
+
action: permission_action_enum_1.PermissionAction.UPDATE,
|
|
38
|
+
subject: Subject,
|
|
39
|
+
};
|
|
40
|
+
expect((0, can_decorator_1.Can)(options)).toEqual({
|
|
41
|
+
key: permission_constants_1.CAN_METADATA,
|
|
42
|
+
value: options,
|
|
43
|
+
});
|
|
44
|
+
});
|
|
45
|
+
});
|
|
46
|
+
//# sourceMappingURL=can.decorator.spec.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"can.decorator.spec.js","sourceRoot":"","sources":["../../src/decorators/can.decorator.spec.ts"],"names":[],"mappings":";;AAAA,2CAA6C;AAE7C,4EAAmE;AACnE,kEAAuD;AACvD,mDAAsC;AAEtC,IAAI,CAAC,IAAI,CAAC,gBAAgB,EAAE,GAAG,EAAE,CAAC,CAAC;IACjC,WAAW,EAAE,IAAI,CAAC,EAAE,CAAC,CAAC,GAAG,EAAE,KAAK,EAAE,EAAE,CAAC,CAAC,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC,CAAC;CACvD,CAAC,CAAC,CAAC;AAEJ,MAAM,OAAO;CAAG;AAEhB,QAAQ,CAAC,KAAK,EAAE,GAAG,EAAE;IACnB,UAAU,CAAC,GAAG,EAAE;QACd,IAAI,CAAC,MAAM,CAAC,oBAAW,CAAC,CAAC,SAAS,EAAE,CAAC;IACvC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,8DAA8D,EAAE,GAAG,EAAE;QACtE,MAAM,CAAC,IAAA,mBAAG,EAAC,yCAAgB,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC;YAClD,GAAG,EAAE,mCAAY;YACjB,KAAK,EAAE;gBACL,MAAM,EAAE,yCAAgB,CAAC,IAAI;gBAC7B,OAAO,EAAE,OAAO;aACjB;SACF,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,uDAAuD,EAAE,GAAG,EAAE;QAC/D,MAAM,cAAc,GAAG,IAAI,CAAC,EAAE,EAAE,CAAC;QAEjC,MAAM,CAAC,IAAA,mBAAG,EAAC,yCAAgB,CAAC,IAAI,EAAE,cAAc,CAAC,CAAC,CAAC,OAAO,CAAC;YACzD,GAAG,EAAE,mCAAY;YACjB,KAAK,EAAE;gBACL,MAAM,EAAE,yCAAgB,CAAC,IAAI;gBAC7B,OAAO,EAAE,cAAc;aACxB;SACF,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,mEAAmE,EAAE,GAAG,EAAE;QAC3E,MAAM,OAAO,GAAG;YACd,MAAM,EAAE,yCAAgB,CAAC,MAAM;YAC/B,OAAO,EAAE,OAAO;SACjB,CAAC;QAEF,MAAM,CAAC,IAAA,mBAAG,EAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC;YAC3B,GAAG,EAAE,mCAAY;YACjB,KAAK,EAAE,OAAO;SACf,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
/** Common permission actions used by `PermissionAbility`. */
|
|
2
|
+
export declare enum PermissionAction {
|
|
3
|
+
/** Create a resource. */
|
|
4
|
+
CREATE = "create",
|
|
5
|
+
/** Read a resource. */
|
|
6
|
+
READ = "read",
|
|
7
|
+
/** Update a resource. */
|
|
8
|
+
UPDATE = "update",
|
|
9
|
+
/** Delete a resource. */
|
|
10
|
+
DELETE = "delete",
|
|
11
|
+
/** Manage a resource, including all actions. */
|
|
12
|
+
MANAGE = "manage"
|
|
13
|
+
}
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.PermissionAction = void 0;
|
|
4
|
+
/** Common permission actions used by `PermissionAbility`. */
|
|
5
|
+
var PermissionAction;
|
|
6
|
+
(function (PermissionAction) {
|
|
7
|
+
/** Create a resource. */
|
|
8
|
+
PermissionAction["CREATE"] = "create";
|
|
9
|
+
/** Read a resource. */
|
|
10
|
+
PermissionAction["READ"] = "read";
|
|
11
|
+
/** Update a resource. */
|
|
12
|
+
PermissionAction["UPDATE"] = "update";
|
|
13
|
+
/** Delete a resource. */
|
|
14
|
+
PermissionAction["DELETE"] = "delete";
|
|
15
|
+
/** Manage a resource, including all actions. */
|
|
16
|
+
PermissionAction["MANAGE"] = "manage";
|
|
17
|
+
