mirror of
https://github.com/CommunitySolidServer/CommunitySolidServer.git
synced 2024-10-03 14:55:10 +00:00
chore: Generalize authorization configurations
This commit is contained in:
Joachim Van Herwegen
parent
9b15b1d7e1
commit
2d54493485
@ -2,35 +2,9 @@
|
|||||||
"@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^5.0.0/components/context.jsonld",
|
"@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^5.0.0/components/context.jsonld",
|
||||||
"import": [
|
"import": [
|
||||||
"css:config/ldp/authorization/readers/acp.json",
|
"css:config/ldp/authorization/readers/acp.json",
|
||||||
"css:config/ldp/authorization/readers/ownership.json"
|
"css:config/ldp/authorization/readers/default.json"
|
||||||
],
|
],
|
||||||
"@graph": [
|
"@graph": [
|
||||||
{
|
|
||||||
"comment": "Requests permissions on subject resources for auxiliary resources.",
|
|
||||||
"@id": "urn:solid-server:default:PermissionReader",
|
|
||||||
"@type": "AuxiliaryReader",
|
|
||||||
"auxiliaryStrategy": { "@id": "urn:solid-server:default:AuxiliaryStrategy" },
|
|
||||||
"reader": {
|
|
||||||
"@type": "UnionPermissionReader",
|
|
||||||
"readers": [
|
|
||||||
{
|
|
||||||
"comment": "This PermissionReader will be used to prevent external access to containers used for internal storage.",
|
|
||||||
"@id": "urn:solid-server:default:PathBasedReader",
|
|
||||||
"@type": "PathBasedReader",
|
|
||||||
"baseUrl": { "@id": "urn:solid-server:default:variable:baseUrl" }
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"@id": "urn:solid-server:default:OwnerPermissionReader",
|
|
||||||
"@type": "OwnerPermissionReader",
|
|
||||||
"authStrategy": { "@id": "urn:solid-server:default:AcrStrategy" }
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"comment": "Uses Web Access Control for authorization.",
|
|
||||||
"@id": "urn:solid-server:default:WrappedAcpReader"
|
|
||||||
}
|
|
||||||
]
|
|
||||||
}
|
|
||||||
},
|
|
||||||
{
|
{
|
||||||
"comment": "The templates for ACP authorization documents are in the acp subfolder.",
|
"comment": "The templates for ACP authorization documents are in the acp subfolder.",
|
||||||
"@id": "urn:solid-server:default:TemplatedResourcesGenerator",
|
"@id": "urn:solid-server:default:TemplatedResourcesGenerator",
|
||||||
|
|||||||
@ -7,19 +7,17 @@
|
|||||||
],
|
],
|
||||||
"@graph": [
|
"@graph": [
|
||||||
{
|
{
|
||||||
"comment": "Adds parent container checks needed for create/delete permissions.",
|
"@id": "urn:solid-server:default:OwnerPermissionReader",
|
||||||
"@id": "urn:solid-server:default:WrappedWebAclReader",
|
"@type": "OwnerPermissionReader",
|
||||||
"@type": "ParentContainerReader",
|
"authStrategy": { "@id": "urn:solid-server:default:AclStrategy" }
|
||||||
"identifierStrategy": { "@id": "urn:solid-server:default:IdentifierStrategy" },
|
|
||||||
"reader": { "@id": "urn:solid-server:default:WebAclAuxiliaryReader" }
|
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"comment": "Reinterprets Control permissions as Read/Write on the ACL document.",
|
"@id": "urn:solid-server:default:AuthAuxiliaryReader",
|
||||||
"@id": "urn:solid-server:default:WebAclAuxiliaryReader",
|
|
||||||
"@type": "AuthAuxiliaryReader",
|
"@type": "AuthAuxiliaryReader",
|
||||||
"authStrategy": { "@id": "urn:solid-server:default:AclStrategy" },
|
"authStrategy": { "@id": "urn:solid-server:default:AclStrategy" },
|
||||||
"reader": { "@id": "urn:solid-server:default:WebAclReader" }
|
"reader": { "@id": "urn:solid-server:default:WebAclReader" }
|
||||||
},
|
},
|
||||||
|
|
||||||
{
|
{
|
||||||
"comment": "Reads out permissions from an ACL document for subject resources.",
|
"comment": "Reads out permissions from an ACL document for subject resources.",
|
||||||
"@id": "urn:solid-server:default:WebAclReader",
