npm - @snowtop/ent - Versions diffs - 0.1.0-alpha144 → 0.1.0-alpha146 - Mend

@snowtop/ent 0.1.0-alpha144 → 0.1.0-alpha146

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

package/action/orchestrator.d.ts CHANGED Viewed

@@ -8,7 +8,7 @@ import * as clause from "../core/clause";
 type MaybeNull<T extends Ent> = T | null;
 type TMaybleNullableEnt<T extends Ent> = T | MaybeNull<T>;
 export interface OrchestratorOptions<TEnt extends Ent<TViewer>, TInput extends Data, TViewer extends Viewer, TExistingEnt extends TMaybleNullableEnt<TEnt> = MaybeNull<TEnt>> {
-    viewer: Viewer;
+    viewer: TViewer;
     operation: WriteOperation;
     tableName: string;
     loaderOptions: LoadEntOptions<TEnt, TViewer>;
@@ -68,6 +68,7 @@ export declare class Orchestrator<TEnt extends Ent<TViewer>, TInput extends Data
     private getEdgeOperation;
     private buildEdgeOps;
     private throwError;
+    private getRowForPrivacyPolicyImpl;
     private getEntForPrivacyPolicyImpl;
     private getSQLStatementOperation;
     private getWriteOpForSQLStamentOp;

