Class EntityPrivacyPolicy<TFields, TID, TViewerContext, TEntity, TSelectedFields>`Abstract`

Remarks

A privacy policy declares lists of PrivacyPolicyRule for create, read, update, and delete actions for an entity and provides logic for authorizing an entity against rules.

Evaluation of a list of rules is performed according the following example. This allows constructing of complex yet testable permissioning logic for an entity.

Example

foreach rule in rules:
  return authorized if rule allows
  return not authorized if rule denies
  continue to next rule if rule skips
return not authorized if all rules skip

Type Parameters

TFields extends object
TID extends NonNullable<TFields[TSelectedFields]>
TViewerContext extends ViewerContext
TEntity extends ReadonlyEntity<TFields, TID, TViewerContext, TSelectedFields>
TSelectedFields extends keyof TFields = keyof TFields

Index

Constructors

constructor

new EntityPrivacyPolicy<
    TFields extends object,
    TID extends {},
    TViewerContext extends ViewerContext,
    TEntity extends
        ReadonlyEntity<TFields, TID, TViewerContext, TSelectedFields>,
    TSelectedFields extends string
    | number
    | symbol = keyof TFields,
>(): EntityPrivacyPolicy<
    TFields,
    TID,
    TViewerContext,
    TEntity,
    TSelectedFields,
>
Type Parameters
- TFields extends object
- TID extends {}
- TViewerContext extends ViewerContext
- TEntity extends ReadonlyEntity<TFields, TID, TViewerContext, TSelectedFields>
- TSelectedFields extends string | number | symbol = keyof TFields
Returns EntityPrivacyPolicy<TFields, TID, TViewerContext, TEntity, TSelectedFields>

Properties

`Protected` `Readonly`createRules

createRules: readonly PrivacyPolicyRule<
    TFields,
    TID,
    TViewerContext,
    TEntity,
    TSelectedFields,
>[] = []

`Protected` `Readonly`deleteRules

deleteRules: readonly PrivacyPolicyRule<
    TFields,
    TID,
    TViewerContext,
    TEntity,
    TSelectedFields,
>[] = []

`Protected` `Readonly`readRules

readRules: readonly PrivacyPolicyRule<
    TFields,
    TID,
    TViewerContext,
    TEntity,
    TSelectedFields,
>[] = []

`Protected` `Readonly`updateRules

updateRules: readonly PrivacyPolicyRule<
    TFields,
    TID,
    TViewerContext,
    TEntity,
    TSelectedFields,
>[] = []

Methods

authorizeCreateAsync

authorizeCreateAsync(
    viewerContext: TViewerContext,
    queryContext: EntityQueryContext,
    evaluationContext: EntityPrivacyPolicyEvaluationContext<
        TFields,
        TID,
        TViewerContext,
        TEntity,
        TSelectedFields,
    >,
    entity: TEntity,
    metricsAdapter: IEntityMetricsAdapter,
): Promise<TEntity>
Authorize an entity against creation policy.
Parameters
- viewerContext: TViewerContext
  viewer context of user creating the entity
- queryContext: EntityQueryContext
  query context in which to perform the create authorization
- evaluationContext: EntityPrivacyPolicyEvaluationContext<
      TFields,
      TID,
      TViewerContext,
      TEntity,
      TSelectedFields,
  >
- entity: TEntity
  entity to authorize
- metricsAdapter: IEntityMetricsAdapter
Returns Promise<TEntity>
entity if authorized

Throws
EntityNotAuthorizedError when not authorized
- Defined in packages/entity/src/EntityPrivacyPolicy.ts:166

authorizeDeleteAsync

authorizeDeleteAsync(
    viewerContext: TViewerContext,
    queryContext: EntityQueryContext,
    evaluationContext: EntityPrivacyPolicyEvaluationContext<
        TFields,
        TID,
        TViewerContext,
        TEntity,
        TSelectedFields,
    >,
    entity: TEntity,
    metricsAdapter: IEntityMetricsAdapter,
): Promise<TEntity>
Authorize an entity against deletion policy.
Parameters
- viewerContext: TViewerContext
  viewer context of user deleting the entity
- queryContext: EntityQueryContext
  query context in which to perform the delete authorization
- evaluationContext: EntityPrivacyPolicyEvaluationContext<
      TFields,
      TID,
      TViewerContext,
      TEntity,
      TSelectedFields,
  >
- entity: TEntity
  entity to authorize
- metricsAdapter: IEntityMetricsAdapter
Returns Promise<TEntity>
entity if authorized

Throws
EntityNotAuthorizedError when not authorized
- Defined in packages/entity/src/EntityPrivacyPolicy.ts:262

authorizeReadAsync

authorizeReadAsync(
    viewerContext: TViewerContext,
    queryContext: EntityQueryContext,
    evaluationContext: EntityPrivacyPolicyEvaluationContext<
        TFields,
        TID,
        TViewerContext,
        TEntity,
        TSelectedFields,
    >,
    entity: TEntity,
    metricsAdapter: IEntityMetricsAdapter,
): Promise<TEntity>
Authorize an entity against read policy.
Parameters
- viewerContext: TViewerContext
  viewer context of user reading the entity
- queryContext: EntityQueryContext
  query context in which to perform the read authorization
- evaluationContext: EntityPrivacyPolicyEvaluationContext<
      TFields,
      TID,
      TViewerContext,
      TEntity,
      TSelectedFields,
  >
- entity: TEntity
  entity to authorize
- metricsAdapter: IEntityMetricsAdapter
Returns Promise<TEntity>
entity if authorized

