@backstage-community/plugin-rbac-common
Version:
Common functionalities for the rbac-common plugin
192 lines (188 loc) • 5.22 kB
TypeScript
import { NotAllowedError } from '@backstage/errors';
import * as _backstage_plugin_permission_common from '@backstage/plugin-permission-common';
import { PermissionAttributes, ConditionalPolicyDecision, ResourcePermission } from '@backstage/plugin-permission-common';
/**
* @public
* 'rest' created via REST API
* 'csv-file' created via policies-csv-file with defined path in the application configuration
* 'configuration' created from application configuration
* 'legacy'; preexisting policies
*/
type Source = string;
/**
* @public
*/
type PermissionPolicyMetadata = {
source: Source;
};
/**
* @public
*/
type RoleMetadata = {
description?: string;
source?: Source;
modifiedBy?: string;
author?: string;
lastModified?: string;
createdAt?: string;
owner?: string;
};
/**
* @public
*/
type Policy = {
permission?: string;
policy?: string;
};
/**
* @public
*/
type RoleBasedPolicy = Policy & {
entityReference?: string;
effect?: string;
metadata?: PermissionPolicyMetadata;
};
/**
* @public
*/
type Role = {
memberReferences: string[];
name: string;
metadata?: RoleMetadata;
};
/**
* @public
*/
type UpdatePolicy = {
oldPolicy: Policy;
newPolicy: Policy;
};
/**
* @public
*/
type NamedPolicy = {
name: string;
policy: string;
};
/**
* @public
*/
type ResourcedPolicy = NamedPolicy & {
resourceType: string;
};
/**
* @public
*/
type PolicyDetails = NamedPolicy | ResourcedPolicy;
/**
* @public
*/
declare function isResourcedPolicy(policy: PolicyDetails): policy is ResourcedPolicy;
/**
* @public
*/
type PluginPermissionMetaData = {
pluginId: string;
policies: PolicyDetails[];
};
/**
* @public
*/
type NonEmptyArray<T> = [T, ...T[]];
/**
* @public
* Permission framework attributes action has values: 'create' | 'read' | 'update' | 'delete' | undefined.
* But we are introducing an action named "use" when action does not exist('undefined') to avoid
* a more complicated model with multiple policy and request shapes.
*/
declare const PermissionActionValues: readonly ["create", "read", "update", "delete", "use"];
/**
* @public
*/
type PermissionAction = (typeof PermissionActionValues)[number];
/**
* @public
*/
declare const toPermissionAction: (attr: PermissionAttributes) => PermissionAction;
/**
* @public
*/
declare function isValidPermissionAction(action: string): action is PermissionAction;
/**
* @public
*/
type PermissionInfo = {
name: string;
action: PermissionAction;
};
/**
* @public
* Frontend should use RoleConditionalPolicyDecision<PermissionAction>
*/
type RoleConditionalPolicyDecision<T extends PermissionAction | PermissionInfo> = ConditionalPolicyDecision & {
id: number;
roleEntityRef: string;
permissionMapping: T[];
};
/**
* @public
*/
declare const ConditionalAliases: {
readonly CURRENT_USER: "currentUser";
readonly OWNER_REFS: "ownerRefs";
};
/**
* @public
*/
declare const CONDITION_ALIAS_SIGN = "$";
/**
* @public
* UnauthorizedError should be uniformely used for authorization errors.
*/
declare class UnauthorizedError extends NotAllowedError {
constructor();
}
/**
* @public
* List of plugins that are supports Backstage permission framework.
*/
type PermissionDependentPluginList = {
ids: string[];
};
/**
* @public
*/
declare const RESOURCE_TYPE_POLICY_ENTITY = "policy-entity";
/**
* @public
* Convenience type for permission entity
*/
type PolicyEntityPermission = ResourcePermission<typeof RESOURCE_TYPE_POLICY_ENTITY>;
/**
* @public
* This permission is used to authorize actions that involve reading
* permission policies.
*/
declare const policyEntityReadPermission: ResourcePermission<"policy-entity">;
/**
* @public
* This permission is used to authorize the creation of new permission policies.
*/
declare const policyEntityCreatePermission: _backstage_plugin_permission_common.BasicPermission;
/**
* @public
* This permission is used to authorize actions that involve removing permission
* policies.
*/
declare const policyEntityDeletePermission: ResourcePermission<"policy-entity">;
/**
* @public
* This permission is used to authorize updating permission policies
*/
declare const policyEntityUpdatePermission: ResourcePermission<"policy-entity">;
/**
* @public
* List of all permissions on permission polices.
*/
declare const policyEntityPermissions: (ResourcePermission<"policy-entity"> | _backstage_plugin_permission_common.BasicPermission)[];
export { CONDITION_ALIAS_SIGN, ConditionalAliases, type NamedPolicy, type NonEmptyArray, type PermissionAction, PermissionActionValues, type PermissionDependentPluginList, type PermissionInfo, type PermissionPolicyMetadata, type PluginPermissionMetaData, type Policy, type PolicyDetails, type PolicyEntityPermission, RESOURCE_TYPE_POLICY_ENTITY, type ResourcedPolicy, type Role, type RoleBasedPolicy, type RoleConditionalPolicyDecision, type RoleMetadata, type Source, UnauthorizedError, type UpdatePolicy, isResourcedPolicy, isValidPermissionAction, policyEntityCreatePermission, policyEntityDeletePermission, policyEntityPermissions, policyEntityReadPermission, policyEntityUpdatePermission, toPermissionAction };