package/action/orchestrator.js CHANGED Viewed

@@ -51,31 +51,38 @@ class edgeInputData {
         return id.placeholderID !== undefined;
     }
 }
-function getViewer(action) {
-    if (!action.viewer.viewerID) {
+function getViewer(viewer) {
+    if (!viewer.viewerID) {
         return "Logged out Viewer";
     }
     else {
-        return `Viewer with ID ${action.viewer.viewerID}`;
+        return `Viewer with ID ${viewer.viewerID}`;
     }
 }
 class EntCannotCreateEntError extends Error {
     constructor(privacyPolicy, action) {
-        let msg = `${getViewer(action)} does not have permission to create ${action.builder.ent.name}`;
+        let msg = `${getViewer(action.viewer)} does not have permission to create ${action.builder.ent.name}`;
         super(msg);
         this.privacyPolicy = privacyPolicy;
     }
 }
 class EntCannotEditEntError extends Error {
     constructor(privacyPolicy, action, ent) {
-        let msg = `${getViewer(action)} does not have permission to edit ${ent.constructor.name}`;
+        let msg = `${getViewer(action.viewer)} does not have permission to edit ${ent.constructor.name}`;
+        super(msg);
+        this.privacyPolicy = privacyPolicy;
+    }
+}
+class EntCannotEditEntFieldError extends Error {
+    constructor(privacyPolicy, viewer, field, ent) {
+        let msg = `${getViewer(viewer)} does not have permission to edit field ${field} ${ent.constructor.name}`;
         super(msg);
         this.privacyPolicy = privacyPolicy;
     }
 }
 class EntCannotDeleteEntError extends Error {
     constructor(privacyPolicy, action, ent) {
-        let msg = `${getViewer(action)} does not have permission to delete ${ent.constructor.name}`;
+        let msg = `${getViewer(action.viewer)} does not have permission to delete ${ent.constructor.name}`;
         super(msg);
         this.privacyPolicy = privacyPolicy;
     }
@@ -314,10 +321,7 @@ class Orchestrator {
         }
         return new EntCannotDeleteEntError(privacyPolicy, action, this.existingEnt);
     }
-    async getEntForPrivacyPolicyImpl(schemaFields, editedData) {
-        if (this.actualOperation !== action_1.WriteOperation.Insert) {
-            return this.existingEnt;
-        }
+    async getRowForPrivacyPolicyImpl(schemaFields, editedData) {
         // need to format fields if possible because ent constructors expect data that's
         // in the format that's coming from the db
         // required for object fields...
@@ -350,8 +354,17 @@ class Orchestrator {
             }
             formatted[dbKey] = val;
         }
+        return formatted;
+    }
+    async getEntForPrivacyPolicyImpl(schemaFields, editedData, viewerToUse, rowToUse) {
+        if (this.actualOperation !== action_1.WriteOperation.Insert) {
+            return this.existingEnt;
+        }
+        if (!rowToUse) {
+            rowToUse = await this.getRowForPrivacyPolicyImpl(schemaFields, editedData);
+        }
         // we create an unsafe ent to be used for privacy policies
-        return new this.options.builder.ent(this.options.builder.viewer, formatted);
+        return new this.options.builder.ent(viewerToUse, rowToUse);
     }
     getSQLStatementOperation() {
         switch (this.actualOperation) {
@@ -382,7 +395,7 @@ class Orchestrator {
             return this.existingEnt;
         }
         const { schemaFields, editedData } = await this.memoizedGetFields();
-        return this.getEntForPrivacyPolicyImpl(schemaFields, editedData);
+        return this.getEntForPrivacyPolicyImpl(schemaFields, editedData, this.options.viewer);
     }
     // this gets the fields that were explicitly set plus any default or transformed values
     // mainly exists to get default fields e.g. default id to be used in triggers
@@ -408,9 +421,17 @@ class Orchestrator {
         const builder = this.options.builder;
         // future optimization: can get schemaFields to memoize based on different values
         const schemaFields = (0, schema_1.getFields)(this.options.schema);
+        // also future optimization, no need to go through the list of fields multiple times
+        const editPrivacyFields = (0, schema_1.getFieldsWithEditPrivacy)(this.options.schema, this.options.fieldInfo);
         const editedFields = await this.options.editedFields();
-        let editedData = await this.getFieldsWithDefaultValues(builder, schemaFields, editedFields, action);
-        return { editedData, editedFields, schemaFields };
+        let { data: editedData, userDefinedKeys } = await this.getFieldsWithDefaultValues(builder, schemaFields, editedFields, action);
+        return {
+            editedData,
+            editedFields,
+            schemaFields,
+            userDefinedKeys,
+            editPrivacyFields,
+        };
     }
     async validate() {
         // existing ent required for edit or delete operations
@@ -421,7 +442,7 @@ class Orchestrator {
                     throw new Error(`existing ent required with operation ${this.actualOperation}`);
                 }
         }
-        const { schemaFields, editedData } = await this.memoizedGetFields();
+        const { schemaFields, editedData, userDefinedKeys, editPrivacyFields } = await this.memoizedGetFields();
         const action = this.options.action;
         const builder = this.options.builder;
         // this runs in following phases:
@@ -430,18 +451,40 @@ class Orchestrator {
         // * triggers
         // * validators
         let privacyPolicy = action?.getPrivacyPolicy();
-        let privacyError = null;
+        const errors = [];
         if (privacyPolicy) {
+            const ent = await this.getEntForPrivacyPolicyImpl(schemaFields, editedData, this.options.viewer);
             try {
-                await (0, privacy_1.applyPrivacyPolicyX)(this.options.viewer, privacyPolicy, await this.getEntForPrivacyPolicyImpl(schemaFields, editedData), this.throwError.bind(this));
+                await (0, privacy_1.applyPrivacyPolicyX)(this.options.viewer, privacyPolicy, ent, () => this.throwError());
             }
             catch (err) {
-                privacyError = err;
+                errors.push(err);
             }
         }
-        // privacyError should return first since it's less confusing
-        if (privacyError !== null) {
-            return [privacyError];
+        // we have edit privacy fields, so we need to apply privacy policy on those
+        const promises = [];
+        if (editPrivacyFields.size) {
+            // get row based on edited data
+            const row = await this.getRowForPrivacyPolicyImpl(schemaFields, editedData);
+            // get viewer for ent load based on formatted row
+            const viewer = await this.viewerForEntLoad(row);
+            const ent = await this.getEntForPrivacyPolicyImpl(schemaFields, editedData, viewer, row);
+            for (const [k, policy] of editPrivacyFields) {
+                if (editedData[k] === undefined || !userDefinedKeys.has(k)) {
+                    continue;
+                }
+                promises.push((async () => {
+                    const r = await (0, privacy_1.applyPrivacyPolicy)(viewer, policy, ent);
+                    if (!r) {
+                        errors.push(new EntCannotEditEntFieldError(policy, viewer, k, ent));
+                    }
+                })());
+            }
+            await Promise.all(promises);
+        }
+        // privacy or field errors should return first so it's less confusing
+        if (errors.length) {
+            return errors;
         }
         // have to run triggers which update fields first before field and other validators
         // so running this first to build things up
@@ -455,11 +498,12 @@ class Orchestrator {
         // not ideal we're calling this twice. fix...
         // needed for now. may need to rewrite some of this?
         const editedFields2 = await this.options.editedFields();
-        const [errors, errs2] = await Promise.all([
+        const [errs2, errs3] = await Promise.all([
             this.formatAndValidateFields(schemaFields, editedFields2),
             this.validators(validators, action, builder),
         ]);
         errors.push(...errs2);
+        errors.push(...errs3);
         return errors;
     }
     async triggers(action, builder, triggers) {
@@ -595,11 +639,15 @@ class Orchestrator {
         }
         // transforming before doing default fields so that we don't create a new id
         // and anything that depends on the type of operations knows what it is
+        const userDefinedKeys = new Set();
         for (const [fieldName, field] of schemaFields) {
             let value = editedFields.get(fieldName);
             let defaultValue = undefined;
             let dbKey = this.getStorageKey(fieldName);
             let updateOnlyIfOther = field.onlyUpdateIfOtherFieldsBeingSet_BETA;
+            if (value !== undefined) {
+                userDefinedKeys.add(dbKey);
+            }
             if (value === undefined) {
                 if (this.actualOperation === action_1.WriteOperation.Insert) {
                     if (field.defaultToViewerOnCreate && field.defaultValueOnCreate) {
@@ -652,7 +700,7 @@ class Orchestrator {
                 this.options.updateInput(this.defaultFieldsByTSName);
             }
         }
-        return data;
+        return { data, userDefinedKeys };
     }
     hasData(data) {
         for (const _k in data) {

