Finds the permissions of a resource as defined in the corresponding ACL resource. Does not make any deductions such as checking parent containers for create permissions or applying control permissions for ACL resources.

Specific access checks are done by the provided AccessChecker.




accessChecker: AccessChecker
aclStore: ResourceStore
identifierStrategy: IdentifierStrategy
logger: Logger = ...
resourceSet: ResourceSet


  • Checks if the input can be handled by this class. If it cannot handle the input, rejects with an error explaining why.


    Returns Promise<void>

    A promise resolving if the input can be handled, rejecting with an Error if not.

  • Extracts all rules from the store that are relevant for the given target, based on either the acl:accessTo or acl:default predicates.


    • store: Store<Quad, Quad, Quad, Quad>

      Store to filter.

    • target: string

      The identifier of which the acl rules need to be known.

    • directAcl: boolean

      If the store contains triples from the direct acl resource of the target or not. Determines if acl:accessTo or acl:default are used.

    Returns Promise<Store<Quad, Quad, Quad, Quad>>

    A store containing the relevant triples for the given target.

  • For every ACL/identifier combination it finds the relevant ACL triples for that identifier. This is done in such a way that store results are reused for all matching identifiers. The split is based on the acl:accessTo and acl:default triples.


    Returns Promise<Map<Store<Quad, Quad, Quad, Quad>, ResourceIdentifier[]>>

  • Finds the permissions in the provided WebACL quads.

    Rather than restricting the search to only the required modes, we collect all modes in order to have complete metadata (for instance, for the WAC-Allow header).


    • aclMap: Map<Store<Quad, Quad, Quad, Quad>, ResourceIdentifier[]>

      A map containing stores of ACL data linked to their relevant identifiers.

    • credentials: Credentials

      Credentials to check permissions for.

    Returns Promise<PermissionMap>