@strapi/permissions 0.0.0-next.e3b4cdeebf6e9b0cd5575ff80b8a86715d44ce98 → 0.0.0-next.e3eb76a86aff89979cc9098aec129d2ffa600c56
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +18 -3
- package/dist/domain/index.d.ts +3 -0
- package/dist/domain/index.d.ts.map +1 -0
- package/dist/domain/index.js +8 -0
- package/dist/domain/index.js.map +1 -0
- package/dist/domain/index.mjs +3 -0
- package/dist/domain/index.mjs.map +1 -0
- package/dist/domain/permission/index.d.ts +26 -0
- package/dist/domain/permission/index.d.ts.map +1 -0
- package/dist/domain/permission/index.js +41 -0
- package/dist/domain/permission/index.js.map +1 -0
- package/dist/domain/permission/index.mjs +36 -0
- package/dist/domain/permission/index.mjs.map +1 -0
- package/dist/engine/abilities/casl-ability.d.ts +12 -0
- package/dist/engine/abilities/casl-ability.d.ts.map +1 -0
- package/dist/engine/abilities/casl-ability.js +87 -0
- package/dist/engine/abilities/casl-ability.js.map +1 -0
- package/dist/engine/abilities/casl-ability.mjs +66 -0
- package/dist/engine/abilities/casl-ability.mjs.map +1 -0
- package/dist/engine/abilities/index.d.ts +2 -0
- package/dist/engine/abilities/index.d.ts.map +1 -0
- package/dist/engine/abilities/index.js +8 -0
- package/dist/engine/abilities/index.js.map +1 -0
- package/dist/engine/abilities/index.mjs +2 -0
- package/dist/engine/abilities/index.mjs.map +1 -0
- package/dist/engine/hooks.d.ts +55 -0
- package/dist/engine/hooks.d.ts.map +1 -0
- package/dist/engine/hooks.js +81 -0
- package/dist/engine/hooks.js.map +1 -0
- package/dist/engine/hooks.mjs +76 -0
- package/dist/engine/hooks.mjs.map +1 -0
- package/dist/engine/index.d.ts +28 -0
- package/dist/engine/index.d.ts.map +1 -0
- package/dist/engine/index.js +141 -0
- package/dist/engine/index.js.map +1 -0
- package/dist/engine/index.mjs +139 -0
- package/dist/engine/index.mjs.map +1 -0
- package/dist/index.d.ts +4 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +10 -0
- package/dist/index.js.map +1 -0
- package/dist/index.mjs +5 -0
- package/dist/index.mjs.map +1 -0
- package/dist/types.d.ts +19 -0
- package/dist/types.d.ts.map +1 -0
- package/package.json +24 -8
- package/.eslintignore +0 -2
- package/.eslintrc.js +0 -4
- package/index.d.ts +0 -54
- package/lib/domain/index.js +0 -7
- package/lib/domain/permission/index.js +0 -68
- package/lib/engine/abilities/casl-ability.js +0 -57
- package/lib/engine/abilities/index.js +0 -7
- package/lib/engine/hooks.js +0 -97
- package/lib/engine/index.js +0 -209
- package/lib/index.js +0 -9
|
@@ -0,0 +1,76 @@
|
|
|
1
|
+
import { cloneDeep, isArray, has } from 'lodash/fp';
|
|
2
|
+
import { hooks } from '@strapi/utils';
|
|
3
|
+
import { addCondition } from '../domain/permission/index.mjs';
|
|
4
|
+
|
|
5
|
+
/**
|
|
6
|
+
* Create a hook map used by the permission Engine
|
|
7
|
+
*/ const createEngineHooks = ()=>({
|
|
8
|
+
'before-format::validate.permission': hooks.createAsyncBailHook(),
|
|
9
|
+
'format.permission': hooks.createAsyncSeriesWaterfallHook(),
|
|
10
|
+
'after-format::validate.permission': hooks.createAsyncBailHook(),
|
|
11
|
+
'before-evaluate.permission': hooks.createAsyncSeriesHook(),
|
|
12
|
+
'before-register.permission': hooks.createAsyncSeriesHook()
|
|
13
|
+
});
|
|
14
|
+
/**
|
|
15
|
+
* Create a context from a domain {@link Permission} used by the validate hooks
|
|
16
|
+
*/ const createValidateContext = (permission)=>({
|
|
17
|
+
get permission () {
|
|
18
|
+
return cloneDeep(permission);
|
|
19
|
+
}
|
|
20
|
+
});
|
|
21
|
+
/**
|
|
22
|
+
* Create a context from a domain {@link Permission} used by the before valuate hook
|
|
23
|
+
*/ const createBeforeEvaluateContext = (permission)=>({
|
|
24
|
+
get permission () {
|
|
25
|
+
return cloneDeep(permission);
|
|
26
|
+
},
|
|
27
|
+
addCondition (condition) {
|
|
28
|
+
Object.assign(permission, addCondition(condition, permission));
|
|
29
|
+
return this;
|
|
30
|
+
}
|
|
31
|
+
});
|
|
32
|
+
/**
|
|
33
|
+
* Create a context from a casl Permission & some options
|
|
34
|
+
* @param caslPermission
|
|
35
|
+
*/ const createWillRegisterContext = ({ permission, options })=>({
|
|
36
|
+
...options,
|
|
37
|
+
get permission () {
|
|
38
|
+
return cloneDeep(permission);
|
|
39
|
+
},
|
|
40
|
+
condition: {
|
|
41
|
+
and (rawConditionObject) {
|
|
42
|
+
if (!permission.condition) {
|
|
43
|
+
permission.condition = {
|
|
44
|
+
$and: []
|
|
45
|
+
};
|
|
46
|
+
}
|
|
47
|
+
if (isArray(permission.condition.$and)) {
|
|
48
|
+
permission.condition.$and.push(rawConditionObject);
|
|
49
|
+
}
|
|
50
|
+
return this;
|
|
51
|
+
},
|
|
52
|
+
or (rawConditionObject) {
|
|
53
|
+
if (!permission.condition) {
|
|
54
|
+
permission.condition = {
|
|
55
|
+
$and: []
|
|
56
|
+
};
|
|
57
|
+
}
|
|
58
|
+
if (isArray(permission.condition.$and)) {
|
|
59
|
+
const orClause = permission.condition.$and.find(has('$or'));
|
|
60
|
+
if (orClause) {
|
|
61
|
+
orClause.$or.push(rawConditionObject);
|
|
62
|
+
} else {
|
|
63
|
+
permission.condition.$and.push({
|
|
64
|
+
$or: [
|
|
65
|
+
rawConditionObject
|
|
66
|
+
]
|
|
67
|
+
});
|
|
68
|
+
}
|
|
69
|
+
}
|
|
70
|
+
return this;
|
|
71
|
+
}
|
|
72
|
+
}
|
|
73
|
+
});
|
|
74
|
+
|
|
75
|
+
export { createBeforeEvaluateContext, createEngineHooks, createValidateContext, createWillRegisterContext };
|
|
76
|
+
//# sourceMappingURL=hooks.mjs.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"hooks.mjs","sources":["../../src/engine/hooks.ts"],"sourcesContent":["import { cloneDeep, has, isArray } from 'lodash/fp';\nimport { hooks } from '@strapi/utils';\n\nimport * as domain from '../domain';\nimport type { Permission } from '../domain/permission';\nimport type { PermissionRule } from '../types';\n\nexport interface PermissionEngineHooks {\n 'before-format::validate.permission': ReturnType<typeof hooks.createAsyncBailHook>;\n 'format.permission': ReturnType<typeof hooks.createAsyncSeriesWaterfallHook>;\n 'after-format::validate.permission': ReturnType<typeof hooks.createAsyncBailHook>;\n 'before-evaluate.permission': ReturnType<typeof hooks.createAsyncSeriesHook>;\n 'before-register.permission': ReturnType<typeof hooks.createAsyncSeriesHook>;\n}\n\nexport type HookName = keyof PermissionEngineHooks;\n\n/**\n * Create a hook map used by the permission Engine\n */\nconst createEngineHooks = (): PermissionEngineHooks => ({\n 'before-format::validate.permission': hooks.createAsyncBailHook(),\n 'format.permission': hooks.createAsyncSeriesWaterfallHook(),\n 'after-format::validate.permission': hooks.createAsyncBailHook(),\n 'before-evaluate.permission': hooks.createAsyncSeriesHook(),\n 'before-register.permission': hooks.createAsyncSeriesHook(),\n});\n\n/**\n * Create a context from a domain {@link Permission} used by the validate hooks\n */\nconst createValidateContext = (permission: Permission) => ({\n get permission(): Readonly<Permission> {\n return cloneDeep(permission);\n },\n});\n\n/**\n * Create a context from a domain {@link Permission} used by the before valuate hook\n */\nconst createBeforeEvaluateContext = (permission: Permission) => ({\n get permission(): Readonly<Permission> {\n return cloneDeep(permission);\n },\n\n addCondition(condition: string) {\n Object.assign(permission, domain.permission.addCondition(condition, permission));\n\n return this;\n },\n});\n\ninterface WillRegisterContextParams {\n permission: PermissionRule;\n options: Record<string, unknown>;\n}\n\n/**\n * Create a context from a casl Permission & some options\n * @param caslPermission\n */\nconst createWillRegisterContext = ({ permission, options }: WillRegisterContextParams) => ({\n ...options,\n\n get permission() {\n return cloneDeep(permission);\n },\n\n condition: {\n and(rawConditionObject: unknown) {\n if (!permission.condition) {\n permission.condition = { $and: [] };\n }\n\n if (isArray(permission.condition.