Mirroristas/CommunitySolidServer
2
0
Fork 0
mirror of https://github.com/CommunitySolidServer/CommunitySolidServer.git synced 2024-10-03 14:55:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: Pass access modes to PermissionReaders

Browse Source 
This allows PermissionReaders to potentially only check the necessary access modes
for potential performance optimization.
This commit is contained in:
Joachim Van Herwegen
2022-02-23 15:19:20 +01:00
parent 706f0d5316
commit 2ae5924dde
11 changed files with 69 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/authorization/PermissionReader.ts
View File

@@ -1,7 +1,7 @@
import type { CredentialSet } from '../authentication/Credentials';
import type { ResourceIdentifier } from '../http/representation/ResourceIdentifier';
import { AsyncHandler } from '../util/handlers/AsyncHandler';
import type { PermissionSet } from './permissions/Permissions';
import type { AccessMode, PermissionSet } from './permissions/Permissions';
export interface PermissionReaderInput {
/**
@@ -12,6 +12,12 @@ export interface PermissionReaderInput {
* Identifier of the resource that will be read/modified.
*/
identifier: ResourceIdentifier;
/**
* This is the minimum set of access modes the output needs to contain,
* allowing the handler to limit its search space to this set.
* However, non-exhaustive information about other access modes can still be returned.
*/
modes: Set<AccessMode>;
}
/**

3
src/authorization/WebAclReader.ts
View File

@@ -64,7 +64,8 @@ export class WebAclReader extends PermissionReader {
const isAcl = this.aclStrategy.isAuxiliaryIdentifier(identifier);
const mainIdentifier = isAcl ? this.aclStrategy.getSubjectIdentifier(identifier) : identifier;
// Determine the full authorization for the agent granted by the applicable ACL
// Determine the full authorization for the agent granted by the applicable ACL.
// Note that we don't filter on input modes as all results are needed for the WAC-Allow header.
const acl = await this.getAclRecursive(mainIdentifier);
return this.createPermissions(credentials, acl, isAcl);
}

2
src/server/AuthorizingHttpHandler.ts
View File

@@ -66,7 +66,7 @@ export class AuthorizingHttpHandler extends OperationHttpHandler {
const modes = await this.modesExtractor.handleSafe(operation);
this.logger.verbose(`Required modes are read: ${[ ...modes ].join(',')}`);
const permissionSet = await this.permissionReader.handleSafe({ credentials, identifier: operation.target });
const permissionSet = await this.permissionReader.handleSafe({ credentials, identifier: operation.target, modes });
this.logger.verbose(`Available permissions are ${JSON.stringify(permissionSet)}`);
try {