Documentation
¶
Overview ¶
Package interceptors is middleware to alter the graphql query
Index ¶
- Constants
- Variables
- func AddIDPredicate(ctx context.Context, q intercept.Query) error
- func FilterListQuery() ent.Interceptor
- func FilterQueryResults[V any](skipperFunc ...skipperFunc) ent.InterceptFunc
- func GetAuthorizedObjectIDs(ctx context.Context, queryType string, relation fgax.Relation) ([]string, error)
- func HistoryAccess(relation string, orgOwned, userOwed bool, objectOwner string) ent.Interceptor
- func InterceptorAPIToken() ent.Interceptor
- func InterceptorEncryption(fieldNames ...string) ent.Interceptor
- func InterceptorFieldEncryption(fieldName string, _ bool) ent.Interceptor
- func InterceptorFile() ent.Interceptor
- func InterceptorGroupSetting() ent.Interceptor
- func InterceptorHush() ent.Interceptor
- func InterceptorJobRunnerFilterSystemOwned() ent.Interceptor
- func InterceptorJobRunnerRegistrationToken() ent.Interceptor
- func InterceptorModules(modulesEnabled bool) ent.Interceptor
- func InterceptorOrgMember() ent.Interceptor
- func InterceptorOrganization() ent.Interceptor
- func InterceptorOrganizationSetting() ent.Interceptor
- func InterceptorPat() ent.Interceptor
- func InterceptorPresignedURL() ent.Interceptor
- func InterceptorSubscriptionURL() ent.Interceptor
- func InterceptorTrustCenter() ent.Interceptor
- func InterceptorTrustCenterChild() ent.Interceptor
- func InterceptorUserSetting() ent.Interceptor
- func QueryLogger() ent.InterceptFunc
- func TraverseOrgMembers() ent.Interceptor
- func TraverseStandard() ent.Interceptor
- func TraverseSubprocessor() ent.Interceptor
- func TraverseUser() ent.Interceptor
- type SkipMode
Constants ¶
const ( // ExistOperation is the operation type for Exist queries ExistOperation = "Exist" // OnlyOperation is the operation type for Only queries OnlyOperation = "Only" // IDsOperation is the operation type for IDs queries IDsOperation = "IDs" // CountOperation is the operation type for Count queries CountOperation = "Count" // AllOperation is the operation type for All queries AllOperation = "All" )
Operation types for queries
Variables ¶
var ( // ErrInternalServerError is returned when an internal error occurs. ErrInternalServerError = errors.New("internal server error") // ErrUnableToRetrieveUserID is returned when the user cannot be retrieved from the context ErrUnableToRetrieveUserID = errors.New("unable to retrieve user from context") // ErrRetrievingObjects is returned when an error occurs while retrieving objects ErrRetrievingObjects = errors.New("error retrieving objects") // ErrFeatureNotEnabled is returned when a requested feature is not enabled for the organization ErrFeatureNotEnabled = errors.New("feature not enabled for organization") )
Functions ¶
func AddIDPredicate ¶ added in v0.3.1
AddIDPredicate adds a predicate to the query to only include the objects that the user has access to This should only be used for queries where we are not directly filtering on the `id` field of the object e.g. memberships and history tables, and when there are a limited number of objects to filter the FilterQueryResults function should be used in most cases due to performance issues of ListObjectsRequest
func FilterListQuery ¶ added in v0.3.1
func FilterListQuery() ent.Interceptor
FilterListQuery filters any list query to only include the objects that the user has access to This is automatically added to all schemas using the ObjectOwnedMixin, so should not be added directly if that mixin is used This function is intended to filter the query before it is run using the ListObjectsRequest and should not be used for large lists
func FilterQueryResults ¶ added in v0.8.5
func FilterQueryResults[V any](skipperFunc ...skipperFunc) ent.InterceptFunc
FilterQueryResults filters the results of a query to only include the objects that the user has access to This is automatically added to all schemas using the ObjectOwnedMixin, so should not be added directly if that mixin is used This function is intended to filter results after the query is run using the BatchCheck in FGA which is more performant than the ListObjectsRequest, especially for large lists
func GetAuthorizedObjectIDs ¶ added in v0.3.1
func GetAuthorizedObjectIDs(ctx context.Context, queryType string, relation fgax.Relation) ([]string, error)
GetAuthorizedObjectIDs does a list objects request to pull all ids the current user has access to within the FGA system
func HistoryAccess ¶
func HistoryAccess(relation string, orgOwned, userOwed bool, objectOwner string) ent.Interceptor
HistoryAccess is a traversal interceptor that checks if the user has the required role for the organization
func InterceptorAPIToken ¶
func InterceptorAPIToken() ent.Interceptor
