Policy

@policy({
  name: 'effective policy',
  action: 'Script',
  weight: 1
})
myPolicy({ runtime }) {

  return true

}

@policy(options)

Arguments

options { Object } Options object
- name { String }
- environment { String = "*" }
- weight { Number = 0 }
- action { String } Policy action (Script, Transform)

Method Options

methodOptions { Object } Options passed to the method
- req { Object }
- body { Object }
- halt {Function} When called, haults the policy and exits the script
- runtime { Object }
  - name { String }
  - environment { String = "*" }
  - weight { Number = 0 }
  - metadata { Object }
    resource { String }
    className { String }
    methodName { String }
    static { Boolean }
    loc { Object }
    line { String }
    column { String }

Method Options (Transform Action)

methodOptions { Object } Options passed to the method
- runtime { Object }
  - name { String }
  - environment { String = "*" }
  - weight { Number = 0 }
  - metadata { Object }
    resource { String }
    className { String }
    methodName { String }
    static { Boolean }
    loc { Object }
    line { String }
    column { String }

Examples

const { policy, route, log, transform } = require('decorators'),
      { Transform } = require('runtime.transform')

class RoutePolicies {

  @policy
  static redirectPolicy = {
    name: 'c_redirect',
    priority: 1,
    methods: 'get',
    paths: '/routes/test-policy-redirect',
    action: 'Redirect',
    redirectUrl: '/routes/test-policy-after-redirect',
    weight: 1,
    trace: true
  }

  @log({ traceError: true })
  @route('POST test-route', { priority: 1 })
  testRoute({ body }) {
    return { text: 'Hi!', ...body() }
  }

  @log({ traceError: true })
  @route('GET test-route-halt', { priority: 1 })
  testHaltRoute() {
    return 'Hello!'
  }

  @log({ trace: true })
  @policy({ methods: ['post'], paths: '/routes/test-route', action: 'Script', trace: true, weight: 1 })
  testRoutePolicy({ body }) {
    if (body('end')) {
      return 'ended!'
    }
    if (body('end_throw')) {
      throw Fault.create('cortex.accessDenied.policy', { reason: 'Because!' })
    }
    if (body('end_response')) {
      return require('response').end()
    }
    body('param', 'this is a param from policy')
  }

  @log({ trace: true })
  @policy({ methods: ['get'], paths: '/routes/test-route-halt', priority: 1 })
  routeHaltPolicy({ halt }) {
    return halt()
  }

  @log({ trace: true })
  @policy({ methods: ['get'], paths: '/routes/test-route-halt' })
  routeHaltPolicy2({ halt }) {
    const res = require('response')
    res.setStatusCode(404)
    res.setHeader('Content-Type', 'application/json')
    res.end(JSON.stringify(new RangeError('no way, jesus maria!').toJSON()))
  }

  @route('GET get-all-accounts')
  getAllAccounts({ req, res, body, runtime }) {
    return org.objects.accounts.find().skipAcl(true).grant(8)
  }

  @policy
  static accountsTransform = {
    methods: ['get'], 
    paths: '/routes/get-all-accounts', 
    action: 'Transform', 
    priority: 999,
    transform: 'c_accounts_transform'
  }

}

@transform('c_accounts_transform')
class AccountsTransform extends Transform {

  each(object) {
    if (object.object === 'account' && object.email !== script.principal.email) {
      object.name.first = '*******'
      object.name.last = '*******'
    }
    return object
  }

}

Last updated 4 years ago

Was this helpful?