entc/gen/privacy: adding decision context support (#462)

Decision context holds a privacy decision (i.e. allow / deny) and if
exists will be returned before any rule is evaluated.

Signed-off-by: Alex Snast <alexsn@fb.com>

entc/gen/template/privacy.tmpl

@@ -35,6 +35,24 @@ var (
 	}
 {{- end }}
 
+type decisionCtxKey struct {}
+
+// DecisionContext creates a decision context.
+func DecisionContext(parent context.Context, decision error) context.Context {
+	if decision == nil || errors.Is(decision, Skip) {
+		return parent
+	}
+	return context.WithValue(parent, decisionCtxKey{}, decision)
+}
+
+func decisionFromContext(ctx context.Context) (error, bool) {
+	err, ok := ctx.Value(decisionCtxKey{}).(error)
+	if ok && errors.Is(err, Allow) {
+		err = nil
+	}
+	return err, ok
+}
+
 type (
 	// QueryPolicy combines multiple query rules into a single policy.
 	QueryPolicy []QueryRule
@@ -48,6 +66,9 @@ type (
 
 // EvalQuery evaluates a query against a query policy.
 func (policy QueryPolicy) EvalQuery(ctx context.Context, q {{ $pkg }}.Query) error {
+	if err, ok := decisionFromContext(ctx); ok {
+		return err
+	}
 	for _, rule := range policy {
 		switch err := rule.EvalQuery(ctx, q); {
 		case err == nil || errors.Is(err, Skip):
@@ -82,6 +103,9 @@ type (
 
 // EvalMutation evaluates a mutation against a mutation policy.
 func (policy MutationPolicy) EvalMutation(ctx context.Context, m {{ $pkg }}.Mutation) error {
+	if err, ok := decisionFromContext(ctx); ok {
+		return err
+	}
 	for _, rule := range policy {
 		switch err := rule.EvalMutation(ctx, m); {
 		case err == nil || errors.Is(err, Skip):

entc/integration/config/ent/privacy/privacy.go

@@ -43,6 +43,24 @@ func Skipf(format string, a ...interface{}) error {
 	return fmt.Errorf(format+": %w", append(a, Skip)...)
 }
 
+type decisionCtxKey struct{}
+
+// DecisionContext creates a decision context.
+func DecisionContext(parent context.Context, decision error) context.Context {
+	if decision == nil || errors.Is(decision, Skip) {
+		return parent
+	}
+	return context.WithValue(parent, decisionCtxKey{}, decision)
+}
+
+func decisionFromContext(ctx context.Context) (error, bool) {
+	err, ok := ctx.Value(decisionCtxKey{}).(error)
+	if ok && errors.Is(err, Allow) {
+		err = nil
+	}
+	return err, ok
+}
+
 type (
 	// QueryPolicy combines multiple query rules into a single policy.
 	QueryPolicy []QueryRule
@@ -56,6 +74,9 @@ type (
 
 // EvalQuery evaluates a query against a query policy.
 func (policy QueryPolicy) EvalQuery(ctx context.Context, q ent.Query) error {
+	if err, ok := decisionFromContext(ctx); ok {
+		return err
+	}
 	for _, rule := range policy {
 		switch err := rule.EvalQuery(ctx, q); {
 		case err == nil || errors.Is(err, Skip):
@@ -90,6 +111,9 @@ type (
 
 // EvalMutation evaluates a mutation against a mutation policy.
 func (policy MutationPolicy) EvalMutation(ctx context.Context, m ent.Mutation) error {
+	if err, ok := decisionFromContext(ctx); ok {
+		return err
+	}
 	for _, rule := range policy {
 		switch err := rule.EvalMutation(ctx, m); {
 		case err == nil || errors.Is(err, Skip):

entc/integration/customid/ent/privacy/privacy.go

@@ -43,6 +43,24 @@ func Skipf(format string, a ...interface{}) error {
 	return fmt.Errorf(format+": %w", append(a, Skip)...)
 }
 
+type decisionCtxKey struct{}
+
+// DecisionContext creates a decision context.
+func DecisionContext(parent context.Context, decision error) context.Context {
+	if decision == nil || errors.Is(decision, Skip) {
+		return parent
+	}
+	return context.WithValue(parent, decisionCtxKey{}, decision)
+}
+
+func decisionFromContext(ctx context.Context) (error, bool) {
+	err, ok := ctx.Value(decisionCtxKey{}).(error)
+	if ok && errors.Is(err, Allow) {
+		err = nil
+	}
+	return err, ok
+}
+
 type (
 	// QueryPolicy combines multiple query rules into a single policy.
 	QueryPolicy []QueryRule
@@ -56,6 +74,9 @@ type (
 
 // EvalQuery evaluates a query against a query policy.
 func (policy QueryPolicy) EvalQuery(ctx context.Context, q ent.Query) error {
+	if err, ok := decisionFromContext(ctx); ok {
+		return err
+	}
 	for _, rule := range policy {
 		switch err := rule.EvalQuery(ctx, q); {
 		case err == nil || errors.Is(err, Skip):
@@ -90,6 +111,9 @@ type (
 
 // EvalMutation evaluates a mutation against a mutation policy.
 func (policy MutationPolicy) EvalMutation(ctx context.Context, m ent.Mutation) error {
+	if err, ok := decisionFromContext(ctx); ok {
+		return err
+	}
 	for _, rule := range policy {
 		switch err := rule.EvalMutation(ctx, m); {
 		case err == nil || errors.Is(err, Skip):

entc/integration/ent/privacy/privacy.go

@@ -43,6 +43,24 @@ func Skipf(format string, a ...interface{}) error {
 	return fmt.Errorf(format+": %w", append(a, Skip)...)
 }
 
