@smartive/graphql-magic 22.4.0 → 22.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +3 -4
- package/dist/cjs/index.cjs +19 -8
- package/dist/esm/permissions/check.js +12 -5
- package/dist/esm/permissions/check.js.map +1 -1
- package/package.json +2 -2
- package/src/permissions/check.ts +22 -8
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,4 @@
|
|
|
1
|
-
## 22.
|
|
1
|
+
## 22.5.0 (2025-12-11)
|
|
2
2
|
|
|
3
|
-
* feat:
|
|
4
|
-
* chore(deps): update dependency
|
|
5
|
-
* chore(deps): update dependency prettier to v3.7.4 (#395) ([ec058d1](https://github.com/smartive/graphql-magic/commit/ec058d1)), closes [#395](https://github.com/smartive/graphql-magic/issues/395)
|
|
3
|
+
* feat: Improve permissions check (#393) ([285be40](https://github.com/smartive/graphql-magic/commit/285be40)), closes [#393](https://github.com/smartive/graphql-magic/issues/393)
|
|
4
|
+
* chore(deps): update dependency @types/pg to v8.16.0 (#396) ([96f6e69](https://github.com/smartive/graphql-magic/commit/96f6e69)), closes [#396](https://github.com/smartive/graphql-magic/issues/396)
|
package/dist/cjs/index.cjs
CHANGED
|
@@ -2056,7 +2056,7 @@ var checkCanWrite = async (ctx, model, data, action) => {
|
|
|
2056
2056
|
if (permissionStack === false) {
|
|
2057
2057
|
throw new PermissionError(getRole(ctx), action, model.plural, "no applicable permissions");
|
|
2058
2058
|
}
|
|
2059
|
-
const query = ctx.knex.
|
|
2059
|
+
const query = ctx.knex.first();
|
|
2060
2060
|
let linked = false;
|
|
2061
2061
|
for (const field of model.fields.filter(
|
|
2062
2062
|
(field2) => field2.generated || (action === "CREATE" ? field2.creatable : field2.updatable)
|
|
@@ -2075,7 +2075,9 @@ var checkCanWrite = async (ctx, model, data, action) => {
|
|
|
2075
2075
|
linked = true;
|
|
2076
2076
|
const fieldPermissionStack = getPermissionStack(ctx, field.type, "LINK");
|
|
2077
2077
|
if (fieldPermissionStack === true) {
|
|
2078
|
-
query.
|
|
2078
|
+
query.select(
|
|
2079
|
+
ctx.knex.raw(`EXISTS(SELECT 1 FROM ?? as a WHERE a.id = ?) as ??`, [field.type, foreignId, foreignKey])
|
|
2080
|
+
);
|
|
2079
2081
|
continue;
|
|
2080
2082
|
}
|
|
2081
2083
|
if (fieldPermissionStack === false || !fieldPermissionStack.length) {
|
|
@@ -2086,10 +2088,13 @@ var checkCanWrite = async (ctx, model, data, action) => {
|
|
|
2086
2088
|
"no applicable permissions on data to link"
|
|
2087
2089
|
);
|
|
2088
2090
|
}
|
|
2089
|
-
|
|
2090
|
-
|
|
2091
|
-
|
|
2092
|
-
|
|
2091
|
+
query.select(
|
|
2092
|
+
ctx.knex.raw(
|
|
2093
|
+
`${fieldPermissionStack.map((links) => {
|
|
2094
|
+
const subQuery = ctx.knex.queryBuilder();
|
|
2095
|
+
permissionLinkQuery(ctx, subQuery, links, foreignId);
|
|
2096
|
+
return `EXISTS(${subQuery.toString()})`;
|
|
2097
|
+
}).join(" OR ")} as "${foreignKey}"`
|
|
2093
2098
|
)
|
|
2094
2099
|
);
|
|
2095
2100
|
}
|
|
@@ -2100,8 +2105,14 @@ var checkCanWrite = async (ctx, model, data, action) => {
|
|
|
2100
2105
|
console.debug("QUERY", query.toString());
|
|
2101
2106
|
}
|
|
2102
2107
|
const canMutate = await query;
|
|
2103
|
-
|
|
2104
|
-
|
|
2108
|
+
const cannotLink = Object.entries(canMutate).filter(([, value2]) => !value2);
|
|
2109
|
+
if (cannotLink.length) {
|
|
2110
|
+
throw new PermissionError(
|
|
2111
|
+
role,
|
|
2112
|
+
action,
|
|
2113
|
+
`this ${model.name}`,
|
|
2114
|
+
`cannot link to ${cannotLink.map(([key]) => `${key}: ${data[key]}`).join(", ")}`
|
|
2115
|
+
);
|
|
2105
2116
|
}
|
|
2106
2117
|
} else if (action === "CREATE") {
|
|
2107
2118
|
throw new PermissionError(role, action, `this ${model.name}`, "no linkable entities");
|
|
@@ -81,7 +81,7 @@ export const checkCanWrite = async (ctx, model, data, action) => {
|
|
|
81
81
|
if (permissionStack === false) {
|
|
82
82
|
throw new PermissionError(getRole(ctx), action, model.plural, 'no applicable permissions');
|
|
83
83
|
}
|
|
84
|
-
const query = ctx.knex.
