@strapi/permissions 0.0.0-next.e1ede8c55a0e1e22ce20137bf238fc374bd5dd51 → 0.0.0-next.e2e3ca14971ee768e1a227a209362264fd0132d4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +18 -3
- package/dist/domain/index.js +8 -0
- package/dist/domain/index.js.map +1 -0
- package/dist/domain/index.mjs +3 -0
- package/dist/domain/index.mjs.map +1 -0
- package/dist/domain/permission/index.js +41 -0
- package/dist/domain/permission/index.js.map +1 -0
- package/dist/domain/permission/index.mjs +36 -0
- package/dist/domain/permission/index.mjs.map +1 -0
- package/dist/engine/abilities/casl-ability.js +87 -0
- package/dist/engine/abilities/casl-ability.js.map +1 -0
- package/dist/engine/abilities/casl-ability.mjs +66 -0
- package/dist/engine/abilities/casl-ability.mjs.map +1 -0
- package/dist/engine/abilities/index.js +8 -0
- package/dist/engine/abilities/index.js.map +1 -0
- package/dist/engine/abilities/index.mjs +2 -0
- package/dist/engine/abilities/index.mjs.map +1 -0
- package/dist/engine/hooks.js +81 -0
- package/dist/engine/hooks.js.map +1 -0
- package/dist/engine/hooks.mjs +76 -0
- package/dist/engine/hooks.mjs.map +1 -0
- package/dist/engine/index.js +141 -0
- package/dist/engine/index.js.map +1 -0
- package/dist/engine/index.mjs +139 -0
- package/dist/engine/index.mjs.map +1 -0
- package/dist/index.js +9 -296
- package/dist/index.js.map +1 -1
- package/dist/index.mjs +4 -274
- package/dist/index.mjs.map +1 -1
- package/package.json +11 -11
package/LICENSE
CHANGED
|
@@ -2,7 +2,21 @@ Copyright (c) 2015-present Strapi Solutions SAS
|
|
|
2
2
|
|
|
3
3
|
Portions of the Strapi software are licensed as follows:
|
|
4
4
|
|
|
5
|
-
* All software that resides under an "ee/" directory (the “EE Software”), if that directory exists, is licensed under the license defined
|
|
5
|
+
* All software that resides under an "ee/" directory (the “EE Software”), if that directory exists, is licensed under the license defined below.
|
|
6
|
+
|
|
7
|
+
Enterprise License
|
|
8
|
+
|
|
9
|
+
If you or the company you represent has entered into a written agreement referencing the Enterprise Edition of the Strapi source code available at
|
|
10
|
+
https://github.com/strapi/strapi, then such agreement applies to your use of the Enterprise Edition of the Strapi Software. If you or the company you
|
|
11
|
+
represent is using the Enterprise Edition of the Strapi Software in connection with a subscription to our cloud offering, then the agreement you have
|
|
12
|
+
agreed to with respect to our cloud offering and the licenses included in such agreement apply to your use of the Enterprise Edition of the Strapi Software.
|
|
13
|
+
Otherwise, the Strapi Enterprise Software License Agreement (found here https://strapi.io/enterprise-terms) applies to your use of the Enterprise Edition of the Strapi Software.
|
|
14
|
+
|
|
15
|
+
BY ACCESSING OR USING THE ENTERPRISE EDITION OF THE STRAPI SOFTWARE, YOU ARE AGREEING TO BE BOUND BY THE RELEVANT REFERENCED AGREEMENT.
|
|
16
|
+
IF YOU ARE NOT AUTHORIZED TO ACCEPT THESE TERMS ON BEHALF OF THE COMPANY YOU REPRESENT OR IF YOU DO NOT AGREE TO ALL OF THE RELEVANT TERMS AND CONDITIONS REFERENCED AND YOU
|
|
17
|
+
HAVE NOT OTHERWISE EXECUTED A WRITTEN AGREEMENT WITH STRAPI, YOU ARE NOT AUTHORIZED TO ACCESS OR USE OR ALLOW ANY USER TO ACCESS OR USE ANY PART OF
|
|
18
|
+
THE ENTERPRISE EDITION OF THE STRAPI SOFTWARE. YOUR ACCESS RIGHTS ARE CONDITIONAL ON YOUR CONSENT TO THE RELEVANT REFERENCED TERMS TO THE EXCLUSION OF ALL OTHER TERMS;
|
|
19
|
+
IF THE RELEVANT REFERENCED TERMS ARE CONSIDERED AN OFFER BY YOU, ACCEPTANCE IS EXPRESSLY LIMITED TO THE RELEVANT REFERENCED TERMS.
|
|
6
20
|
|
|
7
21
|
* All software outside of the above-mentioned directories or restrictions above is available under the "MIT Expat" license as set forth below.
|
|
8
22
|
|
|
@@ -18,5 +32,6 @@ furnished to do so, subject to the following conditions:
|
|
|
18
32
|
The above copyright notice and this permission notice shall be included in all
|
|
19
33
|
copies or substantial portions of the Software.
|
|
20
34
|
|
|
21
|
-
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
22
|
-
|
|
35
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
36
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
|
|
37
|
+
WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sources":[],"sourcesContent":[],"names":[],"mappings":";;;;;;"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.mjs","sources":[],"sourcesContent":[],"names":[],"mappings":";"}
|
|
@@ -0,0 +1,41 @@
|
|
|
1
|
+
'use strict';
|
|
2
|
+
|
|
3
|
+
var _ = require('lodash/fp');
|
|
4
|
+
|
|
5
|
+
const PERMISSION_FIELDS = [
|
|
6
|
+
'action',
|
|
7
|
+
'subject',
|
|
8
|
+
'properties',
|
|
9
|
+
'conditions'
|
|
10
|
+
];
|
|
11
|
+
const sanitizePermissionFields = _.pick(PERMISSION_FIELDS);
|
|
12
|
+
/**
|
|
13
|
+
* Creates a permission with default values for optional properties
|
|
14
|
+
*/ const getDefaultPermission = ()=>({
|
|
15
|
+
conditions: [],
|
|
16
|
+
properties: {},
|
|
17
|
+
subject: null
|
|
18
|
+
});
|
|
19
|
+
/**
|
|
20
|
+
* Create a new permission based on given attributes
|
|
21
|
+
*
|
|
22
|
+
* @param {object} attributes
|
|
23
|
+
*/ const create = _.pipe(_.pick(PERMISSION_FIELDS), _.merge(getDefaultPermission()));
|
|
24
|
+
/**
|
|
25
|
+
* Add a condition to a permission
|
|
26
|
+
*/ const addCondition = _.curry((condition, permission)=>{
|
|
27
|
+
const { conditions } = permission;
|
|
28
|
+
const newConditions = Array.isArray(conditions) ? _.uniq(conditions.concat(condition)) : [
|
|
29
|
+
condition
|
|
30
|
+
];
|
|
31
|
+
return _.set('conditions', newConditions, permission);
|
|
32
|
+
});
|
|
33
|
+
/**
|
|
34
|
+
* Gets a property or a part of a property from a permission.