+type decisionCtxKey struct{}
+
+// DecisionContext creates a decision context.
+func DecisionContext(parent context.Context, decision error) context.Context {
+	if decision == nil || errors.Is(decision, Skip) {
+		return parent
+	}
+	return context.WithValue(parent, decisionCtxKey{}, decision)
+}
+
+func decisionFromContext(ctx context.Context) (error, bool) {
+	err, ok := ctx.Value(decisionCtxKey{}).(error)
+	if ok && errors.Is(err, Allow) {
+		err = nil
+	}
+	return err, ok
+}
+
 type (
 	// QueryPolicy combines multiple query rules into a single policy.
 	QueryPolicy []QueryRule
@@ -56,6 +74,9 @@ type (
 
 // EvalQuery evaluates a query against a query policy.
 func (policy QueryPolicy) EvalQuery(ctx context.Context, q ent.Query) error {
+	if err, ok := decisionFromContext(ctx); ok {
+		return err
+	}
 	for _, rule := range policy {
 		switch err := rule.EvalQuery(ctx, q); {
 		case err == nil || errors.Is(err, Skip):
@@ -90,6 +111,9 @@ type (
 
 // EvalMutation evaluates a mutation against a mutation policy.
 func (policy MutationPolicy) EvalMutation(ctx context.Context, m ent.Mutation) error {
+	if err, ok := decisionFromContext(ctx); ok {
+		return err
+	}
 	for _, rule := range policy {
 		switch err := rule.EvalMutation(ctx, m); {
 		case err == nil || errors.Is(err, Skip):

entc/integration/gremlin/ent/privacy/privacy.go

@@ -43,6 +43,24 @@ func Skipf(format string, a ...interface{}) error {
 	return fmt.Errorf(format+": %w", append(a, Skip)...)
 }
 
+type decisionCtxKey struct{}
+
+// DecisionContext creates a decision context.
+func DecisionContext(parent context.Context, decision error) context.Context {
+	if decision == nil || errors.Is(decision, Skip) {
+		return parent
+	}
+	return context.WithValue(parent, decisionCtxKey{}, decision)
+}
+
+func decisionFromContext(ctx context.Context) (error, bool) {
+	err, ok := ctx.Value(decisionCtxKey{}).(error)
+	if ok && errors.Is(err, Allow) {
+		err = nil
+	}
+	return err, ok
+}
+
 type (
 	// QueryPolicy combines multiple query rules into a single policy.
 	QueryPolicy []QueryRule
@@ -56,6 +74,9 @@ type (
 
 // EvalQuery evaluates a query against a query policy.
 func (policy QueryPolicy) EvalQuery(ctx context.Context, q ent.Query) error {
+	if err, ok := decisionFromContext(ctx); ok {
+		return err
+	}
 	for _, rule := range policy {
 		switch err := rule.EvalQuery(ctx, q); {
 		case err == nil || errors.Is(err, Skip):
@@ -90,6 +111,9 @@ type (
 
 // EvalMutation evaluates a mutation against a mutation policy.
 func (policy MutationPolicy) EvalMutation(ctx context.Context, m ent.Mutation) error {
+	if err, ok := decisionFromContext(ctx); ok {
+		return err
+	}
 	for _, rule := range policy {
 		switch err := rule.EvalMutation(ctx, m); {
 		case err == nil || errors.Is(err, Skip):

entc/integration/hooks/ent/privacy/privacy.go

@@ -43,6 +43,24 @@ func Skipf(format string, a ...interface{}) error {
 	return fmt.Errorf(format+": %w", append(a, Skip)...)
 }
 
+type decisionCtxKey struct{}
+
+// DecisionContext creates a decision context.
+func DecisionContext(parent context.Context, decision error) context.Context {
+	if decision == nil || errors.Is(decision, Skip) {
+		return parent
+	}
+	return context.WithValue(parent, decisionCtxKey{}, decision)
+}
+
+func decisionFromContext(ctx context.Context) (error, bool) {
+	err, ok := ctx.Value(decisionCtxKey{}).(error)
+	if ok && errors.Is(err, Allow) {
+		err = nil
+	}
+	return err, ok
+}
+
 type (
 	// QueryPolicy combines multiple query rules into a single policy.
 	QueryPolicy []QueryRule
@@ -56,6 +74,9 @@ type (
 
 // EvalQuery evaluates a query against a query policy.
 func (policy QueryPolicy) EvalQuery(ctx context.Context, q ent.Query) error {
+	if err, ok := decisionFromContext(ctx); ok {
+		return err
+	}
 	for _, rule := range policy {
 		switch err := rule.EvalQuery(ctx, q); {
 		case err == nil || errors.Is(err, Skip):
@@ -90,6 +111,9 @@ type (
 
 // EvalMutation evaluates a mutation against a mutation policy.
 func (policy MutationPolicy) EvalMutation(ctx context.Context, m ent.Mutation) error {
+	if err, ok := decisionFromContext(ctx); ok {
+		return err
+	}
 	for _, rule := range policy {
 		switch err := rule.EvalMutation(ctx, m); {
 		case err == nil || errors.Is(err, Skip):

entc/integration/idtype/ent/privacy/privacy.go

@@ -43,6 +43,24 @@ func Skipf(format string, a ...interface{}) error {
 	return fmt.Errorf(format+": %w", append(a, Skip)...)
 }
 
+type decisionCtxKey struct{}
+
+// DecisionContext creates a decision context.
+func DecisionContext(parent context.Context, decision error) context.Context {
+	if decision == nil || errors.Is(decision, Skip) {
+		return parent
+	}
+	return context.WithValue(parent, decisionCtxKey{}, decision)
+}
+
+func decisionFromContext(ctx context.Context) (error, bool) {
+	err, ok := ctx.Value(decisionCtxKey{}).(error)
+	if ok && errors.Is(err, Allow) {
+		err = nil
+	}
+	return err, ok
+}
+
 type (
 	// QueryPolicy combines multiple query rules into a single policy.
 	QueryPolicy []QueryRule
@@ -56,6 +74,9 @@ type (
 
