@strapi/permissions 0.0.0-next.fd9757603c653ca239c45d6e28ab536d2dae0b39 → 0.0.0-next.fdac61dd05ca665168f51f655f1d165b55ec4231

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/dist/index.js +309 -261
  2. package/dist/index.js.map +1 -1
  3. package/dist/index.mjs +297 -249
  4. package/dist/index.mjs.map +1 -1
  5. package/package.json +11 -11
package/dist/index.js CHANGED
@@ -1,297 +1,345 @@
1
- "use strict";
2
- Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
3
- const _ = require("lodash/fp");
4
- const qs = require("qs");
5
- const utils = require("@strapi/utils");
6
- const sift = require("sift");
7
- const ability = require("@casl/ability");
8
- const _interopDefault = (e) => e && e.__esModule ? e : { default: e };
9
- function _interopNamespace(e) {
10
- if (e && e.__esModule)
11
- return e;
12
- const n = Object.create(null, { [Symbol.toStringTag]: { value: "Module" } });
1
+ 'use strict';
2
+
3
+ var _ = require('lodash/fp');
4
+ var qs = require('qs');
5
+ var utils = require('@strapi/utils');
6
+ var sift = require('sift');
7
+ var ability = require('@casl/ability');
8
+
9
+ function _interopNamespaceDefault(e) {
10
+ var n = Object.create(null);
13
11
  if (e) {
14
- for (const k in e) {
15
- if (k !== "default") {
16
- const d = Object.getOwnPropertyDescriptor(e, k);
12
+ Object.keys(e).forEach(function (k) {
13
+ if (k !== 'default') {
14
+ var d = Object.getOwnPropertyDescriptor(e, k);
17
15
  Object.defineProperty(n, k, d.get ? d : {
18
16
  enumerable: true,
19
- get: () => e[k]
17
+ get: function () { return e[k]; }
20
18
  });
21
19
  }
22
- }
20
+ });
23
21
  }
24
22
  n.default = e;
25
23
  return Object.freeze(n);
26
24
  }
27
- const ___default = /* @__PURE__ */ _interopDefault(_);
28
- const qs__default = /* @__PURE__ */ _interopDefault(qs);
29
- const sift__namespace = /* @__PURE__ */ _interopNamespace(sift);
30
- const PERMISSION_FIELDS = ["action", "subject", "properties", "conditions"];
31
- const sanitizePermissionFields = ___default.default.pick(PERMISSION_FIELDS);
32
- const getDefaultPermission = () => ({
33
- conditions: [],
34
- properties: {},
35
- subject: null
36
- });
37
- const create = ___default.default.pipe(___default.default.pick(PERMISSION_FIELDS), ___default.default.merge(getDefaultPermission()));
38
- const addCondition = ___default.default.curry((condition, permission) => {
39
- const { conditions } = permission;
40
- const newConditions = Array.isArray(conditions) ? ___default.default.uniq(conditions.concat(condition)) : [condition];
41
- return ___default.default.set("conditions", newConditions, permission);
25
+
26
+ var sift__namespace = /*#__PURE__*/_interopNamespaceDefault(sift);
27
+
28
+ const PERMISSION_FIELDS = [
29
+ 'action',
30
+ 'subject',
31
+ 'properties',
32
+ 'conditions'
33
+ ];
34
+ const sanitizePermissionFields = _.pick(PERMISSION_FIELDS);
35
+ /**
36
+ * Creates a permission with default values for optional properties
37
+ */ const getDefaultPermission = ()=>({
38
+ conditions: [],
39
+ properties: {},
40
+ subject: null
41
+ });
42
+ /**
43
+ * Create a new permission based on given attributes
44
+ *
45
+ * @param {object} attributes
46
+ */ const create = _.pipe(_.pick(PERMISSION_FIELDS), _.merge(getDefaultPermission()));
47
+ /**
48
+ * Add a condition to a permission
49
+ */ const addCondition = _.curry((condition, permission)=>{
50
+ const { conditions } = permission;
51
+ const newConditions = Array.isArray(conditions) ? _.uniq(conditions.concat(condition)) : [
52
+ condition
53
+ ];
54
+ return _.set('conditions', newConditions, permission);
42
55
  });
43
- const getProperty = ___default.default.curry(
44
- (property, permission) => ___default.default.get(`properties.${property}`, permission)
45
- );
46
- const index$3 = /* @__PURE__ */ Object.freeze(/* @__PURE__ */ Object.defineProperty({
56
+ /**
57
+ * Gets a property or a part of a property from a permission.
