Class EntityPrivacyPolicy<TFields, TID, TViewerContext, TEntity, TSelectedFields>`Abstract`

Remarks

A privacy policy declares lists of PrivacyPolicyRule for create, read, update, and delete actions for an entity and provides logic for authorizing an entity against rules.

Evaluation of a list of rules is performed according the following example. This allows constructing of complex yet testable permissioning logic for an entity.

Example

foreach rule in rules:
  return authorized if rule allows
  return not authorized if rule denies
  continue to next rule if rule skips
return not authorized if all rules skip

Type Parameters

TFields extends object
TID extends NonNullable<TFields[TSelectedFields]>
TViewerContext extends ViewerContext
TEntity extends ReadonlyEntity<TFields, TID, TViewerContext, TSelectedFields>
TSelectedFields extends keyof TFields = keyof TFields

Hierarchy

EntityPrivacyPolicy

Index

Constructors

constructor

new EntityPrivacyPolicy<TFields, TID, TViewerContext, TEntity, TSelectedFields>(): EntityPrivacyPolicy<TFields, TID, TViewerContext, TEntity, TSelectedFields>
Type Parameters
- TFields extends object
- TID extends {}
- TViewerContext extends ViewerContext<TViewerContext>
- TEntity extends ReadonlyEntity<TFields, TID, TViewerContext, TSelectedFields, TEntity>
- TSelectedFields extends string | number | symbol = keyof TFields
Returns EntityPrivacyPolicy<TFields, TID, TViewerContext, TEntity, TSelectedFields>

Properties

`Protected` `Readonly` createRules

createRules: readonly PrivacyPolicyRule<TFields, TID, TViewerContext, TEntity, TSelectedFields>[] = []

`Protected` `Readonly` deleteRules

deleteRules: readonly PrivacyPolicyRule<TFields, TID, TViewerContext, TEntity, TSelectedFields>[] = []

`Protected` `Readonly` readRules

readRules: readonly PrivacyPolicyRule<TFields, TID, TViewerContext, TEntity, TSelectedFields>[] = []

`Protected` `Readonly` updateRules

updateRules: readonly PrivacyPolicyRule<TFields, TID, TViewerContext, TEntity, TSelectedFields>[] = []

Methods

authorizeCreateAsync

authorizeCreateAsync(viewerContext, queryContext, evaluationContext, entity, metricsAdapter): Promise<TEntity>
Authorize an entity against creation policy.
Parameters
- viewerContext: TViewerContext
  
  viewer context of user creating the entity
- queryContext: EntityQueryContext
  
  query context in which to perform the create authorization
- evaluationContext: EntityPrivacyPolicyEvaluationContext
- entity: TEntity
  
  entity to authorize
- metricsAdapter: IEntityMetricsAdapter
Returns Promise<TEntity>
entity if authorized

Throws
EntityNotAuthorizedError when not authorized
- Defined in packages/entity/src/EntityPrivacyPolicy.ts:154

authorizeDeleteAsync

authorizeDeleteAsync(viewerContext, queryContext, evaluationContext, entity, metricsAdapter): Promise<TEntity>
Authorize an entity against deletion policy.
Parameters
- viewerContext: TViewerContext
  
  viewer context of user deleting the entity
- queryContext: EntityQueryContext
  
  query context in which to perform the delete authorization
- evaluationContext: EntityPrivacyPolicyEvaluationContext
- entity: TEntity
  
  entity to authorize
- metricsAdapter: IEntityMetricsAdapter
Returns Promise<TEntity>
entity if authorized

Throws
EntityNotAuthorizedError when not authorized
- Defined in packages/entity/src/EntityPrivacyPolicy.ts:232

`Private` authorizeForRulesetAsync

authorizeForRulesetAsync(ruleset, viewerContext, queryContext, evaluationContext, entity, action, metricsAdapter): Promise<TEntity>
Parameters
- ruleset: readonly PrivacyPolicyRule<TFields, TID, TViewerContext, TEntity, TSelectedFields>[]
- viewerContext: TViewerContext
- queryContext: EntityQueryContext
- evaluationContext: EntityPrivacyPolicyEvaluationContext
- entity: TEntity
- action: EntityAuthorizationAction
- metricsAdapter: IEntityMetricsAdapter
Returns Promise<TEntity>
- Defined in packages/entity/src/EntityPrivacyPolicy.ts:250

`Private` authorizeForRulesetInnerAsync

authorizeForRulesetInnerAsync(ruleset, viewerContext, queryContext, evaluationContext, entity, action): Promise<TEntity>
Parameters
- ruleset: readonly PrivacyPolicyRule<TFields, TID, TViewerContext, TEntity, TSelectedFields>[]
- viewerContext: TViewerContext
- queryContext: EntityQueryContext
- evaluationContext: EntityPrivacyPolicyEvaluationContext
- entity: TEntity
- action: EntityAuthorizationAction
Returns Promise<TEntity>
- Defined in packages/entity/src/EntityPrivacyPolicy.ts:353

authorizeReadAsync

authorizeReadAsync(viewerContext, queryContext, evaluationContext, entity, metricsAdapter): Promise<TEntity>
Authorize an entity against read policy.
Parameters
- viewerContext: TViewerContext
  
  viewer context of user reading the entity
- queryContext: EntityQueryContext
  
  query context in which to perform the read authorization
- evaluationContext: EntityPrivacyPolicyEvaluationContext
- entity: TEntity
  
  entity to authorize
- metricsAdapter: IEntityMetricsAdapter
Returns Promise<TEntity>
entity if authorized

