Options
All
  • Public
  • Public/Protected
  • All
Menu

Class WebAclAuthorizer

Handles most web access control predicates such as acl:mode, acl:agentClass, acl:agent, acl:default and acl:accessTo. Does not support acl:agentGroup, acl:origin and acl:trustedApp yet.

Hierarchy

Index

Constructors

Properties

Methods

Constructors

constructor

Properties

Private Readonly aclStrategy

aclStrategy: AuxiliaryIdentifierStrategy

Private Readonly identifierStrategy

identifierStrategy: IdentifierStrategy

Protected Readonly logger

logger: Logger = ...

Private Readonly resourceStore

resourceStore: ResourceStore

Methods

canHandle

Private capitalize

  • capitalize(mode: string): string

Private checkPermission

Private createAuthorization

Private createPermissions

Private filterData

  • filterData(data: Representation, predicate: string, object: string): Promise<Store<Quad, Quad>>

  • Finds all triples in the data stream of the given representation that use the given predicate and object. Then extracts the unique subjects from those triples, and returns a Store containing all triples from the data stream that have such a subject.

    This can be useful for finding the acl:Authorization objects corresponding to a specific URI and returning all relevant information on them.

    Parameters

    • data: Representation

      Representation with data stream of internal/quads.

    • predicate: string

      Predicate to match.

    • object: string

      Object to match.

    Returns Promise<Store<Quad, Quad>>

    A store containing the relevant triples.

Private getAclRecursive

  • Returns the acl triples that are relevant for the given identifier. These can either be from a corresponding acl file or an acl file higher up with defaults. Rethrows any non-NotFoundHttpErrors thrown by the ResourceStore.

    Parameters

    • id: ResourceIdentifier

      ResourceIdentifier of which we need the acl triples.

    • Optional recurse: boolean

      Only used internally for recursion.

    Returns Promise<Store<Quad, Quad>>

    A store containing the relevant acl triples.

Private getModePermissions

  • getModePermissions(store: Store<Quad, Quad>, aclMode: string): Term[]

  • Returns the identifiers of all authorizations that grant the given mode access for a resource.

    Parameters

    • store: Store<Quad, Quad>

      The store containing the quads of the acl resource.

    • aclMode: string

      A valid acl mode (ACL.Write/Read/...)

    Returns Term[]

handle

handleSafe

  • Helper function that first runs the canHandle function followed by the handle function. Throws the error of the canHandle function if the data can't be handled, or returns the result of the handle function otherwise.

    Parameters

    • input: AuthorizerArgs

      Input data that will be handled if it can be handled.

    Returns Promise<Authorization>

    A promise resolving if the input can be handled, rejecting with an Error if not. Return value depends on the given type.

Private hasAccess

  • hasAccess(agent: Credentials, auth: Term, store: Store<Quad, Quad>): boolean

  • Checks if the given agent has access to the modes specified by the given authorization.

    Parameters

    • agent: Credentials

      Credentials of agent that needs access.

    • auth: Term

      acl:Authorization that needs to be checked.

    • store: Store<Quad, Quad>

      A store containing the relevant triples of the authorization.

    Returns boolean

    If the agent has access.

Private hasPermission

  • hasPermission(agent: Credentials, store: Store<Quad, Quad>, mode: "read" | "append" | "write" | "control"): boolean

  • Checks if the given agent has permission to execute the given mode based on the triples in the store.

    Parameters

    • agent: Credentials

      Agent that wants access.

    • store: Store<Quad, Quad>

      A store containing the relevant triples for authorization.

    • mode: "read" | "append" | "write" | "control"

      Which mode is requested.

    Returns boolean