@strapi/permissions 0.0.0-next.e3b4cdeebf6e9b0cd5575ff80b8a86715d44ce98 → 0.0.0-next.e3eb76a86aff89979cc9098aec129d2ffa600c56

package/lib/domain/permission/index.js

@@ -1,68 +0,0 @@
-'use strict';
-
-const _ = require('lodash/fp');
-
-const PERMISSION_FIELDS = ['action', 'subject', 'properties', 'conditions'];
-
-const sanitizePermissionFields = _.pick(PERMISSION_FIELDS);
-
-/**
- * @typedef {import("../../..").Permission} Permission
- */
-
-/**
- * Creates a permission with default values for optional properties
- *
- * @return {Pick<Permission, 'conditions' | 'properties' | 'subject'>}
- */
-const getDefaultPermission = () => ({
-  conditions: [],
-  properties: {},
-  subject: null,
-});
-
-/**
- * Create a new permission based on given attributes
- *
- * @param {object} attributes
- *
- * @return {Permission}
- */
-const create = _.pipe(_.pick(PERMISSION_FIELDS), _.merge(getDefaultPermission()));
-
-/**
- * Add a condition to a permission
- *
- * @param {string} condition The condition to add
- * @param {Permission} permission The permission on which we want to add the condition
- *
- * @return {Permission}
- */
-const addCondition = _.curry((condition, permission) => {
-  const { conditions } = permission;
-
-  const newConditions = Array.isArray(conditions)
-    ? _.uniq(conditions.concat(condition))
-    : [condition];
-
-  return _.set('conditions', newConditions, permission);
-});
-
-/**
- * Gets a property or a part of a property from a permission.
- *
- * @function
- *
- * @param {string} property - The property to get
- * @param {Permission} permission - The permission on which we want to access the property
- *
- * @return {Permission}
- */
-const getProperty = _.curry((property, permission) => _.get(`properties.${property}`, permission));
-
-module.exports = {
-  create,
-  sanitizePermissionFields,
-  addCondition,
-  getProperty,
-};

package/lib/engine/abilities/casl-ability.js

@@ -1,57 +0,0 @@
-'use strict';
-
-const sift = require('sift');
-const { AbilityBuilder, Ability } = require('@casl/ability');
-const { pick, isNil, isObject } = require('lodash/fp');
-
-const allowedOperations = [
-  '$or',
-  '$and',
-  '$eq',
-  '$ne',
-  '$in',
-  '$nin',
-  '$lt',
-  '$lte',
-  '$gt',
-  '$gte',
-  '$exists',
-  '$elemMatch',
-];
-
-const operations = pick(allowedOperations, sift);
-
-const conditionsMatcher = (conditions) => {
-  return sift.createQueryTester(conditions, { operations });
-};
-
-/**
- * Casl Ability Builder.
- */
-const caslAbilityBuilder = () => {
-  const { can, build, ...rest } = new AbilityBuilder(Ability);
-
-  return {
-    can(permission) {
-      const { action, subject, properties = {}, condition } = permission;
-      const { fields } = properties;
-
-      return can(
-        action,
-        isNil(subject) ? 'all' : subject,
-        fields,
-        isObject(condition) ? condition : undefined
-      );
-    },
-
-    build() {
-      return build({ conditionsMatcher });
-    },
-
-    ...rest,
-  };
-};
-
-module.exports = {
-  caslAbilityBuilder,
-};

package/lib/engine/abilities/index.js

@@ -1,7 +0,0 @@
-'use strict';
-
-const { caslAbilityBuilder } = require('./casl-ability');
-
-module.exports = {
-  caslAbilityBuilder,
-};

