diff --git a/.circleci/config.yml b/.circleci/config.yml index 53ed60b47..bb8329751 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -24,7 +24,7 @@ commands: jobs: lint: docker: - - image: golangci/golangci-lint:v1.23-alpine + - image: golangci/golangci-lint:v1.26-alpine steps: - checkout - *mktestdir diff --git a/.golangci.yml b/.golangci.yml index a6eb5cc8d..09ba28988 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -65,3 +65,6 @@ issues: text: "packages.LoadSyntax is deprecated" linters: - staticcheck + - text: "Expect WriteFile permissions to be 0600 or less" + linters: + - gosec diff --git a/entc/gen/internal/bindata.go b/entc/gen/internal/bindata.go index 64d3997ac..b4d14f700 100644 --- a/entc/gen/internal/bindata.go +++ b/entc/gen/internal/bindata.go @@ -1046,7 +1046,7 @@ func templatePredicateTmpl() (*asset, error) { return a, nil } -var _templatePrivacyTmpl = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xcc\x58\x4d\x6f\xdc\xbc\x11\x3e\xaf\x7e\xc5\x40\x58\x07\x52\xba\x91\xd3\xdc\xea\xc0\x87\xc0\x75\x80\xa0\xad\x93\x36\x41\x7b\x08\x82\x80\x96\x46\xbb\x84\x25\x52\x26\x29\xef\x2e\x14\xfd\xf7\x82\x23\x51\x4b\x69\x3f\x62\x37\x0e\xfa\x1e\x45\xce\xc7\x33\xc3\x67\x66\x48\x35\xcd\xf9\xcb\xe0\x4a\x56\x5b\xc5\x97\x2b\x03\x6f\x5e\xff\xf9\x2f\xaf\x2a\x85\x1a\x85\x81\xf7\x2c\xc5\x5b\x29\xef\xe0\x83\x48\x13\x78\x57\x14\x40\x42\x1a\xec\xbe\x7a\xc0\x2c\x09\xbe\xac\xb8\x06\x2d\x6b\x95\x22\xa4\x32\x43\xe0\x1a\x0a\x9e\xa2\xd0\x98\x41\x2d\x32\x54\x60\x56\x08\xef\x2a\x96\xae\x10\xde\x24\xaf\xdd\x2e\xe4\xb2\x16\x59\xc0\x05\xed\xff\xfd\xc3\xd5\xf5\xcd\xe7\x6b\xc8\x79\x81\xd0\xaf\x29\x29\x0d\x64\x5c\x61\x6a\xa4\xda\x82\xcc\xc1\x78\xce\x8c\x42\x4c\x82\x97\xe7\x6d\x1b\x04\x4d\x03\x19\xe6\x5c\x20\x84\x95\xe2\x0f\x2c\xdd\x86\xd0\xad\xbf\x82\x35\x37\x2b\xc0\x8d\x41\x91\xc1\x1c\xc2\x4f\x2c\xbd\x63\x4b\x0c\x3d\xc9\x57\x6d\x1b\xcc\x9a\x06\x0c\x96\x55\xc1\x0c\x42\xb8\x42\x96\xa1\x0a\x21\xb1\x56\x9a\x06\xac\xae\xb5\xc7\xcb\x4a\x2a\x03\x61\xd3\xc0\x3c\xb9\x92\x22\xe7\xcb\xa4\x37\x08\x6d\x1b\x12\x90\x79\x75\xb7\x84\x8b\x4b\xb8\x65\x1a\x0f\x49\x05\xc1\x03\x53\x10\x05\xb3\xf3\x73\x9b\x51\xb9\x86\x92\x6d\xe1\x16\x41\xa1\xa9\x95\xc0\x0c\x6e\xb7\xa0\xea\x02\x35\x18\x09\x5c\x64\x3c\xb5\x98\xcc\x8a\x19\xca\x4a\x25\x0b\x9e\x6e\x49\x1d\x1f\x58\x51\x33\xc3\xa5\x00\xbd\x92\x75\x91\x81\x41\x55\x72\x61\xe5\x29\x6c\x26\x80\x91\x8b\x0c\x53\xae\xb9\x14\x49\x30\xeb\x7c\x5e\x02\x2a\x25\x95\x4e\x6e\x70\x1d\x85\x28\xcc\x79\x9f\x8e\x8b\x5e\xc3\x22\x08\xe3\x80\xfc\xfc\x15\xc5\xf6\xf7\xa2\xcc\xac\x07\x0f\x24\x79\x3c\x81\x91\xe4\x7d\x88\x9f\xef\x78\xf5\x9c\x10\x53\x29\x0c\x17\x35\x5a\x55\x2b\x2c\x70\x63\xc8\x58\x12\xcc\xc8\xd7\x09\x70\xda\xee\xf7\xe0\xe2\x8e\x84\x8a\x89\x25\xc2\xdc\x45\x68\xf9\x51\x70\x6d\x20\xa4\xd3\x08\x21\xb4\x01\x87\x10\x5a\xd3\x44\x5d\x8b\xca\x92\x69\xd0\x68\xdb\xbc\x0f\x4c\xdb\x84\xe5\x52\x95\xcc\x18\xcc\x60\xad\x58\x55\x61\x36\x95\xf6\xb3\x99\xd7\x22\xdd\xb3\x16\x75\x26\x40\x1b\xc5\xc5\x72\x01\x0c\x92\x24\xe1\xc2\xa0\xca\x59\x8a\x4d\x1b\x77\x01\x42\x13\xcc\x66\x9d\x63\xc8\x4b\x93\x5c\xdb\x45\xa7\xfc\xa7\xf0\x02\xce\xd6\xe1\x02\x2c\x04\x91\x45\x6c\x31\x75\x13\x27\x49\x12\x07\xb3\x96\xb2\xe0\xca\xc8\x6c\x2b\x1c\xf0\x5d\x99\xcd\xdf\x70\x6b\x61\xd4\xa9\x81\xa6\x0d\x02\x62\x5c\xbf\x29\x85\xb1\x99\x4f\x15\x32\x83\x1a\xd8\xa0\x46\x27\x84\x1b\x93\x04\x14\xdd\x44\x21\xaa\x98\xb2\x0d\xcc\x09\xf5\xcb\x8b\x9d\x3a\x05\x17\x4f\x05\x6c\xb4\x3c\xdf\x49\x5d\x5e\x82\xe0\x05\xfc\xf8\xe1\x4e\xfb\x83\x8e\xdc\xe6\x82\x48\x17\xfb\x09\xea\xbc\xda\x70\xdd\x8a\xb3\xff\x1f\x6e\x56\xff\x66\x45\x8d\x3d\xb2\xc5\x24\xfe\xa6\xdd\xad\xc4\x41\x1b\x74\x51\xb9\x95\xf7\x4a\x96\x2e\xb2\xd4\x6c\xa6\xa8\x63\x88\x08\xde\x02\x6e\xa5\x2c\x08\x11\x2a\xb5\x00\x79\x67\x89\x96\x9a\x4d\xd2\xb9\x9e\xba\x8c\x93\x4e\x2f\xa6\xa0\xe5\x1d\xbc\x78\xe1\xc5\x49\x26\x88\x9f\x5d\x8c\xa8\x14\x50\x3a\xfc\xf8\x7a\x3f\x81\x3b\xd5\xae\xaf\xfd\xb3\x46\xb5\xfd\x44\xf5\x05\xa9\x2c\x6f\xb9\x40\x0d\x65\x5d\x18\x5e\x15\x08\xf7\x76\xb7\xaf\x4c\x2e\x8c\x04\x06\x9a\x8b\x65\xe1\x4a\x32\x09\x66\xbe\x81\xaf\xdf\xe8\xeb\x5f\x75\x81\xc1\xce\xba\xfd\xec\x9b\xbe\xa6\x0a\x1d\xa8\x4b\x59\xcb\xb8\x58\xc2\x7a\x85\x66\x85\x0a\x18\xa9\x75\x6e\xb9\xee\x1a\x1c\x66\xc0\x44\x06\xb2\xb2\x55\xcf\x8a\x62\x0b\xa5\xcc\x78\xbe\x05\x6e\x9c\x7f\x72\xb1\x33\x6b\x73\x70\xfd\xc0\x0a\xda\x8b\xf6\x98\xe5\x5a\x7f\xdb\x26\x24\xd1\xd7\x8f\x4d\x56\x4c\x9c\x1e\x74\x5d\xbb\x21\x3e\x77\xa8\xd8\x92\x71\xa1\xcd\xf0\xed\x12\x41\x2c\x88\xba\x2f\x3f\xab\x31\x78\x48\xf6\x09\xb1\x80\xfb\x63\x78\x7a\x86\x7b\xfc\x38\x42\xb2\xf8\xad\xdd\xf7\xc8\x8d\x8a\x82\x99\xe5\x52\xc1\xf7\x05\x9d\x9f\x55\xef\x5a\x5b\x0f\xd1\x8a\xeb\x35\x37\xe9\xca\x8a\xd3\xb6\xed\x99\x23\xb0\x0b\xb8\x8f\xdf\x92\x64\x6a\x47\x24\xd1\xea\x40\x99\x11\x42\xaa\xb0\x0b\x4f\x74\x9f\x9b\x76\xd7\x41\x24\x72\xce\x32\xcc\x59\x5d\x18\x7f\x83\xb0\x5b\xf0\x3b\xe6\x5a\xd9\xae\xd9\x0c\x87\xfd\xde\x66\x9b\x68\xcc\xa9\xc9\xb2\x8c\x55\xc6\x5e\x60\x64\x3f\x14\x2d\xcf\x6a\x8d\x20\x73\xab\x27\x55\xc6\x05\x53\x5b\xb0\xa7\x64\x69\xa4\x81\x69\x9f\xdd\x49\x57\x13\x63\xfb\x56\xf8\xf1\xec\x71\xc4\x19\x7a\x7f\xee\x52\xe8\xc8\x91\x8f\xed\xff\x1a\x33\x5c\xa3\x77\x4e\x26\x75\xfd\x8f\xda\xd0\x94\x3c\x5a\xda\x65\x2f\x70\xba\xba\x27\x66\xbe\x7e\x73\x0b\xbb\x1a\xf7\x57\x9e\x56\xe6\x03\x84\xc7\x55\xfa\xc8\xd1\x7e\xb1\xbb\xed\x93\x27\xe6\x84\x0e\x96\xbc\xdb\x1c\x55\xfd\x00\x72\x57\xf8\xc3\xd2\xc1\xda\x1f\xa7\x2c\x86\x31\xb6\x43\xe7\x5c\x9e\x40\xf8\x7f\x6b\x02\x3e\xe4\x05\x94\x7f\xac\x3e\xe0\x53\xe1\x59\x5a\xc1\xb8\x1a\xfa\x6e\xb0\xe7\xe5\xa7\x0d\x61\x4a\xaf\x3d\x66\x4d\x7a\x43\xe9\xf5\x86\xa9\xb7\xe7\x60\xce\xb8\x49\x94\x71\x9f\xbe\xbe\x9a\x97\x4a\xd6\x95\x6b\x83\xb6\xf0\xc6\xc4\xe6\x43\x22\x7a\x79\x77\xf1\xeb\x87\xae\x3f\xe5\x76\xd5\x39\xe1\x7f\xef\x71\x37\x51\x73\xa9\xd6\x4c\x65\xda\xbf\xc9\x1b\x79\x6a\x98\x3e\xc7\x1c\x75\xb7\xbe\xce\x3e\xed\xee\x8f\x3a\x0f\xeb\x10\xcd\x11\xb8\xa7\x5b\xc0\xf3\x95\xfe\x18\xb7\x13\x38\x58\xa0\xfe\x88\x1c\xb7\xca\x69\x3b\xa6\x77\xd5\xf1\xc3\xdf\x1b\x88\xc7\x1b\xef\xee\xba\x37\xea\xce\x3d\x94\x77\xc5\x9a\x6d\x35\xd5\x3c\xa9\x0e\x8f\xa2\xae\x19\x11\x0c\xef\xa1\x34\x7d\xff\x52\x4a\x27\x36\xa2\xf8\x00\x24\x8f\xe8\x7c\x83\x99\x7b\x60\xd8\xbd\x86\x34\xdb\x11\x20\xfb\x80\xfb\x39\x9e\xe9\x43\xd7\x43\xe3\x0c\x3c\x19\x8c\x55\x6c\x87\x41\xbd\xb7\x3f\x14\x18\x75\xd8\x8e\x03\xee\x7d\x11\xe5\xfb\xf2\xa3\x92\x78\xe4\x35\x05\x1a\x70\xf0\x12\xeb\xa5\xfd\x99\xf9\xff\x65\xac\xee\x3b\x09\xfa\x7f\x13\x4e\xf0\x63\x85\x6a\x97\xb3\xc9\x41\xd8\xcc\xdb\xdb\x82\xae\x30\xe5\x39\x47\x8f\x9b\xd2\xe9\x0d\x8f\xc9\x23\x36\x23\x59\xf9\x00\x3f\x56\x31\x1c\x39\xa6\x69\xdf\x8d\xa8\xcb\x7f\x7f\x7a\xad\xda\x39\x5d\x26\x1f\xab\x28\xb6\xf3\x4e\xf6\xef\x4d\xe7\xc6\x22\xcd\x27\xbf\x1f\x86\x68\xe0\x4c\xdb\x32\x15\xd2\xb8\x8b\x50\xb8\xe8\x6d\xc5\xdd\x14\x74\x66\xec\x78\x0d\x66\x2d\x55\xbb\xf7\xbb\x82\xfe\x53\xcc\x93\x1b\x99\xa1\x86\xfe\x27\xd9\x5c\xb0\x92\x46\x7e\xa5\xb8\x30\x30\x17\xc9\x8d\x5d\x08\x47\x97\xd0\x70\x90\x26\x4e\x3a\xe9\x1c\xc2\x97\x67\x3a\x39\xd3\x61\x17\xf1\x5c\x74\x2c\x22\x0b\xfd\x4f\x8f\x2f\x2b\x84\xc1\x4d\xdb\x3e\x72\x06\x0f\x03\x98\x6c\x8c\x86\x30\xf3\x6e\xe4\x49\x30\x23\x7b\xbe\x83\xe3\xe3\x97\x44\xdb\x76\x18\xbb\xb3\xd1\xc8\x99\x5e\x95\xdd\x7f\x96\x28\xf7\xcd\xff\xda\x80\xb1\x87\x7f\xef\xae\x68\xf7\x49\xe4\xa3\x1a\x6e\x66\xfb\x97\xf6\xd1\xd9\x1e\xa2\x48\x2d\x70\x53\x61\x6a\x30\xeb\x93\x43\x46\xcf\xbe\x2c\xa0\x5b\xf7\xc3\x0f\x3b\x93\x6d\xe0\x1d\xff\xde\xe9\x4f\xe9\x3e\x21\xc0\xf1\xf3\x77\x8a\xbf\x99\x02\xa3\x31\xf4\x3c\x2c\x18\x86\x79\xca\x8a\x62\x74\xf7\x3a\xce\x83\x5f\x1b\xdb\xd4\x0a\x1c\x1b\xca\xc7\xb1\xa1\x7c\x1a\x1b\x86\x3c\x9d\x26\x44\xb9\xf7\x4b\x6f\xf7\x93\xfc\xbf\x01\x00\x00\xff\xff\xb6\x14\xf1\xd5\x50\x18\x00\x00") +var _templatePrivacyTmpl = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xcc\x59\xdf\x6f\xdb\xbe\x11\x7f\xb6\xfe\x8a\x83\xe0\x7c\x21\x75\xae\xf2\x5d\xdf\x96\x22\x0f\x45\x96\x02\xc5\xb6\xa4\x5b\x8b\xed\xa1\x28\x0a\x46\x3a\xd9\x44\x24\x52\x21\xa9\xd8\x86\xab\xff\x7d\xe0\x49\x94\x29\xd9\x72\xd3\x36\x05\xfa\x68\xf2\x7e\x7c\xee\xf8\xb9\x3b\x52\xde\xed\xce\x5f\x04\x57\xb2\xda\x2a\xbe\x5c\x19\x78\xf5\xe7\x5f\xff\xf6\xb2\x52\xa8\x51\x18\x78\xcb\x52\xbc\x93\xf2\x1e\xde\x89\x34\x81\x37\x45\x01\x24\xa4\xc1\xee\xab\x47\xcc\x92\xe0\xe3\x8a\x6b\xd0\xb2\x56\x29\x42\x2a\x33\x04\xae\xa1\xe0\x29\x0a\x8d\x19\xd4\x22\x43\x05\x66\x85\xf0\xa6\x62\xe9\x0a\xe1\x55\xf2\xa7\xdb\x85\x5c\xd6\x22\x0b\xb8\xa0\xfd\x7f\xbe\xbb\xba\xbe\xf9\x70\x0d\x39\x2f\x10\xba\x35\x25\xa5\x81\x8c\x2b\x4c\x8d\x54\x5b\x90\x39\x18\xcf\x99\x51\x88\x49\xf0\xe2\xbc\x69\x82\x60\xb7\x83\x0c\x73\x2e\x10\xc2\x4a\xf1\x47\x96\x6e\x43\x68\xd7\x5f\xc2\x9a\x9b\x15\xe0\xc6\xa0\xc8\x60\x0e\xe1\x7b\x96\xde\xb3\x25\x86\x9e\xe4\xcb\xa6\x09\x66\xbb\x1d\x18\x2c\xab\x82\x19\x84\x70\x85\x2c\x43\x15\x42\x62\xad\xec\x76\x60\x75\xad\x3d\x5e\x56\x52\x19\x08\x77\x3b\x98\x27\x57\x52\xe4\x7c\x99\x74\x06\xa1\x69\x42\x02\x32\xaf\xee\x97\x70\x71\x09\x77\x4c\xe3\x31\xa9\x20\x78\x64\x0a\xa2\x60\x76\x7e\x6e\x33\x2a\xd7\x50\xb2\x2d\xdc\x21\x28\x34\xb5\x12\x98\xc1\xdd\x16\x54\x5d\xa0\x06\x23\x81\x8b\x8c\xa7\x16\x93\x59\x31\x43\x59\xa9\x64\xc1\xd3\x2d\xa9\xe3\x23\x2b\x6a\x66\xb8\x14\xa0\x57\xb2\x2e\x32\x30\xa8\x4a\x2e\xac\x3c\x85\xcd\x04\x30\x72\x91\x61\xca\x35\x97\x22\x09\x66\xad\xcf\x4b\x40\xa5\xa4\xd2\xc9\x0d\xae\xa3\x10\x85\x39\xef\xd2\x71\xd1\x69\x58\x04\x61\x1c\x90\x9f\xbf\xa3\xd8\xfe\x5a\x94\x99\xf5\xe0\x81\x24\x8f\x27\x30\x92\xbc\x0f\xf1\xc3\x3d\xaf\x9e\x13\x62\x2a\x85\xe1\xa2\x46\xab\x6a\x85\x05\x6e\x0c\x19\x4b\x82\x19\xf9\x3a\x01\x4e\xdb\xfd\x0e\x5c\xdc\x92\x50\x31\xb1\x44\x98\xbb\x08\x2d\x3f\x0a\xae\x0d\x84\x74\x1a\x21\x84\x36\xe0\x10\x42\x6b\x9a\xa8\x6b\x51\x59\x32\xf5\x1a\x4d\x93\x77\x81\x69\x9b\xb0\x5c\xaa\x92\x19\x83\x19\xac\x15\xab\x2a\xcc\xc6\xd2\x7e\x36\xf3\x5a\xa4\x07\xd6\xa2\xd6\x04\x68\xa3\xb8\x58\x2e\x80\x41\x92\x24\x5c\x18\x54\x39\x4b\x71\xd7\xc4\x6d\x80\xb0\x0b\x66\xb3\xd6\x31\xe4\xa5\x49\xae\xed\xa2\x53\xfe\x4b\x78\x01\x67\xeb\x70\x01\x16\x82\xc8\x22\xb6\x18\xbb\x89\x93\x24\x89\x83\x59\x43\x59\x70\x65\x64\xb6\x15\xf6\xf8\xae\xcc\xe6\x1f\xb8\xb5\x30\xea\xd4\xc0\xae\x09\x02\x62\x5c\xb7\x29\x85\xb1\x99\x4f\x15\x32\x83\x1a\x58\xaf\x46\x27\x84\x1b\x93\x04\x14\xdd\x48\x21\xaa\x98\xb2\x0d\xcc\x09\x75\xcb\x8b\xbd\x3a\x05\x17\x8f\x05\x6c\xb4\x3c\xdf\x4b\x5d\x5e\x82\xe0\x05\x7c\xfd\xea\x4e\xfb\x9d\x8e\xdc\xe6\x82\x48\x17\xfb\x09\x6a\xbd\xda\x70\xdd\x8a\xb3\xff\x3f\x6e\x56\xff\x65\x45\x8d\x1d\xb2\xc5\x28\xfe\x5d\xb3\x5f\x89\x83\x26\x68\xa3\x72\x2b\x6f\x95\x2c\x5d\x64\xa9\xd9\x8c\x51\xc7\x10\x11\xbc\x05\xdc\x49\x59\x10\xa2\x3d\x48\x79\x6f\xd9\x96\x9a\x4d\xd2\xfa\x1f\xfb\x8d\x93\x56\x39\xa6\xc8\xe5\x3d\xfc\xf1\xc7\xd1\x60\x89\xa9\x6d\xb4\xfb\xf4\xd8\xec\xf8\xe1\xfa\x6e\x03\x77\xd2\x6d\xaf\xfb\x77\x8d\x6a\xfb\x9e\x6a\x0e\x52\x59\xde\x71\x81\x1a\xca\xba\x30\xbc\x2a\x10\x1e\xec\x6e\x57\xad\x5c\x18\x09\x0c\x34\x17\xcb\xc2\x95\x69\x12\xcc\x7c\x03\x9f\x3e\xd3\xaf\xff\xd4\x05\x06\x7b\xeb\xf6\x67\x37\x08\x34\x55\x6d\x4f\x67\x02\x96\x71\xb1\x84\xf5\x0a\xcd\x0a\x15\x30\x52\x6b\xdd\x72\xdd\x36\x3d\xcc\x80\x89\x0c\x64\x65\x3b\x01\x2b\x8a\x2d\x94\x32\xe3\xf9\x16\xb8\x71\xfe\xc9\xc5\xde\xac\xcd\xc6\xf5\x23\x2b\x68\x2f\x3a\x60\x9b\x1b\x07\x4d\x93\x90\x44\x57\x53\x36\x63\x31\xf1\xbc\xd7\x75\x2d\x88\x38\xde\xa2\x62\x4b\xc6\x85\x36\xfd\x6f\x97\x08\x62\x46\xd4\xfe\xf2\xb3\x1a\x83\x87\xe4\x90\x24\x0b\x78\x98\xc2\x33\x62\xbd\xe3\xcc\x04\xfb\xe2\xd7\x76\xdf\x63\xbd\x93\x23\x22\xe4\x52\xc1\x97\x05\x9d\xa4\xb5\xd1\x36\xbe\x0e\xac\xd5\xd1\x6b\x6e\xd2\x15\xf8\x9d\x90\xda\xea\x00\xfb\x02\x1e\xe2\xd7\x24\x9e\xda\x29\xfa\x3d\xe5\x78\xe1\x94\xa6\x39\x6c\x45\x1c\x76\xe2\xef\x2c\xc3\x9c\xd5\x85\xf1\x37\xf6\x41\xd9\xa8\xf6\x0c\xb7\x0a\x6d\x8f\xea\xf9\xf0\xd6\x1e\x08\x31\x9d\x53\x6f\x66\x19\xab\x8c\xbd\xf7\xc8\x6e\x96\x5a\x2a\xd6\x1a\x41\xe6\x56\x4f\xaa\x8c\x0b\xa6\xb6\x60\x0f\xd2\x32\x4d\x03\xd3\x7e\x01\x24\x6d\xd9\x0c\xed\x5b\xe1\xa7\x13\xcc\x71\xab\x1f\x19\xb9\x4b\xab\xe3\x4f\x3e\xb4\xff\x73\xe4\x71\xf3\xc1\x39\x19\x95\xfe\xbf\x6a\x43\xc3\x75\xb2\xfa\xcb\x4e\xe0\x74\x03\x18\x99\xf9\xf4\xd9\x2d\xec\xdb\x80\xbf\xf2\x7d\x9d\xa0\x87\xf0\xb4\x66\x30\x70\x74\xd8\x0f\xdc\xf6\xc9\x13\x73\x42\x47\xbb\x82\xdb\x1c\x34\x86\x1e\xe4\xbe\x37\xf4\x4b\x47\xdb\xc3\x30\x65\x31\x0c\xb1\x1d\x3b\xe7\xf2\x04\xc2\xdf\xa5\x4f\xf8\x11\x2c\xa0\xfc\xfd\x5b\x85\xcf\x96\x67\xe9\x16\xc3\x82\xe9\x1a\xc6\x81\x97\x6f\xf6\x8c\x31\x03\x0f\xc8\x37\x6a\x1f\xa5\xd7\x3e\xc6\xde\x9e\x83\x5c\xc3\x3e\x52\xc6\x5d\xfa\xba\x82\x5f\x2a\x59\x57\xae\x53\xda\xda\x1c\x72\x9f\xf7\x89\xe8\xe4\xdd\x95\xb2\x1b\xdd\xfe\xac\xdc\x17\xf0\xa8\x44\x3a\x8f\xfb\xb9\x9c\x4b\xb5\x66\x2a\xd3\xfe\x1b\xc1\xc8\x53\x23\xf9\x39\xa6\xb1\xbb\x4f\xb6\xf6\x69\xf7\x70\x42\x7a\x58\xfb\x68\x26\xe0\x9e\xee\x12\xcf\xd7\x1d\x86\xb8\x9d\xc0\xd1\xa2\xf5\xa7\xe8\xb0\x9b\x8e\x3b\x36\xbd\xd8\xa6\x0f\xff\x60\x66\x4e\xf7\xe6\xfd\xa5\x71\xd0\xc0\x3b\x28\x6f\x8a\x35\xdb\x6a\x2a\x7c\x52\xed\x9f\x5b\x6d\x97\x22\x18\xde\x13\x6c\xfc\xb2\xa6\x94\x8e\x6c\x44\xf1\x11\x48\x1e\xd1\xf9\x06\x33\xf7\x74\xd9\x91\x56\x33\x00\x63\x9f\x85\xdf\xc6\x32\x7e\x3e\x7b\x48\x9c\x81\xef\x02\x62\x95\x9a\x7e\x86\x0f\xf6\xbc\xa2\x1a\x3e\xa5\xfa\x37\x4b\x94\x0f\x35\x06\x85\xf0\xc4\xfb\x8b\x8f\x2c\xe9\xdb\xeb\x69\x0f\x3f\x32\x72\x27\xfd\x9c\x9f\xc3\xad\x70\xc2\xb7\x15\xaa\xf1\x2c\xb6\x0c\x5d\xf2\x47\x6c\xe9\x07\x52\x14\x5b\xb0\x73\xb9\x5b\xec\xc9\x29\x9d\x6e\x77\x2a\x47\xac\x46\x64\xc1\x3f\x98\x05\xc8\xca\x47\x7d\x5b\xc5\x30\x71\x70\xe3\x2e\x1c\xb5\x3d\xff\x47\x6a\xd7\x8e\xf6\x32\xb9\xad\xa2\xd8\x4e\x42\xd9\xbd\x6c\x9d\xa3\xc9\xe1\xdb\x4e\x3d\x27\x66\x07\x6b\x30\x6b\x5c\x75\x5b\x26\x1d\x04\x7c\x8c\xd0\x96\xc1\xf6\x52\xa6\x2b\x4c\x79\xce\x31\x9b\x4e\xe1\xa4\xcd\xe8\x09\x59\xeb\xae\x1b\xc7\xd3\xf6\xe5\x07\x92\xd6\xc5\x6d\x41\xe5\xa3\xef\x40\x3d\x70\x38\xd3\xb6\xab\x09\x69\xdc\xd5\x32\x5c\x74\xa9\x8e\x29\x59\xce\xca\x14\x3b\x2c\x21\x28\xa5\xde\xb7\x24\xba\x12\xcd\x93\x1b\x99\xa1\x86\xee\x0b\xe6\x5c\xb0\x92\xe2\xab\x14\x17\x06\xe6\x22\xb9\xb1\x0b\xe1\xe0\xaa\x1f\xf6\xd2\x54\xde\x4e\x3a\x87\xf0\xc5\x99\x4e\xce\x74\xd8\xc6\x3b\x17\x6d\x49\x92\x85\xee\x8b\xd4\xc7\x15\x42\xef\xa6\x69\x9e\x78\x8d\xe9\xef\x30\x64\x63\x70\x8f\x61\xde\xbb\x27\x09\x66\x64\xcf\x77\x30\x7d\x83\x21\xd1\xa6\xe9\x6f\x2e\xb3\xc1\xd4\x1e\x3f\x48\xdc\x47\xb0\x28\xf7\xcd\xff\xdc\x8c\xb6\xf5\xf2\xe0\xee\xc0\x0f\x49\xe4\xa3\xea\xaf\xbe\x87\x4f\xa3\x41\xb9\x1c\xa3\x4d\x2d\x70\x53\x61\x6a\x30\xeb\x92\x43\x46\xcf\x3e\x2e\xa0\x5d\xf7\xc3\x0f\x5b\x93\x4d\xe0\x1d\xff\xc1\xe9\x8f\xc9\x3e\x22\xc0\xf4\xf9\x3b\xc5\x5f\x4c\x81\xc1\x24\x7f\x1e\x16\xf4\xf7\xa1\x94\x15\xc5\xe0\xfa\x3a\xcd\x83\x9f\xbb\xf9\x50\xf7\x74\x6c\x28\x9f\xc6\x86\x71\xf3\xfc\x06\x1b\xfa\x3c\x9d\x26\x44\x79\xf0\xbd\x75\xff\x0f\xc6\xff\x03\x00\x00\xff\xff\x9d\x0a\x54\xe1\xed\x19\x00\x00") func templatePrivacyTmplBytes() ([]byte, error) { return bindataRead( @@ -1061,7 +1061,7 @@ func templatePrivacyTmpl() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "template/privacy.tmpl", size: 6224, mode: os.FileMode(420), modTime: time.Unix(1, 0)} + info := bindataFileInfo{name: "template/privacy.tmpl", size: 6637, mode: os.FileMode(420), modTime: time.Unix(1, 0)} a := &asset{bytes: bytes, info: info} return a, nil } diff --git a/entc/gen/template/privacy.tmpl b/entc/gen/template/privacy.tmpl index 1c0649895..45cb5808e 100644 --- a/entc/gen/template/privacy.tmpl +++ b/entc/gen/template/privacy.tmpl @@ -46,11 +46,11 @@ func DecisionContext(parent context.Context, decision error) context.Context { } func decisionFromContext(ctx context.Context) (error, bool) { - err, ok := ctx.Value(decisionCtxKey{}).