$and)) {\n permission.condition.$and.push(rawConditionObject);\n }\n\n return this;\n },\n\n or(rawConditionObject: unknown) {\n if (!permission.condition) {\n permission.condition = { $and: [] };\n }\n\n if (isArray(permission.condition.$and)) {\n const orClause = permission.condition.$and.find(has('$or'));\n\n if (orClause) {\n orClause.$or.push(rawConditionObject);\n } else {\n permission.condition.$and.push({ $or: [rawConditionObject] });\n }\n }\n\n return this;\n },\n },\n});\n\nexport {\n createEngineHooks,\n createValidateContext,\n createBeforeEvaluateContext,\n createWillRegisterContext,\n};\n"],"names":["createEngineHooks","hooks","createAsyncBailHook","createAsyncSeriesWaterfallHook","createAsyncSeriesHook","createValidateContext","permission","cloneDeep","createBeforeEvaluateContext","addCondition","condition","Object","assign","domain","createWillRegisterContext","options","and","rawConditionObject","$and","isArray","push","or","orClause","find","has","$or"],"mappings":";;;;AAiBA;;IAGA,MAAMA,iBAAoB,GAAA,KAA8B;AACtD,QAAA,oCAAA,EAAsCC,MAAMC,mBAAmB,EAAA;AAC/D,QAAA,mBAAA,EAAqBD,MAAME,8BAA8B,EAAA;AACzD,QAAA,mCAAA,EAAqCF,MAAMC,mBAAmB,EAAA;AAC9D,QAAA,4BAAA,EAA8BD,MAAMG,qBAAqB,EAAA;AACzD,QAAA,4BAAA,EAA8BH,MAAMG,qBAAqB;KAC3D;AAEA;;AAEC,IACKC,MAAAA,qBAAAA,GAAwB,CAACC,UAAAA,IAA4B;AACzD,QAAA,IAAIA,UAAmC,CAAA,GAAA;AACrC,YAAA,OAAOC,SAAUD,CAAAA,UAAAA,CAAAA;AACnB;KACF;AAEA;;AAEC,IACKE,MAAAA,2BAAAA,GAA8B,CAACF,UAAAA,IAA4B;AAC/D,QAAA,IAAIA,UAAmC,CAAA,GAAA;AACrC,YAAA,OAAOC,SAAUD,CAAAA,UAAAA,CAAAA;AACnB,SAAA;AAEAG,QAAAA,YAAAA,CAAAA,CAAaC,SAAiB,EAAA;YAC5BC,MAAOC,CAAAA,MAAM,CAACN,UAAYO,EAAAA,YAA8B,CAACH,SAAWJ,EAAAA,UAAAA,CAAAA,CAAAA;AAEpE,YAAA,OAAO,IAAI;AACb;KACF;AAOA;;;IAIA,MAAMQ,4BAA4B,CAAC,EAAER,UAAU,EAAES,OAAO,EAA6B,IAAM;AACzF,QAAA,GAAGA,OAAO;AAEV,QAAA,IAAIT,UAAa,CAAA,GAAA;AACf,YAAA,OAAOC,SAAUD,CAAAA,UAAAA,CAAAA;AACnB,SAAA;QAEAI,SAAW,EAAA;AACTM,YAAAA,GAAAA,CAAAA,CAAIC,kBAA2B,EAAA;gBAC7B,IAAI,CAACX,UAAWI,CAAAA,SAAS,EAAE;AACzBJ,oBAAAA,UAAAA,CAAWI,SAAS,GAAG;AAAEQ,wBAAAA,IAAAA,EAAM;AAAG,qBAAA;AACpC;AAEA,gBAAA,IAAIC,OAAQb,CAAAA,UAAAA,CAAWI,SAAS,CAACQ,IAAI,CAAG,EAAA;AACtCZ,oBAAAA,UAAAA,CAAWI,SAAS,CAACQ,IAAI,CAACE,IAAI,CAACH,kBAAAA,CAAAA;AACjC;AAEA,gBAAA,OAAO,IAAI;AACb,aAAA;AAEAI,YAAAA,EAAAA,CAAAA,CAAGJ,kBAA2B,EAAA;gBAC5B,IAAI,CAACX,UAAWI,CAAAA,SAAS,EAAE;AACzBJ,oBAAAA,UAAAA,CAAWI,SAAS,GAAG;AAAEQ,wBAAAA,IAAAA,EAAM;AAAG,qBAAA;AACpC;AAEA,gBAAA,IAAIC,OAAQb,CAAAA,UAAAA,CAAWI,SAAS,CAACQ,IAAI,CAAG,EAAA;oBACtC,MAAMI,QAAAA,GAAWhB,WAAWI,SAAS,CAACQ,IAAI,CAACK,IAAI,CAACC,GAAI,CAAA,KAAA,CAAA,CAAA;AAEpD,oBAAA,IAAIF,QAAU,EAAA;wBACZA,QAASG,CAAAA,GAAG,CAACL,IAAI,CAACH,kBAAAA,CAAAA;qBACb,MAAA;AACLX,wBAAAA,UAAAA,CAAWI,SAAS,CAACQ,IAAI,CAACE,IAAI,CAAC;4BAAEK,GAAK,EAAA;AAACR,gCAAAA;AAAmB;AAAC,yBAAA,CAAA;AAC7D;AACF;AAEA,gBAAA,OAAO,IAAI;AACb;AACF;KACF;;;;"}
|
|
@@ -0,0 +1,28 @@
|
|
|
1
|
+
import { Ability } from '@casl/ability';
|
|
2
|
+
import { providerFactory } from '@strapi/utils';
|
|
3
|
+
import type { PermissionEngineHooks, HookName } from './hooks';
|
|
4
|
+
import * as abilities from './abilities';
|
|
5
|
+
import { Permission } from '../domain/permission';
|
|
6
|
+
import type { PermissionRule } from '../types';
|
|
7
|
+
export { abilities };
|
|
8
|
+
type Provider = Omit<ReturnType<typeof providerFactory>, 'register'> & {
|
|
9
|
+
register(...args: unknown[]): Promise<Provider> | Provider;
|
|
10
|
+
};
|
|
11
|
+
type ActionProvider = Provider;
|
|
12
|
+
type ConditionProvider = Provider;
|
|
13
|
+
export interface Engine {
|
|
14
|
+
hooks: PermissionEngineHooks;
|
|
15
|
+
on(hook: HookName, handler: (...args: any[]) => any): Engine;
|
|
16
|
+
generateAbility(permissions: Permission[], options?: object): Promise<Ability>;
|
|
17
|
+
createRegisterFunction(can: (permission: PermissionRule) => unknown, options: Record<string, unknown>): (permission: PermissionRule) => Promise<unknown>;
|
|
18
|
+
}
|
|
19
|
+
export interface EngineParams {
|
|
20
|
+
providers: {
|
|
21
|
+
action: ActionProvider;
|
|
22
|
+
condition: ConditionProvider;
|
|
23
|
+
};
|
|
24
|
+
abilityBuilderFactory?(): abilities.CustomAbilityBuilder;
|
|
25
|
+
}
|
|
26
|
+
declare const newEngine: (params: EngineParams) => Engine;
|
|
27
|
+
export { newEngine as new };
|
|
28
|
+
//# sourceMappingURL=index.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/engine/index.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AACxC,OAAO,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AAQhD,OAAO,KAAK,EAAE,qBAAqB,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAE/D,OAAO,KAAK,SAAS,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,UAAU,EAAE,MAAM,sBAAsB,CAAC;AAClD,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,UAAU,CAAC;AAE/C,OAAO,EAAE,SAAS,EAAE,CAAC;AAErB,KAAK,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC,OAAO,eAAe,CAAC,EAAE,UAAU,CAAC,GAAG;IACrE,QAAQ,CAAC,GAAG,IAAI,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC,QAAQ,CAAC,GAAG,QAAQ,CAAC;CAC5D,CAAC;AAEF,KAAK,cAAc,GAAG,QAAQ,CAAC;AAC/B,KAAK,iBAAiB,GAAG,QAAQ,CAAC;AAElC,MAAM,WAAW,MAAM;IACrB,KAAK,EAAE,qBAAqB,CAAC;IAC7B,EAAE,CAAC,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,GAAG,IAAI,EAAE,GAAG,EAAE,KAAK,GAAG,GAAG,MAAM,CAAC;IAC7D,eAAe,CAAC,WAAW,EAAE,UAAU,EAAE,EAAE,OAAO,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IAC/E,sBAAsB,CACpB,GAAG,EAAE,CAAC,UAAU,EAAE,cAAc,KAAK,OAAO,EAC5C,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAC/B,CAAC,UAAU,EAAE,cAAc,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;CACrD;AAED,MAAM,WAAW,YAAY;IAC3B,SAAS,EAAE;QAAE,MAAM,EAAE,cAAc,CAAC;QAAC,SAAS,EAAE,iBAAiB,CAAA;KAAE,CAAC;IACpE,qBAAqB,CAAC,IAAI,SAAS,CAAC,oBAAoB,CAAC;CAC1D;AAsBD,QAAA,MAAM,SAAS,WAAY,YAAY,KAAG,MAoKzC,CAAC;AAEF,OAAO,EAAE,SAAS,IAAI,GAAG,EAAE,CAAC"}
|
|
@@ -0,0 +1,141 @@
|
|
|
1
|
+
'use strict';
|
|
2
|
+
|
|
3
|
+
var _ = require('lodash/fp');
|
|
4
|
+
var qs = require('qs');
|
|
5
|
+
var hooks = require('./hooks.js');
|
|
6
|
+
var index = require('./abilities/index.js');
|
|
7
|
+
var caslAbility = require('./abilities/casl-ability.js');
|
|
8
|
+
|
|
9
|
+
/**
|
|
10
|
+
* Create a default state object for the engine
|
|
11
|
+
*/ const createEngineState = ()=>{
|
|
12
|
+
const hooks$1 = hooks.createEngineHooks();
|
|
13
|
+
return {
|
|
14
|
+
hooks: hooks$1
|
|
15
|
+
};
|
|
16
|
+
};
|
|
17
|
+
const newEngine = (params)=>{
|
|
18
|
+
const { providers, abilityBuilderFactory = caslAbility.caslAbilityBuilder } = params;
|
|
19
|
+
const state = createEngineState();
|
|
20
|
+
const runValidationHook = async (hook, context)=>state.hooks[hook].call(context);
|
|
21
|
+
/**
|
|
22
|
+
* Evaluate a permission using local and registered behaviors (using hooks).