|
|
35
|
+
*/ const getProperty = _.curry((property, permission)=>_.get(`properties.${property}`, permission));
|
|
36
|
+
|
|
37
|
+
exports.addCondition = addCondition;
|
|
38
|
+
exports.create = create;
|
|
39
|
+
exports.getProperty = getProperty;
|
|
40
|
+
exports.sanitizePermissionFields = sanitizePermissionFields;
|
|
41
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sources":["../../../src/domain/permission/index.ts"],"sourcesContent":["import _ from 'lodash/fp';\n\nconst PERMISSION_FIELDS = ['action', 'subject', 'properties', 'conditions'] as const;\n\nconst sanitizePermissionFields = _.pick(PERMISSION_FIELDS);\n\nexport interface Permission {\n action: string;\n actionParameters?: Record<string, unknown>;\n subject?: string | object | null;\n properties?: Record<string, any>;\n conditions?: string[];\n}\n\n/**\n * Creates a permission with default values for optional properties\n */\nconst getDefaultPermission = (): Pick<Permission, 'conditions' | 'properties' | 'subject'> => ({\n conditions: [],\n properties: {},\n subject: null,\n});\n\n/**\n * Create a new permission based on given attributes\n *\n * @param {object} attributes\n */\nconst create = _.pipe(_.pick(PERMISSION_FIELDS), _.merge(getDefaultPermission()));\n\n/**\n * Add a condition to a permission\n */\nconst addCondition = _.curry((condition: string, permission: Permission): Permission => {\n const { conditions } = permission;\n\n const newConditions = Array.isArray(conditions)\n ? _.uniq(conditions.concat(condition))\n : [condition];\n\n return _.set('conditions', newConditions, permission);\n});\n\n/**\n * Gets a property or a part of a property from a permission.\n */\nconst getProperty = _.curry(\n <T extends keyof Permission['properties']>(\n property: T,\n permission: Permission\n ): Permission['properties'][T] => _.get(`properties.${property}`, permission)\n);\n\nexport { create, sanitizePermissionFields, addCondition, getProperty };\n"],"names":["PERMISSION_FIELDS","sanitizePermissionFields","_","pick","getDefaultPermission","conditions","properties","subject","create","pipe","merge","addCondition","curry","condition","permission","newConditions","Array","isArray","uniq","concat","set","getProperty","property","get"],"mappings":";;;;AAEA,MAAMA,iBAAoB,GAAA;AAAC,IAAA,QAAA;AAAU,IAAA,SAAA;AAAW,IAAA,YAAA;AAAc,IAAA;AAAa,CAAA;AAErEC,MAAAA,wBAAAA,GAA2BC,CAAEC,CAAAA,IAAI,CAACH,iBAAAA;AAUxC;;IAGA,MAAMI,oBAAuB,GAAA,KAAkE;AAC7FC,QAAAA,UAAAA,EAAY,EAAE;AACdC,QAAAA,UAAAA,EAAY,EAAC;QACbC,OAAS,EAAA;KACX,CAAA;AAEA;;;;IAKA,MAAMC,MAASN,GAAAA,CAAAA,CAAEO,IAAI,CAACP,CAAEC,CAAAA,IAAI,CAACH,iBAAAA,CAAAA,EAAoBE,CAAEQ,CAAAA,KAAK,CAACN,oBAAAA,EAAAA,CAAAA;AAEzD;;AAEC,UACKO,YAAeT,GAAAA,CAAAA,CAAEU,KAAK,CAAC,CAACC,SAAmBC,EAAAA,UAAAA,GAAAA;IAC/C,MAAM,EAAET,UAAU,EAAE,GAAGS,UAAAA;IAEvB,MAAMC,aAAAA,GAAgBC,KAAMC,CAAAA,OAAO,CAACZ,UAAAA,CAAAA,GAChCH,CAAEgB,CAAAA,IAAI,CAACb,UAAAA,CAAWc,MAAM,CAACN,SACzB,CAAA,CAAA,GAAA;AAACA,QAAAA;AAAU,KAAA;AAEf,IAAA,OAAOX,CAAEkB,CAAAA,GAAG,CAAC,YAAA,EAAcL,aAAeD,EAAAA,UAAAA,CAAAA;AAC5C,CAAA;AAEA;;AAEC,IACKO,MAAAA,WAAAA,GAAcnB,CAAEU,CAAAA,KAAK,CACzB,CACEU,QAAAA,EACAR,UACgCZ,GAAAA,CAAAA,CAAEqB,GAAG,CAAC,CAAC,WAAW,EAAED,UAAU,EAAER,UAAAA,CAAAA;;;;;;;"}
|
|
@@ -0,0 +1,36 @@
|
|
|
1
|
+
import _ from 'lodash/fp';
|
|
2
|
+
|
|
3
|
+
const PERMISSION_FIELDS = [
|
|
4
|
+
'action',
|
|
5
|
+
'subject',
|
|
6
|
+
'properties',
|
|
7
|
+
'conditions'
|
|
8
|
+
];
|
|
9
|
+
const sanitizePermissionFields = _.pick(PERMISSION_FIELDS);
|
|
10
|
+
/**
|
|
11
|
+
* Creates a permission with default values for optional properties
|
|
12
|
+
*/ const getDefaultPermission = ()=>({
|
|
13
|
+
conditions: [],
|
|
14
|
+
properties: {},
|
|
15
|
+
subject: null
|
|
16
|
+
});
|
|
17
|
+
/**
|
|
18
|
+
* Create a new permission based on given attributes
|
|
19
|
+
*
|
|
20
|
+
* @param {object} attributes
|
|
21
|
+
*/ const create = _.pipe(_.pick(PERMISSION_FIELDS), _.merge(getDefaultPermission()));
|
|
22
|
+
/**
|
|
23
|
+
* Add a condition to a permission
|
|
24
|
+
*/ const addCondition = _.curry((condition, permission)=>{
|
|
25
|
+
const { conditions } = permission;
|
|
26
|
+
const newConditions = Array.isArray(conditions) ? _.uniq(conditions.concat(condition)) : [
|
|
27
|
+
condition
|
|
28
|
+
];
|
|
29
|
+
return _.set('conditions', newConditions, permission);
|
|
30
|
+
});
|
|
31
|
+
/**
|
|
32
|
+
* Gets a property or a part of a property from a permission.
|
|
33
|
+
*/ const getProperty = _.curry((property, permission)=>_.get(`properties.${property}`, permission));
|
|
34
|
+
|
|
35
|
+
export { addCondition, create, getProperty, sanitizePermissionFields };
|
|
36
|
+