58
+ */ const getProperty = _.curry((property, permission)=>_.get(`properties.${property}`, permission));
59
+
60
+ var index$3 = /*#__PURE__*/Object.freeze({
47
61
  __proto__: null,
48
- addCondition,
49
- create,
50
- getProperty,
51
- sanitizePermissionFields
52
- }, Symbol.toStringTag, { value: "Module" }));
53
- const index$2 = /* @__PURE__ */ Object.freeze(/* @__PURE__ */ Object.defineProperty({
62
+ addCondition: addCondition,
63
+ create: create,
64
+ getProperty: getProperty,
65
+ sanitizePermissionFields: sanitizePermissionFields
66
+ });
67
+
68
+ var index$2 = /*#__PURE__*/Object.freeze({
54
69
  __proto__: null,
55
70
  permission: index$3
56
- }, Symbol.toStringTag, { value: "Module" }));
57
- const createEngineHooks = () => ({
58
- "before-format::validate.permission": utils.hooks.createAsyncBailHook(),
59
- "format.permission": utils.hooks.createAsyncSeriesWaterfallHook(),
60
- "after-format::validate.permission": utils.hooks.createAsyncBailHook(),
61
- "before-evaluate.permission": utils.hooks.createAsyncSeriesHook(),
62
- "before-register.permission": utils.hooks.createAsyncSeriesHook()
63
- });
64
- const createValidateContext = (permission) => ({
65
- get permission() {
66
- return _.cloneDeep(permission);
67
- }
68
- });
69
- const createBeforeEvaluateContext = (permission) => ({
70
- get permission() {
71
- return _.cloneDeep(permission);
72
- },
73
- addCondition(condition) {
74
- Object.assign(permission, addCondition(condition, permission));
75
- return this;
76
- }
77
71
  });
78
- const createWillRegisterContext = ({ permission, options }) => ({
79
- ...options,
80
- get permission() {
81
- return _.cloneDeep(permission);
82
- },
83
- condition: {
84
- and(rawConditionObject) {
85
- if (!permission.condition) {
86
- permission.condition = { $and: [] };
87
- }
88
- if (_.isArray(permission.condition.$and)) {
89
- permission.condition.$and.push(rawConditionObject);
90
- }
91
- return this;
92
- },
93
- or(rawConditionObject) {
94
- if (!permission.condition) {
95
- permission.condition = { $and: [] };
96
- }
97
- if (_.isArray(permission.condition.$and)) {
98
- const orClause = permission.condition.$and.find(_.has("$or"));
99
- if (orClause) {
100
- orClause.$or.push(rawConditionObject);
101
- } else {
102
- permission.condition.$and.push({ $or: [rawConditionObject] });
72
+
73
+ /**
74
+ * Create a hook map used by the permission Engine
75
+ */ const createEngineHooks = ()=>({
76
+ 'before-format::validate.permission': utils.hooks.createAsyncBailHook(),
77
+ 'format.permission': utils.hooks.createAsyncSeriesWaterfallHook(),
78
+ 'after-format::validate.permission': utils.hooks.createAsyncBailHook(),
79
+ 'before-evaluate.permission': utils.hooks.createAsyncSeriesHook(),
80
+ 'before-register.permission': utils.hooks.createAsyncSeriesHook()
81
+ });
82
+ /**
83
+ * Create a context from a domain {@link Permission} used by the validate hooks
84
+ */ const createValidateContext = (permission)=>({
85
+ get permission () {
86
+ return _.cloneDeep(permission);
103
87
  }
104
- }
105
- return this;
106
- }
107
- }
108
- });
88
+ });
89
+ /**
90
+ * Create a context from a domain {@link Permission} used by the before valuate hook
91
+ */ const createBeforeEvaluateContext = (permission)=>({
92
+ get permission () {
93
+ return _.cloneDeep(permission);
94
+ },
