mirror of
https://github.com/ent/ent.git
synced 2026-04-28 05:30:56 +03:00
203 lines
6.0 KiB
Cheetah
203 lines
6.0 KiB
Cheetah
{{/*
|
|
Copyright 2019-present Facebook Inc. All rights reserved.
|
|
This source code is licensed under the Apache 2.0 license found
|
|
in the LICENSE file in the root directory of this source tree.
|
|
*/}}
|
|
|
|
{{/* gotype: entgo.io/ent/entc/gen.Graph */}}
|
|
|
|
{{ define "privacy" }}
|
|
|
|
{{- with extend $ "Package" "privacy" -}}
|
|
{{ template "header" . }}
|
|
{{ end }}
|
|
|
|
import (
|
|
"{{ $.Config.Package }}"
|
|
|
|
"entgo.io/ent/privacy"
|
|
)
|
|
|
|
{{ $pkg := base $.Config.Package }}
|
|
|
|
var (
|
|
// Allow may be returned by rules to indicate that the policy
|
|
// evaluation should terminate with an allow decision.
|
|
Allow = privacy.Allow
|
|
|
|
// Deny may be returned by rules to indicate that the policy
|
|
// evaluation should terminate with an deny decision.
|
|
Deny = privacy.Deny
|
|
|
|
// Skip may be returned by rules to indicate that the policy
|
|
// evaluation should continue to the next rule.
|
|
Skip = privacy.Skip
|
|
)
|
|
|
|
{{- range $decision := list "Allow" "Deny" "Skip" }}
|
|
// {{ $decision }}f returns an formatted wrapped {{ $decision }} decision.
|
|
func {{ $decision }}f(format string, a ...interface{}) error {
|
|
return fmt.Errorf(format+": %w", append(a, {{ $decision }})...)
|
|
}
|
|
{{- end }}
|
|
|
|
// DecisionContext creates a new context from the given parent context with
|
|
// a policy decision attach to it.
|
|
func DecisionContext(parent context.Context, decision error) context.Context {
|
|
return privacy.DecisionContext(parent, decision)
|
|
}
|
|
|
|
// DecisionFromContext retrieves the policy decision from the context.
|
|
func DecisionFromContext(ctx context.Context) (error, bool) {
|
|
return privacy.DecisionFromContext(ctx)
|
|
}
|
|
|
|
type (
|
|
// QueryRule defines the interface deciding whether a
|
|
// query is allowed and optionally modify it.
|
|
QueryRule = privacy.QueryRule
|
|
// QueryPolicy combines multiple query rules into a single policy.
|
|
QueryPolicy = privacy.QueryPolicy
|
|
)
|
|
|
|
// QueryRuleFunc type is an adapter to allow the use of
|
|
// ordinary functions as query rules.
|
|
type QueryRuleFunc func(context.Context, {{ $pkg }}.Query) error
|
|
|
|
// Eval returns f(ctx, q).
|
|
func (f QueryRuleFunc) EvalQuery(ctx context.Context, q {{ $pkg }}.Query) error {
|
|
return f(ctx, q)
|
|
}
|
|
|
|
type (
|
|
// MutationRule defines the interface which decides whether a
|
|
// mutation is allowed and optionally modifies it.
|
|
MutationRule = privacy.MutationRule
|
|
// MutationPolicy combines multiple mutation rules into a single policy.
|
|
MutationPolicy = privacy.MutationPolicy
|
|
)
|
|
|
|
// MutationRuleFunc type is an adapter which allows the use of
|
|
// ordinary functions as mutation rules.
|
|
type MutationRuleFunc func(context.Context, {{ $pkg }}.Mutation) error
|
|
|
|
// EvalMutation returns f(ctx, m).
|
|
func (f MutationRuleFunc) EvalMutation(ctx context.Context, m {{ $pkg }}.Mutation) error {
|
|
return f(ctx, m)
|
|
}
|
|
|
|
// Policy groups query and mutation policies.
|
|
type Policy struct {
|
|
Query QueryPolicy
|
|
Mutation MutationPolicy
|
|
}
|
|
|
|
// EvalQuery forwards evaluation to query a policy.
|
|
func (policy Policy) EvalQuery(ctx context.Context, q {{ $pkg }}.Query) error {
|
|
return policy.Query.EvalQuery(ctx, q)
|
|
}
|
|
|
|
// EvalMutation forwards evaluation to mutate a policy.
|
|
func (policy Policy) EvalMutation(ctx context.Context, m {{ $pkg }}.Mutation) error {
|
|
return policy.Mutation.EvalMutation(ctx, m)
|
|
}
|
|
|
|
// QueryMutationRule is an interface which groups query and mutation rules.