|
|
84
|
+
const query = ctx.knex.first();
|
|
85
85
|
let linked = false;
|
|
86
86
|
for (const field of model.fields.filter((field) => field.generated || (action === 'CREATE' ? field.creatable : field.updatable))) {
|
|
87
87
|
const fieldPermissions = field[action === 'CREATE' ? 'creatable' : 'updatable'];
|
|
@@ -102,13 +102,19 @@ export const checkCanWrite = async (ctx, model, data, action) => {
|
|
|
102
102
|
const fieldPermissionStack = getPermissionStack(ctx, field.type, 'LINK');
|
|
103
103
|
if (fieldPermissionStack === true) {
|
|
104
104
|
// User can link any entity from this type, just check whether it exists
|
|
105
|
-
query.
|
|
105
|
+
query.select(ctx.knex.raw(`EXISTS(SELECT 1 FROM ?? as a WHERE a.id = ?) as ??`, [field.type, foreignId, foreignKey]));
|
|
106
106
|
continue;
|
|
107
107
|
}
|
|
108
108
|
if (fieldPermissionStack === false || !fieldPermissionStack.length) {
|
|
109
109
|
throw new PermissionError(role, action, `this ${model.name}'s ${field.name}`, 'no applicable permissions on data to link');
|
|
110
110
|
}
|
|
111
|
-
|
|
111
|
+
query.select(ctx.knex.raw(`${fieldPermissionStack
|
|
112
|
+
.map((links) => {
|
|
113
|
+
const subQuery = ctx.knex.queryBuilder();
|
|
114
|
+
permissionLinkQuery(ctx, subQuery, links, foreignId);
|
|
115
|
+
return `EXISTS(${subQuery.toString()})`;
|
|
116
|
+
})
|
|
117
|
+
.join(' OR ')} as "${foreignKey}"`));
|
|
112
118
|
}
|
|
113
119
|
}
|
|
114
120
|
const role = getRole(ctx);
|
|
@@ -117,8 +123,9 @@ export const checkCanWrite = async (ctx, model, data, action) => {
|
|
|
117
123
|
console.debug('QUERY', query.toString());
|
|
118
124
|
}
|
|
119
125
|
const canMutate = await query;
|
|
120
|
-
|
|
121
|
-
|
|
126
|
+
const cannotLink = Object.entries(canMutate).filter(([, value]) => !value);
|
|
127
|
+
if (cannotLink.length) {
|
|
128
|
+
throw new PermissionError(role, action, `this ${model.name}`, `cannot link to ${cannotLink.map(([key]) => `${key}: ${data[key]}`).join(', ')}`);
|
|
122
129
|
}
|
|
123
130
|
}
|
|
124
131
|
else if (action === 'CREATE') {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"check.js","sourceRoot":"","sources":["../../../src/permissions/check.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AAE3D,OAAO,EAAE,GAAG,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAClD,OAAO,EAAE,cAAc,EAAE,aAAa,EAAE,IAAI,EAAE,GAAG,EAAE,MAAM,oBAAoB,CAAC;AAG9E,MAAM,CAAC,MAAM,OAAO,GAAG,CAAC,GAA8B,EAAE,EAAE,CAAC,GAAG,CAAC,IAAI,EAAE,IAAI,IAAI,iBAAiB,CAAC;AAE/F,MAAM,CAAC,MAAM,kBAAkB,GAAG,CAChC,GAA8C,EAC9C,IAAY,EACZ,MAAwB,EACG,EAAE;IAC7B,MAAM,eAAe,GAAG,GAAG,CAAC,WAAW,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC;IACtD,IAAI,OAAO,eAAe,KAAK,SAAS,IAAI,eAAe,KAAK,SAAS,EAAE,CAAC;QAC1E,OAAO,CAAC,CAAC,eAAe,CAAC;IAC3B,CAAC;IAED,MAAM,eAAe,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC;IAC9C,IAAI,OAAO,eAAe,KAAK,SAAS,IAAI,eAAe,KAAK,SAAS,EAAE,CAAC;QAC1E,OAAO,CAAC,CAAC,eAAe,CAAC;IAC3B,CAAC;IAED,MAAM,gBAAgB,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC;IACjD,IAAI,OAAO,gBAAgB,KAAK,SAAS,IAAI,gBAAgB,KAAK,SAAS,EAAE,CAAC;QAC5E,OAAO,CAAC,CAAC,gBAAgB,CAAC;IAC5B,CAAC;IAED,OAAO,gBAAgB,CAAC;AAC1B,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAC9B,GAAkE,EAClE,IAAY,EACZ,UAAkB,EAClB,KAAwB,EACxB,MAAwB,EACxB,uBAAyC,EACd,EAAE;IAC7B,MAAM,eAAe,GAAG,kBAAkB,CAAC,GAAG,EAAE,IAAI,EAAE,MAAM,CAAC,CAAC;IAE9D,IAAI,eAAe,KAAK,IAAI,EAAE,CAAC;QAC7B,OAAO,eAAe,CAAC;IACzB,CAAC;IAED,IAAI,eAAe,KAAK,KAAK,EAAE,CAAC;QAC9B,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QAEnB,OAAO,eAAe,CAAC;IACzB,CAAC;IAED,IACE,uBAAuB,EAAE,KAAK,CAAC,CAAC,WAAW,EAAE,EAAE,CAC7C,eAAe,CAAC,IAAI,CAClB,CAAC,KAAK,EAAE,EAAE,CACR,IAAI,CAAC,WAAW,CAAC,KAAK,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QAC9C,8EAA8E;QAC9E,CAAC,CAAC,OAAO,IAAI,GAAG,CAAC,KAAK,EAAE,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QAC1C,CAAC,CAAC,IAAI,IAAI,GAAG,CAAC,KAAK,EAAE,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAC1C,CACF,EACD,CAAC;QACD,yHAAyH;QACzH,gCAAgC;QAChC,OAAO,eAAe,CAAC;IACzB,CAAC;IAED,GAAG,CACD,KAAK,EACL,eAAe,CAAC,GAAG,CACjB,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,KAAK,EAAE,EAAE,CACnB,KAAK;SACF,SAAS,CAAC,GAAG,UAAU,KAAK,CAAC;SAC7B,aAAa,CAAC,CAAC,QAAQ,EAAE,EAAE,CAC1B,mBAAmB,CACjB,GAAG,EACH,QAAQ,EACR,KAAK,EACL,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,UAAU,MAAM,CAAC,EAClC,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS,CAC9D,CACF,CACN,CACF,CAAC;IAEF,OAAO,eAAe,CAAC;AACzB,CAAC,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAAG,KAAK,EACpC,GAAkE,EAClE,KAAkB,EAClB,KAA8B,EAC9B,MAAuC,EACvC,EAAE;IACF,MAAM,KAAK,GAAG,GAAG;SACd,IAAI,CAAC,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC,IAAI,CAAC;SAChC,KAAK,CAAC,KAAK,CAAC;SACZ,KAAK,EAAE,CAAC;IACX,IAAI,MAAM,GAAG,MAAM,KAAK,CAAC,KAAK,EAAE,CAAC;IAEjC,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,IAAI,aAAa,CAAC,GAAG,KAAK,CAAC,IAAI,OAAO,MAAM,CAAC,WAAW,EAAE,YAAY,CAAC,CAAC;IAChF,CAAC;IAED,gBAAgB,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;IAC7D,MAAM,GAAG,MAAM,KAAK,CAAC;IACrB,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,IAAI,eAAe,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,MAAM,EAAE,QAAQ,KAAK,CAAC,IAAI,EAAE,EAAE,kCAAkC,CAAC,CAAC;IAC5G,CAAC;IAED,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC;QACjB,MAAM,SAAS,GAAG,MAAM,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,EAAE,EAAE,EAAE,MAAM,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,EAAE,CAAC;QAC9E,MAAM,CAAC,MAAM,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IACnC,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,YAAY,GAAG,KAAK,EAC/B,GAAkE,EAClE,SAAiB,EACjB,EAAU,EACK,EAAE;IACjB,MAAM,KAAK,GAAG,