PermissionDefinition
PermissionDefinition
Defines a new Permission with which to control access to GraphQL resolvers & REST controllers. Used in conjunction with the Allow decorator (see example below).
Note: To define CRUD permissions, use the CrudPermissionDefinition.
Example
export const sync = new PermissionDefinition({
name: 'SyncInventory',
description: 'Allows syncing stock levels via Admin API'
});
const config: VendureConfig = {
authOptions: {
customPermissions: [sync],
},
}
@Resolver()
export class ExternalSyncResolver {
@Allow(sync.Permission)
@Mutation()
syncStockLevels() {
// ...
}
}
class PermissionDefinition {
constructor(config: PermissionDefinitionConfig)
Permission: Permission
}
constructor
(config: PermissionDefinitionConfig) => PermissionDefinition
Permission
Returns the permission defined by this definition, for use in the
Allow decorator.CrudPermissionDefinition
Defines a set of CRUD Permissions for the given name, i.e. a name
of 'Wishlist' will create
4 Permissions: 'CreateWishlist', 'ReadWishlist', 'UpdateWishlist' & 'DeleteWishlist'.
Example
export const wishlist = new CrudPermissionDefinition('Wishlist');
const config: VendureConfig = {
authOptions: {
customPermissions: [wishlist],
},
}
@Resolver()
export class WishlistResolver {
@Allow(wishlist.Create)
@Mutation()
createWishlist() {
// ...
}
}
class CrudPermissionDefinition extends PermissionDefinition {
constructor(name: string, descriptionFn?: (operation: 'create' | 'read' | 'update' | 'delete') => string)
Create: Permission
Read: Permission
Update: Permission
Delete: Permission
}
- Extends:
PermissionDefinition
constructor
(name: string, descriptionFn?: (operation: 'create' | 'read' | 'update' | 'delete') => string) => CrudPermissionDefinition
Create
Returns the 'Create' CRUD permission defined by this definition, for use in the
Allow decorator. ### ReadReturns the 'Read' CRUD permission defined by this definition, for use in the
Allow decorator. ### UpdateReturns the 'Update' CRUD permission defined by this definition, for use in the
Allow decorator. ### DeleteReturns the 'Delete' CRUD permission defined by this definition, for use in the
Allow decorator.PermissionDefinitionConfig
Configures a PermissionDefinition
interface PermissionDefinitionConfig {
name: string;
description?: string;
assignable?: boolean;
internal?: boolean;
}
name
string
The name of the permission. By convention this should be UpperCamelCased.
description
string
A description of the permission.
assignable
boolean
true
Whether this permission can be assigned to a Role. In general this
should be left as the default true
except in special cases.
internal
boolean
false
Internal permissions are not exposed via the API and are reserved for
special use-cases such at the Owner
or Public
permissions.