@strapi/permissions 4.12.0-beta.5 → 4.12.1

package/dist/domain/index.d.ts

@@ -0,0 +1,2 @@
+import * as permission from './permission';
+export { permission };

package/dist/domain/index.js

@@ -0,0 +1,29 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.permission = void 0;
+const permission = __importStar(require("./permission"));
+exports.permission = permission;
+//# sourceMappingURL=index.js.map

package/dist/domain/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/domain/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,yDAA2C;AAElC,gCAAU"}

package/dist/domain/permission/index.d.ts

@@ -0,0 +1,24 @@
+/// <reference types="lodash" />
+import _ from 'lodash/fp';
+declare const sanitizePermissionFields: _.LodashPick2x1;
+export interface Permission {
+    action: string;
+    subject?: string | object | null;
+    properties?: object;
+    conditions?: string[];
+}
+/**
+ * Create a new permission based on given attributes
+ *
+ * @param {object} attributes
+ */
+declare const create: <T>(object: T | null | undefined) => Pick<Permission, "subject" | "properties" | "conditions"> & Partial<T>;
+/**
+ * Add a condition to a permission
+ */
+declare const addCondition: import("lodash").CurriedFunction2<string, Permission, Permission>;
+/**
+ * Gets a property or a part of a property from a permission.
+ */
+declare const getProperty: (...args: any[]) => any;
+export { create, sanitizePermissionFields, addCondition, getProperty };

package/dist/domain/permission/index.js

@@ -0,0 +1,42 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getProperty = exports.addCondition = exports.sanitizePermissionFields = exports.create = void 0;
+const fp_1 = __importDefault(require("lodash/fp"));
+const PERMISSION_FIELDS = ['action', 'subject', 'properties', 'conditions'];
+const sanitizePermissionFields = fp_1.default.pick(PERMISSION_FIELDS);
+exports.sanitizePermissionFields = sanitizePermissionFields;
+/**
+ * Creates a permission with default values for optional properties
+ */
+const getDefaultPermission = () => ({
+    conditions: [],
+    properties: {},
+    subject: null,
+});
+/**
+ * Create a new permission based on given attributes
+ *
+ * @param {object} attributes
+ */
+const create = fp_1.default.pipe(fp_1.default.pick(PERMISSION_FIELDS), fp_1.default.merge(getDefaultPermission()));
+exports.create = create;
+/**
+ * Add a condition to a permission
+ */
+const addCondition = fp_1.default.curry((condition, permission) => {
+    const { conditions } = permission;
+    const newConditions = Array.isArray(conditions)
+        ? fp_1.default.uniq(conditions.concat(condition))
+        : [condition];
+    return fp_1.default.set('conditions', newConditions, permission);
+});
+exports.addCondition = addCondition;
+/**
+ * Gets a property or a part of a property from a permission.
+ */
+const getProperty = fp_1.default.curry((property, permission) => fp_1.default.get(`properties.${property}`, permission));
+exports.getProperty = getProperty;
+//# sourceMappingURL=index.js.map

package/dist/domain/permission/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/domain/permission/index.ts"],"names":[],"mappings":";;;;;;AAAA,mDAA0B;AAE1B,MAAM,iBAAiB,GAAG,CAAC,QAAQ,EAAE,SAAS,EAAE,YAAY,EAAE,YAAY,CAAU,CAAC;AAErF,MAAM,wBAAwB,GAAG,YAAC,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;AAgD1C,4DAAwB;AAvCzC;;GAEG;AACH,MAAM,oBAAoB,GAAG,GAA8D,EAAE,CAAC,CAAC;IAC7F,UAAU,EAAE,EAAE;IACd,UAAU,EAAE,EAAE;IACd,OAAO,EAAE,IAAI;CACd,CAAC,CAAC;AAEH;;;;GAIG;AACH,MAAM,MAAM,GAAG,YAAC,CAAC,IAAI,CAAC,YAAC,CAAC,IAAI,CAAC,iBAAiB,CAAC,EAAE,YAAC,CAAC,KAAK,CAAC,oBAAoB,EAAE,CAAC,CAAC,CAAC;AAyBzE,wBAAM;AAvBf;;GAEG;AACH,MAAM,YAAY,GAAG,YAAC,CAAC,KAAK,CAAC,CAAC,SAAiB,EAAE,UAAsB,EAAc,EAAE;IACrF,MAAM,EAAE,UAAU,EAAE,GAAG,UAAU,CAAC;IAElC,MAAM,aAAa,GAAG,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC;QAC7C,CAAC,CAAC,YAAC,CAAC,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QACtC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;IAEhB,OAAO,YAAC,CAAC,GAAG,CAAC,YAAY,EAAE,aAAa,EAAE,UAAU,CAAC,CAAC;AACxD,CAAC,CAAC,CAAC;AAYwC,oCAAY;AAVvD;;GAEG;AACH,MAAM,WAAW,GAAG,YAAC,CAAC,KAAK,CACzB,CACE,QAAW,EACX,UAAsB,EACO,EAAE,CAAC,YAAC,CAAC,GAAG,CAAC,cAAc,QAAQ,EAAE,EAAE,UAAU,CAAC,CAC9E,CAAC;AAEuD,kCAAW"}

package/dist/engine/abilities/casl-ability.d.ts

@@ -0,0 +1,17 @@
+import { AbilityBuilder, Ability, Subject } from '@casl/ability';
+export interface PermissionRule {
+    action: string;
+    subject?: Subject | null;
+    properties?: {
+        fields?: string[];
+    };
+    condition?: Record<string, unknown>;
+}
+export interface CustomAbilityBuilder {
+    can(permission: PermissionRule): ReturnType<AbilityBuilder<Ability>['can']>;
+    build(): Ability;
+}
+/**
+ * Casl Ability Builder.
+ */
+export declare const caslAbilityBuilder: () => CustomAbilityBuilder;