})(PermissionAction || (exports.PermissionAction = PermissionAction = {}));
|
|
18
|
+
//# sourceMappingURL=permission-action.enum.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"permission-action.enum.js","sourceRoot":"","sources":["../../src/enums/permission-action.enum.ts"],"names":[],"mappings":";;;AAAA,6DAA6D;AAC7D,IAAY,gBAWX;AAXD,WAAY,gBAAgB;IAC1B,yBAAyB;IACzB,qCAAiB,CAAA;IACjB,uBAAuB;IACvB,iCAAa,CAAA;IACb,yBAAyB;IACzB,qCAAiB,CAAA;IACjB,yBAAyB;IACzB,qCAAiB,CAAA;IACjB,gDAAgD;IAChD,qCAAiB,CAAA;AACnB,CAAC,EAXW,gBAAgB,gCAAhB,gBAAgB,QAW3B"}
|
package/dist/index.d.ts
ADDED
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
export * from "./decorators/can.decorator";
|
|
2
|
+
export * from "./enums/permission-action.enum";
|
|
3
|
+
export * from "./interfaces/can-options.interface";
|
|
4
|
+
export * from "./interfaces/permission-module-options.interface";
|
|
5
|
+
export * from "./interfaces/route-argument-metadata-value.interface";
|
|
6
|
+
export * from "./permission.ability-builder";
|
|
7
|
+
export * from "./permission.constants";
|
|
8
|
+
export * from "./permission.guard";
|
|
9
|
+
export * from "./permission.module";
|
|
10
|
+
export * from "./types/build-ability-callback.type";
|
|
11
|
+
export * from "./types/can-subject.type";
|
|
12
|
+
export * from "./types/can-subject-factory.type";
|
|
13
|
+
export * from "./types/permission-ability.type";
|
|
14
|
+
export * from "./types/route-argument-metadata.type";
|
|
15
|
+
export * from "./utils/can.util";
|
|
16
|
+
export * from "./utils/get-permission-ability.util";
|
package/dist/index.js
ADDED
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __exportStar = (this && this.__exportStar) || function(m, exports) {
|
|
14
|
+
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
|
|
15
|
+
};
|
|
16
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
17
|
+
__exportStar(require("./decorators/can.decorator"), exports);
|
|
18
|
+
__exportStar(require("./enums/permission-action.enum"), exports);
|
|
19
|
+
__exportStar(require("./interfaces/can-options.interface"), exports);
|
|
20
|
+
__exportStar(require("./interfaces/permission-module-options.interface"), exports);
|
|
21
|
+
__exportStar(require("./interfaces/route-argument-metadata-value.interface"), exports);
|
|
22
|
+
__exportStar(require("./permission.ability-builder"), exports);
|
|
23
|
+
__exportStar(require("./permission.constants"), exports);
|
|
24
|
+
__exportStar(require("./permission.guard"), exports);
|
|
25
|
+
__exportStar(require("./permission.module"), exports);
|
|
26
|
+
__exportStar(require("./types/build-ability-callback.type"), exports);
|
|
27
|
+
__exportStar(require("./types/can-subject.type"), exports);
|
|
28
|
+
__exportStar(require("./types/can-subject-factory.type"), exports);
|
|
29
|
+
__exportStar(require("./types/permission-ability.type"), exports);
|
|
30
|
+
__exportStar(require("./types/route-argument-metadata.type"), exports);
|
|
31
|
+
__exportStar(require("./utils/can.util"), exports);
|
|
32
|
+
