Documentation
¶
Overview ¶
Package interceptors is middleware to alter the graphql query
Index ¶
- Constants
- Variables
- func AddIDPredicate(ctx context.Context, q Query) error
- func FilterListQuery() ent.Interceptor
- func FilterQueryResults[V any](skipperFunc ...skipperFunc) ent.InterceptFunc
- func GetAuthorizedObjectIDs(ctx context.Context, queryType string, relation fgax.Relation) ([]string, error)
- func HistoryAccess(relation string, orgOwned, userOwed bool, objectOwner string) ent.Interceptor
- func InterceptorAPIToken() ent.Interceptor
- func InterceptorBillingPortalURLs() ent.Interceptor
- func InterceptorControlFieldSort() ent.Interceptor
- func InterceptorFile() ent.Interceptor
- func InterceptorGroupSetting() ent.Interceptor
- func InterceptorJobRunnerFilterSystemOwned() ent.Interceptor
- func InterceptorJobRunnerRegistrationToken() ent.Interceptor
- func InterceptorModules(modulesEnabled bool) ent.Interceptor
- func InterceptorOrgMember() ent.Interceptor
- func InterceptorOrganization() ent.Interceptor
- func InterceptorOrganizationSetting() ent.Interceptor
- func InterceptorPat() ent.Interceptor
- func InterceptorPresignedURL() ent.Interceptor
- func InterceptorTrustCenter() ent.Interceptor
- func InterceptorTrustCenterChild() ent.Interceptor
- func InterceptorTrustCenterControl() ent.Interceptor
- func InterceptorUserSetting() ent.Interceptor
- func NotificationQueryFilter() generated.Interceptor
- func QueryLogger() ent.InterceptFunc
- func TraverseOrgMembers() ent.Interceptor
- func TraverseStandard() ent.Interceptor
- func TraverseSubprocessor() ent.Interceptor
- func TraverseUser() ent.Interceptor
- type Query
- type SkipMode
- type TraverseFunc
Constants ¶
const ( // ExistOperation is the operation type for Exist queries ExistOperation = "Exist" // OnlyOperation is the operation type for Only queries OnlyOperation = "Only" // IDsOperation is the operation type for IDs queries IDsOperation = "IDs" // CountOperation is the operation type for Count queries CountOperation = "Count" // AllOperation is the operation type for All queries AllOperation = "All" )
Operation types for queries
Variables ¶
var ( // ErrInternalServerError is returned when an internal error occurs. ErrInternalServerError = errors.New("internal server error") // ErrUnableToRetrieveUserID is returned when the user cannot be retrieved from the context ErrUnableToRetrieveUserID = errors.New("unable to retrieve user from context") // ErrRetrievingObjects is returned when an error occurs while retrieving objects ErrRetrievingObjects = errors.New("error retrieving objects") // ErrFeatureNotEnabled is returned when a requested feature is not enabled for the organization ErrFeatureNotEnabled = errors.New("feature not enabled for organization") )
Functions ¶
func AddIDPredicate ¶ added in v0.3.1
AddIDPredicate adds a predicate to the query to only include the objects that the user has access to This should only be used for queries where we are not directly filtering on the `id` field of the object e.g. memberships and history tables, and when there are a limited number of objects to filter the FilterQueryResults function should be used in most cases due to performance issues of ListObjectsRequest
func FilterListQuery ¶ added in v0.3.1
func FilterListQuery() ent.Interceptor
FilterListQuery filters any list query to only include the objects that the user has access to This is automatically added to all schemas using the ObjectOwnedMixin, so should not be added directly if that mixin is used This function is intended to filter the query before it is run using the ListObjectsRequest and should not be used for large lists
func FilterQueryResults ¶ added in v0.8.5
func FilterQueryResults[V any](skipperFunc ...skipperFunc) ent.InterceptFunc
FilterQueryResults filters the results of a query to only include the objects that the user has access to This is automatically added to all schemas using the ObjectOwnedMixin, so should not be added directly if that mixin is used This function is intended to filter results after the query is run using the BatchCheck in FGA which is more performant than the ListObjectsRequest, especially for large lists
func GetAuthorizedObjectIDs ¶ added in v0.3.1
func GetAuthorizedObjectIDs(ctx context.Context, queryType string, relation fgax.Relation) ([]string, error)
GetAuthorizedObjectIDs does a list objects request to pull all ids the current user has access to within the FGA system
func HistoryAccess ¶
func HistoryAccess(relation string, orgOwned, userOwed bool, objectOwner string) ent.Interceptor
HistoryAccess is a traversal interceptor that checks if the user has the required role for the organization
func InterceptorAPIToken ¶
func InterceptorAPIToken() ent.Interceptor
InterceptorAPIToken is middleware to change the api token query
func InterceptorBillingPortalURLs ¶ added in v0.33.3
func InterceptorBillingPortalURLs() ent.Interceptor
InterceptorBillingPortalURLs is an ent interceptor to fetch data from an external source (in this case stripe) and populate the URLs in the graph return response
func InterceptorControlFieldSort ¶ added in v0.34.3
func InterceptorControlFieldSort() ent.Interceptor
InterceptorControlFieldSort sorts the custom model slice fields on controls and subcontrols to ensure consistent order of results
func InterceptorFile ¶ added in v0.24.1
func InterceptorFile() ent.Interceptor
InterceptorFile is an ent interceptor that filters the file query on the organization id this is slightly different from the organization interceptor because this is formatted differently then other schemas and is not always required so keeping it separate
