@snowtop/ent 0.2.0-alpha.9 → 0.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/core/privacy.d.ts +109 -0
- package/core/privacy.js +168 -1
- package/graphql/node_resolver.js +8 -7
- package/package.json +1 -1
- package/schema/field.js +2 -2
- package/schema/schema.d.ts +0 -1
- package/schema/struct_field.js +35 -11
- package/testutils/db/temp_db.js +1 -1
- package/tsc/compilerOptions.d.ts +1 -0
- package/tsc/compilerOptions.js +32 -1
package/core/privacy.d.ts
CHANGED
|
@@ -119,18 +119,64 @@ export declare class AllowIfEdgeExistsRule implements PrivacyPolicyRule {
|
|
|
119
119
|
constructor(id1: ID, id2: ID, edgeType: string, options?: EdgeQueryableDataOptionsConfigureLoader | undefined);
|
|
120
120
|
apply(v: Viewer, _ent?: Ent): Promise<PrivacyResult>;
|
|
121
121
|
}
|
|
122
|
+
export declare class AllowIfEdgeDoesNotExistRule implements PrivacyPolicyRule {
|
|
123
|
+
private id1;
|
|
124
|
+
private id2;
|
|
125
|
+
private edgeType;
|
|
126
|
+
private options?;
|
|
127
|
+
constructor(id1: ID, id2: ID, edgeType: string, options?: EdgeQueryableDataOptionsConfigureLoader | undefined);
|
|
128
|
+
apply(v: Viewer, _ent?: Ent): Promise<PrivacyResult>;
|
|
129
|
+
}
|
|
130
|
+
/**
|
|
131
|
+
* @deprecated use AllowIfEdgeExistsFromViewerToEntRule
|
|
132
|
+
* This is a privacy policy rule that checks if the viewer has an inbound edge to the ent.
|
|
133
|
+
* e.g. does edge exist from viewer's id to ent's id
|
|
134
|
+
*/
|
|
122
135
|
export declare class AllowIfViewerInboundEdgeExistsRule implements PrivacyPolicyRule {
|
|
123
136
|
private edgeType;
|
|
124
137
|
private options?;
|
|
125
138
|
constructor(edgeType: string, options?: EdgeQueryableDataOptionsConfigureLoader | undefined);
|
|
126
139
|
apply(v: Viewer, ent?: Ent): Promise<PrivacyResult>;
|
|
127
140
|
}
|
|
141
|
+
/**
|
|
142
|
+
* This is a privacy policy rule that checks if edge exists from viewer's id to ent's id
|
|
143
|
+
* Allows the viewer to see the ent if the edge exists
|
|
144
|
+
*/
|
|
145
|
+
export declare class AllowIfEdgeExistsFromViewerToEntRule extends AllowIfViewerInboundEdgeExistsRule {
|
|
146
|
+
}
|
|
147
|
+
/**
|
|
148
|
+
* @deprecated use AllowIfEdgeExistsFromEntToViewerRule
|
|
149
|
+
* This is a privacy policy rule that checks if the viewer has an outbound edge to the ent.
|
|
150
|
+
* e.g. does edge exist from ent's id to viewer's id
|
|
151
|
+
*/
|
|
128
152
|
export declare class AllowIfViewerOutboundEdgeExistsRule implements PrivacyPolicyRule {
|
|
129
153
|
private edgeType;
|
|
130
154
|
private options?;
|
|
131
155
|
constructor(edgeType: string, options?: EdgeQueryableDataOptionsConfigureLoader | undefined);
|
|
132
156
|
apply(v: Viewer, ent?: Ent): Promise<PrivacyResult>;
|
|
133
157
|
}
|
|
158
|
+
/**
|
|
159
|
+
* This is a privacy policy rule that checks if edge exists from ent's id to viewer's id
|
|
160
|
+
*/
|
|
161
|
+
export declare class AllowIfEdgeExistsFromEntToViewerRule extends AllowIfViewerOutboundEdgeExistsRule {
|
|
162
|
+
}
|
|
163
|
+
/**
|
|
164
|
+
* This is a privacy policy rule that checks if edge exists from viewer to id of given ent property
|
|
165
|
+
*/
|
|
166
|
+
export declare class AllowIfEdgeExistsFromViewerToEntPropertyRule<T extends Ent> implements PrivacyPolicyRule {
|
|
167
|
+
private property;
|
|
168
|
+
private edgeType;
|
|
169
|
+
private options?;
|
|
170
|
+
constructor(property: keyof T, edgeType: string, options?: EdgeQueryableDataOptionsConfigureLoader | undefined);
|
|
171
|
+
apply(v: Viewer, ent?: T): Promise<PrivacyResult>;
|
|
172
|
+
}
|
|
173
|
+
export declare class AllowIfEdgeExistsFromEntPropertyToViewerRule<T extends Ent> implements PrivacyPolicyRule {
|
|
174
|
+
private property;
|
|
175
|
+
private edgeType;
|
|
176
|
+
private options?;
|
|
177
|
+
constructor(property: keyof T, edgeType: string, options?: EdgeQueryableDataOptionsConfigureLoader | undefined);
|
|
178
|
+
apply(v: Viewer, ent?: T): Promise<PrivacyResult>;
|
|
179
|
+
}
|
|
134
180
|
export declare class DenyIfEdgeExistsRule implements PrivacyPolicyRule {
|
|
135
181
|
private id1;
|
|
136
182
|
private id2;
|
|
@@ -139,18 +185,67 @@ export declare class DenyIfEdgeExistsRule implements PrivacyPolicyRule {
|
|
|
139
185
|
constructor(id1: ID, id2: ID, edgeType: string, options?: EdgeQueryableDataOptionsConfigureLoader | undefined);
|
|
140
186
|
apply(v: Viewer, _ent?: Ent): Promise<PrivacyResult>;
|
|
141
187
|
}
|
|
188
|
+
/**
|
|
189
|
+
* @deprecated use DenyIfEdgeExistsFromViewerToEntRule
|
|
190
|
+
*/
|
|
142
191
|
export declare class DenyIfViewerInboundEdgeExistsRule implements PrivacyPolicyRule {