__exportStar(require("./utils/get-permission-ability.util"), exports);
|
|
33
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,6DAA2C;AAC3C,iEAA+C;AAC/C,qEAAmD;AACnD,mFAAiE;AACjE,uFAAqE;AACrE,+DAA6C;AAC7C,yDAAuC;AACvC,qDAAmC;AACnC,sDAAoC;AACpC,sEAAoD;AACpD,2DAAyC;AACzC,mEAAiD;AACjD,kEAAgD;AAChD,uEAAqD;AACrD,mDAAiC;AACjC,sEAAoD"}
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
import type { Subject } from "@casl/ability";
|
|
2
|
+
import type { PermissionAction } from "../enums/permission-action.enum";
|
|
3
|
+
import type { CanSubject } from "../types/can-subject.type";
|
|
4
|
+
/** Full `Can` decorator options. */
|
|
5
|
+
export interface CanOptions<T extends Subject = Subject> {
|
|
6
|
+
/** Permission action that must be allowed. */
|
|
7
|
+
action: PermissionAction;
|
|
8
|
+
/** Permission subject type or subject resolver factory to check. */
|
|
9
|
+
subject: CanSubject<T>;
|
|
10
|
+
}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"can-options.interface.js","sourceRoot":"","sources":["../../src/interfaces/can-options.interface.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1,6 @@
|
|
|
1
|
+
import type { BuildAbilityCallback } from "../types/build-ability-callback.type";
|
|
2
|
+
/** Permission module options. */
|
|
3
|
+
export interface PermissionModuleOptions {
|
|
4
|
+
/** Builds a permission ability from the current execution context. */
|
|
5
|
+
buildAbility: BuildAbilityCallback;
|
|
6
|
+
}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"permission-module-options.interface.js","sourceRoot":"","sources":["../../src/interfaces/permission-module-options.interface.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
import type { ExecutionContext } from "@nestjs/common";
|
|
2
|
+
/** Nest route parameter metadata used to reconstruct decorated method arguments. */
|
|
3
|
+
export interface RouteArgumentMetadataValue {
|
|
4
|
+
/** Decorated method parameter index. */
|
|
5
|
+
index: number;
|
|
6
|
+
/** Optional parameter decorator data. */
|
|
7
|
+
data?: unknown;
|
|
8
|
+
/** Custom parameter decorator factory. */
|
|
9
|
+
factory?: (data: unknown, context: ExecutionContext) => unknown;
|
|
10
|
+
}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"route-argument-metadata-value.interface.js","sourceRoot":"","sources":["../../src/interfaces/route-argument-metadata-value.interface.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
import { AbilityBuilder } from "@casl/ability";
|
|
2
|
+
import type { PermissionAbility } from "./types/permission-ability.type";
|
|
3
|
+
/** CASL ability builder configured for `PermissionAbility`. */
|
|
4
|
+
export declare class PermissionAbilityBuilder extends AbilityBuilder<PermissionAbility> {
|
|
5
|
+
/** Creates an ability builder backed by CASL Mongo ability. */
|
|
6
|
+
constructor();
|
|
7
|
+
}
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.PermissionAbilityBuilder = void 0;
|
|
4
|
+
const ability_1 = require("@casl/ability");
|
|
5
|
+
