golang/ent
1
0
Fork 0
mirror of https://github.com/ent/ent.git synced 2026-05-24 09:31:56 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
81a2f60e47b0a18af06b178a9de95a1deff3e1e3
ent/entc/gen/template/privacy.tmpl
Ariel Mashraki 9cff230d34 entc/gen: temporary workaround for runtime.tmpl (#387) 
* entc/gen: temporary workaround for runtime.tmpl

* ci: golangci version
2020-03-16 10:04:31 +02:00

172 lines
5.0 KiB
Cheetah
Raw Blame History

{{/*
Copyright 2019-present Facebook Inc. All rights reserved.
This source code is licensed under the Apache 2.0 license found
in the LICENSE file in the root directory of this source tree.
*/}}
{{ define "privacy" }}
{{- with extend $ "Package" "privacy" -}}
{{ template "header" . }}
{{ end }}
import "{{ $.Config.Package }}"
{{ $pkg := base $.Config.Package }}
var (
// Allow may be returned by read/write rules to indicate that the policy
// evaluation should terminate with an allow decision.
Allow = errors.New("ent/privacy: allow rule")
// Deny may be returned by read/write rules to indicate that the policy
// evaluation should terminate with an deny decision.
Deny = errors.New("ent/privacy: deny rule")
// Skip may be returned by read/write rules to indicate that the policy
// evaluation should continue to the next rule.
Skip = errors.New("ent/privacy: skip rule")
)
{{- range $decision := list "Allow" "Deny" "Skip" }}
// {{ $decision }}f returns an formatted wrapped {{ $decision }} decision.
func {{ $decision }}f(format string, a ...interface{}) error {
return fmt.Errorf(format+": %w", append(a, {{ $decision }})...)
}
{{- end }}
type (
// ReadPolicy combines multiple read rules into a single policy.
ReadPolicy []ReadRule
// ReadRule defines the interface deciding whether a read is allowed.
ReadRule interface {
EvalRead(context.Context, {{ $pkg }}.Value) error
}
)
// EvalRead evaluates a load against a read policy.
func (policy ReadPolicy) EvalRead(ctx context.Context, v {{ $pkg }}.Value) error {
for _, rule := range policy {
switch err := rule.EvalRead(ctx, v); {
case err == nil || errors.Is(err, Skip):
case errors.Is(err, Allow):
return nil
default:
return err
}
}
return nil
}
// ReadRuleFunc type is an adapter to allow the use of
// ordinary functions as read rules.
type ReadRuleFunc func(context.Context, {{ $pkg }}.Value) error
// Eval calls f(ctx, v).
func (f ReadRuleFunc) EvalRead(ctx context.Context, v {{ $pkg }}.Value) error {
return f(ctx, v)
}
type (
// WritePolicy combines multiple write rules into a single policy.
WritePolicy []WriteRule
// WriteRule defines the interface deciding whether a write is allowed.
WriteRule interface {
EvalWrite(context.Context, {{ $pkg }}.Mutation) error
}
)
// EvalWrite evaluates a mutation against a write policy.
func (policy WritePolicy) EvalWrite(ctx context.Context, m {{ $pkg }}.Mutation) error {
for _, rule := range policy {
switch err := rule.EvalWrite(ctx, m); {
case err == nil || errors.Is(err, Skip):
case errors.Is(err, Allow):
return nil
default:
return err
}
}
return nil
}
// WriteRuleFunc type is an adapter to allow the use of
// ordinary functions as write rules.
type WriteRuleFunc func(context.Context, {{ $pkg }}.Mutation) error
// Eval calls f(ctx, m).
func (f WriteRuleFunc) EvalWrite(ctx context.Context, m {{ $pkg }}.Mutation) error {
return f(ctx, m)
}
// Policy groups read and write policies.
type Policy struct {
Read ReadPolicy
Write WritePolicy
}
// EvalRead forwards evaluation to read policy.
func (policy Policy) EvalRead(ctx context.Context, v {{ $pkg }}.Value) error {
return policy.Read.EvalRead(ctx, v)
}
// EvalWrite forwards evaluation to write policy.
func (policy Policy) EvalWrite(ctx context.Context, m {{ $pkg }}.Mutation) error {
return policy.Write.EvalWrite(ctx, m)
}
// ReadWriteRule is the interface that groups read and write rules.
type ReadWriteRule interface {
ReadRule
WriteRule
}
// AlwaysAllowRule returns a read/write rule that returns an allow decision.
func AlwaysAllowRule() ReadWriteRule {
return fixedDecisionRule{Allow}
}
// AlwaysDenyRule returns a read/write rule that returns a deny decision.
func AlwaysDenyRule() ReadWriteRule {
return fixedDecisionRule{Deny}
}
type fixedDecisionRule struct { err error }
func (f fixedDecisionRule) EvalRead(context.Context, {{ $pkg }}.Value) error { return f.err }
func (f fixedDecisionRule) EvalWrite(context.Context, {{ $pkg }}.Mutation) error { return f.err }
{{- range $n := $.Nodes }}
{{ $name := print $n.Name "ReadRuleFunc" }}
{{ $type := printf "*%s.%s" $pkg $n.Name }}
// The {{ $name }} type is an adapter to allow the use of ordinary
// functions as a read rule.
type {{ $name }} func(context.Context, {{ $type }}) error
// EvalRead calls f(ctx, v).
func (f {{ $name }}) EvalRead(ctx context.Context, v {{ $pkg }}.Value) error {
if v, ok := v.({{ $type }}); ok {
return f(ctx, v)
}
return Denyf("ent/privacy: unexpected value type %T, expect {{ $type }}", v)
}
{{ $name = print $n.Name "WriteRuleFunc" }}
{{ $type = printf "*%s.%s" $pkg $n.MutationName }}
// The {{ $name }} type is an adapter to allow the use of ordinary
// functions as a write rule.
type {{ $name }} func(context.Context, {{ $type }}) error
// EvalWrite calls f(ctx, m).
func (f {{ $name }}) EvalWrite(ctx context.Context, m {{ $pkg }}.Mutation) error {
if m, ok := m.({{ $type }}); ok {
return f(ctx, m)
}
return Denyf("ent/privacy: unexpected mutation type %T, expect {{ $type }}", m)
}
{{- end }}
{{ end }}
Reference in New Issue View Git Blame Copy Permalink