|
"@id": "urn:solid-server:default:WebAclReader",
|
||||||
|
|||||||
@ -2,19 +2,17 @@
|
|||||||
"@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^5.0.0/components/context.jsonld",
|
"@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^5.0.0/components/context.jsonld",
|
||||||
"@graph": [
|
"@graph": [
|
||||||
{
|
{
|
||||||
"comment": "Adds parent container checks needed for create/delete permissions.",
|
"@id": "urn:solid-server:default:OwnerPermissionReader",
|
||||||
"@id": "urn:solid-server:default:WrappedAcpReader",
|
"@type": "OwnerPermissionReader",
|
||||||
"@type": "ParentContainerReader",
|
"authStrategy": { "@id": "urn:solid-server:default:AcrStrategy" }
|
||||||
"identifierStrategy": { "@id": "urn:solid-server:default:IdentifierStrategy" },
|
|
||||||
"reader": { "@id": "urn:solid-server:default:AcrAuxiliaryReader" }
|
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"comment": "Reinterprets Control permissions as Read/Write on the ACR document.",
|
"@id": "urn:solid-server:default:AuthAuxiliaryReader",
|
||||||
"@id": "urn:solid-server:default:AcrAuxiliaryReader",
|
|
||||||
"@type": "AuthAuxiliaryReader",
|
"@type": "AuthAuxiliaryReader",
|
||||||
"authStrategy": { "@id": "urn:solid-server:default:AcrStrategy" },
|
"authStrategy": { "@id": "urn:solid-server:default:AcrStrategy" },
|
||||||
"reader": { "@id": "urn:solid-server:default:AcpReader" }
|
"reader": { "@id": "urn:solid-server:default:AcpReader" }
|
||||||
},
|
},
|
||||||
|
|
||||||
{
|
{
|
||||||
"comment": "Reads out permissions from ACR documents for subject resources.",
|
"comment": "Reads out permissions from ACR documents for subject resources.",
|
||||||
"@id": "urn:solid-server:default:AcpReader",
|
"@id": "urn:solid-server:default:AcpReader",
|
||||||
|
|||||||
44
config/ldp/authorization/readers/default.json
Normal file
44
config/ldp/authorization/readers/default.json
Normal file
@ -0,0 +1,44 @@
|
|||||||
|
{
|
||||||
|
"@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^5.0.0/components/context.jsonld",
|
||||||
|
"import": [
|
||||||
|
"css:config/ldp/authorization/readers/ownership.json"
|
||||||
|
],
|
||||||
|
"@graph": [
|
||||||
|
{
|
||||||
|
"comment": "Requests permissions on subject resources for auxiliary resources.",
|
||||||
|
"@id": "urn:solid-server:default:PermissionReader",
|
||||||
|
"@type": "AuxiliaryReader",
|
||||||
|
"auxiliaryStrategy": { "@id": "urn:solid-server:default:AuxiliaryStrategy" },
|
||||||
|
"reader": {
|
||||||
|
"@type": "UnionPermissionReader",
|
||||||
|
"readers": [
|
||||||
|
{
|
||||||
|
"comment": "This PermissionReader will be used to prevent external access to containers used for internal storage.",
|
||||||
|
"@id": "urn:solid-server:default:PathBasedReader",
|
||||||
|
"@type": "PathBasedReader",
|
||||||
|
"baseUrl": { "@id": "urn:solid-server:default:variable:baseUrl" }
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"comment": "The config that determines the authorization strategy needs to set the `authStrategy` field of this object.",
|
||||||
|
"@id": "urn:solid-server:default:OwnerPermissionReader",
|
||||||
|
"@type": "OwnerPermissionReader"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"comment": "Adds parent container checks needed for create/delete permissions.",
|
||||||
|
"@id": "urn:solid-server:default:ParentContainerReader",
|
||||||
|
"@type": "ParentContainerReader",
|
||||||
|
"identifierStrategy": { "@id": "urn:solid-server:default:IdentifierStrategy" },
|
||||||
|
"reader": {
|
||||||
|
"comment": [
|
||||||
|
"Reinterprets Control permissions as Read/Write on the auth resource.",
|
||||||
|
"The config that determines the authorization strategy needs to set the `authStrategy` and `reader` fields of this object."