(error) - if ok && errors.Is(err, Allow) { - err = nil + decision, ok := ctx.Value(decisionCtxKey{}).(error) + if ok && errors.Is(decision, Allow) { + decision = nil } - return err, ok + return decision, ok } type ( @@ -66,16 +66,16 @@ type ( // EvalQuery evaluates a query against a query policy. func (policy QueryPolicy) EvalQuery(ctx context.Context, q {{ $pkg }}.Query) error { - if err, ok := decisionFromContext(ctx); ok { - return err + if decision, ok := decisionFromContext(ctx); ok { + return decision } for _, rule := range policy { - switch err := rule.EvalQuery(ctx, q); { - case err == nil || errors.Is(err, Skip): - case errors.Is(err, Allow): + switch decision := rule.EvalQuery(ctx, q); { + case decision == nil || errors.Is(decision, Skip): + case errors.Is(decision, Allow): return nil default: - return err + return decision } } return nil @@ -103,16 +103,16 @@ type ( // EvalMutation evaluates a mutation against a mutation policy. func (policy MutationPolicy) EvalMutation(ctx context.Context, m {{ $pkg }}.Mutation) error { - if err, ok := decisionFromContext(ctx); ok { - return err + if decision, ok := decisionFromContext(ctx); ok { + return decision } for _, rule := range policy { - switch err := rule.EvalMutation(ctx, m); { - case err == nil || errors.Is(err, Skip): - case errors.Is(err, Allow): + switch decision := rule.EvalMutation(ctx, m); { + case decision == nil || errors.Is(decision, Skip): + case errors.Is(decision, Allow): return nil default: - return err + return decision } } return nil @@ -151,29 +151,44 @@ type QueryMutationRule interface { // AlwaysAllowRule returns a rule that returns an allow decision. func AlwaysAllowRule() QueryMutationRule { - return fixedDecisionRule{Allow} + return fixedDecision{Allow} } // AlwaysDenyRule returns a rule that returns a deny decision. func AlwaysDenyRule() QueryMutationRule { - return fixedDecisionRule{Deny} + return fixedDecision{Deny} } -type fixedDecisionRule struct { err error } +type fixedDecision struct { + decision error +} -func (f fixedDecisionRule) EvalQuery(context.Context, {{ $pkg }}.Query) error { return f.err } -func (f fixedDecisionRule) EvalMutation(context.Context, {{ $pkg }}.Mutation) error { return f.err } +func (f fixedDecision) EvalQuery(context.Context, {{ $pkg }}.Query) error { + return f.decision +} -// DenyMutationOperationRule returns a rule denying specified mutation operation. -func DenyMutationOperationRule(op {{ $pkg }}.Op) MutationRule { - return MutationRuleFunc(func(_ context.Context, m {{ $pkg }}.Mutation) error { +func (f fixedDecision) EvalMutation(context.Context, {{ $pkg }}.Mutation) error { + return f.decision +} + +// OnMutationOperation evaluates the given rule only on a given mutation operation. +func OnMutationOperation(rule MutationRule, op {{ $pkg }}.Op) MutationRule { + return MutationRuleFunc(func(ctx context.Context, m {{ $pkg }}.Mutation) error { if m.Op().Is(op) { - return Denyf("ent/privacy: operation %s is not allowed", m.Op()) + return rule.EvalMutation(ctx, m) } return Skip }) } +// DenyMutationOperationRule returns a rule denying specified mutation operation. +func DenyMutationOperationRule(op {{ $pkg }}.Op) MutationRule { + rule := MutationRuleFunc(func(_ context.Context, m {{ $pkg }}.Mutation) error { + return Denyf("ent/privacy: operation %s is not allowed", m.Op()) + }) + return OnMutationOperation(rule, op) +} + {{- range $n := $.Nodes }} {{ $name := print $n.Name "QueryRuleFunc" }} {{ $type := printf "*%s.%s" $pkg $n.QueryName }} diff --git a/entc/integration/config/ent/privacy/privacy.go b/entc/integration/config/ent/privacy/privacy.go index b03484535..e060386e5 100644 --- a/entc/integration/config/ent/privacy/privacy.go +++ b/entc/integration/config/ent/privacy/privacy.go @@ -54,11 +54,11 @@ func DecisionContext(parent context.Context, decision error) context.Context { } func decisionFromContext(ctx context.Context) (error, bool) { - err, ok := ctx.Value(decisionCtxKey{}).(error) - if ok && errors.Is(err, Allow) { - err = nil + decision, ok := ctx.Value(decisionCtxKey{}).(error) + if ok && errors.Is(decision, Allow) { + decision = nil } - return err, ok + return decision, ok } type ( @@ -74,16 +74,16 @@ type ( // EvalQuery evaluates a query against a query policy. func (policy QueryPolicy) EvalQuery(ctx context.Context, q ent.Query) error { - if err, ok := decisionFromContext(ctx); ok { - return err + if decision, ok := decisionFromContext(ctx); ok { + return decision } for _, rule := range policy { - switch err := rule.EvalQuery(ctx, q); { - case err == nil || errors.Is(err, Skip): - case errors.Is(err, Allow): + switch decision := rule.EvalQuery(ctx, q); { + case decision == nil || errors.Is(decision, Skip): + case errors.Is(decision, Allow): return nil default: - return err + return decision } } return nil @@ -111,16 +111,16 @@ type ( // EvalMutation evaluates a mutation against a mutation policy. func (policy MutationPolicy) EvalMutation(ctx context.Context, m ent.Mutation) error { - if err, ok := decisionFromContext(ctx); ok { - return err + if decision, ok := decisionFromContext(ctx); ok { + return decision } for _, rule := range policy { - switch err := rule.EvalMutation(ctx, m); { - case err == nil || errors.Is(err, Skip): - case errors.Is(err, Allow): + switch decision := rule.EvalMutation(ctx, m); { + case decision == nil || errors.Is(decision, Skip): + case errors.Is(decision, Allow): return nil default: - return err + return decision } } return nil @@ -159,29 +159,44 @@ type QueryMutationRule interface { // AlwaysAllowRule returns a rule that returns an allow decision. func AlwaysAllowRule() QueryMutationRule { - return fixedDecisionRule{Allow} + return fixedDecision{Allow} } // AlwaysDenyRule returns a rule that returns a deny decision. func AlwaysDenyRule() QueryMutationRule { - return fixedDecisionRule{Deny} + return fixedDecision{Deny} } -type fixedDecisionRule struct{ err error } +type fixedDecision struct { + decision error +} -func (f fixedDecisionRule) EvalQuery(context.Context, ent.Query) error { return f.err } -func (f fixedDecisionRule) EvalMutation(context.Context, ent.Mutation) error { return f.err } +func (f fixedDecision) EvalQuery(context.Context, ent.Query) error { + return f.decision +} -// DenyMutationOperationRule returns a rule denying specified mutation operation. -func DenyMutationOperationRule(op ent.Op) MutationRule { - return MutationRuleFunc(func(_ context.Context, m ent.Mutation) error { +func (f fixedDecision) EvalMutation(context.Context, ent.Mutation) error { + return f.decision +} + +// OnMutationOperation evaluates the given rule only on a given mutation operation. +func OnMutationOperation(rule MutationRule, op ent.Op) MutationRule { + return MutationRuleFunc(func(ctx context.Context, m ent.Mutation) error { if m.Op().Is(op) { - return Denyf("ent/privacy: operation %s is not allowed", m.Op()) + return rule.EvalMutation(ctx, m) } return Skip }) } +// DenyMutationOperationRule returns a rule denying specified mutation operation. +func DenyMutationOperationRule(op ent.Op) MutationRule { + rule := MutationRuleFunc(func(_ context.Context, m ent.Mutation) error { + return Denyf("ent/privacy: operation %s is not allowed", m.Op()) + }) + return OnMutationOperation(rule, op) +} + // The UserQueryRuleFunc type is an adapter to allow the use of ordinary // functions as a query rule. type UserQueryRuleFunc func(context.Context, *ent.UserQuery) error diff --git a/entc/integration/customid/ent/privacy/privacy.go b/entc/integration/customid/ent/privacy/privacy.go index 81cdbde55..25fe872f8 100644 --- a/entc/integration/customid/ent/privacy/privacy.go +++ b/entc/integration/customid/ent/privacy/privacy.go @@ -54,11 +54,11 @@ func DecisionContext(parent context.Context, decision error) context.Context { } func decisionFromContext(ctx context.Context) (error, bool) { - err, ok := ctx.Value(decisionCtxKey{}).(error) - if ok && errors.Is(err, Allow) { - err = nil + decision, ok := ctx.Value(decisionCtxKey{}).(error) + if ok && errors.Is(decision, Allow) { + decision = nil } - return err, ok + return decision, ok } type ( @@ -74,16 +74,16 @@ type ( // EvalQuery evaluates a query against a query policy. func (policy QueryPolicy) EvalQuery(ctx context.Context, q ent.Query) error { - if err, ok := decisionFromContext(ctx); ok { - return err + if decision, ok := decisionFromContext(ctx); ok { + return decision } for _, rule := range policy { - switch err := rule.EvalQuery(ctx, q); { - case err == nil || errors.Is(err, Skip): - case errors.Is(err, Allow): + switch decision := rule.EvalQuery(ctx, q); { + case decision == nil || errors.Is(decision, Skip): + case errors.Is(decision, Allow): return nil default: - return err + return decision } } return nil @@ -111,16 +111,16 @@ type ( // EvalMutation evaluates a mutation against a mutation policy. func (policy MutationPolicy) EvalMutation(ctx context.Context, m ent.Mutation) error { - if err, ok := decisionFromContext(ctx); ok { - return err + if decision, ok := decisionFromContext(ctx); ok { + return decision } for _, rule := range policy { - switch err := rule.EvalMutation(ctx, m); { - case err == nil || errors.Is(err, Skip): - case errors.Is(err, Allow): + switch decision := rule.EvalMutation(ctx, m); { + case decision == nil || errors.Is(decision, Skip): + case errors.Is(decision, Allow): return nil default: - return err + return decision } } return nil @@ -159,29 +159,44 @@ type QueryMutationRule interface { // AlwaysAllowRule returns a rule that returns an allow decision. func AlwaysAllowRule() QueryMutationRule { - return fixedDecisionRule{Allow} + return fixedDecision{Allow} } // AlwaysDenyRule returns a rule that returns a deny decision. func AlwaysDenyRule() QueryMutationRule { - return fixedDecisionRule{Deny} + return fixedDecision{Deny} } -type fixedDecisionRule struct{ err error } +type fixedDecision struct { + decision error +} -func (f fixedDecisionRule) EvalQuery(context.Context, ent.Query) error { return f.err } -func (f fixedDecisionRule) EvalMutation(context.Context, ent.Mutation) error { return f.err } +func (f fixedDecision) EvalQuery(context.Context, ent.Query) error { + return f.decision +} -// DenyMutationOperationRule returns a rule denying specified mutation operation. -func DenyMutationOperationRule(op ent.Op) MutationRule { - return MutationRuleFunc(func(_ context.Context, m ent.Mutation) error { +func (f fixedDecision) EvalMutation(context.Context, ent.Mutation) error { + return f.decision +} + +// OnMutationOperation evaluates the given rule only on a given mutation operation. +func OnMutationOperation(rule MutationRule, op ent.Op) MutationRule { + return MutationRuleFunc(func(ctx context.Context, m ent.Mutation) error { if m.Op().Is(op) { - return Denyf("ent/privacy: operation %s is not allowed", m.Op()) + return rule.EvalMutation(ctx, m) } return Skip }) } +// DenyMutationOperationRule returns a rule denying specified mutation operation. +func DenyMutationOperationRule(op ent.Op) MutationRule { + rule := MutationRuleFunc(func(_ context.Context, m ent.Mutation) error { + return Denyf("ent/privacy: operation %s is not allowed", m.Op()) + }) + return OnMutationOperation(rule, op) +} + // The BlobQueryRuleFunc type is an adapter to allow the use of ordinary // functions as a query rule. type BlobQueryRuleFunc func(context.Context, *ent.BlobQuery) error diff --git a/entc/integration/ent/privacy/privacy.go b/entc/integration/ent/privacy/privacy.go index db41eda91..a8830b09f 100644 --- a/entc/integration/ent/privacy/privacy.go +++ b/entc/integration/ent/privacy/privacy.go @@ -54,11 +54,11 @@ func DecisionContext(parent context.Context, decision error) context.Context { } func decisionFromContext(ctx context.Context) (error, bool) { - err, ok := ctx.Value(decisionCtxKey{}).(error) - if ok && errors.Is(err, Allow) { - err = nil + decision, ok := ctx.Value(decisionCtxKey{}).