How to use the graphql-mapping-template.comment function in graphql-mapping-template
To help you get started, we’ve selected a few graphql-mapping-template examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
aws-amplify / amplify-cli / packages / graphql-auth-transformer / src / resources.ts View on Github 
variableToCheck: string = 'ctx.args.input',
variableToSet: string = ResourceConstants.SNIPPETS.IsOwnerAuthorizedVariable,
formatComment?: (rule: AuthRule) => string
) {
let ownershipAuthorizationExpressions = [];
let ruleNumber = 0;
for (const rule of rules) {
const ownerAttribute = rule.ownerField || DEFAULT_OWNER_FIELD;
const rawUsername = rule.identityField || rule.identityClaim || DEFAULT_IDENTITY_FIELD;
const isUser = isUsername(rawUsername);
const identityAttribute = replaceIfUsername(rawUsername);
const ownerFieldIsList = fieldIsList(ownerAttribute);
const allowedOwnersVariable = `allowedOwners${ruleNumber}`;
ownershipAuthorizationExpressions = ownershipAuthorizationExpressions.concat(
formatComment
? comment(formatComment(rule))
: comment(`Authorization rule: { allow: ${rule.allow}, ownerField: "${ownerAttribute}", identityClaim: "${identityAttribute}" }`),
set(ref(allowedOwnersVariable), raw(`$util.defaultIfNull($${variableToCheck}.${ownerAttribute}, null)`)),
isUser
? // tslint:disable-next-line
set(
ref('identityValue'),
raw(
`$util.defaultIfNull($ctx.identity.claims.get("${rawUsername}"), $util.defaultIfNull($ctx.identity.claims.get("${identityAttribute}"), "${NONE_VALUE}"))`
)
)
: set(ref('identityValue'), raw(`$util.defaultIfNull($ctx.identity.claims.get("${identityAttribute}"), "${NONE_VALUE}")`)),
// If a list of owners check for at least one.
iff(
raw(`$util.isList($${allowedOwnersVariable})`),
forEach(ref('allowedOwner'), ref(allowedOwnersVariable), [
iff(raw(`$allowedOwner == $identityValue`), set(ref(variableToSet), raw('true'))),variableToCheck: string = 'ctx.args',
variableToSet: string = ResourceConstants.SNIPPETS.IsOwnerAuthorizedVariable,
formatComment?: (rule: AuthRule) => string
) {
let ownershipAuthorizationExpressions = [];
let ruleNumber = 0;
for (const rule of rules) {
const ownerAttribute = rule.ownerField || DEFAULT_OWNER_FIELD;
const rawUsername = rule.identityField || rule.identityClaim || DEFAULT_IDENTITY_FIELD;
const isUser = isUsername(rawUsername);
const identityAttribute = replaceIfUsername(rawUsername);
const allowedOwnersVariable = `allowedOwners${ruleNumber}`;
ownershipAuthorizationExpressions = ownershipAuthorizationExpressions.concat(
formatComment
? comment(formatComment(rule))
: comment(`Authorization rule: { allow: ${rule.allow}, ownerField: "${ownerAttribute}", identityClaim: "${identityAttribute}" }`),
set(ref(allowedOwnersVariable), raw(`$util.defaultIfNull($${variableToCheck}.${ownerAttribute}, null)`)),
isUser
? // tslint:disable-next-line
set(
ref('identityValue'),
raw(`$util.defaultIfNull($ctx.identity.claims.get("${rawUsername}"),
$util.defaultIfNull($ctx.identity.claims.get("${identityAttribute}"), "${NONE_VALUE}"))`)
)
: set(ref('identityValue'), raw(`$util.defaultIfNull($ctx.identity.claims.get("${identityAttribute}"), "${NONE_VALUE}")`)),
// If a list of owners check for at least one.