package/core/ent.js CHANGED Viewed

@@ -509,11 +509,12 @@ async function doFieldPrivacy(viewer, ent, data, options) {
     }
     const promises = [];
     let somethingChanged = false;
+    const clone = { ...data };
     const origData = {
         ...data,
     };
     for (const [k, policy] of options.fieldPrivacy) {
-        const curr = data[k];
+        const curr = clone[k];
         if (curr === null || curr === undefined) {
             continue;
         }
@@ -521,7 +522,7 @@ async function doFieldPrivacy(viewer, ent, data, options) {
             // don't do anything if key is null or for some reason missing
             const r = await (0, privacy_1.applyPrivacyPolicy)(viewer, policy, ent);
             if (!r) {
-                data[k] = null;
+                clone[k] = null;
                 somethingChanged = true;
             }
         })());
@@ -529,7 +530,7 @@ async function doFieldPrivacy(viewer, ent, data, options) {
     await Promise.all(promises);
     if (somethingChanged) {
         // have to create new instance
-        const ent = new options.ent(viewer, data);
+        const ent = new options.ent(viewer, clone);
         ent.__setRawDBData(origData);
         return ent;
     }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@snowtop/ent",
-  "version": "0.1.0-alpha144",
+  "version": "0.1.0-alpha146",
   "description": "snowtop ent framework",
   "main": "index.js",
   "types": "index.d.ts",

package/parse_schema/parse.d.ts CHANGED Viewed

@@ -53,6 +53,7 @@ type ProcessedField = Omit<Field, "defaultValueOnEdit" | "defaultValueOnCreate"
     hasDefaultValueOnEdit?: boolean;
     patternName?: string;
     hasFieldPrivacy?: boolean;
+    hasEditFieldPrivacy?: boolean;
     derivedFields?: ProcessedField[];
     type: ProcessedType;
     serverDefault?: string;

package/parse_schema/parse.js CHANGED Viewed

@@ -26,6 +26,7 @@ async function processFields(src, patternName) {
         f.hasDefaultValueOnCreate = field.defaultValueOnCreate != undefined;
         f.hasDefaultValueOnEdit = field.defaultValueOnEdit != undefined;
         f.hasFieldPrivacy = field.privacyPolicy !== undefined;
+        f.hasEditFieldPrivacy = field.editPrivacyPolicy !== undefined;
         if (field.polymorphic) {
             // convert boolean into object
             // we keep boolean as an option to keep API simple

