Checks if the input can be handled by this class. If it cannot handle the input, rejects with an error explaining why.
Input that could potentially be handled.
A promise resolving if the input can be handled, rejecting with an Error if not.
Determines the available permissions for the given credentials. Will deny all permissions if credentials are not defined
Store containing all relevant authorization triples.
Credentials to find the permissions for.
Extracts all rules from the store that are relevant for the given target,
based on either the acl:accessTo or acl:default predicates.
Store to filter.
The identifier of which the acl rules need to be known.
If the store contains triples from the direct acl resource of the target or not.
Determines if acl:accessTo or acl:default are used.
A store containing the relevant triples for the given target.
Finds the permissions in the provided WebACL quads.
Store containing all relevant authorization triples.
Credentials to check permissions for.
If the target resource is an acl document.
Finds the ACL data relevant for its resource, and potentially its parent if required. All quads in the resulting store(s) can be interpreted as being relevant ACL rules for their target.
Target to find ACL data for.
If parent ACL data is also needed.
The relevant triples.
Finds the ACL resources from all resources in the path between the two (inclusive) identifiers.
It is important that from is a child path of to, otherwise behaviour is undefined.
The result is a key/value object with the keys being the identifiers of resources in the path that had a corresponding ACL resource, and the value being the contents of that ACL resource.
The function stops after it finds an ACL resource relevant for the to identifier.
This is either its corresponding ACL resource, or one if its parent containers if such a resource does not exist.
Rethrows any non-NotFoundHttpErrors thrown by the ResourceStore.
First resource in the path for which ACL data is needed.
Last resource in the path for which ACL data is needed.
A map with the key being the actual identifier of which the ACL was found and a list of all data found within.
Checks if an agent is allowed to execute the requested actions. Will throw an error if this is not the case.
Relevant data needed to check if access can be granted.
Input data that will be handled if it can be handled.
A promise resolving if the input can be handled, rejecting with an Error if not.
Sets the correct values for non-acl permissions such as create and delete. Also adds the correct values to indicate that having control permission implies having read/write/etc. on the acl resource.
The main reason for keeping the control value is so we can correctly set the WAC-Allow header later.
Handles permissions according to the WAC specification. Specific access checks are done by the provided AccessChecker.