95
+ addCondition (condition) {
96
+ Object.assign(permission, addCondition(condition, permission));
97
+ return this;
98
+ }
99
+ });
100
+ /**
101
+ * Create a context from a casl Permission & some options
102
+ * @param caslPermission
103
+ */ const createWillRegisterContext = ({ permission, options })=>({
104
+ ...options,
105
+ get permission () {
106
+ return _.cloneDeep(permission);
107
+ },
108
+ condition: {
109
+ and (rawConditionObject) {
110
+ if (!permission.condition) {
111
+ permission.condition = {
112
+ $and: []
113
+ };
114
+ }
115
+ if (_.isArray(permission.condition.$and)) {
116
+ permission.condition.$and.push(rawConditionObject);
117
+ }
118
+ return this;
119
+ },
120
+ or (rawConditionObject) {
121
+ if (!permission.condition) {
122
+ permission.condition = {
123
+ $and: []
124
+ };
125
+ }
126
+ if (_.isArray(permission.condition.$and)) {
127
+ const orClause = permission.condition.$and.find(_.has('$or'));
128
+ if (orClause) {
129
+ orClause.$or.push(rawConditionObject);
130
+ } else {
131
+ permission.condition.$and.push({
132
+ $or: [
133
+ rawConditionObject
134
+ ]
135
+ });
136
+ }
137
+ }
138
+ return this;
139
+ }
140
+ }
141
+ });
142
+
109
143
  const allowedOperations = [
110
- "$or",
111
- "$and",
112
- "$eq",
113
- "$ne",
114
- "$in",
115
- "$nin",
116
- "$lt",
117
- "$lte",
118
- "$gt",
119
- "$gte",
120
- "$exists",
121
- "$elemMatch"
144
+ '$or',
145
+ '$and',
146
+ '$eq',
147
+ '$ne',
148
+ '$in',
149
+ '$nin',
150
+ '$lt',
151
+ '$lte',
152
+ '$gt',
153
+ '$gte',
154
+ '$exists',
155
+ '$elemMatch'
122
156
  ];
123
157
  const operations = _.pick(allowedOperations, sift__namespace);
124
- const conditionsMatcher = (conditions) => {
125
- return sift__namespace.createQueryTester(conditions, { operations });
158
+ const conditionsMatcher = (conditions)=>{
159
+ return sift__namespace.createQueryTester(conditions, {
160
+ operations
161
+ });
126
162
  };
127
- const buildParametrizedAction = ({ name, params }) => {
128
- return `${name}?${qs__default.default.stringify(params)}`;
163
+ const buildParametrizedAction = ({ name, params })=>{
164
+ return `${name}?${qs.stringify(params)}`;
129
165
  };
130
- const caslAbilityBuilder = () => {
131
- const { can, build, ...rest } = new ability.AbilityBuilder(ability.Ability);
132
- return {
133
- can(permission) {
134
- const { action, subject, properties = {}, condition } = permission;
135
- const { fields } = properties;
136
- const caslAction = typeof action === "string" ? action : buildParametrizedAction(action);
137
- return can(
138
- caslAction,
139
- _.isNil(subject) ? "all" : subject,
140
- fields,
141
- _.isObject(condition) ? condition : void 0
142
- );
143
- },
144
- buildParametrizedAction({ name, params }) {
145
- return `${name}?${qs__default.default.stringify(params)}`;
146
- },
147
- build() {
148
- const ability2 = build({ conditionsMatcher });
149
- function decorateCan(originalCan) {
150
- return function(...args) {
151
- const [action, ...rest2] = args;
152
- const caslAction = typeof action === "string" ? action : buildParametrizedAction(action);
153
- return originalCan.apply(ability2, [caslAction, ...rest2]);
154
- };
155
- }
156
- ability2.can = decorateCan(ability2.can);
157
- return ability2;
158
- },
159
- ...rest
160
- };
166
+ /**
167
+ * Casl Ability Builder.
