feat: Extract set of required modes instead of PermissionSet

2024-10-03 14:55:10 +00:00 · 2021-09-27 14:00:29 +02:00
parent ba1886ab85
commit e8dedf5c23
40 changed files with 183 additions and 254 deletions
--- a/src/authorization/Authorizer.ts
+++ b/src/authorization/Authorizer.ts
@@ -1,5 +1,5 @@
 import type { CredentialSet } from '../authentication/Credentials';
-import type { PermissionSet } from '../ldp/permissions/PermissionSet';
+import type { AccessMode } from '../ldp/permissions/PermissionSet';
 import type { ResourceIdentifier } from '../ldp/representation/ResourceIdentifier';
 import { AsyncHandler } from '../util/handlers/AsyncHandler';
 import type { Authorization } from './Authorization';
@@ -14,9 +14,9 @@ export interface AuthorizerInput {
   */
  identifier: ResourceIdentifier;
  /**
-   * Permissions that are requested on the resource.
+   * Modes that are requested on the resource.
   */
-  permissions: PermissionSet;
+  modes: Set<AccessMode>;
 }

 /**
--- a/src/authorization/WebAclAuthorizer.ts
+++ b/src/authorization/WebAclAuthorizer.ts
@@ -3,6 +3,7 @@ import { Store } from 'n3';
 import type { Credential, CredentialSet } from '../authentication/Credentials';
 import type { AuxiliaryIdentifierStrategy } from '../ldp/auxiliary/AuxiliaryIdentifierStrategy';
 import type { PermissionSet } from '../ldp/permissions/PermissionSet';
+import { AccessMode } from '../ldp/permissions/PermissionSet';
 import type { Representation } from '../ldp/representation/Representation';
 import type { ResourceIdentifier } from '../ldp/representation/ResourceIdentifier';
 import { getLoggerFor } from '../logging/LogUtil';
@@ -22,11 +23,11 @@ import type { AuthorizerInput } from './Authorizer';
 import { Authorizer } from './Authorizer';
 import { WebAclAuthorization } from './WebAclAuthorization';

-const modesMap: Record<string, keyof PermissionSet> = {
-  [ACL.Read]: 'read',
-  [ACL.Write]: 'write',
-  [ACL.Append]: 'append',
-  [ACL.Control]: 'control',
+const modesMap: Record<string, AccessMode> = {
+  [ACL.Read]: AccessMode.read,
+  [ACL.Write]: AccessMode.write,
+  [ACL.Append]: AccessMode.append,
+  [ACL.Control]: AccessMode.control,
 } as const;

 /**
@@ -61,11 +62,10 @@ export class WebAclAuthorizer extends Authorizer {
   * Will throw an error if this is not the case.
   * @param input - Relevant data needed to check if access can be granted.
   */
-  public async handle({ identifier, permissions, credentials }: AuthorizerInput):
+  public async handle({ identifier, modes, credentials }: AuthorizerInput):
  Promise<WebAclAuthorization> {
-    // Determine the required access modes
-    const modes = (Object.keys(permissions) as (keyof PermissionSet)[]).filter((key): boolean => permissions[key]);
-    this.logger.debug(`Checking if ${credentials.agent?.webId} has ${modes.join()} permissions for ${identifier.path}`);
+    const modeString = [ ...modes ].join(',');
+    this.logger.debug(`Checking if ${credentials.agent?.webId} has ${modeString} permissions for ${identifier.path}`);

    // Determine the full authorization for the agent granted by the applicable ACL
    const acl = await this.getAclRecursive(identifier);
@@ -76,7 +76,7 @@ export class WebAclAuthorizer extends Authorizer {
    for (const mode of modes) {
      this.requirePermission(agent, authorization, mode);
    }
-    this.logger.debug(`${agent.webId} has ${modes.join()} permissions for ${identifier.path}`);
+    this.logger.debug(`${agent.webId} has ${modeString} permissions for ${identifier.path}`);
    return authorization;
  }