@strapi/permissions 5.12.1 → 5.12.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (29) hide show
  1. package/dist/domain/index.js +8 -0
  2. package/dist/domain/index.js.map +1 -0
  3. package/dist/domain/index.mjs +3 -0
  4. package/dist/domain/index.mjs.map +1 -0
  5. package/dist/domain/permission/index.js +41 -0
  6. package/dist/domain/permission/index.js.map +1 -0
  7. package/dist/domain/permission/index.mjs +36 -0
  8. package/dist/domain/permission/index.mjs.map +1 -0
  9. package/dist/engine/abilities/casl-ability.js +87 -0
  10. package/dist/engine/abilities/casl-ability.js.map +1 -0
  11. package/dist/engine/abilities/casl-ability.mjs +66 -0
  12. package/dist/engine/abilities/casl-ability.mjs.map +1 -0
  13. package/dist/engine/abilities/index.js +8 -0
  14. package/dist/engine/abilities/index.js.map +1 -0
  15. package/dist/engine/abilities/index.mjs +2 -0
  16. package/dist/engine/abilities/index.mjs.map +1 -0
  17. package/dist/engine/hooks.js +81 -0
  18. package/dist/engine/hooks.js.map +1 -0
  19. package/dist/engine/hooks.mjs +76 -0
  20. package/dist/engine/hooks.mjs.map +1 -0
  21. package/dist/engine/index.js +141 -0
  22. package/dist/engine/index.js.map +1 -0
  23. package/dist/engine/index.mjs +139 -0
  24. package/dist/engine/index.mjs.map +1 -0
  25. package/dist/index.js +4 -339
  26. package/dist/index.js.map +1 -1
  27. package/dist/index.mjs +4 -322
  28. package/dist/index.mjs.map +1 -1
  29. package/package.json +4 -4
package/dist/domain/index.js ADDED
@@ -0,0 +1,8 @@
1
+ 'use strict';
2
+
3
+ var index = require('./permission/index.js');
4
+
5
+
6
+
7
+ exports.permission = index;
8
+ //# sourceMappingURL=index.js.map
package/dist/domain/index.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.js","sources":[],"sourcesContent":[],"names":[],"mappings":";;;;;;"}
package/dist/domain/index.mjs ADDED
@@ -0,0 +1,3 @@
1
+ import * as index from './permission/index.mjs';
2
+ export { index as permission };
3
+ //# sourceMappingURL=index.mjs.map
package/dist/domain/index.mjs.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.mjs","sources":[],"sourcesContent":[],"names":[],"mappings":";"}
package/dist/domain/permission/index.js ADDED
@@ -0,0 +1,41 @@
1
+ 'use strict';
2
+
3
+ var _ = require('lodash/fp');
4
+
5
+ const PERMISSION_FIELDS = [
6
+ 'action',
7
+ 'subject',
8
+ 'properties',
9
+ 'conditions'
10
+ ];
11
+ const sanitizePermissionFields = _.pick(PERMISSION_FIELDS);
12
+ /**
13
+ * Creates a permission with default values for optional properties
14
+ */ const getDefaultPermission = ()=>({
15
+ conditions: [],
16
+ properties: {},
17
+ subject: null
18
+ });
19
+ /**
20
+ * Create a new permission based on given attributes
21
+ *
22
+ * @param {object} attributes
23
+ */ const create = _.pipe(_.pick(PERMISSION_FIELDS), _.merge(getDefaultPermission()));
24
+ /**
25
+ * Add a condition to a permission
26
+ */ const addCondition = _.curry((condition, permission)=>{
27
+ const { conditions } = permission;
28
+ const newConditions = Array.isArray(conditions) ? _.uniq(conditions.concat(condition)) : [
29
+ condition
30
+ ];
31
+ return _.set('conditions', newConditions, permission);
32
+ });
33
+ /**
34
+ * Gets a property or a part of a property from a permission.
35
+ */ const getProperty = _.curry((property, permission)=>_.get(`properties.${property}`, permission));
36
+
37
+ exports.addCondition = addCondition;
38
+ exports.create = create;
39
+ exports.getProperty = getProperty;
40
+ exports.sanitizePermissionFields = sanitizePermissionFields;
41
+ //# sourceMappingURL=index.js.map
package/dist/domain/permission/index.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.js","sources":["../../../src/domain/permission/index.ts"],"sourcesContent":["import _ from 'lodash/fp';\n\nconst PERMISSION_FIELDS = ['action', 'subject', 'properties', 'conditions'] as const;\n\nconst sanitizePermissionFields = _.pick(PERMISSION_FIELDS);\n\nexport interface Permission {\n action: string;\n actionParameters?: Record<string, unknown>;\n subject?: string | object | null;\n properties?: Record<string, any>;\n conditions?: string[];\n}\n\n/**\n * Creates a permission with default values for optional properties\n */\nconst getDefaultPermission = (): Pick<Permission, 'conditions' | 'properties' | 'subject'> => ({\n conditions: [],\n properties: {},\n subject: null,\n});\n\n/**\n * Create a new permission based on given attributes\n *\n * @param {object} attributes\n */\nconst create = _.pipe(_.pick(PERMISSION_FIELDS), _.merge(getDefaultPermission()));\n\n/**\n * Add a condition to a permission\n */\nconst addCondition = _.curry((condition: string, permission: Permission): Permission => {\n const { conditions } = permission;\n\n const newConditions = Array.isArray(conditions)\n ? _.uniq(conditions.concat(condition))\n : [condition];\n\n return _.set('conditions', newConditions, permission);\n});\n\n/**\n * Gets a property or a part of a property from a permission.\n */\nconst getProperty = _.curry(\n <T extends keyof Permission['properties']>(\n property: T,\n permission: Permission\n ): Permission['properties'][T] => _.get(`properties.${property}`, permission)\n);\n\nexport { create, sanitizePermissionFields, addCondition, getProperty };\n"],"names":["PERMISSION_FIELDS","sanitizePermissionFields","_","pick","getDefaultPermission","conditions","properties","subject","create","pipe","merge","addCondition","curry","condition","permission","newConditions","Array","isArray","uniq","concat","set","getProperty","property","get"],"mappings":";;;;AAEA,MAAMA,iBAAoB,GAAA;AAAC,IAAA,QAAA;AAAU,IAAA,SAAA;AAAW,IAAA,YAAA;AAAc,IAAA;AAAa,CAAA;AAErEC,MAAAA,wBAAAA,GAA2BC,CAAEC,CAAAA,IAAI,CAACH,iBAAAA;AAUxC;;IAGA,MAAMI,oBAAuB,GAAA,KAAkE;AAC7FC,QAAAA,UAAAA,EAAY,EAAE;AACdC,QAAAA,UAAAA,EAAY,EAAC;QACbC,OAAS,EAAA;KACX,CAAA;AAEA;;;;IAKA,MAAMC,MAASN,GAAAA,CAAAA,CAAEO,IAAI,CAACP,CAAEC,CAAAA,IAAI,CAACH,iBAAAA,CAAAA,EAAoBE,CAAEQ,CAAAA,KAAK,CAACN,oBAAAA,EAAAA,CAAAA;AAEzD;;AAEC,UACKO,YAAeT,GAAAA,CAAAA,CAAEU,KAAK,CAAC,CAACC,SAAmBC,EAAAA,UAAAA,GAAAA;IAC/C,MAAM,EAAET,UAAU,EAAE,GAAGS,UAAAA;IAEvB,MAAMC,aAAAA,GAAgBC,KAAMC,CAAAA,OAAO,CAACZ,UAAAA,CAAAA,GAChCH,CAAEgB,CAAAA,IAAI,CAACb,UAAAA,CAAWc,MAAM,CAACN,SACzB,CAAA,CAAA,GAAA;AAACA,QAAAA;AAAU,KAAA;AAEf,IAAA,OAAOX,CAAEkB,CAAAA,GAAG,CAAC,YAAA,EAAcL,aAAeD,EAAAA,UAAAA,CAAAA;AAC5C,CAAA;AAEA;;AAEC,UACKO,WAAcnB,GAAAA,CAAAA,CAAEU,KAAK,CACzB,CACEU,QACAR,EAAAA,UAAAA,GACgCZ,CAAEqB,CAAAA,GAAG,CAAC,CAAC,WAAW,EAAED,QAAAA,CAAS,CAAC,EAAER,UAAAA,CAAAA;;;;;;;"}
package/dist/domain/permission/index.mjs ADDED
@@ -0,0 +1,36 @@
1
+ import _ from 'lodash/fp';
2
+
3
+ const PERMISSION_FIELDS = [
4
+ 'action',
5
+ 'subject',
6
+ 'properties',
7
+ 'conditions'
8
+ ];
9
+ const sanitizePermissionFields = _.pick(PERMISSION_FIELDS);
10
+ /**
11
+ * Creates a permission with default values for optional properties
12
+ */ const getDefaultPermission = ()=>({
13
+ conditions: [],
14
+ properties: {},
15
+ subject: null
16
+ });
17
+ /**
18
+ * Create a new permission based on given attributes
19
+ *
20
+ * @param {object} attributes
21
+ */ const create = _.pipe(_.pick(PERMISSION_FIELDS), _.merge(getDefaultPermission()));
22
+ /**
23
+ * Add a condition to a permission
24
+ */ const addCondition = _.curry((condition, permission)=>{
25
+ const { conditions } = permission;
26
+ const newConditions = Array.isArray(conditions) ? _.uniq(conditions.concat(condition)) : [
27
+ condition
28
+ ];
29
+ return _.set('conditions', newConditions, permission);
30
+ });
31
+ /**
32
+ * Gets a property or a part of a property from a permission.