Throws
EntityNotAuthorizedError when not authorized
- Defined in packages/entity/src/EntityPrivacyPolicy.ts:198

authorizeUpdateAsync

authorizeUpdateAsync(
    viewerContext: TViewerContext,
    queryContext: EntityQueryContext,
    evaluationContext: EntityPrivacyPolicyEvaluationContext<
        TFields,
        TID,
        TViewerContext,
        TEntity,
        TSelectedFields,
    >,
    entity: TEntity,
    metricsAdapter: IEntityMetricsAdapter,
): Promise<TEntity>
Authorize an entity against update policy.
Parameters
- viewerContext: TViewerContext
  viewer context of user updating the entity
- queryContext: EntityQueryContext
  query context in which to perform the update authorization
- evaluationContext: EntityPrivacyPolicyEvaluationContext<
      TFields,
      TID,
      TViewerContext,
      TEntity,
      TSelectedFields,
  >
- entity: TEntity
  entity to authorize
- metricsAdapter: IEntityMetricsAdapter
Returns Promise<TEntity>
entity if authorized

Throws
EntityNotAuthorizedError when not authorized
- Defined in packages/entity/src/EntityPrivacyPolicy.ts:230

`Protected`getPrivacyPolicyEvaluator

getPrivacyPolicyEvaluator(
    _viewerContext: TViewerContext,
): EntityPrivacyPolicyEvaluator<
    TFields,
    TID,
    TViewerContext,
    TEntity,
    TSelectedFields,
>
Get the privacy policy evaluation mode and deny handler for this policy. Defaults to normal enforcing policy.
Parameters
- _viewerContext: TViewerContext
Returns EntityPrivacyPolicyEvaluator<
    TFields,
    TID,
    TViewerContext,
    TEntity,
    TSelectedFields,
>
Remarks
Override to enable dry run evaluation of the policy.
- Defined in packages/entity/src/EntityPrivacyPolicy.ts:150

Class EntityPrivacyPolicy<TFields, TID, TViewerContext, TEntity, TSelectedFields>`Abstract`

Remarks

Example

Type Parameters

Index

Constructors

Properties

Methods

Constructors

constructor

Type Parameters

Returns EntityPrivacyPolicy<TFields, TID, TViewerContext, TEntity, TSelectedFields>

Properties

`Protected` `Readonly`createRules

`Protected` `Readonly`deleteRules

`Protected` `Readonly`readRules

`Protected` `Readonly`updateRules

Methods

authorizeCreateAsync

Parameters

Returns Promise<TEntity>

Throws

authorizeDeleteAsync

Parameters

Returns Promise<TEntity>

Throws

authorizeReadAsync

Parameters

Returns Promise<TEntity>

Throws

authorizeUpdateAsync

Parameters

Returns Promise<TEntity>

Throws

`Protected`getPrivacyPolicyEvaluator

Parameters

Returns EntityPrivacyPolicyEvaluator<
    TFields,
    TID,
    TViewerContext,
    TEntity,
    TSelectedFields,
>

Remarks

Settings

On This Page

Class EntityPrivacyPolicy<TFields, TID, TViewerContext, TEntity, TSelectedFields>Abstract

Remarks

Example

Type Parameters

Index

Constructors

Properties

Methods

Constructors

constructor

Type Parameters

Returns EntityPrivacyPolicy<TFields, TID, TViewerContext, TEntity, TSelectedFields>

Properties

Protected ReadonlycreateRules

Protected ReadonlydeleteRules

Protected ReadonlyreadRules

Protected ReadonlyupdateRules

Methods

authorizeCreateAsync

Parameters

Returns Promise<TEntity>

Throws

authorizeDeleteAsync

Parameters

Returns Promise<TEntity>

Throws

authorizeReadAsync

Parameters

Returns Promise<TEntity>

Throws

authorizeUpdateAsync

Parameters

Returns Promise<TEntity>

Throws

ProtectedgetPrivacyPolicyEvaluator

Parameters

Returns EntityPrivacyPolicyEvaluator< TFields, TID, TViewerContext, TEntity, TSelectedFields,>

Remarks

Settings

On This Page

Class EntityPrivacyPolicy<TFields, TID, TViewerContext, TEntity, TSelectedFields>`Abstract`

`Protected` `Readonly`createRules

`Protected` `Readonly`deleteRules

`Protected` `Readonly`readRules

`Protected` `Readonly`updateRules

`Protected`getPrivacyPolicyEvaluator

Returns EntityPrivacyPolicyEvaluator<
TFields,
TID,
TViewerContext,
TEntity,
TSelectedFields,
>