feat: add casl generation with deep access (#330)

* feat: add casl generation with deep access * feat: add casl ownership managment * feat: disable tests to ship casl feature fast and write it back after
tractr · Dec 21, 2021 · 4138c39 · 4138c39
1 parent 090fee2
commit 4138c39
Show file tree

Hide file tree

Showing 55 changed files with 1,318 additions and 467 deletions.
diff --git a/.vscode/launch.json b/.vscode/launch.json
@@ -10,5 +10,33 @@
       "request": "attach",
       "port": 9229
     }
+    // To Debug directly into vscode
+    // Cannot reload on code changes
+    // {
+    //   "name": "Debug API",
+    //   "type": "node",
+    //   "request": "launch",
+    //   "args": ["apps/api/src/main.ts"], // Path to main entry file
+    //   "runtimeArgs": [
+    //     "--require",
+    //     "ts-node/register",
+    //     "--require",
+    //     "tsconfig-paths/register",
+    //     "--experimental-modules"
+    //   ],
+    //   "cwd": "${workspaceRoot}",
+    //   "internalConsoleOptions": "openOnSessionStart",
+    //   "restart": true,
+    //   "env": {
+    //     "TS_NODE_PROJECT": "apps/api/tsconfig.json" // Specify the tsconfig to use. See content of it below.
+    //   },
+    //   "sourceMaps": true,
+    //   "console": "internalConsole",
+    //   "outputCapture": "std",
+    //   "resolveSourceMapLocations": [
+    //     "${workspaceFolder}/**",
+    //     "!**/node_modules/**" // Disable the "could not read source map" error for node_modules
+    //   ]
+    // }
   ]
 }
diff --git a/.vscode/settings.json b/.vscode/settings.json
@@ -13,15 +13,25 @@
   },
   "cSpell.words": [
     "casl",
+    "Concat",
     "dtos",
+    "endfor",
+    "hapify",
     "mailjet",
     "minio",
     "nestjs",
+    "nrwl",
     "Rext",
     "tractr",
     "Unsubscriber",
     "upsert"
   ],
+  "debug.javascript.autoAttachFilter": "smart",
+  "debug.javascript.autoAttachSmartPattern": [
+    "!**/{node_modules,npm-global,.yarn,.nvm}/**",
+    "**/$KNOWN_TOOLS$/**",
+    "'**/node_modules/@nrwl/node/**'"
+  ],
   "editor.codeActionsOnSave": {
     "source.fixAll": true,
     "source.fixAll.eslint": true

diff --git a/apps/api/src/app/app.module.ts b/apps/api/src/app/app.module.ts
@@ -1,18 +1,23 @@
 import { Module } from '@nestjs/common';
-import { APP_GUARD } from '@nestjs/core';
+import { APP_GUARD, APP_INTERCEPTOR } from '@nestjs/core';
 import { ConsoleModule } from 'nestjs-console';
 
 import { AppController } from './app.controller';
 import { AppService } from './app.service';
 