|
|
143
192
|
private edgeType;
|
|
144
193
|
private options?;
|
|
145
194
|
constructor(edgeType: string, options?: EdgeQueryableDataOptionsConfigureLoader | undefined);
|
|
146
195
|
apply(v: Viewer, ent?: Ent): Promise<PrivacyResult>;
|
|
147
196
|
}
|
|
197
|
+
/**
|
|
198
|
+
* This is a privacy policy rule that checks if edge exists from viewer's id to ent's id
|
|
199
|
+
* Denies the viewer from seeing the ent if the edge exists
|
|
200
|
+
*/
|
|
201
|
+
export declare class DenyIfEdgeExistsFromViewerToEntRule extends DenyIfViewerInboundEdgeExistsRule {
|
|
202
|
+
}
|
|
203
|
+
/**
|
|
204
|
+
* @deprecated use DenyIfEdgeExistsFromEntToViewerRule
|
|
205
|
+
*/
|
|
148
206
|
export declare class DenyIfViewerOutboundEdgeExistsRule implements PrivacyPolicyRule {
|
|
149
207
|
private edgeType;
|
|
150
208
|
private options?;
|
|
151
209
|
constructor(edgeType: string, options?: EdgeQueryableDataOptionsConfigureLoader | undefined);
|
|
152
210
|
apply(v: Viewer, ent?: Ent): Promise<PrivacyResult>;
|
|
153
211
|
}
|
|
212
|
+
/**
|
|
213
|
+
* This is a privacy policy rule that checks if edge exists from ent's id to viewer's id
|
|
214
|
+
*/
|
|
215
|
+
export declare class DenyIfEdgeExistsFromEntToViewerRule extends DenyIfViewerOutboundEdgeExistsRule {
|
|
216
|
+
}
|
|
217
|
+
/**
|
|
218
|
+
* @deprecated use DenyIfEdgeExistsFromViewerToEntPropertyRule
|
|
219
|
+
*/
|
|
220
|
+
export declare class DenyIfViewerInboundEdgeToEntPropertyExistsRule<T extends Ent> implements PrivacyPolicyRule {
|
|
221
|
+
private property;
|
|
222
|
+
private edgeType;
|
|
223
|
+
private options?;
|
|
224
|
+
constructor(property: keyof T, edgeType: string, options?: EdgeQueryableDataOptionsConfigureLoader | undefined);
|
|
225
|
+
apply(v: Viewer, ent?: T): Promise<PrivacyResult>;
|
|
226
|
+
}
|
|
227
|
+
/**
|
|
228
|
+
* This is a privacy policy rule that checks if edge exists from viewer's id to ent's id
|
|
229
|
+
* Denies the viewer from seeing the ent if the edge exists
|
|
230
|
+
*/
|
|
231
|
+
export declare class DenyIfEdgeExistsFromViewerToEntPropertyRule<T extends Ent> extends DenyIfViewerInboundEdgeToEntPropertyExistsRule<T> {
|
|
232
|
+
}
|
|
233
|
+
/**
|
|
234
|
+
* @deprecated use DenyIfEdgeExistsFromEntToViewerPropertyRule
|
|
235
|
+
*/
|
|
236
|
+
export declare class DenyIfViewerOutboundEdgeToEntPropertyExistsRule<T extends Ent> implements PrivacyPolicyRule {
|
|
237
|
+
private property;
|
|
238
|
+
private edgeType;
|
|
239
|
+
private options?;
|
|
240
|
+
constructor(property: keyof T, edgeType: string, options?: EdgeQueryableDataOptionsConfigureLoader | undefined);
|
|
241
|
+
apply(v: Viewer, ent?: T): Promise<PrivacyResult>;
|
|
242
|
+
}
|
|
243
|
+
/**
|
|
244
|
+
* This is a privacy policy rule that checks if edge exists from ent's id to viewer's id
|
|
245
|
+
* Denies the viewer from seeing the ent if the edge exists
|
|
246
|
+
*/
|
|
247
|
+
export declare class DenyIfEdgeExistsFromEntPropertyToViewerRule<T extends Ent> extends DenyIfViewerOutboundEdgeToEntPropertyExistsRule<T> {
|
|
248
|
+
}
|
|
154
249
|
export declare class DenyIfEdgeDoesNotExistRule implements PrivacyPolicyRule {
|
|
155
250
|
private id1;
|
|
156
251
|
private id2;
|
|
@@ -171,6 +266,20 @@ export declare class DenyIfViewerOutboundEdgeDoesNotExistRule implements Privacy
|
|
|
171
266
|
constructor(edgeType: string, options?: EdgeQueryableDataOptionsConfigureLoader | undefined);
|
|
172
267
|
apply(v: Viewer, ent?: Ent): Promise<PrivacyResult>;
|
|
173
268
|
}
|
|
269
|
+
export declare class DenyIfViewerInboundEdgeToEntPropertyDoesNotExistRule<T extends Ent> implements PrivacyPolicyRule {
|
|
270
|
+
private property;
|
|
271
|
+
private edgeType;
|
|
272
|
+
private options?;
|
|
273
|
+
constructor(property: keyof T, edgeType: string, options?: EdgeQueryableDataOptionsConfigureLoader | undefined);
|
|
274
|
+
apply(v: Viewer, ent?: T): Promise<PrivacyResult>;
|
|
275
|
+
}
|
|
276
|
+
export declare class DenyIfViewerOutboundEdgeToEntPropertyDoesNotExistRule<T extends Ent> implements PrivacyPolicyRule {
|
|
277
|
+
private property;
|
|
278
|
+
private edgeType;
|
|
279
|
+
private options?;
|
|
280
|
+
constructor(property: keyof T, edgeType: string, options?: EdgeQueryableDataOptionsConfigureLoader | undefined);
|
|
281
|
+
apply(v: Viewer, ent?: T): Promise<PrivacyResult>;
|
|
282
|
+
}
|
|
174
283
|
export declare class AllowIfConditionAppliesRule implements PrivacyPolicyRule {
|
|
175
284
|
private fn;
|
|
176
285
|
private rule;
|
package/core/privacy.js
CHANGED
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.
