feat: wip casl policies (#334)

* feat: wip casl policies * feat: add ability guard on pipeline resolvers * fix: test
2023-06-21 04:31:11 +02:00
parent 294b290939
commit b179d1f1f0
44 changed files with 1190 additions and 55 deletions
--- a/server/src/ability/handlers/pipeline-progress.ability-handler.ts
+++ b/server/src/ability/handlers/pipeline-progress.ability-handler.ts
@ -0,0 +1,78 @@
+import { PrismaService } from 'src/database/prisma.service';
+import { AbilityAction } from '../ability.action';
+import { AppAbility } from '../ability.factory';
+import { IAbilityHandler } from '../interfaces/ability-handler.interface';
+import {
+  ExecutionContext,
+  Injectable,
+  NotFoundException,
+} from '@nestjs/common';
+import { GqlExecutionContext } from '@nestjs/graphql';
+import { assert } from 'src/utils/assert';
+import { subject } from '@casl/ability';
+import { PipelineProgressWhereInput } from 'src/core/@generated/pipeline-progress/pipeline-progress-where.input';
+
+class PipelineProgressArgs {
+  where?: PipelineProgressWhereInput;
+}
+
+@Injectable()
+export class ManagePipelineProgressAbilityHandler implements IAbilityHandler {
+  async handle(ability: AppAbility) {
+    return ability.can(AbilityAction.Manage, 'PipelineProgress');
+  }
+}
+
+@Injectable()
+export class ReadPipelineProgressAbilityHandler implements IAbilityHandler {
+  handle(ability: AppAbility) {
+    return ability.can(AbilityAction.Read, 'PipelineProgress');
+  }
+}
+
+@Injectable()
+export class CreatePipelineProgressAbilityHandler implements IAbilityHandler {
+  handle(ability: AppAbility) {
+    return ability.can(AbilityAction.Create, 'PipelineProgress');
+  }
+}
+
+@Injectable()
+export class UpdatePipelineProgressAbilityHandler implements IAbilityHandler {
+  constructor(private readonly prismaService: PrismaService) {}
+
+  async handle(ability: AppAbility, context: ExecutionContext) {
+    const gqlContext = GqlExecutionContext.create(context);
+    const args = gqlContext.getArgs<PipelineProgressArgs>();
+    const pipelineProgress =
+      await this.prismaService.pipelineProgress.findFirst({
+        where: args.where,
+      });
+    assert(pipelineProgress, '', NotFoundException);
+
+    return ability.can(
+      AbilityAction.Update,
+      subject('PipelineProgress', pipelineProgress),
+    );
+  }
+}
+
+@Injectable()
+export class DeletePipelineProgressAbilityHandler implements IAbilityHandler {
+  constructor(private readonly prismaService: PrismaService) {}
+
+  async handle(ability: AppAbility, context: ExecutionContext) {
+    const gqlContext = GqlExecutionContext.create(context);
+    const args = gqlContext.getArgs<PipelineProgressArgs>();
+    const pipelineProgress =
+      await this.prismaService.pipelineProgress.findFirst({
+        where: args.where,
+      });
+    assert(pipelineProgress, '', NotFoundException);
+
+    return ability.can(
+      AbilityAction.Delete,
+      subject('PipelineProgress', pipelineProgress),
+    );
+  }
+}