package/dist/engine/abilities/casl-ability.js

@@ -0,0 +1,66 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.caslAbilityBuilder = void 0;
+const sift = __importStar(require("sift"));
+const ability_1 = require("@casl/ability");
+const fp_1 = require("lodash/fp");
+const allowedOperations = [
+    '$or',
+    '$and',
+    '$eq',
+    '$ne',
+    '$in',
+    '$nin',
+    '$lt',
+    '$lte',
+    '$gt',
+    '$gte',
+    '$exists',
+    '$elemMatch',
+];
+const operations = (0, fp_1.pick)(allowedOperations, sift);
+const conditionsMatcher = (conditions) => {
+    return sift.createQueryTester(conditions, { operations });
+};
+/**
+ * Casl Ability Builder.
+ */
+const caslAbilityBuilder = () => {
+    const { can, build, ...rest } = new ability_1.AbilityBuilder(ability_1.Ability);
+    return {
+        can(permission) {
+            const { action, subject, properties = {}, condition } = permission;
+            const { fields } = properties;
+            return can(action, (0, fp_1.isNil)(subject) ? 'all' : subject, fields, (0, fp_1.isObject)(condition) ? condition : undefined);
+        },
+        build() {
+            return build({ conditionsMatcher });
+        },
+        ...rest,
+    };
+};
+exports.caslAbilityBuilder = caslAbilityBuilder;
+//# sourceMappingURL=casl-ability.js.map

package/dist/engine/abilities/casl-ability.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"casl-ability.js","sourceRoot":"","sources":["../../../src/engine/abilities/casl-ability.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,2CAA6B;AAC7B,2CAAiE;AACjE,kCAAkD;AAgBlD,MAAM,iBAAiB,GAAG;IACxB,KAAK;IACL,MAAM;IACN,KAAK;IACL,KAAK;IACL,KAAK;IACL,MAAM;IACN,KAAK;IACL,MAAM;IACN,KAAK;IACL,MAAM;IACN,SAAS;IACT,YAAY;CACJ,CAAC;AAEX,MAAM,UAAU,GAAG,IAAA,SAAI,EAAC,iBAAiB,EAAE,IAAI,CAAC,CAAC;AAEjD,MAAM,iBAAiB,GAAG,CAAC,UAAmB,EAAE,EAAE;IAChD,OAAO,IAAI,CAAC,iBAAiB,CAAC,UAAU,EAAE,EAAE,UAAU,EAAE,CAAC,CAAC;AAC5D,CAAC,CAAC;AAEF;;GAEG;AACI,MAAM,kBAAkB,GAAG,GAAyB,EAAE;IAC3D,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,IAAI,EAAE,GAAG,IAAI,wBAAc,CAAC,iBAAO,CAAC,CAAC;IAE5D,OAAO;QACL,GAAG,CAAC,UAA0B;YAC5B,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,UAAU,GAAG,EAAE,EAAE,SAAS,EAAE,GAAG,UAAU,CAAC;YACnE,MAAM,EAAE,MAAM,EAAE,GAAG,UAAU,CAAC;YAE9B,OAAO,GAAG,CACR,MAAM,EACN,IAAA,UAAK,EAAC,OAAO,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,EAChC,MAAM,EACN,IAAA,aAAQ,EAAC,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAC5C,CAAC;QACJ,CAAC;QAED,KAAK;YACH,OAAO,KAAK,CAAC,EAAE,iBAAiB,EAAE,CAAC,CAAC;QACtC,CAAC;QAED,GAAG,IAAI;KACR,CAAC;AACJ,CAAC,CAAC;AAtBW,QAAA,kBAAkB,sBAsB7B"}

package/dist/engine/abilities/index.d.ts

@@ -0,0 +1 @@
+export * from './casl-ability';

package/dist/engine/abilities/index.js

@@ -0,0 +1,18 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./casl-ability"), exports);
+//# sourceMappingURL=index.js.map

package/dist/engine/abilities/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/engine/abilities/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,iDAA+B"}

package/dist/engine/hooks.d.ts

@@ -0,0 +1,54 @@
+import { hooks } from '@strapi/utils';
+import * as domain from '../domain';
+import type { Permission } from '../domain/permission';
+import type { PermissionRule } from './abilities';
+export interface PermissionEngineHooks {
+    'before-format::validate.permission': ReturnType<typeof hooks.createAsyncBailHook>;
+    'format.permission': ReturnType<typeof hooks.createAsyncSeriesWaterfallHook>;
+    'after-format::validate.permission': ReturnType<typeof hooks.createAsyncBailHook>;
+    'before-evaluate.permission': ReturnType<typeof hooks.createAsyncSeriesHook>;
+    'before-register.permission': ReturnType<typeof hooks.createAsyncSeriesHook>;
+}
+export type HookName = keyof PermissionEngineHooks;
+/**
+ * Create a hook map used by the permission Engine
+ */
+declare const createEngineHooks: () => PermissionEngineHooks;
+/**
+ * Create a context from a domain {@link Permission} used by the validate hooks
+ */
+declare const createValidateContext: (permission: Permission) => {
+    readonly permission: Readonly<domain.permission.Permission>;
+};
+/**
+ * Create a context from a domain {@link Permission} used by the before valuate hook
+ */
+declare const createBeforeEvaluateContext: (permission: Permission) => {
+    readonly permission: Readonly<domain.permission.Permission>;
+    addCondition(condition: string): {
+        readonly permission: Readonly<domain.permission.Permission>;
+        addCondition(condition: string): any;
+    };
+};
+interface WillRegisterContextParams {
+    permission: PermissionRule;
+    options: Record<string, unknown>;
+}
+/**
+ * Create a context from a casl Permission & some options
+ * @param caslPermission
+ */
+declare const createWillRegisterContext: ({ permission, options }: WillRegisterContextParams) => {
+    permission: PermissionRule;
+    condition: {
+        and(rawConditionObject: unknown): {
+            and(rawConditionObject: unknown): any;
+            or(rawConditionObject: unknown): any;
+        };
+        or(rawConditionObject: unknown): {
+            and(rawConditionObject: unknown): any;
+            or(rawConditionObject: unknown): any;
+        };
+    };
+};
+export { createEngineHooks, createValidateContext, createBeforeEvaluateContext, createWillRegisterContext, };