(error) + if ok && errors.Is(decision, Allow) { + decision = nil } - return err, ok + return decision, ok } type ( @@ -74,16 +74,16 @@ type ( // EvalQuery evaluates a query against a query policy. func (policy QueryPolicy) EvalQuery(ctx context.Context, q ent.Query) error { - if err, ok := decisionFromContext(ctx); ok { - return err + if decision, ok := decisionFromContext(ctx); ok { + return decision } for _, rule := range policy { - switch err := rule.EvalQuery(ctx, q); { - case err == nil || errors.Is(err, Skip): - case errors.Is(err, Allow): + switch decision := rule.EvalQuery(ctx, q); { + case decision == nil || errors.Is(decision, Skip): + case errors.Is(decision, Allow): return nil default: - return err + return decision } } return nil @@ -111,16 +111,16 @@ type ( // EvalMutation evaluates a mutation against a mutation policy. func (policy MutationPolicy) EvalMutation(ctx context.Context, m ent.Mutation) error { - if err, ok := decisionFromContext(ctx); ok { - return err + if decision, ok := decisionFromContext(ctx); ok { + return decision } for _, rule := range policy { - switch err := rule.EvalMutation(ctx, m); { - case err == nil || errors.Is(err, Skip): - case errors.Is(err, Allow): + switch decision := rule.EvalMutation(ctx, m); { + case decision == nil || errors.Is(decision, Skip): + case errors.Is(decision, Allow): return nil default: - return err + return decision } } return nil @@ -159,29 +159,44 @@ type QueryMutationRule interface { // AlwaysAllowRule returns a rule that returns an allow decision. func AlwaysAllowRule() QueryMutationRule { - return fixedDecisionRule{Allow} + return fixedDecision{Allow} } // AlwaysDenyRule returns a rule that returns a deny decision. func AlwaysDenyRule() QueryMutationRule { - return fixedDecisionRule{Deny} + return fixedDecision{Deny} } -type fixedDecisionRule struct{ err error } +type fixedDecision struct { + decision error +} -func (f fixedDecisionRule) EvalQuery(context.Context, ent.Query) error { return f.err } -func (f fixedDecisionRule) EvalMutation(context.Context, ent.Mutation) error { return f.err } +func (f fixedDecision) EvalQuery(context.Context, ent.Query) error { + return f.decision +} -// DenyMutationOperationRule returns a rule denying specified mutation operation. -func DenyMutationOperationRule(op ent.Op) MutationRule { - return MutationRuleFunc(func(_ context.Context, m ent.Mutation) error { +func (f fixedDecision) EvalMutation(context.Context, ent.Mutation) error { + return f.decision +} + +// OnMutationOperation evaluates the given rule only on a given mutation operation. +func OnMutationOperation(rule MutationRule, op ent.Op) MutationRule { + return MutationRuleFunc(func(ctx context.Context, m ent.Mutation) error { if m.Op().Is(op) { - return Denyf("ent/privacy: operation %s is not allowed", m.Op()) + return rule.EvalMutation(ctx, m) } return Skip }) } +// DenyMutationOperationRule returns a rule denying specified mutation operation. +func DenyMutationOperationRule(op ent.Op) MutationRule { + rule := MutationRuleFunc(func(_ context.Context, m ent.Mutation) error { + return Denyf("ent/privacy: operation %s is not allowed", m.Op()) + }) + return OnMutationOperation(rule, op) +} + // The CardQueryRuleFunc type is an adapter to allow the use of ordinary // functions as a query rule. type CardQueryRuleFunc func(context.Context, *ent.CardQuery) error diff --git a/entc/integration/gremlin/ent/privacy/privacy.go b/entc/integration/gremlin/ent/privacy/privacy.go index c08d38585..0b107b30c 100644 --- a/entc/integration/gremlin/ent/privacy/privacy.go +++ b/entc/integration/gremlin/ent/privacy/privacy.go @@ -54,11 +54,11 @@ func DecisionContext(parent context.Context, decision error) context.Context { } func decisionFromContext(ctx context.Context) (error, bool) { - err, ok := ctx.Value(decisionCtxKey{}).(error) - if ok && errors.Is(err, Allow) { - err = nil + decision, ok := ctx.Value(decisionCtxKey{}).(error) + if ok && errors.Is(decision, Allow) { + decision = nil } - return err, ok + return decision, ok } type ( @@ -74,16 +74,16 @@ type ( // EvalQuery evaluates a query against a query policy. func (policy QueryPolicy) EvalQuery(ctx context.Context, q ent.Query) error { - if err, ok := decisionFromContext(ctx); ok { - return err + if decision, ok := decisionFromContext(ctx); ok { + return decision } for _, rule := range policy { - switch err := rule.EvalQuery(ctx, q); { - case err == nil || errors.Is(err, Skip): - case errors.Is(err, Allow): + switch decision := rule.EvalQuery(ctx, q); { + case decision == nil || errors.Is(decision, Skip): + case errors.Is(decision, Allow): return nil default: - return err + return decision } } return nil @@ -111,16 +111,16 @@ type ( // EvalMutation evaluates a mutation against a mutation policy. func (policy MutationPolicy) EvalMutation(ctx context.Context, m ent.Mutation) error { - if err, ok := decisionFromContext(ctx); ok { - return err + if decision, ok := decisionFromContext(ctx); ok { + return decision } for _, rule := range policy { - switch err := rule.EvalMutation(ctx, m); { - case err == nil || errors.Is(err, Skip): - case errors.Is(err, Allow): + switch decision := rule.EvalMutation(ctx, m); { + case decision == nil || errors.Is(decision, Skip): + case errors.Is(decision, Allow): return nil default: - return err + return decision } } return nil @@ -159,29 +159,44 @@ type QueryMutationRule interface { // AlwaysAllowRule returns a rule that returns an allow decision. func AlwaysAllowRule() QueryMutationRule { - return fixedDecisionRule{Allow} + return fixedDecision{Allow} } // AlwaysDenyRule returns a rule that returns a deny decision. func AlwaysDenyRule() QueryMutationRule { - return fixedDecisionRule{Deny} + return fixedDecision{Deny} } -type fixedDecisionRule struct{ err error } +type fixedDecision struct { + decision error +} -func (f fixedDecisionRule) EvalQuery(context.Context, ent.Query) error { return f.err } -func (f fixedDecisionRule) EvalMutation(context.Context, ent.Mutation) error { return f.err } +func (f fixedDecision) EvalQuery(context.Context, ent.Query) error { + return f.decision +} -// DenyMutationOperationRule returns a rule denying specified mutation operation. -func DenyMutationOperationRule(op ent.Op) MutationRule { - return MutationRuleFunc(func(_ context.Context, m ent.Mutation) error { +func (f fixedDecision) EvalMutation(context.Context, ent.Mutation) error { + return f.decision +} + +// OnMutationOperation evaluates the given rule only on a given mutation operation. +func OnMutationOperation(rule MutationRule, op ent.Op) MutationRule { + return MutationRuleFunc(func(ctx context.Context, m ent.Mutation) error { if m.Op().Is(op) { - return Denyf("ent/privacy: operation %s is not allowed", m.Op()) + return rule.EvalMutation(ctx, m) } return Skip }) } +// DenyMutationOperationRule returns a rule denying specified mutation operation. +func DenyMutationOperationRule(op ent.Op) MutationRule { + rule := MutationRuleFunc(func(_ context.Context, m ent.Mutation) error { + return Denyf("ent/privacy: operation %s is not allowed", m.Op()) + }) + return OnMutationOperation(rule, op) +} + // The CardQueryRuleFunc type is an adapter to allow the use of ordinary // functions as a query rule. type CardQueryRuleFunc func(context.Context, *ent.CardQuery) error diff --git a/entc/integration/hooks/ent/privacy/privacy.go b/entc/integration/hooks/ent/privacy/privacy.go index 7d08bc706..94c47ef28 100644 --- a/entc/integration/hooks/ent/privacy/privacy.go +++ b/entc/integration/hooks/ent/privacy/privacy.go @@ -54,11 +54,11 @@ func DecisionContext(parent context.Context, decision error) context.Context { } func decisionFromContext(ctx context.Context) (error, bool) { - err, ok := ctx.Value(decisionCtxKey{}).(error) - if ok && errors.Is(err, Allow) { - err = nil + decision, ok := ctx.Value(decisionCtxKey{}).(error) + if ok && errors.Is(decision, Allow) { + decision = nil } - return err, ok + return decision, ok } type ( @@ -74,16 +74,16 @@ type ( // EvalQuery evaluates a query against a query policy. func (policy QueryPolicy) EvalQuery(ctx context.Context, q ent.Query) error { - if err, ok := decisionFromContext(ctx); ok { - return err + if decision, ok := decisionFromContext(ctx); ok { + return decision } for _, rule := range policy { - switch err := rule.EvalQuery(ctx, q); { - case err == nil || errors.Is(err, Skip): - case errors.Is(err, Allow): + switch decision := rule.EvalQuery(ctx, q); { + case decision == nil || errors.Is(decision, Skip): + case errors.Is(decision, Allow): return nil default: - return err + return decision } } return nil @@ -111,16 +111,16 @@ type ( // EvalMutation evaluates a mutation against a mutation policy. func (policy MutationPolicy) EvalMutation(ctx context.Context, m ent.Mutation) error { - if err, ok := decisionFromContext(ctx); ok { - return err + if decision, ok := decisionFromContext(ctx); ok { + return decision } for _, rule := range policy { - switch err := rule.EvalMutation(ctx, m); { - case err == nil || errors.Is(err, Skip): - case errors.Is(err, Allow): + switch decision := rule.EvalMutation(ctx, m); { + case decision == nil || errors.Is(decision, Skip): + case errors.Is(decision, Allow): return nil default: - return err + return decision } } return nil @@ -159,29 +159,44 @@ type QueryMutationRule interface { // AlwaysAllowRule returns a rule that returns an allow decision. func AlwaysAllowRule() QueryMutationRule { - return fixedDecisionRule{Allow} + return fixedDecision{Allow} } // AlwaysDenyRule returns a rule that returns a deny decision. func AlwaysDenyRule() QueryMutationRule { - return fixedDecisionRule{Deny} + return fixedDecision{Deny} } -type fixedDecisionRule struct{ err error } +type fixedDecision struct { + decision error +} -func (f fixedDecisionRule) EvalQuery(context.Context, ent.Query) error { return f.err } -func (f fixedDecisionRule) EvalMutation(context.Context, ent.Mutation) error { return f.err } +func (f fixedDecision) EvalQuery(context.Context, ent.Query) error { + return f.decision +} -// DenyMutationOperationRule returns a rule denying specified mutation operation. -func DenyMutationOperationRule(op ent.Op) MutationRule { - return MutationRuleFunc(func(_ context.Context, m ent.Mutation) error { +func (f fixedDecision) EvalMutation(context.Context, ent.Mutation) error { + return f.decision +} + +// OnMutationOperation evaluates the given rule only on a given mutation operation. +func OnMutationOperation(rule MutationRule, op ent.Op) MutationRule { + return MutationRuleFunc(func(ctx context.Context, m ent.Mutation) error { if m.Op().Is(op) { - return Denyf("ent/privacy: operation %s is not allowed", m.Op()) + return rule.EvalMutation(ctx, m) } return Skip }) } +// DenyMutationOperationRule returns a rule denying specified mutation operation. +func DenyMutationOperationRule(op ent.Op) MutationRule { + rule := MutationRuleFunc(func(_ context.Context, m ent.Mutation) error { + return Denyf("ent/privacy: operation %s is not allowed", m.Op()) + }) + return OnMutationOperation(rule, op) +} + // The CardQueryRuleFunc type is an adapter to allow the use of ordinary // functions as a query rule. type CardQueryRuleFunc func(context.Context, *ent.CardQuery) error diff --git a/entc/integration/idtype/ent/privacy/privacy.go b/entc/integration/idtype/ent/privacy/privacy.go index 92c9a74b2..3648ce257 100644 --- a/entc/integration/idtype/ent/privacy/privacy.go +++ b/entc/integration/idtype/ent/privacy/privacy.go @@ -54,11 +54,11 @@ func DecisionContext(parent context.Context, decision error) context.Context { } func decisionFromContext(ctx context.Context) (error, bool) { - err, ok := ctx.Value(decisionCtxKey{}).(error) - if ok && errors.Is(err, Allow) { - err = nil + decision, ok := ctx.Value(decisionCtxKey{}).