package/lib/engine/hooks.js

@@ -1,97 +0,0 @@
-'use strict';
-
-const { cloneDeep, has } = require('lodash/fp');
-const { hooks } = require('@strapi/utils');
-
-const domain = require('../domain');
-
-/**
- * Create a hook map used by the permission Engine
- *
- * @return {import('../..').PermissionEngineHooks}
- */
-const createEngineHooks = () => ({
-  'before-format::validate.permission': hooks.createAsyncBailHook(),
-  'format.permission': hooks.createAsyncSeriesWaterfallHook(),
-  'after-format::validate.permission': hooks.createAsyncBailHook(),
-  'before-evaluate.permission': hooks.createAsyncSeriesHook(),
-  'before-register.permission': hooks.createAsyncSeriesHook(),
-});
-
-/**
- * Create a context from a domain {@link Permission} used by the validate hooks
- * @param {Permission} permission
- * @return {{ readonly permission: Permission }}
- */
-const createValidateContext = (permission) => ({
-  get permission() {
-    return cloneDeep(permission);
-  },
-});
-
-/**
- * Create a context from a domain {@link Permission} used by the before valuate hook
- * @param {Permission} permission
- * @return {{readonly permission: Permission, addCondition(string): this}}
- */
-const createBeforeEvaluateContext = (permission) => ({
-  get permission() {
-    return cloneDeep(permission);
-  },
-
-  addCondition(condition) {
-    Object.assign(permission, domain.permission.addCondition(condition, permission));
-
-    return this;
-  },
-});
-
-/**
- * Create a context from a casl Permission & some options
- * @param caslPermission
- * @param {object} options
- * @param {Permission} options.permission
- * @param {object} options.user
- */
-const createWillRegisterContext = ({ permission, options }) => ({
-  ...options,
-
-  get permission() {
-    return cloneDeep(permission);
-  },
-
-  condition: {
-    and(rawConditionObject) {
-      if (!permission.condition) {
-        Object.assign(permission, { condition: { $and: [] } });
-      }
-
-      permission.condition.$and.push(rawConditionObject);
-
-      return this;
-    },
-
-    or(rawConditionObject) {
-      if (!permission.condition) {
-        Object.assign(permission, { condition: { $and: [] } });
-      }
-
-      const orClause = permission.condition.$and.find(has('$or'));
-
-      if (orClause) {
-        orClause.$or.push(rawConditionObject);
-      } else {
-        permission.condition.$and.push({ $or: [rawConditionObject] });
-      }
-
-      return this;
-    },
-  },
-});
-
-module.exports = {
-  createEngineHooks,
-  createValidateContext,
-  createBeforeEvaluateContext,
-  createWillRegisterContext,
-};