package/schema/index.d.ts CHANGED Viewed

@@ -1,6 +1,6 @@
 import Schema from "./schema";
 export { Schema };
-export { Field, AssocEdge, AssocEdgeGroup, InverseAssocEdge, Edge, Pattern, DBType, Type, FieldOptions, SchemaConstructor, SchemaInputType, getFields, getFieldsWithPrivacy, getStorageKey, ActionOperation, Action, EdgeAction, NoFields, FieldMap, Constraint, Index, ConstraintType, ForeignKeyInfo, requiredField, optionalField, UpdateOperation, TransformedUpdateOperation, SQLStatementOperation, EdgeUpdateOperation, TransformedEdgeUpdateOperation, getTransformedReadClause, getObjectLoaderProperties, GlobalSchema, ActionField, } from "./schema";
+export { Field, AssocEdge, AssocEdgeGroup, InverseAssocEdge, Edge, Pattern, DBType, Type, FieldOptions, SchemaConstructor, SchemaInputType, getFields, getFieldsWithPrivacy, getFieldsWithEditPrivacy, getStorageKey, ActionOperation, Action, EdgeAction, NoFields, FieldMap, Constraint, Index, ConstraintType, ForeignKeyInfo, requiredField, optionalField, UpdateOperation, TransformedUpdateOperation, SQLStatementOperation, EdgeUpdateOperation, TransformedEdgeUpdateOperation, getTransformedReadClause, getObjectLoaderProperties, GlobalSchema, ActionField, } from "./schema";
 export { Timestamps, Node, BaseEntSchema, BaseEntSchemaWithTZ, EntSchema, EntSchemaWithTZ, SchemaConfig, } from "./base_schema";
 export * from "./field";
 export * from "./json_field";

package/schema/index.js CHANGED Viewed

@@ -14,11 +14,12 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
     for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.EntSchemaWithTZ = exports.EntSchema = exports.BaseEntSchemaWithTZ = exports.BaseEntSchema = exports.Node = exports.Timestamps = exports.getObjectLoaderProperties = exports.getTransformedReadClause = exports.SQLStatementOperation = exports.optionalField = exports.requiredField = exports.ConstraintType = exports.NoFields = exports.ActionOperation = exports.getStorageKey = exports.getFieldsWithPrivacy = exports.getFields = exports.DBType = void 0;
+exports.EntSchemaWithTZ = exports.EntSchema = exports.BaseEntSchemaWithTZ = exports.BaseEntSchema = exports.Node = exports.Timestamps = exports.getObjectLoaderProperties = exports.getTransformedReadClause = exports.SQLStatementOperation = exports.optionalField = exports.requiredField = exports.ConstraintType = exports.NoFields = exports.ActionOperation = exports.getStorageKey = exports.getFieldsWithEditPrivacy = exports.getFieldsWithPrivacy = exports.getFields = exports.DBType = void 0;
 var schema_1 = require("./schema");
 Object.defineProperty(exports, "DBType", { enumerable: true, get: function () { return schema_1.DBType; } });
 Object.defineProperty(exports, "getFields", { enumerable: true, get: function () { return schema_1.getFields; } });
 Object.defineProperty(exports, "getFieldsWithPrivacy", { enumerable: true, get: function () { return schema_1.getFieldsWithPrivacy; } });
+Object.defineProperty(exports, "getFieldsWithEditPrivacy", { enumerable: true, get: function () { return schema_1.getFieldsWithEditPrivacy; } });
 Object.defineProperty(exports, "getStorageKey", { enumerable: true, get: function () { return schema_1.getStorageKey; } });
 Object.defineProperty(exports, "ActionOperation", { enumerable: true, get: function () { return schema_1.ActionOperation; } });
 Object.defineProperty(exports, "NoFields", { enumerable: true, get: function () { return schema_1.NoFields; } });

package/schema/schema.d.ts CHANGED Viewed

@@ -234,6 +234,7 @@ export interface FieldOptions {
     derivedWhenEmbedded?: boolean;
     polymorphic?: boolean | PolymorphicOptions;
     privacyPolicy?: PrivacyPolicy | (() => PrivacyPolicy);
+    editPrivacyPolicy?: PrivacyPolicy | (() => PrivacyPolicy);
     getDerivedFields?(name: string): FieldMap;
     convert?: ConvertType;
     fetchOnDemand?: boolean;
@@ -265,7 +266,8 @@ export declare function getFields(value: SchemaInputType): Map<string, Field>;
  * @deprecated should only be used by tests
  */
 export declare function getStorageKey(field: Field, fieldName: string): string;
-export declare function getFieldsWithPrivacy(value: SchemaInputType, fieldMap: FieldInfoMap): Map<string, PrivacyPolicy>;
+export declare function getFieldsWithPrivacy(value: SchemaInputType, fieldInfoMap: FieldInfoMap): Map<string, PrivacyPolicy>;
+export declare function getFieldsWithEditPrivacy(value: SchemaInputType, fieldInfoMap: FieldInfoMap): Map<string, PrivacyPolicy>;
 export declare function getTransformedReadClause(value: SchemaInputType): Clause | undefined;
 interface objectLoaderOptions {
     clause?: () => Clause | undefined;

