@plumier/core
Advanced tools
@plumier/core - npm Package Compare versions
Comparing version 1.0.1-canary.27 to 1.0.1-canary.36
@@ -86,2 +86,3 @@ "use strict"; | ||
| async authorize(ctx) { | ||
| var _a, _b; | ||
| for (const Auth of this.policies.reverse()) { | ||
@@ -92,3 +93,3 @@ const authPolicy = new Auth(); | ||
| const authorize = await authPolicy.authorize(ctx); | ||
| log.debug("%s by %s", authorize ? "AUTHORIZED" : "FORBIDDEN", authPolicy.friendlyName()); | ||
| log.debug("%s -> %s.%s by %s", authorize ? "AUTHORIZED" : "FORBIDDEN", (_b = (_a = ctx.metadata.current.parent) === null || _a === void 0 ? void 0 : _a.name) !== null && _b !== void 0 ? _b : "", ctx.metadata.current.name, authPolicy.friendlyName()); | ||
| if (authorize) | ||
@@ -185,4 +186,3 @@ return true; | ||
| const entity = ctx.metadata.current.parent; | ||
| const meta = reflect_1.reflect(entity); | ||
| const prop = meta.properties.find(p => p.decorators.some((x) => x.kind === "plumier-meta:entity-id")); | ||
| const prop = common_1.entityHelper.getIdProp(entity); | ||
| if (!prop) | ||
@@ -328,3 +328,18 @@ throw new Error(`Entity ${entity.name} doesn't have primary ID information required for entity policy`); | ||
| return []; | ||
| else if (Array.isArray(meta.type)) { | ||
| // skip check on GET method | ||
| if (ctx.info.ctx.method === "GET") | ||
| return []; | ||
| const decorators = meta.decorators.filter(createDecoratorFilter(x => x.access === "write")); | ||
| if (decorators.length > 0) { | ||
| const info = createContext(ctx, value, meta); | ||
| const allowed = await executeAuthorizer(decorators, info); | ||
| if (!allowed) | ||
| return [ctx.path.join(".")]; | ||
| } | ||
| // if the property is a relation property just skip checking, since we allow set relation using ID | ||
| const isRelation = meta.decorators.some((x) => x.kind === "plumier-meta:relation"); | ||
| if (isRelation) | ||
| return []; | ||
| // loop through property of type array | ||
| if (Array.isArray(meta.type)) { | ||
| const newMeta = Object.assign(Object.assign({}, meta), { type: meta.type[0] }); | ||
@@ -338,3 +353,4 @@ const result = []; | ||
| } | ||
| else if (common_1.isCustomClass(meta.type)) { | ||
| // loop through custom class properties | ||
| if (common_1.isCustomClass(meta.type)) { | ||
| const classMeta = reflect_1.reflect(meta.type); | ||
@@ -344,14 +360,4 @@ const values = classMeta.properties.map(x => value[x.name]); | ||
| } | ||
| else { | ||
| // skip check on GET method | ||
| if (ctx.info.ctx.method === "GET") | ||
| return []; | ||
| const decorators = meta.decorators.filter(createDecoratorFilter(x => x.access === "write")); | ||
| // if no decorator then just allow, follow route authorization | ||
| if (decorators.length === 0) | ||
| return []; | ||
| const info = createContext(ctx, value, meta); | ||
| const allowed = await executeAuthorizer(decorators, info); | ||
| return allowed ? [] : [ctx.path.join(".")]; | ||
| } | ||
| // everything when fine then just return [] | ||
| return []; | ||
| } | ||
@@ -362,6 +368,2 @@ async function checkParameters(meta, value, ctx) { | ||
| const prop = meta[i]; | ||
| // if the property is a relation property just skip checking, since we allow set relation using ID | ||
| const isRelation = prop.decorators.some((x) => x.kind === "plumier-meta:relation"); | ||
| if (isRelation) | ||
| continue; | ||
| const issues = await checkParameter(prop, value[i], Object.assign(Object.assign({}, ctx), { path: ctx.path.concat(prop.name) })); | ||
@@ -415,4 +417,2 @@ result.push(...issues); | ||
| var _a; | ||
| if (raw === undefined || raw === null) | ||
| return undefined; | ||
| if (node.kind === "Array") { | ||
@@ -433,2 +433,4 @@ const result = []; | ||
| const value = raw[prop.name]; | ||
| if (value === null || value === undefined) | ||
| continue; | ||
| const authorized = await getAuthorize(prop.authorizer, Object.assign(Object.assign({}, ctx), { value, parentValue: raw, metadata: Object.assign(Object.assign({}, ctx.metadata), { current: prop.meta }) })); | ||
@@ -435,0 +437,0 @@ if (authorized) { |
@@ -271,2 +271,3 @@ /// <reference types="node" /> | ||
| export interface SelectQuery { | ||
| includeId?: true; | ||
| columns?: any; | ||
@@ -273,0 +274,0 @@ relations?: any; |
| { | ||
| "name": "@plumier/core", | ||
| "version": "1.0.1-canary.27+f660372", | ||
| "version": "1.0.1-canary.36+b66ea12", | ||
| "description": "Delightful Node.js Rest Framework", | ||
@@ -23,8 +23,8 @@ "main": "lib/index.js", | ||
| "dependencies": { | ||
| "@plumier/reflect": "1.0.1-canary.27+f660372", | ||
| "@plumier/validator": "1.0.1-canary.27+f660372", | ||
| "@plumier/reflect": "1.0.1-canary.36+b66ea12", | ||
| "@plumier/validator": "1.0.1-canary.36+b66ea12", | ||
| "@types/debug": "^4.1.5", | ||
| "@types/glob": "^7.1.3", | ||
| "chalk": "^4.1.1", | ||
| "debug": "^4.3.1", | ||
| "debug": "^4.3.2", | ||
| "glob": "^7.1.7", | ||
@@ -50,3 +50,3 @@ "path-to-regexp": "^6.2.0", | ||
| }, | ||
| "gitHead": "f660372adfd655e3f70047aaaf92963efd18990c" | ||
| "gitHead": "b66ea12dccb85cd9e4e681a5860092f9dad71082" | ||
| } |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Manifest confusion
Supply chain riskThis package has inconsistent metadata. This could be malicious or caused by an error when publishing the package.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Manifest confusion
Supply chain riskThis package has inconsistent metadata. This could be malicious or caused by an error when publishing the package.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by0.06%
209094
- Lines of code
- increased by0.06%
4729