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,KAAK,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,KAAK,EAAE,CAAC;IACxD,gBAAgB,CAAC,GAAG,EAAE,SAAS,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;IAC3D,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC;IACxB,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,MAAM,IAAI,eAAe,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,MAAM,EAAE,QAAQ,SAAS,EAAE,EAAE,2BAA2B,CAAC,CAAC;IACpG,CAAC;AACH,CAAC,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,aAAa,GAAG,KAAK,EAChC,GAAkE,EAClE,KAAkB,EAClB,IAA6B,EAC7B,MAA2B,EACZ,EAAE;IACjB,MAAM,eAAe,GAAG,kBAAkB,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;IAEpE,IAAI,eAAe,KAAK,IAAI,EAAE,CAAC;QAC7B,OAAO;IACT,CAAC;IACD,IAAI,eAAe,KAAK,KAAK,EAAE,CAAC;QAC9B,MAAM,IAAI,eAAe,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,MAAM,EAAE,KAAK,CAAC,MAAM,EAAE,2BAA2B,CAAC,CAAC;IAC7F,CAAC;IAED,MAAM,KAAK,GAAG,GAAG,CAAC,IAAI,CAAC,
|
|
1
|
+
{"version":3,"file":"check.js","sourceRoot":"","sources":["../../../src/permissions/check.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AAE3D,OAAO,EAAE,GAAG,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAClD,OAAO,EAAE,cAAc,EAAE,aAAa,EAAE,IAAI,EAAE,GAAG,EAAE,MAAM,oBAAoB,CAAC;AAG9E,MAAM,CAAC,MAAM,OAAO,GAAG,CAAC,GAA8B,EAAE,EAAE,CAAC,GAAG,CAAC,IAAI,EAAE,IAAI,IAAI,iBAAiB,CAAC;AAE/F,MAAM,CAAC,MAAM,kBAAkB,GAAG,CAChC,GAA8C,EAC9C,IAAY,EACZ,MAAwB,EACG,EAAE;IAC7B,MAAM,eAAe,GAAG,GAAG,CAAC,WAAW,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC;IACtD,IAAI,OAAO,eAAe,KAAK,SAAS,IAAI,eAAe,KAAK,SAAS,EAAE,CAAC;QAC1E,OAAO,CAAC,CAAC,eAAe,CAAC;IAC3B,CAAC;IAED,MAAM,eAAe,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC;IAC9C,IAAI,OAAO,eAAe,KAAK,SAAS,IAAI,eAAe,KAAK,SAAS,EAAE,CAAC;QAC1E,OAAO,CAAC,CAAC,eAAe,CAAC;IAC3B,CAAC;IAED,MAAM,gBAAgB,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC;IACjD,IAAI,OAAO,gBAAgB,KAAK,SAAS,IAAI,gBAAgB,KAAK,SAAS,EAAE,CAAC;QAC5E,OAAO,CAAC,CAAC,gBAAgB,CAAC;IAC5B,CAAC;IAED,OAAO,gBAAgB,CAAC;AAC1B,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAC9B,GAAkE,EAClE,IAAY,EACZ,UAAkB,EAClB,KAAwB,EACxB,MAAwB,EACxB,uBAAyC,EACd,EAAE;IAC7B,MAAM,eAAe,GAAG,kBAAkB,CAAC,GAAG,EAAE,IAAI,EAAE,MAAM,CAAC,CAAC;IAE9D,IAAI,eAAe,KAAK,IAAI,EAAE,CAAC;QAC7B,OAAO,eAAe,CAAC;IACzB,CAAC;IAED,IAAI,eAAe,KAAK,KAAK,EAAE,CAAC;QAC9B,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QAEnB,OAAO,eAAe,CAAC;IACzB,CAAC;IAED,IACE,uBAAuB,EAAE,KAAK,CAAC,CAAC,WAAW,EAAE,EAAE,CAC7C,eAAe,CAAC,IAAI,CAClB,CAAC,KAAK,EAAE,EAAE,CACR,IAAI,CAAC,WAAW,CAAC,KAAK,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QAC9C,8EAA8E;QAC9E,CAAC,CAAC,OAAO,IAAI,GAAG,CAAC,KAAK,EAAE,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QAC1C,CAAC,CAAC,IAAI,IAAI,GAAG,CAAC,KAAK,EAAE,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAC1C,CACF,EACD,CAAC;QACD,yHAAyH;QACzH,