package/dist/engine/hooks.js

@@ -0,0 +1,100 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createWillRegisterContext = exports.createBeforeEvaluateContext = exports.createValidateContext = exports.createEngineHooks = void 0;
+const fp_1 = require("lodash/fp");
+const utils_1 = require("@strapi/utils");
+const domain = __importStar(require("../domain"));
+/**
+ * Create a hook map used by the permission Engine
+ */
+const createEngineHooks = () => ({
+    'before-format::validate.permission': utils_1.hooks.createAsyncBailHook(),
+    'format.permission': utils_1.hooks.createAsyncSeriesWaterfallHook(),
+    'after-format::validate.permission': utils_1.hooks.createAsyncBailHook(),
+    'before-evaluate.permission': utils_1.hooks.createAsyncSeriesHook(),
+    'before-register.permission': utils_1.hooks.createAsyncSeriesHook(),
+});
+exports.createEngineHooks = createEngineHooks;
+/**
+ * Create a context from a domain {@link Permission} used by the validate hooks
+ */
+const createValidateContext = (permission) => ({
+    get permission() {
+        return (0, fp_1.cloneDeep)(permission);
+    },
+});
+exports.createValidateContext = createValidateContext;
+/**
+ * Create a context from a domain {@link Permission} used by the before valuate hook
+ */
+const createBeforeEvaluateContext = (permission) => ({
+    get permission() {
+        return (0, fp_1.cloneDeep)(permission);
+    },
+    addCondition(condition) {
+        Object.assign(permission, domain.permission.addCondition(condition, permission));
+        return this;
+    },
+});
+exports.createBeforeEvaluateContext = createBeforeEvaluateContext;
+/**
+ * Create a context from a casl Permission & some options
+ * @param caslPermission
+ */
+const createWillRegisterContext = ({ permission, options }) => ({
+    ...options,
+    get permission() {
+        return (0, fp_1.cloneDeep)(permission);
+    },
+    condition: {
+        and(rawConditionObject) {
+            if (!permission.condition) {
+                permission.condition = { $and: [] };
+            }
+            if ((0, fp_1.isArray)(permission.condition.$and)) {
+                permission.condition.$and.push(rawConditionObject);
+            }
+            return this;
+        },
+        or(rawConditionObject) {
+            if (!permission.condition) {
+                permission.condition = { $and: [] };
+            }
+            if ((0, fp_1.isArray)(permission.condition.$and)) {
+                const orClause = permission.condition.$and.find((0, fp_1.has)('$or'));
+                if (orClause) {
+                    orClause.$or.push(rawConditionObject);
+                }
+                else {
+                    permission.condition.$and.push({ $or: [rawConditionObject] });
+                }
+            }
+            return this;
+        },
+    },
+});
+exports.createWillRegisterContext = createWillRegisterContext;
+//# sourceMappingURL=hooks.js.map

package/dist/engine/hooks.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"hooks.js","sourceRoot":"","sources":["../../src/engine/hooks.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,kCAAoD;AACpD,yCAAsC;AAEtC,kDAAoC;AAcpC;;GAEG;AACH,MAAM,iBAAiB,GAAG,GAA0B,EAAE,CAAC,CAAC;IACtD,oCAAoC,EAAE,aAAK,CAAC,mBAAmB,EAAE;IACjE,mBAAmB,EAAE,aAAK,CAAC,8BAA8B,EAAE;IAC3D,mCAAmC,EAAE,aAAK,CAAC,mBAAmB,EAAE;IAChE,4BAA4B,EAAE,aAAK,CAAC,qBAAqB,EAAE;IAC3D,4BAA4B,EAAE,aAAK,CAAC,qBAAqB,EAAE;CAC5D,CAAC,CAAC;AA4ED,8CAAiB;AA1EnB;;GAEG;AACH,MAAM,qBAAqB,GAAG,CAAC,UAAsB,EAAE,EAAE,CAAC,CAAC;IACzD,IAAI,UAAU;QACZ,OAAO,IAAA,cAAS,EAAC,UAAU,CAAC,CAAC;IAC/B,CAAC;CACF,CAAC,CAAC;AAoED,sDAAqB;AAlEvB;;GAEG;AACH,MAAM,2BAA2B,GAAG,CAAC,UAAsB,EAAE,EAAE,CAAC,CAAC;IAC/D,IAAI,UAAU;QACZ,OAAO,IAAA,cAAS,EAAC,UAAU,CAAC,CAAC;IAC/B,CAAC;IAED,YAAY,CAAC,SAAiB;QAC5B,MAAM,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,UAAU,CAAC,YAAY,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC,CAAC;QAEjF,OAAO,IAAI,CAAC;IACd,CAAC;CACF,CAAC,CAAC;AAsDD,kEAA2B;AA/C7B;;;GAGG;AACH,MAAM,yBAAyB,GAAG,CAAC,EAAE,UAAU,EAAE,OAAO,EAA6B,EAAE,EAAE,CAAC,CAAC;IACzF,GAAG,OAAO;IAEV,IAAI,UAAU;QACZ,OAAO,IAAA,cAAS,EAAC,UAAU,CAAC,CAAC;IAC/B,CAAC;IAED,SAAS,EAAE;QACT,GAAG,CAAC,kBAA2B;YAC7B,IAAI,CAAC,UAAU,CAAC,SAAS,EAAE;gBACzB,UAAU,CAAC,SAAS,GAAG,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC;aACrC;YAED,IAAI,IAAA,YAAO,EAAC,UAAU,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE;gBACtC,UAAU,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;aACpD;YAED,OAAO,IAAI,CAAC;QACd,CAAC;QAED,EAAE,CAAC,kBAA2B;YAC5B,IAAI,CAAC,UAAU,CAAC,SAAS,EAAE;gBACzB,UAAU,CAAC,SAAS,GAAG,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC;aACrC;YAED,IAAI,IAAA,YAAO,EAAC,UAAU,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE;gBACtC,MAAM,QAAQ,GAAG,UAAU,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,IAAA,QAAG,EAAC,KAAK,CAAC,CAAC,CAAC;gBAE5D,IAAI,QAAQ,EAAE;oBACZ,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;iBACvC;qBAAM;oBACL,UAAU,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,CAAC,kBAAkB,CAAC,EAAE,CAAC,CAAC;iBAC/D;aACF;YAED,OAAO,IAAI,CAAC;QACd,CAAC;KACF;CACF,CAAC,CAAC;AAMD,8DAAyB"}