|
|
3
|
+
exports.AlwaysAllowPrivacyPolicy = exports.applyPrivacyPolicyImpl = exports.applyPrivacyPolicyX = exports.applyPrivacyPolicy = exports.AllowIfSubPolicyAllowsRule = exports.DelayedResultRule = exports.AllowIfConditionAppliesRule = exports.DenyIfViewerOutboundEdgeToEntPropertyDoesNotExistRule = exports.DenyIfViewerInboundEdgeToEntPropertyDoesNotExistRule = exports.DenyIfViewerOutboundEdgeDoesNotExistRule = exports.DenyIfViewerInboundEdgeDoesNotExistRule = exports.DenyIfEdgeDoesNotExistRule = exports.DenyIfEdgeExistsFromEntPropertyToViewerRule = exports.DenyIfViewerOutboundEdgeToEntPropertyExistsRule = exports.DenyIfEdgeExistsFromViewerToEntPropertyRule = exports.DenyIfViewerInboundEdgeToEntPropertyExistsRule = exports.DenyIfEdgeExistsFromEntToViewerRule = exports.DenyIfViewerOutboundEdgeExistsRule = exports.DenyIfEdgeExistsFromViewerToEntRule = exports.DenyIfViewerInboundEdgeExistsRule = exports.DenyIfEdgeExistsRule = exports.AllowIfEdgeExistsFromEntPropertyToViewerRule = exports.AllowIfEdgeExistsFromViewerToEntPropertyRule = exports.AllowIfEdgeExistsFromEntToViewerRule = exports.AllowIfViewerOutboundEdgeExistsRule = exports.AllowIfEdgeExistsFromViewerToEntRule = exports.AllowIfViewerInboundEdgeExistsRule = exports.AllowIfEdgeDoesNotExistRule = exports.AllowIfEdgeExistsRule = exports.DenyIfEntIsNotVisibleRule = exports.DenyIfEntIsVisibleRule = exports.DenyIfEntIsVisiblePolicy = exports.AllowIfEntIsVisiblePolicy = exports.AllowIfEntIsNotVisibleRule = exports.AllowIfEntIsVisibleRule = exports.DenyIfEntPropertyIsRule = exports.AllowIfEntPropertyIsRule = exports.AllowIfViewerIsEntPropertyRule = exports.AllowIfViewerIsRule = exports.DenyIfFuncRule = exports.AllowIfFuncRule = exports.DenyIfViewerEqualsRule = exports.AllowIfViewerEqualsRule = exports.AllowIfViewerRule = exports.AllowIfHasIdentity = exports.DenyIfLoggedInRule = exports.DenyIfLoggedOutRule = exports.AlwaysDenyRule = exports.AlwaysAllowRule = exports.EntPrivacyError = void 0;
|
|
4
|
+
exports.AllowIfViewerHasIdentityPrivacyPolicy = exports.AllowIfViewerPrivacyPolicy = exports.AlwaysDenyPrivacyPolicy = void 0;
|
|
4
5
|
const types_1 = require("util/types");
|
|
5
6
|
const base_1 = require("./base");
|
|
6
7
|
const ent_1 = require("./ent");
|
|
@@ -278,6 +279,23 @@ async function allowIfEdgeExistsRule(id1, id2, edgeType, context, options) {
|
|
|
278
279
|
}
|
|
279
280
|
return (0, base_1.Skip)();
|
|
280
281
|
}
|
|
282
|
+
async function allowIfEdgeDoesNotExistRule(id1, id2, edgeType, context, options) {
|
|
283
|
+
if (!id1 || !id2) {
|
|
284
|
+
return (0, base_1.Allow)();
|
|
285
|
+
}
|
|
286
|
+
const edge = await (0, ent_1.loadEdgeForID2)({
|
|
287
|
+
id1,
|
|
288
|
+
edgeType,
|
|
289
|
+
id2,
|
|
290
|
+
context,
|
|
291
|
+
ctr: ent_1.AssocEdge,
|
|
292
|
+
queryOptions: options,
|
|
293
|
+
});
|
|
294
|
+
if (!edge) {
|
|
295
|
+
return (0, base_1.Allow)();
|
|
296
|
+
}
|
|
297
|
+
return (0, base_1.Skip)();
|
|
298
|
+
}
|
|
281
299
|
class AllowIfEdgeExistsRule {
|
|
282
300
|
constructor(id1, id2, edgeType, options) {
|
|
283
301
|
this.id1 = id1;
|
|
@@ -290,6 +308,23 @@ class AllowIfEdgeExistsRule {
|
|
|
290
308
|
}
|
|
291
309
|
}
|
|
292
310
|
exports.AllowIfEdgeExistsRule = AllowIfEdgeExistsRule;
|
|
311
|
+
class AllowIfEdgeDoesNotExistRule {
|
|
312
|
+
constructor(id1, id2, edgeType, options) {
|
|
313
|
+
this.id1 = id1;
|
|
314
|
+
this.id2 = id2;
|
|
315
|
+
this.edgeType = edgeType;
|
|
316
|
+
this.options = options;
|
|
317
|
+
}
|
|
318
|
+
async apply(v, _ent) {
|
|
319
|
+
return allowIfEdgeDoesNotExistRule(this.id1, this.id2, this.edgeType, v.context, this.options);
|
|
320
|
+
}
|
|
321
|
+
}
|
|
322
|
+
exports.AllowIfEdgeDoesNotExistRule = AllowIfEdgeDoesNotExistRule;
|
|
323
|
+
/**
|
|
324
|
+
* @deprecated use AllowIfEdgeExistsFromViewerToEntRule
|
|
325
|
+
* This is a privacy policy rule that checks if the viewer has an inbound edge to the ent.