33
+ */ const getProperty = _.curry((property, permission)=>_.get(`properties.${property}`, permission));
34
+
35
+ export { addCondition, create, getProperty, sanitizePermissionFields };
36
+ //# sourceMappingURL=index.mjs.map
package/dist/domain/permission/index.mjs.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.mjs","sources":["../../../src/domain/permission/index.ts"],"sourcesContent":["import _ from 'lodash/fp';\n\nconst PERMISSION_FIELDS = ['action', 'subject', 'properties', 'conditions'] as const;\n\nconst sanitizePermissionFields = _.pick(PERMISSION_FIELDS);\n\nexport interface Permission {\n action: string;\n actionParameters?: Record<string, unknown>;\n subject?: string | object | null;\n properties?: Record<string, any>;\n conditions?: string[];\n}\n\n/**\n * Creates a permission with default values for optional properties\n */\nconst getDefaultPermission = (): Pick<Permission, 'conditions' | 'properties' | 'subject'> => ({\n conditions: [],\n properties: {},\n subject: null,\n});\n\n/**\n * Create a new permission based on given attributes\n *\n * @param {object} attributes\n */\nconst create = _.pipe(_.pick(PERMISSION_FIELDS), _.merge(getDefaultPermission()));\n\n/**\n * Add a condition to a permission\n */\nconst addCondition = _.curry((condition: string, permission: Permission): Permission => {\n const { conditions } = permission;\n\n const newConditions = Array.isArray(conditions)\n ? _.uniq(conditions.concat(condition))\n : [condition];\n\n return _.set('conditions', newConditions, permission);\n});\n\n/**\n * Gets a property or a part of a property from a permission.\n */\nconst getProperty = _.curry(\n <T extends keyof Permission['properties']>(\n property: T,\n permission: Permission\n ): Permission['properties'][T] => _.get(`properties.${property}`, permission)\n);\n\nexport { create, sanitizePermissionFields, addCondition, getProperty };\n"],"names":["PERMISSION_FIELDS","sanitizePermissionFields","_","pick","getDefaultPermission","conditions","properties","subject","create","pipe","merge","addCondition","curry","condition","permission","newConditions","Array","isArray","uniq","concat","set","getProperty","property","get"],"mappings":";;AAEA,MAAMA,iBAAoB,GAAA;AAAC,IAAA,QAAA;AAAU,IAAA,SAAA;AAAW,IAAA,YAAA;AAAc,IAAA;AAAa,CAAA;AAErEC,MAAAA,wBAAAA,GAA2BC,CAAEC,CAAAA,IAAI,CAACH,iBAAAA;AAUxC;;IAGA,MAAMI,oBAAuB,GAAA,KAAkE;AAC7FC,QAAAA,UAAAA,EAAY,EAAE;AACdC,QAAAA,UAAAA,EAAY,EAAC;QACbC,OAAS,EAAA;KACX,CAAA;AAEA;;;;IAKA,MAAMC,MAASN,GAAAA,CAAAA,CAAEO,IAAI,CAACP,CAAEC,CAAAA,IAAI,CAACH,iBAAAA,CAAAA,EAAoBE,CAAEQ,CAAAA,KAAK,CAACN,oBAAAA,EAAAA,CAAAA;AAEzD;;AAEC,UACKO,YAAeT,GAAAA,CAAAA,CAAEU,KAAK,CAAC,CAACC,SAAmBC,EAAAA,UAAAA,GAAAA;IAC/C,MAAM,EAAET,UAAU,EAAE,GAAGS,UAAAA;IAEvB,MAAMC,aAAAA,GAAgBC,KAAMC,CAAAA,OAAO,CAACZ,UAAAA,CAAAA,GAChCH,CAAEgB,CAAAA,IAAI,CAACb,UAAAA,CAAWc,MAAM,CAACN,SACzB,CAAA,CAAA,GAAA;AAACA,QAAAA;AAAU,KAAA;AAEf,IAAA,OAAOX,CAAEkB,CAAAA,GAAG,CAAC,YAAA,EAAcL,aAAeD,EAAAA,UAAAA,CAAAA;AAC5C,CAAA;AAEA;;AAEC,UACKO,WAAcnB,GAAAA,CAAAA,CAAEU,KAAK,CACzB,CACEU,QACAR,EAAAA,UAAAA,GACgCZ,CAAEqB,CAAAA,GAAG,CAAC,CAAC,WAAW,EAAED,QAAAA,CAAS,CAAC,EAAER,UAAAA,CAAAA;;;;"}
package/dist/engine/abilities/casl-ability.js ADDED
@@ -0,0 +1,87 @@
1
+ 'use strict';
2
+
3
+ var sift = require('sift');
4
+ var qs = require('qs');
5
+ var ability = require('@casl/ability');
6
+ var _ = require('lodash/fp');
7
+
8
+ function _interopNamespaceDefault(e) {
9
+ var n = Object.create(null);
10
+ if (e) {
11
+ Object.keys(e).forEach(function (k) {
12
+ if (k !== 'default') {
13
+ var d = Object.getOwnPropertyDescriptor(e, k);
14
+ Object.defineProperty(n, k, d.get ? d : {
15
+ enumerable: true,
16
+ get: function () { return e[k]; }
17
+ });
18
+ }
19
+ });
20
+ }
21
+ n.default = e;
22
+ return Object.freeze(n);
23
+ }
24
+
25
+ var sift__namespace = /*#__PURE__*/_interopNamespaceDefault(sift);
26
+
27
+ const allowedOperations = [
28
+ '$or',
29
+ '$and',
30
+ '$eq',
31
+ '$ne',
32
+ '$in',
33
+ '$nin',
34
+ '$lt',
35
+ '$lte',
36
+ '$gt',
37
+ '$gte',
38
+ '$exists',
39
+ '$elemMatch'
40
+ ];
41
+ const operations = _.pick(allowedOperations, sift__namespace);
42
+ const conditionsMatcher = (conditions)=>{
43
+ return sift__namespace.createQueryTester(conditions, {
44
+ operations
45
+ });
46
+ };
47
+ const buildParametrizedAction = ({ name, params })=>{
48
+ return `${name}?${qs.stringify(params)}`;
49
+ };
50
+ /**
51
+ * Casl Ability Builder.