-import { rolePermissions } from '@generated/casl';
+import { getSelectPrismaUserQuery, rolePermissions } from '@generated/casl';
 import { ModelsModule } from '@generated/nestjs-models';
 import { USER_SERVICE } from '@generated/nestjs-models-common';
 import {
   AuthenticationModule,
   JwtGlobalAuthGuard,
 } from '@tractr/nestjs-authentication';
-import { CaslModule } from '@tractr/nestjs-casl';
+import {
+  CaslExceptionInterceptor,
+  CaslModule,
+  PoliciesGuard,
+} from '@tractr/nestjs-casl';
+import { LoggerModule } from '@tractr/nestjs-core';
 import { DatabaseModule } from '@tractr/nestjs-database';
 import {
   FileStorageController,
@@ -53,10 +58,17 @@ import { MailerModule } from '@tractr/nestjs-mailer';
     }),
     CaslModule.register({
       rolePermissions,
+      getSelectPrismaUserQuery,
     }),
     ConsoleModule,
+    LoggerModule,
   ],
   controllers: [AppController, FileStorageController],
-  providers: [AppService, { provide: APP_GUARD, useClass: JwtGlobalAuthGuard }],
+  providers: [
+    AppService,
+    { provide: APP_GUARD, useClass: JwtGlobalAuthGuard },
+    { provide: APP_GUARD, useClass: PoliciesGuard },
+    { provide: APP_INTERCEPTOR, useClass: CaslExceptionInterceptor },
+  ],
 })
 export class AppModule {}
diff --git a/hapify-models.json b/hapify-models.json
@@ -65,6 +65,67 @@
       "name": "Answer",
       "notes": "The answer model"
     },
+    {
+      "accesses": {
+        "count": "owner",
+        "create": "owner",
+        "read": "owner",
+        "remove": "owner",
+        "search": "owner",
+        "update": "owner"
+      },
+      "fields": [
+        {
+          "meta": {},
+          "name": "id",
+          "properties": ["primary", "searchable", "sortable", "internal"],
+          "type": "string"
+        },
+        {
+          "meta": {
+            "backRelation": "departments",
+            "ownerStringPath": "user.enterprises.id"
+          },
+          "name": "enterprise",
+          "properties": ["ownership"],
+          "subtype": "oneMany",
+          "type": "entity",
+          "value": "c069cc55-f28f-dcc1-cad8-0df044631ef8"
+        }
+      ],
+      "id": "2a523149-31f3-80bf-d32b-3b9174cc6f2c",
+      "name": "Department"
+    },
+    {
+      "accesses": {
+        "count": "owner",
+        "create": "owner",
+        "read": "owner",
+        "remove": "owner",
+        "search": "owner",
+        "update": "owner"
+      },
+      "fields": [
+        {
+          "name": "id",
+          "properties": ["primary", "searchable", "sortable", "internal"],
+          "type": "string"
+        },
+        {
+          "meta": {
+            "backRelation": "enterprises",
+            "ownerStringPath": "user.id"
+          },
+          "name": "employee",
+          "properties": ["multiple", "ownership"],
+          "subtype": "manyMany",
+          "type": "entity",
+          "value": "a7d0308a-49f0-3458-0975-1dce106136a1"
+        }
+      ],
+      "id": "c069cc55-f28f-dcc1-cad8-0df044631ef8",
+      "name": "Enterprise"
+    },
     {
       "accesses": {
         "count": "guest",
@@ -349,7 +410,7 @@
         {
           "meta": {
             "backRelation": "tags",
-            "ownerKey": "ownerId"
+            "ownerStringPath": "user.id"
           },
           "name": "owner",
           "properties": ["ownership"],
@@ -367,11 +428,14 @@
         "create": "guest",
         "read": "owner",
         "remove": "admin",
-        "search": "admin",
+        "search": "owner",
         "update": "owner"
       },
       "fields": [
         {
+          "meta": {
+            "ownerStringPath": "user.id"
+          },
           "name": "id",
           "properties": [
             "primary",