(error) + if ok && errors.Is(decision, Allow) { + decision = nil } - return err, ok + return decision, ok } type ( @@ -74,16 +74,16 @@ type ( // EvalQuery evaluates a query against a query policy. func (policy QueryPolicy) EvalQuery(ctx context.Context, q ent.Query) error { - if err, ok := decisionFromContext(ctx); ok { - return err + if decision, ok := decisionFromContext(ctx); ok { + return decision } for _, rule := range policy { - switch err := rule.EvalQuery(ctx, q); { - case err == nil || errors.Is(err, Skip): - case errors.Is(err, Allow): + switch decision := rule.EvalQuery(ctx, q); { + case decision == nil || errors.Is(decision, Skip): + case errors.Is(decision, Allow): return nil default: - return err + return decision } } return nil @@ -111,16 +111,16 @@ type ( // EvalMutation evaluates a mutation against a mutation policy. func (policy MutationPolicy) EvalMutation(ctx context.Context, m ent.Mutation) error { - if err, ok := decisionFromContext(ctx); ok { - return err + if decision, ok := decisionFromContext(ctx); ok { + return decision } for _, rule := range policy { - switch err := rule.EvalMutation(ctx, m); { - case err == nil || errors.Is(err, Skip): - case errors.Is(err, Allow): + switch decision := rule.EvalMutation(ctx, m); { + case decision == nil || errors.Is(decision, Skip): + case errors.Is(decision, Allow): return nil default: - return err + return decision } } return nil @@ -159,29 +159,44 @@ type QueryMutationRule interface { // AlwaysAllowRule returns a rule that returns an allow decision. func AlwaysAllowRule() QueryMutationRule { - return fixedDecisionRule{Allow} + return fixedDecision{Allow} } // AlwaysDenyRule returns a rule that returns a deny decision. func AlwaysDenyRule() QueryMutationRule { - return fixedDecisionRule{Deny} + return fixedDecision{Deny} } -type fixedDecisionRule struct{ err error } +type fixedDecision struct { + decision error +} -func (f fixedDecisionRule) EvalQuery(context.Context, ent.Query) error { return f.err } -func (f fixedDecisionRule) EvalMutation(context.Context, ent.Mutation) error { return f.err } +func (f fixedDecision) EvalQuery(context.Context, ent.Query) error { + return f.decision +} -// DenyMutationOperationRule returns a rule denying specified mutation operation. -func DenyMutationOperationRule(op ent.Op) MutationRule { - return MutationRuleFunc(func(_ context.Context, m ent.Mutation) error { +func (f fixedDecision) EvalMutation(context.Context, ent.Mutation) error { + return f.decision +} + +// OnMutationOperation evaluates the given rule only on a given mutation operation. +func OnMutationOperation(rule MutationRule, op ent.Op) MutationRule { + return MutationRuleFunc(func(ctx context.Context, m ent.Mutation) error { if m.Op().Is(op) { - return Denyf("ent/privacy: operation %s is not allowed", m.Op()) + return rule.EvalMutation(ctx, m) } return Skip }) } +// DenyMutationOperationRule returns a rule denying specified mutation operation. +func DenyMutationOperationRule(op ent.Op) MutationRule { + rule := MutationRuleFunc(func(_ context.Context, m ent.Mutation) error { + return Denyf("ent/privacy: operation %s is not allowed", m.Op()) + }) + return OnMutationOperation(rule, op) +} + // The UserQueryRuleFunc type is an adapter to allow the use of ordinary // functions as a query rule. type UserQueryRuleFunc func(context.Context, *ent.UserQuery) error diff --git a/entc/integration/json/ent/privacy/privacy.go b/entc/integration/json/ent/privacy/privacy.go index a5cd821c2..3a2e2a1b1 100644 --- a/entc/integration/json/ent/privacy/privacy.go +++ b/entc/integration/json/ent/privacy/privacy.go @@ -54,11 +54,11 @@ func DecisionContext(parent context.Context, decision error) context.Context { } func decisionFromContext(ctx context.Context) (error, bool) { - err, ok := ctx.Value(decisionCtxKey{}).(error) - if ok && errors.Is(err, Allow) { - err = nil + decision, ok := ctx.Value(decisionCtxKey{}).(error) + if ok && errors.Is(decision, Allow) { + decision = nil } - return err, ok + return decision, ok } type ( @@ -74,16 +74,16 @@ type ( // EvalQuery evaluates a query against a query policy. func (policy QueryPolicy) EvalQuery(ctx context.Context, q ent.Query) error { - if err, ok := decisionFromContext(ctx); ok { - return err + if decision, ok := decisionFromContext(ctx); ok { + return decision } for _, rule := range policy { - switch err := rule.EvalQuery(ctx, q); { - case err == nil || errors.Is(err, Skip): - case errors.Is(err, Allow): + switch decision := rule.EvalQuery(ctx, q); { + case decision == nil || errors.Is(decision, Skip): + case errors.Is(decision, Allow): return nil default: - return err + return decision } } return nil @@ -111,16 +111,16 @@ type ( // EvalMutation evaluates a mutation against a mutation policy. func (policy MutationPolicy) EvalMutation(ctx context.Context, m ent.Mutation) error { - if err, ok := decisionFromContext(ctx); ok { - return err + if decision, ok := decisionFromContext(ctx); ok { + return decision } for _, rule := range policy { - switch err := rule.EvalMutation(ctx, m); { - case err == nil || errors.Is(err, Skip): - case errors.Is(err, Allow): + switch decision := rule.EvalMutation(ctx, m); { + case decision == nil || errors.Is(decision, Skip): + case errors.Is(decision, Allow): return nil default: - return err + return decision } } return nil @@ -159,29 +159,44 @@ type QueryMutationRule interface { // AlwaysAllowRule returns a rule that returns an allow decision. func AlwaysAllowRule() QueryMutationRule { - return fixedDecisionRule{Allow} + return fixedDecision{Allow} } // AlwaysDenyRule returns a rule that returns a deny decision. func AlwaysDenyRule() QueryMutationRule { - return fixedDecisionRule{Deny} + return fixedDecision{Deny} } -type fixedDecisionRule struct{ err error } +type fixedDecision struct { + decision error +} -func (f fixedDecisionRule) EvalQuery(context.Context, ent.Query) error { return f.err } -func (f fixedDecisionRule) EvalMutation(context.Context, ent.Mutation) error { return f.err } +func (f fixedDecision) EvalQuery(context.Context, ent.Query) error { + return f.decision +} -// DenyMutationOperationRule returns a rule denying specified mutation operation. -func DenyMutationOperationRule(op ent.Op) MutationRule { - return MutationRuleFunc(func(_ context.Context, m ent.Mutation) error { +func (f fixedDecision) EvalMutation(context.Context, ent.Mutation) error { + return f.decision +} + +// OnMutationOperation evaluates the given rule only on a given mutation operation. +func OnMutationOperation(rule MutationRule, op ent.Op) MutationRule { + return MutationRuleFunc(func(ctx context.Context, m ent.Mutation) error { if m.Op().Is(op) { - return Denyf("ent/privacy: operation %s is not allowed", m.Op()) + return rule.EvalMutation(ctx, m) } return Skip }) } +// DenyMutationOperationRule returns a rule denying specified mutation operation. +func DenyMutationOperationRule(op ent.Op) MutationRule { + rule := MutationRuleFunc(func(_ context.Context, m ent.Mutation) error { + return Denyf("ent/privacy: operation %s is not allowed", m.Op()) + }) + return OnMutationOperation(rule, op) +} + // The UserQueryRuleFunc type is an adapter to allow the use of ordinary // functions as a query rule. type UserQueryRuleFunc func(context.Context, *ent.UserQuery) error diff --git a/entc/integration/migrate/entv1/privacy/privacy.go b/entc/integration/migrate/entv1/privacy/privacy.go index 9613c989c..3ca18673a 100644 --- a/entc/integration/migrate/entv1/privacy/privacy.go +++ b/entc/integration/migrate/entv1/privacy/privacy.go @@ -54,11 +54,11 @@ func DecisionContext(parent context.Context, decision error) context.Context { } func decisionFromContext(ctx context.Context) (error, bool) { - err, ok := ctx.Value(decisionCtxKey{}).(error) - if ok && errors.Is(err, Allow) { - err = nil + decision, ok := ctx.Value(decisionCtxKey{}).(error) + if ok && errors.Is(decision, Allow) { + decision = nil } - return err, ok + return decision, ok } type ( @@ -74,16 +74,16 @@ type ( // EvalQuery evaluates a query against a query policy. func (policy QueryPolicy) EvalQuery(ctx context.Context, q entv1.Query) error { - if err, ok := decisionFromContext(ctx); ok { - return err + if decision, ok := decisionFromContext(ctx); ok { + return decision } for _, rule := range policy { - switch err := rule.EvalQuery(ctx, q); { - case err == nil || errors.Is(err, Skip): - case errors.Is(err, Allow): + switch decision := rule.EvalQuery(ctx, q); { + case decision == nil || errors.Is(decision, Skip): + case errors.Is(decision, Allow): return nil default: - return err + return decision } } return nil @@ -111,16 +111,16 @@ type ( // EvalMutation evaluates a mutation against a mutation policy. func (policy MutationPolicy) EvalMutation(ctx context.Context, m entv1.Mutation) error { - if err, ok := decisionFromContext(ctx); ok { - return err + if decision, ok := decisionFromContext(ctx); ok { + return decision } for _, rule := range policy { - switch err := rule.EvalMutation(ctx, m); { - case err == nil || errors.Is(err, Skip): - case errors.Is(err, Allow): + switch decision := rule.EvalMutation(ctx, m); { + case decision == nil || errors.Is(decision, Skip): + case errors.Is(decision, Allow): return nil default: - return err + return decision } } return nil @@ -159,29 +159,44 @@ type QueryMutationRule interface { // AlwaysAllowRule returns a rule that returns an allow decision. func AlwaysAllowRule() QueryMutationRule { - return fixedDecisionRule{Allow} + return fixedDecision{Allow} } // AlwaysDenyRule returns a rule that returns a deny decision. func AlwaysDenyRule() QueryMutationRule { - return fixedDecisionRule{Deny} + return fixedDecision{Deny} } -type fixedDecisionRule struct{ err error } +type fixedDecision struct { + decision error +} -func (f fixedDecisionRule) EvalQuery(context.Context, entv1.Query) error { return f.err } -func (f fixedDecisionRule) EvalMutation(context.Context, entv1.Mutation) error { return f.err } +func (f fixedDecision) EvalQuery(context.Context, entv1.Query) error { + return f.decision +} -// DenyMutationOperationRule returns a rule denying specified mutation operation. -func DenyMutationOperationRule(op entv1.Op) MutationRule { - return MutationRuleFunc(func(_ context.Context, m entv1.Mutation) error { +func (f fixedDecision) EvalMutation(context.Context, entv1.Mutation) error { + return f.decision +} + +// OnMutationOperation evaluates the given rule only on a given mutation operation. +func OnMutationOperation(rule MutationRule, op entv1.Op) MutationRule { + return MutationRuleFunc(func(ctx context.Context, m entv1.Mutation) error { if m.Op().Is(op) { - return Denyf("ent/privacy: operation %s is not allowed", m.Op()) + return rule.EvalMutation(ctx, m) } return Skip }) } +// DenyMutationOperationRule returns a rule denying specified mutation operation. +func DenyMutationOperationRule(op entv1.Op) MutationRule { + rule := MutationRuleFunc(func(_ context.Context, m entv1.Mutation) error { + return Denyf("ent/privacy: operation %s is not allowed", m.Op()) + }) + return OnMutationOperation(rule, op) +} + // The CarQueryRuleFunc type is an adapter to allow the use of ordinary // functions as a query rule. type CarQueryRuleFunc func(context.Context, *entv1.CarQuery) error diff --git a/entc/integration/migrate/entv2/privacy/privacy.go b/entc/integration/migrate/entv2/privacy/privacy.go index 325b0b2cd..a374537b9 100644 --- a/entc/integration/migrate/entv2/privacy/privacy.go +++ b/entc/integration/migrate/entv2/privacy/privacy.go @@ -54,11 +54,11 @@ func DecisionContext(parent context.Context, decision error) context.Context { } func decisionFromContext(ctx context.Context) (error, bool) { - err, ok := ctx.Value(decisionCtxKey{}).(error) - if ok && errors.Is(err, Allow) { - err = nil + decision, ok := ctx.Value(decisionCtxKey{}).(error) + if ok && errors.Is(decision, Allow) { + decision = nil } - return err, ok + return decision, ok } type ( @@ -74,16 +74,16 @@ type ( // EvalQuery evaluates a query against a query policy. func (policy QueryPolicy) EvalQuery(ctx context.Context, q entv2.Query) error { - if err, ok := decisionFromContext(ctx); ok { - return err + if decision, ok := decisionFromContext(ctx); ok { + return decision } for _, rule := range policy { - switch err := rule.EvalQuery(ctx, q); { - case err == nil || errors.Is(err, Skip): - case errors.Is(err, Allow): + switch decision := rule.EvalQuery(ctx, q); { + case decision == nil || errors.Is(decision, Skip): + case errors.Is(decision, Allow): return nil default: - return err + return decision } } return nil @@ -111,16 +111,16 @@ type ( // EvalMutation evaluates a mutation against a mutation policy. func (policy MutationPolicy) EvalMutation(ctx context.Context, m entv2.Mutation) error { - if err, ok := decisionFromContext(ctx); ok { - return err + if decision, ok := decisionFromContext(ctx); ok { + return decision } for _, rule := range policy { - switch err := rule.EvalMutation(ctx, m); { - case err == nil || errors.Is(err, Skip): - case errors.Is(err, Allow): + switch decision := rule.EvalMutation(ctx, m); { + case decision == nil || errors.Is(decision, Skip): + case errors.Is(decision, Allow): return nil default: - return err + return decision } } return nil @@ -159,29 +159,44 @@ type QueryMutationRule interface { // AlwaysAllowRule returns a rule that returns an allow decision. func AlwaysAllowRule() QueryMutationRule { - return fixedDecisionRule{Allow} + return fixedDecision{Allow} } // AlwaysDenyRule returns a rule that returns a deny decision. func AlwaysDenyRule() QueryMutationRule { - return fixedDecisionRule{Deny} + return fixedDecision{Deny} } -type fixedDecisionRule struct{ err error } +type fixedDecision struct { + decision error +} -func (f fixedDecisionRule) EvalQuery(context.Context, entv2.Query) error { return f.err } -func (f fixedDecisionRule) EvalMutation(context.Context, entv2.Mutation) error { return f.err } +func (f fixedDecision) EvalQuery(context.Context, entv2.Query) error { + return f.decision +} -// DenyMutationOperationRule returns a rule denying specified mutation operation. -func DenyMutationOperationRule(op entv2.Op) MutationRule { - return MutationRuleFunc(func(_ context.Context, m entv2.Mutation) error { +func (f fixedDecision) EvalMutation(context.Context, entv2.Mutation) error { + return f.decision +} + +// OnMutationOperation evaluates the given rule only on a given mutation operation. +func OnMutationOperation(rule MutationRule, op entv2.Op) MutationRule { + return MutationRuleFunc(func(ctx context.Context, m entv2.Mutation) error { if m.Op().Is(op) { - return Denyf("ent/privacy: operation %s is not allowed", m.Op()) + return rule.EvalMutation(ctx, m) } return Skip }) } +// DenyMutationOperationRule returns a rule denying specified mutation operation. +func DenyMutationOperationRule(op entv2.Op) MutationRule { + rule := MutationRuleFunc(func(_ context.Context, m entv2.Mutation) error { + return Denyf("ent/privacy: operation %s is not allowed", m.Op()) + }) + return OnMutationOperation(rule, op) +} + // The CarQueryRuleFunc type is an adapter to allow the use of ordinary // functions as a query rule. type CarQueryRuleFunc func(context.Context, *entv2.CarQuery) error diff --git a/entc/integration/privacy/ent/privacy/privacy.go b/entc/integration/privacy/ent/privacy/privacy.go index ee7687846..c5dc5a7d1 100644 --- a/entc/integration/privacy/ent/privacy/privacy.go +++ b/entc/integration/privacy/ent/privacy/privacy.go @@ -54,11 +54,11 @@ func DecisionContext(parent context.Context, decision error) context.Context { } func decisionFromContext(ctx context.Context) (error, bool) { - err, ok := ctx.Value(decisionCtxKey{}).