52
+ */ const caslAbilityBuilder = ()=>{
53
+ const { can, build, ...rest } = new ability.AbilityBuilder(ability.Ability);
54
+ return {
55
+ can (permission) {
56
+ const { action, subject, properties = {}, condition } = permission;
57
+ const { fields } = properties;
58
+ const caslAction = typeof action === 'string' ? action : buildParametrizedAction(action);
59
+ return can(caslAction, _.isNil(subject) ? 'all' : subject, fields, _.isObject(condition) ? condition : undefined);
60
+ },
61
+ buildParametrizedAction ({ name, params }) {
62
+ return `${name}?${qs.stringify(params)}`;
63
+ },
64
+ build () {
65
+ const ability = build({
66
+ conditionsMatcher
67
+ });
68
+ function decorateCan(originalCan) {
69
+ return function(...args) {
70
+ const [action, ...rest] = args;
71
+ const caslAction = typeof action === 'string' ? action : buildParametrizedAction(action);
72
+ // Call the original `can` method
73
+ return originalCan.apply(ability, [
74
+ caslAction,
75
+ ...rest
76
+ ]);
77
+ };
78
+ }
79
+ ability.can = decorateCan(ability.can);
80
+ return ability;
81
+ },
82
+ ...rest
83
+ };
84
+ };
85
+
86
+ exports.caslAbilityBuilder = caslAbilityBuilder;
87
+ //# sourceMappingURL=casl-ability.js.map
package/dist/engine/abilities/casl-ability.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"casl-ability.js","sources":["../../../src/engine/abilities/casl-ability.ts"],"sourcesContent":["import * as sift from 'sift';\nimport qs from 'qs';\nimport { AbilityBuilder, Ability } from '@casl/ability';\nimport { pick, isNil, isObject } from 'lodash/fp';\nimport type { ParametrizedAction, PermissionRule } from '../../types';\n\nexport interface CustomAbilityBuilder {\n can(permission: PermissionRule): ReturnType<AbilityBuilder<Ability>['can']>;\n buildParametrizedAction: (parametrizedAction: ParametrizedAction) => string;\n build(): Ability;\n}\n\nconst allowedOperations = [\n '$or',\n '$and',\n '$eq',\n '$ne',\n '$in',\n '$nin',\n '$lt',\n '$lte',\n '$gt',\n '$gte',\n '$exists',\n '$elemMatch',\n] as const;\n\nconst operations = pick(allowedOperations, sift);\n\nconst conditionsMatcher = (conditions: unknown) => {\n return sift.createQueryTester(conditions, { operations });\n};\n\nconst buildParametrizedAction = ({ name, params }: ParametrizedAction) => {\n return `${name}?${qs.stringify(params)}`;\n};\n\n/**\n * Casl Ability Builder.\n */\nexport const caslAbilityBuilder = (): CustomAbilityBuilder => {\n const { can, build, ...rest } = new AbilityBuilder(Ability);\n\n return {\n can(permission: PermissionRule) {\n const { action, subject, properties = {}, condition } = permission;\n const { fields } = properties;\n\n const caslAction = typeof action === 'string' ? action : buildParametrizedAction(action);\n\n return can(\n caslAction,\n isNil(subject) ? 'all' : subject,\n fields,\n isObject(condition) ? condition : undefined\n );\n },\n\n buildParametrizedAction({ name, params }: ParametrizedAction) {\n return `${name}?${qs.stringify(params)}`;\n },\n\n build() {\n const ability = build({ conditionsMatcher });\n\n function decorateCan(originalCan: Ability['can']) {\n return function (...args: Parameters<Ability['can']>) {\n const [action, ...rest] = args;\n const caslAction = typeof action === 'string' ? action : buildParametrizedAction(action);\n\n // Call the original `can` method\n return originalCan.apply(ability, [caslAction, ...rest]);\n };\n }\n\n ability.can = decorateCan(ability.can);\n return ability;\n },\n\n ...rest,\n };\n};\n"],"names":["allowedOperations","operations","pick","sift","conditionsMatcher","conditions","createQueryTester","buildParametrizedAction","name","params","qs","stringify","caslAbilityBuilder","can","build","rest","AbilityBuilder","Ability","permission","action","subject","properties","condition","fields","caslAction","isNil","isObject","undefined","ability","decorateCan","originalCan","args","apply"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAYA,MAAMA,iBAAoB,GAAA;AACxB,IAAA,KAAA;AACA,IAAA,MAAA;AACA,IAAA,KAAA;AACA,IAAA,KAAA;AACA,IAAA,KAAA;AACA,IAAA,MAAA;AACA,IAAA,KAAA;AACA,IAAA,MAAA;AACA,IAAA,KAAA;AACA,IAAA,MAAA;AACA,IAAA,SAAA;AACA,IAAA;AACD,CAAA;AAED,MAAMC,UAAAA,GAAaC,OAAKF,iBAAmBG,EAAAA,eAAAA,CAAAA;AAE3C,MAAMC,oBAAoB,CAACC,UAAAA,GAAAA;IACzB,OAAOF,eAAAA,CAAKG,iBAAiB,CAACD,UAAY,EAAA;AAAEJ,QAAAA;AAAW,KAAA,CAAA;AACzD,CAAA;AAEA,MAAMM,0BAA0B,CAAC,EAAEC,IAAI,EAAEC,MAAM,EAAsB,GAAA;IACnE,OAAO,CAAC,EAAED,IAAK,CAAA,CAAC,EAAEE,EAAGC,CAAAA,SAAS,CAACF,MAAAA,CAAAA,CAAQ,CAAC;AAC1C,CAAA;AAEA;;UAGaG,kBAAqB,GAAA,IAAA;IAChC,MAAM,EAAEC,GAAG,EAAEC,KAAK,EAAE,GAAGC,IAAAA,EAAM,GAAG,IAAIC,sBAAeC,CAAAA,eAAAA,CAAAA;IAEnD,OAAO;AACLJ,QAAAA,GAAAA,CAAAA,CAAIK,UAA0B,EAAA;YAC5B,MAAM,EAAEC,MAAM,EAAEC,OAAO,EAAEC,UAAa,GAAA,EAAE,EAAEC,SAAS,EAAE,GAAGJ,UAAAA;YACxD,MAAM,EAAEK,MAAM,EAAE,GAAGF,UAAAA;AAEnB,YAAA,MAAMG,UAAa,GAAA,OAAOL,MAAW,KAAA,QAAA,GAAWA,SAASZ,uBAAwBY,CAAAA,MAAAA,CAAAA;YAEjF,OAAON,GAAAA,CACLW,YACAC,OAAML,CAAAA,OAAAA,CAAAA,GAAW,QAAQA,OACzBG,EAAAA,MAAAA,EACAG,UAASJ,CAAAA,SAAAA,CAAAA,GAAaA,SAAYK,GAAAA,SAAAA,CAAAA;AAEtC,SAAA;AAEApB,QAAAA,uBAAAA,CAAAA,CAAwB,EAAEC,IAAI,EAAEC,MAAM,EAAsB,EAAA;YAC1D,OAAO,CAAC,EAAED,IAAK,CAAA,CAAC,EAAEE,EAAGC,CAAAA,SAAS,CAACF,MAAAA,CAAAA,CAAQ,CAAC;AAC1C,SAAA;AAEAK,QAAAA,KAAAA,CAAAA,GAAAA;AACE,YAAA,MAAMc,UAAUd,KAAM,CAAA;AAAEV,gBAAAA;AAAkB,aAAA,CAAA;AAE1C,YAAA,SAASyB,YAAYC,WAA2B,EAAA;gBAC9C,OAAO,SAAU,GAAGC,IAAgC,EAAA;AAClD,oBAAA,MAAM,CAACZ,MAAAA,EAAQ,GAAGJ,IAAAA,CAAK,GAAGgB,IAAAA;AAC1B,oBAAA,MAAMP,UAAa,GAAA,OAAOL,MAAW,KAAA,QAAA,GAAWA,SAASZ,uBAAwBY,CAAAA,MAAAA,CAAAA;;oBAGjF,OAAOW,WAAAA,CAAYE,KAAK,CAACJ,OAAS,EAAA;AAACJ,wBAAAA,UAAAA;AAAeT,wBAAAA,GAAAA;AAAK,qBAAA,CAAA;AACzD,iBAAA;AACF;AAEAa,YAAAA,OAAAA,CAAQf,GAAG,GAAGgB,WAAYD,CAAAA,OAAAA,CAAQf,GAAG,CAAA;YACrC,OAAOe,OAAAA;AACT,SAAA;AAEA,QAAA,GAAGb;AACL,KAAA;AACF;;;;"}
package/dist/engine/abilities/casl-ability.mjs ADDED
@@ -0,0 +1,66 @@
1
+ import * as sift from 'sift';
2
+ import qs from 'qs';
3
+ import { AbilityBuilder, Ability } from '@casl/ability';
4
+ import { pick, isNil, isObject } from 'lodash/fp';
5
+
6
+ const allowedOperations = [
7
+ '$or',
8
+ '$and',
9
+ '$eq',
10
+ '$ne',
11
+ '$in',
12
+ '$nin',
13
+ '$lt',
14
+ '$lte',
15
+ '$gt',
16
+ '$gte',
17
+ '$exists',
18
+ '$elemMatch'
19
+ ];
20
+ const operations = pick(allowedOperations, sift);
21
+ const conditionsMatcher = (conditions)=>{
22
+ return sift.createQueryTester(conditions, {
23
+ operations
24
+ });
25
+ };
26
+ const buildParametrizedAction = ({ name, params })=>{
27
+ return `${name}?${qs.stringify(params)}`;
28
+ };
29
+ /**
30
+ * Casl Ability Builder.