|
|
326
|
+
* e.g. does edge exist from viewer's id to ent's id
|
|
327
|
+
*/
|
|
293
328
|
class AllowIfViewerInboundEdgeExistsRule {
|
|
294
329
|
constructor(edgeType, options) {
|
|
295
330
|
this.edgeType = edgeType;
|
|
@@ -300,6 +335,18 @@ class AllowIfViewerInboundEdgeExistsRule {
|
|
|
300
335
|
}
|
|
301
336
|
}
|
|
302
337
|
exports.AllowIfViewerInboundEdgeExistsRule = AllowIfViewerInboundEdgeExistsRule;
|
|
338
|
+
/**
|
|
339
|
+
* This is a privacy policy rule that checks if edge exists from viewer's id to ent's id
|
|
340
|
+
* Allows the viewer to see the ent if the edge exists
|
|
341
|
+
*/
|
|
342
|
+
class AllowIfEdgeExistsFromViewerToEntRule extends AllowIfViewerInboundEdgeExistsRule {
|
|
343
|
+
}
|
|
344
|
+
exports.AllowIfEdgeExistsFromViewerToEntRule = AllowIfEdgeExistsFromViewerToEntRule;
|
|
345
|
+
/**
|
|
346
|
+
* @deprecated use AllowIfEdgeExistsFromEntToViewerRule
|
|
347
|
+
* This is a privacy policy rule that checks if the viewer has an outbound edge to the ent.
|
|
348
|
+
* e.g. does edge exist from ent's id to viewer's id
|
|
349
|
+
*/
|
|
303
350
|
class AllowIfViewerOutboundEdgeExistsRule {
|
|
304
351
|
constructor(edgeType, options) {
|
|
305
352
|
this.edgeType = edgeType;
|
|
@@ -310,6 +357,39 @@ class AllowIfViewerOutboundEdgeExistsRule {
|
|
|
310
357
|
}
|
|
311
358
|
}
|
|
312
359
|
exports.AllowIfViewerOutboundEdgeExistsRule = AllowIfViewerOutboundEdgeExistsRule;
|
|
360
|
+
/**
|
|
361
|
+
* This is a privacy policy rule that checks if edge exists from ent's id to viewer's id
|
|
362
|
+
*/
|
|
363
|
+
class AllowIfEdgeExistsFromEntToViewerRule extends AllowIfViewerOutboundEdgeExistsRule {
|
|
364
|
+
}
|
|
365
|
+
exports.AllowIfEdgeExistsFromEntToViewerRule = AllowIfEdgeExistsFromEntToViewerRule;
|
|
366
|
+
/**
|
|
367
|
+
* This is a privacy policy rule that checks if edge exists from viewer to id of given ent property
|
|
368
|
+
*/
|
|
369
|
+
class AllowIfEdgeExistsFromViewerToEntPropertyRule {
|
|
370
|
+
constructor(property, edgeType, options) {
|
|
371
|
+
this.property = property;
|
|
372
|
+
this.edgeType = edgeType;
|
|
373
|
+
this.options = options;
|
|
374
|
+
}
|
|
375
|
+
async apply(v, ent) {
|
|
376
|
+
const result = ent && ent[this.property];
|
|
377
|
+
return allowIfEdgeExistsRule(v.viewerID, result, this.edgeType, v.context, this.options);
|
|
378
|
+
}
|
|
379
|
+
}
|
|
380
|
+
exports.AllowIfEdgeExistsFromViewerToEntPropertyRule = AllowIfEdgeExistsFromViewerToEntPropertyRule;
|
|
381
|
+
class AllowIfEdgeExistsFromEntPropertyToViewerRule {
|
|
382
|
+
constructor(property, edgeType, options) {
|
|
383
|
+
this.property = property;
|
|
384
|
+
this.edgeType = edgeType;
|
|
385
|
+
this.options = options;
|
|
386
|
+
}
|
|
387
|
+
async apply(v, ent) {
|
|
388
|
+
const result = ent && ent[this.property];
|
|
389
|
+
return allowIfEdgeExistsRule(result, v.viewerID, this.edgeType, v.context, this.options);
|
|
390
|
+
}
|
|
391
|
+
}
|
|
392
|
+
exports.AllowIfEdgeExistsFromEntPropertyToViewerRule = AllowIfEdgeExistsFromEntPropertyToViewerRule;
|
|
313
393
|
async function denyIfEdgeExistsRule(id1, id2, edgeType, context, options) {
|
|
314
394
|
// edge doesn't exist if no viewer
|
|
315
395
|
if (id1 && id2) {
|
|
@@ -357,6 +437,9 @@ class DenyIfEdgeExistsRule {
|
|
|
357
437
|
}
|
|
358
438
|
}
|
|
359
439
|
exports.DenyIfEdgeExistsRule = DenyIfEdgeExistsRule;
|
|
440
|
+
/**
|
|
441
|
+
* @deprecated use DenyIfEdgeExistsFromViewerToEntRule
|
|
442
|
+
*/
|
|
360
443
|
class DenyIfViewerInboundEdgeExistsRule {
|
|
361
444
|
constructor(edgeType, options) {
|
|
362
445
|
this.edgeType = edgeType;
|
|