gCAAgC;QAChC,OAAO,eAAe,CAAC;IACzB,CAAC;IAED,GAAG,CACD,KAAK,EACL,eAAe,CAAC,GAAG,CACjB,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,KAAK,EAAE,EAAE,CACnB,KAAK;SACF,SAAS,CAAC,GAAG,UAAU,KAAK,CAAC;SAC7B,aAAa,CAAC,CAAC,QAAQ,EAAE,EAAE,CAC1B,mBAAmB,CACjB,GAAG,EACH,QAAQ,EACR,KAAK,EACL,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,UAAU,MAAM,CAAC,EAClC,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS,CAC9D,CACF,CACN,CACF,CAAC;IAEF,OAAO,eAAe,CAAC;AACzB,CAAC,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAAG,KAAK,EACpC,GAAkE,EAClE,KAAkB,EAClB,KAA8B,EAC9B,MAAuC,EACvC,EAAE;IACF,MAAM,KAAK,GAAG,GAAG;SACd,IAAI,CAAC,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC,IAAI,CAAC;SAChC,KAAK,CAAC,KAAK,CAAC;SACZ,KAAK,EAAE,CAAC;IACX,IAAI,MAAM,GAAG,MAAM,KAAK,CAAC,KAAK,EAAE,CAAC;IAEjC,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,IAAI,aAAa,CAAC,GAAG,KAAK,CAAC,IAAI,OAAO,MAAM,CAAC,WAAW,EAAE,YAAY,CAAC,CAAC;IAChF,CAAC;IAED,gBAAgB,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;IAC7D,MAAM,GAAG,MAAM,KAAK,CAAC;IACrB,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,IAAI,eAAe,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,MAAM,EAAE,QAAQ,KAAK,CAAC,IAAI,EAAE,EAAE,kCAAkC,CAAC,CAAC;IAC5G,CAAC;IAED,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC;QACjB,MAAM,SAAS,GAAG,MAAM,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,EAAE,EAAE,EAAE,MAAM,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,EAAE,CAAC;QAC9E,MAAM,CAAC,MAAM,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IACnC,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,YAAY,GAAG,KAAK,EAC/B,GAAkE,EAClE,SAAiB,EACjB,EAAU,EACK,EAAE;IACjB,MAAM,KAAK,GAAG,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,KAAK,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,KAAK,EAAE,CAAC;IACxD,gBAAgB,CAAC,GAAG,EAAE,SAAS,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;IAC3D,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC;IACxB,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,MAAM,IAAI,eAAe,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,MAAM,EAAE,QAAQ,SAAS,EAAE,EAAE,2BAA2B,CAAC,CAAC;IACpG,CAAC;AACH,CAAC,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,aAAa,GAAG,KAAK,EAChC,GAAkE,EAClE,KAAkB,EAClB,IAA6B,EAC7B,MAA2B,EACZ,EAAE;IACjB,MAAM,eAAe,GAAG,kBAAkB,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;IAEpE,IAAI,eAAe,KAAK,IAAI,EAAE,CAAC;QAC7B,OAAO;IACT,CAAC;IACD,IAAI,eAAe,KAAK,KAAK,EAAE,CAAC;QAC9B,MAAM,IAAI,eAAe,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,MAAM,EAAE,KAAK,CAAC,MAAM,EAAE,2BAA2B,CAAC,CAAC;IAC7F,CAAC;IAED,MAAM,KAAK,GAAG,GAAG,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC;IAC/B,IAAI,MAAM,GAAG,KAAK,CAAC;IAEnB,KAAK,MAAM,KAAK,IAAI,KAAK,CAAC,MAAM,CAAC,MAAM,CACrC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,SAAS,IAAI,CAAC,