 // EvalQuery evaluates a query against a query policy.
 func (policy QueryPolicy) EvalQuery(ctx context.Context, q ent.Query) error {
+	if err, ok := decisionFromContext(ctx); ok {
+		return err
+	}
 	for _, rule := range policy {
 		switch err := rule.EvalQuery(ctx, q); {
 		case err == nil || errors.Is(err, Skip):
@@ -90,6 +111,9 @@ type (
 
 // EvalMutation evaluates a mutation against a mutation policy.
 func (policy MutationPolicy) EvalMutation(ctx context.Context, m ent.Mutation) error {
+	if err, ok := decisionFromContext(ctx); ok {
+		return err
+	}
 	for _, rule := range policy {
 		switch err := rule.EvalMutation(ctx, m); {
 		case err == nil || errors.Is(err, Skip):

entc/integration/json/ent/privacy/privacy.go

@@ -43,6 +43,24 @@ func Skipf(format string, a ...interface{}) error {
 	return fmt.Errorf(format+": %w", append(a, Skip)...)
 }
 
+type decisionCtxKey struct{}
+
+// DecisionContext creates a decision context.
+func DecisionContext(parent context.Context, decision error) context.Context {
+	if decision == nil || errors.Is(decision, Skip) {
+		return parent
+	}
+	return context.WithValue(parent, decisionCtxKey{}, decision)
+}
+
+func decisionFromContext(ctx context.Context) (error, bool) {
+	err, ok := ctx.Value(decisionCtxKey{}).(error)
+	if ok && errors.Is(err, Allow) {
+		err = nil
+	}
+	return err, ok
+}
+
 type (
 	// QueryPolicy combines multiple query rules into a single policy.
 	QueryPolicy []QueryRule
@@ -56,6 +74,9 @@ type (
 
 // EvalQuery evaluates a query against a query policy.
 func (policy QueryPolicy) EvalQuery(ctx context.Context, q ent.Query) error {
+	if err, ok := decisionFromContext(ctx); ok {
+		return err
+	}
 	for _, rule := range policy {
 		switch err := rule.EvalQuery(ctx, q); {
 		case err == nil || errors.Is(err, Skip):
@@ -90,6 +111,9 @@ type (
 
 // EvalMutation evaluates a mutation against a mutation policy.
 func (policy MutationPolicy) EvalMutation(ctx context.Context, m ent.Mutation) error {
+	if err, ok := decisionFromContext(ctx); ok {
+		return err
+	}
 	for _, rule := range policy {
 		switch err := rule.EvalMutation(ctx, m); {
 		case err == nil || errors.Is(err, Skip):

entc/integration/migrate/entv1/privacy/privacy.go

@@ -43,6 +43,24 @@ func Skipf(format string, a ...interface{}) error {
 	return fmt.Errorf(format+": %w", append(a, Skip)...)
 }
 
+type decisionCtxKey struct{}
+
+// DecisionContext creates a decision context.
+func DecisionContext(parent context.Context, decision error) context.Context {
+	if decision == nil || errors.Is(decision, Skip) {
+		return parent
+	}
+	return context.WithValue(parent, decisionCtxKey{}, decision)
+}
+
+func decisionFromContext(ctx context.Context) (error, bool) {
+	err, ok := ctx.Value(decisionCtxKey{}).(error)
+	if ok && errors.Is(err, Allow) {
+		err = nil
+	}
+	return err, ok
+}
+
 type (
 	// QueryPolicy combines multiple query rules into a single policy.
 	QueryPolicy []QueryRule
@@ -56,6 +74,9 @@ type (
 
 // EvalQuery evaluates a query against a query policy.
 func (policy QueryPolicy) EvalQuery(ctx context.Context, q entv1.Query) error {
+	if err, ok := decisionFromContext(ctx); ok {
+		return err
+	}
 	for _, rule := range policy {
 		switch err := rule.EvalQuery(ctx, q); {
 		case err == nil || errors.Is(err, Skip):
@@ -90,6 +111,9 @@ type (
 
 // EvalMutation evaluates a mutation against a mutation policy.
 func (policy MutationPolicy) EvalMutation(ctx context.Context, m entv1.Mutation) error {
+	if err, ok := decisionFromContext(ctx); ok {
+		return err
+	}
 	for _, rule := range policy {
 		switch err := rule.EvalMutation(ctx, m); {
 		case err == nil || errors.Is(err, Skip):

entc/integration/migrate/entv2/privacy/privacy.go

@@ -43,6 +43,24 @@ func Skipf(format string, a ...interface{}) error {
 	return fmt.Errorf(format+": %w", append(a, Skip)...)
 }
 
+type decisionCtxKey struct{}
+
+// DecisionContext creates a decision context.
+func DecisionContext(parent context.Context, decision error) context.Context {
+	if decision == nil || errors.Is(decision, Skip) {
+		return parent
+	}
+	return context.WithValue(parent, decisionCtxKey{}, decision)
+}
+
+func decisionFromContext(ctx context.Context) (error, bool) {
+	err, ok := ctx.Value(decisionCtxKey{}).(error)
+	if ok && errors.Is(err, Allow) {
+		err = nil
+	}
+	return err, ok
+}
+
 type (
 	// QueryPolicy combines multiple query rules into a single policy.
 	QueryPolicy []QueryRule
@@ -56,6 +74,9 @@ type (
 
 // EvalQuery evaluates a query against a query policy.
 func (policy QueryPolicy) EvalQuery(ctx context.Context, q entv2.Query) error {
+	if err, ok := decisionFromContext(ctx); ok {
+		return err
+	}
 	for _, rule := range policy {
 		switch err := rule.EvalQuery(ctx, q); {
 		case err == nil || errors.Is(err, Skip):
@@ -90,6 +111,9 @@ type (
 