@@ -367,6 +450,16 @@ class DenyIfViewerInboundEdgeExistsRule {
|
|
|
367
450
|
}
|
|
368
451
|
}
|
|
369
452
|
exports.DenyIfViewerInboundEdgeExistsRule = DenyIfViewerInboundEdgeExistsRule;
|
|
453
|
+
/**
|
|
454
|
+
* This is a privacy policy rule that checks if edge exists from viewer's id to ent's id
|
|
455
|
+
* Denies the viewer from seeing the ent if the edge exists
|
|
456
|
+
*/
|
|
457
|
+
class DenyIfEdgeExistsFromViewerToEntRule extends DenyIfViewerInboundEdgeExistsRule {
|
|
458
|
+
}
|
|
459
|
+
exports.DenyIfEdgeExistsFromViewerToEntRule = DenyIfEdgeExistsFromViewerToEntRule;
|
|
460
|
+
/**
|
|
461
|
+
* @deprecated use DenyIfEdgeExistsFromEntToViewerRule
|
|
462
|
+
*/
|
|
370
463
|
class DenyIfViewerOutboundEdgeExistsRule {
|
|
371
464
|
constructor(edgeType, options) {
|
|
372
465
|
this.edgeType = edgeType;
|
|
@@ -377,6 +470,56 @@ class DenyIfViewerOutboundEdgeExistsRule {
|
|
|
377
470
|
}
|
|
378
471
|
}
|
|
379
472
|
exports.DenyIfViewerOutboundEdgeExistsRule = DenyIfViewerOutboundEdgeExistsRule;
|
|
473
|
+
/**
|
|
474
|
+
* This is a privacy policy rule that checks if edge exists from ent's id to viewer's id
|
|
475
|
+
*/
|
|
476
|
+
class DenyIfEdgeExistsFromEntToViewerRule extends DenyIfViewerOutboundEdgeExistsRule {
|
|
477
|
+
}
|
|
478
|
+
exports.DenyIfEdgeExistsFromEntToViewerRule = DenyIfEdgeExistsFromEntToViewerRule;
|
|
479
|
+
/**
|
|
480
|
+
* @deprecated use DenyIfEdgeExistsFromViewerToEntPropertyRule
|
|
481
|
+
*/
|
|
482
|
+
class DenyIfViewerInboundEdgeToEntPropertyExistsRule {
|
|
483
|
+
constructor(property, edgeType, options) {
|
|
484
|
+
this.property = property;
|
|
485
|
+
this.edgeType = edgeType;
|
|
486
|
+
this.options = options;
|
|
487
|
+
}
|
|
488
|
+
async apply(v, ent) {
|
|
489
|
+
const result = ent && ent[this.property];
|
|
490
|
+
return denyIfEdgeExistsRule(v.viewerID, result, this.edgeType, v.context, this.options);
|
|
491
|
+
}
|
|
492
|
+
}
|
|
493
|
+
exports.DenyIfViewerInboundEdgeToEntPropertyExistsRule = DenyIfViewerInboundEdgeToEntPropertyExistsRule;
|
|
494
|
+
/**
|
|
495
|
+
* This is a privacy policy rule that checks if edge exists from viewer's id to ent's id
|
|
496
|
+
* Denies the viewer from seeing the ent if the edge exists
|
|
497
|
+
*/
|
|
498
|
+
class DenyIfEdgeExistsFromViewerToEntPropertyRule extends DenyIfViewerInboundEdgeToEntPropertyExistsRule {
|
|
499
|
+
}
|
|
500
|
+
exports.DenyIfEdgeExistsFromViewerToEntPropertyRule = DenyIfEdgeExistsFromViewerToEntPropertyRule;
|
|
501
|
+
/**
|
|
502
|
+
* @deprecated use DenyIfEdgeExistsFromEntToViewerPropertyRule
|
|
503
|
+
*/
|
|
504
|
+
class DenyIfViewerOutboundEdgeToEntPropertyExistsRule {
|
|
505
|
+
constructor(property, edgeType, options) {
|
|
506
|
+
this.property = property;
|
|
507
|
+
this.edgeType = edgeType;
|
|
508
|
+
this.options = options;
|
|
509
|
+
}
|
|
510
|
+
async apply(v, ent) {
|
|
511
|
+
const result = ent && ent[this.property];
|
|
512
|
+
return denyIfEdgeExistsRule(result, v.viewerID, this.edgeType, v.context, this.options);
|
|
513
|
+
}
|
|
514
|
+
}
|
|
515
|
+
exports.DenyIfViewerOutboundEdgeToEntPropertyExistsRule = DenyIfViewerOutboundEdgeToEntPropertyExistsRule;
|
|
516
|
+
/**
|
|
517
|
+
* This is a privacy policy rule that checks if edge exists from ent's id to viewer's id
|
|
518
|
+
* Denies the viewer from seeing the ent if the edge exists
|
|
519
|
+
*/
|
|
520
|
+
class DenyIfEdgeExistsFromEntPropertyToViewerRule extends DenyIfViewerOutboundEdgeToEntPropertyExistsRule {
|
|
521
|
+
}
|
|
522
|
+
exports.DenyIfEdgeExistsFromEntPropertyToViewerRule = DenyIfEdgeExistsFromEntPropertyToViewerRule;
|
|