168
+ */ const caslAbilityBuilder = ()=>{
169
+ const { can, build, ...rest } = new ability.AbilityBuilder(ability.Ability);
170
+ return {
171
+ can (permission) {
172
+ const { action, subject, properties = {}, condition } = permission;
173
+ const { fields } = properties;
174
+ const caslAction = typeof action === 'string' ? action : buildParametrizedAction(action);
175
+ return can(caslAction, _.isNil(subject) ? 'all' : subject, fields, _.isObject(condition) ? condition : undefined);
176
+ },
177
+ buildParametrizedAction ({ name, params }) {
178
+ return `${name}?${qs.stringify(params)}`;
179
+ },
180
+ build () {
181
+ const ability = build({
182
+ conditionsMatcher
183
+ });
184
+ function decorateCan(originalCan) {
185
+ return function(...args) {
186
+ const [action, ...rest] = args;
187
+ const caslAction = typeof action === 'string' ? action : buildParametrizedAction(action);
188
+ // Call the original `can` method
189
+ return originalCan.apply(ability, [
190
+ caslAction,
191
+ ...rest
192
+ ]);
193
+ };
194
+ }
195
+ ability.can = decorateCan(ability.can);
196
+ return ability;
197
+ },
198
+ ...rest
199
+ };
161
200
  };
162
- const index$1 = /* @__PURE__ */ Object.freeze(/* @__PURE__ */ Object.defineProperty({
201
+
202
+ var index$1 = /*#__PURE__*/Object.freeze({
163
203
  __proto__: null,
164
- caslAbilityBuilder
165
- }, Symbol.toStringTag, { value: "Module" }));
166
- const createEngineState = () => {
167
- const hooks = createEngineHooks();
168
- return { hooks };
169
- };
170
- const newEngine = (params) => {
171
- const { providers, abilityBuilderFactory = caslAbilityBuilder } = params;
172
- const state = createEngineState();
173
- const runValidationHook = async (hook, context) => state.hooks[hook].call(context);
174
- const evaluate = async (params2) => {
175
- const { options, register } = params2;
176
- const preFormatValidation = await runValidationHook(
177
- "before-format::validate.permission",
178
- createBeforeEvaluateContext(params2.permission)
179
- );
180
- if (preFormatValidation === false) {
181
- return;
182
- }
183
- const permission = await state.hooks["format.permission"].call(
184
- params2.permission
185
- );
186
- const afterFormatValidation = await runValidationHook(
187
- "after-format::validate.permission",
188
- createValidateContext(permission)
189
- );
190
- if (afterFormatValidation === false) {
191
- return;
192
- }
193
- await state.hooks["before-evaluate.permission"].call(createBeforeEvaluateContext(permission));
194
- const {
195
- action: actionName,
196
- subject,
197
- properties,
198
- conditions = [],
199
- actionParameters = {}
200
- } = permission;
201
- let action = actionName;
202
- if (actionParameters && Object.keys(actionParameters).length > 0) {
203
- action = `${actionName}?${qs__default.default.stringify(actionParameters)}`;
204
- }
205
- if (conditions.length === 0) {
206
- return register({ action, subject, properties });
207
- }
208
- const resolveConditions = ___default.default.map(providers.condition.get);
209
- const removeInvalidConditions = ___default.default.filter(
210
- (condition) => ___default.default.isFunction(condition.handler)
211
- );
212
- const evaluateConditions = (conditions2) => {
213
- return Promise.all(
214
- conditions2.map(async (condition) => ({
215
- condition,
216
- result: await condition.handler(
217
- ___default.default.merge(options, { permission: ___default.default.cloneDeep(permission) })
218
- )
219
- }))
220
- );
204
+ caslAbilityBuilder: caslAbilityBuilder
205
+ });
206
+
207
+ /**
208
+ * Create a default state object for the engine