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CACxF,EAAE,CAAC;QACF,MAAM,gBAAgB,GAAG,KAAK,CAAC,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC;QAChF,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC;QAC1B,IACE,aAAa,CAAC,KAAK,CAAC,IAAI,IAAI;YAC5B,gBAAgB;YAChB,OAAO,gBAAgB,KAAK,QAAQ;YACpC,CAAC,gBAAgB,CAAC,KAAK,EAAE,QAAQ,CAAC,IAAI,CAAC,EACvC,CAAC;YACD,MAAM,IAAI,eAAe,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,KAAK,CAAC,IAAI,MAAM,KAAK,CAAC,IAAI,EAAE,EAAE,gCAAgC,CAAC,CAAC;QAClH,CAAC;QAED,IAAI,UAAU,CAAC,KAAK,CAAC,EAAE,CAAC;YACtB,MAAM,UAAU,GAAG,KAAK,CAAC,UAAU,IAAI,GAAG,KAAK,CAAC,IAAI,IAAI,CAAC;YACzD,MAAM,SAAS,GAAG,IAAI,CAAC,UAAU,CAAW,CAAC;YAC7C,IAAI,CAAC,SAAS,EAAE,CAAC;gBACf,SAAS;YACX,CAAC;YAED,MAAM,GAAG,IAAI,CAAC;YAEd,MAAM,oBAAoB,GAAG,kBAAkB,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;YAEzE,IAAI,oBAAoB,KAAK,IAAI,EAAE,CAAC;gBAClC,wEAAwE;gBAExE,KAAK,CAAC,MAAM,CACV,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,oDAAoD,EAAE,CAAC,KAAK,CAAC,IAAI,EAAE,SAAS,EAAE,UAAU,CAAC,CAAC,CACxG,CAAC;gBACF,SAAS;YACX,CAAC;YAED,IAAI,oBAAoB,KAAK,KAAK,IAAI,CAAC,oBAAoB,CAAC,MAAM,EAAE,CAAC;gBACnE,MAAM,IAAI,eAAe,CACvB,IAAI,EACJ,MAAM,EACN,QAAQ,KAAK,CAAC,IAAI,MAAM,KAAK,CAAC,IAAI,EAAE,EACpC,2CAA2C,CAC5C,CAAC;YACJ,CAAC;YAED,KAAK,CAAC,MAAM,CACV,GAAG,CAAC,IAAI,CAAC,GAAG,CACV,GAAG,oBAAoB;iBACpB,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE;gBACb,MAAM,QAAQ,GAAG,GAAG,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC;gBACzC,mBAAmB,CAAC,GAAG,EAAE,QAAQ,EAAE,KAAK,EAAE,SAAS,CAAC,CAAC;gBAErD,OAAO,UAAU,QAAQ,CAAC,QAAQ,EAAE,GAAG,CAAC;YAC1C,CAAC,CAAC;iBACD,IAAI,CAAC,MAAM,CAAC,QAAQ,UAAU,GAAG,CACrC,CACF,CAAC;QACJ,CAAC;IACH,CAAC;IAED,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC;IAC1B,IAAI,MAAM,EAAE,CAAC;QACX,IAAI,OAAO,CAAC,GAAG,CAAC,mBAAmB,KAAK,MAAM,EAAE,CAAC;YAC/C,OAAO,CAAC,KAAK,CAAC,OAAO,EAAE,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC;QAC3C,CAAC;QACD,MAAM,SAAS,GAAG,MAAM,KAAK,CAAC;QAC9B,MAAM,UAAU,GAAG,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC;QAC3E,IAAI,UAAU,CAAC,MAAM,EAAE,CAAC;YACtB,MAAM,IAAI,eAAe,CACvB,IAAI,EACJ,MAAM,EACN,QAAQ,KAAK,CAAC,IAAI,EAAE,EACpB,kBAAkB,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CACjF,CAAC;QACJ,CAAC;IACH,CAAC;SAAM,IAAI,MAAM,KAAK,QAAQ,EAAE,CAAC;QAC/B,MAAM,IAAI,eAAe,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,KAAK,CAAC,IAAI,EAAE,EAAE,sBAAsB,CAAC,CAAC;IACxF,CAAC;AACH,CAAC,CAAC;AAEF,MAAM,mBAAmB,GAAG,CAC1B,GAAyC,EACzC,QAA2B,EAC3B,KAAuB,EACvB,EAAoC,EACpC,uBAAgC,EAChC,EAAE;IACF,MAAM,OAAO,GAAG,IAAI,cAAc,EAAE,CAAC;IACrC,IAAI,KAAK,GAAG,OAAO,CAAC,QAAQ,EAAE,CAAC;IAC/B,MAAM,EAAE,IAAI,EAAE,EAAE,EAAE,KAAK,EAAE,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;IAErC,IAAI,EAAE,EAAE,CAAC;QACP,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;YACd,QAAQ,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YAEtB,OAAO;QACT,CAAC;QAED,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC,GAAG,KAAK,KAAK,CAAC,EAAE,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC,CAAC;IACnD,CAAC;IAED,QAAQ,CAAC,IAAI,CAAC,GAAG,IAAI,OAAO,KAAK,EAAE,CAAC,CAAC;IAErC,IAAI,KAAK,EAAE,CAAC;QACV,UAAU,CAAC,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,EAAE,QAAQ,CAAC,EAAE,QAAQ,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC;IACnF,CAAC;IAED,KAAK,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,OAAO,EAAE,KAAK,EAAE,IAAI,KAAK,EAAE,CAAC;QACzD,MAAM,KAAK,GAAG,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;QAClD,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,EAAE,CAAC;QACpC,IAAI,OAAO,EAAE,CAAC;YACZ,QAAQ,CAAC,QAAQ,CAAC,GAAG,IAAI,OAAO,QAAQ,EAAE,EAAE,GAAG,KAAK,IAAI,UAAU,IAAI,IAAI,EAAE,EAAE,GAAG,QAAQ,KAAK,CAAC,CAAC;QAClG,CAAC;aAAM,CAAC;YACN,QAAQ,CAAC,SAAS,CAAC,GAAG,IAAI,OAAO,QAAQ,EAAE,EAAE,GAAG,KAAK,KAAK,EAAE,GAAG,QAAQ,IAAI,UAAU,IAAI,IAAI,EAAE,CAAC,CAAC;QACnG,CAAC;QAED,IAAI,uBAAuB,EAAE,CAAC;YAC5B,QAAQ,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE,CACvB,KAAK;iBACF,KAAK,CAAC,EAAE,CAAC,GAAG,QAAQ,UAAU,CAAC,EAAE,KAAK,EAAE,CAAC;iBACzC,OAAO,CAAC,CAAC,KAAK,EAAE,EAAE,CACjB,KAAK;iBACF,YAAY,CAAC,GAAG,QAAQ,iBAAiB,CAAC;iBAC1C,YAAY,CAAC,GAAG,QAAQ,eAAe,CAAC;iBACxC,QAAQ,CAAC,2CAA2C,EAAE,CAAC,QAAQ,EAAE,uBAAuB,CAAC,CAAC;iBAC1F,QAAQ,CAAC,uCAAuC,EAAE,CAAC,QAAQ,EAAE,uBAAuB,CAAC,CAAC,CAC1F,CACJ,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC,GAAG,QAAQ,UAAU,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC;QACrD,CAAC;QAED,IAAI,KAAK,EAAE,CAAC;YACV,UAAU,CAAC,KAAK,EAAE,QAAQ,EAAE,QAAQ,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC;QACxD,CAAC;QACD,KAAK,GAAG,QAAQ,CAAC;IACnB,CAAC;IAED,QAAQ,CAAC,QAAQ,CAAC,IAAI,KAAK,UAAU,EAAE,EAAE,CAAC,CAAC;AAC7C,CAAC,CAAC;AAEF,MAAM,UAAU,GAAG,CAAC,KAAkB,EAAE,KAAwB,EAAE,KAAa,EAAE,KAAU,EAAE,OAAuB,EAAE,EAAE;IACtH,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACjD,MAAM,QAAQ,GAAG,KAAK,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC;QAE5C,IAAI,QAAQ,EAAE,CAAC;YACb,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,EAAE,CAAC;YAEpC,KAAK,CAAC,QAAQ,CACZ,GAAG,QAAQ,CAAC,WAAW,CAAC,IAAI,OAAO,QAAQ,EAAE,EAC7C,GAAG,KAAK,IAAI,QAAQ,CAAC,KAAK,CAAC,UAAU,IAAI,GAAG,QAAQ,CAAC,KAAK,CAAC,IAAI,IAAI,EAAE,EACrE,GAAG,QAAQ,KAAK,CACjB,CAAC;YACF,UAAU,CAAC,QAAQ,CAAC,WAAW,EAAE,KAAK,EAAE,QAAQ,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC;QACpE,CAAC;aAAM,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;YAChC,KAAK,CAAC,OAAO,CAAC,GAAG,KAAK,IAAI,GAAG,EAAE,EAAE,KAAK,CAAC,CAAC;QAC1C,CAAC;aAAM,CAAC;YACN,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC,GAAG,KAAK,IAAI,GAAG,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC;QAC9C,CAAC;IACH,CAAC;AACH,CAAC,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@smartive/graphql-magic",
|
|
3
|
-
"version": "22.