//# sourceMappingURL=index.mjs.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.mjs","sources":["../../../src/domain/permission/index.ts"],"sourcesContent":["import _ from 'lodash/fp';\n\nconst PERMISSION_FIELDS = ['action', 'subject', 'properties', 'conditions'] as const;\n\nconst sanitizePermissionFields = _.pick(PERMISSION_FIELDS);\n\nexport interface Permission {\n action: string;\n actionParameters?: Record<string, unknown>;\n subject?: string | object | null;\n properties?: Record<string, any>;\n conditions?: string[];\n}\n\n/**\n * Creates a permission with default values for optional properties\n */\nconst getDefaultPermission = (): Pick<Permission, 'conditions' | 'properties' | 'subject'> => ({\n conditions: [],\n properties: {},\n subject: null,\n});\n\n/**\n * Create a new permission based on given attributes\n *\n * @param {object} attributes\n */\nconst create = _.pipe(_.pick(PERMISSION_FIELDS), _.merge(getDefaultPermission()));\n\n/**\n * Add a condition to a permission\n */\nconst addCondition = _.curry((condition: string, permission: Permission): Permission => {\n const { conditions } = permission;\n\n const newConditions = Array.isArray(conditions)\n ? _.uniq(conditions.concat(condition))\n : [condition];\n\n return _.set('conditions', newConditions, permission);\n});\n\n/**\n * Gets a property or a part of a property from a permission.\n */\nconst getProperty = _.curry(\n <T extends keyof Permission['properties']>(\n property: T,\n permission: Permission\n ): Permission['properties'][T] => _.get(`properties.${property}`, permission)\n);\n\nexport { create, sanitizePermissionFields, addCondition, getProperty };\n"],"names":["PERMISSION_FIELDS","sanitizePermissionFields","_","pick","getDefaultPermission","conditions","properties","subject","create","pipe","merge","addCondition","curry","condition","permission","newConditions","Array","isArray","uniq","concat","set","getProperty","property","get"],"mappings":";;AAEA,MAAMA,iBAAoB,GAAA;AAAC,IAAA,QAAA;AAAU,IAAA,SAAA;AAAW,IAAA,YAAA;AAAc,IAAA;AAAa,CAAA;AAErEC,MAAAA,wBAAAA,GAA2BC,CAAEC,CAAAA,IAAI,CAACH,iBAAAA;AAUxC;;IAGA,MAAMI,oBAAuB,GAAA,KAAkE;AAC7FC,QAAAA,UAAAA,EAAY,EAAE;AACdC,QAAAA,UAAAA,EAAY,EAAC;QACbC,OAAS,EAAA;KACX,CAAA;AAEA;;;;IAKA,MAAMC,MAASN,GAAAA,CAAAA,CAAEO,IAAI,CAACP,CAAEC,CAAAA,IAAI,CAACH,iBAAAA,CAAAA,EAAoBE,CAAEQ,CAAAA,KAAK,CAACN,oBAAAA,EAAAA,CAAAA;AAEzD;;AAEC,UACKO,YAAeT,GAAAA,CAAAA,CAAEU,KAAK,CAAC,CAACC,SAAmBC,EAAAA,UAAAA,GAAAA;IAC/C,MAAM,EAAET,UAAU,EAAE,GAAGS,UAAAA;IAEvB,MAAMC,aAAAA,GAAgBC,KAAMC,CAAAA,OAAO,CAACZ,UAAAA,CAAAA,GAChCH,CAAEgB,CAAAA,IAAI,CAACb,UAAAA,CAAWc,MAAM,CAACN,SACzB,CAAA,CAAA,GAAA;AAACA,QAAAA;AAAU,KAAA;AAEf,IAAA,OAAOX,CAAEkB,CAAAA,GAAG,CAAC,YAAA,EAAcL,aAAeD,EAAAA,UAAAA,CAAAA;AAC5C,CAAA;AAEA;;AAEC,IACKO,MAAAA,WAAAA,GAAcnB,CAAEU,CAAAA,KAAK,CACzB,CACEU,QAAAA,EACAR,UACgCZ,GAAAA,CAAAA,CAAEqB,GAAG,CAAC,CAAC,WAAW,EAAED,UAAU,EAAER,UAAAA,CAAAA;;;;"}
|
|
@@ -0,0 +1,87 @@
|
|
|
1
|
+
'use strict';
|
|
2
|
+
|
|
3
|
+
var sift = require('sift');
|
|
4
|
+
var qs = require('qs');
|
|
5
|
+
var ability = require('@casl/ability');
|
|
6
|
+
var _ = require('lodash/fp');
|
|
7
|
+
|
|
8
|
+
function _interopNamespaceDefault(e) {
|
|
9
|
+
var n = Object.create(null);
|
|
10
|
+
if (e) {
|
|
11
|
+
Object.keys(e).forEach(function (k) {
|
|
12
|
+
if (k !== 'default') {
|
|
13
|
+
var d = Object.getOwnPropertyDescriptor(e, k);
|
|
14
|
+
Object.defineProperty(n, k, d.get ? d : {
|
|
15
|
+
enumerable: true,
|
|
16
|
+
get: function () { return e[k]; }
|
|
17
|
+
});
|
|
18
|
+
}
|
|
19
|
+
});
|
|
20
|
+
}
|
|
21
|
+
n.default = e;
|
|
22
|
+
return Object.freeze(n);
|
|
23
|
+
}
|
|
24
|
+
|
|
25
|
+
var sift__namespace = /*#__PURE__*/_interopNamespaceDefault(sift);
|
|
26
|
+
|
|
27
|
+
const allowedOperations = [
|
|
28
|
+
'$or',
|
|
29
|
+
'$and',
|
|
30
|
+
'$eq',
|
|
31
|
+
'$ne',
|
|
32
|
+
'$in',
|
|
33
|
+
'$nin',
|
|
34
|
+
'$lt',
|
|
35
|
+
'$lte',
|
|
36
|
+
'$gt',
|
|
37
|
+
'$gte',
|
|
38
|
+
'$exists',
|
|
39
|
+
'$elemMatch'
|
|
40
|
+
];
|
|
41
|
+
const operations = _.pick(allowedOperations, sift__namespace);
|
|
42
|
+
const conditionsMatcher = (conditions)=>{
|
|
43
|
+
return sift__namespace.createQueryTester(conditions, {
|
|
44
|
+
operations
|
|
45
|
+
});
|
|
46
|
+
};
|
|
47
|
+
const buildParametrizedAction = ({ name, params })=>{
|
|
48
|
+
return `${name}?${qs.stringify(params)}`;
|
|
49
|
+
};
|
|
50
|
+
/**
|
|
51
|
+
* Casl Ability Builder.
|
|
52
|
+
*/ const caslAbilityBuilder = ()=>{
|
|
53
|
+
const { can, build, ...rest } = new ability.AbilityBuilder(ability.Ability);
|
|
54
|
+
return {
|
|
55
|
+
can (permission) {
|
|
56
|
+
const { action, subject, properties = {}, condition } = permission;
|
|
57
|
+
const { fields } = properties;
|
|
58
|
+
const caslAction = typeof action === 'string' ? action : buildParametrizedAction(action);
|
|
59
|
+
return can(caslAction, _.isNil(subject) ? 'all' : subject, fields, _.isObject(condition) ? condition : undefined);
|
|
60
|
+
},
|
|
61
|
+
buildParametrizedAction ({ name, params }) {
|
|
62
|
+
return `${name}?${qs.stringify(params)}`;
|
|
63
|
+
},
|
|
64
|
+
build () {
|
|
65
|
+
const ability = build({
|
|
66
|
+
conditionsMatcher
|
|
67
|
+
});
|
|
68
|
+
function decorateCan(originalCan) {
|
|
69
|
+
return function(...args) {
|
|
70
|
+
const [action, ...rest] = args;
|
|
71
|
+
const caslAction = typeof action === 'string' ? action : buildParametrizedAction(action);
|
|
72
|
+
// Call the original `can` method
|
|
73
|
+
return originalCan.apply(ability, [
|
|
74
|
+
caslAction,
|
|
75
|
+
...rest
|
|
76
|
+
]);
|
|
77
|
+
};
|
|
78
|
+
}
|
|
79
|
+
ability.can = decorateCan(ability.can);
|
|
80
|
+
return ability;
|
|
81
|
+
},
|
|
82
|
+
...rest
|
|
83
|
+
};
|
|
84
|
+
};
|
|
85
|
+
|
|
86
|
+
exports.caslAbilityBuilder = caslAbilityBuilder;
|
|
87
|
+