/** CASL ability builder configured for `PermissionAbility`. */
|
|
6
|
+
class PermissionAbilityBuilder extends ability_1.AbilityBuilder {
|
|
7
|
+
/** Creates an ability builder backed by CASL Mongo ability. */
|
|
8
|
+
constructor() {
|
|
9
|
+
super(ability_1.createMongoAbility);
|
|
10
|
+
}
|
|
11
|
+
}
|
|
12
|
+
exports.PermissionAbilityBuilder = PermissionAbilityBuilder;
|
|
13
|
+
//# sourceMappingURL=permission.ability-builder.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"permission.ability-builder.js","sourceRoot":"","sources":["../src/permission.ability-builder.ts"],"names":[],"mappings":";;;AAAA,2CAAmE;AAInE,+DAA+D;AAC/D,MAAa,wBAAyB,SAAQ,wBAAiC;IAC7E,+DAA+D;IAC/D;QACE,KAAK,CAAC,4BAAkB,CAAC,CAAC;IAC5B,CAAC;CACF;AALD,4DAKC"}
|
|
@@ -0,0 +1,50 @@
|
|
|
1
|
+
/** Reflection metadata key used by the `Can` decorator. */
|
|
2
|
+
export declare const CAN_METADATA: unique symbol;
|
|
3
|
+
/** Request context key that stores the resolved permission ability. */
|
|
4
|
+
export declare const PERMISSION_ABILITY: unique symbol;
|
|
5
|
+
/** Request context key that stores the in-flight permission ability promise. */
|
|
6
|
+
export declare const PERMISSION_ABILITY_PROMISE: unique symbol;
|
|
7
|
+
/** Nest route arguments metadata key. */
|
|
8
|
+
export declare const ROUTE_ARGS_METADATA = "__routeArguments__";
|
|
9
|
+
/** Nest custom route arguments metadata key suffix. */
|
|
10
|
+
export declare const CUSTOM_ROUTE_ARGS_METADATA = "__customRouteArgs__";
|
|
11
|
+
/** GraphQL route parameter type ids used by Nest GraphQL. */
|
|
12
|
+
export declare const GQL_PARAM_TYPES: {
|
|
13
|
+
/** GraphQL root object parameter type id. */
|
|
14
|
+
readonly ROOT: 0;
|
|
15
|
+
/** GraphQL context parameter type id. */
|
|
16
|
+
readonly CONTEXT: 1;
|
|
17
|
+
/** GraphQL resolve info parameter type id. */
|
|
18
|
+
readonly INFO: 2;
|
|
19
|
+
/** GraphQL arguments parameter type id. */
|
|
20
|
+
readonly ARGS: 3;
|
|
21
|
+
};
|
|
22
|
+
/** HTTP route parameter type ids used by Nest. */
|
|
23
|
+
export declare const ROUTE_PARAM_TYPES: {
|
|
24
|
+
/** HTTP request parameter type id. */
|
|
25
|
+
readonly REQUEST: 0;
|
|
26
|
+
/** HTTP response parameter type id. */
|
|
27
|
+
readonly RESPONSE: 1;
|
|
28
|
+
/** HTTP next callback parameter type id. */
|
|
29
|
+
readonly NEXT: 2;
|
|
30
|
+
/** HTTP body parameter type id. */
|
|
31
|
+
readonly BODY: 3;
|
|
32
|
+
/** HTTP query parameter type id. */
|
|
33
|
+
readonly QUERY: 4;
|
|
34
|
+
/** HTTP route params parameter type id. */
|
|
35
|
+
readonly PARAM: 5;
|
|
36
|
+
/** HTTP headers parameter type id. */
|
|
37
|
+
readonly HEADERS: 6;
|
|
38
|
+
/** HTTP session parameter type id. */
|
|
39
|
+
readonly SESSION: 7;
|
|
40
|
+
/** HTTP uploaded file parameter type id. */
|
|
41
|
+
readonly FILE: 8;
|
|
42
|
+
/** HTTP uploaded files parameter type id. */
|
|
43
|
+
readonly FILES: 9;
|
|
44
|
+
/** HTTP host parameter type id. */
|
|
45
|
+
readonly HOST: 10;
|
|
46
|
+
/** HTTP IP parameter type id. */
|
|
47
|