package/schema/schema.js CHANGED Viewed

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.ConstraintType = exports.optionalField = exports.requiredField = exports.NoFields = exports.ActionOperation = exports.getTransformedUpdateOp = exports.getObjectLoaderProperties = exports.getTransformedReadClause = exports.getFieldsWithPrivacy = exports.getStorageKey = exports.getFields = exports.getSchema = exports.DBType = exports.SQLStatementOperation = void 0;
+exports.ConstraintType = exports.optionalField = exports.requiredField = exports.NoFields = exports.ActionOperation = exports.getTransformedUpdateOp = exports.getObjectLoaderProperties = exports.getTransformedReadClause = exports.getFieldsWithEditPrivacy = exports.getFieldsWithPrivacy = exports.getStorageKey = exports.getFields = exports.getSchema = exports.DBType = exports.SQLStatementOperation = void 0;
 const snake_case_1 = require("snake-case");
 // we also want this transformation to exist on a per-action basis
 // if it exists on an action, we don't do the global schema transformation
@@ -85,49 +85,31 @@ function getStorageKey(field, fieldName) {
 }
 exports.getStorageKey = getStorageKey;
 // returns a mapping of storage key to field privacy
-function getFieldsWithPrivacy(value, fieldMap) {
+function getFieldsWithPrivacy(value, fieldInfoMap) {
+    return getFieldsWithPrivacyImpl(value, fieldInfoMap, "privacyPolicy");
+}
+exports.getFieldsWithPrivacy = getFieldsWithPrivacy;
+function getFieldsWithEditPrivacy(value, fieldInfoMap) {
+    return getFieldsWithPrivacyImpl(value, fieldInfoMap, "editPrivacyPolicy");
+}
+exports.getFieldsWithEditPrivacy = getFieldsWithEditPrivacy;
+function getFieldsWithPrivacyImpl(value, fieldInfoMap, key) {
     const schema = getSchema(value);
     function addFields(fields) {
-        if (Array.isArray(fields)) {
-            for (const field of fields) {
-                const name = field.name;
-                if (!field.name) {
-                    throw new Error(`name required`);
-                }
-                if (field.getDerivedFields !== undefined) {
-                    addFields(field.getDerivedFields(name));
-                }
-                if (field.privacyPolicy) {
-                    let privacyPolicy;
-                    if (typeof field.privacyPolicy === "function") {
-                        privacyPolicy = field.privacyPolicy();
-                    }
-                    else {
-                        privacyPolicy = field.privacyPolicy;
-                    }
-                    const info = fieldMap[name];
-                    if (!info) {
-                        throw new Error(`field with name ${name} not passed in fieldMap`);
-                    }
-                    m.set(info.dbCol, privacyPolicy);
-                }
-            }
-            return;
-        }
         for (const name in fields) {
             const field = fields[name];
+            if (field.dbOnly) {
+                continue;
+            }
             if (field.getDerivedFields !== undefined) {
                 addFields(field.getDerivedFields(name));
             }
-            if (field.privacyPolicy) {
-                let privacyPolicy;
-                if (typeof field.privacyPolicy === "function") {
-                    privacyPolicy = field.privacyPolicy();
-                }
-                else {
-                    privacyPolicy = field.privacyPolicy;
+            let privacyPolicy = field[key];
+            if (privacyPolicy) {
+                if (typeof privacyPolicy === "function") {
+                    privacyPolicy = privacyPolicy();
                 }
-                const info = fieldMap[name];
+                const info = fieldInfoMap[name];
                 if (!info) {
                     throw new Error(`field with name ${name} not passed in fieldMap`);
                 }
@@ -144,7 +126,6 @@ function getFieldsWithPrivacy(value, fieldMap) {
     addFields(schema.fields);
     return m;
 }
-exports.getFieldsWithPrivacy = getFieldsWithPrivacy;
 function getTransformedReadClause(value) {
     const schema = getSchema(value);
     if (!schema.patterns) {