Private
Readonly
accessPrivate
Readonly
aclPrivate
Readonly
aclPrivate
Readonly
identifierProtected
Readonly
loggerPrivate
Readonly
resourceChecks if the input can be handled by this class. If it cannot handle the input, rejects with an error explaining why.
A promise resolving if the input can be handled, rejecting with an Error if not.
Input that could potentially be handled.
Private
determineDetermines the available permissions for the given credentials. Will deny all permissions if credentials are not defined
Store containing all relevant authorization triples.
Optional
credential: CredentialCredentials to find the permissions for.
Private
filterExtracts all rules from the store that are relevant for the given target,
based on either the acl:accessTo
or acl:default
predicates.
A store containing the relevant triples for the given target.
Store to filter.
The identifier of which the acl rules need to be known.
If the store contains triples from the direct acl resource of the target or not.
Determines if acl:accessTo
or acl:default
are used.
Private
findFor every ACL/identifier combination it finds the relevant ACL triples for that identifier.
This is done in such a way that store results are reused for all matching identifiers.
The split is based on the acl:accessTo
and acl:default
triples.
Map of matches that need to be filtered.
Private
findFinds the permissions in the provided WebACL quads.
Rather than restricting the search to only the required modes, we collect all modes in order to have complete metadata (for instance, for the WAC-Allow header).
A map containing stores of ACL data linked to their relevant identifiers.
Credentials to check permissions for.
Private
getFinds the ACL data relevant for all the given resources. The input set will be modified in place.
A map linking ACL resources to the relevant identifiers.
Targets to find ACL data for.
Private
getFinds the ACL document relevant for the given identifier, following the steps defined in https://solidproject.org/TR/2021/wac-20210711#effective-acl-resource.
The ResourceIdentifier of the relevant ACL document.
ResourceIdentifier of which we need the ACL document.
Checks if an agent is allowed to execute the requested actions. Will throw an error if this is not the case.
Relevant data needed to check if access can be granted.
Helper function that first runs canHandle followed by handle. Throws the error of canHandle if the data cannot be handled, or returns the result of handle otherwise.
A promise resolving if the input can be handled, rejecting with an Error if not.
Input data that will be handled if it can be handled.
Finds the permissions of a resource as defined in the corresponding ACL resource. Does not make any deductions such as checking parent containers for create permissions or applying control permissions for ACL resources.
Specific access checks are done by the provided AccessChecker.