package/dist/engine/index.d.ts

@@ -0,0 +1,24 @@
+import { Ability } from '@casl/ability';
+import { providerFactory } from '@strapi/utils';
+import type { PermissionEngineHooks, HookName } from './hooks';
+import * as abilities from './abilities';
+import { Permission } from '../domain/permission';
+export { abilities };
+type Provider = ReturnType<typeof providerFactory>;
+type ActionProvider = Provider;
+type ConditionProvider = Provider;
+export interface Engine {
+    hooks: PermissionEngineHooks;
+    on(hook: HookName, handler: (...args: unknown[]) => unknown): Engine;
+    generateAbility(permissions: Permission[], options?: object): Promise<Ability>;
+    createRegisterFunction(can: (permission: abilities.PermissionRule) => unknown, options: Record<string, unknown>): (permission: abilities.PermissionRule) => Promise<unknown>;
+}
+export interface EngineParams {
+    providers: {
+        action: ActionProvider;
+        condition: ConditionProvider;
+    };
+    abilityBuilderFactory?(): abilities.CustomAbilityBuilder;
+}
+declare const newEngine: (params: EngineParams) => Engine;
+export { newEngine as new };

package/dist/engine/index.js

@@ -0,0 +1,140 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.new = exports.abilities = void 0;
+const fp_1 = __importDefault(require("lodash/fp"));
+const hooks_1 = require("./hooks");
+const abilities = __importStar(require("./abilities"));
+exports.abilities = abilities;
+/**
+ * Create a default state object for the engine
+ */
+const createEngineState = () => {
+    const hooks = (0, hooks_1.createEngineHooks)();
+    return { hooks };
+};
+const newEngine = (params) => {
+    const { providers, abilityBuilderFactory = abilities.caslAbilityBuilder } = params;
+    const state = createEngineState();
+    const runValidationHook = async (hook, context) => state.hooks[hook].call(context);
+    /**
+     * Evaluate a permission using local and registered behaviors (using hooks).
+     * Validate, format (add condition, etc...), evaluate (evaluate conditions) and register a permission
+     */
+    const evaluate = async (params) => {
+        const { options, register } = params;
+        const preFormatValidation = await runValidationHook('before-format::validate.permission', (0, hooks_1.createBeforeEvaluateContext)(params.permission));
+        if (preFormatValidation === false) {
+            return;
+        }
+        const permission = (await state.hooks['format.permission'].call(params.permission));
+        const afterFormatValidation = await runValidationHook('after-format::validate.permission', (0, hooks_1.createValidateContext)(permission));
+        if (afterFormatValidation === false) {
+            return;
+        }
+        await state.hooks['before-evaluate.permission'].call((0, hooks_1.createBeforeEvaluateContext)(permission));
+        const { action, subject, properties, conditions = [] } = permission;
+        if (conditions.length === 0) {
+            return register({ action, subject, properties });
+        }
+        const resolveConditions = fp_1.default.map(providers.condition.get);
+        const removeInvalidConditions = fp_1.default.filter((condition) => fp_1.default.isFunction(condition.handler));
+        const evaluateConditions = (conditions) => {
+            return Promise.all(conditions.map(async (condition) => ({
+                condition,
+                result: await condition.handler(fp_1.default.merge(options, { permission: fp_1.default.cloneDeep(permission) })),
+            })));
+        };
+        const removeInvalidResults = fp_1.default.filter(({ result }) => fp_1.default.isBoolean(result) || fp_1.default.isObject(result));
+        const evaluatedConditions = await Promise.resolve(conditions)
+            .then(resolveConditions)
+            .then(removeInvalidConditions)
+            .then(evaluateConditions)
+            .then(removeInvalidResults);
+        const resultPropEq = fp_1.default.propEq('result');
+        const pickResults = fp_1.default.map(fp_1.default.prop('result'));
+        if (evaluatedConditions.every(resultPropEq(false))) {
+            return;
+        }
+        if (fp_1.default.isEmpty(evaluatedConditions) || evaluatedConditions.some(resultPropEq(true))) {
+            return register({ action, subject, properties });
+        }
+        const results = pickResults(evaluatedConditions).filter(fp_1.default.isObject);
+        if (fp_1.default.isEmpty(results)) {
+            return register({ action, subject, properties });
+        }
+        return register({
+            action,
+            subject,
+            properties,
+            condition: { $and: [{ $or: results }] },
+        });
+    };
+    return {
+        get hooks() {
+            return state.hooks;
+        },
+        /**
+         * Create a register function that wraps a `can` function
+         * used to register a permission in the ability builder
+         */
+        createRegisterFunction(can, options) {
+            return async (permission) => {
+                const hookContext = (0, hooks_1.createWillRegisterContext)({ options, permission });
+                await state.hooks['before-register.permission'].call(hookContext);
+                return can(permission);
+            };
+        },
+        /**
+         * Register a new handler for a given hook
+         */
+        on(hook, handler) {
+            const validHooks = Object.keys(state.hooks);
+            const isValidHook = validHooks.includes(hook);
+            if (!isValidHook) {
+                throw new Error(`Invalid hook supplied when trying to register an handler to the permission engine. Got "${hook}" but expected one of ${validHooks.join(', ')}`);
+            }
+            state.hooks[hook].register(handler);
+            return this;
+        },
+        /**
+         * Generate an ability based on the instance's
+         * ability builder and the given permissions
+         */
+        async generateAbility(permissions, options = {}) {
+            const { can, build } = abilityBuilderFactory();
+            for (const permission of permissions) {
+                const register = this.createRegisterFunction(can, options);
+                await evaluate({ permission, options, register });
+            }
+            return build();
+        },
+    };
+};
+exports.new = newEngine;
+//# sourceMappingURL=index.js.map

