{{/*
Copyright 2019-present Facebook Inc. All rights reserved.
This source code is licensed under the Apache 2.0 license found
in the LICENSE file in the root directory of this source tree.
*/}}

{{/* gotype: entgo.io/ent/entc/gen.Graph */}}

{{ define "privacy" }}

{{ with extend $ "Package" "privacy" -}}
	{{ template "header" . }}
{{ end }}

import (
	"{{ $.Config.Package }}"

	"entgo.io/ent/privacy"
)

{{ $pkg := base $.Config.Package }}

var (
	// Allow may be returned by rules to indicate that the policy
	// evaluation should terminate with allow decision.
	Allow = privacy.Allow

	// Deny may be returned by rules to indicate that the policy
	// evaluation should terminate with deny decision.
	Deny = privacy.Deny

	// Skip may be returned by rules to indicate that the policy
	// evaluation should continue to the next rule.
	Skip = privacy.Skip
)

{{- range $decision := list "Allow" "Deny" "Skip" }}
	// {{ $decision }}f returns a formatted wrapped {{ $decision }} decision.
	func {{ $decision }}f(format string, a ...any) error {
		return privacy.{{ $decision }}f(format, a...)
	}
{{- end }}

// DecisionContext creates a new context from the given parent context with
// a policy decision attach to it.
func DecisionContext(parent context.Context, decision error) context.Context {
	return privacy.DecisionContext(parent, decision)
}

// DecisionFromContext retrieves the policy decision from the context.
func DecisionFromContext(ctx context.Context) (error, bool) {
	return privacy.DecisionFromContext(ctx)
}

type (
	// Policy groups query and mutation policies.
	Policy = privacy.Policy

	// QueryRule defines the interface deciding whether a
	// query is allowed and optionally modify it.
	QueryRule = privacy.QueryRule
	// QueryPolicy combines multiple query rules into a single policy.
	QueryPolicy = privacy.QueryPolicy

	// MutationRule defines the interface which decides whether a
	// mutation is allowed and optionally modifies it.
	MutationRule = privacy.MutationRule
	// MutationPolicy combines multiple mutation rules into a single policy.
	MutationPolicy = privacy.MutationPolicy
	// MutationRuleFunc type is an adapter which allows the use of
	// ordinary functions as mutation rules.
	MutationRuleFunc = privacy.MutationRuleFunc

	// QueryMutationRule is an interface which groups query and mutation rules.
	QueryMutationRule = privacy.QueryMutationRule
)

// QueryRuleFunc type is an adapter to allow the use of
// ordinary functions as query rules.
type QueryRuleFunc func(context.Context, {{ $pkg }}.Query) error

// Eval returns f(ctx, q).
func (f QueryRuleFunc) EvalQuery(ctx context.Context, q {{ $pkg }}.Query) error {
	return f(ctx, q)
}

// AlwaysAllowRule returns a rule that returns an allow decision.
func AlwaysAllowRule() QueryMutationRule {
	return privacy.AlwaysAllowRule()
}

// AlwaysDenyRule returns a rule that returns a deny decision.
func AlwaysDenyRule() QueryMutationRule {
	return privacy.AlwaysDenyRule()
}

// ContextQueryMutationRule creates a query/mutation rule from a context eval func.
func ContextQueryMutationRule(eval func(context.Context) error) QueryMutationRule {
	return privacy.ContextQueryMutationRule(eval)
}

// OnMutationOperation evaluates the given rule only on a given mutation operation.
func OnMutationOperation(rule MutationRule, op {{ $pkg }}.Op) MutationRule {
	return privacy.OnMutationOperation(rule, op)
}

// DenyMutationOperationRule returns a rule denying specified mutation operation.
func DenyMutationOperationRule(op {{ $pkg }}.Op) MutationRule {
	rule := MutationRuleFunc(func(_ context.Context, m {{ $pkg }}.Mutation) error {
		return Denyf("{{ $pkg }}/privacy: operation %s is not allowed", m.Op())
	})
	return OnMutationOperation(rule, op)
}

{{- range $n := $.Nodes }}
	{{ $name := print $n.Name "QueryRuleFunc" }}
	{{ $type := printf "*%s.%s" $pkg $n.QueryName }}
	// The {{ $name }} type is an adapter to allow the use of ordinary
	// functions as a query rule.
	type {{ $name }} func(context.Context, {{ $type }}) error

	// EvalQuery return f(ctx, q).
	func (f {{ $name }}) EvalQuery(ctx context.Context, q {{ $pkg }}.Query) error {
		if q, ok := q.({{ $type }}); ok {
			return f(ctx, q)
		}
		return Denyf("{{ $pkg }}/privacy: unexpected query type %T, expect {{ $type }}", q)
	}

	{{ $name = print $n.Name "MutationRuleFunc" }}
	{{ $type = printf "*%s.%s" $pkg $n.MutationName }}
	// The {{ $name }} type is an adapter to allow the use of ordinary
	// functions as a mutation rule.
	type {{ $name }} func(context.Context, {{ $type }}) error

	// EvalMutation calls f(ctx, m).
	func (f {{ $name }}) EvalMutation(ctx context.Context, m {{ $pkg }}.Mutation) error {
		if m, ok := m.({{ $type }}); ok {
			return f(ctx, m)
		}
		return Denyf("{{ $pkg }}/privacy: unexpected mutation type %T, expect {{ $type }}", m)
	}
{{- end }}

{{- if $.FeatureEnabled "entql" }}
	{{ template "privacy/filter" $ }}
{{- end }}

{{- with $tmpls := matchTemplate "privacy/additional/*" "privacy/additional/*/*" }}
	{{- range $tmpl := $tmpls }}
		{{- xtemplate $tmpl $ }}
	{{- end }}
{{- end }}

{{ end }}