Private Readonly accessPrivate Readonly aclPrivate Readonly aclPrivate Readonly identifierProtected Readonly loggerPrivate Readonly resourceChecks if the input can be handled by this class. If it cannot handle the input, rejects with an error explaining why.
Input that could potentially be handled.
A promise resolving if the input can be handled, rejecting with an Error if not.
Private determineDetermines the available permissions for the given credentials.
Store containing all relevant authorization triples.
Credentials to find the permissions for.
Private filterExtracts all rules from the store that are relevant for the given target,
based on either the acl:accessTo or acl:default predicates.
Store to filter.
The identifier of which the acl rules need to be known.
If the store contains triples from the direct acl resource of the target or not.
Determines if acl:accessTo or acl:default are used.
A store containing the relevant triples for the given target.
Private findFor every ACL/identifier combination it finds the relevant ACL triples for that identifier.
This is done in such a way that store results are reused for all matching identifiers.
The split is based on the acl:accessTo and acl:default triples.
Map of matches that need to be filtered.
Private findFinds the permissions in the provided WebACL quads.
Rather than restricting the search to only the required modes, we collect all modes in order to have complete metadata (for instance, for the WAC-Allow header).
A map containing stores of ACL data linked to their relevant identifiers.
Credentials to check permissions for.
Private getFinds the ACL data relevant for all the given resources. The input set will be modified in place.
Targets to find ACL data for.
A map linking ACL resources to the relevant identifiers.
Private getFinds the ACL document relevant for the given identifier, following the steps defined in https://solidproject.org/TR/2021/wac-20210711#effective-acl-resource.
ResourceIdentifier of which we need the ACL document.
The ResourceIdentifier of the relevant ACL document.
Checks if an agent is allowed to execute the requested actions. Will throw an error if this is not the case.
Relevant data needed to check if access can be granted.
Helper function that first runs canHandle followed by handle. Throws the error of canHandle if the data cannot be handled, or returns the result of handle otherwise.
Input data that will be handled if it can be handled.
A promise resolving if the input can be handled, rejecting with an Error if not.
Finds the permissions of a resource as defined in the corresponding ACL resource. Does not make any deductions such as checking parent containers for create permissions or applying control permissions for ACL resources.
Specific access checks are done by the provided AccessChecker.