diff --git a/libs/common/src/lib/helpers/get-concat-value-by-path.helper.spec.ts b/libs/common/src/lib/helpers/get-concat-value-by-path.helper.spec.ts
@@ -0,0 +1,127 @@
+import {
+  findAllValueByPath,
+  getConcatValueByPath,
+} from './get-concat-value-by-path.helper';
+
+describe('findAllValueByPath', () => {
+  it('should return an array of keys', () => {
+    const obj = {
+      a: {
+        b: [
+          {
+            c: {
+              d: 1,
+            },
+          },
+          {
+            c: {
+              d: 2,
+            },
+          },
+          {
+            c: {
+              d: 3,
+            },
+          },
+        ],
+      },
+    };
+    const result = findAllValueByPath('a.b.c.d', obj);
+    expect(result).toEqual([1, 2, 3]);
+  });
+  it('should work with an array', () => {
+    const obj = [
+      {
+        a: {
+          b: [
+            {
+              c: {
+                d: 1,
+              },
+            },
+            {
+              c: {
+                d: 2,
+              },
+            },
+            {
+              c: {
+                d: 3,
+              },
+            },
+          ],
+        },
+      },
+    ];
+    const result = findAllValueByPath('a.b.c.d', obj);
+    expect(result).toEqual([1, 2, 3]);
+  });
+
+  it('should not throw if the path is not found', () => {
+    const obj = [
+      {
+        a: {
+          b: [
+            {
+              c: {
+                d: 1,
+              },
+            },
+            {
+              c: {
+                d: 2,
+              },
+            },
+            {
+              c: {
+                d: 3,
+              },
+            },
+          ],
+        },
+      },
+    ];
+    const result = findAllValueByPath('b.c.d', obj);
+    expect(result).toEqual([]);
+
+    const obj2 = 'foo';
+    const result2 = findAllValueByPath('b.c.d', obj2);
+    expect(result2).toEqual([]);
+  });
+
+  it('should return the value if the path is empty', () => {
+    const obj = 'foo';
+    const result = findAllValueByPath('', obj);
+    expect(result).toEqual([obj]);
+  });
+  it('should return an empty array if the current obj is undefined', () => {
+    const result = findAllValueByPath('', undefined);
+    expect(result).toEqual([]);
+  });
+  it('getConcatValueByPath should be an alias with type of findAllValueByPath', () => {
+    const obj = {
+      a: {
+        b: [
+          {
+            c: {
+              d: 1,
+            },
+          },
+          {
+            c: {
+              d: 2,
+            },
+          },
+          {
+            c: {
+              d: 3,
+            },
+          },
+        ],
+      },
+    };
+    const result = findAllValueByPath('a.b.c.d', obj);
+    const result2 = getConcatValueByPath('a.b.c.d', obj);
+    expect(result).toEqual(result2);
+  });
+});
diff --git a/libs/common/src/lib/helpers/get-concat-value-by-path.helper.ts b/libs/common/src/lib/helpers/get-concat-value-by-path.helper.ts
@@ -0,0 +1,47 @@
+import { JsonArray, JsonObject, JsonValue } from '../interfaces';
+
+/**
+ * Get and concat value by path
+ * @param path the string path to the value
+ * @param obj The obj to traverse
+ * @returns an array of values
+ */
+export function findAllValueByPath(
+  path: string,
+  obj?: JsonObject | JsonValue | undefined,
+): JsonArray {
+  const [nextPath, ...nextKeys] = path.split('.');
+
+  if (typeof obj === 'undefined') {
+    return [];
+  }
+
+  if (typeof obj !== 'object' || obj === null) {
+    if (nextKeys.length > 0) return [];
+    return [obj];
+  }
+
+  if (Array.isArray(obj))
+    return obj.flatMap((item) => findAllValueByPath(path, item));
+
+  const currentObj = obj[nextPath];
+
+  if (typeof currentObj === 'undefined') return [];
+
+  if (nextKeys.length === 0) return [currentObj];
+
+  if (Array.isArray(currentObj))
+    return currentObj.flatMap((item) =>
+      findAllValueByPath(nextKeys.join('.'), item),
+    );
+
+  return findAllValueByPath(nextKeys.join('.'), currentObj);
+}
+
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+export function getConcatValueByPath<T extends Array<any> = any[]>(
+  path: string,
+  obj?: JsonObject | JsonValue | undefined,
+): T {
+  return findAllValueByPath(path, obj) as T;
+}
diff --git a/libs/common/src/lib/helpers/index.ts b/libs/common/src/lib/helpers/index.ts
@@ -1,2 +1,3 @@
+export * from './get-concat-value-by-path.helper';
 export * from './is-class.helper';
 export * from './unique-array.helper';
diff --git a/libs/common/tsconfig.lib.json b/libs/common/tsconfig.lib.json
@@ -3,7 +3,7 @@
     "declaration": true,
     "declarationMap": true,
     "inlineSources": true,
-    "lib": ["dom", "es2018"],
+    "lib": ["dom", "esnext"],
     "outDir": "../../dist/out-tsc",
     "target": "es2015",
     "types": []

diff --git a/libs/config/eslint/.eslintrc.js b/libs/config/eslint/.eslintrc.js
@@ -29,6 +29,11 @@ module.exports = {
   plugins: ['import', 'json-files', 'jest', '@typescript-eslint/eslint-plugin'],
   rules: {
     'no-console': ['error', { allow: ['info', 'warn', 'error'] }],
+    'lines-between-class-members': [
+      'error',
+      'always',
+      { exceptAfterSingleLine: true },
+    ],
 
     // Not compatible with nestjs
     'no-useless-constructor': 'off',