Skip to content

Commit

Permalink
Add support for access: { auth: ... } (#1627)
Browse files Browse the repository at this point in the history
  • Loading branch information
timleslie authored Sep 16, 2019
1 parent 3a58bd4 commit 9ade2b2
Show file tree
Hide file tree
Showing 16 changed files with 763 additions and 447 deletions.
230 changes: 230 additions & 0 deletions .changeset/wise-moles-hang/changes.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,230 @@
{
"releases": [
{ "name": "@keystone-alpha/access-control", "type": "major" },
{ "name": "@keystone-alpha/fields", "type": "major" },
{ "name": "@keystone-alpha/keystone", "type": "major" }
],
"dependents": [
{
"name": "@keystone-alpha/api-tests",
"type": "patch",
"dependencies": [
"@keystone-alpha/auth-password",
"@keystone-alpha/adapter-knex",
"@keystone-alpha/adapter-mongoose",
"@keystone-alpha/test-utils",
"@keystone-alpha/fields",
"@keystone-alpha/keystone"
]
},
{
"name": "@keystone-alpha/demo-project-blog",
"type": "patch",
"dependencies": [
"@keystone-alpha/app-admin-ui",
"@keystone-alpha/auth-password",
"@keystone-alpha/fields-markdown",
"@keystone-alpha/fields-wysiwyg-tinymce",
"@keystone-alpha/adapter-mongoose",
"@keystone-alpha/fields",
"@keystone-alpha/keystone"
]
},
{
"name": "@keystone-alpha/demo-project-meetup",
"type": "patch",
"dependencies": [
"@keystone-alpha/app-admin-ui",
"@keystone-alpha/auth-password",
"@keystone-alpha/fields-wysiwyg-tinymce",
"@keystone-alpha/adapter-mongoose",
"@keystone-alpha/fields",
"@keystone-alpha/keystone"
]
},
{
"name": "@keystone-alpha/demo-project-todo",
"type": "patch",
"dependencies": [
"@keystone-alpha/app-admin-ui",
"@keystone-alpha/adapter-mongoose",
"@keystone-alpha/fields",
"@keystone-alpha/keystone"
]
},
{
"name": "@keystone-alpha/app-admin-ui",
"type": "patch",
"dependencies": ["@keystone-alpha/fields"]
},
{
"name": "@keystone-alpha/auth-passport",
"type": "patch",
"dependencies": ["@keystone-alpha/fields"]
},
{
"name": "@keystone-alpha/auth-password",
"type": "patch",
"dependencies": ["@keystone-alpha/fields"]
},
{
"name": "@keystone-alpha/example-projects-nuxt",
"type": "patch",
"dependencies": [
"@keystone-alpha/app-admin-ui",
"@keystone-alpha/adapter-mongoose",
"@keystone-alpha/fields",
"@keystone-alpha/keystone"
]
},
{
"name": "@keystone-alpha/example-projects-starter",
"type": "patch",
"dependencies": [
"@keystone-alpha/app-admin-ui",
"@keystone-alpha/auth-password",
"@keystone-alpha/adapter-mongoose",
"@keystone-alpha/fields",
"@keystone-alpha/keystone"
]
},
{
"name": "@keystone-alpha/example-projects-todo",
"type": "patch",
"dependencies": [
"@keystone-alpha/app-admin-ui",
"@keystone-alpha/adapter-mongoose",
"@keystone-alpha/fields",
"@keystone-alpha/keystone"
]
},
{
"name": "@keystone-alpha/field-content",
"type": "patch",
"dependencies": ["@keystone-alpha/fields"]
},
{
"name": "@keystone-alpha/fields-auto-increment",
"type": "patch",
"dependencies": ["@keystone-alpha/adapter-knex", "@keystone-alpha/fields"]
