Refactor owner -> self for the specific user use-case

CarsonF · CarsonF · commit cef319c1cc04 · 2024-04-26T15:17:28.000-05:00
diff --git a/src/components/authorization/policies/by-feature/user-can-edit-self.policy.ts b/src/components/authorization/policies/by-feature/user-can-edit-self.policy.ts
@@ -1,4 +1,4 @@
-import { owner, Policy } from '../util';
+import { Policy, self } from '../util';
 
-@Policy('all', (r) => r.User.when(owner).edit)
+@Policy('all', (r) => r.User.when(self).edit)
 export class UserCanEditSelfPolicy {}
diff --git a/src/components/authorization/policies/conditions/index.ts b/src/components/authorization/policies/conditions/index.ts
@@ -4,3 +4,4 @@ export * from './sensitivity.condition';
 export * from './enum-field.condition';
 export * from './variant.condition';
 export * from './role.condition';
+export * from './self.condition';
diff --git a/src/components/authorization/policies/conditions/self.condition.ts b/src/components/authorization/policies/conditions/self.condition.ts
@@ -0,0 +1,63 @@
+import { Query } from 'cypher-query-builder';
+import { inspect, InspectOptionsStylized } from 'util';
+import { User } from '../../../user/dto';
+import {
+  AsCypherParams,
+  Condition,
+  IsAllowedParams,
+} from '../../policy/conditions';
+
+const CQL_VAR = 'requestingUser';
+
+class SelfCondition<TResourceStatic extends typeof User>
+  implements Condition<TResourceStatic>
+{
+  isAllowed({ object, session }: IsAllowedParams<TResourceStatic>) {
+    if (!object) {
+      throw new Error("Needed user object but wasn't given");
+    }
+    return object.id === session.userId;
+  }
+
+  setupCypherContext(
+    query: Query,
+    prevApplied: Set<any>,
+    other: AsCypherParams<TResourceStatic>,
+  ) {
+    if (prevApplied.has('self')) {
+      return query;
+    }
+    prevApplied.add('self');
+
+    const param = query.params.addParam(other.session.userId, CQL_VAR);
+    Reflect.set(other, CQL_VAR, param);
+
+    return query;
+  }
+
+  asCypherCondition(_query: Query, other: AsCypherParams<TResourceStatic>) {
+    const requester = String(Reflect.get(other, CQL_VAR));
+    return `node:User AND node.id = ${requester}`;
+  }
+
+  asEdgeQLCondition() {
+    return '.id ?= global default::currentUserId';
+  }
+
+  union(this: void, conditions: this[]) {
+    return conditions[0];
+  }
+
+  intersect(this: void, conditions: this[]) {
+    return conditions[0];
+  }
+
+  [inspect.custom](_depth: number, _options: InspectOptionsStylized) {
+    return `Self`;
+  }
+}
+
+/**
+ * The following actions only apply if the requester is this user object.
+ */
+export const self = new SelfCondition();