package/dist/engine/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/engine/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,mDAA0B;AAI1B,mCAKiB;AAGjB,uDAAyC;AAGhC,8BAAS;AAgClB;;GAEG;AACH,MAAM,iBAAiB,GAAG,GAAG,EAAE;IAC7B,MAAM,KAAK,GAAG,IAAA,yBAAiB,GAAE,CAAC;IAElC,OAAO,EAAE,KAAK,EAAE,CAAC;AACnB,CAAC,CAAC;AAEF,MAAM,SAAS,GAAG,CAAC,MAAoB,EAAU,EAAE;IACjD,MAAM,EAAE,SAAS,EAAE,qBAAqB,GAAG,SAAS,CAAC,kBAAkB,EAAE,GAAG,MAAM,CAAC;IAEnF,MAAM,KAAK,GAAG,iBAAiB,EAAE,CAAC;IAElC,MAAM,iBAAiB,GAAG,KAAK,EAAE,IAAc,EAAE,OAAgB,EAAE,EAAE,CACnE,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAElC;;;OAGG;IACH,MAAM,QAAQ,GAAG,KAAK,EAAE,MAAsB,EAAE,EAAE;QAChD,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,GAAG,MAAM,CAAC;QAErC,MAAM,mBAAmB,GAAG,MAAM,iBAAiB,CACjD,oCAAoC,EACpC,IAAA,mCAA2B,EAAC,MAAM,CAAC,UAAU,CAAC,CAC/C,CAAC;QAEF,IAAI,mBAAmB,KAAK,KAAK,EAAE;YACjC,OAAO;SACR;QAED,MAAM,UAAU,GAAG,CAAC,MAAM,KAAK,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAAC,IAAI,CAC7D,MAAM,CAAC,UAAU,CAClB,CAAe,CAAC;QAEjB,MAAM,qBAAqB,GAAG,MAAM,iBAAiB,CACnD,mCAAmC,EACnC,IAAA,6BAAqB,EAAC,UAAU,CAAC,CAClC,CAAC;QAEF,IAAI,qBAAqB,KAAK,KAAK,EAAE;YACnC,OAAO;SACR;QAED,MAAM,KAAK,CAAC,KAAK,CAAC,4BAA4B,CAAC,CAAC,IAAI,CAAC,IAAA,mCAA2B,EAAC,UAAU,CAAC,CAAC,CAAC;QAE9F,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,UAAU,GAAG,EAAE,EAAE,GAAG,UAAU,CAAC;QAEpE,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE;YAC3B,OAAO,QAAQ,CAAC,EAAE,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,CAAC,CAAC;SAClD;QAED,MAAM,iBAAiB,GAAG,YAAC,CAAC,GAAG,CAAC,SAAS,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;QAEzD,MAAM,uBAAuB,GAAG,YAAC,CAAC,MAAM,CAAC,CAAC,SAAoB,EAAE,EAAE,CAChE,YAAC,CAAC,UAAU,CAAC,SAAS,CAAC,OAAO,CAAC,CAChC,CAAC;QAEF,MAAM,kBAAkB,GAAG,CAAC,UAAuB,EAAE,EAAE;YACrD,OAAO,OAAO,CAAC,GAAG,CAChB,UAAU,CAAC,GAAG,CAAC,KAAK,EAAE,SAAS,EAAE,EAAE,CAAC,CAAC;gBACnC,SAAS;gBACT,MAAM,EAAE,MAAM,SAAS,CAAC,OAAO,CAC7B,YAAC,CAAC,KAAK,CAAC,OAAO,EAAE,EAAE,UAAU,EAAE,YAAC,CAAC,SAAS,CAAC,UAAU,CAAC,EAAE,CAAC,CAC1D;aACF,CAAC,CAAC,CACJ,CAAC;QACJ,CAAC,CAAC;QAEF,MAAM,oBAAoB,GAAG,YAAC,CAAC,MAAM,CACnC,CAAC,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC,YAAC,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,YAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAC1D,CAAC;QAEF,MAAM,mBAAmB,GAAG,MAAM,OAAO,CAAC,OAAO,CAAC,UAAU,CAAC;aAC1D,IAAI,CAAC,iBAAiB,CAAC;aACvB,IAAI,CAAC,uBAAuB,CAAC;aAC7B,IAAI,CAAC,kBAAkB,CAAC;aACxB,IAAI,CAAC,oBAAoB,CAAC,CAAC;QAE9B,MAAM,YAAY,GAAG,YAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QACxC,MAAM,WAAW,GAAG,YAAC,CAAC,GAAG,CAAC,YAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC;QAE5C,IAAI,mBAAmB,CAAC,KAAK,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE;YAClD,OAAO;SACR;QAED,IAAI,YAAC,CAAC,OAAO,CAAC,mBAAmB,CAAC,IAAI,mBAAmB,CAAC,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,EAAE;YAClF,OAAO,QAAQ,CAAC,EAAE,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,CAAC,CAAC;SAClD;QAED,MAAM,OAAO,GAAG,WAAW,CAAC,mBAAmB,CAAC,CAAC,MAAM,CAAC,YAAC,CAAC,QAAQ,CAAC,CAAC;QAEpE,IAAI,YAAC,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE;YACtB,OAAO,QAAQ,CAAC,EAAE,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,CAAC,CAAC;SAClD;QAED,OAAO,QAAQ,CAAC;YACd,MAAM;YACN,OAAO;YACP,UAAU;YACV,SAAS,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC,EAAE;SACxC,CAAC,CAAC;IACL,CAAC,CAAC;IAEF,OAAO;QACL,IAAI,KAAK;YACP,OAAO,KAAK,CAAC,KAAK,CAAC;QACrB,CAAC;QAED;;;WAGG;QACH,sBAAsB,CAAC,GAAG,EAAE,OAAgC;YAC1D,OAAO,KAAK,EAAE,UAAoC,EAAE,EAAE;gBACpD,MAAM,WAAW,GAAG,IAAA,iCAAyB,EAAC,EAAE,OAAO,EAAE,UAAU,EAAE,CAAC,CAAC;gBAEvE,MAAM,KAAK,CAAC,KAAK,CAAC,4BAA4B,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;gBAElE,OAAO,GAAG,CAAC,UAAU,CAAC,CAAC;YACzB,CAAC,CAAC;QACJ,CAAC;QAED;;WAEG;QACH,EAAE,CAAC,IAAI,EAAE,OAAO;YACd,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YAC5C,MAAM,WAAW,GAAG,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;YAE9C,IAAI,CAAC,WAAW,EAAE;gBAChB,MAAM,IAAI,KAAK,CACb,2FAA2F,IAAI,yBAAyB,UAAU,CAAC,IAAI,CACrI,IAAI,CACL,EAAE,CACJ,CAAC;aACH;YAED,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;YAEpC,OAAO,IAAI,CAAC;QACd,CAAC;QAED;;;WAGG;QACH,KAAK,CAAC,eAAe,CAAC,WAAW,EAAE,UAAmC,EAAE;YACtE,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,qBAAqB,EAAE,CAAC;YAE/C,KAAK,MAAM,UAAU,IAAI,WAAW,EAAE;gBACpC,MAAM,QAAQ,GAAG,IAAI,CAAC,sBAAsB,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;gBAE3D,MAAM,QAAQ,CAAC,EAAE,UAAU,EAAE,OAAO,EAAE,QAAQ,EAAE,CAAC,CAAC;aACnD;YAED,OAAO,KAAK,EAAE,CAAC;QACjB,CAAC;KACF,CAAC;AACJ,CAAC,CAAC;AAEoB,wBAAG"}

