Skip to content

Commit

Permalink
Improve access-control types (#4854)
Browse files Browse the repository at this point in the history
  • Loading branch information
@timleslie
timleslie authored Feb 15, 2021
1 parent 15b1132 commit c8cf7fb
Show file tree
Hide file tree
Showing 2 changed files with 52 additions and 66 deletions.
5 changes: 5 additions & 0 deletions .changeset/rare-poems-marry.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
---
'@keystone-next/keystone': patch
---

Added more specific types to implementation of access control validators.
113 changes: 47 additions & 66 deletions packages-next/keystone/src/lib/createAccessControlContext.ts
View file
Original file line number Diff line number Diff line change
@@ -1,17 +1,6 @@
import { KeystoneContext } from '@keystone-next/types';

async function validateListAccessControl({
access,
listKey,
operation,
session,
originalInput,
gqlName,
itemId,
itemIds,
context,
}: {
access: any;
type ListAccessArgs = {
listKey: string;
operation: string;
session: any;
Expand All @@ -20,22 +9,33 @@ async function validateListAccessControl({
itemId: any;
itemIds: any;
context: KeystoneContext;
}) {
};

type FieldAccessArgs = {
listKey: string;
operation: string;
session: any;
originalInput: any;
gqlName: string;
itemId: any;
itemIds: any;
context: KeystoneContext;
item: any;
fieldKey: string;
};

async function validateListAccessControl({
access,
operation,
listKey,
...args
}: { access: any } & ListAccessArgs) {
// Either a boolean or an object describing a where clause
let result;
if (typeof access[operation] !== 'function') {
result = access[operation];
} else {
result = await access[operation]({
session,
listKey,
operation,
originalInput,
gqlName,
itemId,
itemIds,
context,
});
result = await access[operation]({ listKey, operation, ...args });
}

const type = typeof result;
Expand All @@ -58,45 +58,16 @@ async function validateListAccessControl({

async function validateFieldAccessControl({
access,
operation,
listKey,
fieldKey,
originalInput,
item,
operation,
session,
gqlName,
itemId,
itemIds,
context,
}: {
access: any;
listKey: string;
operation: string;
session: any;
originalInput: any;
gqlName: string;
itemId: any;
itemIds: any;
context: KeystoneContext;
item: any;
fieldKey: any;
}) {
...args
}: { access: any } & FieldAccessArgs) {
let result;
if (typeof access[operation] !== 'function') {
result = access[operation];
} else {
result = await access[operation]({
session,
listKey,
fieldKey,
originalInput,
item,
operation,
gqlName,
itemId,
itemIds,
context,
});
result = await access[operation]({ listKey, fieldKey, operation, ...args });
}

if (typeof result !== 'boolean') {
Expand Down Expand Up @@ -124,10 +95,15 @@ export const skipAccessControlContext = {
export const accessControlContext = {
async getListAccessControlForUser(
access: any,
listKey: any,
originalInput: any,
operation: any,
{ gqlName, itemId, itemIds, context }: any = {}
listKey: ListAccessArgs['listKey'],
originalInput: ListAccessArgs['originalInput'],
operation: ListAccessArgs['operation'],
{
gqlName,
itemId,
itemIds,
context,
}: Pick<ListAccessArgs, 'gqlName' | 'itemId' | 'itemIds' | 'context'>
) {
return validateListAccessControl({
access: access[context.schemaName],
Expand All @@ -143,12 +119,17 @@ export const accessControlContext = {
},
async getFieldAccessControlForUser(
access: any,
listKey: any,
fieldKey: any,
originalInput: any,
item: any,
operation: any,
{ gqlName, itemId, itemIds, context }: any = {}
listKey: FieldAccessArgs['listKey'],
fieldKey: FieldAccessArgs['fieldKey'],
originalInput: FieldAccessArgs['originalInput'],
item: FieldAccessArgs['item'],
operation: FieldAccessArgs['operation'],
{
gqlName,
itemId,
itemIds,
context,
}: Pick<FieldAccessArgs, 'gqlName' | 'itemId' | 'itemIds' | 'context'>
) {
return validateFieldAccessControl({
access: access[context.schemaName],
Expand Down

1 comment on commit c8cf7fb

@vercel
Copy link

@vercel vercel bot commented on c8cf7fb Feb 15, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Successfully deployed to the following URLs:

Please sign in to comment.