31
+ */ const caslAbilityBuilder = ()=>{
32
+ const { can, build, ...rest } = new AbilityBuilder(Ability);
33
+ return {
34
+ can (permission) {
35
+ const { action, subject, properties = {}, condition } = permission;
36
+ const { fields } = properties;
37
+ const caslAction = typeof action === 'string' ? action : buildParametrizedAction(action);
38
+ return can(caslAction, isNil(subject) ? 'all' : subject, fields, isObject(condition) ? condition : undefined);
39
+ },
40
+ buildParametrizedAction ({ name, params }) {
41
+ return `${name}?${qs.stringify(params)}`;
42
+ },
43
+ build () {
44
+ const ability = build({
45
+ conditionsMatcher
46
+ });
47
+ function decorateCan(originalCan) {
48
+ return function(...args) {
49
+ const [action, ...rest] = args;
50
+ const caslAction = typeof action === 'string' ? action : buildParametrizedAction(action);
51
+ // Call the original `can` method
52
+ return originalCan.apply(ability, [
53
+ caslAction,
54
+ ...rest
55
+ ]);
56
+ };
57
+ }
58
+ ability.can = decorateCan(ability.can);
59
+ return ability;
60
+ },
61
+ ...rest
62
+ };
63
+ };
64
+
65
+ export { caslAbilityBuilder };
66
+ //# sourceMappingURL=casl-ability.mjs.map
package/dist/engine/abilities/casl-ability.mjs.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"casl-ability.mjs","sources":["../../../src/engine/abilities/casl-ability.ts"],"sourcesContent":["import * as sift from 'sift';\nimport qs from 'qs';\nimport { AbilityBuilder, Ability } from '@casl/ability';\nimport { pick, isNil, isObject } from 'lodash/fp';\nimport type { ParametrizedAction, PermissionRule } from '../../types';\n\nexport interface CustomAbilityBuilder {\n can(permission: PermissionRule): ReturnType<AbilityBuilder<Ability>['can']>;\n buildParametrizedAction: (parametrizedAction: ParametrizedAction) => string;\n build(): Ability;\n}\n\nconst allowedOperations = [\n '$or',\n '$and',\n '$eq',\n '$ne',\n '$in',\n '$nin',\n '$lt',\n '$lte',\n '$gt',\n '$gte',\n '$exists',\n '$elemMatch',\n] as const;\n\nconst operations = pick(allowedOperations, sift);\n\nconst conditionsMatcher = (conditions: unknown) => {\n return sift.createQueryTester(conditions, { operations });\n};\n\nconst buildParametrizedAction = ({ name, params }: ParametrizedAction) => {\n return `${name}?${qs.stringify(params)}`;\n};\n\n/**\n * Casl Ability Builder.\n */\nexport const caslAbilityBuilder = (): CustomAbilityBuilder => {\n const { can, build, ...rest } = new AbilityBuilder(Ability);\n\n return {\n can(permission: PermissionRule) {\n const { action, subject, properties = {}, condition } = permission;\n const { fields } = properties;\n\n const caslAction = typeof action === 'string' ? action : buildParametrizedAction(action);\n\n return can(\n caslAction,\n isNil(subject) ? 'all' : subject,\n fields,\n isObject(condition) ? condition : undefined\n );\n },\n\n buildParametrizedAction({ name, params }: ParametrizedAction) {\n return `${name}?${qs.stringify(params)}`;\n },\n\n build() {\n const ability = build({ conditionsMatcher });\n\n function decorateCan(originalCan: Ability['can']) {\n return function (...args: Parameters<Ability['can']>) {\n const [action, ...rest] = args;\n const caslAction = typeof action === 'string' ? action : buildParametrizedAction(action);\n\n // Call the original `can` method\n return originalCan.apply(ability, [caslAction, ...rest]);\n };\n }\n\n ability.can = decorateCan(ability.can);\n return ability;\n },\n\n ...rest,\n };\n};\n"],"names":["allowedOperations","operations","pick","sift","conditionsMatcher","conditions","createQueryTester","buildParametrizedAction","name","params","qs","stringify","caslAbilityBuilder","can","build","rest","AbilityBuilder","Ability","permission","action","subject","properties","condition","fields","caslAction","isNil","isObject","undefined","ability","decorateCan","originalCan","args","apply"],"mappings":";;;;;AAYA,MAAMA,iBAAoB,GAAA;AACxB,IAAA,KAAA;AACA,IAAA,MAAA;AACA,IAAA,KAAA;AACA,IAAA,KAAA;AACA,IAAA,KAAA;AACA,IAAA,MAAA;AACA,IAAA,KAAA;AACA,IAAA,MAAA;AACA,IAAA,KAAA;AACA,IAAA,MAAA;AACA,IAAA,SAAA;AACA,IAAA;AACD,CAAA;AAED,MAAMC,UAAAA,GAAaC,KAAKF,iBAAmBG,EAAAA,IAAAA,CAAAA;AAE3C,MAAMC,oBAAoB,CAACC,UAAAA,GAAAA;IACzB,OAAOF,IAAAA,CAAKG,iBAAiB,CAACD,UAAY,EAAA;AAAEJ,QAAAA;AAAW,KAAA,CAAA;AACzD,CAAA;AAEA,MAAMM,0BAA0B,CAAC,EAAEC,IAAI,EAAEC,MAAM,EAAsB,GAAA;IACnE,OAAO,CAAC,EAAED,IAAK,CAAA,CAAC,EAAEE,EAAGC,CAAAA,SAAS,CAACF,MAAAA,CAAAA,CAAQ,CAAC;AAC1C,CAAA;AAEA;;UAGaG,kBAAqB,GAAA,IAAA;IAChC,MAAM,EAAEC,GAAG,EAAEC,KAAK,EAAE,GAAGC,IAAAA,EAAM,GAAG,IAAIC,cAAeC,CAAAA,OAAAA,CAAAA;IAEnD,OAAO;AACLJ,QAAAA,GAAAA,CAAAA,CAAIK,UAA0B,EAAA;YAC5B,MAAM,EAAEC,MAAM,EAAEC,OAAO,EAAEC,UAAa,GAAA,EAAE,EAAEC,SAAS,EAAE,GAAGJ,UAAAA;YACxD,MAAM,EAAEK,MAAM,EAAE,GAAGF,UAAAA;AAEnB,YAAA,MAAMG,UAAa,GAAA,OAAOL,MAAW,KAAA,QAAA,GAAWA,SAASZ,uBAAwBY,CAAAA,MAAAA,CAAAA;YAEjF,OAAON,GAAAA,CACLW,YACAC,KAAML,CAAAA,OAAAA,CAAAA,GAAW,QAAQA,OACzBG,EAAAA,MAAAA,EACAG,QAASJ,CAAAA,SAAAA,CAAAA,GAAaA,SAAYK,GAAAA,SAAAA,CAAAA;AAEtC,SAAA;AAEApB,QAAAA,uBAAAA,CAAAA,CAAwB,EAAEC,IAAI,EAAEC,MAAM,EAAsB,EAAA;YAC1D,OAAO,CAAC,EAAED,IAAK,CAAA,CAAC,EAAEE,EAAGC,CAAAA,SAAS,CAACF,MAAAA,CAAAA,CAAQ,CAAC;AAC1C,SAAA;AAEAK,QAAAA,KAAAA,CAAAA,GAAAA;AACE,YAAA,MAAMc,UAAUd,KAAM,CAAA;AAAEV,gBAAAA;AAAkB,aAAA,CAAA;AAE1C,YAAA,SAASyB,YAAYC,WAA2B,EAAA;gBAC9C,OAAO,SAAU,GAAGC,IAAgC,EAAA;AAClD,oBAAA,MAAM,CAACZ,MAAAA,EAAQ,GAAGJ,IAAAA,CAAK,GAAGgB,IAAAA;AAC1B,oBAAA,MAAMP,UAAa,GAAA,OAAOL,MAAW,KAAA,QAAA,GAAWA,SAASZ,uBAAwBY,CAAAA,MAAAA,CAAAA;;oBAGjF,OAAOW,WAAAA,CAAYE,KAAK,CAACJ,OAAS,EAAA;AAACJ,wBAAAA,UAAAA;AAAeT,wBAAAA,GAAAA;AAAK,qBAAA,CAAA;AACzD,iBAAA;AACF;AAEAa,YAAAA,OAAAA,CAAQf,GAAG,GAAGgB,WAAYD,CAAAA,OAAAA,CAAQf,GAAG,CAAA;YACrC,OAAOe,OAAAA;AACT,SAAA;AAEA,QAAA,GAAGb;AACL,KAAA;AACF;;;;"}