 // EvalMutation evaluates a mutation against a mutation policy.
 func (policy MutationPolicy) EvalMutation(ctx context.Context, m entv2.Mutation) error {
+	if err, ok := decisionFromContext(ctx); ok {
+		return err
+	}
 	for _, rule := range policy {
 		switch err := rule.EvalMutation(ctx, m); {
 		case err == nil || errors.Is(err, Skip):

entc/integration/privacy/ent/privacy/privacy.go

@@ -43,6 +43,24 @@ func Skipf(format string, a ...interface{}) error {
 	return fmt.Errorf(format+": %w", append(a, Skip)...)
 }
 
+type decisionCtxKey struct{}
+
+// DecisionContext creates a decision context.
+func DecisionContext(parent context.Context, decision error) context.Context {
+	if decision == nil || errors.Is(decision, Skip) {
+		return parent
+	}
+	return context.WithValue(parent, decisionCtxKey{}, decision)
+}
+
+func decisionFromContext(ctx context.Context) (error, bool) {
+	err, ok := ctx.Value(decisionCtxKey{}).(error)
+	if ok && errors.Is(err, Allow) {
+		err = nil
+	}
+	return err, ok
+}
+
 type (
 	// QueryPolicy combines multiple query rules into a single policy.
 	QueryPolicy []QueryRule
@@ -56,6 +74,9 @@ type (
 
 // EvalQuery evaluates a query against a query policy.
 func (policy QueryPolicy) EvalQuery(ctx context.Context, q ent.Query) error {
+	if err, ok := decisionFromContext(ctx); ok {
+		return err
+	}
 	for _, rule := range policy {
 		switch err := rule.EvalQuery(ctx, q); {
 		case err == nil || errors.Is(err, Skip):
@@ -90,6 +111,9 @@ type (
 
 // EvalMutation evaluates a mutation against a mutation policy.
 func (policy MutationPolicy) EvalMutation(ctx context.Context, m ent.Mutation) error {
+	if err, ok := decisionFromContext(ctx); ok {
+		return err
+	}
 	for _, rule := range policy {
 		switch err := rule.EvalMutation(ctx, m); {
 		case err == nil || errors.Is(err, Skip):

entc/integration/privacy/privacy_test.go

@@ -9,11 +9,10 @@ import (
 	"errors"
 	"testing"
 
-	"github.com/facebookincubator/ent/entc/integration/privacy/ent"
+	"github.com/facebookincubator/ent/entc/integration/privacy/ent/enttest"
 	"github.com/facebookincubator/ent/entc/integration/privacy/ent/galaxy"
 	"github.com/facebookincubator/ent/entc/integration/privacy/ent/planet"
 	"github.com/facebookincubator/ent/entc/integration/privacy/ent/privacy"
-	_ "github.com/facebookincubator/ent/entc/integration/privacy/ent/runtime"
 	"github.com/facebookincubator/ent/entc/integration/privacy/rule"
 
 	_ "github.com/mattn/go-sqlite3"
@@ -21,38 +20,62 @@ import (
 )
 
 func TestPrivacyRules(t *testing.T) {
-	client, err := ent.Open("sqlite3", "file:ent?mode=memory&cache=shared&_fk=1")
-	require.NoError(t, err)
+	client := enttest.Open(t, "sqlite3",
+		"file:ent?mode=memory&cache=shared&_fk=1",
+	)
 	defer client.Close()
-	ctx := context.Background()
-	err = client.Schema.Create(ctx)
-	require.NoError(t, err)
 	logf := rule.SetMutationLogFunc(t.Logf)
 	defer rule.SetMutationLogFunc(logf)
 
-	earth, err := client.Planet.Create().SetName("Earth").SetAge(4_540_000_000).Save(ctx)
+	ctx := context.Background()
+	earth, err := client.Planet.Create().
+		SetName("Earth").
+		SetAge(4_540_000_000).
+		Save(ctx)
 	require.NoError(t, err)
-	mars := client.Planet.Create().SetName("Mars").SaveX(ctx)
-	err = earth.Update().AddNeighbors(mars).Exec(ctx)
+	mars := client.Planet.Create().
+		SetName("Mars").
+		SaveX(ctx)
+	err = earth.Update().
+		AddNeighbors(mars).
+		Exec(ctx)
 	require.NoError(t, err)
 
 	logf = rule.SetMutationLogFunc(func(string, ...interface{}) {
 		require.FailNow(t, "hook called on privacy deny")
 	})
-	err = client.Planet.Update().Where(planet.ID(earth.ID)).SetAge(4_600_000_000).Exec(ctx)
+	err = client.Planet.Update().
+		Where(planet.ID(earth.ID)).
+		SetAge(4_600_000_000).
+		Exec(ctx)
 	require.True(t, errors.Is(err, privacy.Deny))
-	err = earth.Update().AddNeighbors(earth).Exec(ctx)
+	err = earth.Update().
+		AddNeighbors(earth).
+		Exec(ctx)
 	require.True(t, errors.Is(err, privacy.Deny))
 	rule.SetMutationLogFunc(logf)
 
+	err = client.Planet.Update().
+		Where(planet.ID(earth.ID)).
+		SetAge(4_600_000_000).
+		Exec(privacy.DecisionContext(ctx, privacy.Allow))
+	require.NoError(t, err)
+
 	count := client.Planet.Query().CountX(ctx)
 	require.Equal(t, 1, count)
 	mars.Update().SetAge(6_000_000_000).ExecX(ctx)
 	count = client.Planet.Query().CountX(ctx)
 	require.Equal(t, 2, count)
 