+
readonly IP: 11;
|
|
48
|
+
/** HTTP raw body parameter type id. */
|
|
49
|
+
readonly RAW_BODY: 12;
|
|
50
|
+
};
|
|
@@ -0,0 +1,54 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.ROUTE_PARAM_TYPES = exports.GQL_PARAM_TYPES = exports.CUSTOM_ROUTE_ARGS_METADATA = exports.ROUTE_ARGS_METADATA = exports.PERMISSION_ABILITY_PROMISE = exports.PERMISSION_ABILITY = exports.CAN_METADATA = void 0;
|
|
4
|
+
/** Reflection metadata key used by the `Can` decorator. */
|
|
5
|
+
exports.CAN_METADATA = Symbol("CAN_METADATA");
|
|
6
|
+
/** Request context key that stores the resolved permission ability. */
|
|
7
|
+
exports.PERMISSION_ABILITY = Symbol("PERMISSION_ABILITY");
|
|
8
|
+
/** Request context key that stores the in-flight permission ability promise. */
|
|
9
|
+
exports.PERMISSION_ABILITY_PROMISE = Symbol("PERMISSION_ABILITY_PROMISE");
|
|
10
|
+
/** Nest route arguments metadata key. */
|
|
11
|
+
exports.ROUTE_ARGS_METADATA = "__routeArguments__";
|
|
12
|
+
/** Nest custom route arguments metadata key suffix. */
|
|
13
|
+
exports.CUSTOM_ROUTE_ARGS_METADATA = "__customRouteArgs__";
|
|
14
|
+
/** GraphQL route parameter type ids used by Nest GraphQL. */
|
|
15
|
+
exports.GQL_PARAM_TYPES = {
|
|
16
|
+
/** GraphQL root object parameter type id. */
|
|
17
|
+
ROOT: 0,
|
|
18
|
+
/** GraphQL context parameter type id. */
|
|
19
|
+
CONTEXT: 1,
|
|
20
|
+
/** GraphQL resolve info parameter type id. */
|
|
21
|
+
INFO: 2,
|
|
22
|
+
/** GraphQL arguments parameter type id. */
|
|
23
|
+
ARGS: 3,
|
|
24
|
+
};
|
|
25
|
+
/** HTTP route parameter type ids used by Nest. */
|
|
26
|
+
exports.ROUTE_PARAM_TYPES = {
|
|
27
|
+
/** HTTP request parameter type id. */
|
|
28
|
+
REQUEST: 0,
|
|
29
|
+
/** HTTP response parameter type id. */
|
|
30
|
+
RESPONSE: 1,
|
|
31
|
+
/** HTTP next callback parameter type id. */
|
|
32
|
+
NEXT: 2,
|
|
33
|
+
/** HTTP body parameter type id. */
|
|
34
|
+
BODY: 3,
|
|
35
|
+
/** HTTP query parameter type id. */
|
|
36
|
+
QUERY: 4,
|
|
37
|
+
/** HTTP route params parameter type id. */
|
|
38
|
+
PARAM: 5,
|
|
39
|
+
/** HTTP headers parameter type id. */
|
|
40
|
+
HEADERS: 6,
|
|
41
|
+
/** HTTP session parameter type id. */
|
|
42
|
+
SESSION: 7,
|
|
43
|
+
/** HTTP uploaded file parameter type id. */
|
|
44
|
+
FILE: 8,
|
|
45
|
+
/** HTTP uploaded files parameter type id. */
|
|
46
|
+
FILES: 9,
|
|
47
|
+
/** HTTP host parameter type id. */
|
|
48
|
+
HOST: 10,
|
|
49
|
+
/** HTTP IP parameter type id. */
|
|
50
|
+
IP: 11,
|
|
51
|
+
/** HTTP raw body parameter type id. */
|
|
52
|
+
RAW_BODY: 12,
|
|
53
|
+
};
|
|
54
|
+