|
|
23
|
+
* Validate, format (add condition, etc...), evaluate (evaluate conditions) and register a permission
|
|
24
|
+
*/ const evaluate = async (params)=>{
|
|
25
|
+
const { options, register } = params;
|
|
26
|
+
const preFormatValidation = await runValidationHook('before-format::validate.permission', hooks.createBeforeEvaluateContext(params.permission));
|
|
27
|
+
if (preFormatValidation === false) {
|
|
28
|
+
return;
|
|
29
|
+
}
|
|
30
|
+
const permission = await state.hooks['format.permission'].call(params.permission);
|
|
31
|
+
const afterFormatValidation = await runValidationHook('after-format::validate.permission', hooks.createValidateContext(permission));
|
|
32
|
+
if (afterFormatValidation === false) {
|
|
33
|
+
return;
|
|
34
|
+
}
|
|
35
|
+
await state.hooks['before-evaluate.permission'].call(hooks.createBeforeEvaluateContext(permission));
|
|
36
|
+
const { action: actionName, subject, properties, conditions = [], actionParameters = {} } = permission;
|
|
37
|
+
let action = actionName;
|
|
38
|
+
if (actionParameters && Object.keys(actionParameters).length > 0) {
|
|
39
|
+
action = `${actionName}?${qs.stringify(actionParameters)}`;
|
|
40
|
+
}
|
|
41
|
+
if (conditions.length === 0) {
|
|
42
|
+
return register({
|
|
43
|
+
action,
|
|
44
|
+
subject,
|
|
45
|
+
properties
|
|
46
|
+
});
|
|
47
|
+
}
|
|
48
|
+
const resolveConditions = _.map(providers.condition.get);
|
|
49
|
+
const removeInvalidConditions = _.filter((condition)=>_.isFunction(condition.handler));
|
|
50
|
+
const evaluateConditions = (conditions)=>{
|
|
51
|
+
return Promise.all(conditions.map(async (condition)=>({
|
|
52
|
+
condition,
|
|
53
|
+
result: await condition.handler(_.merge(options, {
|
|
54
|
+
permission: _.cloneDeep(permission)
|
|
55
|
+
}))
|
|
56
|
+
})));
|
|
57
|
+
};
|
|
58
|
+
const removeInvalidResults = _.filter(({ result })=>_.isBoolean(result) || _.isObject(result));
|
|
59
|
+
const evaluatedConditions = await Promise.resolve(conditions).then(resolveConditions).then(removeInvalidConditions).then(evaluateConditions).then(removeInvalidResults);
|
|
60
|
+
const resultPropEq = _.propEq('result');
|
|
61
|
+
const pickResults = _.map(_.prop('result'));
|
|
62
|
+
if (evaluatedConditions.every(resultPropEq(false))) {
|
|
63
|
+
return;
|
|
64
|
+
}
|
|
65
|
+
if (_.isEmpty(evaluatedConditions) || evaluatedConditions.some(resultPropEq(true))) {
|
|
66
|
+
return register({
|
|
67
|
+
action,
|
|
68
|
+
subject,
|
|
69
|
+
properties
|
|
70
|
+
});
|
|
71
|
+
}
|
|
72
|
+
const results = pickResults(evaluatedConditions).filter(_.isObject);
|
|
73
|
+
if (_.isEmpty(results)) {
|
|
74
|
+
return register({
|
|
75
|
+
action,
|
|
76
|
+
subject,
|
|
77
|
+
properties
|
|
78
|
+
});
|
|
79
|
+
}
|
|
80
|
+
return register({
|
|
81
|
+
action,
|
|
82
|
+
subject,
|
|
83
|
+
properties,
|
|
84
|
+
condition: {
|
|
85
|
+
$and: [
|
|
86
|
+
{
|
|
87
|
+
$or: results
|
|
88
|
+
}
|
|
89
|
+
]
|
|
90
|
+
}
|
|
91
|
+
});
|
|
92
|
+
};
|
|
93
|
+
return {
|
|
94
|
+
get hooks () {
|
|
95
|
+
return state.hooks;
|
|
96
|
+
},
|
|
97
|
+
/**
|
|
98
|
+
* Create a register function that wraps a `can` function
|
|
99
|
+
* used to register a permission in the ability builder
|
|
100
|
+
*/ createRegisterFunction (can, options) {
|
|
101
|
+
return async (permission)=>{
|
|
102
|
+
const hookContext = hooks.createWillRegisterContext({
|
|
103
|
+
options,
|
|
104
|
+
permission
|
|
105
|
+
});
|
|
106
|
+
await state.hooks['before-register.permission'].call(hookContext);
|
|
107
|
+
return can(permission);
|
|
108
|
+
};
|
|
109
|
+
},
|
|
110
|
+
/**
|
|
111
|
+
* Register a new handler for a given hook
|
|
112
|
+
*/ on (hook, handler) {
|
|
113
|
+
const validHooks = Object.keys(state.hooks);
|
|
114
|
+
const isValidHook = validHooks.includes(hook);
|
|
115
|
+
if (!isValidHook) {
|
|
116
|
+
throw new Error(`Invalid hook supplied when trying to register an handler to the permission engine. Got "${hook}" but expected one of ${validHooks.join(', ')}`);
|
|
117
|
+
}
|
|
118
|
+
state.hooks[hook].register(handler);
|
|
119
|
+
return this;
|
|
120
|
+
},
|
|
121
|
+
/**
|
|
122
|
+
* Generate an ability based on the instance's
|
|
123
|
+
* ability builder and the given permissions
|
|
124
|
+
*/ async generateAbility (permissions, options = {}) {
|
|
125
|
+
const { can, build } = abilityBuilderFactory();
|
|
126
|
+
for (const permission of permissions){
|
|
127
|
+
const register = this.createRegisterFunction(can, options);
|
|
128
|
+
await evaluate({
|
|
129
|
+
permission,
|
|
130
|
+
options,
|
|
131
|
+
register
|
|
132
|
+
});
|
|
133
|
+
}
|
|
134
|
+
return build();
|
|
135
|
+
}
|
|
136
|
+
};
|
|
137
|
+
};
|
|
138
|
+
|
|
139
|
+
exports.abilities = index;
|
|
140
|
+
exports.new = newEngine;
|
|
141
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sources":["../../src/engine/index.ts"],"sourcesContent":["import _ from 'lodash/fp';\nimport qs from 'qs';\nimport { Ability } from '@casl/ability';\nimport { providerFactory } from '@strapi/utils';\n\nimport {\n createEngineHooks,\n createWillRegisterContext,\n createBeforeEvaluateContext,\n createValidateContext,\n} from './hooks';\nimport type { PermissionEngineHooks, HookName } from './hooks';\n\nimport * as abilities from './abilities';\nimport { Permission } from '../domain/permission';\nimport type { PermissionRule } from '../types';\n\nexport { abilities };\n\ntype Provider = Omit<ReturnType<typeof providerFactory>, 'register'> & {\n register(...args: unknown[]): Promise<Provider> | Provider;\n};\n\ntype ActionProvider = Provider;\ntype ConditionProvider = Provider;\n\nexport interface Engine {\n hooks: PermissionEngineHooks;\n on(hook: HookName, handler: (...args: any[]) => any): Engine;\n generateAbility(permissions: Permission[], options?: object): Promise<Ability>;\n createRegisterFunction(\n can: (permission: PermissionRule) => unknown,\n options: Record<string, unknown>\n ): (permission: PermissionRule) => Promise<unknown>;\n}\n\nexport interface EngineParams {\n providers: { action: ActionProvider; condition: ConditionProvider };\n abilityBuilderFactory?(): abilities.CustomAbilityBuilder;\n}\n\ninterface EvaluateParams {\n options: Record<string, unknown>;\n register: (permission: PermissionRule) => Promise<unknown>;\n permission: Permission;\n}\n\ninterface Condition {\n name: string;\n handler(...params: unknown[]): boolean | object;\n}\n\n/**\n * Create a default state object for the engine\n */\nconst createEngineState = () => {\n const hooks = createEngineHooks();\n\n return { hooks };\n};\n\nconst newEngine = (params: EngineParams): Engine => {\n const { providers, abilityBuilderFactory = abilities.caslAbilityBuilder } = params;\n\n const state = createEngineState();\n\n const runValidationHook = async (hook: HookName, context: unknown) =>\n state.hooks[hook].call(context);\n\n /**\n * Evaluate a permission using local and registered behaviors (using hooks).