//# sourceMappingURL=casl-ability.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"casl-ability.js","sources":["../../../src/engine/abilities/casl-ability.ts"],"sourcesContent":["import * as sift from 'sift';\nimport qs from 'qs';\nimport { AbilityBuilder, Ability } from '@casl/ability';\nimport { pick, isNil, isObject } from 'lodash/fp';\nimport type { ParametrizedAction, PermissionRule } from '../../types';\n\nexport interface CustomAbilityBuilder {\n can(permission: PermissionRule): ReturnType<AbilityBuilder<Ability>['can']>;\n buildParametrizedAction: (parametrizedAction: ParametrizedAction) => string;\n build(): Ability;\n}\n\nconst allowedOperations = [\n '$or',\n '$and',\n '$eq',\n '$ne',\n '$in',\n '$nin',\n '$lt',\n '$lte',\n '$gt',\n '$gte',\n '$exists',\n '$elemMatch',\n] as const;\n\nconst operations = pick(allowedOperations, sift);\n\nconst conditionsMatcher = (conditions: unknown) => {\n return sift.createQueryTester(conditions, { operations });\n};\n\nconst buildParametrizedAction = ({ name, params }: ParametrizedAction) => {\n return `${name}?${qs.stringify(params)}`;\n};\n\n/**\n * Casl Ability Builder.\n */\nexport const caslAbilityBuilder = (): CustomAbilityBuilder => {\n const { can, build, ...rest } = new AbilityBuilder(Ability);\n\n return {\n can(permission: PermissionRule) {\n const { action, subject, properties = {}, condition } = permission;\n const { fields } = properties;\n\n const caslAction = typeof action === 'string' ? action : buildParametrizedAction(action);\n\n return can(\n caslAction,\n isNil(subject) ? 'all' : subject,\n fields,\n isObject(condition) ? condition : undefined\n );\n },\n\n buildParametrizedAction({ name, params }: ParametrizedAction) {\n return `${name}?${qs.stringify(params)}`;\n },\n\n build() {\n const ability = build({ conditionsMatcher });\n\n function decorateCan(originalCan: Ability['can']) {\n return function (...args: Parameters<Ability['can']>) {\n const [action, ...rest] = args;\n const caslAction = typeof action === 'string' ? action : buildParametrizedAction(action);\n\n // Call the original `can` method\n return originalCan.apply(ability, [caslAction, ...rest]);\n };\n }\n\n ability.can = decorateCan(ability.can);\n return ability;\n },\n\n ...rest,\n };\n};\n"],"names":["allowedOperations","operations","pick","sift","conditionsMatcher","conditions","createQueryTester","buildParametrizedAction","name","params","qs","stringify","caslAbilityBuilder","can","build","rest","AbilityBuilder","Ability","permission","action","subject","properties","condition","fields","caslAction","isNil","isObject","undefined","ability","decorateCan","originalCan","args","apply"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAYA,MAAMA,iBAAoB,GAAA;AACxB,IAAA,KAAA;AACA,IAAA,MAAA;AACA,IAAA,KAAA;AACA,IAAA,KAAA;AACA,IAAA,KAAA;AACA,IAAA,MAAA;AACA,IAAA,KAAA;AACA,IAAA,MAAA;AACA,IAAA,KAAA;AACA,IAAA,MAAA;AACA,IAAA,SAAA;AACA,IAAA;AACD,CAAA;AAED,MAAMC,UAAAA,GAAaC,OAAKF,iBAAmBG,EAAAA,eAAAA,CAAAA;AAE3C,MAAMC,oBAAoB,CAACC,UAAAA,GAAAA;IACzB,OAAOF,eAAAA,CAAKG,iBAAiB,CAACD,UAAY,EAAA;AAAEJ,QAAAA;AAAW,KAAA,CAAA;AACzD,CAAA;AAEA,MAAMM,0BAA0B,CAAC,EAAEC,IAAI,EAAEC,MAAM,EAAsB,GAAA;AACnE,IAAA,OAAO,GAAGD,IAAK,CAAA,CAAC,EAAEE,EAAGC,CAAAA,SAAS,CAACF,MAAS,CAAA,CAAA,CAAA;AAC1C,CAAA;AAEA;;UAGaG,kBAAqB,GAAA,IAAA;IAChC,MAAM,EAAEC,GAAG,EAAEC,KAAK,EAAE,GAAGC,IAAAA,EAAM,GAAG,IAAIC,sBAAeC,CAAAA,eAAAA,CAAAA;IAEnD,OAAO;AACLJ,QAAAA,GAAAA,CAAAA,CAAIK,UAA0B,EAAA;YAC5B,MAAM,EAAEC,MAAM,EAAEC,OAAO,EAAEC,UAAa,GAAA,EAAE,EAAEC,SAAS,EAAE,GAAGJ,UAAAA;YACxD,MAAM,EAAEK,MAAM,EAAE,GAAGF,UAAAA;AAEnB,YAAA,MAAMG,UAAa,GAAA,OAAOL,MAAW,KAAA,QAAA,GAAWA,SAASZ,uBAAwBY,CAAAA,MAAAA,CAAAA;YAEjF,OAAON,GAAAA,CACLW,YACAC,OAAML,CAAAA,OAAAA,CAAAA,GAAW,QAAQA,OACzBG,EAAAA,MAAAA,EACAG,UAASJ,CAAAA,SAAAA,CAAAA,GAAaA,SAAYK,GAAAA,SAAAA,CAAAA;AAEtC,SAAA;AAEApB,QAAAA,uBAAAA,CAAAA,CAAwB,EAAEC,IAAI,EAAEC,MAAM,EAAsB,EAAA;AAC1D,YAAA,OAAO,GAAGD,IAAK,CAAA,CAAC,EAAEE,EAAGC,CAAAA,SAAS,CAACF,MAAS,CAAA,CAAA,CAAA;AAC1C,SAAA;AAEAK,QAAAA,KAAAA,CAAAA,GAAAA;AACE,YAAA,MAAMc,UAAUd,KAAM,CAAA;AAAEV,gBAAAA;AAAkB,aAAA,CAAA;AAE1C,YAAA,SAASyB,YAAYC,WAA2B,EAAA;gBAC9C,OAAO,SAAU,GAAGC,IAAgC,EAAA;AAClD,oBAAA,MAAM,CAACZ,MAAAA,EAAQ,GAAGJ,IAAAA,CAAK,GAAGgB,IAAAA;AAC1B,oBAAA,MAAMP,UAAa,GAAA,OAAOL,MAAW,KAAA,QAAA,GAAWA,SAASZ,uBAAwBY,CAAAA,MAAAA,CAAAA;;oBAGjF,OAAOW,WAAAA,CAAYE,KAAK,CAACJ,OAAS,EAAA;AAACJ,wBAAAA,UAAAA;AAAeT,wBAAAA,GAAAA;AAAK,qBAAA,CAAA;AACzD,iBAAA;AACF;AAEAa,YAAAA,OAAAA,CAAQf,GAAG,GAAGgB,WAAYD,CAAAA,OAAAA,CAAQf,GAAG,CAAA;YACrC,OAAOe,OAAAA;AACT,SAAA;AAEA,QAAA,GAAGb;AACL,KAAA;AACF;;;;"}
|
|
@@ -0,0 +1,66 @@
|
|
|
1
|
+
import * as sift from 'sift';
|
|
2
|
+
import qs from 'qs';
|
|
3
|
+
import { AbilityBuilder, Ability } from '@casl/ability';
|
|
4
|
+
import { pick, isNil, isObject } from 'lodash/fp';
|
|
5
|
+
|
|
6
|
+
const allowedOperations = [
|
|
7
|
+
'$or',
|
|
8
|
+
'$and',
|
|
9
|
+
'$eq',
|
|
10
|
+
'$ne',
|
|
11
|
+
'$in',
|
|
12
|
+
'$nin',
|
|
13
|
+
'$lt',
|
|
14
|
+
'$lte',
|
|
15
|
+
'$gt',
|
|
16
|
+
'$gte',
|
|
17
|
+
'$exists',
|
|
18
|
+
'$elemMatch'
|
|
19
|
+
];
|
|
20
|
+
const operations = pick(allowedOperations, sift);
|
|
21
|
+
const conditionsMatcher = (conditions)=>{
|
|
22
|
+
return sift.createQueryTester(conditions, {
|
|
23
|
+
operations
|
|
24
|
+
});
|
|
25
|
+
};
|
|
26
|
+
const buildParametrizedAction = ({ name, params })=>{
|
|
27
|
+
return `${name}?${qs.stringify(params)}`;
|
|
28
|
+
};
|
|
29
|
+
/**
|
|
30
|
+
* Casl Ability Builder.