package/dist/engine/abilities/index.js ADDED
@@ -0,0 +1,8 @@
1
+ 'use strict';
2
+
3
+ var caslAbility = require('./casl-ability.js');
4
+
5
+
6
+
7
+ exports.caslAbilityBuilder = caslAbility.caslAbilityBuilder;
8
+ //# sourceMappingURL=index.js.map
package/dist/engine/abilities/index.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.js","sources":[],"sourcesContent":[],"names":[],"mappings":";;;;;;"}
package/dist/engine/abilities/index.mjs ADDED
@@ -0,0 +1,2 @@
1
+ export { caslAbilityBuilder } from './casl-ability.mjs';
2
+ //# sourceMappingURL=index.mjs.map
package/dist/engine/abilities/index.mjs.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.mjs","sources":[],"sourcesContent":[],"names":[],"mappings":""}
package/dist/engine/hooks.js ADDED
@@ -0,0 +1,81 @@
1
+ 'use strict';
2
+
3
+ var _ = require('lodash/fp');
4
+ var utils = require('@strapi/utils');
5
+ var index = require('../domain/permission/index.js');
6
+
7
+ /**
8
+ * Create a hook map used by the permission Engine
9
+ */ const createEngineHooks = ()=>({
10
+ 'before-format::validate.permission': utils.hooks.createAsyncBailHook(),
11
+ 'format.permission': utils.hooks.createAsyncSeriesWaterfallHook(),
12
+ 'after-format::validate.permission': utils.hooks.createAsyncBailHook(),
13
+ 'before-evaluate.permission': utils.hooks.createAsyncSeriesHook(),
14
+ 'before-register.permission': utils.hooks.createAsyncSeriesHook()
15
+ });
16
+ /**
17
+ * Create a context from a domain {@link Permission} used by the validate hooks
18
+ */ const createValidateContext = (permission)=>({
19
+ get permission () {
20
+ return _.cloneDeep(permission);
21
+ }
22
+ });
23
+ /**
24
+ * Create a context from a domain {@link Permission} used by the before valuate hook
25
+ */ const createBeforeEvaluateContext = (permission)=>({
26
+ get permission () {
27
+ return _.cloneDeep(permission);
28
+ },
29
+ addCondition (condition) {
30
+ Object.assign(permission, index.addCondition(condition, permission));
31
+ return this;
32
+ }
33
+ });
34
+ /**
35
+ * Create a context from a casl Permission & some options
36
+ * @param caslPermission
37
+ */ const createWillRegisterContext = ({ permission, options })=>({
38
+ ...options,
39
+ get permission () {
40
+ return _.cloneDeep(permission);
41
+ },
42
+ condition: {
43
+ and (rawConditionObject) {
44
+ if (!permission.condition) {
45
+ permission.condition = {
46
+ $and: []
47
+ };
48
+ }
49
+ if (_.isArray(permission.condition.$and)) {
50
+ permission.condition.$and.push(rawConditionObject);
51
+ }
52
+ return this;
53
+ },
54
+ or (rawConditionObject) {
55
+ if (!permission.condition) {
56
+ permission.condition = {
57
+ $and: []
58
+ };
59
+ }
60
+ if (_.isArray(permission.condition.$and)) {
61
+ const orClause = permission.condition.$and.find(_.has('$or'));
62
+ if (orClause) {
63
+ orClause.$or.push(rawConditionObject);
64
+ } else {
65
+ permission.condition.$and.push({
66
+ $or: [
67
+ rawConditionObject
68
+ ]
69
+ });
70
+ }
71
+ }
72
+ return this;
73
+ }
74
+ }
75
+ });
76
+
77
+ exports.createBeforeEvaluateContext = createBeforeEvaluateContext;
78
+ exports.createEngineHooks = createEngineHooks;
79
+ exports.createValidateContext = createValidateContext;
80
+ exports.createWillRegisterContext = createWillRegisterContext;
81
+ //# sourceMappingURL=hooks.js.map
package/dist/engine/hooks.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"hooks.js","sources":["../../src/engine/hooks.ts"],"sourcesContent":["import { cloneDeep, has, isArray } from 'lodash/fp';\nimport { hooks } from '@strapi/utils';\n\nimport * as domain from '../domain';\nimport type { Permission } from '../domain/permission';\nimport type { PermissionRule } from '../types';\n\nexport interface PermissionEngineHooks {\n 'before-format::validate.permission': ReturnType<typeof hooks.createAsyncBailHook>;\n 'format.permission': ReturnType<typeof hooks.createAsyncSeriesWaterfallHook>;\n 'after-format::validate.permission': ReturnType<typeof hooks.createAsyncBailHook>;\n 'before-evaluate.permission': ReturnType<typeof hooks.createAsyncSeriesHook>;\n 'before-register.permission': ReturnType<typeof hooks.createAsyncSeriesHook>;\n}\n\nexport type HookName = keyof PermissionEngineHooks;\n\n/**\n * Create a hook map used by the permission Engine\n */\nconst createEngineHooks = (): PermissionEngineHooks => ({\n 'before-format::validate.permission': hooks.createAsyncBailHook(),\n 'format.permission': hooks.createAsyncSeriesWaterfallHook(),\n 'after-format::validate.permission': hooks.createAsyncBailHook(),\n 'before-evaluate.permission': hooks.createAsyncSeriesHook(),\n 'before-register.permission': hooks.createAsyncSeriesHook(),\n});\n\n/**\n * Create a context from a domain {@link Permission} used by the validate hooks\n */\nconst createValidateContext = (permission: Permission) => ({\n get permission(): Readonly<Permission> {\n return cloneDeep(permission);\n },\n});\n\n/**\n * Create a context from a domain {@link Permission} used by the before valuate hook\n */\nconst createBeforeEvaluateContext = (permission: Permission) => ({\n get permission(): Readonly<Permission> {\n return cloneDeep(permission);\n },\n\n addCondition(condition: string) {\n Object.assign(permission, domain.permission.addCondition(condition, permission));\n\n return this;\n },\n});\n\ninterface WillRegisterContextParams {\n permission: PermissionRule;\n options: Record<string, unknown>;\n}\n\n/**\n * Create a context from a casl Permission & some options\n * @param caslPermission\n */\nconst createWillRegisterContext = ({ permission, options }: WillRegisterContextParams) => ({\n ...options,\n\n get permission() {\n return cloneDeep(permission);\n },\n\n condition: {\n and(rawConditionObject: unknown) {\n if (!permission.condition) {\n permission.condition = { $and: [] };\n }\n\n if (isArray(permission.condition.