package/dist/index.d.ts

@@ -0,0 +1,7 @@
+import * as domain from './domain';
+import * as engine from './engine';
+declare const _default: {
+    domain: typeof domain;
+    engine: typeof engine;
+};
+export = _default;

package/dist/index.js

@@ -0,0 +1,31 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+const domain = __importStar(require("./domain"));
+const engine = __importStar(require("./engine"));
+module.exports = {
+    domain,
+    engine,
+};
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAAA,iDAAmC;AACnC,iDAAmC;AAEnC,iBAAS;IACP,MAAM;IACN,MAAM;CACP,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@strapi/permissions",
-  "version": "4.12.0-beta.5",
+  "version": "4.12.1",
   "description": "Strapi's permission layer.",
   "repository": {
     "type": "git",
@@ -19,21 +19,34 @@
       "url": "https://strapi.io"
     }
   ],
-  "main": "./lib/index.js",
+  "files": [
+    "./dist"
+  ],
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
   "scripts": {
+    "build": "run -T tsc",
+    "build:ts": "run build",
+    "watch": "run -T tsc -w --preserveWatchOutput",
+    "clean": "run -T rimraf ./dist",
+    "prepublishOnly": "yarn clean && yarn build",
     "test:unit": "run -T jest",
     "test:unit:watch": "run -T jest --watch",
     "lint": "run -T eslint ."
   },
   "dependencies": {
     "@casl/ability": "5.4.4",
-    "@strapi/utils": "4.12.0-beta.5",
+    "@strapi/utils": "4.12.1",
     "lodash": "4.17.21",
     "sift": "16.0.1"
   },
+  "devDependencies": {
+    "eslint-config-custom": "4.12.1",
+    "tsconfig": "4.12.1"
+  },
   "engines": {
-    "node": ">=14.19.1 <=18.x.x",
+    "node": ">=16.0.0 <=20.x.x",
     "npm": ">=6.0.0"
   },
-  "gitHead": "690c85458416da815f0e944fa8fc6dbe0fb2d001"
+  "gitHead": "be8985fa20cb357981bca97bc65ee5c1b843f801"
 }

package/.eslintignore

@@ -1,2 +0,0 @@
-node_modules/
-.eslintrc.js

package/.eslintrc.js

@@ -1,4 +0,0 @@
-module.exports = {
-  root: true,
-  extends: ['custom/back'],
-};

package/index.d.ts

@@ -1,54 +0,0 @@
-import { hooks, providerFactory } from '@strapi/utils';
-
-interface Permission {
-  action: string;
-  subject?: string | object | null;
-  properties?: object;
-  conditions?: string[];
-}
-
-type Provider = ReturnType<typeof providerFactory>;
-
-interface BaseAction {
-  actionId: string;
-}
-
-interface BaseCondition {
-  name: string;
-  handler(...params: unknown[]): boolean | object;
-}
-
-interface ActionProvider<T extends Action = Action> extends Provider {}
-interface ConditionProvider<T extends Condition = Condition> extends Provider {}
-
-interface PermissionEngineHooks {
-  'before-format::validate.permission': ReturnType<typeof hooks.createAsyncBailHook>;
-  'format.permission': ReturnType<typeof hooks.createAsyncSeriesWaterfallHook>;
-  'after-format::validate.permission': ReturnType<typeof hooks.createAsyncBailHook>;
-  'before-evaluate.permission': ReturnType<typeof hooks.createAsyncSeriesHook>;
-  'before-register.permission': ReturnType<typeof hooks.createAsyncSeriesHook>;
-}
-
-type PermissionEngineHookName = keyof PermissionEngineHooks;
-
-interface PermissionEngine {
-  hooks: object;
-
-  on(hook: PermissionEngineHookName, handler: Function): PermissionEngine;
-  generateAbility(permissions: Permission[], options?: object): Ability;
-  createRegisterFunction(can: Function, options: object): Function;
-}
-
-interface BaseAbility {
-  can: Function;
-}
-
-interface AbilityBuilder {
-  can(permission: Permission): void | Promise<void>;
-  build(): BaseAbility | Promise<BaseAbility>;
-}
-
-interface PermissionEngineParams {
-  providers: { action: ActionProvider; condition: ConditionProvider };
-  abilityBuilderFactory(): AbilityBuilder;
-}