-	client.Galaxy.Create().SetName("Milky Way").SetType(galaxy.TypeBarredSpiral).AddPlanets(earth, mars).SaveX(ctx)
-	client.Galaxy.Create().SetName("IC 3583").SetType(galaxy.TypeIrregular).SaveX(ctx)
+	client.Galaxy.Create().
+		SetName("Milky Way").
+		SetType(galaxy.TypeBarredSpiral).
+		AddPlanets(earth, mars).
+		SaveX(ctx)
+	client.Galaxy.Create().
+		SetName("IC 3583").
+		SetType(galaxy.TypeIrregular).
+		SaveX(ctx)
 	count = client.Galaxy.Query().CountX(ctx)
 	require.Equal(t, 1, count)
 }

entc/integration/template/ent/privacy/privacy.go

@@ -43,6 +43,24 @@ func Skipf(format string, a ...interface{}) error {
 	return fmt.Errorf(format+": %w", append(a, Skip)...)
 }
 
+type decisionCtxKey struct{}
+
+// DecisionContext creates a decision context.
+func DecisionContext(parent context.Context, decision error) context.Context {
+	if decision == nil || errors.Is(decision, Skip) {
+		return parent
+	}
+	return context.WithValue(parent, decisionCtxKey{}, decision)
+}
+
+func decisionFromContext(ctx context.Context) (error, bool) {
+	err, ok := ctx.Value(decisionCtxKey{}).(error)
+	if ok && errors.Is(err, Allow) {
+		err = nil
+	}
+	return err, ok
+}
+
 type (
 	// QueryPolicy combines multiple query rules into a single policy.
 	QueryPolicy []QueryRule
@@ -56,6 +74,9 @@ type (
 
 // EvalQuery evaluates a query against a query policy.
 func (policy QueryPolicy) EvalQuery(ctx context.Context, q ent.Query) error {
+	if err, ok := decisionFromContext(ctx); ok {
+		return err
+	}
 	for _, rule := range policy {
 		switch err := rule.EvalQuery(ctx, q); {
 		case err == nil || errors.Is(err, Skip):
@@ -90,6 +111,9 @@ type (
 
 // EvalMutation evaluates a mutation against a mutation policy.
 func (policy MutationPolicy) EvalMutation(ctx context.Context, m ent.Mutation) error {
+	if err, ok := decisionFromContext(ctx); ok {
+		return err
+	}
 	for _, rule := range policy {
 		switch err := rule.EvalMutation(ctx, m); {
 		case err == nil || errors.Is(err, Skip):

examples/edgeindex/ent/privacy/privacy.go

@@ -43,6 +43,24 @@ func Skipf(format string, a ...interface{}) error {
 	return fmt.Errorf(format+": %w", append(a, Skip)...)
 }
 
+type decisionCtxKey struct{}
+
+// DecisionContext creates a decision context.
+func DecisionContext(parent context.Context, decision error) context.Context {
+	if decision == nil || errors.Is(decision, Skip) {
+		return parent
+	}
+	return context.WithValue(parent, decisionCtxKey{}, decision)
+}
+
+func decisionFromContext(ctx context.Context) (error, bool) {
+	err, ok := ctx.Value(decisionCtxKey{}).(error)
+	if ok && errors.Is(err, Allow) {
+		err = nil
+	}
+	return err, ok
+}
+
 type (
 	// QueryPolicy combines multiple query rules into a single policy.
 	QueryPolicy []QueryRule
@@ -56,6 +74,9 @@ type (
 
 // EvalQuery evaluates a query against a query policy.
 func (policy QueryPolicy) EvalQuery(ctx context.Context, q ent.Query) error {
+	if err, ok := decisionFromContext(ctx); ok {
+		return err
+	}
 	for _, rule := range policy {
 		switch err := rule.EvalQuery(ctx, q); {
 		case err == nil || errors.Is(err, Skip):
@@ -90,6 +111,9 @@ type (
 
 // EvalMutation evaluates a mutation against a mutation policy.
 func (policy MutationPolicy) EvalMutation(ctx context.Context, m ent.Mutation) error {
+	if err, ok := decisionFromContext(ctx); ok {
+		return err
+	}
 	for _, rule := range policy {
 		switch err := rule.EvalMutation(ctx, m); {
 		case err == nil || errors.Is(err, Skip):

examples/entcpkg/ent/privacy/privacy.go

@@ -43,6 +43,24 @@ func Skipf(format string, a ...interface{}) error {
 	return fmt.Errorf(format+": %w", append(a, Skip)...)
 }
 
+type decisionCtxKey struct{}
+
+// DecisionContext creates a decision context.
+func DecisionContext(parent context.Context, decision error) context.Context {
+	if decision == nil || errors.Is(decision, Skip) {
+		return parent
+	}
+	return context.WithValue(parent, decisionCtxKey{}, decision)
+}
+
+func decisionFromContext(ctx context.Context) (error, bool) {
+	err, ok := ctx.Value(decisionCtxKey{}).(error)
+	if ok && errors.Is(err, Allow) {
+		err = nil
+	}
+	return err, ok
+}
+
 type (
 	// QueryPolicy combines multiple query rules into a single policy.
 	QueryPolicy []QueryRule
@@ -56,6 +74,9 @@ type (
 
 // EvalQuery evaluates a query against a query policy.
 func (policy QueryPolicy) EvalQuery(ctx context.Context, q ent.Query) error {
+	if err, ok := decisionFromContext(ctx); ok {
+		return err
+	}
 	for _, rule := range policy {
 		switch err := rule.EvalQuery(ctx, q); {
 		case err == nil || errors.Is(err, Skip):
@@ -90,6 +111,9 @@ type (
 
 // EvalMutation evaluates a mutation against a mutation policy.
 func (policy MutationPolicy) EvalMutation(ctx context.Context, m ent.Mutation) error {
+	if err, ok := decisionFromContext(ctx); ok {
+		return err
+	}
 	for _, rule := range policy {
 		switch err := rule.EvalMutation(ctx, m); {
 		case err == nil || errors.Is(err, Skip):

examples/m2m2types/ent/privacy/privacy.go

@@ -43,6 +43,24 @@ func Skipf(format string, a ...interface{}) error {
 	return fmt.Errorf(format+": %w", append(a, Skip)...)
 }
 