func InterceptorGroupSetting ¶ added in v0.7.0
func InterceptorGroupSetting() ent.Interceptor
InterceptorGroupSetting is middleware to change the GroupSetting query to only include the objects that the user has access to by filtering the group settings with groups from the authorized organization only
func InterceptorJobRunnerFilterSystemOwned ¶ added in v0.14.1
func InterceptorJobRunnerFilterSystemOwned() ent.Interceptor
InterceptorJobRunnerFilterSystemOwned makes sure to always filter out system owned runners from responses except the request is from an admin
func InterceptorJobRunnerRegistrationToken ¶ added in v0.14.1
func InterceptorJobRunnerRegistrationToken() ent.Interceptor
InterceptorJobRunnerRegistrationToken is middleware to only list non expired tokens
func InterceptorModules ¶ added in v0.28.0
func InterceptorModules(modulesEnabled bool) ent.Interceptor
InterceptorModules uses the query type to automatically validate the modules from the auto generated pipeline
func InterceptorOrgMember ¶
func InterceptorOrgMember() ent.Interceptor
InterceptorOrgMember is middleware to change the OrgMember query result
func InterceptorOrganization ¶
func InterceptorOrganization() ent.Interceptor
InterceptorOrganization is middleware to change the Organization query
func InterceptorOrganizationSetting ¶
func InterceptorOrganizationSetting() ent.Interceptor
InterceptorOrganizationSetting is middleware to change the org setting query
func InterceptorPat ¶
func InterceptorPat() ent.Interceptor
InterceptorPat is middleware to change the PAT query
func InterceptorPresignedURL ¶ added in v0.6.10
func InterceptorPresignedURL() ent.Interceptor
InterceptorPresignedURL is an ent interceptor that sets the presignedURL field on the file query if the field is requested
func InterceptorTrustCenter ¶ added in v0.20.5
func InterceptorTrustCenter() ent.Interceptor
InterceptorTrustCenter is middleware to change the TrustCenter query
func InterceptorTrustCenterChild ¶ added in v0.23.0
func InterceptorTrustCenterChild() ent.Interceptor
InterceptorTrustCenterChild is middleware to change the TrustCenterChild query. Should be used by schemas that are owned by a trust center
func InterceptorTrustCenterControl ¶ added in v1.10.0
func InterceptorTrustCenterControl() ent.Interceptor
InterceptorTrustCenterControl is middleware that filters control queries based on user context: - anonymous trust center users only see publicly visible trust center controls - authenticated users with only the trust center module (not compliance) only see trust center controls
func InterceptorUserSetting ¶
func InterceptorUserSetting() ent.Interceptor
func NotificationQueryFilter ¶ added in v0.51.0
func NotificationQueryFilter() generated.Interceptor
NotificationQueryFilter automatically filters notifications based on user context
func QueryLogger ¶
func QueryLogger() ent.InterceptFunc
QueryLogger is an interceptor that logs the duration of each query.
func TraverseOrgMembers ¶
func TraverseOrgMembers() ent.Interceptor
TraverseOrgMembers is middleware to change the Org Members query
func TraverseStandard ¶ added in v0.7.3
func TraverseStandard() ent.Interceptor
TraverseStandard only returns public standards and standards owned by the organization
func TraverseSubprocessor ¶ added in v0.22.3
func TraverseSubprocessor() ent.Interceptor
TraverseSubprocessor only returns public subprocessors and subprocessors owned by the organization
func TraverseUser ¶
func TraverseUser() ent.Interceptor
TraverseUser returns an ent interceptor for user that filters users based on the context of the query
Types ¶
type Query ¶ added in v0.50.0
type Query interface {
// Type returns the string representation of the query type.
Type() string
// Limit the number of records to be returned by this query.
Limit(int)
// Offset to start from.
Offset(int)
// Unique configures the query builder to filter duplicate records.
Unique(bool)
// Order specifies how the records should be ordered.
Order(...func(*sql.Selector))
// WhereP appends storage-level predicates to the query builder. Using this method, users
// can use type-assertion to append predicates that do not depend on any generated package.
WhereP(...func(*sql.Selector))
}
Query is an interface that abstracts over different query types.
func NewInterceptQuery ¶ added in v0.50.0
NewInterceptQuery creates a new Query wrapper for the given query.
type SkipMode ¶
type SkipMode int
SkipMode is a bit flag for the Skip annotation.
const ( // SkipNone skips no queries. SkipNone SkipMode = 0 // SkipOnlyQuery skips the interceptor on `Only` queries. SkipOnlyQuery SkipMode = 1 << iota // SkipAllQuery skips the interceptor on `All` queries. SkipAllQuery // SkipExistsQuery skips the interceptor on `Exists` queries. SkipExistsQuery // SkipIDsQuery skips the interceptor on `IDs` queries. SkipIDsQuery // SkipAll is default mode to skip all. SkipAll = SkipOnlyQuery | SkipAllQuery | SkipExistsQuery | SkipIDsQuery )
type TraverseFunc ¶ added in v0.50.0
The TraverseFunc type is an adapter to allow the use of ordinary function as Traverser. If f is a function with the appropriate signature, TraverseFunc(f) is a Traverser that calls f.
Source Files
¶
- apitoken.go
- auditlogs.go
- constants.go
- controls.go
- doc.go
- errors.go
- file.go
- filter.go
- groupsetting.go
- job.go
- mixin_interceptor.go
- modules.go
- notifications_filter.go
- organization.go
- organizationsetting.go
- orgmembers.go
- orgsubscription.go
- personalaccesstoken.go
- query.go
- standard.go
- subprocessor.go
- trustcenter.go
- user.go
- usersetting.go
- wrap.go