package/lib/domain/index.js

@@ -1,7 +0,0 @@
-'use strict';
-
-const permission = require('./permission');
-
-module.exports = {
-  permission,
-};

package/lib/domain/permission/index.js

@@ -1,68 +0,0 @@
-'use strict';
-
-const _ = require('lodash/fp');
-
-const PERMISSION_FIELDS = ['action', 'subject', 'properties', 'conditions'];
-
-const sanitizePermissionFields = _.pick(PERMISSION_FIELDS);
-
-/**
- * @typedef {import("../../..").Permission} Permission
- */
-
-/**
- * Creates a permission with default values for optional properties
- *
- * @return {Pick<Permission, 'conditions' | 'properties' | 'subject'>}
- */
-const getDefaultPermission = () => ({
-  conditions: [],
-  properties: {},
-  subject: null,
-});
-
-/**
- * Create a new permission based on given attributes
- *
- * @param {object} attributes
- *
- * @return {Permission}
- */
-const create = _.pipe(_.pick(PERMISSION_FIELDS), _.merge(getDefaultPermission()));
-
-/**
- * Add a condition to a permission
- *
- * @param {string} condition The condition to add
- * @param {Permission} permission The permission on which we want to add the condition
- *
- * @return {Permission}
- */
-const addCondition = _.curry((condition, permission) => {
-  const { conditions } = permission;
-
-  const newConditions = Array.isArray(conditions)
-    ? _.uniq(conditions.concat(condition))
-    : [condition];
-
-  return _.set('conditions', newConditions, permission);
-});
-
-/**
- * Gets a property or a part of a property from a permission.
- *
- * @function
- *
- * @param {string} property - The property to get
- * @param {Permission} permission - The permission on which we want to access the property
- *
- * @return {Permission}
- */
-const getProperty = _.curry((property, permission) => _.get(`properties.${property}`, permission));
-
-module.exports = {
-  create,
-  sanitizePermissionFields,
-  addCondition,
-  getProperty,
-};

package/lib/engine/abilities/casl-ability.js

@@ -1,57 +0,0 @@
-'use strict';
-
-const sift = require('sift');
-const { AbilityBuilder, Ability } = require('@casl/ability');
-const { pick, isNil, isObject } = require('lodash/fp');
-
-const allowedOperations = [
-  '$or',
-  '$and',
-  '$eq',
-  '$ne',
-  '$in',
-  '$nin',
-  '$lt',
-  '$lte',
-  '$gt',
-  '$gte',
-  '$exists',
-  '$elemMatch',
-];
-
-const operations = pick(allowedOperations, sift);
-
-const conditionsMatcher = (conditions) => {
-  return sift.createQueryTester(conditions, { operations });
-};
-
-/**
- * Casl Ability Builder.
- */
-const caslAbilityBuilder = () => {
-  const { can, build, ...rest } = new AbilityBuilder(Ability);
-
-  return {
-    can(permission) {
-      const { action, subject, properties = {}, condition } = permission;
-      const { fields } = properties;
-
-      return can(
-        action,
-        isNil(subject) ? 'all' : subject,
-        fields,
-        isObject(condition) ? condition : undefined
-      );
-    },
-
-    build() {
-      return build({ conditionsMatcher });
-    },
-
-    ...rest,
-  };
-};
-
-module.exports = {
-  caslAbilityBuilder,
-};

package/lib/engine/abilities/index.js

@@ -1,7 +0,0 @@
-'use strict';
-
-const { caslAbilityBuilder } = require('./casl-ability');
-
-module.exports = {
-  caslAbilityBuilder,
-};

package/lib/engine/hooks.js

@@ -1,97 +0,0 @@
-'use strict';
-
-const { cloneDeep, has } = require('lodash/fp');
-const { hooks } = require('@strapi/utils');
-
-const domain = require('../domain');
-
-/**
- * Create a hook map used by the permission Engine
- *
- * @return {import('../..').PermissionEngineHooks}
- */
-const createEngineHooks = () => ({
-  'before-format::validate.permission': hooks.createAsyncBailHook(),
-  'format.permission': hooks.createAsyncSeriesWaterfallHook(),
-  'after-format::validate.permission': hooks.createAsyncBailHook(),
-  'before-evaluate.permission': hooks.createAsyncSeriesHook(),
-  'before-register.permission': hooks.createAsyncSeriesHook(),
-});
-
-/**
- * Create a context from a domain {@link Permission} used by the validate hooks
- * @param {Permission} permission
- * @return {{ readonly permission: Permission }}
- */
-const createValidateContext = (permission) => ({
-  get permission() {
-    return cloneDeep(permission);
-  },
-});
-
-/**
- * Create a context from a domain {@link Permission} used by the before valuate hook
- * @param {Permission} permission
- * @return {{readonly permission: Permission, addCondition(string): this}}
- */
-const createBeforeEvaluateContext = (permission) => ({
-  get permission() {
-    return cloneDeep(permission);
-  },
-
-  addCondition(condition) {
-    Object.assign(permission, domain.permission.addCondition(condition, permission));
-
-    return this;
-  },
-});
-
-/**
- * Create a context from a casl Permission & some options
- * @param caslPermission
- * @param {object} options
- * @param {Permission} options.permission
- * @param {object} options.user
- */
-const createWillRegisterContext = ({ permission, options }) => ({
-  ...options,
-
-  get permission() {
-    return cloneDeep(permission);
-  },
-
-  condition: {
-    and(rawConditionObject) {
-      if (!permission.condition) {
-        Object.assign(permission, { condition: { $and: [] } });
-      }
-
-      permission.condition.$and.push(rawConditionObject);
-
-      return this;
-    },
-
-    or(rawConditionObject) {
-      if (!permission.condition) {
-        Object.assign(permission, { condition: { $and: [] } });
-      }
-
-      const orClause = permission.condition.$and.find(has('$or'));
-
-      if (orClause) {
-        orClause.$or.push(rawConditionObject);
-      } else {
-        permission.condition.$and.push({ $or: [rawConditionObject] });
-      }
-
-      return this;
-    },
-  },
-});
-
-module.exports = {
-  createEngineHooks,
-  createValidateContext,
-  createBeforeEvaluateContext,
-  createWillRegisterContext,
-};

