@@ -116,12 +116,6 @@ function autoincrement(): Int {
116116function dbgenerated(expr: String ?): Any {
117117} @@@expressionContext([DefaultValue])
118118
119- /* *
120- * Gets entities value before an update. Only valid when used in a "update" policy rule.
121- */
122- function future(): Any {
123- } @@@expressionContext([AccessPolicy])
124-
125119/* *
126120 * Checks if the field value contains the search string. By default, the search is case-sensitive, and
127121 * "LIKE" operator is used to match. If `caseInSensitive` is true, "ILIKE" operator is used if
@@ -663,3 +657,56 @@ attribute @meta(_ name: String, _ value: Any)
663657 * Marks an attribute as deprecated.
664658 */
665659attribute @@@deprecated(_ message: String )
660+
661+ /* --- Policy Plugin --- */
662+
663+ /* *
664+ * Defines an access policy that allows a set of operations when the given condition is true.
665+ *
666+ * @param operation: comma-separated list of "create", "read", "update", "delete". Use "all" to denote all operations.
667+ * @param condition: a boolean expression that controls if the operation should be allowed.
668+ */
669+ attribute @@allow(_ operation: String @@@completionHint(["'create'" , "'read'" , "'update'" , "'delete'" , "'all'" ]), _ condition: Boolean )
670+
671+ /* *
672+ * Defines an access policy that allows the annotated field to be read or updated.
673+ * You can pass a third argument as `true` to make it override the model-level policies.
674+ *
675+ * @param operation: comma-separated list of "create", "read", "update", "delete". Use "all" to denote all operations.
676+ * @param condition: a boolean expression that controls if the operation should be allowed.
677+ * @param override: a boolean value that controls if the field-level policy should override the model-level policy.
678+ */
679+ attribute @allow(_ operation: String @@@completionHint(["'create'" , "'read'" , "'update'" , "'delete'" , "'all'" ]), _ condition: Boolean , _ override: Boolean ?)
680+
681+ /* *
682+ * Defines an access policy that denies a set of operations when the given condition is true.
683+ *
684+ * @param operation: comma-separated list of "create", "read", "update", "delete". Use "all" to denote all operations.
685+ * @param condition: a boolean expression that controls if the operation should be denied.
686+ */
687+ attribute @@deny(_ operation: String @@@completionHint(["'create'" , "'read'" , "'update'" , "'delete'" , "'all'" ]), _ condition: Boolean )
688+
689+ /* *
690+ * Defines an access policy that denies the annotated field to be read or updated.
691+ *
692+ * @param operation: comma-separated list of "create", "read", "update", "delete". Use "all" to denote all operations.
693+ * @param condition: a boolean expression that controls if the operation should be denied.
694+ */
695+ attribute @deny(_ operation: String @@@completionHint(["'create'" , "'read'" , "'update'" , "'delete'" , "'all'" ]), _ condition: Boolean )
696+
697+ /* *
698+ * Checks if the current user can perform the given operation on the given field.
699+ *
700+ * @param field: The field to check access for
701+ * @param operation: The operation to check access for. Can be "read", "create", "update", or "delete". If the operation is not provided,
702+ * it defaults the operation of the containing policy rule.
703+ */
704+ function check(field: Any , operation: String ?): Boolean {
705+ } @@@expressionContext([AccessPolicy])
706+
707+ /* *
708+ * Gets entities value before an update. Only valid when used in a "update" policy rule.
709+ */
710+ function future(): Any {
711+ } @@@expressionContext([AccessPolicy])
712+
0 commit comments