380
523
|
class DenyIfEdgeDoesNotExistRule {
|
|
381
524
|
constructor(id1, id2, edgeType, options) {
|
|
382
525
|
this.id1 = id1;
|
|
@@ -409,6 +552,30 @@ class DenyIfViewerOutboundEdgeDoesNotExistRule {
|
|
|
409
552
|
}
|
|
410
553
|
}
|
|
411
554
|
exports.DenyIfViewerOutboundEdgeDoesNotExistRule = DenyIfViewerOutboundEdgeDoesNotExistRule;
|
|
555
|
+
class DenyIfViewerInboundEdgeToEntPropertyDoesNotExistRule {
|
|
556
|
+
constructor(property, edgeType, options) {
|
|
557
|
+
this.property = property;
|
|
558
|
+
this.edgeType = edgeType;
|
|
559
|
+
this.options = options;
|
|
560
|
+
}
|
|
561
|
+
async apply(v, ent) {
|
|
562
|
+
const result = ent && ent[this.property];
|
|
563
|
+
return denyIfEdgeDoesNotExistRule(v.viewerID, result, this.edgeType, v.context, this.options);
|
|
564
|
+
}
|
|
565
|
+
}
|
|
566
|
+
exports.DenyIfViewerInboundEdgeToEntPropertyDoesNotExistRule = DenyIfViewerInboundEdgeToEntPropertyDoesNotExistRule;
|
|
567
|
+
class DenyIfViewerOutboundEdgeToEntPropertyDoesNotExistRule {
|
|
568
|
+
constructor(property, edgeType, options) {
|
|
569
|
+
this.property = property;
|
|
570
|
+
this.edgeType = edgeType;
|
|
571
|
+
this.options = options;
|
|
572
|
+
}
|
|
573
|
+
async apply(v, ent) {
|
|
574
|
+
const result = ent && ent[this.property];
|
|
575
|
+
return denyIfEdgeDoesNotExistRule(result, v.viewerID, this.edgeType, v.context, this.options);
|
|
576
|
+
}
|
|
577
|
+
}
|
|
578
|
+
exports.DenyIfViewerOutboundEdgeToEntPropertyDoesNotExistRule = DenyIfViewerOutboundEdgeToEntPropertyDoesNotExistRule;
|
|
412
579
|
// need a Deny version of this too
|
|
413
580
|
class AllowIfConditionAppliesRule {
|
|
414
581
|
constructor(fn, rule) {
|
package/graphql/node_resolver.js
CHANGED
|
@@ -1,17 +1,19 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.encodeGQLID = exports.mustDecodeNullableIDFromGQLID = exports.mustDecodeIDFromGQLID = exports.nodeIDEncoder = exports.resolveID = exports.clearResolvers = exports.registerResolver = exports.EntNodeResolver = void 0;
|
|
4
|
+
function encodeHelper(nodeType, id) {
|
|
5
|
+
return btoa(`node:${nodeType}:${id}`);
|
|
6
|
+
}
|
|
4
7
|
class EntNodeResolver {
|
|
5
8
|
constructor(loader) {
|
|
6
9
|
this.loader = loader;
|
|
7
10
|
}
|
|
8
11
|
encode(node) {
|
|
9
12
|
// let's do 3 parts. we take the "node" prefix
|
|
10
|
-
|
|
11
|
-
return Buffer.from(str, "ascii").toString("base64");
|
|
13
|
+
return encodeHelper(node.nodeType, node.id);
|
|
12
14
|
}
|
|
13
15
|
static decode(id) {
|
|
14
|
-
const decoded =
|
|
16
|
+
const decoded = atob(id);
|
|
15
17
|
let parts = decoded.split(":");
|
|
16
18
|
if (parts.length != 3) {
|
|
17
19
|
return null;
|
|
@@ -19,7 +21,7 @@ class EntNodeResolver {
|
|
|
19
21
|
return parts[2];
|
|
20
22
|
}
|
|
21
23
|
mustDecode(id) {
|
|
22
|
-
const decoded =
|
|
24
|
+
const decoded = atob(id);
|
|
23
25
|
let parts = decoded.split(":");
|
|
24
26
|
if (parts.length != 3) {
|
|
25
27
|
throw new Error(`invalid id ${id} passed to EntNodeResolver`);
|
|
@@ -27,7 +29,7 @@ class EntNodeResolver {
|
|
|
27
29
|
return [parts[0], parts[1]];
|
|
28
30
|
}
|
|
29
31
|
async decodeObj(viewer, id) {
|
|
30
|
-
const decoded =
|
|
32
|
+
const decoded = atob(id);
|
|
31
33
|
let parts = decoded.split(":");
|
|
32
34
|
if (parts.length != 3 || parts[0] != "node") {
|
|
33
35
|
return null;
|
|
@@ -92,7 +94,6 @@ exports.mustDecodeNullableIDFromGQLID = mustDecodeNullableIDFromGQLID;
|
|
|
92
94
|
// This takes an ent and returns the graphql id
|
|
93
95
|
function encodeGQLID(node) {
|
|
94
96
|
// let's do 3 parts. we take the "node" prefix
|
|
95
|
-
|
|
96
|
-
