Mirroristas/CommunitySolidServer
2
0
Fork 0
mirror of https://github.com/CommunitySolidServer/CommunitySolidServer.git synced 2024-10-03 14:55:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore: Generalize authorization configurations

Browse Source
This commit is contained in:
Joachim Van Herwegen 2022-11-17 16:08:26 +01:00
parent 9b15b1d7e1
commit 2d54493485
6 changed files with 59 additions and 71 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
config/ldp/authorization/acp.json
View File

@ -2,35 +2,9 @@
"@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^5.0.0/components/context.jsonld",
"import": [
"css:config/ldp/authorization/readers/acp.json",
"css:config/ldp/authorization/readers/ownership.json"
"css:config/ldp/authorization/readers/default.json"
],
"@graph": [
{
"comment": "Requests permissions on subject resources for auxiliary resources.",
"@id": "urn:solid-server:default:PermissionReader",
"@type": "AuxiliaryReader",
"auxiliaryStrategy": { "@id": "urn:solid-server:default:AuxiliaryStrategy" },
"reader": {
"@type": "UnionPermissionReader",
"readers": [
{
"comment": "This PermissionReader will be used to prevent external access to containers used for internal storage.",
"@id": "urn:solid-server:default:PathBasedReader",
"@type": "PathBasedReader",
"baseUrl": { "@id": "urn:solid-server:default:variable:baseUrl" }
},
{
"@id": "urn:solid-server:default:OwnerPermissionReader",
"@type": "OwnerPermissionReader",
"authStrategy": { "@id": "urn:solid-server:default:AcrStrategy" }
},
{
"comment": "Uses Web Access Control for authorization.",
"@id": "urn:solid-server:default:WrappedAcpReader"
}
]
}
},
{
"comment": "The templates for ACP authorization documents are in the acp subfolder.",
"@id": "urn:solid-server:default:TemplatedResourcesGenerator",

12
config/ldp/authorization/readers/acl.json
View File

@ -7,19 +7,17 @@
],
"@graph": [
{
"comment": "Adds parent container checks needed for create/delete permissions.",
"@id": "urn:solid-server:default:WrappedWebAclReader",
"@type": "ParentContainerReader",
"identifierStrategy": { "@id": "urn:solid-server:default:IdentifierStrategy" },
"reader": { "@id": "urn:solid-server:default:WebAclAuxiliaryReader" }
"@id": "urn:solid-server:default:OwnerPermissionReader",
"@type": "OwnerPermissionReader",
"authStrategy": { "@id": "urn:solid-server:default:AclStrategy" }
},
{
"comment": "Reinterprets Control permissions as Read/Write on the ACL document.",
"@id": "urn:solid-server:default:WebAclAuxiliaryReader",
"@id": "urn:solid-server:default:AuthAuxiliaryReader",
"@type": "AuthAuxiliaryReader",
"authStrategy": { "@id": "urn:solid-server:default:AclStrategy" },
"reader": { "@id": "urn:solid-server:default:WebAclReader" }
},
{
"comment": "Reads out permissions from an ACL document for subject resources.",
"@id": "urn:solid-server:default:WebAclReader",

12
config/ldp/authorization/readers/acp.json
View File

@ -2,19 +2,17 @@
"@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^5.0.0/components/context.jsonld",
"@graph": [
{
"comment": "Adds parent container checks needed for create/delete permissions.",
"@id": "urn:solid-server:default:WrappedAcpReader",
"@type": "ParentContainerReader",
"identifierStrategy": { "@id": "urn:solid-server:default:IdentifierStrategy" },
"reader": { "@id": "urn:solid-server:default:AcrAuxiliaryReader" }
"@id": "urn:solid-server:default:OwnerPermissionReader",
"@type": "OwnerPermissionReader",
"authStrategy": { "@id": "urn:solid-server:default:AcrStrategy" }
},
{
"comment": "Reinterprets Control permissions as Read/Write on the ACR document.",
"@id": "urn:solid-server:default:AcrAuxiliaryReader",
"@id": "urn:solid-server:default:AuthAuxiliaryReader",
"@type": "AuthAuxiliaryReader",
"authStrategy": { "@id": "urn:solid-server:default:AcrStrategy" },
"reader": { "@id": "urn:solid-server:default:AcpReader" }
},
{
"comment": "Reads out permissions from ACR documents for subject resources.",
"@id": "urn:solid-server:default:AcpReader",