|
|
31
|
+
*/ const caslAbilityBuilder = ()=>{
|
|
32
|
+
const { can, build, ...rest } = new AbilityBuilder(Ability);
|
|
33
|
+
return {
|
|
34
|
+
can (permission) {
|
|
35
|
+
const { action, subject, properties = {}, condition } = permission;
|
|
36
|
+
const { fields } = properties;
|
|
37
|
+
const caslAction = typeof action === 'string' ? action : buildParametrizedAction(action);
|
|
38
|
+
return can(caslAction, isNil(subject) ? 'all' : subject, fields, isObject(condition) ? condition : undefined);
|
|
39
|
+
},
|
|
40
|
+
buildParametrizedAction ({ name, params }) {
|
|
41
|
+
return `${name}?${qs.stringify(params)}`;
|
|
42
|
+
},
|
|
43
|
+
build () {
|
|
44
|
+
const ability = build({
|
|
45
|
+
conditionsMatcher
|
|
46
|
+
});
|
|
47
|
+
function decorateCan(originalCan) {
|
|
48
|
+
return function(...args) {
|
|
49
|
+
const [action, ...rest] = args;
|
|
50
|
+
const caslAction = typeof action === 'string' ? action : buildParametrizedAction(action);
|
|
51
|
+
// Call the original `can` method
|
|
52
|
+
return originalCan.apply(ability, [
|
|
53
|
+
caslAction,
|
|
54
|
+
...rest
|
|
55
|
+
]);
|
|
56
|
+
};
|
|
57
|
+
}
|
|
58
|
+
ability.can = decorateCan(ability.can);
|
|
59
|
+
return ability;
|
|
60
|
+
},
|
|
61
|
+
...rest
|
|
62
|
+
};
|
|
63
|
+
};
|
|
64
|
+
|
|
65
|
+
export { caslAbilityBuilder };
|
|
66
|
+
//# sourceMappingURL=casl-ability.mjs.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"casl-ability.mjs","sources":["../../../src/engine/abilities/casl-ability.ts"],"sourcesContent":["import * as sift from 'sift';\nimport qs from 'qs';\nimport { AbilityBuilder, Ability } from '@casl/ability';\nimport { pick, isNil, isObject } from 'lodash/fp';\nimport type { ParametrizedAction, PermissionRule } from '../../types';\n\nexport interface CustomAbilityBuilder {\n can(permission: PermissionRule): ReturnType<AbilityBuilder<Ability>['can']>;\n buildParametrizedAction: (parametrizedAction: ParametrizedAction) => string;\n build(): Ability;\n}\n\nconst allowedOperations = [\n '$or',\n '$and',\n '$eq',\n '$ne',\n '$in',\n '$nin',\n '$lt',\n '$lte',\n '$gt',\n '$gte',\n '$exists',\n '$elemMatch',\n] as const;\n\nconst operations = pick(allowedOperations, sift);\n\nconst conditionsMatcher = (conditions: unknown) => {\n return sift.createQueryTester(conditions, { operations });\n};\n\nconst buildParametrizedAction = ({ name, params }: ParametrizedAction) => {\n return `${name}?${qs.stringify(params)}`;\n};\n\n/**\n * Casl Ability Builder.\n */\nexport const caslAbilityBuilder = (): CustomAbilityBuilder => {\n const { can, build, ...rest } = new AbilityBuilder(Ability);\n\n return {\n can(permission: PermissionRule) {\n const { action, subject, properties = {}, condition } = permission;\n const { fields } = properties;\n\n const caslAction = typeof action === 'string' ? action : buildParametrizedAction(action);\n\n return can(\n caslAction,\n isNil(subject) ? 'all' : subject,\n fields,\n isObject(condition) ? condition : undefined\n );\n },\n\n buildParametrizedAction({ name, params }: ParametrizedAction) {\n return `${name}?${qs.stringify(params)}`;\n },\n\n build() {\n const ability = build({ conditionsMatcher });\n\n function decorateCan(originalCan: Ability['can']) {\n return function (...args: Parameters<Ability['can']>) {\n const [action, ...rest] = args;\n const caslAction = typeof action === 'string' ? action : buildParametrizedAction(action);\n\n // Call the original `can` method\n return originalCan.apply(ability, [caslAction, ...rest]);\n };\n }\n\n ability.can = decorateCan(ability.can);\n return ability;\n },\n\n ...rest,\n };\n};\n"],"names":["allowedOperations","operations","pick","sift","conditionsMatcher","conditions","createQueryTester","buildParametrizedAction","name","params","qs","stringify","caslAbilityBuilder","can","build","rest","AbilityBuilder","Ability","permission","action","subject","properties","condition","fields","caslAction","isNil","isObject","undefined","ability","decorateCan","originalCan","args","apply"],"mappings":";;;;;AAYA,MAAMA,iBAAoB,GAAA;AACxB,IAAA,KAAA;AACA,IAAA,MAAA;AACA,IAAA,KAAA;AACA,IAAA,KAAA;AACA,IAAA,KAAA;AACA,IAAA,MAAA;AACA,IAAA,KAAA;AACA,IAAA,MAAA;AACA,IAAA,KAAA;AACA,IAAA,MAAA;AACA,IAAA,SAAA;AACA,IAAA;AACD,CAAA;AAED,MAAMC,UAAAA,GAAaC,KAAKF,iBAAmBG,EAAAA,IAAAA,CAAAA;AAE3C,MAAMC,oBAAoB,CAACC,UAAAA,GAAAA;IACzB,OAAOF,IAAAA,CAAKG,iBAAiB,CAACD,UAAY,EAAA;AAAEJ,QAAAA;AAAW,KAAA,CAAA;AACzD,CAAA;AAEA,MAAMM,0BAA0B,CAAC,EAAEC,IAAI,EAAEC,MAAM,EAAsB,GAAA;AACnE,IAAA,OAAO,GAAGD,IAAK,CAAA,CAAC,EAAEE,EAAGC,CAAAA,SAAS,CAACF,MAAS,CAAA,CAAA,CAAA;AAC1C,CAAA;AAEA;;UAGaG,kBAAqB,GAAA,IAAA;IAChC,MAAM,EAAEC,GAAG,EAAEC,KAAK,EAAE,GAAGC,IAAAA,EAAM,GAAG,IAAIC,cAAeC,CAAAA,OAAAA,CAAAA;IAEnD,OAAO;AACLJ,QAAAA,GAAAA,CAAAA,CAAIK,UAA0B,EAAA;YAC5B,MAAM,EAAEC,MAAM,EAAEC,OAAO,EAAEC,UAAa,GAAA,EAAE,EAAEC,SAAS,EAAE,GAAGJ,UAAAA;YACxD,MAAM,EAAEK,MAAM,EAAE,GAAGF,UAAAA;AAEnB,YAAA,MAAMG,UAAa,GAAA,OAAOL,MAAW,KAAA,QAAA,GAAWA,SAASZ,uBAAwBY,CAAAA,MAAAA,CAAAA;YAEjF,OAAON,GAAAA,CACLW,YACAC,KAAML,CAAAA,OAAAA,CAAAA,GAAW,QAAQA,OACzBG,EAAAA,MAAAA,EACAG,QAASJ,CAAAA,SAAAA,CAAAA,GAAaA,SAAYK,GAAAA,SAAAA,CAAAA;AAEtC,SAAA;AAEApB,QAAAA,uBAAAA,CAAAA,CAAwB,EAAEC,IAAI,EAAEC,MAAM,EAAsB,EAAA;AAC1D,YAAA,OAAO,GAAGD,IAAK,CAAA,CAAC,EAAEE,EAAGC,CAAAA,SAAS,CAACF,MAAS,CAAA,CAAA,CAAA;AAC1C,SAAA;AAEAK,QAAAA,KAAAA,CAAAA,GAAAA;AACE,YAAA,MAAMc,UAAUd,KAAM,CAAA;AAAEV,gBAAAA;AAAkB,aAAA,CAAA;AAE1C,YAAA,SAASyB,YAAYC,WAA2B,EAAA;gBAC9C,OAAO,SAAU,GAAGC,IAAgC,EAAA;AAClD,oBAAA,MAAM,CAACZ,MAAAA,EAAQ,GAAGJ,IAAAA,CAAK,GAAGgB,IAAAA;AAC1B,oBAAA,MAAMP,UAAa,GAAA,OAAOL,MAAW,KAAA,QAAA,GAAWA,SAASZ,uBAAwBY,CAAAA,MAAAA,CAAAA;;oBAGjF,OAAOW,WAAAA,CAAYE,KAAK,CAACJ,OAAS,EAAA;AAACJ,wBAAAA,UAAAA;AAAeT,wBAAAA,GAAAA;AAAK,qBAAA,CAAA;AACzD,iBAAA;AACF;AAEAa,YAAAA,OAAAA,CAAQf,GAAG,GAAGgB,WAAYD,CAAAA,OAAAA,CAAQf,GAAG,CAAA;YACrC,OAAOe,OAAAA;AACT,SAAA;AAEA,QAAA,GAAGb;AACL,KAAA;AACF;;;;"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sources":[],"sourcesContent":[],"names":[],"mappings":";;;;;;"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.mjs","sources":[],"sourcesContent":[],"names":[],"mappings":""}
