strapi/packages/plugins/graphql/server/services/content-api/policy.js

'use strict';

const { getOr } = require('lodash/fp');
const { policy: policyUtils } = require('@strapi/utils');
const { ForbiddenError } = require('@strapi/utils').errors;

const createPoliciesMiddleware = (resolverConfig, { strapi }) => {
  return async (resolve, ...rest) => {
    const resolverPolicies = getOr([], 'policies', resolverConfig);

    // Transform every policy into a unique format
    const policies = resolverPolicies.map(policy => policyUtils.get(policy));

    // Create a graphql policy context
    const context = createGraphQLPolicyContext(...rest);

    // Run policies & throw an error if one of them fails
    for (const policy of policies) {
      const result = await policy(context, { strapi });

      if (![true, undefined].includes(result)) {
        throw new ForbiddenError();
      }
    }

    return resolve(...rest);
  };
};

const createGraphQLPolicyContext = (parent, args, context, info) => {
  return policyUtils.createPolicyContext('graphql', {
    get parent() {
      return parent;
    },

    get args() {
      return args;
    },

    get context() {
      return context;
    },

    get info() {
      return info;
    },

    get state() {
      return this.context.state;
    },

    get http() {
      return this.context.koaContext;
    },
  });
};

module.exports = {
  createPoliciesMiddleware,
};
V4/graphql customization (#10850) * Add basic implementation for the graphql extension service * Add createPolicyContext in @strapi/utils * policiesMiddleware implementation for graphql * wrapResolvers first implementation (authentication, middlewares, policies) * move the content API schema build from /generators to /content-api. Extract types' register functions into a dedicated folder * fix schema generation on bootstrap * update the graphql service file to match new services arch * fix single type queries * simplify entity's resolver * use apollo graphql conventions for resolver's args naming * use the graphql extension system in i18n to add a locale arg to localized queries & mutations 2021-09-01 12:06:51 +02:00			`'use strict';`

			`const { getOr } = require('lodash/fp');`
			`const { policy: policyUtils } = require('@strapi/utils');`
refacto graphql errors 2021-10-27 18:54:58 +02:00			`const { ForbiddenError } = require('@strapi/utils').errors;`
V4/graphql customization (#10850) * Add basic implementation for the graphql extension service * Add createPolicyContext in @strapi/utils * policiesMiddleware implementation for graphql * wrapResolvers first implementation (authentication, middlewares, policies) * move the content API schema build from /generators to /content-api. Extract types' register functions into a dedicated folder * fix schema generation on bootstrap * update the graphql service file to match new services arch * fix single type queries * simplify entity's resolver * use apollo graphql conventions for resolver's args naming * use the graphql extension system in i18n to add a locale arg to localized queries & mutations 2021-09-01 12:06:51 +02:00
			`const createPoliciesMiddleware = (resolverConfig, { strapi }) => {`
			`return async (resolve, ...rest) => {`
			`const resolverPolicies = getOr([], 'policies', resolverConfig);`

			`// Transform every policy into a unique format`
			`const policies = resolverPolicies.map(policy => policyUtils.get(policy));`

			`// Create a graphql policy context`
			`const context = createGraphQLPolicyContext(...rest);`

			`// Run policies & throw an error if one of them fails`
			`for (const policy of policies) {`
Harmonize and make policies and middlwares more consistent 2021-10-04 18:16:28 +02:00			`const result = await policy(context, { strapi });`
V4/graphql customization (#10850) * Add basic implementation for the graphql extension service * Add createPolicyContext in @strapi/utils * policiesMiddleware implementation for graphql * wrapResolvers first implementation (authentication, middlewares, policies) * move the content API schema build from /generators to /content-api. Extract types' register functions into a dedicated folder * fix schema generation on bootstrap * update the graphql service file to match new services arch * fix single type queries * simplify entity's resolver * use apollo graphql conventions for resolver's args naming * use the graphql extension system in i18n to add a locale arg to localized queries & mutations 2021-09-01 12:06:51 +02:00
Harmonize and make policies and middlwares more consistent 2021-10-04 18:16:28 +02:00			`if (![true, undefined].includes(result)) {`
refacto graphql errors 2021-10-27 18:54:58 +02:00			`throw new ForbiddenError();`
V4/graphql customization (#10850) * Add basic implementation for the graphql extension service * Add createPolicyContext in @strapi/utils * policiesMiddleware implementation for graphql * wrapResolvers first implementation (authentication, middlewares, policies) * move the content API schema build from /generators to /content-api. Extract types' register functions into a dedicated folder * fix schema generation on bootstrap * update the graphql service file to match new services arch * fix single type queries * simplify entity's resolver * use apollo graphql conventions for resolver's args naming * use the graphql extension system in i18n to add a locale arg to localized queries & mutations 2021-09-01 12:06:51 +02:00			`}`
			`}`

			`return resolve(...rest);`
			`};`
			`};`

			`const createGraphQLPolicyContext = (parent, args, context, info) => {`
			`return policyUtils.createPolicyContext('graphql', {`
			`get parent() {`
			`return parent;`
			`},`

			`get args() {`
			`return args;`
			`},`

			`get context() {`
			`return context;`
			`},`

			`get info() {`
			`return info;`
			`},`

			`get state() {`
			`return this.context.state;`
			`},`

			`get http() {`
			`return this.context.koaContext;`
			`},`
			`});`
			`};`

			`module.exports = {`
			`createPoliciesMiddleware,`
			`};`