Change auth actions to runtime enums

Author: CarsonF

package.json

@@ -49,9 +49,9 @@
     "@nestjs/platform-fastify": "^11.1.0",
     "@patarapolw/prettyprint": "^1.0.3",
     "@seedcompany/cache": "^3.0.2",
-    "@seedcompany/common": ">=0.17 <1",
+    "@seedcompany/common": ">=0.19.1 <1",
     "@seedcompany/data-loader": "^2.0.1",
-    "@seedcompany/nest": "^1.4.0",
+    "@seedcompany/nest": "^1.6.1",
     "@seedcompany/nestjs-email": "^4.1.1",
     "@seedcompany/scripture": ">=0.8.0",
     "argon2": "^0.43.0",

src/components/authorization/policy/actions.ts

@@ -1,30 +1,42 @@
+import { EnumType, makeEnum } from '@seedcompany/nest';
+
 /**
  * Valid actions for resources
  */
-export type ResourceAction = 'read' | 'edit' | 'create' | 'delete';
+export type ResourceAction = EnumType<typeof ResourceAction>;
+export const ResourceAction = makeEnum(['read', 'edit', 'create', 'delete']);
 
 /**
  * Valid actions for properties
  */
-export type PropAction = 'read' | 'edit';
+export type PropAction = EnumType<typeof PropAction>;
+export const PropAction = makeEnum(['read', 'edit']);
 
 /**
  * Valid actions for child relationships
  */
-export type ChildRelationshipAction = 'read' | 'create' | 'delete';
+export type ChildRelationshipAction = EnumType<typeof ChildRelationshipAction>;
+export const ChildRelationshipAction = makeEnum(['read', 'create', 'delete']);
 
 /**
  * Valid actions for child One-to-Many relationships
  */
-export type ChildListAction = 'read' | 'create' | 'delete';
+export type ChildListAction = EnumType<typeof ChildListAction>;
+export const ChildListAction = makeEnum(['read', 'create', 'delete']);
 
 /**
  * Valid actions for child One-to-One relationships
  */
-export type ChildSingleAction = 'read' | 'edit';
+export type ChildSingleAction = EnumType<typeof ChildSingleAction>;
+export const ChildSingleAction = makeEnum(['read', 'edit']);
 
 /**
  * Probably don't use directly
  * @internal
  */
-export type AnyAction = ResourceAction | PropAction | ChildRelationshipAction;
+export type AnyAction = EnumType<typeof AnyAction>;
+export const AnyAction = makeEnum([
+  ...ResourceAction,
+  ...PropAction,
+  ...ChildRelationshipAction,
+]);

src/components/authorization/policy/executor/all-permissions-view.ts

@@ -1,6 +1,6 @@
 import { mapValues } from '@seedcompany/common';
+import { EnumType, makeEnum } from '@seedcompany/nest';
 import { startCase } from 'lodash';
-import { keys as keysOf } from 'ts-transformer-keys';
 import { PascalCase } from 'type-fest';
 import {
   ChildListsKey,
@@ -40,7 +40,7 @@ export const createAllPermissionsView = <
     getKeys: () => [...resource.securedPropsPlusExtra, ...resource.childKeys],
     calculate: (propName) =>
       createLazyRecord<Record<CompatAction, boolean>>({
-        getKeys: () => keysOf<Record<CompatAction, boolean>>(),
+        getKeys: () => CompatAction.values,
         calculate: (actionInput, propPerms) => {
           const action =
             actionInput === 'canEdit' &&
@@ -74,22 +74,26 @@ export const createAllPermissionsOfEdgeView = <
     calculate: (action) => privileges.can(action),
   });
 
-type CompatAction = AnyAction | `can${PascalCase<AnyAction>}`;
+const asLegacyAction = (action: AnyAction) =>
+  `can${startCase(action)}` as `can${PascalCase<AnyAction>}`;
+
+type CompatAction = EnumType<typeof CompatAction>;
+const CompatAction = makeEnum([
+  ...AnyAction,
+  ...[...AnyAction].map(asLegacyAction),
+]);
 
 const compatMap = {
   forward: {
     ...mapValues.fromList(
-      keysOf<Record<CompatAction, boolean>>(),
+      CompatAction,
       (action) =>
         (action.startsWith('can')
           ? action.slice(3).toLowerCase()
           : action) as AnyAction,
     ).asRecord,
   },
   backward: {
-    ...mapValues.fromList(
-      keysOf<Record<AnyAction, boolean>>(),
-      (action) => `can${startCase(action)}` as CompatAction,
-    ).asRecord,
+    ...mapValues.fromList(AnyAction, asLegacyAction).asRecord,
   },
 };

src/components/authorization/policy/executor/policy-dumper.ts

@@ -17,7 +17,6 @@ import { Command, Option } from 'clipanion';
 import { startCase } from 'lodash';
 import { DateTime } from 'luxon';
 import fs from 'node:fs/promises';
-import { keys as keysOf } from 'ts-transformer-keys';
 import { LiteralUnion } from 'type-fest';
 import { inspect } from 'util';
 import xlsx from 'xlsx';
@@ -188,16 +187,14 @@ export class PolicyDumper {
         role,
         resource,
         edge: undefined,
-        ...mapValues.fromList(
-          keysOf<Record<ResourceAction, boolean>>(),
-          (action) => resolve(action),
-        ).asRecord,
+        ...mapValues.fromList(ResourceAction, (action) => resolve(action))
+          .asRecord,
       },
       ...(options.props !== false
         ? ([
-            [resource.securedPropsPlusExtra, keysOf<Record<PropAction, ''>>()],
-            [resource.childSingleKeys, keysOf<Record<ChildSingleAction, ''>>()],
-            [resource.childListKeys, keysOf<Record<ChildListAction, ''>>()],
+            [resource.securedPropsPlusExtra, PropAction],
+            [resource.childSingleKeys, ChildSingleAction],
+            [resource.childListKeys, ChildListAction],
           ] as const)
         : []
       ).flatMap(([set, actions]) =>