|
|
@@ -0,0 +1,81 @@
|
|
|
1
|
+
'use strict';
|
|
2
|
+
|
|
3
|
+
var _ = require('lodash/fp');
|
|
4
|
+
var utils = require('@strapi/utils');
|
|
5
|
+
var index = require('../domain/permission/index.js');
|
|
6
|
+
|
|
7
|
+
/**
|
|
8
|
+
* Create a hook map used by the permission Engine
|
|
9
|
+
*/ const createEngineHooks = ()=>({
|
|
10
|
+
'before-format::validate.permission': utils.hooks.createAsyncBailHook(),
|
|
11
|
+
'format.permission': utils.hooks.createAsyncSeriesWaterfallHook(),
|
|
12
|
+
'after-format::validate.permission': utils.hooks.createAsyncBailHook(),
|
|
13
|
+
'before-evaluate.permission': utils.hooks.createAsyncSeriesHook(),
|
|
14
|
+
'before-register.permission': utils.hooks.createAsyncSeriesHook()
|
|
15
|
+
});
|
|
16
|
+
/**
|
|
17
|
+
* Create a context from a domain {@link Permission} used by the validate hooks
|
|
18
|
+
*/ const createValidateContext = (permission)=>({
|
|
19
|
+
get permission () {
|
|
20
|
+
return _.cloneDeep(permission);
|
|
21
|
+
}
|
|
22
|
+
});
|
|
23
|
+
/**
|
|
24
|
+
* Create a context from a domain {@link Permission} used by the before valuate hook
|
|
25
|
+
*/ const createBeforeEvaluateContext = (permission)=>({
|
|
26
|
+
get permission () {
|
|
27
|
+
return _.cloneDeep(permission);
|
|
28
|
+
},
|
|
29
|
+
addCondition (condition) {
|
|
30
|
+
Object.assign(permission, index.addCondition(condition, permission));
|
|
31
|
+
return this;
|
|
32
|
+
}
|
|
33
|
+
});
|
|
34
|
+
/**
|
|
35
|
+
* Create a context from a casl Permission & some options
|
|
36
|
+
* @param caslPermission
|
|
37
|
+
*/ const createWillRegisterContext = ({ permission, options })=>({
|
|
38
|
+
...options,
|
|
39
|
+
get permission () {
|
|
40
|
+
return _.cloneDeep(permission);
|
|
41
|
+
},
|
|
42
|
+
condition: {
|
|
43
|
+
and (rawConditionObject) {
|
|
44
|
+
if (!permission.condition) {
|
|
45
|
+
permission.condition = {
|
|
46
|
+
$and: []
|
|
47
|
+
};
|
|
48
|
+
}
|
|
49
|
+
if (_.isArray(permission.condition.$and)) {
|
|
50
|
+
permission.condition.$and.push(rawConditionObject);
|
|
51
|
+
}
|
|
52
|
+
return this;
|
|
53
|
+
},
|
|
54
|
+
or (rawConditionObject) {
|
|
55
|
+
if (!permission.condition) {
|
|
56
|
+
permission.condition = {
|
|
57
|
+
$and: []
|
|
58
|
+
};
|
|
59
|
+
}
|
|
60
|
+
if (_.isArray(permission.condition.$and)) {
|
|
61
|
+
const orClause = permission.condition.$and.find(_.has('$or'));
|
|
62
|
+
if (orClause) {
|
|
63
|
+
orClause.$or.push(rawConditionObject);
|
|
64
|
+
} else {
|
|
65
|
+
permission.condition.$and.push({
|
|
66
|
+
$or: [
|
|
67
|
+
rawConditionObject
|
|
68
|
+
]
|
|
69
|
+
});
|
|
70
|
+
}
|
|
71
|
+
}
|
|
72
|
+
return this;
|
|
73
|
+
}
|
|
74
|
+
}
|
|
75
|
+
});
|
|
76
|
+
|
|
77
|
+
exports.createBeforeEvaluateContext = createBeforeEvaluateContext;
|
|
78
|
+
exports.createEngineHooks = createEngineHooks;
|
|
79
|
+
exports.createValidateContext = createValidateContext;
|
|
80
|
+
exports.createWillRegisterContext = createWillRegisterContext;
|
|
81
|
+
//# sourceMappingURL=hooks.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"hooks.js","sources":["../../src/engine/hooks.ts"],"sourcesContent":["import { cloneDeep, has, isArray } from 'lodash/fp';\nimport { hooks } from '@strapi/utils';\n\nimport * as domain from '../domain';\nimport type { Permission } from '../domain/permission';\nimport type { PermissionRule } from '../types';\n\nexport interface PermissionEngineHooks {\n 'before-format::validate.permission': ReturnType<typeof hooks.createAsyncBailHook>;\n 'format.permission': ReturnType<typeof hooks.createAsyncSeriesWaterfallHook>;\n 'after-format::validate.permission': ReturnType<typeof hooks.createAsyncBailHook>;\n 'before-evaluate.permission': ReturnType<typeof hooks.createAsyncSeriesHook>;\n 'before-register.permission': ReturnType<typeof hooks.createAsyncSeriesHook>;\n}\n\nexport type HookName = keyof PermissionEngineHooks;\n\n/**\n * Create a hook map used by the permission Engine\n */\nconst createEngineHooks = (): PermissionEngineHooks => ({\n 'before-format::validate.permission': hooks.createAsyncBailHook(),\n 'format.permission': hooks.createAsyncSeriesWaterfallHook(),\n 'after-format::validate.permission': hooks.createAsyncBailHook(),\n 'before-evaluate.permission': hooks.createAsyncSeriesHook(),\n 'before-register.permission': hooks.createAsyncSeriesHook(),\n});\n\n/**\n * Create a context from a domain {@link Permission} used by the validate hooks\n */\nconst createValidateContext = (permission: Permission) => ({\n get permission(): Readonly<Permission> {\n return cloneDeep(permission);\n },\n});\n\n/**\n * Create a context from a domain {@link Permission} used by the before valuate hook\n */\nconst createBeforeEvaluateContext = (permission: Permission) => ({\n get permission(): Readonly<Permission> {\n return cloneDeep(permission);\n },\n\n addCondition(condition: string) {\n Object.assign(permission, domain.permission.addCondition(condition, permission));\n\n return this;\n },\n});\n\ninterface WillRegisterContextParams {\n permission: PermissionRule;\n options: Record<string, unknown>;\n}\n\n/**\n * Create a context from a casl Permission & some options\n * @param caslPermission\n */\nconst createWillRegisterContext = ({ permission, options }: WillRegisterContextParams) => ({\n ...options,\n\n get permission() {\n return cloneDeep(permission);\n },\n\n condition: {\n and(rawConditionObject: unknown) {\n if (!permission.condition) {\n permission.condition = { $and: [] };\n }\n\n if (isArray(permission.condition.