\n * Validate, format (add condition, etc...), evaluate (evaluate conditions) and register a permission\n */\n const evaluate = async (params: EvaluateParams) => {\n const { options, register } = params;\n\n const preFormatValidation = await runValidationHook(\n 'before-format::validate.permission',\n createBeforeEvaluateContext(params.permission)\n );\n\n if (preFormatValidation === false) {\n return;\n }\n\n const permission = (await state.hooks['format.permission'].call(\n params.permission\n )) as Permission;\n\n const afterFormatValidation = await runValidationHook(\n 'after-format::validate.permission',\n createValidateContext(permission)\n );\n\n if (afterFormatValidation === false) {\n return;\n }\n\n await state.hooks['before-evaluate.permission'].call(createBeforeEvaluateContext(permission));\n\n const {\n action: actionName,\n subject,\n properties,\n conditions = [],\n actionParameters = {},\n } = permission;\n\n let action = actionName;\n\n if (actionParameters && Object.keys(actionParameters).length > 0) {\n action = `${actionName}?${qs.stringify(actionParameters)}`;\n }\n\n if (conditions.length === 0) {\n return register({ action, subject, properties });\n }\n\n const resolveConditions = _.map(providers.condition.get);\n\n const removeInvalidConditions = _.filter((condition: Condition) =>\n _.isFunction(condition.handler)\n );\n\n const evaluateConditions = (conditions: Condition[]) => {\n return Promise.all(\n conditions.map(async (condition) => ({\n condition,\n result: await condition.handler(\n _.merge(options, { permission: _.cloneDeep(permission) })\n ),\n }))\n );\n };\n\n const removeInvalidResults = _.filter(\n ({ result }) => _.isBoolean(result) || _.isObject(result)\n );\n\n const evaluatedConditions = await Promise.resolve(conditions)\n .then(resolveConditions)\n .then(removeInvalidConditions)\n .then(evaluateConditions)\n .then(removeInvalidResults);\n\n const resultPropEq = _.propEq('result');\n const pickResults = _.map(_.prop('result'));\n\n if (evaluatedConditions.every(resultPropEq(false))) {\n return;\n }\n\n if (_.isEmpty(evaluatedConditions) || evaluatedConditions.some(resultPropEq(true))) {\n return register({ action, subject, properties });\n }\n\n const results = pickResults(evaluatedConditions).filter(_.isObject);\n\n if (_.isEmpty(results)) {\n return register({ action, subject, properties });\n }\n\n return register({\n action,\n subject,\n properties,\n condition: { $and: [{ $or: results }] },\n });\n };\n\n return {\n get hooks() {\n return state.hooks;\n },\n\n /**\n * Create a register function that wraps a `can` function\n * used to register a permission in the ability builder\n */\n createRegisterFunction(can, options: Record<string, unknown>) {\n return async (permission: PermissionRule) => {\n const hookContext = createWillRegisterContext({ options, permission });\n\n await state.hooks['before-register.permission'].call(hookContext);\n\n return can(permission);\n };\n },\n\n /**\n * Register a new handler for a given hook\n */\n on(hook, handler) {\n const validHooks = Object.keys(state.hooks);\n const isValidHook = validHooks.includes(hook);\n\n if (!isValidHook) {\n throw new Error(\n `Invalid hook supplied when trying to register an handler to the permission engine. Got \"${hook}\" but expected one of ${validHooks.join(\n ', '\n )}`\n );\n }\n\n state.hooks[hook].register(handler);\n\n return this;\n },\n\n /**\n * Generate an ability based on the instance's\n * ability builder and the given permissions\n */\n async generateAbility(permissions, options: Record<string, unknown> = {}) {\n const { can, build } = abilityBuilderFactory();\n\n for (const permission of permissions) {\n const register = this.createRegisterFunction(can, options);\n\n await evaluate({ permission, options, register });\n }\n\n return build();\n },\n };\n};\n\nexport { newEngine as new };\n"],"names":["createEngineState","hooks","createEngineHooks","newEngine","params","providers","abilityBuilderFactory","abilities","state","runValidationHook","hook","context","call","evaluate","options","register","preFormatValidation","createBeforeEvaluateContext","permission","afterFormatValidation","createValidateContext","action","actionName","subject","properties","conditions","actionParameters","Object","keys","length","qs","stringify","resolveConditions","_","map","condition","get","removeInvalidConditions","filter","isFunction","handler","evaluateConditions","Promise","all","result","merge","cloneDeep","removeInvalidResults","isBoolean","isObject","evaluatedConditions","resolve","then","resultPropEq","propEq","pickResults","prop","every","isEmpty","some","results","$and","$or","createRegisterFunction","can","hookContext","createWillRegisterContext","on","validHooks","isValidHook","includes","Error","join","generateAbility","permissions","build"],"mappings":";;;;;;;;AAoDA;;AAEC,IACD,MAAMA,iBAAoB,GAAA,IAAA;AACxB,IAAA,MAAMC,OAAQC,GAAAA,uBAAAA,EAAAA;IAEd,OAAO;AAAED,eAAAA;AAAM,KAAA;AACjB,CAAA;AAEA,MAAME,YAAY,CAACC,MAAAA,GAAAA;AACjB,IAAA,MAAM,EAAEC,SAAS,EAAEC,wBAAwBC,8BAA4B,EAAE,GAAGH,MAAAA;AAE5E,IAAA,MAAMI,KAAQR,GAAAA,iBAAAA,EAAAA;IAEd,MAAMS,iBAAAA,GAAoB,OAAOC,IAAAA,EAAgBC,OAC/CH,GAAAA,KAAAA,CAAMP,KAAK,CAACS,IAAAA,CAAK,CAACE,IAAI,CAACD,OAAAA,CAAAA;AAEzB;;;MAIA,MAAME,WAAW,OAAOT,MAAAA,GAAAA;AACtB,QAAA,MAAM,EAAEU,OAAO,EAAEC,QAAQ,EAAE,GAAGX,MAAAA;AAE9B,QAAA,MAAMY,sBAAsB,MAAMP,iBAAAA,CAChC,oCACAQ,EAAAA,iCAAAA,CAA4Bb,OAAOc,UAAU,CAAA,CAAA;AAG/C,QAAA,IAAIF,wBAAwB,KAAO,EAAA;AACjC,YAAA;AACF;QAEA,MAAME,UAAAA,GAAc,MAAMV,KAAAA,CAAMP,KAAK,CAAC,oBAAoB,CAACW,IAAI,CAC7DR,MAAAA,CAAOc,UAAU,CAAA;AAGnB,QAAA,MAAMC,qBAAwB,GAAA,MAAMV,iBAClC,CAAA,mCAAA,EACAW,2BAAsBF,CAAAA,UAAAA,CAAAA,CAAAA;AAGxB,QAAA,IAAIC,0BAA0B,KAAO,EAAA;AACnC,YAAA;AACF;AAEA,QAAA,MAAMX,MAAMP,KAAK,CAAC,6BAA6B,CAACW,IAAI,CAACK,iCAA4BC,CAAAA,UAAAA,CAAAA,CAAAA;AAEjF,QAAA,MAAM,EACJG,MAAAA,EAAQC,UAAU,EAClBC,OAAO,EACPC,UAAU,EACVC,UAAAA,GAAa,EAAE,EACfC,gBAAAA,GAAmB,EAAE,EACtB,GAAGR,UAAAA;AAEJ,QAAA,IAAIG,MAASC,GAAAA,UAAAA;AAEb,QAAA,IAAII,oBAAoBC,MAAOC,CAAAA,IAAI,CAACF,gBAAkBG,CAAAA,CAAAA,MAAM,GAAG,CAAG,EAAA;YAChER,MAAS,GAAA,CAAC,EAAEC,UAAW,CAAA,CAAC,EAAEQ,EAAGC,CAAAA,SAAS,CAACL,gBAAAA,CAAAA,CAAkB,CAAC;AAC5D;QAEA,IAAID,UAAAA,CAAWI,MAAM,KAAK,CAAG,EAAA;AAC3B,YAAA,OAAOd,QAAS,CAAA;AAAEM,gBAAAA,MAAAA;AAAQE,gBAAAA,OAAAA;AAASC,gBAAAA;AAAW,aAAA,CAAA;AAChD;AAEA,QAAA,MAAMQ,oBAAoBC,CAAEC,CAAAA,GAAG,CAAC7B,SAAU8B,CAAAA,SAAS,CAACC,GAAG,CAAA;QAEvD,MAAMC,uBAAAA,GAA0BJ,CAAEK,CAAAA,MAAM,CAAC,CAACH,YACxCF,CAAEM,CAAAA,UAAU,CAACJ,SAAAA,CAAUK,OAAO,CAAA,CAAA;AAGhC,QAAA,MAAMC,qBAAqB,CAAChB,UAAAA,GAAAA;YAC1B,OAAOiB,OAAAA,CAAQC,GAAG,CAChBlB,UAAAA,CAAWS,GAAG,CAAC,OAAOC,aAAe;AACnCA,oBAAAA,SAAAA;AACAS,oBAAAA,MAAAA,EAAQ,MAAMT,SAAUK,CAAAA,OAAO,CAC7BP,CAAEY,CAAAA,KAAK,CAAC/B,OAAS,EAAA