Private Readonly accessPrivate Readonly aclPrivate Readonly aclPrivate Readonly identifierProtected Readonly loggerChecks if the input can be handled by this class. If it cannot handle the input, rejects with an error explaining why.
A promise resolving if the input can be handled, rejecting with an Error if not.
Input that could potentially be handled.
Private determineDetermines the available permissions for the given credentials. Will deny all permissions if credentials are not defined
Store containing all relevant authorization triples.
Optional credentials: CredentialCredentials to find the permissions for.
Private filterExtracts all rules from the store that are relevant for the given target,
based on either the acl:accessTo or acl:default predicates.
A store containing the relevant triples for the given target.
Store to filter.
The identifier of which the acl rules need to be known.
If the store contains triples from the direct acl resource of the target or not.
Determines if acl:accessTo or acl:default are used.
Private findFinds the permissions in the provided WebACL quads.
Store containing all relevant authorization triples.
Credentials to check permissions for.
If the target resource is an acl document.
Private getFinds the ACL data relevant for its resource, and potentially its parent if required. All quads in the resulting store(s) can be interpreted as being relevant ACL rules for their target.
The relevant triples.
Target to find ACL data for.
If parent ACL data is also needed.
Private getFinds the ACL resources from all resources in the path between the two (inclusive) identifiers.
It is important that from is a child path of to, otherwise behaviour is undefined.
The result is a key/value object with the keys being the identifiers of resources in the path that had a corresponding ACL resource, and the value being the contents of that ACL resource.
The function stops after it finds an ACL resource relevant for the to identifier.
This is either its corresponding ACL resource, or one if its parent containers if such a resource does not exist.
Rethrows any non-NotFoundHttpErrors thrown by the ResourceStore.
A map with the key being the actual identifier of which the ACL was found and a list of all data found within.
First resource in the path for which ACL data is needed.
Last resource in the path for which ACL data is needed.
Checks if an agent is allowed to execute the requested actions. Will throw an error if this is not the case.
Relevant data needed to check if access can be granted.
Helper function that first runs canHandle followed by handle. Throws the error of canHandle if the data cannot be handled, or returns the result of handle otherwise.
A promise resolving if the input can be handled, rejecting with an Error if not.
Input data that will be handled if it can be handled.
Private updateSets the correct values for non-acl permissions such as create and delete. Also adds the correct values to indicate that having control permission implies having read/write/etc. on the acl resource.
The main reason for keeping the control value is so we can correctly set the WAC-Allow header later.
Handles permissions according to the WAC specification. Specific access checks are done by the provided AccessChecker.