InterceptorAPIToken is middleware to change the api token query
func InterceptorEncryption ¶ added in v0.24.1
func InterceptorEncryption(fieldNames ...string) ent.Interceptor
InterceptorEncryption provides transparent decryption for specified fields on query results
func InterceptorFieldEncryption ¶ added in v0.24.1
func InterceptorFieldEncryption(fieldName string, _ bool) ent.Interceptor
InterceptorFieldEncryption provides decryption for a single field (for backward compatibility)
func InterceptorFile ¶ added in v0.24.1
func InterceptorFile() ent.Interceptor
InterceptorFile is an ent interceptor that filters the file query on the organization id this is slightly different from the organization interceptor because this is formatted differently then other schemas and is not always required so keeping it separate
func InterceptorGroupSetting ¶ added in v0.7.0
func InterceptorGroupSetting() ent.Interceptor
InterceptorGroupSetting is middleware to change the GroupSetting query to only include the objects that the user has access to by filtering the group settings with groups from the authorized organization only
func InterceptorHush ¶
func InterceptorHush() ent.Interceptor
InterceptorHush keeps it secret, keeps it safe
func InterceptorJobRunnerFilterSystemOwned ¶ added in v0.14.1
func InterceptorJobRunnerFilterSystemOwned() ent.Interceptor
InterceptorJobRunnerFilterSystemOwned makes sure to always filter out system owned runners from responses except the request is from an admin
func InterceptorJobRunnerRegistrationToken ¶ added in v0.14.1
func InterceptorJobRunnerRegistrationToken() ent.Interceptor
InterceptorJobRunnerRegistrationToken is middleware to only list non expired tokens
func InterceptorModules ¶ added in v0.28.2
func InterceptorModules(modulesEnabled bool) ent.Interceptor
InterceptorModules usese the query type to automatically validate the modules from the auto generated pipeline
func InterceptorOrgMember ¶
func InterceptorOrgMember() ent.Interceptor
InterceptorOrgMember is middleware to change the OrgMember query result
func InterceptorOrganization ¶
func InterceptorOrganization() ent.Interceptor
InterceptorOrganization is middleware to change the Organization query
func InterceptorOrganizationSetting ¶
func InterceptorOrganizationSetting() ent.Interceptor
InterceptorOrganizationSetting is middleware to change the org setting query
func InterceptorPat ¶
func InterceptorPat() ent.Interceptor
InterceptorPat is middleware to change the PAT query
func InterceptorPresignedURL ¶ added in v0.6.10
func InterceptorPresignedURL() ent.Interceptor
InterceptorPresignedURL is an ent interceptor that sets the presignedURL field on the file query if the field is requested
func InterceptorSubscriptionURL ¶ added in v0.6.6
func InterceptorSubscriptionURL() ent.Interceptor
InterceptorSubscriptionURL is an ent interceptor to fetch data from an external source (in this case stripe) and populate the URLs in the graph return response
func InterceptorTrustCenter ¶ added in v0.20.5
func InterceptorTrustCenter() ent.Interceptor
InterceptorTrustCenter is middleware to change the TrustCenter query
func InterceptorTrustCenterChild ¶ added in v0.23.0
func InterceptorTrustCenterChild() ent.Interceptor
InterceptorTrustCenterChild is middleware to change the TrustCenterChild query. Should be used by schemas that are owned by a trust center
func InterceptorUserSetting ¶
func InterceptorUserSetting() ent.Interceptor
func QueryLogger ¶
func QueryLogger() ent.InterceptFunc
QueryLogger is an interceptor that logs the duration of each query.
func TraverseOrgMembers ¶
func TraverseOrgMembers() ent.Interceptor
TraverseOrgMembers is middleware to change the Org Members query
func TraverseStandard ¶ added in v0.7.3
func TraverseStandard() ent.Interceptor
TraverseStandard only returns public standards and standards owned by the organization
func TraverseSubprocessor ¶ added in v0.22.3
func TraverseSubprocessor() ent.Interceptor
TraverseSubprocessor only returns public subprocessors and subprocessors owned by the organization
func TraverseUser ¶
func TraverseUser() ent.Interceptor
TraverseUser returns an ent interceptor for user that filters users based on the context of the query
Types ¶
type SkipMode ¶
type SkipMode int
SkipMode is a bit flag for the Skip annotation.
const ( // SkipNone skips no queries. SkipNone SkipMode = 0 // SkipOnlyQuery skips the interceptor on `Only` queries. SkipOnlyQuery SkipMode = 1 << iota // SkipAllQuery skips the interceptor on `All` queries. SkipAllQuery // SkipExistsQuery skips the interceptor on `Exists` queries. SkipExistsQuery // SkipIDsQuery skips the interceptor on `IDs` queries. SkipIDsQuery // SkipAll is default mode to skip all. SkipAll = SkipOnlyQuery | SkipAllQuery | SkipExistsQuery | SkipIDsQuery )
Source Files