;wBAAEI,UAAYe,EAAAA,CAAAA,CAAEa,SAAS,CAAC5B,UAAAA;AAAY,qBAAA,CAAA;iBAE3D,CAAA,CAAA,CAAA;AAEJ,SAAA;AAEA,QAAA,MAAM6B,oBAAuBd,GAAAA,CAAAA,CAAEK,MAAM,CACnC,CAAC,EAAEM,MAAM,EAAE,GAAKX,EAAEe,SAAS,CAACJ,MAAWX,CAAAA,IAAAA,CAAAA,CAAEgB,QAAQ,CAACL,MAAAA,CAAAA,CAAAA;AAGpD,QAAA,MAAMM,sBAAsB,MAAMR,OAAAA,CAAQS,OAAO,CAAC1B,YAC/C2B,IAAI,CAACpB,iBACLoB,CAAAA,CAAAA,IAAI,CAACf,uBACLe,CAAAA,CAAAA,IAAI,CAACX,kBAAAA,CAAAA,CACLW,IAAI,CAACL,oBAAAA,CAAAA;QAER,MAAMM,YAAAA,GAAepB,CAAEqB,CAAAA,MAAM,CAAC,QAAA,CAAA;AAC9B,QAAA,MAAMC,cAActB,CAAEC,CAAAA,GAAG,CAACD,CAAAA,CAAEuB,IAAI,CAAC,QAAA,CAAA,CAAA;AAEjC,QAAA,IAAIN,mBAAoBO,CAAAA,KAAK,CAACJ,YAAAA,CAAa,KAAS,CAAA,CAAA,EAAA;AAClD,YAAA;AACF;QAEA,IAAIpB,CAAAA,CAAEyB,OAAO,CAACR,mBAAAA,CAAAA,IAAwBA,oBAAoBS,IAAI,CAACN,aAAa,IAAQ,CAAA,CAAA,EAAA;AAClF,YAAA,OAAOtC,QAAS,CAAA;AAAEM,gBAAAA,MAAAA;AAAQE,gBAAAA,OAAAA;AAASC,gBAAAA;AAAW,aAAA,CAAA;AAChD;AAEA,QAAA,MAAMoC,UAAUL,WAAYL,CAAAA,mBAAAA,CAAAA,CAAqBZ,MAAM,CAACL,EAAEgB,QAAQ,CAAA;QAElE,IAAIhB,CAAAA,CAAEyB,OAAO,CAACE,OAAU,CAAA,EAAA;AACtB,YAAA,OAAO7C,QAAS,CAAA;AAAEM,gBAAAA,MAAAA;AAAQE,gBAAAA,OAAAA;AAASC,gBAAAA;AAAW,aAAA,CAAA;AAChD;AAEA,QAAA,OAAOT,QAAS,CAAA;AACdM,YAAAA,MAAAA;AACAE,YAAAA,OAAAA;AACAC,YAAAA,UAAAA;YACAW,SAAW,EAAA;gBAAE0B,IAAM,EAAA;AAAC,oBAAA;wBAAEC,GAAKF,EAAAA;AAAQ;AAAE;AAAC;AACxC,SAAA,CAAA;AACF,KAAA;IAEA,OAAO;AACL,QAAA,IAAI3D,KAAQ,CAAA,GAAA;AACV,YAAA,OAAOO,MAAMP,KAAK;AACpB,SAAA;AAEA;;;QAIA8D,sBAAAA,CAAAA,CAAuBC,GAAG,EAAElD,OAAgC,EAAA;AAC1D,YAAA,OAAO,OAAOI,UAAAA,GAAAA;AACZ,gBAAA,MAAM+C,cAAcC,+BAA0B,CAAA;AAAEpD,oBAAAA,OAAAA;AAASI,oBAAAA;AAAW,iBAAA,CAAA;AAEpE,gBAAA,MAAMV,MAAMP,KAAK,CAAC,4BAA6B,CAAA,CAACW,IAAI,CAACqD,WAAAA,CAAAA;AAErD,gBAAA,OAAOD,GAAI9C,CAAAA,UAAAA,CAAAA;AACb,aAAA;AACF,SAAA;AAEA;;QAGAiD,EAAAA,CAAAA,CAAGzD,IAAI,EAAE8B,OAAO,EAAA;AACd,YAAA,MAAM4B,UAAazC,GAAAA,MAAAA,CAAOC,IAAI,CAACpB,MAAMP,KAAK,CAAA;YAC1C,MAAMoE,WAAAA,GAAcD,UAAWE,CAAAA,QAAQ,CAAC5D,IAAAA,CAAAA;AAExC,YAAA,IAAI,CAAC2D,WAAa,EAAA;AAChB,gBAAA,MAAM,IAAIE,KAAAA,CACR,CAAC,wFAAwF,EAAE7D,IAAAA,CAAK,sBAAsB,EAAE0D,UAAWI,CAAAA,IAAI,CACrI,IAAA,CAAA,CACA,CAAC,CAAA;AAEP;AAEAhE,YAAAA,KAAAA,CAAMP,KAAK,CAACS,IAAK,CAAA,CAACK,QAAQ,CAACyB,OAAAA,CAAAA;AAE3B,YAAA,OAAO,IAAI;AACb,SAAA;AAEA;;;AAGC,QACD,MAAMiC,eAAgBC,CAAAA,CAAAA,WAAW,EAAE5D,OAAAA,GAAmC,EAAE,EAAA;AACtE,YAAA,MAAM,EAAEkD,GAAG,EAAEW,KAAK,EAAE,GAAGrE,qBAAAA,EAAAA;YAEvB,KAAK,MAAMY,cAAcwD,WAAa,CAAA;AACpC,gBAAA,MAAM3D,QAAW,GAAA,IAAI,CAACgD,sBAAsB,CAACC,GAAKlD,EAAAA,OAAAA,CAAAA;AAElD,gBAAA,MAAMD,QAAS,CAAA;AAAEK,oBAAAA,UAAAA;AAAYJ,oBAAAA,OAAAA;AAASC,oBAAAA;AAAS,iBAAA,CAAA;AACjD;YAEA,OAAO4D,KAAAA,EAAAA;AACT;AACF,KAAA;AACF;;;;;"}
|
|
@@ -0,0 +1,139 @@
|
|
|
1
|
+
import _ from 'lodash/fp';
|
|
2
|
+
import qs from 'qs';
|
|
3
|
+
import { createWillRegisterContext, createEngineHooks, createBeforeEvaluateContext, createValidateContext } from './hooks.mjs';
|
|
4
|
+
import * as index from './abilities/index.mjs';
|
|
5
|
+
export { index as abilities };
|
|
6
|
+
import { caslAbilityBuilder } from './abilities/casl-ability.mjs';
|
|
7
|
+
|
|
8
|
+
/**
|
|
9
|
+
* Create a default state object for the engine
|
|
10
|
+
*/ const createEngineState = ()=>{
|
|
11
|
+
const hooks = createEngineHooks();
|
|
12
|
+
return {
|
|
13
|
+
hooks
|
|
14
|
+
};
|
|
15
|
+
};
|
|
16
|
+
const newEngine = (params)=>{
|
|
17
|
+
const { providers, abilityBuilderFactory = caslAbilityBuilder } = params;
|
|
18
|
+
const state = createEngineState();
|
|
19
|
+
const runValidationHook = async (hook, context)=>state.hooks[hook].call(context);
|
|
20
|
+
/**
|
|
21
|
+
* Evaluate a permission using local and registered behaviors (using hooks).
|
|
22
|
+
* Validate, format (add condition, etc...), evaluate (evaluate conditions) and register a permission
|
|
23
|
+
*/ const evaluate = async (params)=>{
|
|
24
|
+
const { options, register } = params;
|
|
25
|
+
const preFormatValidation = await runValidationHook('before-format::validate.permission', createBeforeEvaluateContext(params.permission));
|
|
26
|
+
if (preFormatValidation === false) {
|
|
27
|
+
return;
|
|
28
|
+
}
|
|
29
|
+
const permission = await state.hooks['format.permission'].call(params.permission);
|
|
30
|
+
const afterFormatValidation = await runValidationHook('after-format::validate.permission', createValidateContext(permission));
|
|
31
|
+
if (afterFormatValidation === false) {
|
|
32
|
+
return;
|
|
33
|
+
}
|
|
34
|
+
await state.hooks['before-evaluate.permission'].call(createBeforeEvaluateContext(permission));
|
|
35
|
+
const { action: actionName, subject, properties, conditions = [], actionParameters = {} } = permission;
|
|
36
|
+
let action = actionName;
|
|
37
|
+
if (actionParameters && Object.keys(actionParameters).length > 0) {
|
|
38
|
+
action = `${actionName}?${qs.stringify(actionParameters)}`;
|
|
39
|
+
}
|
|
40
|
+
if (conditions.length === 0) {
|
|
41
|
+
return register({
|
|
42
|
+
action,
|
|
43
|
+
subject,
|
|
44
|
+
properties
|
|
45
|
+
});
|
|
46
|
+
}
|
|
47
|
+
const resolveConditions = _.map(providers.condition.get);
|
|
48
|
+
const removeInvalidConditions = _.filter((condition)=>_.isFunction(condition.handler));
|
|
49
|
+
const evaluateConditions = (conditions)=>{
|
|
50
|
+
return Promise.all(conditions.map(async (condition)=>({
|
|
51
|
+
condition,
|
|
52
|
+
result: await condition.handler(_.merge(options, {
|
|
53
|
+
permission: _.cloneDeep(permission)
|
|
54
|
+
}))
|
|
55
|
+
})));
|
|
56
|
+
};
|
|
57
|
+
const removeInvalidResults = _.filter(({ result })=>_.isBoolean(result) || _.isObject(result));
|
|
58
|
+
const evaluatedConditions = await Promise.resolve(conditions).then(resolveConditions).then(removeInvalidConditions).then(evaluateConditions).then(removeInvalidResults);
|
|
59
|
+
const resultPropEq = _.propEq('result');
|
|
60
|
+
const pickResults = _.map(_.prop('result'));
|
|
61
|
+
if (evaluatedConditions.every(resultPropEq(false))) {
|
|
62
|
+
return;
|
|
63
|
+
}
|
|
64
|
+
if (_.isEmpty(evaluatedConditions) || evaluatedConditions.some(resultPropEq(true))) {
|
|
65
|
+
return register({
|
|
66
|
+
action,
|
|
67
|
+
subject,
|
|
68
|
+
properties
|
|
69
|
+
});
|
|
70
|
+
}
|
|
71
|
+
const results = pickResults(evaluatedConditions).filter(_.isObject);
|
|
72
|
+
if (_.isEmpty(results)) {
|
|
73
|
+
return register({
|
|
74
|
+
action,
|
|
75
|
+
subject,
|
|
76
|
+
properties
|
|
77
|
+
});
|
|
78
|
+
}
|
|
79
|
+
return register({
|
|
80
|
+
action,
|
|
81
|
+
subject,
|
|
82
|
+
properties,
|
|
83
|
+
condition: {
|
|
84
|
+
$and: [
|
|
85
|
+
{
|
|
86
|
+
$or: results
|
|
87
|
+
}
|
|
88
|
+
]
|
|
89
|
+
}
|
|
90
|
+
});
|
|
91
|
+
};
|
|
92
|
+
return {
|
|
93
|
+
get hooks () {
|
|
94
|
+
return state.hooks;
|
|
95
|
+
},
|
|
96
|
+
/**
|
|
97
|
+
* Create a register function that wraps a `can` function
|
|
98
|
+
* used to register a permission in the ability builder
|
|
99
|
+
*/ createRegisterFunction (can, options) {
|
|
100
|
+