|
|
3
|
+
"version": "22.5.0",
|
|
4
4
|
"description": "",
|
|
5
5
|
"source": "src/index.ts",
|
|
6
6
|
"type": "module",
|
|
@@ -69,7 +69,7 @@
|
|
|
69
69
|
"@types/jest": "30.0.0",
|
|
70
70
|
"@types/lodash": "4.17.21",
|
|
71
71
|
"@types/luxon": "3.7.1",
|
|
72
|
-
"@types/pg": "8.
|
|
72
|
+
"@types/pg": "8.16.0",
|
|
73
73
|
"conventional-changelog-conventionalcommits": "9.1.0",
|
|
74
74
|
"create-ts-index": "1.14.0",
|
|
75
75
|
"del-cli": "7.0.0",
|
package/src/permissions/check.ts
CHANGED
|
@@ -152,7 +152,7 @@ export const checkCanWrite = async (
|
|
|
152
152
|
throw new PermissionError(getRole(ctx), action, model.plural, 'no applicable permissions');
|
|
153
153
|
}
|
|
154
154
|
|
|
155
|
-
const query = ctx.knex.
|
|
155
|
+
const query = ctx.knex.first();
|
|
156
156
|
let linked = false;
|
|
157
157
|
|
|
158
158
|
for (const field of model.fields.filter(
|
|
@@ -183,7 +183,9 @@ export const checkCanWrite = async (
|
|
|
183
183
|
if (fieldPermissionStack === true) {
|
|
184
184
|
// User can link any entity from this type, just check whether it exists
|
|
185
185
|
|
|
186
|
-
query.
|
|
186
|
+
query.select(
|
|
187
|
+
ctx.knex.raw(`EXISTS(SELECT 1 FROM ?? as a WHERE a.id = ?) as ??`, [field.type, foreignId, foreignKey]),
|
|
188
|
+
);
|
|
187
189
|
continue;
|
|
188
190
|
}
|
|
189
191
|
|
|
@@ -196,10 +198,16 @@ export const checkCanWrite = async (
|
|
|
196
198
|
);
|
|
197
199
|
}
|
|
198
200
|
|
|
199
|
-
|
|
200
|
-
|
|
201
|
-
|
|
202
|
-
|
|
201
|
+
query.select(
|
|
202
|
+
ctx.knex.raw(
|
|
203
|
+
`${fieldPermissionStack
|
|
204
|
+
.map((links) => {
|
|
205
|
+
const subQuery = ctx.knex.queryBuilder();
|
|
206
|
+
permissionLinkQuery(ctx, subQuery, links, foreignId);
|
|
207
|
+
|
|
208
|
+
return `EXISTS(${subQuery.toString()})`;
|
|
209
|
+
})
|
|
210
|
+
.join(' OR ')} as "${foreignKey}"`,
|
|
203
211
|
),
|
|
204
212
|
);
|
|
205
213
|
}
|
|
@@ -211,8 +219,14 @@ export const checkCanWrite = async (
|
|
|
211
219
|
console.debug('QUERY', query.toString());
|
|
212
220
|
}
|
|
213
221
|
const canMutate = await query;
|
|
214
|
-
|
|
215
|
-
|
|
222
|
+
const cannotLink = Object.entries(canMutate).filter(([, value]) => !value);
|
|
223
|
+
if (cannotLink.length) {
|
|
224
|
+
throw new PermissionError(
|
|
225
|
+
role,
|
|
226
|
+
action,
|
|
227
|
+
`this ${model.name}`,
|
|
228
|
+
`cannot link to ${cannotLink.map(([key]) => `${key}: ${data[key]}`).join(', ')}`,
|
|
229
|
+
);
|
|
216
230
|
}
|
|
217
231
|
} else if (action === 'CREATE') {
|
|
218
232
|
throw new PermissionError(role, action, `this ${model.name}`, 'no linkable entities');
|