},
{
"name": "@keystone-alpha/fields-datetime-utc",
"type": "patch",
"dependencies": [
"@keystone-alpha/adapter-knex",
"@keystone-alpha/adapter-mongoose",
"@keystone-alpha/fields"
]
},
{
"name": "@keystone-alpha/fields-markdown",
"type": "patch",
"dependencies": ["@keystone-alpha/fields"]
},
{
"name": "@keystone-alpha/fields-mongoid",
"type": "patch",
"dependencies": [
"@keystone-alpha/adapter-knex",
"@keystone-alpha/adapter-mongoose",
"@keystone-alpha/fields"
]
},
{
"name": "@keystone-alpha/fields-wysiwyg-tinymce",
"type": "patch",
"dependencies": ["@keystone-alpha/fields"]
},
{
"name": "@keystone-alpha/list-plugins",
"type": "patch",
"dependencies": ["@keystone-alpha/fields"]
},
{
"name": "@keystone-alpha/cypress-project-access-control",
"type": "patch",
"dependencies": [
"@keystone-alpha/app-admin-ui",
"@keystone-alpha/auth-password",
"@keystone-alpha/adapter-mongoose",
"@keystone-alpha/fields",
"@keystone-alpha/keystone"
]
},
{
"name": "@keystone-alpha/cypress-project-basic",
"type": "patch",
"dependencies": [
"@keystone-alpha/app-admin-ui",
"@keystone-alpha/field-content",
"@keystone-alpha/fields-markdown",
"@keystone-alpha/adapter-mongoose",
"@keystone-alpha/fields",
"@keystone-alpha/keystone"
]
},
{
"name": "@keystone-alpha/cypress-project-client-validation",
"type": "patch",
"dependencies": [
"@keystone-alpha/app-admin-ui",
"@keystone-alpha/adapter-mongoose",
"@keystone-alpha/fields",
"@keystone-alpha/keystone"
]
},
{
"name": "@keystone-alpha/cypress-project-login",
"type": "patch",
"dependencies": [
"@keystone-alpha/app-admin-ui",
"@keystone-alpha/auth-password",
"@keystone-alpha/list-plugins",
"@keystone-alpha/adapter-mongoose",
"@keystone-alpha/fields",
"@keystone-alpha/keystone"
]
},
{
"name": "@keystone-alpha/cypress-project-social-login",
"type": "patch",
"dependencies": [
"@keystone-alpha/app-admin-ui",
"@keystone-alpha/auth-passport",
"@keystone-alpha/auth-password",
"@keystone-alpha/adapter-mongoose",
"@keystone-alpha/fields",
"@keystone-alpha/keystone"
]
},
{
"name": "@keystone-alpha/adapter-knex",
"type": "patch",
"dependencies": ["@keystone-alpha/fields-auto-increment", "@keystone-alpha/keystone"]
},
{
"name": "@keystone-alpha/adapter-mongoose",
"type": "patch",
"dependencies": ["@keystone-alpha/fields-mongoid", "@keystone-alpha/keystone"]
},
{
"name": "@keystone-alpha/example-projects-blank",
"type": "patch",
"dependencies": [
"@keystone-alpha/app-admin-ui",
"@keystone-alpha/adapter-mongoose",
"@keystone-alpha/keystone"
]
},
{
"name": "@keystone-alpha/test-utils",
"type": "patch",
"dependencies": [
"@keystone-alpha/adapter-knex",
"@keystone-alpha/adapter-mongoose",
"@keystone-alpha/keystone"
]
}
]
}
3 changes: 3 additions & 0 deletions .changeset/wise-moles-hang/changes.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
Add support for `access: { auth: ... }` which controls whether authentication queries and mutations are accessible on a List

