Use currentUser in policy conditions

Author: CarsonF

src/components/authorization/policies/conditions/creator.condition.ts

@@ -1,5 +1,4 @@
 import { Logger } from '@nestjs/common';
-import { type Query } from 'cypher-query-builder';
 import { inspect, type InspectOptionsStylized } from 'util';
 import {
   type ID,
@@ -11,14 +10,11 @@ import {
 } from '~/common';
 import { type LinkTo } from '~/core/resources';
 import {
-  type AsCypherParams,
   type Condition,
   type IsAllowedParams,
   MissingContextException,
 } from '../../policy/conditions';
 
-const CQL_VAR = 'requestingUser';
-
 export interface HasCreator {
   creator: MaybeSecuredProp<ID | LinkTo<'User'>>;
 }
@@ -49,24 +45,8 @@ class CreatorCondition<TResourceStatic extends ResourceShape<HasCreator>>
     return creator === session.userId;
   }
 
-  setupCypherContext(
-    query: Query,
-    prevApplied: Set<any>,
-    other: AsCypherParams<TResourceStatic>,
-  ) {
-    if (prevApplied.has('creator')) {
-      return query;
-    }
-    prevApplied.add('creator');
-
-    const param = query.params.addParam(other.session.userId, CQL_VAR);
-    Reflect.set(other, CQL_VAR, param);
-
-    return query;
-  }
-
-  asCypherCondition(_query: Query, other: AsCypherParams<TResourceStatic>) {
-    const requester = String(Reflect.get(other, CQL_VAR));
+  asCypherCondition() {
+    const requester = '$currentUser';
     return [
       `node.creator = ${requester}`,
       `exists((node)-[:creator { active: true }]->(:Property { value: ${requester} }))`,

src/components/authorization/policies/conditions/member.condition.ts

@@ -5,7 +5,6 @@ import { type ResourceShape, type Role } from '~/common';
 import { matchProjectScopedRoles } from '~/core/database/query';
 import { rolesForScope, type ScopedRole, splitScope } from '../../dto/role.dto';
 import {
-  type AsCypherParams,
   type AsEdgeQLParams,
   type Condition,
   eqlDoesIntersect,
@@ -32,24 +31,8 @@ class MemberCondition<TResourceStatic extends ResourceWithScope>
     return getScope(object).includes('member:true');
   }
 
-  setupCypherContext(
-    query: Query,
-    prevApplied: Set<any>,
-    other: AsCypherParams<TResourceStatic>,
-  ) {
-    if (prevApplied.has('membership')) {
-      return query;
-    }
-    prevApplied.add('membership');
-
-    const param = query.params.addParam(other.session.userId, 'requestingUser');
-    Reflect.set(other, CQL_VAR, param);
-    return query;
-  }
-
-  asCypherCondition(query: Query, other: AsCypherParams<TResourceStatic>) {
-    const requester = String(Reflect.get(other, CQL_VAR));
-    return `exists((project)-[:member { active: true }]->(:ProjectMember)-[:user]->(:User { id: ${requester} }))`;
+  asCypherCondition() {
+    return 'exists((project)-[:member { active: true }]->(:ProjectMember)-[:user]->(:User { id: $currentUser }))';
   }
 
   setupEdgeQLContext({

src/components/authorization/policies/conditions/self.condition.ts

@@ -1,17 +1,13 @@
-import { type Query } from 'cypher-query-builder';
 import { inspect, type InspectOptionsStylized } from 'util';
 import { type User } from '../../../user/dto';
 import {
-  type AsCypherParams,
   type AsEdgeQLParams,
   type Condition,
   fqnRelativeTo,
   type IsAllowedParams,
   MissingContextException,
 } from '../../policy/conditions';
 
-const CQL_VAR = 'requestingUser';
-
 class SelfCondition<TResourceStatic extends typeof User>
   implements Condition<TResourceStatic>
 {
@@ -22,25 +18,8 @@ class SelfCondition<TResourceStatic extends typeof User>
     return object.id === session.userId;
   }
 
-  setupCypherContext(
-    query: Query,
-    prevApplied: Set<any>,
-    other: AsCypherParams<TResourceStatic>,
-  ) {
-    if (prevApplied.has('self')) {
-      return query;
-    }
-    prevApplied.add('self');
-
-    const param = query.params.addParam(other.session.userId, CQL_VAR);
-    Reflect.set(other, CQL_VAR, param);
-
-    return query;
-  }
-
-  asCypherCondition(_query: Query, other: AsCypherParams<TResourceStatic>) {
-    const requester = String(Reflect.get(other, CQL_VAR));
-    return `node:User AND node.id = ${requester}`;
+  asCypherCondition() {
+    return 'node:User AND node.id = $currentUser';
   }
 
   asEdgeQLCondition({ namespace }: AsEdgeQLParams<any>) {