npm - @zenstackhq/plugin-policy - Versions diffs - 3.5.0-beta.3 → 3.5.0-beta.4 - Mend

@zenstackhq/plugin-policy 3.5.0-beta.3 → 3.5.0-beta.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/index.d.cts CHANGED Viewed

@@ -3,7 +3,18 @@ import * as _zenstackhq_orm from '@zenstackhq/orm';
 import { RuntimePlugin, OnKyselyQueryArgs } from '@zenstackhq/orm';
 import { SchemaDef } from '@zenstackhq/orm/schema';
-declare class PolicyPlugin implements RuntimePlugin<SchemaDef, {}, {}> {
+type PolicyPluginOptions = {
+    /**
+     * Dangerously bypasses access-policy enforcement for raw SQL queries.
+     * Raw queries remain in the current transaction, but the policy plugin will
+     * not inspect or reject them.
+     */
+    dangerouslyAllowRawSql?: boolean;
+};
+declare class PolicyPlugin implements RuntimePlugin<SchemaDef, {}, {}, {}> {
+    private readonly options;
+    constructor(options?: PolicyPluginOptions);
     get id(): "policy";
     get name(): string;
     get description(): string;
@@ -13,4 +24,4 @@ declare class PolicyPlugin implements RuntimePlugin<SchemaDef, {}, {}> {
     onKyselyQuery({ query, client, proceed }: OnKyselyQueryArgs<SchemaDef>): Promise<kysely.QueryResult<any>>;
 }
-export { PolicyPlugin };
+export { PolicyPlugin, type PolicyPluginOptions };

package/dist/index.d.ts CHANGED Viewed

@@ -3,7 +3,18 @@ import * as _zenstackhq_orm from '@zenstackhq/orm';
 import { RuntimePlugin, OnKyselyQueryArgs } from '@zenstackhq/orm';
 import { SchemaDef } from '@zenstackhq/orm/schema';
-declare class PolicyPlugin implements RuntimePlugin<SchemaDef, {}, {}> {
+type PolicyPluginOptions = {
+    /**
+     * Dangerously bypasses access-policy enforcement for raw SQL queries.
+     * Raw queries remain in the current transaction, but the policy plugin will
+     * not inspect or reject them.
+     */
+    dangerouslyAllowRawSql?: boolean;
+};
+declare class PolicyPlugin implements RuntimePlugin<SchemaDef, {}, {}, {}> {
+    private readonly options;
+    constructor(options?: PolicyPluginOptions);
     get id(): "policy";
     get name(): string;
     get description(): string;
@@ -13,4 +24,4 @@ declare class PolicyPlugin implements RuntimePlugin<SchemaDef, {}, {}> {
     onKyselyQuery({ query, client, proceed }: OnKyselyQueryArgs<SchemaDef>): Promise<kysely.QueryResult<any>>;
 }
-export { PolicyPlugin };
+export { PolicyPlugin, type PolicyPluginOptions };

package/dist/index.js CHANGED Viewed

@@ -10,7 +10,7 @@ import { ExpressionWrapper as ExpressionWrapper3, ValueNode as ValueNode4 } from
 import { invariant as invariant3 } from "@zenstackhq/common-helpers";
 import { getCrudDialect as getCrudDialect2, QueryUtils as QueryUtils2, RejectedByPolicyReason, SchemaUtils as SchemaUtils2 } from "@zenstackhq/orm";
 import { ExpressionUtils as ExpressionUtils4 } from "@zenstackhq/orm/schema";
-import { AliasNode as AliasNode3, BinaryOperationNode as BinaryOperationNode3, ColumnNode as ColumnNode3, DeleteQueryNode, expressionBuilder as expressionBuilder2, ExpressionWrapper as ExpressionWrapper2, FromNode as FromNode2, IdentifierNode as IdentifierNode2, InsertQueryNode, OperationNodeTransformer, OperatorNode as OperatorNode3, ParensNode as ParensNode2, PrimitiveValueListNode, ReferenceNode as ReferenceNode3, ReturningNode, SelectAllNode, SelectionNode as SelectionNode2, SelectQueryNode as SelectQueryNode2, sql, TableNode as TableNode3, UpdateQueryNode, ValueNode as ValueNode3, ValuesNode, WhereNode as WhereNode2 } from "kysely";
+import { AliasNode as AliasNode3, BinaryOperationNode as BinaryOperationNode3, ColumnNode as ColumnNode3, DeleteQueryNode, expressionBuilder as expressionBuilder2, ExpressionWrapper as ExpressionWrapper2, FromNode as FromNode2, IdentifierNode as IdentifierNode2, InsertQueryNode, OperationNodeTransformer, OperatorNode as OperatorNode3, ParensNode as ParensNode2, PrimitiveValueListNode, RawNode, ReferenceNode as ReferenceNode3, ReturningNode, SelectAllNode, SelectionNode as SelectionNode2, SelectQueryNode as SelectQueryNode2, sql, TableNode as TableNode3, UpdateQueryNode, ValueNode as ValueNode3, ValuesNode, WhereNode as WhereNode2 } from "kysely";
 import { match as match3 } from "ts-pattern";
 // src/column-collector.ts
@@ -985,18 +985,19 @@ var PolicyHandler = class extends OperationNodeTransformer {
     __name(this, "PolicyHandler");
   }
   client;
+  options;
   dialect;
   eb = expressionBuilder2();
-  constructor(client) {
-    super(), this.client = client;
+  constructor(client, options = {}) {
+    super(), this.client = client, this.options = options;
     this.dialect = getCrudDialect2(this.client.$schema, this.client.$options);
   }
-  get kysely() {
-    return this.client.$qb;
-  }
   // #region main entry point
   async handle(node, proceed) {
     if (!this.isCrudQueryNode(node)) {
+      if (this.options.dangerouslyAllowRawSql && RawNode.is(node)) {
+        return proceed(node);
+      }
       throw createRejectedByPolicyError(void 0, RejectedByPolicyReason.OTHER, "non-CRUD queries are not allowed");
     }
     if (!this.isMutationQueryNode(node)) {
@@ -1923,6 +1924,10 @@ var PolicyPlugin = class {
   static {
     __name(this, "PolicyPlugin");
   }
+  options;
+  constructor(options = {}) {
+    this.options = options;
+  }
   get id() {
     return "policy";
   }
@@ -1938,7 +1943,7 @@ var PolicyPlugin = class {
     };
   }
   onKyselyQuery({ query, client, proceed }) {
-    const handler = new PolicyHandler(client);
+    const handler = new PolicyHandler(client, this.options);
     return handler.handle(query, proceed);
   }
 };