+type decisionCtxKey struct{}
+
+// DecisionContext creates a decision context.
+func DecisionContext(parent context.Context, decision error) context.Context {
+	if decision == nil || errors.Is(decision, Skip) {
+		return parent
+	}
+	return context.WithValue(parent, decisionCtxKey{}, decision)
+}
+
+func decisionFromContext(ctx context.Context) (error, bool) {
+	err, ok := ctx.Value(decisionCtxKey{}).(error)
+	if ok && errors.Is(err, Allow) {
+		err = nil
+	}
+	return err, ok
+}
+
 type (
 	// QueryPolicy combines multiple query rules into a single policy.
 	QueryPolicy []QueryRule
@@ -56,6 +74,9 @@ type (
 
 // EvalQuery evaluates a query against a query policy.
 func (policy QueryPolicy) EvalQuery(ctx context.Context, q ent.Query) error {
+	if err, ok := decisionFromContext(ctx); ok {
+		return err
+	}
 	for _, rule := range policy {
 		switch err := rule.EvalQuery(ctx, q); {
 		case err == nil || errors.Is(err, Skip):
@@ -90,6 +111,9 @@ type (
 
 // EvalMutation evaluates a mutation against a mutation policy.
 func (policy MutationPolicy) EvalMutation(ctx context.Context, m ent.Mutation) error {
+	if err, ok := decisionFromContext(ctx); ok {
+		return err
+	}
 	for _, rule := range policy {
 		switch err := rule.EvalMutation(ctx, m); {
 		case err == nil || errors.Is(err, Skip):

examples/m2mbidi/ent/privacy/privacy.go

@@ -43,6 +43,24 @@ func Skipf(format string, a ...interface{}) error {
 	return fmt.Errorf(format+": %w", append(a, Skip)...)
 }
 
+type decisionCtxKey struct{}
+
+// DecisionContext creates a decision context.
+func DecisionContext(parent context.Context, decision error) context.Context {
+	if decision == nil || errors.Is(decision, Skip) {
+		return parent
+	}
+	return context.WithValue(parent, decisionCtxKey{}, decision)
+}
+
+func decisionFromContext(ctx context.Context) (error, bool) {
+	err, ok := ctx.Value(decisionCtxKey{}).(error)
+	if ok && errors.Is(err, Allow) {
+		err = nil
+	}
+	return err, ok
+}
+
 type (
 	// QueryPolicy combines multiple query rules into a single policy.
 	QueryPolicy []QueryRule
@@ -56,6 +74,9 @@ type (
 
 // EvalQuery evaluates a query against a query policy.
 func (policy QueryPolicy) EvalQuery(ctx context.Context, q ent.Query) error {
+	if err, ok := decisionFromContext(ctx); ok {
+		return err
+	}
 	for _, rule := range policy {
 		switch err := rule.EvalQuery(ctx, q); {
 		case err == nil || errors.Is(err, Skip):
@@ -90,6 +111,9 @@ type (
 
 // EvalMutation evaluates a mutation against a mutation policy.
 func (policy MutationPolicy) EvalMutation(ctx context.Context, m ent.Mutation) error {
+	if err, ok := decisionFromContext(ctx); ok {
+		return err
+	}
 	for _, rule := range policy {
 		switch err := rule.EvalMutation(ctx, m); {
 		case err == nil || errors.Is(err, Skip):

examples/m2mrecur/ent/privacy/privacy.go

@@ -43,6 +43,24 @@ func Skipf(format string, a ...interface{}) error {
 	return fmt.Errorf(format+": %w", append(a, Skip)...)
 }
 
+type decisionCtxKey struct{}
+
+// DecisionContext creates a decision context.
+func DecisionContext(parent context.Context, decision error) context.Context {
+	if decision == nil || errors.Is(decision, Skip) {
+		return parent
+	}
+	return context.WithValue(parent, decisionCtxKey{}, decision)
+}
+
+func decisionFromContext(ctx context.Context) (error, bool) {
+	err, ok := ctx.Value(decisionCtxKey{}).(error)
+	if ok && errors.Is(err, Allow) {
+		err = nil
+	}
+	return err, ok
+}
+
 type (
 	// QueryPolicy combines multiple query rules into a single policy.
 	QueryPolicy []QueryRule
@@ -56,6 +74,9 @@ type (
 
 // EvalQuery evaluates a query against a query policy.
 func (policy QueryPolicy) EvalQuery(ctx context.Context, q ent.Query) error {
+	if err, ok := decisionFromContext(ctx); ok {
+		return err
+	}
 	for _, rule := range policy {
 		switch err := rule.EvalQuery(ctx, q); {
 		case err == nil || errors.Is(err, Skip):
@@ -90,6 +111,9 @@ type (
 
 // EvalMutation evaluates a mutation against a mutation policy.
 func (policy MutationPolicy) EvalMutation(ctx context.Context, m ent.Mutation) error {
+	if err, ok := decisionFromContext(ctx); ok {
+		return err
+	}
 	for _, rule := range policy {
 		switch err := rule.EvalMutation(ctx, m); {
 		case err == nil || errors.Is(err, Skip):

examples/o2m2types/ent/privacy/privacy.go

@@ -43,6 +43,24 @@ func Skipf(format string, a ...interface{}) error {
 	return fmt.Errorf(format+": %w", append(a, Skip)...)
 }
 
+type decisionCtxKey struct{}
+
+// DecisionContext creates a decision context.
+func DecisionContext(parent context.Context, decision error) context.Context {
+	if decision == nil || errors.Is(decision, Skip) {
+		return parent
+	}
+	return context.WithValue(parent, decisionCtxKey{}, decision)
+}
+
+func decisionFromContext(ctx context.Context) (error, bool) {
+	err, ok := ctx.Value(decisionCtxKey{}).(error)
+	if ok && errors.Is(err, Allow) {
+		err = nil
+	}
+	return err, ok
+}
+
 type (
 	// QueryPolicy combines multiple query rules into a single policy.
 	QueryPolicy []QueryRule
@@ -56,6 +74,9 @@ type (
 