$and)) {\n permission.condition.$and.push(rawConditionObject);\n }\n\n return this;\n },\n\n or(rawConditionObject: unknown) {\n if (!permission.condition) {\n permission.condition = { $and: [] };\n }\n\n if (isArray(permission.condition.$and)) {\n const orClause = permission.condition.$and.find(has('$or'));\n\n if (orClause) {\n orClause.$or.push(rawConditionObject);\n } else {\n permission.condition.$and.push({ $or: [rawConditionObject] });\n }\n }\n\n return this;\n },\n },\n});\n\nexport {\n createEngineHooks,\n createValidateContext,\n createBeforeEvaluateContext,\n createWillRegisterContext,\n};\n"],"names":["createEngineHooks","hooks","createAsyncBailHook","createAsyncSeriesWaterfallHook","createAsyncSeriesHook","createValidateContext","permission","cloneDeep","createBeforeEvaluateContext","addCondition","condition","Object","assign","domain","createWillRegisterContext","options","and","rawConditionObject","$and","isArray","push","or","orClause","find","has","$or"],"mappings":";;;;;;AAiBA;;IAGA,MAAMA,iBAAoB,GAAA,KAA8B;AACtD,QAAA,oCAAA,EAAsCC,YAAMC,mBAAmB,EAAA;AAC/D,QAAA,mBAAA,EAAqBD,YAAME,8BAA8B,EAAA;AACzD,QAAA,mCAAA,EAAqCF,YAAMC,mBAAmB,EAAA;AAC9D,QAAA,4BAAA,EAA8BD,YAAMG,qBAAqB,EAAA;AACzD,QAAA,4BAAA,EAA8BH,YAAMG,qBAAqB;KAC3D;AAEA;;AAEC,IACKC,MAAAA,qBAAAA,GAAwB,CAACC,UAAAA,IAA4B;AACzD,QAAA,IAAIA,UAAmC,CAAA,GAAA;AACrC,YAAA,OAAOC,WAAUD,CAAAA,UAAAA,CAAAA;AACnB;KACF;AAEA;;AAEC,IACKE,MAAAA,2BAAAA,GAA8B,CAACF,UAAAA,IAA4B;AAC/D,QAAA,IAAIA,UAAmC,CAAA,GAAA;AACrC,YAAA,OAAOC,WAAUD,CAAAA,UAAAA,CAAAA;AACnB,SAAA;AAEAG,QAAAA,YAAAA,CAAAA,CAAaC,SAAiB,EAAA;YAC5BC,MAAOC,CAAAA,MAAM,CAACN,UAAYO,EAAAA,kBAA8B,CAACH,SAAWJ,EAAAA,UAAAA,CAAAA,CAAAA;AAEpE,YAAA,OAAO,IAAI;AACb;KACF;AAOA;;;IAIA,MAAMQ,4BAA4B,CAAC,EAAER,UAAU,EAAES,OAAO,EAA6B,IAAM;AACzF,QAAA,GAAGA,OAAO;AAEV,QAAA,IAAIT,UAAa,CAAA,GAAA;AACf,YAAA,OAAOC,WAAUD,CAAAA,UAAAA,CAAAA;AACnB,SAAA;QAEAI,SAAW,EAAA;AACTM,YAAAA,GAAAA,CAAAA,CAAIC,kBAA2B,EAAA;gBAC7B,IAAI,CAACX,UAAWI,CAAAA,SAAS,EAAE;AACzBJ,oBAAAA,UAAAA,CAAWI,SAAS,GAAG;AAAEQ,wBAAAA,IAAAA,EAAM;AAAG,qBAAA;AACpC;AAEA,gBAAA,IAAIC,SAAQb,CAAAA,UAAAA,CAAWI,SAAS,CAACQ,IAAI,CAAG,EAAA;AACtCZ,oBAAAA,UAAAA,CAAWI,SAAS,CAACQ,IAAI,CAACE,IAAI,CAACH,kBAAAA,CAAAA;AACjC;AAEA,gBAAA,OAAO,IAAI;AACb,aAAA;AAEAI,YAAAA,EAAAA,CAAAA,CAAGJ,kBAA2B,EAAA;gBAC5B,IAAI,CAACX,UAAWI,CAAAA,SAAS,EAAE;AACzBJ,oBAAAA,UAAAA,CAAWI,SAAS,GAAG;AAAEQ,wBAAAA,IAAAA,EAAM;AAAG,qBAAA;AACpC;AAEA,gBAAA,IAAIC,SAAQb,CAAAA,UAAAA,CAAWI,SAAS,CAACQ,IAAI,CAAG,EAAA;oBACtC,MAAMI,QAAAA,GAAWhB,WAAWI,SAAS,CAACQ,IAAI,CAACK,IAAI,CAACC,KAAI,CAAA,KAAA,CAAA,CAAA;AAEpD,oBAAA,IAAIF,QAAU,EAAA;wBACZA,QAASG,CAAAA,GAAG,CAACL,IAAI,CAACH,kBAAAA,CAAAA;qBACb,MAAA;AACLX,wBAAAA,UAAAA,CAAWI,SAAS,CAACQ,IAAI,CAACE,IAAI,CAAC;4BAAEK,GAAK,EAAA;AAACR,gCAAAA;AAAmB;AAAC,yBAAA,CAAA;AAC7D;AACF;AAEA,gBAAA,OAAO,IAAI;AACb;AACF;KACF;;;;;;;"}
package/dist/engine/hooks.mjs ADDED
@@ -0,0 +1,76 @@
1
+ import { cloneDeep, isArray, has } from 'lodash/fp';
2
+ import { hooks } from '@strapi/utils';
3
+ import { addCondition } from '../domain/permission/index.mjs';
4
+
5
+ /**
6
+ * Create a hook map used by the permission Engine
7
+ */ const createEngineHooks = ()=>({
8
+ 'before-format::validate.permission': hooks.createAsyncBailHook(),
9
+ 'format.permission': hooks.createAsyncSeriesWaterfallHook(),
10
+ 'after-format::validate.permission': hooks.createAsyncBailHook(),
11
+ 'before-evaluate.permission': hooks.createAsyncSeriesHook(),
12
+ 'before-register.permission': hooks.createAsyncSeriesHook()
13
+ });
14
+ /**
15
+ * Create a context from a domain {@link Permission} used by the validate hooks
16
+ */ const createValidateContext = (permission)=>({
17
+ get permission () {
18
+ return cloneDeep(permission);
19
+ }
20
+ });
21
+ /**
22
+ * Create a context from a domain {@link Permission} used by the before valuate hook
23
+ */ const createBeforeEvaluateContext = (permission)=>({
24
+ get permission () {
25
+ return cloneDeep(permission);
26
+ },
27
+ addCondition (condition) {
28
+ Object.assign(permission, addCondition(condition, permission));
29
+ return this;
30
+ }
31
+ });
32
+ /**
33
+ * Create a context from a casl Permission & some options
34
+ * @param caslPermission
35
+ */ const createWillRegisterContext = ({ permission, options })=>({
36
+ ...options,
37
+ get permission () {
38
+ return cloneDeep(permission);
39
+ },
40
+ condition: {
41
+ and (rawConditionObject) {
42
+ if (!permission.condition) {
43
+ permission.condition = {
44
+ $and: []
45
+ };
46
+ }
47
+ if (isArray(permission.condition.$and)) {
48
+ permission.condition.$and.push(rawConditionObject);
49
+ }
50
+ return this;
51
+ },
52
+ or (rawConditionObject) {
53
+ if (!permission.condition) {
54
+ permission.condition = {
