@zenstackhq/plugin-policy 3.1.1 → 3.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.cjs +256 -104
- package/dist/index.cjs.map +1 -1
- package/dist/index.js +271 -119
- package/dist/index.js.map +1 -1
- package/package.json +6 -6
- package/plugin.zmodel +4 -5
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@zenstackhq/plugin-policy",
|
|
3
|
-
"version": "3.
|
|
3
|
+
"version": "3.2.0",
|
|
4
4
|
"description": "ZenStack Policy Plugin",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"keywords": [],
|
|
@@ -32,8 +32,8 @@
|
|
|
32
32
|
},
|
|
33
33
|
"dependencies": {
|
|
34
34
|
"ts-pattern": "^5.7.1",
|
|
35
|
-
"@zenstackhq/common-helpers": "3.
|
|
36
|
-
"@zenstackhq/orm": "3.
|
|
35
|
+
"@zenstackhq/common-helpers": "3.2.0",
|
|
36
|
+
"@zenstackhq/orm": "3.2.0"
|
|
37
37
|
},
|
|
38
38
|
"peerDependencies": {
|
|
39
39
|
"kysely": "~0.28.8"
|
|
@@ -41,9 +41,9 @@
|
|
|
41
41
|
"devDependencies": {
|
|
42
42
|
"@types/better-sqlite3": "^7.6.13",
|
|
43
43
|
"@types/pg": "^8.0.0",
|
|
44
|
-
"@zenstackhq/eslint-config": "3.
|
|
45
|
-
"@zenstackhq/typescript-config": "3.
|
|
46
|
-
"@zenstackhq/vitest-config": "3.
|
|
44
|
+
"@zenstackhq/eslint-config": "3.2.0",
|
|
45
|
+
"@zenstackhq/typescript-config": "3.2.0",
|
|
46
|
+
"@zenstackhq/vitest-config": "3.2.0"
|
|
47
47
|
},
|
|
48
48
|
"scripts": {
|
|
49
49
|
"build": "tsc --noEmit && tsup-node",
|
package/plugin.zmodel
CHANGED
|
@@ -10,11 +10,10 @@ attribute @@allow(_ operation: String @@@completionHint(["'create'", "'read'", "
|
|
|
10
10
|
* Defines an access policy that allows the annotated field to be read or updated.
|
|
11
11
|
* You can pass a third argument as `true` to make it override the model-level policies.
|
|
12
12
|
*
|
|
13
|
-
* @param operation: comma-separated list of "
|
|
13
|
+
* @param operation: comma-separated list of "read", "update". Use "all" to denote all operations.
|
|
14
14
|
* @param condition: a boolean expression that controls if the operation should be allowed.
|
|
15
|
-
* @param override: a boolean value that controls if the field-level policy should override the model-level policy.
|
|
16
15
|
*/
|
|
17
|
-
|
|
16
|
+
attribute @allow(_ operation: String @@@completionHint(["'read'", "'update'", "'all'"]), _ condition: Boolean)
|
|
18
17
|
|
|
19
18
|
/**
|
|
20
19
|
* Defines an access policy that denies a set of operations when the given condition is true.
|
|
@@ -27,10 +26,10 @@ attribute @@deny(_ operation: String @@@completionHint(["'create'", "'read'", "'
|
|
|
27
26
|
/**
|
|
28
27
|
* Defines an access policy that denies the annotated field to be read or updated.
|
|
29
28
|
*
|
|
30
|
-
* @param operation: comma-separated list of "
|
|
29
|
+
* @param operation: comma-separated list of "read", "update". Use "all" to denote all operations.
|
|
31
30
|
* @param condition: a boolean expression that controls if the operation should be denied.
|
|
32
31
|
*/
|
|
33
|
-
|
|
32
|
+
attribute @deny(_ operation: String @@@completionHint(["'read'", "'update'", "'all'"]), _ condition: Boolean)
|
|
34
33
|
|
|
35
34
|
/**
|
|
36
35
|
* Delegates the access control decision to a relation. Only to-one relations are supported.
|