 // EvalQuery evaluates a query against a query policy.
 func (policy QueryPolicy) EvalQuery(ctx context.Context, q ent.Query) error {
+	if err, ok := decisionFromContext(ctx); ok {
+		return err
+	}
 	for _, rule := range policy {
 		switch err := rule.EvalQuery(ctx, q); {
 		case err == nil || errors.Is(err, Skip):
@@ -90,6 +111,9 @@ type (
 
 // EvalMutation evaluates a mutation against a mutation policy.
 func (policy MutationPolicy) EvalMutation(ctx context.Context, m ent.Mutation) error {
+	if err, ok := decisionFromContext(ctx); ok {
+		return err
+	}
 	for _, rule := range policy {
 		switch err := rule.EvalMutation(ctx, m); {
 		case err == nil || errors.Is(err, Skip):

examples/o2mrecur/ent/privacy/privacy.go

@@ -43,6 +43,24 @@ func Skipf(format string, a ...interface{}) error {
 	return fmt.Errorf(format+": %w", append(a, Skip)...)
 }
 
+type decisionCtxKey struct{}
+
+// DecisionContext creates a decision context.
+func DecisionContext(parent context.Context, decision error) context.Context {
+	if decision == nil || errors.Is(decision, Skip) {
+		return parent
+	}
+	return context.WithValue(parent, decisionCtxKey{}, decision)
+}
+
+func decisionFromContext(ctx context.Context) (error, bool) {
+	err, ok := ctx.Value(decisionCtxKey{}).(error)
+	if ok && errors.Is(err, Allow) {
+		err = nil
+	}
+	return err, ok
+}
+
 type (
 	// QueryPolicy combines multiple query rules into a single policy.
 	QueryPolicy []QueryRule
@@ -56,6 +74,9 @@ type (
 
 // EvalQuery evaluates a query against a query policy.
 func (policy QueryPolicy) EvalQuery(ctx context.Context, q ent.Query) error {
+	if err, ok := decisionFromContext(ctx); ok {
+		return err
+	}
 	for _, rule := range policy {
 		switch err := rule.EvalQuery(ctx, q); {
 		case err == nil || errors.Is(err, Skip):
@@ -90,6 +111,9 @@ type (
 
 // EvalMutation evaluates a mutation against a mutation policy.
 func (policy MutationPolicy) EvalMutation(ctx context.Context, m ent.Mutation) error {
+	if err, ok := decisionFromContext(ctx); ok {
+		return err
+	}
 	for _, rule := range policy {
 		switch err := rule.EvalMutation(ctx, m); {
 		case err == nil || errors.Is(err, Skip):

examples/o2o2types/ent/privacy/privacy.go

@@ -43,6 +43,24 @@ func Skipf(format string, a ...interface{}) error {
 	return fmt.Errorf(format+": %w", append(a, Skip)...)
 }
 
+type decisionCtxKey struct{}
+
+// DecisionContext creates a decision context.
+func DecisionContext(parent context.Context, decision error) context.Context {
+	if decision == nil || errors.Is(decision, Skip) {
+		return parent
+	}
+	return context.WithValue(parent, decisionCtxKey{}, decision)
+}
+
+func decisionFromContext(ctx context.Context) (error, bool) {
+	err, ok := ctx.Value(decisionCtxKey{}).(error)
+	if ok && errors.Is(err, Allow) {
+		err = nil
+	}
+	return err, ok
+}
+
 type (
 	// QueryPolicy combines multiple query rules into a single policy.
 	QueryPolicy []QueryRule
@@ -56,6 +74,9 @@ type (
 
 // EvalQuery evaluates a query against a query policy.
 func (policy QueryPolicy) EvalQuery(ctx context.Context, q ent.Query) error {
+	if err, ok := decisionFromContext(ctx); ok {
+		return err
+	}
 	for _, rule := range policy {
 		switch err := rule.EvalQuery(ctx, q); {
 		case err == nil || errors.Is(err, Skip):
@@ -90,6 +111,9 @@ type (
 
 // EvalMutation evaluates a mutation against a mutation policy.
 func (policy MutationPolicy) EvalMutation(ctx context.Context, m ent.Mutation) error {
+	if err, ok := decisionFromContext(ctx); ok {
+		return err
+	}
 	for _, rule := range policy {
 		switch err := rule.EvalMutation(ctx, m); {
 		case err == nil || errors.Is(err, Skip):

examples/o2obidi/ent/privacy/privacy.go

@@ -43,6 +43,24 @@ func Skipf(format string, a ...interface{}) error {
 	return fmt.Errorf(format+": %w", append(a, Skip)...)
 }
 
+type decisionCtxKey struct{}
+
+// DecisionContext creates a decision context.
+func DecisionContext(parent context.Context, decision error) context.Context {
+	if decision == nil || errors.Is(decision, Skip) {
+		return parent
+	}
+	return context.WithValue(parent, decisionCtxKey{}, decision)
+}
+
+func decisionFromContext(ctx context.Context) (error, bool) {
+	err, ok := ctx.Value(decisionCtxKey{}).(error)
+	if ok && errors.Is(err, Allow) {
+		err = nil
+	}
+	return err, ok
+}
+
 type (
 	// QueryPolicy combines multiple query rules into a single policy.
 	QueryPolicy []QueryRule
@@ -56,6 +74,9 @@ type (
 
 // EvalQuery evaluates a query against a query policy.
 func (policy QueryPolicy) EvalQuery(ctx context.Context, q ent.Query) error {
+	if err, ok := decisionFromContext(ctx); ok {
+		return err
+	}
 	for _, rule := range policy {
 		switch err := rule.EvalQuery(ctx, q); {
 		case err == nil || errors.Is(err, Skip):
@@ -90,6 +111,9 @@ type (
 