$and)) {\n permission.condition.$and.push(rawConditionObject);\n }\n\n return this;\n },\n\n or(rawConditionObject: unknown) {\n if (!permission.condition) {\n permission.condition = { $and: [] };\n }\n\n if (isArray(permission.condition.$and)) {\n const orClause = permission.condition.$and.find(has('$or'));\n\n if (orClause) {\n orClause.$or.push(rawConditionObject);\n } else {\n permission.condition.$and.push({ $or: [rawConditionObject] });\n }\n }\n\n return this;\n },\n },\n});\n\nexport {\n createEngineHooks,\n createValidateContext,\n createBeforeEvaluateContext,\n createWillRegisterContext,\n};\n"],"names":["createEngineHooks","hooks","createAsyncBailHook","createAsyncSeriesWaterfallHook","createAsyncSeriesHook","createValidateContext","permission","cloneDeep","createBeforeEvaluateContext","addCondition","condition","Object","assign","domain","createWillRegisterContext","options","and","rawConditionObject","$and","isArray","push","or","orClause","find","has","$or"],"mappings":";;;;;;AAiBA;;IAGA,MAAMA,iBAAoB,GAAA,KAA8B;AACtD,QAAA,oCAAA,EAAsCC,YAAMC,mBAAmB,EAAA;AAC/D,QAAA,mBAAA,EAAqBD,YAAME,8BAA8B,EAAA;AACzD,QAAA,mCAAA,EAAqCF,YAAMC,mBAAmB,EAAA;AAC9D,QAAA,4BAAA,EAA8BD,YAAMG,qBAAqB,EAAA;AACzD,QAAA,4BAAA,EAA8BH,YAAMG,qBAAqB;KAC3D;AAEA;;AAEC,IACKC,MAAAA,qBAAAA,GAAwB,CAACC,UAAAA,IAA4B;AACzD,QAAA,IAAIA,UAAmC,CAAA,GAAA;AACrC,YAAA,OAAOC,WAAUD,CAAAA,UAAAA,CAAAA;AACnB;KACF;AAEA;;AAEC,IACKE,MAAAA,2BAAAA,GAA8B,CAACF,UAAAA,IAA4B;AAC/D,QAAA,IAAIA,UAAmC,CAAA,GAAA;AACrC,YAAA,OAAOC,WAAUD,CAAAA,UAAAA,CAAAA;AACnB,SAAA;AAEAG,QAAAA,YAAAA,CAAAA,CAAaC,SAAiB,EAAA;YAC5BC,MAAOC,CAAAA,MAAM,CAACN,UAAYO,EAAAA,kBAA8B,CAACH,SAAWJ,EAAAA,UAAAA,CAAAA,CAAAA;AAEpE,YAAA,OAAO,IAAI;AACb;KACF;AAOA;;;IAIA,MAAMQ,4BAA4B,CAAC,EAAER,UAAU,EAAES,OAAO,EAA6B,IAAM;AACzF,QAAA,GAAGA,OAAO;AAEV,QAAA,IAAIT,UAAa,CAAA,GAAA;AACf,YAAA,OAAOC,WAAUD,CAAAA,UAAAA,CAAAA;AACnB,SAAA;QAEAI,SAAW,EAAA;AACTM,YAAAA,GAAAA,CAAAA,CAAIC,kBAA2B,EAAA;gBAC7B,IAAI,CAACX,UAAWI,CAAAA,SAAS,EAAE;AACzBJ,oBAAAA,UAAAA,CAAWI,SAAS,GAAG;AAAEQ,wBAAAA,IAAAA,EAAM;AAAG,qBAAA;AACpC;AAEA,gBAAA,IAAIC,SAAQb,CAAAA,UAAAA,CAAWI,SAAS,CAACQ,IAAI,CAAG,EAAA;AACtCZ,oBAAAA,UAAAA,CAAWI,SAAS,CAACQ,IAAI,CAACE,IAAI,CAACH,kBAAAA,CAAAA;AACjC;AAEA,gBAAA,OAAO,IAAI;AACb,aAAA;AAEAI,YAAAA,EAAAA,CAAAA,CAAGJ,kBAA2B,EAAA;gBAC5B,IAAI,CAACX,UAAWI,CAAAA,SAAS,EAAE;AACzBJ,oBAAAA,UAAAA,CAAWI,SAAS,GAAG;AAAEQ,wBAAAA,IAAAA,EAAM;AAAG,qBAAA;AACpC;AAEA,gBAAA,IAAIC,SAAQb,CAAAA,UAAAA,CAAWI,SAAS,CAACQ,IAAI,CAAG,EAAA;oBACtC,MAAMI,QAAAA,GAAWhB,WAAWI,SAAS,CAACQ,IAAI,CAACK,IAAI,CAACC,KAAI,CAAA,KAAA,CAAA,CAAA;AAEpD,oBAAA,IAAIF,QAAU,EAAA;wBACZA,QAASG,CAAAA,GAAG,CAACL,IAAI,CAACH,kBAAAA,CAAAA;qBACb,MAAA;AACLX,wBAAAA,UAAAA,CAAWI,SAAS,CAACQ,IAAI,CAACE,IAAI,CAAC;4BAAEK,GAAK,EAAA;AAACR,gCAAAA;AAAmB;AAAC,yBAAA,CAAA;AAC7D;AACF;AAEA,gBAAA,OAAO,IAAI;AACb;AACF;KACF;;;;;;;"}
|
|
@@ -0,0 +1,76 @@
|
|
|
1
|
+
import { cloneDeep, isArray, has } from 'lodash/fp';
|
|
2
|
+
import { hooks } from '@strapi/utils';
|
|
3
|
+
import { addCondition } from '../domain/permission/index.mjs';
|
|
4
|
+
|
|
5
|
+
/**
|
|
6
|
+
* Create a hook map used by the permission Engine
|
|
7
|
+
*/ const createEngineHooks = ()=>({
|
|
8
|
+
'before-format::validate.permission': hooks.createAsyncBailHook(),
|
|
9
|
+
'format.permission': hooks.createAsyncSeriesWaterfallHook(),
|
|
10
|
+
'after-format::validate.permission': hooks.createAsyncBailHook(),
|
|
11
|
+
'before-evaluate.permission': hooks.createAsyncSeriesHook(),
|
|
12
|
+
'before-register.permission': hooks.createAsyncSeriesHook()
|
|
13
|
+
});
|
|
14
|
+
/**
|
|
15
|
+
* Create a context from a domain {@link Permission} used by the validate hooks
|
|
16
|
+
*/ const createValidateContext = (permission)=>({
|
|
17
|
+
get permission () {
|
|
18
|
+
return cloneDeep(permission);
|
|
19
|
+
}
|
|
20
|
+
});
|
|
21
|
+
/**
|
|
22
|
+
* Create a context from a domain {@link Permission} used by the before valuate hook
|
|
23
|
+
*/ const createBeforeEvaluateContext = (permission)=>({
|
|
24
|
+
get permission () {
|
|
25
|
+
return cloneDeep(permission);
|
|
26
|
+
},
|
|
27
|
+
addCondition (condition) {
|
|
28
|
+
Object.assign(permission, addCondition(condition, permission));
|
|
29
|
+
return this;
|
|
30
|
+
}
|
|
31
|
+
});
|
|
32
|
+
/**
|
|
33
|
+
* Create a context from a casl Permission & some options
|
|
34
|
+
* @param caslPermission
|
|
35
|
+
*/ const createWillRegisterContext = ({ permission, options })=>({
|
|
36
|
+
...options,
|
|
37
|
+
get permission () {
|
|
38
|
+
return cloneDeep(permission);
|
|
39
|
+
},
|
|
40
|
+
condition: {
|
|
41
|
+
and (rawConditionObject) {
|
|
42
|
+
if (!permission.condition) {
|
|
43
|
+
permission.condition = {
|
|
44
|
+
$and: []
|
|
45
|
+
};
|
|
46
|
+
}
|
|
47
|
+
if (isArray(permission.condition.$and)) {
|
|
48
|
+
permission.condition.$and.push(rawConditionObject);
|
|
49
|
+
}
|
|
50
|
+
return this;
|
|
51
|
+
},
|
|
52
|
+
or (rawConditionObject) {
|
|
53
|
+
if (!permission.condition) {
|
|
54
|
+
permission.condition = {
|
|
55
|
+
$and: []
|
|
56
|
+
};
|
|
57
|
+
}
|
|
58
|
+
if (isArray(permission.condition.$and)) {
|
|
59
|
+
const orClause = permission.condition.$and.find(has('$or'));
|
|
60
|
+
if (orClause) {
|
|
61
|
+
orClause.$or.push(rawConditionObject);
|
|
62
|
+
} else {
|
|
63
|
+
permission.condition.$and.push({
