Built-in Policies
nestjs-prisma-crud comes with built in policies that can serve a large portion of common use cases. Below you can learn more about them.
For more complex scenarios you can also create your own custom policies.
MustMatchAuthAttribute Policy#
Description#
Scopes the controller access to database records where modelAttributePath matches some dynamic property of authData, defined by authDataAttributePath.
Function signature#
MustMatchAuthAttribute(modelAttributePath: string, authDataAttributePath: string) => PolicyMethodinfo
modelAttributePath can traverse relations via dot notation, as long as the joins are present in allowedJoins.
authDataAttributePath also supports dot notation for traversing nested properties of the authData object.
Example usage#
Important!
Passing crudQuery into your function call is mandatory for MustMatchAuthAttribute to work. See below.
@Controller('post')export class PostController { // ... @Get() @AccessPolicy([RoleID.PREMIUM_USER], MustMatchAuthAttribute('author.id', 'id')) async getPosts(@Query('crudQuery') crudQuery: string) { const match = await this.postsService.findMany(crudQuery); return match; }}MustMatchValue Policy#
Description#
MustMatchValue works just like the above MustMatchAuthAttribute, but it uses a static value instead of dynamic properties of authData.
Function signature#
MustMatchValue(modelAttributePath: string, targetValue: any) => PolicyMethodinfo
modelAttributePath can traverse relations via dot notation, as long as the joins are present in allowedJoins.
Example usage#
Important!
Passing crudQuery into your function call is mandatory for MustMatchValue to work. See below.
@Controller('post')export class PostController { // ... @Get() @AccessPolicy('everyone', MustMatchValue('visibility', 'PUBLIC')) async getPosts(@Query('crudQuery') crudQuery: string) { const match = await this.postsService.findMany(crudQuery); return match; }}