55
+ $and: []
56
+ };
57
+ }
58
+ if (isArray(permission.condition.$and)) {
59
+ const orClause = permission.condition.$and.find(has('$or'));
60
+ if (orClause) {
61
+ orClause.$or.push(rawConditionObject);
62
+ } else {
63
+ permission.condition.$and.push({
64
+ $or: [
65
+ rawConditionObject
66
+ ]
67
+ });
68
+ }
69
+ }
70
+ return this;
71
+ }
72
+ }
73
+ });
74
+
75
+ export { createBeforeEvaluateContext, createEngineHooks, createValidateContext, createWillRegisterContext };
76
+ //# sourceMappingURL=hooks.mjs.map
package/dist/engine/hooks.mjs.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"hooks.mjs","sources":["../../src/engine/hooks.ts"],"sourcesContent":["import { cloneDeep, has, isArray } from 'lodash/fp';\nimport { hooks } from '@strapi/utils';\n\nimport * as domain from '../domain';\nimport type { Permission } from '../domain/permission';\nimport type { PermissionRule } from '../types';\n\nexport interface PermissionEngineHooks {\n 'before-format::validate.permission': ReturnType<typeof hooks.createAsyncBailHook>;\n 'format.permission': ReturnType<typeof hooks.createAsyncSeriesWaterfallHook>;\n 'after-format::validate.permission': ReturnType<typeof hooks.createAsyncBailHook>;\n 'before-evaluate.permission': ReturnType<typeof hooks.createAsyncSeriesHook>;\n 'before-register.permission': ReturnType<typeof hooks.createAsyncSeriesHook>;\n}\n\nexport type HookName = keyof PermissionEngineHooks;\n\n/**\n * Create a hook map used by the permission Engine\n */\nconst createEngineHooks = (): PermissionEngineHooks => ({\n 'before-format::validate.permission': hooks.createAsyncBailHook(),\n 'format.permission': hooks.createAsyncSeriesWaterfallHook(),\n 'after-format::validate.permission': hooks.createAsyncBailHook(),\n 'before-evaluate.permission': hooks.createAsyncSeriesHook(),\n 'before-register.permission': hooks.createAsyncSeriesHook(),\n});\n\n/**\n * Create a context from a domain {@link Permission} used by the validate hooks\n */\nconst createValidateContext = (permission: Permission) => ({\n get permission(): Readonly<Permission> {\n return cloneDeep(permission);\n },\n});\n\n/**\n * Create a context from a domain {@link Permission} used by the before valuate hook\n */\nconst createBeforeEvaluateContext = (permission: Permission) => ({\n get permission(): Readonly<Permission> {\n return cloneDeep(permission);\n },\n\n addCondition(condition: string) {\n Object.assign(permission, domain.permission.addCondition(condition, permission));\n\n return this;\n },\n});\n\ninterface WillRegisterContextParams {\n permission: PermissionRule;\n options: Record<string, unknown>;\n}\n\n/**\n * Create a context from a casl Permission & some options\n * @param caslPermission\n */\nconst createWillRegisterContext = ({ permission, options }: WillRegisterContextParams) => ({\n ...options,\n\n get permission() {\n return cloneDeep(permission);\n },\n\n condition: {\n and(rawConditionObject: unknown) {\n if (!permission.condition) {\n permission.condition = { $and: [] };\n }\n\n if (isArray(permission.condition.$and)) {\n permission.condition.$and.push(rawConditionObject);\n }\n\n return this;\n },\n\n or(rawConditionObject: unknown) {\n if (!permission.condition) {\n permission.condition = { $and: [] };\n }\n\n if (isArray(permission.condition.$and)) {\n const orClause = permission.condition.$and.find(has('$or'));\n\n if (orClause) {\n orClause.$or.push(rawConditionObject);\n } else {\n permission.condition.$and.push({ $or: [rawConditionObject] });\n }\n }\n\n return this;\n },\n },\n});\n\nexport {\n createEngineHooks,\n createValidateContext,\n createBeforeEvaluateContext,\n createWillRegisterContext,\n};\n"],"names":["createEngineHooks","hooks","createAsyncBailHook","createAsyncSeriesWaterfallHook","createAsyncSeriesHook","createValidateContext","permission","cloneDeep","createBeforeEvaluateContext","addCondition","condition","Object","assign","domain","createWillRegisterContext","options","and","rawConditionObject","$and","isArray","push","or","orClause","find","has","$or"],"mappings":";;;;AAiBA;;IAGA,MAAMA,iBAAoB,GAAA,KAA8B;AACtD,QAAA,oCAAA,EAAsCC,MAAMC,mBAAmB,EAAA;AAC/D,QAAA,mBAAA,EAAqBD,MAAME,8BAA8B,EAAA;AACzD,QAAA,mCAAA,EAAqCF,MAAMC,mBAAmB,EAAA;AAC9D,QAAA,4BAAA,EAA8BD,MAAMG,qBAAqB,EAAA;AACzD,QAAA,4BAAA,EAA8BH,MAAMG,qBAAqB;KAC3D;AAEA;;AAEC,IACKC,MAAAA,qBAAAA,GAAwB,CAACC,UAAAA,IAA4B;AACzD,QAAA,IAAIA,UAAmC,CAAA,GAAA;AACrC,YAAA,OAAOC,SAAUD,CAAAA,UAAAA,CAAAA;AACnB;KACF;AAEA;;AAEC,IACKE,MAAAA,2BAAAA,GAA8B,CAACF,UAAAA,IAA4B;AAC/D,QAAA,IAAIA,UAAmC,CAAA,GAAA;AACrC,YAAA,OAAOC,SAAUD,CAAAA,UAAAA,CAAAA;AACnB,SAAA;AAEAG,QAAAA,YAAAA,CAAAA,CAAaC,SAAiB,EAAA;YAC5BC,MAAOC,CAAAA,MAAM,CAACN,UAAYO,EAAAA,YAA8B,CAACH,SAAWJ,EAAAA,UAAAA,CAAAA,CAAAA;AAEpE,YAAA,OAAO,IAAI;AACb;KACF;AAOA;;;IAIA,MAAMQ,4BAA4B,CAAC,EAAER,UAAU,EAAES,OAAO,EAA6B,IAAM;AACzF,QAAA,GAAGA,OAAO;AAEV,QAAA,IAAIT,UAAa,CAAA,GAAA;AACf,YAAA,OAAOC,SAAUD,CAAAA,UAAAA,CAAAA;AACnB,SAAA;QAEAI,SAAW,EAAA;AACTM,YAAAA,GAAAA,CAAAA,CAAIC,kBAA2B,EAAA;gBAC7B,IAAI,CAACX,UAAWI,CAAAA,SAAS,EAAE;AACzBJ,oBAAAA,UAAAA,CAAWI,SAAS,GAAG;AAAEQ,wBAAAA,IAAAA,EAAM;AAAG,qBAAA;AACpC;AAEA,gBAAA,IAAIC,OAAQb,CAAAA,UAAAA,CAAWI,SAAS,CAACQ,IAAI,CAAG,EAAA;AACtCZ,oBAAAA,UAAAA,CAAWI,SAAS,CAACQ,IAAI,CAACE,IAAI,CAACH,kBAAAA,CAAAA;AACjC;AAEA,gBAAA,OAAO,IAAI;AACb,aAAA;AAEAI,YAAAA,EAAAA,CAAAA,CAAGJ,kBAA2B,EAAA;gBAC5B,IAAI,CAACX,UAAWI,CAAAA,SAAS,EAAE;AACzBJ,oBAAAA,UAAAA,CAAWI,SAAS,GAAG;AAAEQ,wBAAAA,IAAAA,EAAM;AAAG,qBAAA;AACpC;AAEA,gBAAA,IAAIC,OAAQb,CAAAA,UAAAA,CAAWI,SAAS,CAACQ,IAAI,CAAG,EAAA;oBACtC,MAAMI,QAAAA,GAAWhB,WAAWI,SAAS,CAACQ,IAAI,CAACK,IAAI,CAACC,GAAI,CAAA,KAAA,CAAA,CAAA;AAEpD,oBAAA,IAAIF,QAAU,EAAA;wBACZA,QAASG,CAAAA,GAAG,CAACL,IAAI,CAACH,kBAAAA,CAAAA;qBACb,MAAA;AACLX,wBAAAA,UAAAA,CAAWI,SAAS,CAACQ,IAAI,CAACE,IAAI,CAAC;4BAAEK,GAAK,EAAA;AAACR,gCAAAA;AAAmB;AAAC,yBAAA,CAAA;AAC7D;AACF;AAEA,gBAAA,OAAO,IAAI;AACb;AACF;KACF;;;;"}