209
+ */ const createEngineState = ()=>{
210
+ const hooks = createEngineHooks();
211
+ return {
212
+ hooks
221
213
  };
222
- const removeInvalidResults = ___default.default.filter(
223
- ({ result }) => ___default.default.isBoolean(result) || ___default.default.isObject(result)
224
- );
225
- const evaluatedConditions = await Promise.resolve(conditions).then(resolveConditions).then(removeInvalidConditions).then(evaluateConditions).then(removeInvalidResults);
226
- const resultPropEq = ___default.default.propEq("result");
227
- const pickResults = ___default.default.map(___default.default.prop("result"));
228
- if (evaluatedConditions.every(resultPropEq(false))) {
229
- return;
230
- }
231
- if (___default.default.isEmpty(evaluatedConditions) || evaluatedConditions.some(resultPropEq(true))) {
232
- return register({ action, subject, properties });
233
- }
234
- const results = pickResults(evaluatedConditions).filter(___default.default.isObject);
235
- if (___default.default.isEmpty(results)) {
236
- return register({ action, subject, properties });
237
- }
238
- return register({
239
- action,
240
- subject,
241
- properties,
242
- condition: { $and: [{ $or: results }] }
243
- });
244
- };
245
- return {
246
- get hooks() {
247
- return state.hooks;
248
- },
214
+ };
215
+ const newEngine = (params)=>{
216
+ const { providers, abilityBuilderFactory = caslAbilityBuilder } = params;
217
+ const state = createEngineState();
218
+ const runValidationHook = async (hook, context)=>state.hooks[hook].call(context);
249
219
  /**
220
+ * Evaluate a permission using local and registered behaviors (using hooks).
221
+ * Validate, format (add condition, etc...), evaluate (evaluate conditions) and register a permission
222
+ */ const evaluate = async (params)=>{
223
+ const { options, register } = params;
224
+ const preFormatValidation = await runValidationHook('before-format::validate.permission', createBeforeEvaluateContext(params.permission));
225
+ if (preFormatValidation === false) {
226
+ return;
227
+ }
228
+ const permission = await state.hooks['format.permission'].call(params.permission);
229
+ const afterFormatValidation = await runValidationHook('after-format::validate.permission', createValidateContext(permission));
230
+ if (afterFormatValidation === false) {
231
+ return;
232
+ }
233
+ await state.hooks['before-evaluate.permission'].call(createBeforeEvaluateContext(permission));
234
+ const { action: actionName, subject, properties, conditions = [], actionParameters = {} } = permission;
235
+ let action = actionName;
236
+ if (actionParameters && Object.keys(actionParameters).length > 0) {
237
+ action = `${actionName}?${qs.stringify(actionParameters)}`;
238
+ }
239
+ if (conditions.length === 0) {
240
+ return register({
241
+ action,
242
+ subject,
243
+ properties
244
+ });
245
+ }
246
+ const resolveConditions = _.map(providers.condition.get);
247
+ const removeInvalidConditions = _.filter((condition)=>_.isFunction(condition.handler));
248
+ const evaluateConditions = (conditions)=>{
249
+ return Promise.all(conditions.map(async (condition)=>({
250
+ condition,
251
+ result: await condition.handler(_.merge(options, {
252
+ permission: _.cloneDeep(permission)
253
+ }))
254
+ })));
255
+ };
256
+ const removeInvalidResults = _.filter(({ result })=>_.isBoolean(result) || _.isObject(result));
257
+ const evaluatedConditions = await Promise.resolve(conditions).then(resolveConditions).then(removeInvalidConditions).then(evaluateConditions).then(removeInvalidResults);
258
+ const resultPropEq = _.propEq('result');
259
+ const pickResults = _.map(_.prop('result'));
