Class PermissionBasedAuthorizer

Authorizer that bases its decision on the output it gets from its PermissionReader. For each permission it checks if the reader allows that for at least one credential type, if yes authorization is granted. undefined values for reader results are interpreted as false.

Hierarchy

Authorizer
- PermissionBasedAuthorizer

Index

Constructors

constructor

new PermissionBasedAuthorizer(resourceSet): PermissionBasedAuthorizer
The existence of the target resource determines the output status code for certain situations. The provided ResourceSet will be used for that.
Parameters
- resourceSet: ResourceSet
  
  ResourceSet that can verify the target resource existence.
Returns PermissionBasedAuthorizer
Overrides Authorizer.constructor
- Defined in src/authorization/PermissionBasedAuthorizer.ts:29

Properties

`Protected` `Readonly` logger

logger: Logger = ...

`Private` `Readonly` resourceSet

resourceSet: ResourceSet

Methods

canHandle

canHandle(input): Promise<void>
Checks if the input can be handled by this class. If it cannot handle the input, rejects with an error explaining why.
Parameters
- input: AuthorizerInput
  
  Input that could potentially be handled.
Returns Promise<void>
A promise resolving if the input can be handled, rejecting with an Error if not.
Inherited from Authorizer.canHandle
- Defined in src/util/handlers/AsyncHandler.ts:17

handle

handle(input): Promise<void>
Handles the given input. This may only be called if canHandle did not reject. When unconditionally calling both in sequence, consider handleSafe instead.
Parameters
- input: AuthorizerInput
  
  Input that needs to be handled.
Returns Promise<void>
A promise resolving when handling is finished.
Overrides Authorizer.handle
- Defined in src/authorization/PermissionBasedAuthorizer.ts:34

handleSafe

handleSafe(input): Promise<void>
Helper function that first runs canHandle followed by handle. Throws the error of canHandle if the data cannot be handled, or returns the result of handle otherwise.
Parameters
- input: AuthorizerInput
  
  Input data that will be handled if it can be handled.
Returns Promise<void>
A promise resolving if the input can be handled, rejecting with an Error if not.
Inherited from Authorizer.handleSafe
- Defined in src/util/handlers/AsyncHandler.ts:38

`Private` isAuthenticated

isAuthenticated(credentials): boolean
Checks whether the agent is authenticated (logged in) or not (public/anonymous).
Parameters
- credentials: Credentials
  
  Credentials to check.
Returns boolean
- Defined in src/authorization/PermissionBasedAuthorizer.ts:97

`Private` reportAccessError

reportAccessError(identifier, modes, permissionSet, cause): Promise<never>
If we know the operation will return a 404 regardless (= resource does not exist and is not being created), and the agent is allowed to know about its existence (= the agent has Read permissions), then immediately send the 404 here, as it makes any other agent permissions irrelevant.

Otherwise, deny access based on existing grounds.
Parameters
- identifier: ResourceIdentifier
- modes: ReadonlySet<AccessMode>
- permissionSet: Partial<Record<AccessMode, boolean>>
- cause: unknown
Returns Promise<never>
- Defined in src/authorization/PermissionBasedAuthorizer.ts:60

`Private` requireModePermission

requireModePermission(credentials, permissionSet, mode): void
Ensures that at least one of the credentials provides permissions for the given mode. Throws a ForbiddenHttpError or UnauthorizedHttpError depending on the credentials if access is not allowed.
Parameters
- credentials: Credentials
  
  Credentials that require access.
- permissionSet: Partial<Record<AccessMode, boolean>>
  
  PermissionSet describing the available permissions of the credentials.
- mode: AccessMode
  
  Which mode is requested.
Returns void
- Defined in src/authorization/PermissionBasedAuthorizer.ts:78

Class PermissionBasedAuthorizer

Hierarchy

Index

Constructors

Properties

Methods

Constructors

constructor

Parameters

resourceSet: ResourceSet

Returns PermissionBasedAuthorizer

Properties

Protected Readonly logger

Private Readonly resourceSet

Methods

canHandle

Parameters

input: AuthorizerInput

Returns Promise<void>

handle

Parameters

input: AuthorizerInput

Returns Promise<void>

handleSafe

Parameters

input: AuthorizerInput

Returns Promise<void>

Private isAuthenticated

Parameters

credentials: Credentials

Returns boolean

Private reportAccessError

Parameters

identifier: ResourceIdentifier

modes: ReadonlySet<AccessMode>

permissionSet: Partial<Record<AccessMode, boolean>>

cause: unknown

Returns Promise<never>

Private requireModePermission

Parameters

credentials: Credentials

permissionSet: Partial<Record<AccessMode, boolean>>

mode: AccessMode

Returns void

Settings

Member Visibility

Theme

On This Page

`Protected` `Readonly` logger

`Private` `Readonly` resourceSet

`Private` isAuthenticated

`Private` reportAccessError

`Private` requireModePermission