examples/privacy: adminonly application example (#840)

2026-05-24 09:31:56 +03:00 · 2020-10-12 12:13:53 +03:00
parent 58ce4e75b4
commit 190ef15f4e
27 changed files with 3825 additions and 0 deletions
--- a/examples/privacyadmin/rule/rule.go
+++ b/examples/privacyadmin/rule/rule.go
@@ -0,0 +1,36 @@
+// Copyright 2019-present Facebook Inc. All rights reserved.
+// This source code is licensed under the Apache 2.0 license found
+// in the LICENSE file in the root directory of this source tree.
+
+package rule
+
+import (
+	"context"
+
+	"github.com/facebook/ent/examples/privacyadmin/ent/privacy"
+	"github.com/facebook/ent/examples/privacyadmin/viewer"
+)
+
+// DenyIfNoViewer is a rule that returns deny decision if the viewer is missing in the context.
+func DenyIfNoViewer() privacy.QueryMutationRule {
+	return privacy.ContextQueryMutationRule(func(ctx context.Context) error {
+		view := viewer.FromContext(ctx)
+		if view == nil {
+			return privacy.Denyf("viewer-context is missing")
+		}
+		// Skip to the next privacy rule (equivalent to return nil).
+		return privacy.Skip
+	})
+}
+
+// AllowIfAdmin is a rule that returns allow decision if the viewer is admin.
+func AllowIfAdmin() privacy.QueryMutationRule {
+	return privacy.ContextQueryMutationRule(func(ctx context.Context) error {
+		view := viewer.FromContext(ctx)
+		if view.Admin() {
+			return privacy.Allow
+		}
+		// Skip to the next privacy rule (equivalent to return nil).
+		return privacy.Skip
+	})
+}