(error) - if ok && errors.Is(err, Allow) { - err = nil + decision, ok := ctx.Value(decisionCtxKey{}).(error) + if ok && errors.Is(decision, Allow) { + decision = nil } - return err, ok + return decision, ok } type ( @@ -74,16 +74,16 @@ type ( // EvalQuery evaluates a query against a query policy. func (policy QueryPolicy) EvalQuery(ctx context.Context, q ent.Query) error { - if err, ok := decisionFromContext(ctx); ok { - return err + if decision, ok := decisionFromContext(ctx); ok { + return decision } for _, rule := range policy { - switch err := rule.EvalQuery(ctx, q); { - case err == nil || errors.Is(err, Skip): - case errors.Is(err, Allow): + switch decision := rule.EvalQuery(ctx, q); { + case decision == nil || errors.Is(decision, Skip): + case errors.Is(decision, Allow): return nil default: - return err + return decision } } return nil @@ -111,16 +111,16 @@ type ( // EvalMutation evaluates a mutation against a mutation policy. func (policy MutationPolicy) EvalMutation(ctx context.Context, m ent.Mutation) error { - if err, ok := decisionFromContext(ctx); ok { - return err + if decision, ok := decisionFromContext(ctx); ok { + return decision } for _, rule := range policy { - switch err := rule.EvalMutation(ctx, m); { - case err == nil || errors.Is(err, Skip): - case errors.Is(err, Allow): + switch decision := rule.EvalMutation(ctx, m); { + case decision == nil || errors.Is(decision, Skip): + case errors.Is(decision, Allow): return nil default: - return err + return decision } } return nil @@ -159,29 +159,44 @@ type QueryMutationRule interface { // AlwaysAllowRule returns a rule that returns an allow decision. func AlwaysAllowRule() QueryMutationRule { - return fixedDecisionRule{Allow} + return fixedDecision{Allow} } // AlwaysDenyRule returns a rule that returns a deny decision. func AlwaysDenyRule() QueryMutationRule { - return fixedDecisionRule{Deny} + return fixedDecision{Deny} } -type fixedDecisionRule struct{ err error } +type fixedDecision struct { + decision error +} -func (f fixedDecisionRule) EvalQuery(context.Context, ent.Query) error { return f.err } -func (f fixedDecisionRule) EvalMutation(context.Context, ent.Mutation) error { return f.err } +func (f fixedDecision) EvalQuery(context.Context, ent.Query) error { + return f.decision +} -// DenyMutationOperationRule returns a rule denying specified mutation operation. -func DenyMutationOperationRule(op ent.Op) MutationRule { - return MutationRuleFunc(func(_ context.Context, m ent.Mutation) error { +func (f fixedDecision) EvalMutation(context.Context, ent.Mutation) error { + return f.decision +} + +// OnMutationOperation evaluates the given rule only on a given mutation operation. +func OnMutationOperation(rule MutationRule, op ent.Op) MutationRule { + return MutationRuleFunc(func(ctx context.Context, m ent.Mutation) error { if m.Op().Is(op) { - return Denyf("ent/privacy: operation %s is not allowed", m.Op()) + return rule.EvalMutation(ctx, m) } return Skip }) } +// DenyMutationOperationRule returns a rule denying specified mutation operation. +func DenyMutationOperationRule(op ent.Op) MutationRule { + rule := MutationRuleFunc(func(_ context.Context, m ent.Mutation) error { + return Denyf("ent/privacy: operation %s is not allowed", m.Op()) + }) + return OnMutationOperation(rule, op) +} + // The GalaxyQueryRuleFunc type is an adapter to allow the use of ordinary // functions as a query rule. type GalaxyQueryRuleFunc func(context.Context, *ent.GalaxyQuery) error diff --git a/entc/integration/template/ent/privacy/privacy.go b/entc/integration/template/ent/privacy/privacy.go index 37c95f8b5..6c708e74d 100644 --- a/entc/integration/template/ent/privacy/privacy.go +++ b/entc/integration/template/ent/privacy/privacy.go @@ -54,11 +54,11 @@ func DecisionContext(parent context.Context, decision error) context.Context { } func decisionFromContext(ctx context.Context) (error, bool) { - err, ok := ctx.Value(decisionCtxKey{}).(error) - if ok && errors.Is(err, Allow) { - err = nil + decision, ok := ctx.Value(decisionCtxKey{}).(error) + if ok && errors.Is(decision, Allow) { + decision = nil } - return err, ok + return decision, ok } type ( @@ -74,16 +74,16 @@ type ( // EvalQuery evaluates a query against a query policy. func (policy QueryPolicy) EvalQuery(ctx context.Context, q ent.Query) error { - if err, ok := decisionFromContext(ctx); ok { - return err + if decision, ok := decisionFromContext(ctx); ok { + return decision } for _, rule := range policy { - switch err := rule.EvalQuery(ctx, q); { - case err == nil || errors.Is(err, Skip): - case errors.Is(err, Allow): + switch decision := rule.EvalQuery(ctx, q); { + case decision == nil || errors.Is(decision, Skip): + case errors.Is(decision, Allow): return nil default: - return err + return decision } } return nil @@ -111,16 +111,16 @@ type ( // EvalMutation evaluates a mutation against a mutation policy. func (policy MutationPolicy) EvalMutation(ctx context.Context, m ent.Mutation) error { - if err, ok := decisionFromContext(ctx); ok { - return err + if decision, ok := decisionFromContext(ctx); ok { + return decision } for _, rule := range policy { - switch err := rule.EvalMutation(ctx, m); { - case err == nil || errors.Is(err, Skip): - case errors.Is(err, Allow): + switch decision := rule.EvalMutation(ctx, m); { + case decision == nil || errors.Is(decision, Skip): + case errors.Is(decision, Allow): return nil default: - return err + return decision } } return nil @@ -159,29 +159,44 @@ type QueryMutationRule interface { // AlwaysAllowRule returns a rule that returns an allow decision. func AlwaysAllowRule() QueryMutationRule { - return fixedDecisionRule{Allow} + return fixedDecision{Allow} } // AlwaysDenyRule returns a rule that returns a deny decision. func AlwaysDenyRule() QueryMutationRule { - return fixedDecisionRule{Deny} + return fixedDecision{Deny} } -type fixedDecisionRule struct{ err error } +type fixedDecision struct { + decision error +} -func (f fixedDecisionRule) EvalQuery(context.Context, ent.Query) error { return f.err } -func (f fixedDecisionRule) EvalMutation(context.Context, ent.Mutation) error { return f.err } +func (f fixedDecision) EvalQuery(context.Context, ent.Query) error { + return f.decision +} -// DenyMutationOperationRule returns a rule denying specified mutation operation. -func DenyMutationOperationRule(op ent.Op) MutationRule { - return MutationRuleFunc(func(_ context.Context, m ent.Mutation) error { +func (f fixedDecision) EvalMutation(context.Context, ent.Mutation) error { + return f.decision +} + +// OnMutationOperation evaluates the given rule only on a given mutation operation. +func OnMutationOperation(rule MutationRule, op ent.Op) MutationRule { + return MutationRuleFunc(func(ctx context.Context, m ent.Mutation) error { if m.Op().Is(op) { - return Denyf("ent/privacy: operation %s is not allowed", m.Op()) + return rule.EvalMutation(ctx, m) } return Skip }) } +// DenyMutationOperationRule returns a rule denying specified mutation operation. +func DenyMutationOperationRule(op ent.Op) MutationRule { + rule := MutationRuleFunc(func(_ context.Context, m ent.Mutation) error { + return Denyf("ent/privacy: operation %s is not allowed", m.Op()) + }) + return OnMutationOperation(rule, op) +} + // The GroupQueryRuleFunc type is an adapter to allow the use of ordinary // functions as a query rule. type GroupQueryRuleFunc func(context.Context, *ent.GroupQuery) error diff --git a/examples/edgeindex/ent/privacy/privacy.go b/examples/edgeindex/ent/privacy/privacy.go index 423c06c46..08d116fc0 100644 --- a/examples/edgeindex/ent/privacy/privacy.go +++ b/examples/edgeindex/ent/privacy/privacy.go @@ -54,11 +54,11 @@ func DecisionContext(parent context.Context, decision error) context.Context { } func decisionFromContext(ctx context.Context) (error, bool) { - err, ok := ctx.Value(decisionCtxKey{}).(error) - if ok && errors.Is(err, Allow) { - err = nil + decision, ok := ctx.Value(decisionCtxKey{}).(error) + if ok && errors.Is(decision, Allow) { + decision = nil } - return err, ok + return decision, ok } type ( @@ -74,16 +74,16 @@ type ( // EvalQuery evaluates a query against a query policy. func (policy QueryPolicy) EvalQuery(ctx context.Context, q ent.Query) error { - if err, ok := decisionFromContext(ctx); ok { - return err + if decision, ok := decisionFromContext(ctx); ok { + return decision } for _, rule := range policy { - switch err := rule.EvalQuery(ctx, q); { - case err == nil || errors.Is(err, Skip): - case errors.Is(err, Allow): + switch decision := rule.EvalQuery(ctx, q); { + case decision == nil || errors.Is(decision, Skip): + case errors.Is(decision, Allow): return nil default: - return err + return decision } } return nil @@ -111,16 +111,16 @@ type ( // EvalMutation evaluates a mutation against a mutation policy. func (policy MutationPolicy) EvalMutation(ctx context.Context, m ent.Mutation) error { - if err, ok := decisionFromContext(ctx); ok { - return err + if decision, ok := decisionFromContext(ctx); ok { + return decision } for _, rule := range policy { - switch err := rule.EvalMutation(ctx, m); { - case err == nil || errors.Is(err, Skip): - case errors.Is(err, Allow): + switch decision := rule.EvalMutation(ctx, m); { + case decision == nil || errors.Is(decision, Skip): + case errors.Is(decision, Allow): return nil default: - return err + return decision } } return nil @@ -159,29 +159,44 @@ type QueryMutationRule interface { // AlwaysAllowRule returns a rule that returns an allow decision. func AlwaysAllowRule() QueryMutationRule { - return fixedDecisionRule{Allow} + return fixedDecision{Allow} } // AlwaysDenyRule returns a rule that returns a deny decision. func AlwaysDenyRule() QueryMutationRule { - return fixedDecisionRule{Deny} + return fixedDecision{Deny} } -type fixedDecisionRule struct{ err error } +type fixedDecision struct { + decision error +} -func (f fixedDecisionRule) EvalQuery(context.Context, ent.Query) error { return f.err } -func (f fixedDecisionRule) EvalMutation(context.Context, ent.Mutation) error { return f.err } +func (f fixedDecision) EvalQuery(context.Context, ent.Query) error { + return f.decision +} -// DenyMutationOperationRule returns a rule denying specified mutation operation. -func DenyMutationOperationRule(op ent.Op) MutationRule { - return MutationRuleFunc(func(_ context.Context, m ent.Mutation) error { +func (f fixedDecision) EvalMutation(context.Context, ent.Mutation) error { + return f.decision +} + +// OnMutationOperation evaluates the given rule only on a given mutation operation. +func OnMutationOperation(rule MutationRule, op ent.Op) MutationRule { + return MutationRuleFunc(func(ctx context.Context, m ent.Mutation) error { if m.Op().Is(op) { - return Denyf("ent/privacy: operation %s is not allowed", m.Op()) + return rule.EvalMutation(ctx, m) } return Skip }) } +// DenyMutationOperationRule returns a rule denying specified mutation operation. +func DenyMutationOperationRule(op ent.Op) MutationRule { + rule := MutationRuleFunc(func(_ context.Context, m ent.Mutation) error { + return Denyf("ent/privacy: operation %s is not allowed", m.Op()) + }) + return OnMutationOperation(rule, op) +} + // The CityQueryRuleFunc type is an adapter to allow the use of ordinary // functions as a query rule. type CityQueryRuleFunc func(context.Context, *ent.CityQuery) error diff --git a/examples/entcpkg/ent/privacy/privacy.go b/examples/entcpkg/ent/privacy/privacy.go index 099a4b175..f2e5b6582 100644 --- a/examples/entcpkg/ent/privacy/privacy.go +++ b/examples/entcpkg/ent/privacy/privacy.go @@ -54,11 +54,11 @@ func DecisionContext(parent context.Context, decision error) context.Context { } func decisionFromContext(ctx context.Context) (error, bool) { - err, ok := ctx.Value(decisionCtxKey{}).(error) - if ok && errors.Is(err, Allow) { - err = nil + decision, ok := ctx.Value(decisionCtxKey{}).