Options
All
  • Public
  • Public/Protected
  • All
Menu

Class WebAclAuthorizer

Handles most web access control predicates such as acl:mode, acl:agentClass, acl:agent, acl:default and acl:accessTo. Does not support acl:agentGroup, acl:origin and acl:trustedApp yet.

Hierarchy

Index

Constructors

Properties

Methods

Constructors

constructor

Properties

Private Readonly aclManager

aclManager: AclManager

Private Readonly identifierStrategy

identifierStrategy: IdentifierStrategy

Protected Readonly logger

logger: Logger = ...

Private Readonly resourceStore

resourceStore: ResourceStore

Methods

canHandle

  • Checks if the input data can be handled by this class. Throws an error if it can't handle the data.

    Parameters

    Returns Promise<void>

    A promise resolving if this input can be handled, rejecting with an Error if not.

Private capitalize

  • capitalize(mode: string): string

Private checkPermission

  • checkPermission(agent: Credentials, store: Store<Quad, Quad>, mode: string): void

  • Checks if any of the triples in the store grant the agent permission to use the given mode. Throws a ForbiddenHttpError or UnauthorizedHttpError depending on the credentials if access is not allowed.

    Parameters

    • agent: Credentials

      Agent that wants access.

    • store: Store<Quad, Quad>

      A store containing the relevant triples for authorization.

    • mode: string

      Which mode is requested. Probable one of ('write' | 'read' | 'append' | 'control').

    Returns void

Private filterData

  • filterData(data: Representation, predicate: string, object: string): Promise<Store<Quad, Quad>>

  • Finds all triples in the data stream of the given representation that use the given predicate and object. Then extracts the unique subjects from those triples, and returns a Store containing all triples from the data stream that have such a subject.

    This can be useful for finding the acl:Authorization objects corresponding to a specific URI and returning all relevant information on them.

    Parameters

    • data: Representation

      Representation with data stream of internal/quads.

    • predicate: string

      Predicate to match.

    • object: string

      Object to match.

    Returns Promise<Store<Quad, Quad>>

    A store containing the relevant triples.

Private getAclRecursive

  • Returns the acl triples that are relevant for the given identifier. These can either be from a corresponding acl file or an acl file higher up with defaults. Rethrows any non-NotFoundHttpErrors thrown by the AclManager or ResourceStore.

    Parameters

    • id: ResourceIdentifier

      ResourceIdentifier of which we need the acl triples.

    • Optional recurse: boolean

      Only used internally for recursion.

    Returns Promise<Store<Quad, Quad>>

    A store containing the relevant acl triples.

handle

handleSafe

  • Helper function that first runs the canHandle function followed by the handle function. Throws the error of the canHandle function if the data can't be handled, or returns the result of the handle function otherwise.

    Parameters

    Returns Promise<void>

    The result of the handle function of the handler.

Private hasAccess

  • hasAccess(agent: Credentials, auth: Term, store: Store<Quad, Quad>): boolean

  • Checks if the given agent has access to the modes specified by the given authorization.

    Parameters

    • agent: Credentials

      Credentials of agent that needs access.

    • auth: Term

      acl:Authorization that needs to be checked.

    • store: Store<Quad, Quad>

      A store containing the relevant triples of the authorization.

    Returns boolean

    If the agent has access.