package/lib/engine/index.js

@@ -1,209 +0,0 @@
-'use strict';
-
-const _ = require('lodash/fp');
-
-const abilities = require('./abilities');
-
-const {
-  createEngineHooks,
-  createWillRegisterContext,
-  createBeforeEvaluateContext,
-  createValidateContext,
-} = require('./hooks');
-
-/**
- * @typedef {import("../..").PermissionEngine} PermissionEngine
- * @typedef {import("../..").ActionProvider} ActionProvider
- * @typedef {import("../..").ConditionProvider} ConditionProvider
- * @typedef {import("../..").PermissionEngineParams} PermissionEngineParams
- * @typedef {import("../..").Permission} Permission
- */
-
-/**
- * Create a default state object for the engine
- */
-const createEngineState = () => {
-  const hooks = createEngineHooks();
-
-  return { hooks };
-};
-
-module.exports = {
-  abilities,
-
-  /**
-   * Create a new instance of a permission engine
-   *
-   * @param {PermissionEngineParams} params
-   *
-   * @return {PermissionEngine}
-   */
-  new(params) {
-    const { providers, abilityBuilderFactory = abilities.caslAbilityBuilder } = params;
-
-    const state = createEngineState();
-
-    const runValidationHook = async (hook, context) => state.hooks[hook].call(context);
-
-    /**
-     * Evaluate a permission using local and registered behaviors (using hooks).
-     * Validate, format (add condition, etc...), evaluate (evaluate conditions) and register a permission
-     *
-     * @param {object} params
-     * @param {object} params.options
-     * @param {Function} params.register
-     * @param {Permission} params.permission
-     */
-    const evaluate = async (params) => {
-      const { options, register } = params;
-
-      const preFormatValidation = await runValidationHook(
-        'before-format::validate.permission',
-        createBeforeEvaluateContext(params.permission)
-      );
-
-      if (preFormatValidation === false) {
-        return;
-      }
-
-      const permission = await state.hooks['format.permission'].call(params.permission);
-
-      const afterFormatValidation = await runValidationHook(
-        'after-format::validate.permission',
-        createValidateContext(permission)
-      );
-
-      if (afterFormatValidation === false) {
-        return;
-      }
-
-      await state.hooks['before-evaluate.permission'].call(createBeforeEvaluateContext(permission));
-
-      const { action, subject, properties, conditions = [] } = permission;
-
-      if (conditions.length === 0) {
-        return register({ action, subject, properties });
-      }
-
-      const resolveConditions = _.map(providers.condition.get);
-
-      const removeInvalidConditions = _.filter((condition) => _.isFunction(condition.handler));
-
-      const evaluateConditions = (conditions) => {
-        return Promise.all(
-          conditions.map(async (condition) => ({
-            condition,
-            result: await condition.handler(
-              _.merge(options, { permission: _.cloneDeep(permission) })
-            ),
-          }))
-        );
-      };
-
-      const removeInvalidResults = _.filter(
-        ({ result }) => _.isBoolean(result) || _.isObject(result)
-      );
-
-      const evaluatedConditions = await Promise.resolve(conditions)
-        .then(resolveConditions)
-        .then(removeInvalidConditions)
-        .then(evaluateConditions)
-        .then(removeInvalidResults);
-
-      const resultPropEq = _.propEq('result');
-      const pickResults = _.map(_.prop('result'));
-
-      if (evaluatedConditions.every(resultPropEq(false))) {
-        return;
-      }
-
-      if (_.isEmpty(evaluatedConditions) || evaluatedConditions.some(resultPropEq(true))) {
-        return register({ action, subject, properties });
-      }
-
-      const results = pickResults(evaluatedConditions).filter(_.isObject);
-
-      if (_.isEmpty(results)) {
-        return register({ action, subject, properties });
-      }
-
-      return register({
-        action,
-        subject,
-        properties,
-        condition: { $and: [{ $or: results }] },
-      });
-    };
-
-    return {
-      get hooks() {
-        return state.hooks;
-      },
-
-      /**
-       * Create a register function that wraps a `can` function
-       * used to register a permission in the ability builder
-       *
-       * @param {Function} can
-       * @param {object} options
-       *
-       * @return {Function}
-       */
-      createRegisterFunction(can, options) {
-        return async (permission) => {
-          const hookContext = createWillRegisterContext({ options, permission });
-
-          await state.hooks['before-register.permission'].call(hookContext);
-
-          return can(permission);
-        };
-      },
-
-      /**
-       * Register a new handler for a given hook
-       *
-       * @param {string} hook
-       * @param {Function} handler
-       *
-       * @return {this}
-       */
-      on(hook, handler) {
-        const validHooks = Object.keys(state.hooks);
-        const isValidHook = validHooks.includes(hook);
-
-        if (!isValidHook) {
-          throw new Error(
-            `Invalid hook supplied when trying to register an handler to the permission engine. Got "${hook}" but expected one of ${validHooks.join(
-              ', '
-            )}`
-          );
-        }
-
-        state.hooks[hook].register(handler);
-
-        return this;
-      },
-
-      /**
-       * Generate an ability based on the instance's
-       * ability builder and the given permissions
-       *
-       * @param {Permission[]} permissions
-       * @param {object} [options]
-       *
-       * @return {object}
-       */
-      async generateAbility(permissions, options = {}) {
-        const { can, build } = abilityBuilderFactory();
-
-        for (const permission of permissions) {
-          const register = this.createRegisterFunction(can, options);
-
-          await evaluate({ permission, options, register });
-        }
-
-        return build();
-      },
-    };
-  },
-};

package/lib/index.js

@@ -1,9 +0,0 @@
-'use strict';
-
-const domain = require('./domain');
-const engine = require('./engine');
-
-module.exports = {
-  domain,
-  engine,
-};