Class PermissionBasedAuthorizer

Authorizer that bases its decision on the output it gets from its PermissionReader. For each permission it checks if the reader allows that for at least one credential type, if yes, authorization is granted. undefined values for reader results are interpreted as false.




logger: Logger = ...
resourceSet: ResourceSet


  • Checks whether the input can be handled by this class. If it cannot handle the input, rejects with an error explaining why.


    Returns Promise<void>

    A promise resolving if the input can be handled, rejecting with an Error if not.

  • If we know the operation will return a 404 regardless (= resource does not exist and is not being created), and the agent is allowed to know about its existence (= the agent has Read permissions), then immediately send the 404 here, as it makes any other agent permissions irrelevant.

    Otherwise, deny access based on existing grounds.


    Returns Promise<never>