Private Readonly accessPrivate Readonly aclPrivate Readonly aclPrivate Readonly identifierProtected Readonly loggerPrivate Readonly resourceChecks if the input can be handled by this class. If it cannot handle the input, rejects with an error explaining why.
A promise resolving if the input can be handled, rejecting with an Error if not.
Input that could potentially be handled.
Private determineDetermines the available permissions for the given credentials. Will deny all permissions if credentials are not defined
Store containing all relevant authorization triples.
Optional credential: CredentialCredentials to find the permissions for.
Private filterExtracts all rules from the store that are relevant for the given target,
based on either the acl:accessTo or acl:default predicates.
A store containing the relevant triples for the given target.
Store to filter.
The identifier of which the acl rules need to be known.
If the store contains triples from the direct acl resource of the target or not.
Determines if acl:accessTo or acl:default are used.
Private findFor every ACL/identifier combination it finds the relevant ACL triples for that identifier.
This is done in such a way that store results are reused for all matching identifiers.
The split is based on the acl:accessTo and acl:default triples.
Map of matches that need to be filtered.
Private findFinds the permissions in the provided WebACL quads.
Rather than restricting the search to only the required modes, we collect all modes in order to have complete metadata (for instance, for the WAC-Allow header).
A map containing stores of ACL data linked to their relevant identifiers.
Credentials to check permissions for.
Private getFinds the ACL data relevant for all the given resources. The input set will be modified in place.
A map linking ACL resources to the relevant identifiers.
Targets to find ACL data for.
Private getFinds the ACL document relevant for the given identifier, following the steps defined in https://solidproject.org/TR/2021/wac-20210711#effective-acl-resource.
The ResourceIdentifier of the relevant ACL document.
ResourceIdentifier of which we need the ACL document.
Checks if an agent is allowed to execute the requested actions. Will throw an error if this is not the case.
Relevant data needed to check if access can be granted.
Helper function that first runs canHandle followed by handle. Throws the error of canHandle if the data cannot be handled, or returns the result of handle otherwise.
A promise resolving if the input can be handled, rejecting with an Error if not.
Input data that will be handled if it can be handled.
Finds the permissions of a resource as defined in the corresponding ACL resource. Does not make any deductions such as checking parent containers for create permissions or applying control permissions for ACL resources.
Specific access checks are done by the provided AccessChecker.