|
|
type QueryMutationRule interface {
|
|
QueryRule
|
|
MutationRule
|
|
}
|
|
|
|
// AlwaysAllowRule returns a rule that returns an allow decision.
|
|
func AlwaysAllowRule() QueryMutationRule {
|
|
return fixedDecision{Allow}
|
|
}
|
|
|
|
// AlwaysDenyRule returns a rule that returns a deny decision.
|
|
func AlwaysDenyRule() QueryMutationRule {
|
|
return fixedDecision{Deny}
|
|
}
|
|
|
|
type fixedDecision struct {
|
|
decision error
|
|
}
|
|
|
|
func (f fixedDecision) EvalQuery(context.Context, {{ $pkg }}.Query) error {
|
|
return f.decision
|
|
}
|
|
|
|
func (f fixedDecision) EvalMutation(context.Context, {{ $pkg }}.Mutation) error {
|
|
return f.decision
|
|
}
|
|
|
|
type contextDecision struct {
|
|
eval func(context.Context) error
|
|
}
|
|
|
|
// ContextQueryMutationRule creates a query/mutation rule from a context eval func.
|
|
func ContextQueryMutationRule(eval func(context.Context) error) QueryMutationRule {
|
|
return contextDecision{eval}
|
|
}
|
|
|
|
func (c contextDecision) EvalQuery(ctx context.Context, _ {{ $pkg }}.Query) error {
|
|
return c.eval(ctx)
|
|
}
|
|
|
|
func (c contextDecision) EvalMutation(ctx context.Context, _ {{ $pkg }}.Mutation) error {
|
|
return c.eval(ctx)
|
|
}
|
|
|
|
// OnMutationOperation evaluates the given rule only on a given mutation operation.
|
|
func OnMutationOperation(rule MutationRule, op {{ $pkg }}.Op) MutationRule {
|
|
return MutationRuleFunc(func(ctx context.Context, m {{ $pkg }}.Mutation) error {
|
|
if m.Op().Is(op) {
|
|
return rule.EvalMutation(ctx, m)
|
|
}
|
|
return Skip
|
|
})
|
|
}
|
|
|
|
// DenyMutationOperationRule returns a rule denying specified mutation operation.
|
|
func DenyMutationOperationRule(op {{ $pkg }}.Op) MutationRule {
|
|
rule := MutationRuleFunc(func(_ context.Context, m {{ $pkg }}.Mutation) error {
|
|
return Denyf("{{ $pkg }}/privacy: operation %s is not allowed", m.Op())
|
|
})
|
|
return OnMutationOperation(rule, op)
|
|
}
|
|
|
|
{{- range $n := $.Nodes }}
|
|
{{ $name := print $n.Name "QueryRuleFunc" }}
|
|
{{ $type := printf "*%s.%s" $pkg $n.QueryName }}
|
|
// The {{ $name }} type is an adapter to allow the use of ordinary
|
|
// functions as a query rule.
|
|
type {{ $name }} func(context.Context, {{ $type }}) error
|
|
|
|
// EvalQuery return f(ctx, q).
|
|
func (f {{ $name }}) EvalQuery(ctx context.Context, q {{ $pkg }}.Query) error {
|
|
if q, ok := q.({{ $type }}); ok {
|
|
return f(ctx, q)
|
|
}
|
|
return Denyf("{{ $pkg }}/privacy: unexpected query type %T, expect {{ $type }}", q)
|
|
}
|
|
|
|
{{ $name = print $n.Name "MutationRuleFunc" }}
|
|
{{ $type = printf "*%s.%s" $pkg $n.MutationName }}
|
|
// The {{ $name }} type is an adapter to allow the use of ordinary
|
|
// functions as a mutation rule.
|
|
type {{ $name }} func(context.Context, {{ $type }}) error
|
|
|
|
// EvalMutation calls f(ctx, m).
|
|
func (f {{ $name }}) EvalMutation(ctx context.Context, m {{ $pkg }}.Mutation) error {
|
|
if m, ok := m.({{ $type }}); ok {
|
|
return f(ctx, m)
|
|
}
|
|
return Denyf("{{ $pkg }}/privacy: unexpected mutation type %T, expect {{ $type }}", m)
|
|
}
|
|
{{- end }}
|
|
|
|
{{- if $.FeatureEnabled "entql" }}
|
|
{{ template "privacy/filter" $ }}
|
|
{{- end }}
|
|
|
|
{{ end }}
|