return async (permission)=>{
|
|
101
|
+
const hookContext = createWillRegisterContext({
|
|
102
|
+
options,
|
|
103
|
+
permission
|
|
104
|
+
});
|
|
105
|
+
await state.hooks['before-register.permission'].call(hookContext);
|
|
106
|
+
return can(permission);
|
|
107
|
+
};
|
|
108
|
+
},
|
|
109
|
+
/**
|
|
110
|
+
* Register a new handler for a given hook
|
|
111
|
+
*/ on (hook, handler) {
|
|
112
|
+
const validHooks = Object.keys(state.hooks);
|
|
113
|
+
const isValidHook = validHooks.includes(hook);
|
|
114
|
+
if (!isValidHook) {
|
|
115
|
+
throw new Error(`Invalid hook supplied when trying to register an handler to the permission engine. Got "${hook}" but expected one of ${validHooks.join(', ')}`);
|
|
116
|
+
}
|
|
117
|
+
state.hooks[hook].register(handler);
|
|
118
|
+
return this;
|
|
119
|
+
},
|
|
120
|
+
/**
|
|
121
|
+
* Generate an ability based on the instance's
|
|
122
|
+
* ability builder and the given permissions
|
|
123
|
+
*/ async generateAbility (permissions, options = {}) {
|
|
124
|
+
const { can, build } = abilityBuilderFactory();
|
|
125
|
+
for (const permission of permissions){
|
|
126
|
+
const register = this.createRegisterFunction(can, options);
|
|
127
|
+
await evaluate({
|
|
128
|
+
permission,
|
|
129
|
+
options,
|
|
130
|
+
register
|
|
131
|
+
});
|
|
132
|
+
}
|
|
133
|
+
return build();
|
|
134
|
+
}
|
|
135
|
+
};
|
|
136
|
+
};
|
|
137
|
+
|
|
138
|
+
export { newEngine as new };
|
|
139
|
+
//# sourceMappingURL=index.mjs.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.mjs","sources":["../../src/engine/index.ts"],"sourcesContent":["import _ from 'lodash/fp';\nimport qs from 'qs';\nimport { Ability } from '@casl/ability';\nimport { providerFactory } from '@strapi/utils';\n\nimport {\n createEngineHooks,\n createWillRegisterContext,\n createBeforeEvaluateContext,\n createValidateContext,\n} from './hooks';\nimport type { PermissionEngineHooks, HookName } from './hooks';\n\nimport * as abilities from './abilities';\nimport { Permission } from '../domain/permission';\nimport type { PermissionRule } from '../types';\n\nexport { abilities };\n\ntype Provider = Omit<ReturnType<typeof providerFactory>, 'register'> & {\n register(...args: unknown[]): Promise<Provider> | Provider;\n};\n\ntype ActionProvider = Provider;\ntype ConditionProvider = Provider;\n\nexport interface Engine {\n hooks: PermissionEngineHooks;\n on(hook: HookName, handler: (...args: any[]) => any): Engine;\n generateAbility(permissions: Permission[], options?: object): Promise<Ability>;\n createRegisterFunction(\n can: (permission: PermissionRule) => unknown,\n options: Record<string, unknown>\n ): (permission: PermissionRule) => Promise<unknown>;\n}\n\nexport interface EngineParams {\n providers: { action: ActionProvider; condition: ConditionProvider };\n abilityBuilderFactory?(): abilities.CustomAbilityBuilder;\n}\n\ninterface EvaluateParams {\n options: Record<string, unknown>;\n register: (permission: PermissionRule) => Promise<unknown>;\n permission: Permission;\n}\n\ninterface Condition {\n name: string;\n handler(...params: unknown[]): boolean | object;\n}\n\n/**\n * Create a default state object for the engine\n */\nconst createEngineState = () => {\n const hooks = createEngineHooks();\n\n return { hooks };\n};\n\nconst newEngine = (params: EngineParams): Engine => {\n const { providers, abilityBuilderFactory = abilities.caslAbilityBuilder } = params;\n\n const state = createEngineState();\n\n const runValidationHook = async (hook: HookName, context: unknown) =>\n state.hooks[hook].call(context);\n\n /**\n * Evaluate a permission using local and registered behaviors (using hooks).\n * Validate, format (add condition, etc...), evaluate (evaluate conditions) and register a permission\n */\n const evaluate = async (params: EvaluateParams) => {\n const { options, register } = params;\n\n const preFormatValidation = await runValidationHook(\n 'before-format::validate.permission',\n createBeforeEvaluateContext(params.permission)\n );\n\n if (preFormatValidation === false) {\n return;\n }\n\n const permission = (await state.hooks['format.permission'].call(\n params.permission\n )) as Permission;\n\n const afterFormatValidation = await runValidationHook(\n 'after-format::validate.permission',\n createValidateContext(permission)\n );\n\n if (afterFormatValidation === false) {\n return;\n }\n\n await state.hooks['before-evaluate.permission'].call(createBeforeEvaluateContext(permission));\n\n const {\n action: actionName,\n subject,\n properties,\n conditions = [],\n actionParameters = {},\n } = permission;\n\n let action = actionName;\n\n if (actionParameters && Object.keys(actionParameters).length > 0) {\n action = `${actionName}?${qs.stringify(actionParameters)}`;\n }\n\n if (conditions.length === 0) {\n return register({ action, subject, properties });\n }\n\n const resolveConditions = _.map(providers.condition.get);\n\n const removeInvalidConditions = _.filter((condition: Condition) =>\n _.isFunction(condition.handler)\n );\n\n const evaluateConditions = (conditions: Condition[]) => {\n return Promise.all(\n conditions.map(async (condition) => ({\n condition,\n result: await condition.handler(\n _.merge(options, { permission: _.cloneDeep(permission) })\n ),\n }))\n );\n };\n\n const removeInvalidResults = _.filter(\n ({ result }) => _.isBoolean(result) || _.isObject(result)\n );\n\n const evaluatedConditions = await Promise.resolve(conditions)\n .then(resolveConditions)\n .then(removeInvalidConditions)\n .then(evaluateConditions)\n .then(removeInvalidResults);\n\n const resultPropEq = _.propEq('result');\n const pickResults = _.map(_.prop('result'));\n\n if (evaluatedConditions.every(resultPropEq(false))) {\n return;\n }\n\n if (_.isEmpty(evaluatedConditions) || evaluatedConditions.some(resultPropEq(true))) {\n return register({ action, subject, properties });\n }\n\n const results = pickResults(evaluatedConditions).filter(_.isObject);\n\n if (_.isEmpty(results)) {\n return register({ action, subject, properties });\n }\n\n return register({\n action,\n subject,\n properties,\n condition: { $and: [{ $or: results }] },\n });\n };\n\n return {\n get hooks() {\n return state.hooks;\n },\n\n /**\n * Create a register function that wraps a `can` function\n * used to register a permission in the ability builder\n */\n createRegisterFunction(can, options: Record<string, unknown>) {\n return async (permission: PermissionRule) => {\n const hookContext = createWillRegisterContext({ options, permission });\n\n await state.hooks['before-register.permission'].call(hookContext);\n\n return can(permission);\n };\n },\n\n /**\n * Register a new handler for a given hook\n */\n on(hook, handler) {\n const validHooks = Object.keys(state.hooks);\n const isValidHook = validHooks.includes(hook);\n\n if (!isValidHook) {\n throw new Error(\n `Invalid hook supplied when trying to register an handler to the permission engine. Got \"${hook}\" but expected one of ${validHooks.join(\n ', '\n )}`\n );\n }\n\n state.hooks[hook].register(handler);\n\n return this;\n },\n\n /**\n * Generate an ability based on the instance's\n * ability builder and the given permissions\n */\n async generateAbility(permissions, options: Record<string, unknown> = {}) {\n const { can, build } = abilityBuilderFactory();\n\n for (const permission of permissions) {\n const register = this.createRegisterFunction(can, options);\n\n await evaluate({ permission, options, register });\n }\n\n return build();\n },\n };\n};\n\nexport { newEngine as new };\n"],"names":["createEngineState","hooks","createEngineHooks","newEngine","params","providers","abilityBuilderFactory","abilities","state","runValidationHook","hook","context","call","evaluate","options","register","preFormatValidation","createBeforeEvaluateContext","permission","afterFormatValidation","createValidateContext","action","actionName","subject","properties","conditions","actionParameters","Object","keys","length","qs","stringify","resolveConditions","_","map","condition","get","removeInvalidConditions","filter","isFunction","handler","evaluateConditions","Promise","all","result","merge","cloneDeep","removeInvalidResults","isBoolean","isObject","evaluatedConditions","resolve","then","resultPropEq","propEq","pickResults","prop","every","isEmpty","some","results","$and","$or","createRegisterFunction","can","hookContext","createWillRegisterContext","on","validHooks","isValidHook","includes","Error","join","generateAbility","permissions","build"],"mappings":";;;;;;;AAoDA;;AAEC,IACD,MAAMA,iBAAoB,GAAA,IAAA;AACxB,IAAA,MAAMC,KAAQC,GAAAA,iBAAAA,EAAAA;IAEd,OAAO;AAAED,QAAAA;AAAM,KAAA;AACjB,CAAA;AAEA,MAAME,YAAY,CAACC,MAAAA,GAAAA;AACjB,IAAA,MAAM,EAAEC,SAAS,EAAEC,wBAAwBC,kBAA4B,EAAE,GAAGH,MAAAA;AAE5E,IAAA,MAAMI,KAAQR,GAAAA,iBAAAA,EAAAA;IAEd,MAAMS,iBAAAA,GAAoB,OAAOC,IAAAA,EAAgBC,OAC/CH,GAAAA,KAAAA,CAAMP,KAAK,CAACS,IAAAA,CAAK,CAACE,IAAI,CAACD,OAAAA,CAAAA;AAEzB;;;MAIA,MAAME,WAAW,OAAOT,MAAAA,GAAAA;AACtB,QAAA,MAAM,EAAEU,OAAO,EAAEC,QAAQ,EAAE,GAAGX,MAAAA;AAE9B,QAAA,MAAMY,sBAAsB,MAAMP,iBAAAA,CAChC,oCACAQ,EAAAA,2BAAAA,CAA4Bb,OAAOc,UAAU,CAAA,CAAA;AAG/C,QAAA,IAAIF,wBAAwB,KAAO,EAAA;AACjC,YAAA;AACF;QAEA,MAAME,UAAAA,GAAc,MAAMV,KAAAA,CAAMP,KAAK,CAAC,oBAAoB,CAACW,IAAI,CAC7DR,MAAAA,CAAOc,UAAU,CAAA;AAGnB,QAAA,MAAMC,qBAAwB,GAAA,MAAMV,iBAClC,CAAA,mCAAA,EACAW,qBAAsBF,CAAAA,UAAAA,CAAAA,CAAAA;AAGxB,QAAA,IAAIC,0BAA0B,KAAO,EAAA;AACnC,YAAA;AACF;AAEA,QAAA,MAAMX,MAAMP,KAAK,CAAC,6BAA6B,CAACW,IAAI,CAACK,2BAA4BC,CAAAA,UAAAA,CAAAA,CAAAA;AAEjF,QAAA,MAAM,EACJG,MAAAA,EAAQC,UAAU,EAClBC,OAAO,EACPC,UAAU,EACVC,UAAAA,GAAa,EAAE,EACfC,gBAAAA,GAAmB,EAAE,EACtB,GAAGR,UAAAA;AAEJ,QAAA,IAAIG,MAASC,GAAAA,UAAAA;AAEb,QAAA,IAAII,oBAAoBC,MAAOC,CAAAA,IAAI,CAACF,gBAAkBG,CAAAA,CAAAA,MAAM,GAAG,CAAG,EAAA;YAChER,MAAS,GAAA,CAAC,EAAEC,UAAW,CAAA,CAAC,EAAEQ,EAAGC,CAAAA,SAAS,CAACL,gBAAAA,CAAAA,CAAkB,CAAC;AAC5D;QAEA,IAAID,UAAAA,CAAWI,MAAM,KAAK,CAAG,EAAA;AAC3B,YAAA,OAAOd,QAAS,CAAA;AAAEM,gBAAAA,MAAAA;AAAQE,gBAAAA,OAAAA;AAASC,gBAAAA;AAAW,aAAA,CAAA;AAChD;AAEA,QAAA,MAAMQ,oBAAoBC,CAAEC,CAAAA,GAAG,CAAC7B,SAAU8B,CAAAA,SAAS,CAACC,GAAG,CAAA;QAEvD,MAAMC,uBAAAA,GAA0BJ,CAAEK,CAAAA,MAAM,CAAC,CAACH,YACxCF,CAAEM,CAAAA,UAAU,CAACJ,SAAAA,CAAUK,OAAO,CAAA,CAAA;AAGhC,QAAA,MAAMC,qBAAqB,CAAChB,UAAAA,GAAAA;YAC1B,OAAOiB,OAAAA,CAAQC,GAAG,CAChBlB,UAAAA,CAAWS,GAAG,CAAC,OAAOC,aAAe;AACnCA,oBAAAA,SAAAA;AACAS,oBAAAA,MAAAA,EAAQ,MAAMT,SAAUK,CAAAA,OAAO,CAC7BP,CAAEY,CAAAA,KAAK,CAAC/B,OAAS,EAAA;wBAAEI,UAAYe,EAAAA,CAAAA,CAAEa,SAAS,CAAC5B,UAAAA;AAAY,qBAAA,CAAA;iBAE3D,CAAA,CAAA,CAAA;AAEJ,SAAA;AAEA,QAAA,MAAM6B,oBAAuBd,GAAAA,CAAAA,CAAEK,MAAM,CACnC,CAAC,EAAEM,MAAM,EAAE,GAAKX,EAAEe,SAAS,CAACJ,MAAWX,CAAAA,IAAAA,CAAAA,CAAEgB,QAAQ,CAACL,MAAAA,CAAAA,CAAAA;AAGpD,QAAA,MAAMM,sBAAsB,MAAMR,OAAAA,CAAQS,OAAO,CAAC1B,YAC/C2B,IAAI,CAACpB,iBACLoB,CAAAA,CAAAA,IAAI,CAACf,uBACLe,CAAAA,CAAAA,IAAI,CAACX,kBAAAA,CAAAA,CACLW,IAAI,CAACL,oBAAAA,CAAAA;QAER,MAAMM,YAAAA,GAAepB,CAAEqB,CAAAA,MAAM,CAAC,QAAA,CAAA;AAC9B,QAAA,MAAMC,cAActB,CAAEC,CAAAA,GAAG,CAACD,CAAAA,CAAEuB,IAAI,CAAC,QAAA,CAAA,CAAA;AAEjC,QAAA,IAAIN,mBAAoBO,CAAAA,KAAK,CAACJ,YAAAA,CAAa,KAAS,CAAA,CAAA,EAAA;AAClD,YAAA;AACF;QAEA,IAAIpB,CAAAA,CAAEyB,OAAO,CAACR,mBAAAA,CAAAA,IAAwBA,oBAAoBS,IAAI,CAACN,aAAa,IAAQ,CAAA,CAAA,EAAA;AAClF,YAAA,OAAOtC,QAAS,CAAA;AAAEM,gBAAAA,MAAAA;AAAQE,gBAAAA,OAAAA;AAASC,gBAAAA;AAAW,aAAA,CAAA;AAChD;AAEA,QAAA,MAAMoC,UAAUL,WAAYL,CAAAA,mBAAAA,CAAAA,CAAqBZ,MAAM,CAACL,EAAEgB,QAAQ,CAAA;QAElE,IAAIhB,CAAAA,CAAEyB,OAAO,CAACE,OAAU,CAAA,EAAA;AACtB,YAAA,OAAO7C,QAAS,CAAA;AAAEM,gBAAAA,MAAAA;AAAQE,gBAAAA,OAAAA;AAASC,gBAAAA;AAAW,aAAA,CAAA;AAChD;AAEA,QAAA,OAAOT,QAAS,CAAA;AACdM,YAAAA,MAAAA;AACAE,YAAAA,OAAAA;AACAC,YAAAA,UAAAA;YACAW,SAAW,EAAA;gBAAE0B,IAAM,EAAA;AAAC,oBAAA;wBAAEC,GAAKF,EAAAA;AAAQ;AAAE;AAAC;AACxC,SAAA,CAAA;AACF,KAAA;IAEA,OAAO;AACL,QAAA,IAAI3D,KAAQ,CAAA,GAAA;AACV,YAAA,OAAOO,MAAMP,KAAK;AACpB,SAAA;AAEA;;;QAIA8D,sBAAAA,CAAAA,CAAuBC,GAAG,EAAElD,OAAgC,EAAA;AAC1D,YAAA,OAAO,OAAOI,UAAAA,GAAAA;AACZ,gBAAA,MAAM+C,cAAcC,yBAA0B,CAAA;AAAEpD,oBAAAA,OAAAA;AAASI,oBAAAA;AAAW,iBAAA,CAAA;AAEpE,gBAAA,MAAMV,MAAMP,KAAK,CAAC,4BAA6B,CAAA,CAACW,IAAI,CAACqD,WAAAA,CAAAA;AAErD,gBAAA,OAAOD,GAAI9C,CAAAA,UAAAA,CAAAA;AACb,aAAA;AACF,SAAA;AAEA;;QAGAiD,EAAAA,CAAAA,CAAGzD,IAAI,EAAE8B,OAAO,EAAA;AACd,YAAA,MAAM4B,UAAazC,GAAAA,MAAAA,CAAOC,IAAI,CAACpB,MAAMP,KAAK,CAAA;YAC1C,MAAMoE,WAAAA,GAAcD,UAAWE,CAAAA,QAAQ,CAAC5D,IAAAA,CAAAA;AAExC,YAAA,IAAI,CAAC2D,WAAa,EAAA;AAChB,gBAAA,MAAM,IAAIE,KAAAA,CACR,CAAC,wFAAwF,EAAE7D,IAAAA,CAAK,sBAAsB,EAAE0D,UAAWI,CAAAA,IAAI,CACrI,IAAA,CAAA,CACA,CAAC,CAAA;AAEP;AAEAhE,YAAAA,KAAAA,CAAMP,KAAK,CAACS,IAAK,CAAA,CAACK,QAAQ,CAACyB,OAAAA,CAAAA;AAE3B,YAAA,OAAO,IAAI;AACb,SAAA;AAEA;;;AAGC,QACD,MAAMiC,eAAgBC,CAAAA,CAAAA,WAAW,EAAE5D,OAAAA,GAAmC,EAAE,EAAA;AACtE,YAAA,MAAM,EAAEkD,GAAG,EAAEW,KAAK,EAAE,GAAGrE,qBAAAA,EAAAA;YAEvB,KAAK,MAAMY,cAAcwD,WAAa,CAAA;AACpC,gBAAA,MAAM3D,QAAW,GAAA,IAAI,CAACgD,sBAAsB,CAACC,GAAKlD,EAAAA,OAAAA,CAAAA;AAElD,gBAAA,MAAMD,QAAS,CAAA;AAAEK,oBAAAA,UAAAA;AAAYJ,oBAAAA,OAAAA;AAASC,oBAAAA;AAAS,iBAAA,CAAA;AACjD;YAEA,OAAO4D,KAAAA,EAAAA;AACT;AACF,KAAA;AACF;;;;"}
|
package/dist/index.d.ts
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,MAAM,MAAM,UAAU,CAAC;AACnC,OAAO,KAAK,MAAM,MAAM,UAAU,CAAC;AAEnC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC"}
|
package/dist/index.js
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sources":[],"sourcesContent":[],"names":[],"mappings":";;;;;;;;"}
|
package/dist/index.mjs
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.mjs","sources":[],"sourcesContent":[],"names":[],"mappings":";;;"}
|
package/dist/types.d.ts
ADDED
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* These were imported from `@strapi/types` but if we do that
|
|
3
|
+
* it becomes a circular dependency. This is the source of truth,
|
|
4
|
+
* they're re-exported from `@strapi/types` for convenience.