260
+ if (evaluatedConditions.every(resultPropEq(false))) {
261
+ return;
262
+ }
263
+ if (_.isEmpty(evaluatedConditions) || evaluatedConditions.some(resultPropEq(true))) {
264
+ return register({
265
+ action,
266
+ subject,
267
+ properties
268
+ });
269
+ }
270
+ const results = pickResults(evaluatedConditions).filter(_.isObject);
271
+ if (_.isEmpty(results)) {
272
+ return register({
273
+ action,
274
+ subject,
275
+ properties
276
+ });
277
+ }
278
+ return register({
279
+ action,
280
+ subject,
281
+ properties,
282
+ condition: {
283
+ $and: [
284
+ {
285
+ $or: results
286
+ }
287
+ ]
288
+ }
289
+ });
290
+ };
291
+ return {
292
+ get hooks () {
293
+ return state.hooks;
294
+ },
295
+ /**
250
296
  * Create a register function that wraps a `can` function
251
297
  * used to register a permission in the ability builder
252
- */
253
- createRegisterFunction(can, options) {
254
- return async (permission) => {
255
- const hookContext = createWillRegisterContext({ options, permission });
256
- await state.hooks["before-register.permission"].call(hookContext);
257
- return can(permission);
258
- };
259
- },
260
- /**
298
+ */ createRegisterFunction (can, options) {
299
+ return async (permission)=>{
300
+ const hookContext = createWillRegisterContext({
301
+ options,
302
+ permission
303
+ });
304
+ await state.hooks['before-register.permission'].call(hookContext);
305
+ return can(permission);
306
+ };
307
+ },
308
+ /**
261
309
  * Register a new handler for a given hook
262
- */
263
- on(hook, handler) {
264
- const validHooks = Object.keys(state.hooks);
265
- const isValidHook = validHooks.includes(hook);
266
- if (!isValidHook) {
267
- throw new Error(
268
- `Invalid hook supplied when trying to register an handler to the permission engine. Got "${hook}" but expected one of ${validHooks.join(
269
- ", "
270
- )}`
271
- );
272
- }
273
- state.hooks[hook].register(handler);
274
- return this;
275
- },
276
- /**
310
+ */ on (hook, handler) {
311
+ const validHooks = Object.keys(state.hooks);
312
+ const isValidHook = validHooks.includes(hook);
313
+ if (!isValidHook) {
314
+ throw new Error(`Invalid hook supplied when trying to register an handler to the permission engine. Got "${hook}" but expected one of ${validHooks.join(', ')}`);
315
+ }
316
+ state.hooks[hook].register(handler);
317
+ return this;
318
+ },
319
+ /**
277
320
  * Generate an ability based on the instance's
278
321
  * ability builder and the given permissions
279
- */
280
- async generateAbility(permissions, options = {}) {
281
- const { can, build } = abilityBuilderFactory();
282
- for (const permission of permissions) {
283
- const register = this.createRegisterFunction(can, options);
284
- await evaluate({ permission, options, register });
285
- }
286
- return build();
287
- }
288
- };
322
+ */ async generateAbility (permissions, options = {}) {
323
+ const { can, build } = abilityBuilderFactory();
324
+ for (const permission of permissions){
325
+ const register = this.createRegisterFunction(can, options);
326
+ await evaluate({
327
+ permission,
328
+ options,
329
+ register
330
+ });
331
+ }
332
+ return build();
333
+ }
334
+ };
289
335
  };
290
- const index = /* @__PURE__ */ Object.freeze(/* @__PURE__ */ Object.defineProperty({
336
+
337
+ var index = /*#__PURE__*/Object.freeze({
291
338
  __proto__: null,
292
339
  abilities: index$1,
293
340
  new: newEngine
294
- }, Symbol.toStringTag, { value: "Module" }));
341
+ });
342
+
295
343
  exports.domain = index$2;
296
344
  exports.engine = index;
297
345
  //# sourceMappingURL=index.js.map