44
config/ldp/authorization/readers/default.json Normal file
View File

@ -0,0 +1,44 @@
{
"@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^5.0.0/components/context.jsonld",
"import": [
"css:config/ldp/authorization/readers/ownership.json"
],
"@graph": [
{
"comment": "Requests permissions on subject resources for auxiliary resources.",
"@id": "urn:solid-server:default:PermissionReader",
"@type": "AuxiliaryReader",
"auxiliaryStrategy": { "@id": "urn:solid-server:default:AuxiliaryStrategy" },
"reader": {
"@type": "UnionPermissionReader",
"readers": [
{
"comment": "This PermissionReader will be used to prevent external access to containers used for internal storage.",
"@id": "urn:solid-server:default:PathBasedReader",
"@type": "PathBasedReader",
"baseUrl": { "@id": "urn:solid-server:default:variable:baseUrl" }
},
{
"comment": "The config that determines the authorization strategy needs to set the `authStrategy` field of this object.",
"@id": "urn:solid-server:default:OwnerPermissionReader",
"@type": "OwnerPermissionReader"
},
{
"comment": "Adds parent container checks needed for create/delete permissions.",
"@id": "urn:solid-server:default:ParentContainerReader",
"@type": "ParentContainerReader",
"identifierStrategy": { "@id": "urn:solid-server:default:IdentifierStrategy" },
"reader": {
"comment": [
"Reinterprets Control permissions as Read/Write on the auth resource.",
"The config that determines the authorization strategy needs to set the `authStrategy` and `reader` fields of this object."
],
"@id": "urn:solid-server:default:AuthAuxiliaryReader",
"@type": "AuthAuxiliaryReader"
}
}
]
}
}
]
}

28
config/ldp/authorization/webacl.json
View File

@ -3,35 +3,9 @@
"import": [
"css:config/ldp/authorization/acl/wac-allow.json",
"css:config/ldp/authorization/readers/acl.json",
"css:config/ldp/authorization/readers/ownership.json"
"css:config/ldp/authorization/readers/default.json"
],
"@graph": [
{
"comment": "Requests permissions on subject resources for auxiliary resources.",
"@id": "urn:solid-server:default:PermissionReader",
"@type": "AuxiliaryReader",
"auxiliaryStrategy": { "@id": "urn:solid-server:default:AuxiliaryStrategy" },
"reader": {
"@type": "UnionPermissionReader",
"readers": [
{
"comment": "This PermissionReader will be used to prevent external access to containers used for internal storage.",
"@id": "urn:solid-server:default:PathBasedReader",
"@type": "PathBasedReader",
"baseUrl": { "@id": "urn:solid-server:default:variable:baseUrl" }
},
{
"@id": "urn:solid-server:default:OwnerPermissionReader",
"@type": "OwnerPermissionReader",
"authStrategy": { "@id": "urn:solid-server:default:AclStrategy" }
},
{
"comment": "Uses Web Access Control for authorization.",
"@id": "urn:solid-server:default:WrappedWebAclReader"
}
]
}
},
{
"comment": "The templates for WAC authorization documents are in the wac subfolder.",
"@id": "urn:solid-server:default:TemplatedResourcesGenerator",

6
src/http/output/response/ResponseDescription.ts
View File

@ -6,9 +6,9 @@ import type { RepresentationMetadata } from '../../representation/Representation
* The result of executing an operation.
*/
export class ResponseDescription {
public readonly statusCode: number;
public readonly metadata?: RepresentationMetadata;
public readonly data?: Guarded<Readable>;
public statusCode: number;
public metadata?: RepresentationMetadata;
public data?: Guarded<Readable>;
/**
* @param statusCode - Status code to return.