(error) + if ok && errors.Is(decision, Allow) { + decision = nil } - return err, ok + return decision, ok } type ( @@ -74,16 +74,16 @@ type ( // EvalQuery evaluates a query against a query policy. func (policy QueryPolicy) EvalQuery(ctx context.Context, q ent.Query) error { - if err, ok := decisionFromContext(ctx); ok { - return err + if decision, ok := decisionFromContext(ctx); ok { + return decision } for _, rule := range policy { - switch err := rule.EvalQuery(ctx, q); { - case err == nil || errors.Is(err, Skip): - case errors.Is(err, Allow): + switch decision := rule.EvalQuery(ctx, q); { + case decision == nil || errors.Is(decision, Skip): + case errors.Is(decision, Allow): return nil default: - return err + return decision } } return nil @@ -111,16 +111,16 @@ type ( // EvalMutation evaluates a mutation against a mutation policy. func (policy MutationPolicy) EvalMutation(ctx context.Context, m ent.Mutation) error { - if err, ok := decisionFromContext(ctx); ok { - return err + if decision, ok := decisionFromContext(ctx); ok { + return decision } for _, rule := range policy { - switch err := rule.EvalMutation(ctx, m); { - case err == nil || errors.Is(err, Skip): - case errors.Is(err, Allow): + switch decision := rule.EvalMutation(ctx, m); { + case decision == nil || errors.Is(decision, Skip): + case errors.Is(decision, Allow): return nil default: - return err + return decision } } return nil @@ -159,29 +159,44 @@ type QueryMutationRule interface { // AlwaysAllowRule returns a rule that returns an allow decision. func AlwaysAllowRule() QueryMutationRule { - return fixedDecisionRule{Allow} + return fixedDecision{Allow} } // AlwaysDenyRule returns a rule that returns a deny decision. func AlwaysDenyRule() QueryMutationRule { - return fixedDecisionRule{Deny} + return fixedDecision{Deny} } -type fixedDecisionRule struct{ err error } +type fixedDecision struct { + decision error +} -func (f fixedDecisionRule) EvalQuery(context.Context, ent.Query) error { return f.err } -func (f fixedDecisionRule) EvalMutation(context.Context, ent.Mutation) error { return f.err } +func (f fixedDecision) EvalQuery(context.Context, ent.Query) error { + return f.decision +} -// DenyMutationOperationRule returns a rule denying specified mutation operation. -func DenyMutationOperationRule(op ent.Op) MutationRule { - return MutationRuleFunc(func(_ context.Context, m ent.Mutation) error { +func (f fixedDecision) EvalMutation(context.Context, ent.Mutation) error { + return f.decision +} + +// OnMutationOperation evaluates the given rule only on a given mutation operation. +func OnMutationOperation(rule MutationRule, op ent.Op) MutationRule { + return MutationRuleFunc(func(ctx context.Context, m ent.Mutation) error { if m.Op().Is(op) { - return Denyf("ent/privacy: operation %s is not allowed", m.Op()) + return rule.EvalMutation(ctx, m) } return Skip }) } +// DenyMutationOperationRule returns a rule denying specified mutation operation. +func DenyMutationOperationRule(op ent.Op) MutationRule { + rule := MutationRuleFunc(func(_ context.Context, m ent.Mutation) error { + return Denyf("ent/privacy: operation %s is not allowed", m.Op()) + }) + return OnMutationOperation(rule, op) +} + // The UserQueryRuleFunc type is an adapter to allow the use of ordinary // functions as a query rule. type UserQueryRuleFunc func(context.Context, *ent.UserQuery) error diff --git a/examples/m2m2types/ent/privacy/privacy.go b/examples/m2m2types/ent/privacy/privacy.go index 5cfc4ef7e..f95f7f80f 100644 --- a/examples/m2m2types/ent/privacy/privacy.go +++ b/examples/m2m2types/ent/privacy/privacy.go @@ -54,11 +54,11 @@ func DecisionContext(parent context.Context, decision error) context.Context { } func decisionFromContext(ctx context.Context) (error, bool) { - err, ok := ctx.Value(decisionCtxKey{}).(error) - if ok && errors.Is(err, Allow) { - err = nil + decision, ok := ctx.Value(decisionCtxKey{}).(error) + if ok && errors.Is(decision, Allow) { + decision = nil } - return err, ok + return decision, ok } type ( @@ -74,16 +74,16 @@ type ( // EvalQuery evaluates a query against a query policy. func (policy QueryPolicy) EvalQuery(ctx context.Context, q ent.Query) error { - if err, ok := decisionFromContext(ctx); ok { - return err + if decision, ok := decisionFromContext(ctx); ok { + return decision } for _, rule := range policy { - switch err := rule.EvalQuery(ctx, q); { - case err == nil || errors.Is(err, Skip): - case errors.Is(err, Allow): + switch decision := rule.EvalQuery(ctx, q); { + case decision == nil || errors.Is(decision, Skip): + case errors.Is(decision, Allow): return nil default: - return err + return decision } } return nil @@ -111,16 +111,16 @@ type ( // EvalMutation evaluates a mutation against a mutation policy. func (policy MutationPolicy) EvalMutation(ctx context.Context, m ent.Mutation) error { - if err, ok := decisionFromContext(ctx); ok { - return err + if decision, ok := decisionFromContext(ctx); ok { + return decision } for _, rule := range policy { - switch err := rule.EvalMutation(ctx, m); { - case err == nil || errors.Is(err, Skip): - case errors.Is(err, Allow): + switch decision := rule.EvalMutation(ctx, m); { + case decision == nil || errors.Is(decision, Skip): + case errors.Is(decision, Allow): return nil default: - return err + return decision } } return nil @@ -159,29 +159,44 @@ type QueryMutationRule interface { // AlwaysAllowRule returns a rule that returns an allow decision. func AlwaysAllowRule() QueryMutationRule { - return fixedDecisionRule{Allow} + return fixedDecision{Allow} } // AlwaysDenyRule returns a rule that returns a deny decision. func AlwaysDenyRule() QueryMutationRule { - return fixedDecisionRule{Deny} + return fixedDecision{Deny} } -type fixedDecisionRule struct{ err error } +type fixedDecision struct { + decision error +} -func (f fixedDecisionRule) EvalQuery(context.Context, ent.Query) error { return f.err } -func (f fixedDecisionRule) EvalMutation(context.Context, ent.Mutation) error { return f.err } +func (f fixedDecision) EvalQuery(context.Context, ent.Query) error { + return f.decision +} -// DenyMutationOperationRule returns a rule denying specified mutation operation. -func DenyMutationOperationRule(op ent.Op) MutationRule { - return MutationRuleFunc(func(_ context.Context, m ent.Mutation) error { +func (f fixedDecision) EvalMutation(context.Context, ent.Mutation) error { + return f.decision +} + +// OnMutationOperation evaluates the given rule only on a given mutation operation. +func OnMutationOperation(rule MutationRule, op ent.Op) MutationRule { + return MutationRuleFunc(func(ctx context.Context, m ent.Mutation) error { if m.Op().Is(op) { - return Denyf("ent/privacy: operation %s is not allowed", m.Op()) + return rule.EvalMutation(ctx, m) } return Skip }) } +// DenyMutationOperationRule returns a rule denying specified mutation operation. +func DenyMutationOperationRule(op ent.Op) MutationRule { + rule := MutationRuleFunc(func(_ context.Context, m ent.Mutation) error { + return Denyf("ent/privacy: operation %s is not allowed", m.Op()) + }) + return OnMutationOperation(rule, op) +} + // The GroupQueryRuleFunc type is an adapter to allow the use of ordinary // functions as a query rule. type GroupQueryRuleFunc func(context.Context, *ent.GroupQuery) error diff --git a/examples/m2mbidi/ent/privacy/privacy.go b/examples/m2mbidi/ent/privacy/privacy.go index 6bd2252a7..631dee999 100644 --- a/examples/m2mbidi/ent/privacy/privacy.go +++ b/examples/m2mbidi/ent/privacy/privacy.go @@ -54,11 +54,11 @@ func DecisionContext(parent context.Context, decision error) context.Context { } func decisionFromContext(ctx context.Context) (error, bool) { - err, ok := ctx.Value(decisionCtxKey{}).(error) - if ok && errors.Is(err, Allow) { - err = nil + decision, ok := ctx.Value(decisionCtxKey{}).(error) + if ok && errors.Is(decision, Allow) { + decision = nil } - return err, ok + return decision, ok } type ( @@ -74,16 +74,16 @@ type ( // EvalQuery evaluates a query against a query policy. func (policy QueryPolicy) EvalQuery(ctx context.Context, q ent.Query) error { - if err, ok := decisionFromContext(ctx); ok { - return err + if decision, ok := decisionFromContext(ctx); ok { + return decision } for _, rule := range policy { - switch err := rule.EvalQuery(ctx, q); { - case err == nil || errors.Is(err, Skip): - case errors.Is(err, Allow): + switch decision := rule.EvalQuery(ctx, q); { + case decision == nil || errors.Is(decision, Skip): + case errors.Is(decision, Allow): return nil default: - return err + return decision } } return nil @@ -111,16 +111,16 @@ type ( // EvalMutation evaluates a mutation against a mutation policy. func (policy MutationPolicy) EvalMutation(ctx context.Context, m ent.Mutation) error { - if err, ok := decisionFromContext(ctx); ok { - return err + if decision, ok := decisionFromContext(ctx); ok { + return decision } for _, rule := range policy { - switch err := rule.EvalMutation(ctx, m); { - case err == nil || errors.Is(err, Skip): - case errors.Is(err, Allow): + switch decision := rule.EvalMutation(ctx, m); { + case decision == nil || errors.Is(decision, Skip): + case errors.Is(decision, Allow): return nil default: - return err + return decision } } return nil @@ -159,29 +159,44 @@ type QueryMutationRule interface { // AlwaysAllowRule returns a rule that returns an allow decision. func AlwaysAllowRule() QueryMutationRule { - return fixedDecisionRule{Allow} + return fixedDecision{Allow} } // AlwaysDenyRule returns a rule that returns a deny decision. func AlwaysDenyRule() QueryMutationRule { - return fixedDecisionRule{Deny} + return fixedDecision{Deny} } -type fixedDecisionRule struct{ err error } +type fixedDecision struct { + decision error +} -func (f fixedDecisionRule) EvalQuery(context.Context, ent.Query) error { return f.err } -func (f fixedDecisionRule) EvalMutation(context.Context, ent.Mutation) error { return f.err } +func (f fixedDecision) EvalQuery(context.Context, ent.Query) error { + return f.decision +} -// DenyMutationOperationRule returns a rule denying specified mutation operation. -func DenyMutationOperationRule(op ent.Op) MutationRule { - return MutationRuleFunc(func(_ context.Context, m ent.Mutation) error { +func (f fixedDecision) EvalMutation(context.Context, ent.Mutation) error { + return f.decision +} + +// OnMutationOperation evaluates the given rule only on a given mutation operation. +func OnMutationOperation(rule MutationRule, op ent.Op) MutationRule { + return MutationRuleFunc(func(ctx context.Context, m ent.Mutation) error { if m.Op().Is(op) { - return Denyf("ent/privacy: operation %s is not allowed", m.Op()) + return rule.EvalMutation(ctx, m) } return Skip }) } +// DenyMutationOperationRule returns a rule denying specified mutation operation. +func DenyMutationOperationRule(op ent.Op) MutationRule { + rule := MutationRuleFunc(func(_ context.Context, m ent.Mutation) error { + return Denyf("ent/privacy: operation %s is not allowed", m.Op()) + }) + return OnMutationOperation(rule, op) +} + // The UserQueryRuleFunc type is an adapter to allow the use of ordinary // functions as a query rule. type UserQueryRuleFunc func(context.Context, *ent.UserQuery) error diff --git a/examples/m2mrecur/ent/privacy/privacy.go b/examples/m2mrecur/ent/privacy/privacy.go index 719975e81..30b05e680 100644 --- a/examples/m2mrecur/ent/privacy/privacy.go +++ b/examples/m2mrecur/ent/privacy/privacy.go @@ -54,11 +54,11 @@ func DecisionContext(parent context.Context, decision error) context.Context { } func decisionFromContext(ctx context.Context) (error, bool) { - err, ok := ctx.Value(decisionCtxKey{}).(error) - if ok && errors.Is(err, Allow) { - err = nil + decision, ok := ctx.Value(decisionCtxKey{}).(error) + if ok && errors.Is(decision, Allow) { + decision = nil } - return err, ok + return decision, ok } type ( @@ -74,16 +74,16 @@ type ( // EvalQuery evaluates a query against a query policy. func (policy QueryPolicy) EvalQuery(ctx context.Context, q ent.Query) error { - if err, ok := decisionFromContext(ctx); ok { - return err + if decision, ok := decisionFromContext(ctx); ok { + return decision } for _, rule := range policy { - switch err := rule.EvalQuery(ctx, q); { - case err == nil || errors.Is(err, Skip): - case errors.Is(err, Allow): + switch decision := rule.EvalQuery(ctx, q); { + case decision == nil || errors.Is(decision, Skip): + case errors.Is(decision, Allow): return nil default: - return err + return decision } } return nil @@ -111,16 +111,16 @@ type ( // EvalMutation evaluates a mutation against a mutation policy. func (policy MutationPolicy) EvalMutation(ctx context.Context, m ent.Mutation) error { - if err, ok := decisionFromContext(ctx); ok { - return err + if decision, ok := decisionFromContext(ctx); ok { + return decision } for _, rule := range policy { - switch err := rule.EvalMutation(ctx, m); { - case err == nil || errors.Is(err, Skip): - case errors.Is(err, Allow): + switch decision := rule.EvalMutation(ctx, m); { + case decision == nil || errors.Is(decision, Skip): + case errors.Is(decision, Allow): return nil default: - return err + return decision } } return nil @@ -159,29 +159,44 @@ type QueryMutationRule interface { // AlwaysAllowRule returns a rule that returns an allow decision. func AlwaysAllowRule() QueryMutationRule { - return fixedDecisionRule{Allow} + return fixedDecision{Allow} } // AlwaysDenyRule returns a rule that returns a deny decision. func AlwaysDenyRule() QueryMutationRule { - return fixedDecisionRule{Deny} + return fixedDecision{Deny} } -type fixedDecisionRule struct{ err error } +type fixedDecision struct { + decision error +} -func (f fixedDecisionRule) EvalQuery(context.Context, ent.Query) error { return f.err } -func (f fixedDecisionRule) EvalMutation(context.Context, ent.Mutation) error { return f.err } +func (f fixedDecision) EvalQuery(context.Context, ent.Query) error { + return f.decision +} -// DenyMutationOperationRule returns a rule denying specified mutation operation. -func DenyMutationOperationRule(op ent.Op) MutationRule { - return MutationRuleFunc(func(_ context.Context, m ent.Mutation) error { +func (f fixedDecision) EvalMutation(context.Context, ent.Mutation) error { + return f.decision +} + +// OnMutationOperation evaluates the given rule only on a given mutation operation. +func OnMutationOperation(rule MutationRule, op ent.Op) MutationRule { + return MutationRuleFunc(func(ctx context.Context, m ent.Mutation) error { if m.Op().Is(op) { - return Denyf("ent/privacy: operation %s is not allowed", m.Op()) + return rule.EvalMutation(ctx, m) } return Skip }) } +// DenyMutationOperationRule returns a rule denying specified mutation operation. +func DenyMutationOperationRule(op ent.Op) MutationRule { + rule := MutationRuleFunc(func(_ context.Context, m ent.Mutation) error { + return Denyf("ent/privacy: operation %s is not allowed", m.Op()) + }) + return OnMutationOperation(rule, op) +} + // The UserQueryRuleFunc type is an adapter to allow the use of ordinary // functions as a query rule. type UserQueryRuleFunc func(context.Context, *ent.UserQuery) error diff --git a/examples/o2m2types/ent/privacy/privacy.go b/examples/o2m2types/ent/privacy/privacy.go index 1e01229d1..3a5520b14 100644 --- a/examples/o2m2types/ent/privacy/privacy.go +++ b/examples/o2m2types/ent/privacy/privacy.go @@ -54,11 +54,11 @@ func DecisionContext(parent context.Context, decision error) context.Context { } func decisionFromContext(ctx context.Context) (error, bool) { - err, ok := ctx.Value(decisionCtxKey{}).