ent/privacy: move some of the generated privacy helpers to ent/privacy (#3527)

privacy/privacy.go

@@ -9,6 +9,7 @@ package privacy
 import (
 	"context"
 	"errors"
+	"fmt"
 
 	"entgo.io/ent"
 )
@@ -28,6 +29,36 @@ var (
 	Skip = errors.New("ent/privacy: skip rule")
 )
 
+// Allowf returns a formatted wrapped Allow decision.
+func Allowf(format string, a ...any) error {
+	return fmt.Errorf(format+": %w", append(a, Allow)...)
+}
+
+// Denyf returns a formatted wrapped Deny decision.
+func Denyf(format string, a ...any) error {
+	return fmt.Errorf(format+": %w", append(a, Deny)...)
+}
+
+// Skipf returns a formatted wrapped Skip decision.
+func Skipf(format string, a ...any) error {
+	return fmt.Errorf(format+": %w", append(a, Skip)...)
+}
+
+// AlwaysAllowRule returns a rule that returns an allow decision.
+func AlwaysAllowRule() QueryMutationRule {
+	return fixedDecision{Allow}
+}
+
+// AlwaysDenyRule returns a rule that returns a deny decision.
+func AlwaysDenyRule() QueryMutationRule {
+	return fixedDecision{Deny}
+}
+
+// ContextQueryMutationRule creates a query/mutation rule from a context eval func.
+func ContextQueryMutationRule(eval func(context.Context) error) QueryMutationRule {
+	return contextDecision{eval}
+}
+
 type (
 	// QueryRule defines the interface deciding whether a
 	// query is allowed and optionally modify it.
@@ -47,13 +78,46 @@ type (
 	// MutationPolicy combines multiple mutation rules into a single policy.
 	MutationPolicy []MutationRule
 
-	// Policy groups query and mutation policies.
-	Policy struct {
-		Query    QueryPolicy
-		Mutation MutationPolicy
+	// QueryMutationRule is an interface which groups query and mutation rules.
+	QueryMutationRule interface {
+		QueryRule
+		MutationRule
 	}
 )
 
+// MutationRuleFunc type is an adapter which allows the use of
+// ordinary functions as mutation rules.
+type MutationRuleFunc func(context.Context, ent.Mutation) error
+
+// EvalMutation returns f(ctx, m).
+func (f MutationRuleFunc) EvalMutation(ctx context.Context, m ent.Mutation) error {
+	return f(ctx, m)
+}
+
+// OnMutationOperation evaluates the given rule only on a given mutation operation.
+func OnMutationOperation(rule MutationRule, op ent.Op) MutationRule {
+	return MutationRuleFunc(func(ctx context.Context, m ent.Mutation) error {
+		if m.Op().Is(op) {
+			return rule.EvalMutation(ctx, m)
+		}
+		return Skip
+	})
+}
+
+// DenyMutationOperationRule returns a rule denying specified mutation operation.
+func DenyMutationOperationRule(op ent.Op) MutationRule {
+	rule := MutationRuleFunc(func(_ context.Context, m ent.Mutation) error {
+		return Denyf("ent/privacy: operation %s is not allowed", m.Op())
+	})
+	return OnMutationOperation(rule, op)
+}
+
+// Policy groups query and mutation policies.
+type Policy struct {
+	Query    QueryPolicy
+	Mutation MutationPolicy
+}
+
 // EvalQuery forwards evaluation to query a policy.
 func (p Policy) EvalQuery(ctx context.Context, q ent.Query) error {
 	return p.Query.EvalQuery(ctx, q)
@@ -160,3 +224,27 @@ func DecisionFromContext(ctx context.Context) (error, bool) {
 	}
 	return decision, ok
 }
+
+type fixedDecision struct {
+	decision error
+}
+
+func (f fixedDecision) EvalQuery(context.Context, ent.Query) error {
+	return f.decision
+}
+
+func (f fixedDecision) EvalMutation(context.Context, ent.Mutation) error {
+	return f.decision
+}
+
+type contextDecision struct {
+	eval func(context.Context) error
+}
+
+func (c contextDecision) EvalQuery(ctx context.Context, _ ent.Query) error {
+	return c.eval(ctx)
+}
+
+func (c contextDecision) EvalMutation(ctx context.Context, _ ent.Mutation) error {
+	return c.eval(ctx)
+}