return Buffer.from(str, "ascii").toString("base64");
|
|
97
|
+
return btoa(`node:${node.nodeType}:${node.id}`);
|
|
97
98
|
}
|
|
98
99
|
exports.encodeGQLID = encodeGQLID;
|
package/package.json
CHANGED
package/schema/field.js
CHANGED
|
@@ -29,10 +29,10 @@ const types_1 = require("util/types");
|
|
|
29
29
|
const uuid_1 = require("uuid");
|
|
30
30
|
const base_1 = require("../core/base");
|
|
31
31
|
const db_1 = __importStar(require("../core/db"));
|
|
32
|
-
const schema_1 = require("./schema");
|
|
33
32
|
const global_schema_1 = require("../core/global_schema");
|
|
34
33
|
const logger_1 = require("../core/logger");
|
|
35
34
|
const names_1 = require("../names/names");
|
|
35
|
+
const schema_1 = require("./schema");
|
|
36
36
|
class BaseField {
|
|
37
37
|
logValue(val) {
|
|
38
38
|
if (this.sensitive) {
|
|
@@ -495,7 +495,7 @@ class DateField extends BaseField {
|
|
|
495
495
|
this.type = { dbType: schema_1.DBType.Date };
|
|
496
496
|
}
|
|
497
497
|
format(val) {
|
|
498
|
-
if (typeof val === "string") {
|
|
498
|
+
if (typeof val === "string" || val === null || val === undefined) {
|
|
499
499
|
return val;
|
|
500
500
|
}
|
|
501
501
|
val = new Date(val);
|
package/schema/schema.d.ts
CHANGED
package/schema/struct_field.js
CHANGED
|
@@ -36,8 +36,7 @@ class StructField extends field_1.BaseField {
|
|
|
36
36
|
throw new Error("valid was not called");
|
|
37
37
|
}
|
|
38
38
|
let ret = {};
|
|
39
|
-
|
|
40
|
-
const field = this.options.fields[k];
|
|
39
|
+
const processField = (k, field) => {
|
|
41
40
|
// check two values
|
|
42
41
|
// store in dbKey format
|
|
43
42
|
// check both fieldName and dbKey and store in dbKey for
|
|
@@ -52,7 +51,7 @@ class StructField extends field_1.BaseField {
|
|
|
52
51
|
val = obj[dbKey];
|
|
53
52
|
}
|
|
54
53
|
if (val === undefined) {
|
|
55
|
-
|
|
54
|
+
return;
|
|
56
55
|
}
|
|
57
56
|
if (field.format) {
|
|
58
57
|
// indicate nested so this isn't JSON stringified
|
|
@@ -61,6 +60,16 @@ class StructField extends field_1.BaseField {
|
|
|
61
60
|
else {
|
|
62
61
|
ret[dbKey] = val;
|
|
63
62
|
}
|
|
63
|
+
};
|
|
64
|
+
for (const k in this.options.fields) {
|
|
65
|
+
const field = this.options.fields[k];
|
|
66
|
+
processField(k, field);
|
|
67
|
+
if (field.getDerivedFields) {
|
|
68
|
+
const derivedFields = field.getDerivedFields(k);
|
|
69
|
+
for (const k in derivedFields) {
|
|
70
|
+
processField(k, derivedFields[k]);
|
|
71
|
+
}
|
|
72
|
+
}
|
|
64
73
|
}
|
|
65
74
|
// don't json.stringify if nested or list
|
|
66
75
|
if (nested) {
|
|
@@ -114,11 +123,7 @@ class StructField extends field_1.BaseField {
|
|
|
114
123
|
return false;
|
|
115
124
|
}
|
|
116
125
|
let promises = [];
|
|
117
|
-
|
|
118
|
-
let valid = true;
|
|
119
|
-
for (const k in this.options.fields) {
|
|
120
|
-
const field = this.options.fields[k];
|
|
121
|
-
let dbKey = (0, schema_1.getStorageKey)(field, k);
|
|
126
|
+
const processField = (k, dbKey, field) => {
|
|
122
127
|
let fieldName = (0, names_1.toFieldName)(k);
|
|
123
128
|
let val = obj[fieldName];
|
|
124
129
|
let uniqueKeyField = false;
|
|
@@ -145,15 +150,34 @@ class StructField extends field_1.BaseField {
|
|
|
145
150
|
if (val === undefined || val === null) {
|
|
146
151
|
// nullable, nothing to do here
|
|
147
152
|
if (field.nullable) {
|
|
148
|
-
|
|
153
|
+
return;
|
|
149
154
|
}
|
|
150
155
|
valid = false;
|
|
151
|
-
|
|
156
|
+
return false;
|
|
152
157
|
}
|
|
153
158
|
if (!field.valid) {
|
|
154
|
-
|
|
159
|
+
return;
|
|
155
160
|
}
|
|
156
161
|
promises.push(field.valid(val));
|
|
162
|
+
};
|
|
163
|
+
// TODO probably need to support optional fields...
