Add support for access: { auth: ... } (#1627)

keystonejs · Sep 16, 2019 · 9ade2b2 · 9ade2b2
1 parent 3a58bd4
commit 9ade2b2
Show file tree

Hide file tree

Showing 16 changed files with 763 additions and 447 deletions.
diff --git a/.changeset/wise-moles-hang/changes.json b/.changeset/wise-moles-hang/changes.json
@@ -0,0 +1,230 @@
+{
+  "releases": [
+    { "name": "@keystone-alpha/access-control", "type": "major" },
+    { "name": "@keystone-alpha/fields", "type": "major" },
+    { "name": "@keystone-alpha/keystone", "type": "major" }
+  ],
+  "dependents": [
+    {
+      "name": "@keystone-alpha/api-tests",
+      "type": "patch",
+      "dependencies": [
+        "@keystone-alpha/auth-password",
+        "@keystone-alpha/adapter-knex",
+        "@keystone-alpha/adapter-mongoose",
+        "@keystone-alpha/test-utils",
+        "@keystone-alpha/fields",
+        "@keystone-alpha/keystone"
+      ]
+    },
+    {
+      "name": "@keystone-alpha/demo-project-blog",
+      "type": "patch",
+      "dependencies": [
+        "@keystone-alpha/app-admin-ui",
+        "@keystone-alpha/auth-password",
+        "@keystone-alpha/fields-markdown",
+        "@keystone-alpha/fields-wysiwyg-tinymce",
+        "@keystone-alpha/adapter-mongoose",
+        "@keystone-alpha/fields",
+        "@keystone-alpha/keystone"
+      ]
+    },
+    {
+      "name": "@keystone-alpha/demo-project-meetup",
+      "type": "patch",
+      "dependencies": [
+        "@keystone-alpha/app-admin-ui",
+        "@keystone-alpha/auth-password",
+        "@keystone-alpha/fields-wysiwyg-tinymce",
+        "@keystone-alpha/adapter-mongoose",
+        "@keystone-alpha/fields",
+        "@keystone-alpha/keystone"
+      ]
+    },
+    {
+      "name": "@keystone-alpha/demo-project-todo",
+      "type": "patch",
+      "dependencies": [
+        "@keystone-alpha/app-admin-ui",
+        "@keystone-alpha/adapter-mongoose",
+        "@keystone-alpha/fields",
+        "@keystone-alpha/keystone"
+      ]
+    },
+    {
+      "name": "@keystone-alpha/app-admin-ui",
+      "type": "patch",
+      "dependencies": ["@keystone-alpha/fields"]
+    },
+    {
+      "name": "@keystone-alpha/auth-passport",
+      "type": "patch",
+      "dependencies": ["@keystone-alpha/fields"]
+    },
+    {
+      "name": "@keystone-alpha/auth-password",
+      "type": "patch",
+      "dependencies": ["@keystone-alpha/fields"]
+    },
+    {
+      "name": "@keystone-alpha/example-projects-nuxt",
+      "type": "patch",
+      "dependencies": [
+        "@keystone-alpha/app-admin-ui",
+        "@keystone-alpha/adapter-mongoose",
+        "@keystone-alpha/fields",
+        "@keystone-alpha/keystone"
+      ]
+    },
+    {
+      "name": "@keystone-alpha/example-projects-starter",
+      "type": "patch",
+      "dependencies": [
+        "@keystone-alpha/app-admin-ui",
+        "@keystone-alpha/auth-password",
+        "@keystone-alpha/adapter-mongoose",
+        "@keystone-alpha/fields",
+        "@keystone-alpha/keystone"
+      ]
+    },
+    {
+      "name": "@keystone-alpha/example-projects-todo",
+      "type": "patch",
+      "dependencies": [
+        "@keystone-alpha/app-admin-ui",
+        "@keystone-alpha/adapter-mongoose",
+        "@keystone-alpha/fields",
+        "@keystone-alpha/keystone"
+      ]
+    },
+    {
+      "name": "@keystone-alpha/field-content",
+      "type": "patch",
+      "dependencies": ["@keystone-alpha/fields"]
+    },
+    {
+      "name": "@keystone-alpha/fields-auto-increment",
+      "type": "patch",
+      "dependencies": ["@keystone-alpha/adapter-knex", "@keystone-alpha/fields"]
+    },
+    {
+      "name": "@keystone-alpha/fields-datetime-utc",
+      "type": "patch",
+      "dependencies": [
+        "@keystone-alpha/adapter-knex",
+        "@keystone-alpha/adapter-mongoose",