iff(
raw(`$util.isList($${allowedOwnersVariable})`),
forEach(ref('allowedOwner'), ref(allowedOwnersVariable), [
iff(raw(`$allowedOwner == $identityValue`), set(ref(variableToSet), raw('true'))),
])
),variableToCheck: string = 'ctx.args.input',
variableToSet: string = ResourceConstants.SNIPPETS.IsOwnerAuthorizedVariable,
formatComment?: (rule: AuthRule) => string,
) {
let ownershipAuthorizationExpressions = []
let ruleNumber = 0;
for (const rule of rules) {
const ownerAttribute = rule.ownerField || DEFAULT_OWNER_FIELD
const rawUsername = rule.identityField || DEFAULT_IDENTITY_FIELD
const isUsern = isUsername(rawUsername)
const identityAttribute = replaceIfUsername(rawUsername)
const ownerFieldIsList = fieldIsList(ownerAttribute)
const allowedOwnersVariable = `allowedOwners${ruleNumber}`
ownershipAuthorizationExpressions = ownershipAuthorizationExpressions.concat(
formatComment ?
comment(formatComment(rule)) :
comment(`Authorization rule: { allow: ${rule.allow}, ownerField: "${ownerAttribute}", identityField: "${identityAttribute}" }`),
set(ref(allowedOwnersVariable), raw(`$util.defaultIfNull($${variableToCheck}.${ownerAttribute}, null)`)),
isUsern ?
// tslint:disable-next-line
set(ref('identityValue'), raw(`$util.defaultIfNull($ctx.identity.claims.get("${rawUsername}"), $util.defaultIfNull($ctx.identity.claims.get("${identityAttribute}"), "${NONE_VALUE}"))`)) :
set(ref('identityValue'), raw(`$util.defaultIfNull($ctx.identity.claims.get("${identityAttribute}"), "${NONE_VALUE}")`)),
// If a list of owners check for at least one.
iff(
raw(`$util.isList($${allowedOwnersVariable})`),
forEach(ref('allowedOwner'), ref(allowedOwnersVariable), [
iff(
raw(`$allowedOwner == $identityValue`),
set(ref(variableToSet), raw('true'))),
])
),
// If a single owner check for at least one.public dynamicGroupAuthorizationExpressionForReadOperations(
rules: AuthRule[],
variableToCheck: string = 'ctx.result',
variableToSet: string = ResourceConstants.SNIPPETS.IsDynamicGroupAuthorizedVariable,
defaultValue: Expression = raw(`$util.defaultIfNull($${variableToSet}, false)`)
): Expression {
if (!rules || rules.length === 0) {
return comment(`No Dynamic Group Authorization Rules`);
}
let groupAuthorizationExpressions = [];
for (const rule of rules) {
const groupsAttribute = rule.groupsField || DEFAULT_GROUPS_FIELD;
const groupClaimAttribute = rule.groupClaim || DEFAULT_GROUP_CLAIM;
groupAuthorizationExpressions = groupAuthorizationExpressions.concat(
comment(`Authorization rule: { allow: ${rule.allow}, groupsField: "${groupsAttribute}", groupClaim: "${groupClaimAttribute}" }`),
set(ref('allowedGroups'), ref(`util.defaultIfNull($${variableToCheck}.${groupsAttribute}, [])`)),
this.setUserGroups(rule.groupClaim),
forEach(ref('userGroup'), ref('userGroups'), [
iff(raw('$util.isList($allowedGroups)'), iff(raw(`$allowedGroups.contains($userGroup)`), set(ref(variableToSet), raw('true')))),
iff(raw(`$util.isString($allowedGroups)`), iff(raw(`$allowedGroups == $userGroup`), set(ref(variableToSet), raw('true')))),
])
);
}
// check for group claim herepublic staticGroupAuthorizationExpression(rules: AuthRule[]): Expression {
if (!rules || rules.length === 0) {
return comment(`No Static Group Authorization Rules`)
}
const allowedGroups: string[] = []
for (const rule of rules) {
const groups = rule.groups;
for (const group of groups) {
if (group) {
allowedGroups.push(group);
}
}
}
// TODO: Enhance cognito:groups to work with non cognito based auth.
return block('Static Group Authorization Checks', [
comment(`Authorization rule: { allow: groups, groups: "${JSON.stringify(allowedGroups)}" }`),
this.setUserGroups(),
set(ref('allowedGroups'), list(allowedGroups.map(s => str(s)))),
// tslint:disable-next-lineprivate makeNonNullChecks(nonNullArgs: string[]) {
return compoundExpression([
comment('START: Manually checking that all non-null arguments are provided either in the query or the body'),
iff(
or(nonNullArgs.map((arg: string) => parens(and([raw(`!$ctx.args.body.${arg}`), raw(`!$ctx.args.query.${arg}`)])))),
ref('util.error("An argument you marked as Non-Null is not present ' + 'in the query nor the body of your request."))')