 // EvalMutation evaluates a mutation against a mutation policy.
 func (policy MutationPolicy) EvalMutation(ctx context.Context, m ent.Mutation) error {
+	if err, ok := decisionFromContext(ctx); ok {
+		return err
+	}
 	for _, rule := range policy {
 		switch err := rule.EvalMutation(ctx, m); {
 		case err == nil || errors.Is(err, Skip):

examples/o2orecur/ent/privacy/privacy.go

@@ -43,6 +43,24 @@ func Skipf(format string, a ...interface{}) error {
 	return fmt.Errorf(format+": %w", append(a, Skip)...)
 }
 
+type decisionCtxKey struct{}
+
+// DecisionContext creates a decision context.
+func DecisionContext(parent context.Context, decision error) context.Context {
+	if decision == nil || errors.Is(decision, Skip) {
+		return parent
+	}
+	return context.WithValue(parent, decisionCtxKey{}, decision)
+}
+
+func decisionFromContext(ctx context.Context) (error, bool) {
+	err, ok := ctx.Value(decisionCtxKey{}).(error)
+	if ok && errors.Is(err, Allow) {
+		err = nil
+	}
+	return err, ok
+}
+
 type (
 	// QueryPolicy combines multiple query rules into a single policy.
 	QueryPolicy []QueryRule
@@ -56,6 +74,9 @@ type (
 
 // EvalQuery evaluates a query against a query policy.
 func (policy QueryPolicy) EvalQuery(ctx context.Context, q ent.Query) error {
+	if err, ok := decisionFromContext(ctx); ok {
+		return err
+	}
 	for _, rule := range policy {
 		switch err := rule.EvalQuery(ctx, q); {
 		case err == nil || errors.Is(err, Skip):
@@ -90,6 +111,9 @@ type (
 
 // EvalMutation evaluates a mutation against a mutation policy.
 func (policy MutationPolicy) EvalMutation(ctx context.Context, m ent.Mutation) error {
+	if err, ok := decisionFromContext(ctx); ok {
+		return err
+	}
 	for _, rule := range policy {
 		switch err := rule.EvalMutation(ctx, m); {
 		case err == nil || errors.Is(err, Skip):

examples/start/ent/privacy/privacy.go

@@ -43,6 +43,24 @@ func Skipf(format string, a ...interface{}) error {
 	return fmt.Errorf(format+": %w", append(a, Skip)...)
 }
 
+type decisionCtxKey struct{}
+
+// DecisionContext creates a decision context.
+func DecisionContext(parent context.Context, decision error) context.Context {
+	if decision == nil || errors.Is(decision, Skip) {
+		return parent
+	}
+	return context.WithValue(parent, decisionCtxKey{}, decision)
+}
+
+func decisionFromContext(ctx context.Context) (error, bool) {
+	err, ok := ctx.Value(decisionCtxKey{}).(error)
+	if ok && errors.Is(err, Allow) {
+		err = nil
+	}
+	return err, ok
+}
+
 type (
 	// QueryPolicy combines multiple query rules into a single policy.
 	QueryPolicy []QueryRule
@@ -56,6 +74,9 @@ type (
 
 // EvalQuery evaluates a query against a query policy.
 func (policy QueryPolicy) EvalQuery(ctx context.Context, q ent.Query) error {
+	if err, ok := decisionFromContext(ctx); ok {
+		return err
+	}
 	for _, rule := range policy {
 		switch err := rule.EvalQuery(ctx, q); {
 		case err == nil || errors.Is(err, Skip):
@@ -90,6 +111,9 @@ type (
 
 // EvalMutation evaluates a mutation against a mutation policy.
 func (policy MutationPolicy) EvalMutation(ctx context.Context, m ent.Mutation) error {
+	if err, ok := decisionFromContext(ctx); ok {
+		return err
+	}
 	for _, rule := range policy {
 		switch err := rule.EvalMutation(ctx, m); {
 		case err == nil || errors.Is(err, Skip):

examples/traversal/ent/privacy/privacy.go

@@ -43,6 +43,24 @@ func Skipf(format string, a ...interface{}) error {
 	return fmt.Errorf(format+": %w", append(a, Skip)...)
 }
 
+type decisionCtxKey struct{}
+
+// DecisionContext creates a decision context.
+func DecisionContext(parent context.Context, decision error) context.Context {
+	if decision == nil || errors.Is(decision, Skip) {
+		return parent
+	}
+	return context.WithValue(parent, decisionCtxKey{}, decision)
+}
+
+func decisionFromContext(ctx context.Context) (error, bool) {
+	err, ok := ctx.Value(decisionCtxKey{}).(error)
+	if ok && errors.Is(err, Allow) {
+		err = nil
+	}
+	return err, ok
+}
+
 type (
 	// QueryPolicy combines multiple query rules into a single policy.
 	QueryPolicy []QueryRule
@@ -56,6 +74,9 @@ type (
 
 // EvalQuery evaluates a query against a query policy.
 func (policy QueryPolicy) EvalQuery(ctx context.Context, q ent.Query) error {
+	if err, ok := decisionFromContext(ctx); ok {
+		return err
+	}
 	for _, rule := range policy {
 		switch err := rule.EvalQuery(ctx, q); {
 		case err == nil || errors.Is(err, Skip):
@@ -90,6 +111,9 @@ type (
 
 // EvalMutation evaluates a mutation against a mutation policy.
 func (policy MutationPolicy) EvalMutation(ctx context.Context, m ent.Mutation) error {
+	if err, ok := decisionFromContext(ctx); ok {
+		return err
+	}
 	for _, rule := range policy {
 		switch err := rule.EvalMutation(ctx, m); {
 		case err == nil || errors.Is(err, Skip):