Skip to main content

PermissionDefinition

PermissionDefinition

@vendure/corepermission-definition.ts

Defines a new Permission with which to control access to GraphQL resolvers & REST controllers. Used in conjunction with the Allow decorator (see example below).

Note: To define CRUD permissions, use the CrudPermissionDefinition.

Example

export const sync = new PermissionDefinition({
  name: 'SyncInventory',
  description: 'Allows syncing stock levels via Admin API'
});
const config: VendureConfig = {
  authOptions: {
    customPermissions: [sync],
  },
}
@Resolver()
export class ExternalSyncResolver {

  @Allow(sync.Permission)
  @Mutation()
  syncStockLevels() {
    // ...
  }
}
Signature
class PermissionDefinition {
    constructor(config: PermissionDefinitionConfig)
    Permission: Permission
}

constructor

method
(config: PermissionDefinitionConfig) => PermissionDefinition

Permission

property
Permission

Returns the permission defined by this definition, for use in the

Allow decorator.

CrudPermissionDefinition

@vendure/corepermission-definition.ts

Defines a set of CRUD Permissions for the given name, i.e. a name of 'Wishlist' will create 4 Permissions: 'CreateWishlist', 'ReadWishlist', 'UpdateWishlist' & 'DeleteWishlist'.

Example

export const wishlist = new CrudPermissionDefinition('Wishlist');
const config: VendureConfig = {
  authOptions: {
    customPermissions: [wishlist],
  },
}
@Resolver()
export class WishlistResolver {

  @Allow(wishlist.Create)
  @Mutation()
  createWishlist() {
    // ...
  }
}
Signature
class CrudPermissionDefinition extends PermissionDefinition {
    constructor(name: string, descriptionFn?: (operation: 'create' | 'read' | 'update' | 'delete') => string)
    Create: Permission
    Read: Permission
    Update: Permission
    Delete: Permission
}

constructor

method
(name: string, descriptionFn?: (operation: 'create' | 'read' | 'update' | 'delete') => string) => CrudPermissionDefinition

Create

property
Permission

Returns the 'Create' CRUD permission defined by this definition, for use in the

Allow decorator. ### Read
property
Permission

Returns the 'Read' CRUD permission defined by this definition, for use in the

Allow decorator. ### Update
property
Permission

Returns the 'Update' CRUD permission defined by this definition, for use in the

Allow decorator. ### Delete
property
Permission

Returns the 'Delete' CRUD permission defined by this definition, for use in the

Allow decorator.

PermissionDefinitionConfig

@vendure/corepermission-definition.ts

Configures a PermissionDefinition

Signature
interface PermissionDefinitionConfig {
    name: string;
    description?: string;
    assignable?: boolean;
    internal?: boolean;
}

name

property
string

The name of the permission. By convention this should be UpperCamelCased.

description

property
string

A description of the permission.

assignable

property
boolean
default:
true

Whether this permission can be assigned to a Role. In general this should be left as the default true except in special cases.

internal

property
boolean
default:
false

Internal permissions are not exposed via the API and are reserved for special use-cases such at the Owner or Public permissions.