(error) - if ok && errors.Is(err, Allow) { - err = nil + decision, ok := ctx.Value(decisionCtxKey{}).(error) + if ok && errors.Is(decision, Allow) { + decision = nil } - return err, ok + return decision, ok } type ( @@ -74,16 +74,16 @@ type ( // EvalQuery evaluates a query against a query policy. func (policy QueryPolicy) EvalQuery(ctx context.Context, q ent.Query) error { - if err, ok := decisionFromContext(ctx); ok { - return err + if decision, ok := decisionFromContext(ctx); ok { + return decision } for _, rule := range policy { - switch err := rule.EvalQuery(ctx, q); { - case err == nil || errors.Is(err, Skip): - case errors.Is(err, Allow): + switch decision := rule.EvalQuery(ctx, q); { + case decision == nil || errors.Is(decision, Skip): + case errors.Is(decision, Allow): return nil default: - return err + return decision } } return nil @@ -111,16 +111,16 @@ type ( // EvalMutation evaluates a mutation against a mutation policy. func (policy MutationPolicy) EvalMutation(ctx context.Context, m ent.Mutation) error { - if err, ok := decisionFromContext(ctx); ok { - return err + if decision, ok := decisionFromContext(ctx); ok { + return decision } for _, rule := range policy { - switch err := rule.EvalMutation(ctx, m); { - case err == nil || errors.Is(err, Skip): - case errors.Is(err, Allow): + switch decision := rule.EvalMutation(ctx, m); { + case decision == nil || errors.Is(decision, Skip): + case errors.Is(decision, Allow): return nil default: - return err + return decision } } return nil @@ -159,29 +159,44 @@ type QueryMutationRule interface { // AlwaysAllowRule returns a rule that returns an allow decision. func AlwaysAllowRule() QueryMutationRule { - return fixedDecisionRule{Allow} + return fixedDecision{Allow} } // AlwaysDenyRule returns a rule that returns a deny decision. func AlwaysDenyRule() QueryMutationRule { - return fixedDecisionRule{Deny} + return fixedDecision{Deny} } -type fixedDecisionRule struct{ err error } +type fixedDecision struct { + decision error +} -func (f fixedDecisionRule) EvalQuery(context.Context, ent.Query) error { return f.err } -func (f fixedDecisionRule) EvalMutation(context.Context, ent.Mutation) error { return f.err } +func (f fixedDecision) EvalQuery(context.Context, ent.Query) error { + return f.decision +} -// DenyMutationOperationRule returns a rule denying specified mutation operation. -func DenyMutationOperationRule(op ent.Op) MutationRule { - return MutationRuleFunc(func(_ context.Context, m ent.Mutation) error { +func (f fixedDecision) EvalMutation(context.Context, ent.Mutation) error { + return f.decision +} + +// OnMutationOperation evaluates the given rule only on a given mutation operation. +func OnMutationOperation(rule MutationRule, op ent.Op) MutationRule { + return MutationRuleFunc(func(ctx context.Context, m ent.Mutation) error { if m.Op().Is(op) { - return Denyf("ent/privacy: operation %s is not allowed", m.Op()) + return rule.EvalMutation(ctx, m) } return Skip }) } +// DenyMutationOperationRule returns a rule denying specified mutation operation. +func DenyMutationOperationRule(op ent.Op) MutationRule { + rule := MutationRuleFunc(func(_ context.Context, m ent.Mutation) error { + return Denyf("ent/privacy: operation %s is not allowed", m.Op()) + }) + return OnMutationOperation(rule, op) +} + // The PetQueryRuleFunc type is an adapter to allow the use of ordinary // functions as a query rule. type PetQueryRuleFunc func(context.Context, *ent.PetQuery) error diff --git a/examples/o2mrecur/ent/privacy/privacy.go b/examples/o2mrecur/ent/privacy/privacy.go index 6cf873a9f..1752bcfa1 100644 --- a/examples/o2mrecur/ent/privacy/privacy.go +++ b/examples/o2mrecur/ent/privacy/privacy.go @@ -54,11 +54,11 @@ func DecisionContext(parent context.Context, decision error) context.Context { } func decisionFromContext(ctx context.Context) (error, bool) { - err, ok := ctx.Value(decisionCtxKey{}).(error) - if ok && errors.Is(err, Allow) { - err = nil + decision, ok := ctx.Value(decisionCtxKey{}).(error) + if ok && errors.Is(decision, Allow) { + decision = nil } - return err, ok + return decision, ok } type ( @@ -74,16 +74,16 @@ type ( // EvalQuery evaluates a query against a query policy. func (policy QueryPolicy) EvalQuery(ctx context.Context, q ent.Query) error { - if err, ok := decisionFromContext(ctx); ok { - return err + if decision, ok := decisionFromContext(ctx); ok { + return decision } for _, rule := range policy { - switch err := rule.EvalQuery(ctx, q); { - case err == nil || errors.Is(err, Skip): - case errors.Is(err, Allow): + switch decision := rule.EvalQuery(ctx, q); { + case decision == nil || errors.Is(decision, Skip): + case errors.Is(decision, Allow): return nil default: - return err + return decision } } return nil @@ -111,16 +111,16 @@ type ( // EvalMutation evaluates a mutation against a mutation policy. func (policy MutationPolicy) EvalMutation(ctx context.Context, m ent.Mutation) error { - if err, ok := decisionFromContext(ctx); ok { - return err + if decision, ok := decisionFromContext(ctx); ok { + return decision } for _, rule := range policy { - switch err := rule.EvalMutation(ctx, m); { - case err == nil || errors.Is(err, Skip): - case errors.Is(err, Allow): + switch decision := rule.EvalMutation(ctx, m); { + case decision == nil || errors.Is(decision, Skip): + case errors.Is(decision, Allow): return nil default: - return err + return decision } } return nil @@ -159,29 +159,44 @@ type QueryMutationRule interface { // AlwaysAllowRule returns a rule that returns an allow decision. func AlwaysAllowRule() QueryMutationRule { - return fixedDecisionRule{Allow} + return fixedDecision{Allow} } // AlwaysDenyRule returns a rule that returns a deny decision. func AlwaysDenyRule() QueryMutationRule { - return fixedDecisionRule{Deny} + return fixedDecision{Deny} } -type fixedDecisionRule struct{ err error } +type fixedDecision struct { + decision error +} -func (f fixedDecisionRule) EvalQuery(context.Context, ent.Query) error { return f.err } -func (f fixedDecisionRule) EvalMutation(context.Context, ent.Mutation) error { return f.err } +func (f fixedDecision) EvalQuery(context.Context, ent.Query) error { + return f.decision +} -// DenyMutationOperationRule returns a rule denying specified mutation operation. -func DenyMutationOperationRule(op ent.Op) MutationRule { - return MutationRuleFunc(func(_ context.Context, m ent.Mutation) error { +func (f fixedDecision) EvalMutation(context.Context, ent.Mutation) error { + return f.decision +} + +// OnMutationOperation evaluates the given rule only on a given mutation operation. +func OnMutationOperation(rule MutationRule, op ent.Op) MutationRule { + return MutationRuleFunc(func(ctx context.Context, m ent.Mutation) error { if m.Op().Is(op) { - return Denyf("ent/privacy: operation %s is not allowed", m.Op()) + return rule.EvalMutation(ctx, m) } return Skip }) } +// DenyMutationOperationRule returns a rule denying specified mutation operation. +func DenyMutationOperationRule(op ent.Op) MutationRule { + rule := MutationRuleFunc(func(_ context.Context, m ent.Mutation) error { + return Denyf("ent/privacy: operation %s is not allowed", m.Op()) + }) + return OnMutationOperation(rule, op) +} + // The NodeQueryRuleFunc type is an adapter to allow the use of ordinary // functions as a query rule. type NodeQueryRuleFunc func(context.Context, *ent.NodeQuery) error diff --git a/examples/o2o2types/ent/privacy/privacy.go b/examples/o2o2types/ent/privacy/privacy.go index 6e234d14c..2a4d8dfa2 100644 --- a/examples/o2o2types/ent/privacy/privacy.go +++ b/examples/o2o2types/ent/privacy/privacy.go @@ -54,11 +54,11 @@ func DecisionContext(parent context.Context, decision error) context.Context { } func decisionFromContext(ctx context.Context) (error, bool) { - err, ok := ctx.Value(decisionCtxKey{}).(error) - if ok && errors.Is(err, Allow) { - err = nil + decision, ok := ctx.Value(decisionCtxKey{}).(error) + if ok && errors.Is(decision, Allow) { + decision = nil } - return err, ok + return decision, ok } type ( @@ -74,16 +74,16 @@ type ( // EvalQuery evaluates a query against a query policy. func (policy QueryPolicy) EvalQuery(ctx context.Context, q ent.Query) error { - if err, ok := decisionFromContext(ctx); ok { - return err + if decision, ok := decisionFromContext(ctx); ok { + return decision } for _, rule := range policy { - switch err := rule.EvalQuery(ctx, q); { - case err == nil || errors.Is(err, Skip): - case errors.Is(err, Allow): + switch decision := rule.EvalQuery(ctx, q); { + case decision == nil || errors.Is(decision, Skip): + case errors.Is(decision, Allow): return nil default: - return err + return decision } } return nil @@ -111,16 +111,16 @@ type ( // EvalMutation evaluates a mutation against a mutation policy. func (policy MutationPolicy) EvalMutation(ctx context.Context, m ent.Mutation) error { - if err, ok := decisionFromContext(ctx); ok { - return err + if decision, ok := decisionFromContext(ctx); ok { + return decision } for _, rule := range policy { - switch err := rule.EvalMutation(ctx, m); { - case err == nil || errors.Is(err, Skip): - case errors.Is(err, Allow): + switch decision := rule.EvalMutation(ctx, m); { + case decision == nil || errors.Is(decision, Skip): + case errors.Is(decision, Allow): return nil default: - return err + return decision } } return nil @@ -159,29 +159,44 @@ type QueryMutationRule interface { // AlwaysAllowRule returns a rule that returns an allow decision. func AlwaysAllowRule() QueryMutationRule { - return fixedDecisionRule{Allow} + return fixedDecision{Allow} } // AlwaysDenyRule returns a rule that returns a deny decision. func AlwaysDenyRule() QueryMutationRule { - return fixedDecisionRule{Deny} + return fixedDecision{Deny} } -type fixedDecisionRule struct{ err error } +type fixedDecision struct { + decision error +} -func (f fixedDecisionRule) EvalQuery(context.Context, ent.Query) error { return f.err } -func (f fixedDecisionRule) EvalMutation(context.Context, ent.Mutation) error { return f.err } +func (f fixedDecision) EvalQuery(context.Context, ent.Query) error { + return f.decision +} -// DenyMutationOperationRule returns a rule denying specified mutation operation. -func DenyMutationOperationRule(op ent.Op) MutationRule { - return MutationRuleFunc(func(_ context.Context, m ent.Mutation) error { +func (f fixedDecision) EvalMutation(context.Context, ent.Mutation) error { + return f.decision +} + +// OnMutationOperation evaluates the given rule only on a given mutation operation. +func OnMutationOperation(rule MutationRule, op ent.Op) MutationRule { + return MutationRuleFunc(func(ctx context.Context, m ent.Mutation) error { if m.Op().Is(op) { - return Denyf("ent/privacy: operation %s is not allowed", m.Op()) + return rule.EvalMutation(ctx, m) } return Skip }) } +// DenyMutationOperationRule returns a rule denying specified mutation operation. +func DenyMutationOperationRule(op ent.Op) MutationRule { + rule := MutationRuleFunc(func(_ context.Context, m ent.Mutation) error { + return Denyf("ent/privacy: operation %s is not allowed", m.Op()) + }) + return OnMutationOperation(rule, op) +} + // The CardQueryRuleFunc type is an adapter to allow the use of ordinary // functions as a query rule. type CardQueryRuleFunc func(context.Context, *ent.CardQuery) error diff --git a/examples/o2obidi/ent/privacy/privacy.go b/examples/o2obidi/ent/privacy/privacy.go index ebbe84d6c..4d59b5b1e 100644 --- a/examples/o2obidi/ent/privacy/privacy.go +++ b/examples/o2obidi/ent/privacy/privacy.go @@ -54,11 +54,11 @@ func DecisionContext(parent context.Context, decision error) context.Context { } func decisionFromContext(ctx context.Context) (error, bool) { - err, ok := ctx.Value(decisionCtxKey{}).(error) - if ok && errors.Is(err, Allow) { - err = nil + decision, ok := ctx.Value(decisionCtxKey{}).