|
|
5
|
+
*/
|
|
6
|
+
import type { Subject } from '@casl/ability';
|
|
7
|
+
export interface ParametrizedAction {
|
|
8
|
+
name: string;
|
|
9
|
+
params: Record<string, unknown>;
|
|
10
|
+
}
|
|
11
|
+
export interface PermissionRule {
|
|
12
|
+
action: string | ParametrizedAction;
|
|
13
|
+
subject?: Subject | null;
|
|
14
|
+
properties?: {
|
|
15
|
+
fields?: string[];
|
|
16
|
+
};
|
|
17
|
+
condition?: Record<string, unknown>;
|
|
18
|
+
}
|
|
19
|
+
//# sourceMappingURL=types.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AAE7C,MAAM,WAAW,kBAAkB;IACjC,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACjC;AACD,MAAM,WAAW,cAAc;IAC7B,MAAM,EAAE,MAAM,GAAG,kBAAkB,CAAC;IACpC,OAAO,CAAC,EAAE,OAAO,GAAG,IAAI,CAAC;IACzB,UAAU,CAAC,EAAE;QACX,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;KACnB,CAAC;IACF,SAAS,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACrC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@strapi/permissions",
|
|
3
|
-
"version": "0.0.0-next.
|
|
3
|
+
"version": "0.0.0-next.e3eb76a86aff89979cc9098aec129d2ffa600c56",
|
|
4
4
|
"description": "Strapi's permission layer.",
|
|
5
5
|
"repository": {
|
|
6
6
|
"type": "git",
|
|
@@ -19,21 +19,37 @@
|
|
|
19
19
|
"url": "https://strapi.io"
|
|
20
20
|
}
|
|
21
21
|
],
|
|
22
|
-
"main": "./
|
|
22
|
+
"main": "./dist/index.js",
|
|
23
|
+
"module": "./dist/index.mjs",
|
|
24
|
+
"source": "./src/index.ts",
|
|
25
|
+
"types": "./dist/index.d.ts",
|
|
26
|
+
"files": [
|
|
27
|
+
"dist/"
|
|
28
|
+
],
|
|
23
29
|
"scripts": {
|
|
30
|
+
"build": "run -T npm-run-all clean --parallel build:code build:types",
|
|
31
|
+
"build:code": "run -T rollup -c",
|
|
32
|
+
"build:types": "run -T tsc -p tsconfig.build.json --emitDeclarationOnly",
|
|
33
|
+
"clean": "run -T rimraf ./dist",
|
|
34
|
+
"lint": "run -T eslint .",
|
|
35
|
+
"test:ts": "run -T tsc --noEmit",
|
|
24
36
|
"test:unit": "run -T jest",
|
|
25
37
|
"test:unit:watch": "run -T jest --watch",
|
|
26
|
-
"
|
|
38
|
+
"watch": "run -T rollup -c -w"
|
|
27
39
|
},
|
|
28
40
|
"dependencies": {
|
|
29
|
-
"@casl/ability": "5.
|
|
30
|
-
"@strapi/utils": "0.0.0-next.
|
|
41
|
+
"@casl/ability": "6.5.0",
|
|
42
|
+
"@strapi/utils": "0.0.0-next.e3eb76a86aff89979cc9098aec129d2ffa600c56",
|
|
31
43
|
"lodash": "4.17.21",
|
|
44
|
+
"qs": "6.11.1",
|
|
32
45
|
"sift": "16.0.1"
|
|
33
46
|
},
|
|
47
|
+
"devDependencies": {
|
|
48
|
+
"eslint-config-custom": "0.0.0-next.e3eb76a86aff89979cc9098aec129d2ffa600c56",
|
|
49
|
+
"tsconfig": "0.0.0-next.e3eb76a86aff89979cc9098aec129d2ffa600c56"
|
|
50
|
+
},
|
|
34
51
|
"engines": {
|
|
35
|
-
"node": ">=
|
|
52
|
+
"node": ">=18.0.0 <=22.x.x",
|
|
36
53
|
"npm": ">=6.0.0"
|
|
37
|
-
}
|
|
38
|
-
"gitHead": "e3b4cdeebf6e9b0cd5575ff80b8a86715d44ce98"
|
|
54
|
+
}
|
|
39
55
|
}
|
package/.eslintignore
DELETED
package/.eslintrc.js
DELETED
package/index.d.ts
DELETED
|
@@ -1,54 +0,0 @@
|
|
|
1
|
-
import { hooks, providerFactory } from '@strapi/utils';
|
|
2
|
-
|
|
3
|
-
interface Permission {
|
|
4
|
-
action: string;
|
|
5
|
-
subject?: string | object | null;
|
|
6
|
-
properties?: object;
|
|
7
|
-
conditions?: string[];
|
|
8
|
-
}
|
|
9
|
-
|
|
10
|
-
type Provider = ReturnType<typeof providerFactory>;
|
|
11
|
-
|
|
12
|
-
interface BaseAction {
|
|
13
|
-
actionId: string;
|
|
14
|
-
}
|
|
15
|
-
|
|
16
|
-
interface BaseCondition {
|
|
17
|
-
name: string;
|
|
18
|
-
handler(...params: unknown[]): boolean | object;
|
|
19
|
-
}
|
|
20
|
-
|
|
21
|
-
interface ActionProvider<T extends Action = Action> extends Provider {}
|
|
22
|
-
interface ConditionProvider<T extends Condition = Condition> extends Provider {}
|
|
23
|
-
|
|
24
|
-
interface PermissionEngineHooks {
|
|
25
|
-
'before-format::validate.permission': ReturnType<typeof hooks.createAsyncBailHook>;
|
|
26
|
-
'format.permission': ReturnType<typeof hooks.createAsyncSeriesWaterfallHook>;
|
|
27
|
-
'after-format::validate.permission': ReturnType<typeof hooks.createAsyncBailHook>;
|
|
28
|
-
'before-evaluate.permission': ReturnType<typeof hooks.createAsyncSeriesHook>;
|
|
29
|
-
'before-register.permission': ReturnType<typeof hooks.createAsyncSeriesHook>;
|
|
30
|
-
}
|
|
31
|
-
|
|
32
|
-
type PermissionEngineHookName = keyof PermissionEngineHooks;
|
|
33
|
-
|
|
34
|
-
interface PermissionEngine {
|
|
35
|
-
hooks: object;
|
|
36
|
-
|
|
37
|
-
on(hook: PermissionEngineHookName, handler: Function): PermissionEngine;
|
|
38
|
-
generateAbility(permissions: Permission[], options?: object): Ability;
|
|
39
|
-
createRegisterFunction(can: Function, options: object): Function;
|
|
40
|
-
}
|
|
41
|
-
|
|
42
|
-
interface BaseAbility {
|
|
43
|
-
can: Function;
|
|
44
|
-
}
|
|
45
|
-
|
|
46
|
-
interface AbilityBuilder {
|
|
47
|
-
can(permission: Permission): void | Promise<void>;
|
|
48
|
-
build(): BaseAbility | Promise<BaseAbility>;
|
|
49
|
-
}
|
|
50
|
-
|
|
51
|
-
interface PermissionEngineParams {
|
|
52
|
-
providers: { action: ActionProvider; condition: ConditionProvider };
|
|
53
|
-
abilityBuilderFactory(): AbilityBuilder;
|
|
54
|
-
}
|