npm - @zenstackhq/runtime - Versions diffs - 2.1.1 → 2.2.0 - Mend

@zenstackhq/runtime 2.1.1 → 2.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (21) hide show

package/constants.d.ts +0 -28
package/constants.js +1 -29
package/constants.js.map +1 -1
package/enhancements/delegate.js +8 -0
package/enhancements/delegate.js.map +1 -1
package/enhancements/policy/constraint-solver.d.ts +2 -2
package/enhancements/policy/constraint-solver.js.map +1 -1
package/enhancements/policy/handler.d.ts +8 -0
package/enhancements/policy/handler.js +192 -67
package/enhancements/policy/handler.js.map +1 -1
package/enhancements/policy/policy-utils.d.ts +19 -13
package/enhancements/policy/policy-utils.js +294 -169
package/enhancements/policy/policy-utils.js.map +1 -1
package/enhancements/proxy.d.ts +12 -0
package/enhancements/proxy.js +3 -0
package/enhancements/proxy.js.map +1 -1
package/enhancements/types.d.ts +151 -19
package/enhancements/types.js +0 -1
package/enhancements/types.js.map +1 -1
package/package.json +4 -3
package/types.d.ts +3 -2

package/enhancements/policy/policy-utils.d.ts CHANGED Viewed

@@ -3,7 +3,7 @@ import { CrudFailureReason } from '../../constants';
 import { CrudContract, DbClientContract, PolicyCrudKind, PolicyOperationKind } from '../../types';
 import type { EnhancementContext, InternalEnhancementOptions } from '../create-enhancement';
 import { QueryUtils } from '../query-utils';
-import type { CheckerFunc } from '../types';
+import type { EntityChecker, PermissionCheckerFunc } from '../types';
 /**
  * Access policy enforcement utilities
  */
@@ -34,8 +34,9 @@ export declare class PolicyUtil extends QueryUtils {
     private makeTrue;
     private makeFalse;
     private reduce;
-    private readonly FULLY_OPEN_AUTH_GUARD;
-    private getModelAuthGuard;
+    private readonly FULL_OPEN_MODEL_POLICY;
+    private getModelPolicyDef;
+    private getModelGuardForOperation;
     /**
      * Gets pregenerated authorization guard object for a given model and operation.
      *
@@ -43,6 +44,10 @@ export declare class PolicyUtil extends QueryUtils {
      * otherwise returns a guard object
      */
     getAuthGuard(db: CrudContract, model: string, operation: PolicyOperationKind, preValue?: any): object;
+    /**
+     * Get field-level read auth guard
+     */
+    getFieldReadAuthGuard(db: CrudContract, model: string, field: string): object;
     /**
      * Get field-level read auth guard that overrides the model-level
      */
@@ -73,9 +78,9 @@ export declare class PolicyUtil extends QueryUtils {
      * Injects model auth guard as where clause.
      */
     injectAuthGuardAsWhere(db: CrudContract, args: any, model: string, operation: PolicyOperationKind): boolean;
-    private injectGuardForRelationFields;
-    private injectGuardForToManyField;
-    private injectGuardForToOneField;
+    private injectReadGuardForRelationFields;
+    private injectReadGuardForToManyField;
+    private injectReadGuardForToOneField;
     /**
      * Injects auth guard for read operations.
      */
@@ -83,8 +88,7 @@ export declare class PolicyUtil extends QueryUtils {
     /**
      * Gets checker constraints for the given model and operation.
      */
-    getCheckerConstraint(model: string, operation: PolicyCrudKind): ReturnType<CheckerFunc> | boolean;
-    private getModelChecker;
+    getCheckerConstraint(model: string, operation: PolicyCrudKind): ReturnType<PermissionCheckerFunc> | boolean;
     /**
      * Gets unique constraints for the given model.
      */
@@ -95,8 +99,11 @@ export declare class PolicyUtil extends QueryUtils {
      * Rejects with an error if not allowed.
      */
     checkPolicyForUnique(model: string, uniqueFilter: any, operation: PolicyOperationKind, db: CrudContract, args: any, preValue?: any): Promise<void>;
+    getEntityChecker(model: string, operation: PolicyOperationKind, field?: string): EntityChecker | undefined;
+    getUpdateOverrideEntityCheckerForField(model: string, field: string): EntityChecker | undefined;
     private getFieldReadGuards;
     private getFieldUpdateGuards;
+    private combineEntityChecker;
     /**
      * Tries rejecting a request based on static "false" policy.
      */
@@ -116,8 +123,8 @@ export declare class PolicyUtil extends QueryUtils {
         error?: Error;
     }>;
     /**
-     * Injects field selection needed for checking field-level read policy into query args.
-     * @returns
+     * Injects field selection needed for checking field-level read policy check and evaluating
+     * entity checker into query args.
      */
     injectReadCheckSelect(model: string, args: any): void;
     private doInjectReadCheckSelect;
@@ -128,7 +135,7 @@ export declare class PolicyUtil extends QueryUtils {
      * Gets field selection for fetching pre-update entity values for the given model.
      */
     getPreValueSelect(model: string): object | undefined;
-    private getReadFieldSelect;
+    private getFieldReadCheckSelector;
     private checkReadField;
     private hasFieldValidation;
     private hasFieldLevelPolicy;
@@ -141,7 +148,7 @@ export declare class PolicyUtil extends QueryUtils {
     /**
      * Post processing checks and clean-up for read model entities.
      */
-    postProcessForRead(data: any, model: string, queryArgs: any): void;
+    postProcessForRead(data: any, model: string, queryArgs: any): any;
     private doPostProcessForRead;
     /**
      * Clones an object and makes sure it's not empty.
@@ -156,7 +163,6 @@ export declare class PolicyUtil extends QueryUtils {
      */
     pick<T>(value: T, ...props: (keyof T)[]): Pick<T, (typeof props)[number]>;
     private mergeWhereClause;
-    private requireGuard;
     /**
      * Given an entity data, returns an object only containing id fields.
      */