|
|
64
|
+
$or: [
|
|
65
|
+
rawConditionObject
|
|
66
|
+
]
|
|
67
|
+
});
|
|
68
|
+
}
|
|
69
|
+
}
|
|
70
|
+
return this;
|
|
71
|
+
}
|
|
72
|
+
}
|
|
73
|
+
});
|
|
74
|
+
|
|
75
|
+
export { createBeforeEvaluateContext, createEngineHooks, createValidateContext, createWillRegisterContext };
|
|
76
|
+
//# sourceMappingURL=hooks.mjs.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"hooks.mjs","sources":["../../src/engine/hooks.ts"],"sourcesContent":["import { cloneDeep, has, isArray } from 'lodash/fp';\nimport { hooks } from '@strapi/utils';\n\nimport * as domain from '../domain';\nimport type { Permission } from '../domain/permission';\nimport type { PermissionRule } from '../types';\n\nexport interface PermissionEngineHooks {\n 'before-format::validate.permission': ReturnType<typeof hooks.createAsyncBailHook>;\n 'format.permission': ReturnType<typeof hooks.createAsyncSeriesWaterfallHook>;\n 'after-format::validate.permission': ReturnType<typeof hooks.createAsyncBailHook>;\n 'before-evaluate.permission': ReturnType<typeof hooks.createAsyncSeriesHook>;\n 'before-register.permission': ReturnType<typeof hooks.createAsyncSeriesHook>;\n}\n\nexport type HookName = keyof PermissionEngineHooks;\n\n/**\n * Create a hook map used by the permission Engine\n */\nconst createEngineHooks = (): PermissionEngineHooks => ({\n 'before-format::validate.permission': hooks.createAsyncBailHook(),\n 'format.permission': hooks.createAsyncSeriesWaterfallHook(),\n 'after-format::validate.permission': hooks.createAsyncBailHook(),\n 'before-evaluate.permission': hooks.createAsyncSeriesHook(),\n 'before-register.permission': hooks.createAsyncSeriesHook(),\n});\n\n/**\n * Create a context from a domain {@link Permission} used by the validate hooks\n */\nconst createValidateContext = (permission: Permission) => ({\n get permission(): Readonly<Permission> {\n return cloneDeep(permission);\n },\n});\n\n/**\n * Create a context from a domain {@link Permission} used by the before valuate hook\n */\nconst createBeforeEvaluateContext = (permission: Permission) => ({\n get permission(): Readonly<Permission> {\n return cloneDeep(permission);\n },\n\n addCondition(condition: string) {\n Object.assign(permission, domain.permission.addCondition(condition, permission));\n\n return this;\n },\n});\n\ninterface WillRegisterContextParams {\n permission: PermissionRule;\n options: Record<string, unknown>;\n}\n\n/**\n * Create a context from a casl Permission & some options\n * @param caslPermission\n */\nconst createWillRegisterContext = ({ permission, options }: WillRegisterContextParams) => ({\n ...options,\n\n get permission() {\n return cloneDeep(permission);\n },\n\n condition: {\n and(rawConditionObject: unknown) {\n if (!permission.condition) {\n permission.condition = { $and: [] };\n }\n\n if (isArray(permission.condition.$and)) {\n permission.condition.$and.push(rawConditionObject);\n }\n\n return this;\n },\n\n or(rawConditionObject: unknown) {\n if (!permission.condition) {\n permission.condition = { $and: [] };\n }\n\n if (isArray(permission.condition.$and)) {\n const orClause = permission.condition.$and.find(has('$or'));\n\n if (orClause) {\n orClause.$or.push(rawConditionObject);\n } else {\n permission.condition.$and.push({ $or: [rawConditionObject] });\n }\n }\n\n return this;\n },\n },\n});\n\nexport {\n createEngineHooks,\n createValidateContext,\n createBeforeEvaluateContext,\n createWillRegisterContext,\n};\n"],"names":["createEngineHooks","hooks","createAsyncBailHook","createAsyncSeriesWaterfallHook","createAsyncSeriesHook","createValidateContext","permission","cloneDeep","createBeforeEvaluateContext","addCondition","condition","Object","assign","domain","createWillRegisterContext","options","and","rawConditionObject","$and","isArray","push","or","orClause","find","has","$or"],"mappings":";;;;AAiBA;;IAGA,MAAMA,iBAAoB,GAAA,KAA8B;AACtD,QAAA,oCAAA,EAAsCC,MAAMC,mBAAmB,EAAA;AAC/D,QAAA,mBAAA,EAAqBD,MAAME,8BAA8B,EAAA;AACzD,QAAA,mCAAA,EAAqCF,MAAMC,mBAAmB,EAAA;AAC9D,QAAA,4BAAA,EAA8BD,MAAMG,qBAAqB,EAAA;AACzD,QAAA,4BAAA,EAA8BH,MAAMG,qBAAqB;KAC3D;AAEA;;AAEC,IACKC,MAAAA,qBAAAA,GAAwB,CAACC,UAAAA,IAA4B;AACzD,QAAA,IAAIA,UAAmC,CAAA,GAAA;AACrC,YAAA,OAAOC,SAAUD,CAAAA,UAAAA,CAAAA;AACnB;KACF;AAEA;;AAEC,IACKE,MAAAA,2BAAAA,GAA8B,CAACF,UAAAA,IAA4B;AAC/D,QAAA,IAAIA,UAAmC,CAAA,GAAA;AACrC,YAAA,OAAOC,SAAUD,CAAAA,UAAAA,CAAAA;AACnB,SAAA;AAEAG,QAAAA,YAAAA,CAAAA,CAAaC,SAAiB,EAAA;YAC5BC,MAAOC,CAAAA,MAAM,CAACN,UAAYO,EAAAA,YAA8B,CAACH,SAAWJ,EAAAA,UAAAA,CAAAA,CAAAA;AAEpE,YAAA,OAAO,IAAI;AACb;KACF;AAOA;;;IAIA,MAAMQ,4BAA4B,CAAC,EAAER,UAAU,EAAES,OAAO,EAA6B,IAAM;AACzF,QAAA,GAAGA,OAAO;AAEV,QAAA,IAAIT,UAAa,CAAA,GAAA;AACf,YAAA,OAAOC,SAAUD,CAAAA,UAAAA,CAAAA;AACnB,SAAA;QAEAI,SAAW,EAAA;AACTM,YAAAA,GAAAA,CAAAA,CAAIC,kBAA2B,EAAA;gBAC7B,IAAI,CAACX,UAAWI,CAAAA,SAAS,EAAE;AACzBJ,oBAAAA,UAAAA,CAAWI,SAAS,GAAG;AAAEQ,wBAAAA,IAAAA,EAAM;AAAG,qBAAA;AACpC;AAEA,gBAAA,IAAIC,OAAQb,CAAAA,UAAAA,CAAWI,SAAS,CAACQ,IAAI,CAAG,EAAA;AACtCZ,oBAAAA,UAAAA,CAAWI,SAAS,CAACQ,IAAI,CAACE,IAAI,CAACH,kBAAAA,CAAAA;AACjC;AAEA,gBAAA,OAAO,IAAI;AACb,aAAA;AAEAI,YAAAA,EAAAA,CAAAA,CAAGJ,kBAA2B,EAAA;gBAC5B,IAAI,CAACX,UAAWI,CAAAA,SAAS,EAAE;AACzBJ,oBAAAA,UAAAA,CAAWI,SAAS,GAAG;AAAEQ,wBAAAA,IAAAA,EAAM;AAAG,qBAAA;AACpC;AAEA,gBAAA,IAAIC,OAAQb,CAAAA,UAAAA,CAAWI,SAAS,CAACQ,IAAI,CAAG,EAAA;oBACtC,MAAMI,QAAAA,GAAWhB,WAAWI,SAAS,CAACQ,IAAI,CAACK,IAAI,CAACC,GAAI,CAAA,KAAA,CAAA,CAAA;AAEpD,oBAAA,IAAIF,QAAU,EAAA;wBACZA,QAASG,CAAAA,GAAG,CAACL,IAAI,CAACH,kBAAAA,CAAAA;qBACb,MAAA;AACLX,wBAAAA,UAAAA,CAAWI,SAAS,CAACQ,IAAI,CAACE,IAAI,CAAC;4BAAEK,GAAK,EAAA;AAACR,gCAAAA;AAAmB;AAAC,yBAAA,CAAA;AAC7D;AACF;AAEA,gBAAA,OAAO,IAAI;AACb;AACF;KACF;;;;"}
|