|
|
164
|
+
let valid = true;
|
|
165
|
+
for (const k in this.options.fields) {
|
|
166
|
+
const field = this.options.fields[k];
|
|
167
|
+
let dbKey = (0, schema_1.getStorageKey)(field, k);
|
|
168
|
+
if (processField(k, dbKey, field) === false) {
|
|
169
|
+
valid = false;
|
|
170
|
+
}
|
|
171
|
+
if (field.getDerivedFields) {
|
|
172
|
+
const derivedFields = field.getDerivedFields(k);
|
|
173
|
+
for (const k in derivedFields) {
|
|
174
|
+
const derivedField = derivedFields[k];
|
|
175
|
+
let dbKey = (0, schema_1.getStorageKey)(derivedField, k);
|
|
176
|
+
if (processField(k, dbKey, derivedField) === false) {
|
|
177
|
+
valid = false;
|
|
178
|
+
}
|
|
179
|
+
}
|
|
180
|
+
}
|
|
157
181
|
}
|
|
158
182
|
if (!valid) {
|
|
159
183
|
return valid;
|
package/testutils/db/temp_db.js
CHANGED
package/tsc/compilerOptions.d.ts
CHANGED
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
import ts from "typescript";
|
|
2
2
|
export declare function readCompilerOptions(filePath: string): ts.CompilerOptions;
|
|
3
3
|
export declare function getTarget(target?: string): ts.ScriptTarget;
|
|
4
|
+
export declare function getModule(module?: string): ts.ModuleKind;
|
|
4
5
|
export declare function getTargetFromCurrentDir(): ts.ScriptTarget;
|
|
5
6
|
export declare function createSourceFile(target: ts.ScriptTarget, file: string): {
|
|
6
7
|
contents: string;
|
package/tsc/compilerOptions.js
CHANGED
|
@@ -26,7 +26,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
|
26
26
|
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
27
27
|
};
|
|
28
28
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
29
|
-
exports.createSourceFile = exports.getTargetFromCurrentDir = exports.getTarget = exports.readCompilerOptions = void 0;
|
|
29
|
+
exports.createSourceFile = exports.getTargetFromCurrentDir = exports.getModule = exports.getTarget = exports.readCompilerOptions = void 0;
|
|
30
30
|
const fs = __importStar(require("fs"));
|
|
31
31
|
const json5_1 = __importDefault(require("json5"));
|
|
32
32
|
const typescript_1 = __importDefault(require("typescript"));
|
|
@@ -60,6 +60,8 @@ function readCompilerOptions(filePath) {
|
|
|
60
60
|
if (options.moduleResolution === "node") {
|
|
61
61
|
options.moduleResolution = typescript_1.default.ModuleResolutionKind.NodeJs;
|
|
62
62
|
}
|
|
63
|
+
options.target = getTarget(options.target);
|
|
64
|
+
options.module = getModule(options.module);
|
|
63
65
|
return options;
|
|
64
66
|
}
|
|
65
67
|
exports.readCompilerOptions = readCompilerOptions;
|
|
@@ -90,6 +92,35 @@ function getTarget(target) {
|
|
|
90
92
|
}
|
|
91
93
|
}
|
|
92
94
|
exports.getTarget = getTarget;
|
|
95
|
+
function getModule(module) {
|
|
96
|
+
switch (module?.toLowerCase()) {
|
|
97
|
+
case "none":
|
|
98
|
+
return typescript_1.default.ModuleKind.None;
|
|
99
|
+
case "commonjs":
|
|
100
|
+
return typescript_1.default.ModuleKind.CommonJS;
|
|
101
|
+
case "amd":
|
|
102
|
+
return typescript_1.default.ModuleKind.AMD;
|
|
103
|
+
case "umd":
|
|
104
|
+
return typescript_1.default.ModuleKind.UMD;
|
|
105
|
+
case "system":
|
|
106
|
+
return typescript_1.default.ModuleKind.System;
|
|
107
|
+
case "es2015":
|
|
108
|
+
return typescript_1.default.ModuleKind.ES2015;
|
|
109
|
+
case "es2020":
|
|
110
|
+
return typescript_1.default.ModuleKind.ES2020;
|
|
111
|
+
case "es2022":
|
|
112
|
+
return typescript_1.default.ModuleKind.ES2022;
|
|
113
|
+
case "esnext":
|
|
114
|
+
return typescript_1.default.ModuleKind.ESNext;
|
|
115
|
+
case "node16":
|
|
116
|
+
return typescript_1.default.ModuleKind.Node16;
|
|
117
|
+
case "nodenext":
|
|
118
|
+
return typescript_1.default.ModuleKind.NodeNext;
|
|
119
|
+
default:
|
|
120
|
+
return typescript_1.default.ModuleKind.CommonJS;
|
|
121
|
+
}
|
|
122
|
+
}
|
|
123
|
+
exports.getModule = getModule;
|
|
93
124
|
function getTargetFromCurrentDir() {
|
|
94
125
|
const options = readCompilerOptions(".");
|
|
95
126
|
return getTarget(options.target?.toString());
|