src/components/authorization/policy/policy.factory.ts

@@ -6,7 +6,6 @@ import { Injectable, OnModuleInit } from '@nestjs/common';
 import { entries, mapEntries, mapValues } from '@seedcompany/common';
 import { pick, startCase } from 'lodash';
 import { DeepWritable, Writable } from 'ts-essentials';
-import { keys as keysOf } from 'ts-transformer-keys';
 import { EnhancedResource, many, Role } from '~/common';
 import { ResourcesHost } from '~/core/resources';
 import { Power } from '../dto';
@@ -314,13 +313,11 @@ export class PolicyFactory implements OnModuleInit {
           continue;
         }
 
-        const childActions = rel.list
-          ? keysOf<Record<ChildListAction, any>>()
-          : keysOf<Record<ChildSingleAction, any>>();
+        const childActions = rel.list ? ChildListAction : ChildSingleAction;
 
         this.mergePermissions(
           (childRelations[rel.name] ??= {}),
-          pick(grants.get(type)!.objectLevel, childActions),
+          pick(grants.get(type)!.objectLevel, [...childActions]),
         );
       }
     }

yarn.lock

@@ -3062,17 +3062,17 @@ __metadata:
   languageName: node
   linkType: hard
 
-"@seedcompany/common@npm:>0.3 <1, @seedcompany/common@npm:>=0.17 <1, @seedcompany/common@npm:>=0.17 <1.0.0, @seedcompany/common@npm:>=0.3.0 <1.0.0":
-  version: 0.18.1
-  resolution: "@seedcompany/common@npm:0.18.1"
+"@seedcompany/common@npm:>0.3 <1, @seedcompany/common@npm:>=0.17 <1, @seedcompany/common@npm:>=0.17 <1.0.0, @seedcompany/common@npm:>=0.19.1 <1, @seedcompany/common@npm:>=0.3.0 <1.0.0":
+  version: 0.19.1
+  resolution: "@seedcompany/common@npm:0.19.1"
   dependencies:
     type-fest: "npm:^4.37.0"
   peerDependencies:
     luxon: ^3.3.0
   peerDependenciesMeta:
     luxon:
       optional: true
-  checksum: 10c0/54f1cdd5cf5b818ee6a8f1a3ca4e8379e26c2011abe132105cb117f3c207e47e316b8e3dab21e8eec682b56a7a08a20d60b6512b1ab35591a9e708a6703ea472
+  checksum: 10c0/d34e8591273ee4be08201b7a43c66240677027b155902e2558c8ed6d80274306d785b3675d3ecd68b6da2aa8adc831c23c71f62caa947e267573844abc3f92d8
   languageName: node
   linkType: hard
 
@@ -3127,9 +3127,9 @@ __metadata:
   languageName: node
   linkType: hard
 
-"@seedcompany/nest@npm:^1.4.0":
-  version: 1.5.0
-  resolution: "@seedcompany/nest@npm:1.5.0"
+"@seedcompany/nest@npm:^1.6.1":
+  version: 1.6.1
+  resolution: "@seedcompany/nest@npm:1.6.1"
   dependencies:
     "@nestjs/common": "npm:^10 || ^11"
     "@nestjs/core": "npm:^10 || ^11"
@@ -3146,7 +3146,7 @@ __metadata:
     "@nestjs/graphql": ^12 || ^13
     class-transformer: ^0.5.1
     reflect-metadata: ^0.1.12 || ^0.2.0
-  checksum: 10c0/80a1a6a4fab8a3ab39ceae617b26f082fddefd06db9b5f8ac33bfd2c61fd16160ac3fedb7c079d73e47a943b2670167676ad0cac848a3b4c4762ee6fdfc4f576
+  checksum: 10c0/ea820ab6a0fb245f36a6bc50f9c80f675488d1c46e4151ec38eb6cc10574e3a10bc8844c410ee9169fb5aae1e4ed3a95779c20404ae341f0f0c41ae5a4f20cdf
   languageName: node
   linkType: hard
 
@@ -5823,10 +5823,10 @@ __metadata:
     "@nestjs/testing": "npm:^11.1.0"
     "@patarapolw/prettyprint": "npm:^1.0.3"
     "@seedcompany/cache": "npm:^3.0.2"
-    "@seedcompany/common": "npm:>=0.17 <1"
+    "@seedcompany/common": "npm:>=0.19.1 <1"
     "@seedcompany/data-loader": "npm:^2.0.1"
     "@seedcompany/eslint-plugin": "npm:^3.4.1"
-    "@seedcompany/nest": "npm:^1.4.0"
+    "@seedcompany/nest": "npm:^1.6.1"
     "@seedcompany/nestjs-email": "npm:^4.1.1"
     "@seedcompany/scripture": "npm:>=0.8.0"
     "@tsconfig/strictest": "npm:^2.0.2"