Skip to main content

PermissionDefinition

PermissionDefinition

@vendure/corepermission-definition.ts

Defines a new Permission with which to control access to GraphQL resolvers & REST controllers. Used in conjunction with the Allow decorator (see example below).

Note: To define CRUD permissions, use the CrudPermissionDefinition.

Example

export const sync = new PermissionDefinition({
  name: 'SyncInventory',
  description: 'Allows syncing stock levels via Admin API'
});
const config: VendureConfig = {
  authOptions: {
    customPermissions: [sync],
  },
}
@Resolver()
export class ExternalSyncResolver {

  @Allow(sync.Permission)
  @Mutation()
  syncStockLevels() {
    // ...
  }
}
Signature
class PermissionDefinition {
    constructor(config: PermissionDefinitionConfig)
    Permission: Permission
}

constructor

method
(config: PermissionDefinitionConfig) => PermissionDefinition

Permission

property
Permission

Returns the permission defined by this definition, for use in the Allow decorator.

CrudPermissionDefinition

@vendure/corepermission-definition.ts

Defines a set of CRUD Permissions for the given name, i.e. a name of 'Wishlist' will create 4 Permissions: 'CreateWishlist', 'ReadWishlist', 'UpdateWishlist' & 'DeleteWishlist'.

Example

export const wishlist = new CrudPermissionDefinition('Wishlist');
const config: VendureConfig = {
  authOptions: {
    customPermissions: [wishlist],
  },
}
@Resolver()
export class WishlistResolver {

  @Allow(wishlist.Create)
  @Mutation()
  createWishlist() {
    // ...
  }
}
Signature
class CrudPermissionDefinition extends PermissionDefinition {
    constructor(name: string, descriptionFn?: (operation: 'create' | 'read' | 'update' | 'delete') => string)
    Create: Permission
    Read: Permission
    Update: Permission
    Delete: Permission
}

constructor

method
(name: string, descriptionFn?: (operation: 'create' | 'read' | 'update' | 'delete') => string) => CrudPermissionDefinition

Create

property
Permission

Returns the 'Create' CRUD permission defined by this definition, for use in the Allow decorator.

Read

property
Permission

Returns the 'Read' CRUD permission defined by this definition, for use in the Allow decorator.

Update

property
Permission

Returns the 'Update' CRUD permission defined by this definition, for use in the Allow decorator.

Delete

property
Permission

Returns the 'Delete' CRUD permission defined by this definition, for use in the Allow decorator.

PermissionDefinitionConfig

@vendure/corepermission-definition.ts

Configures a PermissionDefinition

Signature
interface PermissionDefinitionConfig {
    name: string;
    description?: string;
    assignable?: boolean;
    internal?: boolean;
}

name

property
string

The name of the permission. By convention this should be UpperCamelCased.

description

property
string

A description of the permission.

assignable

property
boolean
default:
true

Whether this permission can be assigned to a Role. In general this should be left as the default true except in special cases.

internal

property
boolean
default:
false

Internal permissions are not exposed via the API and are reserved for special use-cases such at the Owner or Public permissions.