Mirroristas/CommunitySolidServer
2
0
Fork 0
mirror of https://github.com/CommunitySolidServer/CommunitySolidServer.git synced 2024-10-03 14:55:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: Change permission interface to store identifiers

Browse Source
This commit is contained in:
Joachim Van Herwegen
2022-06-29 10:54:04 +02:00
parent b5d5071403
commit 23f0b37c28
11 changed files with 84 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
src/authorization/Authorizer.ts
View File

@@ -1,7 +1,6 @@
import type { CredentialSet } from '../authentication/Credentials';
import type { ResourceIdentifier } from '../http/representation/ResourceIdentifier';
import { AsyncHandler } from '../util/handlers/AsyncHandler';
import type { AccessMode, PermissionSet } from './permissions/Permissions';
import type { AccessMap, PermissionMap } from './permissions/Permissions';
export interface AuthorizerInput {
/**
@@ -9,17 +8,13 @@ export interface AuthorizerInput {
*/
credentials: CredentialSet;
/**
* Identifier of the resource that will be read/modified.
* Requested access modes per resource.
*/
identifier: ResourceIdentifier;
requestedModes: AccessMap;
/**
* Modes that are requested on the resource.
* Actual permissions available per resource and per credential group.
*/
modes: Set<AccessMode>;
/**
* Permissions that are available for the request.
*/
permissionSet: PermissionSet;
availablePermissions: PermissionMap;
}
/**

20
src/authorization/PermissionReader.ts
View File

@@ -1,26 +1,22 @@
import type { CredentialSet } from '../authentication/Credentials';
import type { ResourceIdentifier } from '../http/representation/ResourceIdentifier';
import { AsyncHandler } from '../util/handlers/AsyncHandler';
import type { AccessMode, PermissionSet } from './permissions/Permissions';
import type { AccessMap, PermissionMap } from './permissions/Permissions';
export interface PermissionReaderInput {
/**
* Credentials of the entity that wants to use the resource.
* Credentials of the entity requesting access to resources.
*/
credentials: CredentialSet;
/**
* Identifier of the resource that will be read/modified.
* For each credential, the reader will check which of the given per-resource access modes are available.
* However, non-exhaustive information about other access modes and resources can still be returned.
*/
identifier: ResourceIdentifier;
/**
* This is the minimum set of access modes the output needs to contain,
* allowing the handler to limit its search space to this set.
* However, non-exhaustive information about other access modes can still be returned.
*/
modes: Set<AccessMode>;
requestedModes: AccessMap;
}
/**
* Discovers the permissions of the given credentials on the given identifier.
* In case the reader finds no permission for the requested identifiers and credentials
* it can return an empty or incomplete map.
*/
export abstract class PermissionReader extends AsyncHandler<PermissionReaderInput, PermissionSet> {}
export abstract class PermissionReader extends AsyncHandler<PermissionReaderInput, PermissionMap> {}

4
src/authorization/permissions/ModesExtractor.ts
View File

@@ -1,8 +1,8 @@
import type { Operation } from '../../http/Operation';
import { AsyncHandler } from '../../util/handlers/AsyncHandler';
import type { AccessMode } from './Permissions';
import type { AccessMap } from './Permissions';
/**
* Extracts all {@link AccessMode}s that are necessary to execute the given {@link Operation}.
*/
export abstract class ModesExtractor extends AsyncHandler<Operation, Set<AccessMode>> {}
export abstract class ModesExtractor extends AsyncHandler<Operation, AccessMap> {}

14
src/authorization/permissions/Permissions.ts
View File

@@ -1,4 +1,5 @@
import type { CredentialGroup } from '../../authentication/Credentials';
import type { IdentifierMap, IdentifierSetMultiMap } from '../../util/map/IdentifierMap';
/**
* Different modes that require permission.
@@ -11,9 +12,22 @@ export enum AccessMode {
delete = 'delete',
}
/**
* Access modes per identifier.
*/
export type AccessMap = IdentifierSetMultiMap<AccessMode>;
/**
* A data interface indicating which permissions are required (based on the context).
*/
export type Permission = Partial<Record<AccessMode, boolean>>;
/**
* Permission per CredentialGroup.
*/
export type PermissionSet = Partial<Record<CredentialGroup, Permission>>;
/**
* PermissionSet per identifier.
*/
export type PermissionMap = IdentifierMap<PermissionSet>;