mirror of
https://github.com/CommunitySolidServer/CommunitySolidServer.git
synced 2024-10-03 14:55:10 +00:00
feat: Add permissions extractor for acl resources
This commit is contained in:
Joachim Van Herwegen
@@ -42,12 +42,7 @@ export class WebAclAuthorizer extends Authorizer {
|
||||
* @param input - Relevant data needed to check if access can be granted.
|
||||
*/
|
||||
public async handle({ identifier, permissions, credentials }: AuthorizerArgs): Promise<void> {
|
||||
// Solid, §4.3.3: "To discover, read, create, or modify an ACL auxiliary resource, an acl:agent MUST
|
||||
// have acl:Control privileges per the ACL inheritance algorithm on the resource directly associated with it."
|
||||
// https://solid.github.io/specification/protocol#auxiliary-resources-reserved
|
||||
const modes = this.aclStrategy.isAuxiliaryIdentifier(identifier) ?
|
||||
[ 'control' ] :
|
||||
(Object.keys(permissions) as (keyof PermissionSet)[]).filter((key): boolean => permissions[key]);
|
||||
const modes = (Object.keys(permissions) as (keyof PermissionSet)[]).filter((key): boolean => permissions[key]);
|
||||
|
||||
// Verify that all required modes are set for the given agent
|
||||
this.logger.debug(`Checking if ${credentials.webId} has ${modes.join()} permissions for ${identifier.path}`);
|
||||
|
||||
@@ -78,6 +78,7 @@ export * from './ldp/operations/PostOperationHandler';
|
||||
export * from './ldp/operations/PutOperationHandler';
|
||||
|
||||
// LDP/Permissions
|
||||
export * from './ldp/permissions/AclPermissionsExtractor';
|
||||
export * from './ldp/permissions/PermissionSet';
|
||||
export * from './ldp/permissions/PermissionsExtractor';
|
||||
export * from './ldp/permissions/MethodPermissionsExtractor';
|
||||
|
||||
36
src/ldp/permissions/AclPermissionsExtractor.ts
Normal file
36
src/ldp/permissions/AclPermissionsExtractor.ts
Normal file
@@ -0,0 +1,36 @@
|
||||
import { NotImplementedHttpError } from '../../util/errors/NotImplementedHttpError';
|
||||
import type { AuxiliaryIdentifierStrategy } from '../auxiliary/AuxiliaryIdentifierStrategy';
|
||||
import type { Operation } from '../operations/Operation';
|
||||
import type { PermissionSet } from './PermissionSet';
|
||||
import { PermissionsExtractor } from './PermissionsExtractor';
|
||||
|
||||
/**
|
||||
* PermissionsExtractor specifically for acl resources.
|
||||
*
|
||||
* Solid, §4.3.3: "To discover, read, create, or modify an ACL auxiliary resource, an acl:agent MUST have
|
||||
* acl:Control privileges per the ACL inheritance algorithm on the resource directly associated with it."
|
||||
* https://solid.github.io/specification/protocol#auxiliary-resources-reserved
|
||||
*/
|
||||
export class AclPermissionsExtractor extends PermissionsExtractor {
|
||||
private readonly aclStrategy: AuxiliaryIdentifierStrategy;
|
||||
|
||||
public constructor(aclStrategy: AuxiliaryIdentifierStrategy) {
|
||||
super();
|
||||
this.aclStrategy = aclStrategy;
|
||||
}
|
||||
|
||||
public async canHandle({ target }: Operation): Promise<void> {
|
||||
if (!this.aclStrategy.isAuxiliaryIdentifier(target)) {
|
||||
throw new NotImplementedHttpError('Can only determine permissions of acl resources');
|
||||
}
|
||||
}
|
||||
|
||||
public async handle(): Promise<PermissionSet> {
|
||||
return {
|
||||
read: false,
|
||||
write: false,
|
||||
append: false,
|
||||
control: true,
|
||||
};
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user