),
comment('END: Manually checking that all non-null arguments are provided either in the query or the body'),
]);
}private dynamicAuthorizationExpressionForCreate(
rules: AuthRule[],
variableToCheck: string = 'ctx.args.input',
variableToSet: string = ResourceConstants.SNIPPETS.IsDynamicGroupAuthorizedVariable,
formatComment?: (rule: AuthRule) => string,
) {
let groupAuthorizationExpressions = []
for (const rule of rules) {
const groupsAttribute = rule.groupsField || DEFAULT_GROUPS_FIELD
groupAuthorizationExpressions = groupAuthorizationExpressions.concat(
formatComment ?
comment(formatComment(rule)) :
comment(`Authorization rule: { allow: ${rule.allow}, groupsField: "${groupsAttribute}" }`),
set(
ref(variableToSet),
raw(`$util.defaultIfNull($${variableToSet}, false)`)
),
forEach(ref('userGroup'), ref('userGroups'), [
iff(
raw(`$util.isList($ctx.args.input.${groupsAttribute})`),
iff(
ref(`${variableToCheck}.${groupsAttribute}.contains($userGroup)`),
set(ref(variableToSet), raw('true'))
),
),
iff(
raw(`$util.isString($ctx.args.input.${groupsAttribute})`),
iff(public dynamicGroupAuthorizationExpressionForCreateOperationsByField(
rules: AuthRule[],
fieldToCheck: string,
variableToCheck: string = 'ctx.args.input',
variableToSet: string = ResourceConstants.SNIPPETS.IsDynamicGroupAuthorizedVariable,
): Expression {
if (!rules || rules.length === 0) {
return comment(`No dynamic group authorization rules for field "${fieldToCheck}"`);
}
let groupAuthorizationExpression: Expression = this.dynamicAuthorizationExpressionForCreate(
rules, variableToCheck, variableToSet,
rule => `Authorization rule on field "${fieldToCheck}": { allow: ${rule.allow}, \
groupsField: "${rule.groupsField || DEFAULT_GROUPS_FIELD}" }`
)
return block(`Dynamic group authorization rules for field "${fieldToCheck}"`, [
groupAuthorizationExpression
])
}public dynamicGroupAuthorizationExpressionForCreateOperations(
rules: AuthRule[],
variableToCheck: string = 'ctx.args.input',
variableToSet: string = ResourceConstants.SNIPPETS.IsDynamicGroupAuthorizedVariable,
): Expression {
if (!rules || rules.length === 0) {
return comment(`No Dynamic Group Authorization Rules`)
}
return block('Dynamic Group Authorization Checks', [
this.dynamicAuthorizationExpressionForCreate(rules, variableToCheck, variableToSet)
])
}graphql-mapping-template
An AST wrapper around AWS AppSync resolvers
Package Health Score
95 / 100Popular graphql-mapping-template functions
- graphql-mapping-template.and
- graphql-mapping-template.block
- graphql-mapping-template.bool
- graphql-mapping-template.comment
- graphql-mapping-template.compoundExpression
- graphql-mapping-template.equals
- graphql-mapping-template.forEach
- graphql-mapping-template.ifElse
- graphql-mapping-template.iff
- graphql-mapping-template.list
- graphql-mapping-template.newline
- graphql-mapping-template.obj
- graphql-mapping-template.or
- graphql-mapping-template.parens
- graphql-mapping-template.print
- graphql-mapping-template.qref
- graphql-mapping-template.raw
- graphql-mapping-template.ref
- graphql-mapping-template.set
- graphql-mapping-template.str