//# sourceMappingURL=permission.constants.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"permission.constants.js","sourceRoot":"","sources":["../src/permission.constants.ts"],"names":[],"mappings":";;;AAAA,2DAA2D;AAC9C,QAAA,YAAY,GAAG,MAAM,CAAC,cAAc,CAAC,CAAC;AAEnD,uEAAuE;AAC1D,QAAA,kBAAkB,GAAG,MAAM,CAAC,oBAAoB,CAAC,CAAC;AAE/D,gFAAgF;AACnE,QAAA,0BAA0B,GAAG,MAAM,CAAC,4BAA4B,CAAC,CAAC;AAE/E,yCAAyC;AAC5B,QAAA,mBAAmB,GAAG,oBAAoB,CAAC;AAExD,uDAAuD;AAC1C,QAAA,0BAA0B,GAAG,qBAAqB,CAAC;AAEhE,6DAA6D;AAChD,QAAA,eAAe,GAAG;IAC7B,6CAA6C;IAC7C,IAAI,EAAE,CAAC;IACP,yCAAyC;IACzC,OAAO,EAAE,CAAC;IACV,8CAA8C;IAC9C,IAAI,EAAE,CAAC;IACP,2CAA2C;IAC3C,IAAI,EAAE,CAAC;CACC,CAAC;AAEX,kDAAkD;AACrC,QAAA,iBAAiB,GAAG;IAC/B,sCAAsC;IACtC,OAAO,EAAE,CAAC;IACV,uCAAuC;IACvC,QAAQ,EAAE,CAAC;IACX,4CAA4C;IAC5C,IAAI,EAAE,CAAC;IACP,mCAAmC;IACnC,IAAI,EAAE,CAAC;IACP,oCAAoC;IACpC,KAAK,EAAE,CAAC;IACR,2CAA2C;IAC3C,KAAK,EAAE,CAAC;IACR,sCAAsC;IACtC,OAAO,EAAE,CAAC;IACV,sCAAsC;IACtC,OAAO,EAAE,CAAC;IACV,4CAA4C;IAC5C,IAAI,EAAE,CAAC;IACP,6CAA6C;IAC7C,KAAK,EAAE,CAAC;IACR,mCAAmC;IACnC,IAAI,EAAE,EAAE;IACR,iCAAiC;IACjC,EAAE,EAAE,EAAE;IACN,uCAAuC;IACvC,QAAQ,EAAE,EAAE;CACJ,CAAC"}
|
|
@@ -0,0 +1,51 @@
|
|
|
1
|
+
import type { CanActivate, ExecutionContext } from "@nestjs/common";
|
|
2
|
+
import { ModuleRef, Reflector } from "@nestjs/core";
|
|
3
|
+
import type { PermissionModuleOptions } from "./interfaces/permission-module-options.interface";
|
|
4
|
+
/** Guard that evaluates CASL permissions from `Can` metadata. */
|
|
5
|
+
export declare class PermissionGuard implements CanActivate {
|
|
6
|
+
/** Nest metadata reflector. */
|
|
7
|
+
private readonly reflector;
|
|
8
|
+
/** Permission module options. */
|
|
9
|
+
private readonly options;
|
|
10
|
+
/** Nest module reference used to resolve the current handler instance. */
|
|
11
|
+
private readonly moduleRef;
|
|
12
|
+
/**
|
|
13
|
+
* Creates the permission guard.
|
|
14
|
+
*
|
|
15
|
+
* @param reflector - Nest metadata reflector.
|
|
16
|
+
* @param options - Permission module options.
|
|
17
|
+
*/
|
|
18
|
+
constructor(
|
|
19
|
+
/** Nest metadata reflector. */
|
|
20
|
+
reflector: Reflector, options: PermissionModuleOptions,
|
|
21
|
+
/** Nest module reference used to resolve the current handler instance. */
|
|
22
|
+
moduleRef: ModuleRef);
|
|
23
|
+
/**
|
|
24
|
+
* Checks whether the current request satisfies the route permission metadata.
|
|
25
|
+
*
|
|
26
|
+
* @param context - Current Nest execution context.
|
|
27
|
+
* @returns `true` when access is allowed.
|
|
28
|
+
*/
|
|
29
|
+
canActivate(context: ExecutionContext): Promise<boolean>;
|
|
30
|
+
private getOrBuildAbility;
|
|
31
|
+
private getCachedAbility;
|
|
32
|
+
private getCachedAbilityPromise;
|
|
33
|
+
private buildAndCacheAbility;
|
|
34
|
+
private resolveSubject;
|
|
35
|
+
private isSubjectType;
|
|
36
|
+
private resolveProvider;
|
|
37
|
+
private resolveSubjectFactory;
|
|
38
|
+
private resolveHandlerSelf;
|
|
39
|
+
private getContextId;
|
|
40
|
+
private getRequest;
|
|
41
|
+
private getSubjectFactoryArgs;
|
|
42
|
+
private getRouteArgsMetadata;
|
|
43
|
+
private getHandlerMethodName;
|
|
44
|
+
private createRouteArguments;
|
|
45
|
+
private extractRouteArgument;
|
|
46
|
+
private resolveGraphqlRouteArgument;
|
|
47
|
+
private resolveHttpRouteArgument;
|
|
48
|
+
private getObjectValue;
|
|
49
|
+
private getStringData;
|
|
50
|
+
private getRecord;
|
|
51
|
+
}
|