|
||||||
|
],
|
||||||
|
"@id": "urn:solid-server:default:AuthAuxiliaryReader",
|
||||||
|
"@type": "AuthAuxiliaryReader"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
@ -3,35 +3,9 @@
|
|||||||
"import": [
|
"import": [
|
||||||
"css:config/ldp/authorization/acl/wac-allow.json",
|
"css:config/ldp/authorization/acl/wac-allow.json",
|
||||||
"css:config/ldp/authorization/readers/acl.json",
|
"css:config/ldp/authorization/readers/acl.json",
|
||||||
"css:config/ldp/authorization/readers/ownership.json"
|
"css:config/ldp/authorization/readers/default.json"
|
||||||
],
|
],
|
||||||
"@graph": [
|
"@graph": [
|
||||||
{
|
|
||||||
"comment": "Requests permissions on subject resources for auxiliary resources.",
|
|
||||||
"@id": "urn:solid-server:default:PermissionReader",
|
|
||||||
"@type": "AuxiliaryReader",
|
|
||||||
"auxiliaryStrategy": { "@id": "urn:solid-server:default:AuxiliaryStrategy" },
|
|
||||||
"reader": {
|
|
||||||
"@type": "UnionPermissionReader",
|
|
||||||
"readers": [
|
|
||||||
{
|
|
||||||
"comment": "This PermissionReader will be used to prevent external access to containers used for internal storage.",
|
|
||||||
"@id": "urn:solid-server:default:PathBasedReader",
|
|
||||||
"@type": "PathBasedReader",
|
|
||||||
"baseUrl": { "@id": "urn:solid-server:default:variable:baseUrl" }
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"@id": "urn:solid-server:default:OwnerPermissionReader",
|
|
||||||
"@type": "OwnerPermissionReader",
|
|
||||||
"authStrategy": { "@id": "urn:solid-server:default:AclStrategy" }
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"comment": "Uses Web Access Control for authorization.",
|
|
||||||
"@id": "urn:solid-server:default:WrappedWebAclReader"
|
|
||||||
}
|
|
||||||
]
|
|
||||||
}
|
|
||||||
},
|
|
||||||
{
|
{
|
||||||
"comment": "The templates for WAC authorization documents are in the wac subfolder.",
|
"comment": "The templates for WAC authorization documents are in the wac subfolder.",
|
||||||
"@id": "urn:solid-server:default:TemplatedResourcesGenerator",
|
"@id": "urn:solid-server:default:TemplatedResourcesGenerator",
|
||||||
|
|||||||
@ -6,9 +6,9 @@ import type { RepresentationMetadata } from '../../representation/Representation
|
|||||||
* The result of executing an operation.
|
* The result of executing an operation.
|
||||||
*/
|
*/
|
||||||
export class ResponseDescription {
|
export class ResponseDescription {
|
||||||
public readonly statusCode: number;
|
public statusCode: number;
|
||||||
public readonly metadata?: RepresentationMetadata;
|
public metadata?: RepresentationMetadata;
|
||||||
public readonly data?: Guarded<Readable>;
|
public data?: Guarded<Readable>;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @param statusCode - Status code to return.
|
* @param statusCode - Status code to return.
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user