PermissionDefinition

@vendure/core Source

Defines a new Permission with which to control access to GraphQL resolvers & REST controllers. Used in conjunction with the Allow decorator (see example below).

Note: To define CRUD permissions, use the CrudPermissionDefinition.

Example

export const sync = new PermissionDefinition({  name: 'SyncInventory',  description: 'Allows syncing stock levels via Admin API'});

const config: VendureConfig = {  authOptions: {    customPermissions: [sync],  },}

@Resolver()export class ExternalSyncResolver {  @Allow(sync.Permission)  @Mutation()  syncStockLevels() {    // ...  }}

Signature

class PermissionDefinition {    constructor(config: PermissionDefinitionConfig)    Permission: Permission}

constructor

method(config: PermissionDefinitionConfig) => PermissionDefinition

Permission

propertyPermission

Returns the permission defined by this definition, for use in the Allow decorator.

@vendure/core Source

Defines a set of CRUD Permissions for the given name, i.e. a name of 'Wishlist' will create 4 Permissions: 'CreateWishlist', 'ReadWishlist', 'UpdateWishlist' & 'DeleteWishlist'.

Example

export const wishlist = new CrudPermissionDefinition('Wishlist');

const config: VendureConfig = {  authOptions: {    customPermissions: [wishlist],  },}

@Resolver()export class WishlistResolver {  @Allow(wishlist.Create)  @Mutation()  createWishlist() {    // ...  }}

Signature

class CrudPermissionDefinition extends PermissionDefinition {    constructor(name: string, descriptionFn?: (operation: 'create' | 'read' | 'update' | 'delete') => string)    Create: Permission    Read: Permission    Update: Permission    Delete: Permission}

Extends: PermissionDefinition

constructor

method

(name: string, descriptionFn?: (operation: 'create' | 'read' | 'update' | 'delete') => string) => CrudPermissionDefinition

Create

propertyPermission

Returns the 'Create' CRUD permission defined by this definition, for use in the Allow decorator.

Read

propertyPermission

Returns the 'Read' CRUD permission defined by this definition, for use in the Allow decorator.

Update

propertyPermission

Returns the 'Update' CRUD permission defined by this definition, for use in the Allow decorator.

Delete

propertyPermission

Returns the 'Delete' CRUD permission defined by this definition, for use in the Allow decorator.

@vendure/core Sourcev3.5.0

Defines a set of Read-Write Permissions for the given name, i.e. a name of 'DashboardSavedViews' will create 2 Permissions: 'ReadDashboardSavedViews' and 'WriteDashboardSavedViews'.

Example

export const dashboardSavedViews = new RwPermissionDefinition('DashboardSavedViews');

const config: VendureConfig = {  authOptions: {    customPermissions: [dashboardSavedViews],  },}

@Resolver()export class DashboardResolver {  @Allow(dashboardSavedViews.Read)  @Query()  getDashboardSavedViews() {    // ...  }  @Allow(dashboardSavedViews.Write)  @Mutation()  saveDashboardView() {    // ...  }}

Signature

class RwPermissionDefinition extends PermissionDefinition {    constructor(name: string, descriptionFn?: (operation: 'read' | 'write') => string)    Read: Permission    Write: Permission}

Extends: PermissionDefinition

constructor

method(name: string, descriptionFn?: (operation: 'read' | 'write') => string) => RwPermissionDefinition

Read

propertyPermission

Returns the 'Read' permission defined by this definition, for use in the Allow decorator.

Write

propertyPermission

Returns the 'Write' permission defined by this definition, for use in the Allow decorator.

@vendure/core Source

Configures a PermissionDefinition

Signature

interface PermissionDefinitionConfig {    name: string;    description?: string;    assignable?: boolean;    internal?: boolean;}

name

propertystring

The name of the permission. By convention this should be UpperCamelCased.

description

propertystring

A description of the permission.

assignable

propertyboolean

Default:true

Whether this permission can be assigned to a Role. In general this should be left as the default true except in special cases.

internal

propertyboolean

Default:false

Internal permissions are not exposed via the API and are reserved for special use-cases such at the Owner or Public permissions.