(error) + if ok && errors.Is(decision, Allow) { + decision = nil } - return err, ok + return decision, ok } type ( @@ -74,16 +74,16 @@ type ( // EvalQuery evaluates a query against a query policy. func (policy QueryPolicy) EvalQuery(ctx context.Context, q ent.Query) error { - if err, ok := decisionFromContext(ctx); ok { - return err + if decision, ok := decisionFromContext(ctx); ok { + return decision } for _, rule := range policy { - switch err := rule.EvalQuery(ctx, q); { - case err == nil || errors.Is(err, Skip): - case errors.Is(err, Allow): + switch decision := rule.EvalQuery(ctx, q); { + case decision == nil || errors.Is(decision, Skip): + case errors.Is(decision, Allow): return nil default: - return err + return decision } } return nil @@ -111,16 +111,16 @@ type ( // EvalMutation evaluates a mutation against a mutation policy. func (policy MutationPolicy) EvalMutation(ctx context.Context, m ent.Mutation) error { - if err, ok := decisionFromContext(ctx); ok { - return err + if decision, ok := decisionFromContext(ctx); ok { + return decision } for _, rule := range policy { - switch err := rule.EvalMutation(ctx, m); { - case err == nil || errors.Is(err, Skip): - case errors.Is(err, Allow): + switch decision := rule.EvalMutation(ctx, m); { + case decision == nil || errors.Is(decision, Skip): + case errors.Is(decision, Allow): return nil default: - return err + return decision } } return nil @@ -159,29 +159,44 @@ type QueryMutationRule interface { // AlwaysAllowRule returns a rule that returns an allow decision. func AlwaysAllowRule() QueryMutationRule { - return fixedDecisionRule{Allow} + return fixedDecision{Allow} } // AlwaysDenyRule returns a rule that returns a deny decision. func AlwaysDenyRule() QueryMutationRule { - return fixedDecisionRule{Deny} + return fixedDecision{Deny} } -type fixedDecisionRule struct{ err error } +type fixedDecision struct { + decision error +} -func (f fixedDecisionRule) EvalQuery(context.Context, ent.Query) error { return f.err } -func (f fixedDecisionRule) EvalMutation(context.Context, ent.Mutation) error { return f.err } +func (f fixedDecision) EvalQuery(context.Context, ent.Query) error { + return f.decision +} -// DenyMutationOperationRule returns a rule denying specified mutation operation. -func DenyMutationOperationRule(op ent.Op) MutationRule { - return MutationRuleFunc(func(_ context.Context, m ent.Mutation) error { +func (f fixedDecision) EvalMutation(context.Context, ent.Mutation) error { + return f.decision +} + +// OnMutationOperation evaluates the given rule only on a given mutation operation. +func OnMutationOperation(rule MutationRule, op ent.Op) MutationRule { + return MutationRuleFunc(func(ctx context.Context, m ent.Mutation) error { if m.Op().Is(op) { - return Denyf("ent/privacy: operation %s is not allowed", m.Op()) + return rule.EvalMutation(ctx, m) } return Skip }) } +// DenyMutationOperationRule returns a rule denying specified mutation operation. +func DenyMutationOperationRule(op ent.Op) MutationRule { + rule := MutationRuleFunc(func(_ context.Context, m ent.Mutation) error { + return Denyf("ent/privacy: operation %s is not allowed", m.Op()) + }) + return OnMutationOperation(rule, op) +} + // The UserQueryRuleFunc type is an adapter to allow the use of ordinary // functions as a query rule. type UserQueryRuleFunc func(context.Context, *ent.UserQuery) error diff --git a/examples/o2orecur/ent/privacy/privacy.go b/examples/o2orecur/ent/privacy/privacy.go index 08ad26b32..39297d813 100644 --- a/examples/o2orecur/ent/privacy/privacy.go +++ b/examples/o2orecur/ent/privacy/privacy.go @@ -54,11 +54,11 @@ func DecisionContext(parent context.Context, decision error) context.Context { } func decisionFromContext(ctx context.Context) (error, bool) { - err, ok := ctx.Value(decisionCtxKey{}).(error) - if ok && errors.Is(err, Allow) { - err = nil + decision, ok := ctx.Value(decisionCtxKey{}).(error) + if ok && errors.Is(decision, Allow) { + decision = nil } - return err, ok + return decision, ok } type ( @@ -74,16 +74,16 @@ type ( // EvalQuery evaluates a query against a query policy. func (policy QueryPolicy) EvalQuery(ctx context.Context, q ent.Query) error { - if err, ok := decisionFromContext(ctx); ok { - return err + if decision, ok := decisionFromContext(ctx); ok { + return decision } for _, rule := range policy { - switch err := rule.EvalQuery(ctx, q); { - case err == nil || errors.Is(err, Skip): - case errors.Is(err, Allow): + switch decision := rule.EvalQuery(ctx, q); { + case decision == nil || errors.Is(decision, Skip): + case errors.Is(decision, Allow): return nil default: - return err + return decision } } return nil @@ -111,16 +111,16 @@ type ( // EvalMutation evaluates a mutation against a mutation policy. func (policy MutationPolicy) EvalMutation(ctx context.Context, m ent.Mutation) error { - if err, ok := decisionFromContext(ctx); ok { - return err + if decision, ok := decisionFromContext(ctx); ok { + return decision } for _, rule := range policy { - switch err := rule.EvalMutation(ctx, m); { - case err == nil || errors.Is(err, Skip): - case errors.Is(err, Allow): + switch decision := rule.EvalMutation(ctx, m); { + case decision == nil || errors.Is(decision, Skip): + case errors.Is(decision, Allow): return nil default: - return err + return decision } } return nil @@ -159,29 +159,44 @@ type QueryMutationRule interface { // AlwaysAllowRule returns a rule that returns an allow decision. func AlwaysAllowRule() QueryMutationRule { - return fixedDecisionRule{Allow} + return fixedDecision{Allow} } // AlwaysDenyRule returns a rule that returns a deny decision. func AlwaysDenyRule() QueryMutationRule { - return fixedDecisionRule{Deny} + return fixedDecision{Deny} } -type fixedDecisionRule struct{ err error } +type fixedDecision struct { + decision error +} -func (f fixedDecisionRule) EvalQuery(context.Context, ent.Query) error { return f.err } -func (f fixedDecisionRule) EvalMutation(context.Context, ent.Mutation) error { return f.err } +func (f fixedDecision) EvalQuery(context.Context, ent.Query) error { + return f.decision +} -// DenyMutationOperationRule returns a rule denying specified mutation operation. -func DenyMutationOperationRule(op ent.Op) MutationRule { - return MutationRuleFunc(func(_ context.Context, m ent.Mutation) error { +func (f fixedDecision) EvalMutation(context.Context, ent.Mutation) error { + return f.decision +} + +// OnMutationOperation evaluates the given rule only on a given mutation operation. +func OnMutationOperation(rule MutationRule, op ent.Op) MutationRule { + return MutationRuleFunc(func(ctx context.Context, m ent.Mutation) error { if m.Op().Is(op) { - return Denyf("ent/privacy: operation %s is not allowed", m.Op()) + return rule.EvalMutation(ctx, m) } return Skip }) } +// DenyMutationOperationRule returns a rule denying specified mutation operation. +func DenyMutationOperationRule(op ent.Op) MutationRule { + rule := MutationRuleFunc(func(_ context.Context, m ent.Mutation) error { + return Denyf("ent/privacy: operation %s is not allowed", m.Op()) + }) + return OnMutationOperation(rule, op) +} + // The NodeQueryRuleFunc type is an adapter to allow the use of ordinary // functions as a query rule. type NodeQueryRuleFunc func(context.Context, *ent.NodeQuery) error diff --git a/examples/start/ent/privacy/privacy.go b/examples/start/ent/privacy/privacy.go index 3e4e1f6cd..a1fe3574d 100644 --- a/examples/start/ent/privacy/privacy.go +++ b/examples/start/ent/privacy/privacy.go @@ -54,11 +54,11 @@ func DecisionContext(parent context.Context, decision error) context.Context { } func decisionFromContext(ctx context.Context) (error, bool) { - err, ok := ctx.Value(decisionCtxKey{}).(error) - if ok && errors.Is(err, Allow) { - err = nil + decision, ok := ctx.Value(decisionCtxKey{}).(error) + if ok && errors.Is(decision, Allow) { + decision = nil } - return err, ok + return decision, ok } type ( @@ -74,16 +74,16 @@ type ( // EvalQuery evaluates a query against a query policy. func (policy QueryPolicy) EvalQuery(ctx context.Context, q ent.Query) error { - if err, ok := decisionFromContext(ctx); ok { - return err + if decision, ok := decisionFromContext(ctx); ok { + return decision } for _, rule := range policy { - switch err := rule.EvalQuery(ctx, q); { - case err == nil || errors.Is(err, Skip): - case errors.Is(err, Allow): + switch decision := rule.EvalQuery(ctx, q); { + case decision == nil || errors.Is(decision, Skip): + case errors.Is(decision, Allow): return nil default: - return err + return decision } } return nil @@ -111,16 +111,16 @@ type ( // EvalMutation evaluates a mutation against a mutation policy. func (policy MutationPolicy) EvalMutation(ctx context.Context, m ent.Mutation) error { - if err, ok := decisionFromContext(ctx); ok { - return err + if decision, ok := decisionFromContext(ctx); ok { + return decision } for _, rule := range policy { - switch err := rule.EvalMutation(ctx, m); { - case err == nil || errors.Is(err, Skip): - case errors.Is(err, Allow): + switch decision := rule.EvalMutation(ctx, m); { + case decision == nil || errors.Is(decision, Skip): + case errors.Is(decision, Allow): return nil default: - return err + return decision } } return nil @@ -159,29 +159,44 @@ type QueryMutationRule interface { // AlwaysAllowRule returns a rule that returns an allow decision. func AlwaysAllowRule() QueryMutationRule { - return fixedDecisionRule{Allow} + return fixedDecision{Allow} } // AlwaysDenyRule returns a rule that returns a deny decision. func AlwaysDenyRule() QueryMutationRule { - return fixedDecisionRule{Deny} + return fixedDecision{Deny} } -type fixedDecisionRule struct{ err error } +type fixedDecision struct { + decision error +} -func (f fixedDecisionRule) EvalQuery(context.Context, ent.Query) error { return f.err } -func (f fixedDecisionRule) EvalMutation(context.Context, ent.Mutation) error { return f.err } +func (f fixedDecision) EvalQuery(context.Context, ent.Query) error { + return f.decision +} -// DenyMutationOperationRule returns a rule denying specified mutation operation. -func DenyMutationOperationRule(op ent.Op) MutationRule { - return MutationRuleFunc(func(_ context.Context, m ent.Mutation) error { +func (f fixedDecision) EvalMutation(context.Context, ent.Mutation) error { + return f.decision +} + +// OnMutationOperation evaluates the given rule only on a given mutation operation. +func OnMutationOperation(rule MutationRule, op ent.Op) MutationRule { + return MutationRuleFunc(func(ctx context.Context, m ent.Mutation) error { if m.Op().Is(op) { - return Denyf("ent/privacy: operation %s is not allowed", m.Op()) + return rule.EvalMutation(ctx, m) } return Skip }) } +// DenyMutationOperationRule returns a rule denying specified mutation operation. +func DenyMutationOperationRule(op ent.Op) MutationRule { + rule := MutationRuleFunc(func(_ context.Context, m ent.Mutation) error { + return Denyf("ent/privacy: operation %s is not allowed", m.Op()) + }) + return OnMutationOperation(rule, op) +} + // The CarQueryRuleFunc type is an adapter to allow the use of ordinary // functions as a query rule. type CarQueryRuleFunc func(context.Context, *ent.CarQuery) error diff --git a/examples/traversal/ent/privacy/privacy.go b/examples/traversal/ent/privacy/privacy.go index 5b558ec47..a43da34eb 100644 --- a/examples/traversal/ent/privacy/privacy.go +++ b/examples/traversal/ent/privacy/privacy.go @@ -54,11 +54,11 @@ func DecisionContext(parent context.Context, decision error) context.Context { } func decisionFromContext(ctx context.Context) (error, bool) { - err, ok := ctx.Value(decisionCtxKey{}).(error) - if ok && errors.Is(err, Allow) { - err = nil + decision, ok := ctx.Value(decisionCtxKey{}).(error) + if ok && errors.Is(decision, Allow) { + decision = nil } - return err, ok + return decision, ok } type ( @@ -74,16 +74,16 @@ type ( // EvalQuery evaluates a query against a query policy. func (policy QueryPolicy) EvalQuery(ctx context.Context, q ent.Query) error { - if err, ok := decisionFromContext(ctx); ok { - return err + if decision, ok := decisionFromContext(ctx); ok { + return decision } for _, rule := range policy { - switch err := rule.EvalQuery(ctx, q); { - case err == nil || errors.Is(err, Skip): - case errors.Is(err, Allow): + switch decision := rule.EvalQuery(ctx, q); { + case decision == nil || errors.Is(decision, Skip): + case errors.Is(decision, Allow): return nil default: - return err + return decision } } return nil @@ -111,16 +111,16 @@ type ( // EvalMutation evaluates a mutation against a mutation policy. func (policy MutationPolicy) EvalMutation(ctx context.Context, m ent.Mutation) error { - if err, ok := decisionFromContext(ctx); ok { - return err + if decision, ok := decisionFromContext(ctx); ok { + return decision } for _, rule := range policy { - switch err := rule.EvalMutation(ctx, m); { - case err == nil || errors.Is(err, Skip): - case errors.Is(err, Allow): + switch decision := rule.EvalMutation(ctx, m); { + case decision == nil || errors.Is(decision, Skip): + case errors.Is(decision, Allow): return nil default: - return err + return decision } } return nil @@ -159,29 +159,44 @@ type QueryMutationRule interface { // AlwaysAllowRule returns a rule that returns an allow decision. func AlwaysAllowRule() QueryMutationRule { - return fixedDecisionRule{Allow} + return fixedDecision{Allow} } // AlwaysDenyRule returns a rule that returns a deny decision. func AlwaysDenyRule() QueryMutationRule { - return fixedDecisionRule{Deny} + return fixedDecision{Deny} } -type fixedDecisionRule struct{ err error } +type fixedDecision struct { + decision error +} -func (f fixedDecisionRule) EvalQuery(context.Context, ent.Query) error { return f.err } -func (f fixedDecisionRule) EvalMutation(context.Context, ent.Mutation) error { return f.err } +func (f fixedDecision) EvalQuery(context.Context, ent.Query) error { + return f.decision +} -// DenyMutationOperationRule returns a rule denying specified mutation operation. -func DenyMutationOperationRule(op ent.Op) MutationRule { - return MutationRuleFunc(func(_ context.Context, m ent.Mutation) error { +func (f fixedDecision) EvalMutation(context.Context, ent.Mutation) error { + return f.decision +} + +// OnMutationOperation evaluates the given rule only on a given mutation operation. +func OnMutationOperation(rule MutationRule, op ent.Op) MutationRule { + return MutationRuleFunc(func(ctx context.Context, m ent.Mutation) error { if m.Op().Is(op) { - return Denyf("ent/privacy: operation %s is not allowed", m.Op()) + return rule.EvalMutation(ctx, m) } return Skip }) } +// DenyMutationOperationRule returns a rule denying specified mutation operation. +func DenyMutationOperationRule(op ent.Op) MutationRule { + rule := MutationRuleFunc(func(_ context.Context, m ent.Mutation) error { + return Denyf("ent/privacy: operation %s is not allowed", m.Op()) + }) + return OnMutationOperation(rule, op) +} + // The GroupQueryRuleFunc type is an adapter to allow the use of ordinary // functions as a query rule. type GroupQueryRuleFunc func(context.Context, *ent.GroupQuery) error