Mirroristas/CommunitySolidServer
2
0
Fork 0
mirror of https://github.com/CommunitySolidServer/CommunitySolidServer.git synced 2024-10-03 14:55:10 +00:00
Code Issues Packages Projects Releases Wiki Activity
CommunitySolidServer/src/authorization/AuxiliaryReader.ts
Joachim Van Herwegen 7f8b923399 feat: Replace acl specific permissions with generic permissions 
This required AuxiliaryStrategy to have a new function
indicating if the auxiliary resource just used its associated resource authorization
or its own.
2021-09-28 13:06:38 +02:00

58 lines
2.5 KiB
TypeScript
Raw Blame History

import type { AuxiliaryStrategy } from '../ldp/auxiliary/AuxiliaryStrategy';
import type { PermissionSet } from '../ldp/permissions/Permissions';
import { getLoggerFor } from '../logging/LogUtil';
import { NotImplementedHttpError } from '../util/errors/NotImplementedHttpError';
import type { PermissionReaderInput } from './PermissionReader';
import { PermissionReader } from './PermissionReader';
/**
* A PermissionReader for auxiliary resources such as acl or shape resources.
* The access permissions of an auxiliary resource depend on those of the resource it is associated with.
* This authorizer calls the source authorizer with the identifier of the associated resource.
*/
export class AuxiliaryReader extends PermissionReader {
protected readonly logger = getLoggerFor(this);
private readonly resourceReader: PermissionReader;
private readonly auxiliaryStrategy: AuxiliaryStrategy;
public constructor(resourceReader: PermissionReader, auxiliaryStrategy: AuxiliaryStrategy) {
super();
this.resourceReader = resourceReader;
this.auxiliaryStrategy = auxiliaryStrategy;
}
public async canHandle(auxiliaryAuth: PermissionReaderInput): Promise<void> {
const resourceAuth = this.getRequiredAuthorization(auxiliaryAuth);
return this.resourceReader.canHandle(resourceAuth);
}
public async handle(auxiliaryAuth: PermissionReaderInput): Promise<PermissionSet> {
const resourceAuth = this.getRequiredAuthorization(auxiliaryAuth);
this.logger.debug(`Checking auth request for ${auxiliaryAuth.identifier.path} on ${resourceAuth.identifier.path}`);
return this.resourceReader.handle(resourceAuth);
}
public async handleSafe(auxiliaryAuth: PermissionReaderInput): Promise<PermissionSet> {
const resourceAuth = this.getRequiredAuthorization(auxiliaryAuth);
this.logger.debug(`Checking auth request for ${auxiliaryAuth.identifier.path} to ${resourceAuth.identifier.path}`);
return this.resourceReader.handleSafe(resourceAuth);
}
private getRequiredAuthorization(auxiliaryAuth: PermissionReaderInput): PermissionReaderInput {
if (!this.auxiliaryStrategy.isAuxiliaryIdentifier(auxiliaryAuth.identifier)) {
throw new NotImplementedHttpError('AuxiliaryAuthorizer only supports auxiliary resources.');
}
if (this.auxiliaryStrategy.usesOwnAuthorization(auxiliaryAuth.identifier)) {
throw new NotImplementedHttpError('Auxiliary resource uses its own permissions.');
}
return {
...auxiliaryAuth,
identifier: this.auxiliaryStrategy.getAssociatedIdentifier(auxiliaryAuth.identifier),
};
}
}
Reference in New Issue View Git Blame Copy Permalink