+        "@keystone-alpha/fields"
+      ]
+    },
+    {
+      "name": "@keystone-alpha/fields-markdown",
+      "type": "patch",
+      "dependencies": ["@keystone-alpha/fields"]
+    },
+    {
+      "name": "@keystone-alpha/fields-mongoid",
+      "type": "patch",
+      "dependencies": [
+        "@keystone-alpha/adapter-knex",
+        "@keystone-alpha/adapter-mongoose",
+        "@keystone-alpha/fields"
+      ]
+    },
+    {
+      "name": "@keystone-alpha/fields-wysiwyg-tinymce",
+      "type": "patch",
+      "dependencies": ["@keystone-alpha/fields"]
+    },
+    {
+      "name": "@keystone-alpha/list-plugins",
+      "type": "patch",
+      "dependencies": ["@keystone-alpha/fields"]
+    },
+    {
+      "name": "@keystone-alpha/cypress-project-access-control",
+      "type": "patch",
+      "dependencies": [
+        "@keystone-alpha/app-admin-ui",
+        "@keystone-alpha/auth-password",
+        "@keystone-alpha/adapter-mongoose",
+        "@keystone-alpha/fields",
+        "@keystone-alpha/keystone"
+      ]
+    },
+    {
+      "name": "@keystone-alpha/cypress-project-basic",
+      "type": "patch",
+      "dependencies": [
+        "@keystone-alpha/app-admin-ui",
+        "@keystone-alpha/field-content",
+        "@keystone-alpha/fields-markdown",
+        "@keystone-alpha/adapter-mongoose",
+        "@keystone-alpha/fields",
+        "@keystone-alpha/keystone"
+      ]
+    },
+    {
+      "name": "@keystone-alpha/cypress-project-client-validation",
+      "type": "patch",
+      "dependencies": [
+        "@keystone-alpha/app-admin-ui",
+        "@keystone-alpha/adapter-mongoose",
+        "@keystone-alpha/fields",
+        "@keystone-alpha/keystone"
+      ]
+    },
+    {
+      "name": "@keystone-alpha/cypress-project-login",
+      "type": "patch",
+      "dependencies": [
+        "@keystone-alpha/app-admin-ui",
+        "@keystone-alpha/auth-password",
+        "@keystone-alpha/list-plugins",
+        "@keystone-alpha/adapter-mongoose",
+        "@keystone-alpha/fields",
+        "@keystone-alpha/keystone"
+      ]
+    },
+    {
+      "name": "@keystone-alpha/cypress-project-social-login",
+      "type": "patch",
+      "dependencies": [
+        "@keystone-alpha/app-admin-ui",
+        "@keystone-alpha/auth-passport",
+        "@keystone-alpha/auth-password",
+        "@keystone-alpha/adapter-mongoose",
+        "@keystone-alpha/fields",
+        "@keystone-alpha/keystone"
+      ]
+    },
+    {
+      "name": "@keystone-alpha/adapter-knex",
+      "type": "patch",
+      "dependencies": ["@keystone-alpha/fields-auto-increment", "@keystone-alpha/keystone"]
+    },
+    {
+      "name": "@keystone-alpha/adapter-mongoose",
+      "type": "patch",
+      "dependencies": ["@keystone-alpha/fields-mongoid", "@keystone-alpha/keystone"]
+    },
+    {
+      "name": "@keystone-alpha/example-projects-blank",
+      "type": "patch",
+      "dependencies": [
+        "@keystone-alpha/app-admin-ui",
+        "@keystone-alpha/adapter-mongoose",
+        "@keystone-alpha/keystone"
+      ]
+    },
+    {
+      "name": "@keystone-alpha/test-utils",
+      "type": "patch",
+      "dependencies": [
+        "@keystone-alpha/adapter-knex",
+        "@keystone-alpha/adapter-mongoose",
+        "@keystone-alpha/keystone"
+      ]
+    }
+  ]
+}
diff --git a/.changeset/wise-moles-hang/changes.md b/.changeset/wise-moles-hang/changes.md
@@ -0,0 +1,3 @@
+Add support for `access: { auth: ... }` which controls whether authentication queries and mutations are accessible on a List
+
+If you have a `List` which is being used as the target of an Authentication Strategy, you should set `access: { auth: true }` on that list.
diff --git a/api-tests/auth-header.test.js b/api-tests/auth-header.test.js
@@ -20,6 +20,7 @@ const initialData = {
 };
 