If you have a `List` which is being used as the target of an Authentication Strategy, you should set `access: { auth: true }` on that list.
10 changes: 9 additions & 1 deletion api-tests/auth-header.test.js
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ const initialData = {
};

const COOKIE_SECRET = 'qwerty';
const defaultAccess = ({ authentication: { item } }) => !!item;

function setupKeystone(adapterName) {
return setupServer({
Expand All @@ -39,6 +40,13 @@ function setupKeystone(adapterName) {
email: { type: Text },
password: { type: Password },
},
access: {
create: defaultAccess,
read: defaultAccess,
update: defaultAccess,
delete: defaultAccess,
auth: true,
},
});

keystone.createAuthStrategy({
Expand All @@ -49,7 +57,7 @@ function setupKeystone(adapterName) {
keystoneOptions: {
cookieSecret: COOKIE_SECRET,
defaultAccess: {
list: ({ authentication: { item } }) => !!item,
list: defaultAccess,
},
},
});
Expand Down
5 changes: 5 additions & 0 deletions api-tests/queries-access-control/meta.test.js
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,7 @@ multiAdapterRunners().map(({ runner, adapterName }) =>
read
update
delete
auth
}
}
}
Expand All @@ -68,6 +69,7 @@ multiAdapterRunners().map(({ runner, adapterName }) =>
read: true,
update: true,
delete: true,
auth: true,
});
})
);
Expand Down Expand Up @@ -125,6 +127,7 @@ multiAdapterRunners().map(({ runner, adapterName }) =>
read
update
delete
auth
}
}
}
Expand All @@ -141,6 +144,7 @@ multiAdapterRunners().map(({ runner, adapterName }) =>
read: true,
update: true,
delete: true,
auth: true,
},
},
{
Expand All @@ -150,6 +154,7 @@ multiAdapterRunners().map(({ runner, adapterName }) =>
read: true,
update: true,
delete: true,
auth: true,
},
},
]);
Expand Down
2 changes: 1 addition & 1 deletion demo-projects/todo/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -22,4 +22,4 @@
"@keystone-alpha/app-static": "^1.1.1",
"cross-env": "^5.2.0"
}
}
}
2 changes: 1 addition & 1 deletion packages/access-control/lib/access-control.js
Original file line number Diff line number Diff line change
Expand Up @@ -120,7 +120,7 @@ const parseAccess = ({

module.exports = {
parseListAccess({ listKey, defaultAccess, access = defaultAccess, schemaNames }) {
const accessTypes = ['create', 'read', 'update', 'delete'];
const accessTypes = ['create', 'read', 'update', 'delete', 'auth'];

return parseAccess({
schemaNames,
Expand Down
10 changes: 7 additions & 3 deletions packages/access-control/tests/access-control.test.js
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ describe('Access control package tests', () => {
read: defaultAccess,
update: defaultAccess,
delete: defaultAccess,
auth: defaultAccess,
},
});
});
Expand All @@ -42,6 +43,7 @@ describe('Access control package tests', () => {
read: access,
update: access,
delete: access,
auth: access,
},
});
});
Expand All @@ -51,7 +53,7 @@ describe('Access control package tests', () => {
test('StaticAccess | ImperativeAccess | DeclarativeAccess are valid per-operation access modes', () => {
[...statics, ...imperatives].forEach(defaultAccess => {
// NOTE: create is handled differently below
['read', 'update', 'delete'].forEach(operation => {
['read', 'update', 'delete', 'auth'].forEach(operation => {
[...statics, ...imperatives, ...declaratives].forEach(opAccess => {
const access = { [operation]: opAccess };
expect(parseListAccess({ defaultAccess, access, schemaNames })).toEqual({
Expand All @@ -60,6 +62,7 @@ describe('Access control package tests', () => {
read: defaultAccess,
update: defaultAccess,
delete: defaultAccess,
auth: defaultAccess,
// Override the specific operation we are trying
...{ [operation]: opAccess },
},
Expand All @@ -84,6 +87,7 @@ describe('Access control package tests', () => {
read: defaultAccess,
update: defaultAccess,
delete: defaultAccess,
auth: defaultAccess,
},
});
});
Expand Down Expand Up @@ -113,8 +117,8 @@ describe('Access control package tests', () => {
const access = { public: true };
const defaultAccess = false;
expect(parseListAccess({ defaultAccess, access, schemaNames })).toEqual({
public: { create: true, read: true, update: true, delete: true },
internal: { create: false, read: false, update: false, delete: false },
public: { create: true, read: true, update: true, delete: true, auth: true },
internal: { create: false, read: false, update: false, delete: false, auth: false },
});
});

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,7 @@ keystone.createList('User', {
update: access.userIsAdminOrOwner,
create: access.userIsAdmin,
delete: access.userIsAdmin,
auth: true,
},
});

Expand Down
2 changes: 1 addition & 1 deletion packages/field-views-loader/index.js
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ module.exports = function() {
lists: {
[listPath]: { // e.g "User"
...
access: { create, read, update, delete },
access: { create, read, update, delete, auth },
views: {
[fieldPath]: { // e.g 'email'
Controller: 'absolute/path/to/controller',
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -385,6 +385,7 @@ describe('Referenced list errors', () => {
read: true,
update: true,
delete: true,
auth: true,
},
},
};
Expand Down
Loading

0 comments on commit 9ade2b2

Please sign in to comment.