package/lib/engine/index.js

@@ -1,209 +0,0 @@
-'use strict';
-
-const _ = require('lodash/fp');
-
-const abilities = require('./abilities');
-
-const {
-  createEngineHooks,
-  createWillRegisterContext,
-  createBeforeEvaluateContext,
-  createValidateContext,
-} = require('./hooks');
-
-/**
- * @typedef {import("../..").PermissionEngine} PermissionEngine
- * @typedef {import("../..").ActionProvider} ActionProvider
- * @typedef {import("../..").ConditionProvider} ConditionProvider
- * @typedef {import("../..").PermissionEngineParams} PermissionEngineParams
- * @typedef {import("../..").Permission} Permission
- */
-
-/**
- * Create a default state object for the engine
- */
-const createEngineState = () => {
-  const hooks = createEngineHooks();
-
-  return { hooks };
-};
-
-module.exports = {
-  abilities,
-
-  /**
-   * Create a new instance of a permission engine
-   *
-   * @param {PermissionEngineParams} params
-   *
-   * @return {PermissionEngine}
-   */
-  new(params) {
-    const { providers, abilityBuilderFactory = abilities.caslAbilityBuilder } = params;
-
-    const state = createEngineState();
-
-    const runValidationHook = async (hook, context) => state.hooks[hook].call(context);
-
-    /**
-     * Evaluate a permission using local and registered behaviors (using hooks).
-     * Validate, format (add condition, etc...), evaluate (evaluate conditions) and register a permission
-     *
-     * @param {object} params
-     * @param {object} params.options
-     * @param {Function} params.register
-     * @param {Permission} params.permission
-     */
-    const evaluate = async (params) => {
-      const { options, register } = params;
-
-      const preFormatValidation = await runValidationHook(
-        'before-format::validate.permission',
-        createBeforeEvaluateContext(params.permission)
-      );
-
-      if (preFormatValidation === false) {
-        return;
-      }
-
-      const permission = await state.hooks['format.permission'].call(params.permission);
-
-      const afterFormatValidation = await runValidationHook(
-        'after-format::validate.permission',
-        createValidateContext(permission)
-      );
-
-      if (afterFormatValidation === false) {
-        return;
-      }
-
-      await state.hooks['before-evaluate.permission'].call(createBeforeEvaluateContext(permission));
-
-      const { action, subject, properties, conditions = [] } = permission;
-
-      if (conditions.length === 0) {
-        return register({ action, subject, properties });
-      }
-
-      const resolveConditions = _.map(providers.condition.get);
-
-      const removeInvalidConditions = _.filter((condition) => _.isFunction(condition.handler));
-
-      const evaluateConditions = (conditions) => {
-        return Promise.all(
-          conditions.map(async (condition) => ({
-            condition,
-            result: await condition.handler(
-              _.merge(options, { permission: _.cloneDeep(permission) })
-            ),
-          }))
-        );
-      };
-
-      const removeInvalidResults = _.filter(
-        ({ result }) => _.isBoolean(result) || _.isObject(result)
-      );
-
-      const evaluatedConditions = await Promise.resolve(conditions)
-        .then(resolveConditions)
-        .then(removeInvalidConditions)
-        .then(evaluateConditions)
-        .then(removeInvalidResults);
-
-      const resultPropEq = _.propEq('result');
-      const pickResults = _.map(_.prop('result'));
-
-      if (evaluatedConditions.every(resultPropEq(false))) {
-        return;
-      }
-
-      if (_.isEmpty(evaluatedConditions) || evaluatedConditions.some(resultPropEq(true))) {
-        return register({ action, subject, properties });
-      }
-
-      const results = pickResults(evaluatedConditions).filter(_.isObject);
-
-      if (_.isEmpty(results)) {
-        return register({ action, subject, properties });
-      }
-
-      return register({
-        action,
-        subject,
-        properties,
-        condition: { $and: [{ $or: results }] },
-      });
-    };
-
-    return {
-      get hooks() {
-        return state.hooks;
-      },
-
-      /**
-       * Create a register function that wraps a `can` function
-       * used to register a permission in the ability builder
-       *
-       * @param {Function} can
-       * @param {object} options
-       *
-       * @return {Function}
-       */
-      createRegisterFunction(can, options) {
-        return async (permission) => {
-          const hookContext = createWillRegisterContext({ options, permission });
-
-          await state.hooks['before-register.permission'].call(hookContext);
-
-          return can(permission);
-        };
-      },
-
-      /**
-       * Register a new handler for a given hook
-       *
-       * @param {string} hook
-       * @param {Function} handler
-       *
-       * @return {this}
-       */
-      on(hook, handler) {
-        const validHooks = Object.keys(state.hooks);
-        const isValidHook = validHooks.includes(hook);
-
-        if (!isValidHook) {
-          throw new Error(
-            `Invalid hook supplied when trying to register an handler to the permission engine. Got "${hook}" but expected one of ${validHooks.join(
-              ', '
-            )}`
-          );
-        }
-
-        state.hooks[hook].register(handler);
-
-        return this;
-      },
-
-      /**
-       * Generate an ability based on the instance's
-       * ability builder and the given permissions
-       *
-       * @param {Permission[]} permissions
-       * @param {object} [options]
-       *
-       * @return {object}
-       */
-      async generateAbility(permissions, options = {}) {
-        const { can, build } = abilityBuilderFactory();
-
-        for (const permission of permissions) {
-          const register = this.createRegisterFunction(can, options);
-
-          await evaluate({ permission, options, register });
-        }
-
-        return build();
-      },
-    };
-  },
-};

package/lib/index.js

@@ -1,9 +0,0 @@
-'use strict';
-
-const domain = require('./domain');
-const engine = require('./engine');
-
-module.exports = {
-  domain,
-  engine,
-};