ix(server-core, api-gateway): permissions function signature (#6267)

Author: buntarb

packages/cubejs-api-gateway/src/gateway.ts

@@ -118,7 +118,10 @@ class ApiGateway {
 
   public readonly checkAuthSystemFn: CheckAuthFn;
 
-  protected readonly contextToPermissionsFn: ContextToPermissionsFn;
+  protected readonly contextToPermFn: ContextToPermissionsFn;
+
+  protected readonly contextToPermDefFn: ContextToPermissionsFn =
+    async () => ['liveliness', 'graphql', 'meta', 'data'];
 
   protected readonly checkAuthMiddleware: CheckAuthMiddlewareFn;
 
@@ -156,7 +159,7 @@ class ApiGateway {
 
     this.checkAuthFn = this.createCheckAuthFn(options);
     this.checkAuthSystemFn = this.createCheckAuthSystemFn();
-    this.contextToPermissionsFn = this.createContextToPermissionsFn(options);
+    this.contextToPermFn = this.createContextToPermissionsFn(options);
     this.checkAuthMiddleware = options.checkAuthMiddleware
       ? this.wrapCheckAuthMiddleware(options.checkAuthMiddleware)
       : this.checkAuth;
@@ -2193,15 +2196,18 @@ class ApiGateway {
         }
         return permissionsCache;
       }
-      : async () => ['liveliness', 'graphql', 'meta', 'data'];
+      : this.contextToPermDefFn;
   }
 
   protected async assertPermission(
     permission: Permission,
     securityContext?: any,
   ): Promise<void> {
     const permissions =
-      await this.contextToPermissionsFn(securityContext || {});
+      await this.contextToPermFn(
+        securityContext || {},
+        await this.contextToPermDefFn(),
+      );
     const permited = permissions.indexOf(permission) >= 0;
     if (!permited) {
       throw new CubejsHandlerError(

packages/cubejs-api-gateway/src/types/auth.ts

@@ -81,7 +81,8 @@ type CanSwitchSQLUserFn =
  * Returns permissions tuple from a security context.
  */
 type ContextToPermissionsFn =
-  (securityContext?: any) => Promise<PermissionsTuple>;
+  (securityContext?: any, permissions?: PermissionsTuple) =>
+    Promise<PermissionsTuple>;
 
 export {
   CheckAuthInternalOptions,

packages/cubejs-server-core/test/unit/OptsHandler.test.ts

@@ -1055,7 +1055,7 @@ describe('OptsHandler class', () => {
     });
 
     const gateway = <any>core.apiGateway();
-    const permissions = await gateway.contextToPermissionsFn();
+    const permissions = await gateway.contextToPermFn();
     expect(permissions).toBeDefined();
     expect(Array.isArray(permissions)).toBeTruthy();
     expect(permissions).toEqual(['liveliness', 'graphql', 'meta', 'data']);
@@ -1089,7 +1089,7 @@ describe('OptsHandler class', () => {
 
     const gateway = <any>core.apiGateway();
     expect(async () => {
-      await gateway.contextToPermissionsFn();
+      await gateway.contextToPermFn();
     }).rejects.toThrow(
       'A user-defined contextToPermissions function returns an inconsistent type.'
     );
@@ -1123,7 +1123,7 @@ describe('OptsHandler class', () => {
 
     const gateway = <any>core.apiGateway();
     expect(async () => {
-      await gateway.contextToPermissionsFn();
+      await gateway.contextToPermFn();
     }).rejects.toThrow(
       'A user-defined contextToPermissions function returns a wrong permission: job'
     );
@@ -1150,7 +1150,7 @@ describe('OptsHandler class', () => {
     });
 
     const gateway = <any>core.apiGateway();
-    const permissions = await gateway.contextToPermissionsFn();
+    const permissions = await gateway.contextToPermFn();
     expect(permissions).toBeDefined();
     expect(Array.isArray(permissions)).toBeTruthy();
     expect(permissions).toEqual(['liveliness', 'graphql', 'meta', 'data', 'jobs']);