Throws
EntityNotAuthorizedError when not authorized
- Defined in packages/entity/src/EntityPrivacyPolicy.ts:180

authorizeUpdateAsync

authorizeUpdateAsync(viewerContext, queryContext, evaluationContext, entity, metricsAdapter): Promise<TEntity>
Authorize an entity against update policy.
Parameters
- viewerContext: TViewerContext
  
  viewer context of user updating the entity
- queryContext: EntityQueryContext
  
  query context in which to perform the update authorization
- evaluationContext: EntityPrivacyPolicyEvaluationContext
- entity: TEntity
  
  entity to authorize
- metricsAdapter: IEntityMetricsAdapter
Returns Promise<TEntity>
entity if authorized

Throws
EntityNotAuthorizedError when not authorized
- Defined in packages/entity/src/EntityPrivacyPolicy.ts:206

`Protected` getPrivacyPolicyEvaluator

getPrivacyPolicyEvaluator(_viewerContext): EntityPrivacyPolicyEvaluator<TFields, TID, TViewerContext, TEntity, TSelectedFields>
Get the privacy policy evaluation mode and deny handler for this policy. Defaults to normal enforcing policy.
Parameters
- _viewerContext: TViewerContext
Returns EntityPrivacyPolicyEvaluator<TFields, TID, TViewerContext, TEntity, TSelectedFields>

Remarks
Override to enable dry run evaluation of the policy.
- Defined in packages/entity/src/EntityPrivacyPolicy.ts:138

Class EntityPrivacyPolicy<TFields, TID, TViewerContext, TEntity, TSelectedFields>Abstract

Remarks

Example

Type Parameters

TFields extends object

TID extends NonNullable<TFields[TSelectedFields]>

TViewerContext extends ViewerContext

TEntity extends ReadonlyEntity<TFields, TID, TViewerContext, TSelectedFields>

TSelectedFields extends keyof TFields = keyof TFields

Hierarchy

Index

Constructors

Properties

Methods

Constructors

constructor

Type Parameters

TFields extends object

TID extends {}

TViewerContext extends ViewerContext<TViewerContext>

TEntity extends ReadonlyEntity<TFields, TID, TViewerContext, TSelectedFields, TEntity>

TSelectedFields extends string | number | symbol = keyof TFields

Returns EntityPrivacyPolicy<TFields, TID, TViewerContext, TEntity, TSelectedFields>

Properties

Protected Readonly createRules

Protected Readonly deleteRules

Protected Readonly readRules

Protected Readonly updateRules

Methods

authorizeCreateAsync

Parameters

viewerContext: TViewerContext

queryContext: EntityQueryContext

evaluationContext: EntityPrivacyPolicyEvaluationContext

entity: TEntity

metricsAdapter: IEntityMetricsAdapter

Returns Promise<TEntity>

Throws

authorizeDeleteAsync

Parameters

viewerContext: TViewerContext

queryContext: EntityQueryContext

evaluationContext: EntityPrivacyPolicyEvaluationContext

entity: TEntity

metricsAdapter: IEntityMetricsAdapter

Returns Promise<TEntity>

Throws

Private authorizeForRulesetAsync

Parameters

ruleset: readonly PrivacyPolicyRule<TFields, TID, TViewerContext, TEntity, TSelectedFields>[]

viewerContext: TViewerContext

queryContext: EntityQueryContext

evaluationContext: EntityPrivacyPolicyEvaluationContext

entity: TEntity

action: EntityAuthorizationAction

metricsAdapter: IEntityMetricsAdapter

Returns Promise<TEntity>

Private authorizeForRulesetInnerAsync

Parameters

ruleset: readonly PrivacyPolicyRule<TFields, TID, TViewerContext, TEntity, TSelectedFields>[]

viewerContext: TViewerContext

queryContext: EntityQueryContext

evaluationContext: EntityPrivacyPolicyEvaluationContext

entity: TEntity

action: EntityAuthorizationAction

Returns Promise<TEntity>

authorizeReadAsync

Parameters

viewerContext: TViewerContext

queryContext: EntityQueryContext

evaluationContext: EntityPrivacyPolicyEvaluationContext

entity: TEntity

metricsAdapter: IEntityMetricsAdapter

Returns Promise<TEntity>

Throws

authorizeUpdateAsync

Parameters

viewerContext: TViewerContext

queryContext: EntityQueryContext

evaluationContext: EntityPrivacyPolicyEvaluationContext

Class EntityPrivacyPolicy<TFields, TID, TViewerContext, TEntity, TSelectedFields>`Abstract`

`Protected` `Readonly` createRules

`Protected` `Readonly` deleteRules

`Protected` `Readonly` readRules

`Protected` `Readonly` updateRules

`Private` authorizeForRulesetAsync

`Private` authorizeForRulesetInnerAsync

`Protected` getPrivacyPolicyEvaluator