package/dist/engine/index.js ADDED
@@ -0,0 +1,141 @@
1
+ 'use strict';
2
+
3
+ var _ = require('lodash/fp');
4
+ var qs = require('qs');
5
+ var hooks = require('./hooks.js');
6
+ var index = require('./abilities/index.js');
7
+ var caslAbility = require('./abilities/casl-ability.js');
8
+
9
+ /**
10
+ * Create a default state object for the engine
11
+ */ const createEngineState = ()=>{
12
+ const hooks$1 = hooks.createEngineHooks();
13
+ return {
14
+ hooks: hooks$1
15
+ };
16
+ };
17
+ const newEngine = (params)=>{
18
+ const { providers, abilityBuilderFactory = caslAbility.caslAbilityBuilder } = params;
19
+ const state = createEngineState();
20
+ const runValidationHook = async (hook, context)=>state.hooks[hook].call(context);
21
+ /**
22
+ * Evaluate a permission using local and registered behaviors (using hooks).
23
+ * Validate, format (add condition, etc...), evaluate (evaluate conditions) and register a permission
24
+ */ const evaluate = async (params)=>{
25
+ const { options, register } = params;
26
+ const preFormatValidation = await runValidationHook('before-format::validate.permission', hooks.createBeforeEvaluateContext(params.permission));
27
+ if (preFormatValidation === false) {
28
+ return;
29
+ }
30
+ const permission = await state.hooks['format.permission'].call(params.permission);
31
+ const afterFormatValidation = await runValidationHook('after-format::validate.permission', hooks.createValidateContext(permission));
32
+ if (afterFormatValidation === false) {
33
+ return;
34
+ }
35
+ await state.hooks['before-evaluate.permission'].call(hooks.createBeforeEvaluateContext(permission));
36
+ const { action: actionName, subject, properties, conditions = [], actionParameters = {} } = permission;
37
+ let action = actionName;
38
+ if (actionParameters && Object.keys(actionParameters).length > 0) {
39
+ action = `${actionName}?${qs.stringify(actionParameters)}`;
40
+ }
41
+ if (conditions.length === 0) {
42
+ return register({
43
+ action,
44
+ subject,
45
+ properties
46
+ });
47
+ }
48
+ const resolveConditions = _.map(providers.condition.get);
49
+ const removeInvalidConditions = _.filter((condition)=>_.isFunction(condition.handler));
50
+ const evaluateConditions = (conditions)=>{
51
+ return Promise.all(conditions.map(async (condition)=>({
52
+ condition,
53
+ result: await condition.handler(_.merge(options, {
54
+ permission: _.cloneDeep(permission)
55
+ }))
56
+ })));
57
+ };
58
+ const removeInvalidResults = _.filter(({ result })=>_.isBoolean(result) || _.isObject(result));
59
+ const evaluatedConditions = await Promise.resolve(conditions).then(resolveConditions).then(removeInvalidConditions).then(evaluateConditions).then(removeInvalidResults);
60
+ const resultPropEq = _.propEq('result');
61
+ const pickResults = _.map(_.prop('result'));
62
+ if (evaluatedConditions.every(resultPropEq(false))) {
63
+ return;
64
+ }
65
+ if (_.isEmpty(evaluatedConditions) || evaluatedConditions.some(resultPropEq(true))) {
66
+ return register({
67
+ action,
68
+ subject,
69
+ properties
70
+ });
71
+ }
72
+ const results = pickResults(evaluatedConditions).filter(_.isObject);
73
+ if (_.isEmpty(results)) {
74
+ return register({
75
+ action,
76
+ subject,
77
+ properties
78
+ });
79
+ }
80
+ return register({
81
+ action,
82
+ subject,
83
+ properties,
84
+ condition: {
85
+ $and: [
86
+ {
87
+ $or: results
88
+ }
89
+ ]
90
+ }
91
+ });
92
+ };
93
+ return {
94
+ get hooks () {
95
+ return state.hooks;
96
+ },
97
+ /**
98
+ * Create a register function that wraps a `can` function
99
+ * used to register a permission in the ability builder
100
+ */ createRegisterFunction (can, options) {
101
+ return async (permission)=>{
102
+ const hookContext = hooks.createWillRegisterContext({
103
+ options,
104
+ permission
105
+ });
106
+ await state.hooks['before-register.permission'].call(hookContext);
107
+ return can(permission);
108
+ };
109
+ },
110
+ /**
111
+ * Register a new handler for a given hook
112
+ */ on (hook, handler) {
113
+ const validHooks = Object.keys(state.hooks);
114
+ const isValidHook = validHooks.includes(hook);
115
+ if (!isValidHook) {
116
+ throw new Error(`Invalid hook supplied when trying to register an handler to the permission engine. Got "${hook}" but expected one of ${validHooks.join(', ')}`);
117
+ }
118
+ state.hooks[hook].register(handler);
119
+ return this;
120
+ },
121
+ /**
122
+ * Generate an ability based on the instance's
123
+ * ability builder and the given permissions
124
+ */ async generateAbility (permissions, options = {}) {
125
+ const { can, build } = abilityBuilderFactory();
126
+ for (const permission of permissions){
127
+ const register = this.createRegisterFunction(can, options);
128
+ await evaluate({
129
+ permission,
130
+ options,
131
+ register
132
+ });
133
+ }
134
+ return build();
135
+ }
136
+ };
137
+ };
138
+
139
+ exports.abilities = index;
140
+ exports.new = newEngine;
141
+ //# sourceMappingURL=index.js.map