From fd131033e27581a97e81b0aa05f680b7eba6aa59 Mon Sep 17 00:00:00 2001
From: Muhammad Aaqil <aaqilcs102@gmail.com>
Date: Sat, 4 Jan 2025 23:17:31 +0500
Subject: [PATCH] feat: support restricted properties for authorization

Signed-off-by: Muhammad Aaqil <aaqilcs102@gmail.com>
---
 packages/authorization/src/authorize-interceptor.ts | 13 ++++++++++++-
 packages/authorization/src/keys.ts                  |  4 ++++
 2 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/packages/authorization/src/authorize-interceptor.ts b/packages/authorization/src/authorize-interceptor.ts
index 54b05d6e96ac..6fac61a07170 100644
--- a/packages/authorization/src/authorize-interceptor.ts
+++ b/packages/authorization/src/authorize-interceptor.ts
@@ -125,7 +125,18 @@ export class AuthorizationInterceptor implements Provider<Interceptor> {
       error.statusCode = this.options.defaultStatusCodeForDeny;
       throw error;
     }
-    return next();
+    const restrictedProperties: string[] = await invocationCtx.get(
+      AuthorizationTags.RESTRICTED_FIELDS,
+    );
+    const result = await next();
+    if (result && restrictedProperties) {
+      restrictedProperties.forEach(property => {
+        if (typeof result === 'object') {
+          delete (result as Record<string, unknown>)[property];
+        }
+      });
+    }
+    return result;
   }
 }
 
diff --git a/packages/authorization/src/keys.ts b/packages/authorization/src/keys.ts
index 1c3d29c8767d..e779b447b8f9 100644
--- a/packages/authorization/src/keys.ts
+++ b/packages/authorization/src/keys.ts
@@ -28,4 +28,8 @@ export namespace AuthorizationTags {
    * A tag for authorizers
    */
   export const AUTHORIZER = 'authorizer';
+  /**
+   * A tag for restricted fields
+   */
+  export const RESTRICTED_FIELDS = 'restricted.fields';
 }