 const COOKIE_SECRET = 'qwerty';
+const defaultAccess = ({ authentication: { item } }) => !!item;
 
 function setupKeystone(adapterName) {
   return setupServer({
@@ -39,6 +40,13 @@ function setupKeystone(adapterName) {
           email: { type: Text },
           password: { type: Password },
         },
+        access: {
+          create: defaultAccess,
+          read: defaultAccess,
+          update: defaultAccess,
+          delete: defaultAccess,
+          auth: true,
+        },
       });
 
       keystone.createAuthStrategy({
@@ -49,7 +57,7 @@ function setupKeystone(adapterName) {
     keystoneOptions: {
       cookieSecret: COOKIE_SECRET,
       defaultAccess: {
-        list: ({ authentication: { item } }) => !!item,
+        list: defaultAccess,
       },
     },
   });

diff --git a/api-tests/queries-access-control/meta.test.js b/api-tests/queries-access-control/meta.test.js
@@ -55,6 +55,7 @@ multiAdapterRunners().map(({ runner, adapterName }) =>
                 read
                 update
                 delete
+                auth
               }
             }
           }
@@ -68,6 +69,7 @@ multiAdapterRunners().map(({ runner, adapterName }) =>
             read: true,
             update: true,
             delete: true,
+            auth: true,
           });
         })
       );
@@ -125,6 +127,7 @@ multiAdapterRunners().map(({ runner, adapterName }) =>
                 read
                 update
                 delete
+                auth
               }
             }
           }
@@ -141,6 +144,7 @@ multiAdapterRunners().map(({ runner, adapterName }) =>
                 read: true,
                 update: true,
                 delete: true,
+                auth: true,
               },
             },
             {
@@ -150,6 +154,7 @@ multiAdapterRunners().map(({ runner, adapterName }) =>
                 read: true,
                 update: true,
                 delete: true,
+                auth: true,
               },
             },
           ]);

diff --git a/demo-projects/todo/package.json b/demo-projects/todo/package.json
@@ -22,4 +22,4 @@
     "@keystone-alpha/app-static": "^1.1.1",
     "cross-env": "^5.2.0"
   }
-}
+}
diff --git a/packages/access-control/lib/access-control.js b/packages/access-control/lib/access-control.js
@@ -120,7 +120,7 @@ const parseAccess = ({
 
 module.exports = {
   parseListAccess({ listKey, defaultAccess, access = defaultAccess, schemaNames }) {
-    const accessTypes = ['create', 'read', 'update', 'delete'];
+    const accessTypes = ['create', 'read', 'update', 'delete', 'auth'];
 
     return parseAccess({
       schemaNames,

diff --git a/packages/access-control/tests/access-control.test.js b/packages/access-control/tests/access-control.test.js
@@ -22,6 +22,7 @@ describe('Access control package tests', () => {
             read: defaultAccess,
             update: defaultAccess,
             delete: defaultAccess,
+            auth: defaultAccess,
           },
         });
       });
@@ -42,6 +43,7 @@ describe('Access control package tests', () => {
               read: access,
               update: access,
               delete: access,
+              auth: access,
             },
           });
         });
@@ -51,7 +53,7 @@ describe('Access control package tests', () => {
     test('StaticAccess | ImperativeAccess | DeclarativeAccess are valid per-operation access modes', () => {
       [...statics, ...imperatives].forEach(defaultAccess => {
         // NOTE: create is handled differently below
-        ['read', 'update', 'delete'].forEach(operation => {
+        ['read', 'update', 'delete', 'auth'].forEach(operation => {
           [...statics, ...imperatives, ...declaratives].forEach(opAccess => {
             const access = { [operation]: opAccess };
             expect(parseListAccess({ defaultAccess, access, schemaNames })).toEqual({
@@ -60,6 +62,7 @@ describe('Access control package tests', () => {
                 read: defaultAccess,
                 update: defaultAccess,
                 delete: defaultAccess,
+                auth: defaultAccess,
                 // Override the specific operation we are trying
                 ...{ [operation]: opAccess },
               },
@@ -84,6 +87,7 @@ describe('Access control package tests', () => {
               read: defaultAccess,
               update: defaultAccess,
               delete: defaultAccess,
+              auth: defaultAccess,
             },
           });
         });
@@ -113,8 +117,8 @@ describe('Access control package tests', () => {
       const access = { public: true };
       const defaultAccess = false;
       expect(parseListAccess({ defaultAccess, access, schemaNames })).toEqual({
-        public: { create: true, read: true, update: true, delete: true },
-        internal: { create: false, read: false, update: false, delete: false },
+        public: { create: true, read: true, update: true, delete: true, auth: true },
+        internal: { create: false, read: false, update: false, delete: false, auth: false },
       });
     });
 

diff --git a/packages/create-keystone-app/example-projects/starter/index.js b/packages/create-keystone-app/example-projects/starter/index.js
@@ -46,6 +46,7 @@ keystone.createList('User', {
     update: access.userIsAdminOrOwner,
     create: access.userIsAdmin,
     delete: access.userIsAdmin,
+    auth: true,
   },
 });
 

diff --git a/packages/field-views-loader/index.js b/packages/field-views-loader/index.js
@@ -50,7 +50,7 @@ module.exports = function() {
       lists: {
         [listPath]: {  // e.g "User"
           ...
-          access: { create, read, update, delete },
+          access: { create, read, update, delete, auth },
           views: {
             [fieldPath]: {  // e.g 'email'
               Controller: 'absolute/path/to/controller',

diff --git a/packages/fields/src/types/Relationship/tests/implementation.test.js b/packages/fields/src/types/Relationship/tests/implementation.test.js
@@ -385,6 +385,7 @@ describe('Referenced list errors', () => {
         read: true,
         update: true,
         delete: true,
+        auth: true,
       },
     },
   };