UNPKG

@backstage-community/plugin-rbac-common

Version:

Common functionalities for the rbac-common plugin

196 lines (192 loc) 5.35 kB
import { NotAllowedError } from '@backstage/errors'; import * as _backstage_plugin_permission_common from '@backstage/plugin-permission-common'; import { ConditionalPolicyDecision, PermissionAttributes, ResourcePermission } from '@backstage/plugin-permission-common'; /** * @public * 'rest' created via REST API * 'csv-file' created via policies-csv-file with defined path in the application configuration * 'configuration' created from application configuration * 'legacy'; preexisting policies */ type Source = string; /** * @public */ type PermissionPolicyMetadata = { source: Source; }; /** * @public */ type RoleMetadata = { description?: string; source?: Source; modifiedBy?: string; author?: string; lastModified?: string; createdAt?: string; owner?: string; /** * When true, this role is the default role applied to all users and groups. */ isDefault?: boolean; }; /** * @public */ type Policy = { permission?: string; policy?: string; }; /** * @public */ type RoleBasedPolicy = Policy & { entityReference?: string; effect?: string; metadata?: PermissionPolicyMetadata; }; /** * @public */ type Role = { memberReferences: string[]; name: string; metadata?: RoleMetadata; }; /** * @public */ type UpdatePolicy = { oldPolicy: Policy; newPolicy: Policy; }; /** * @public */ type NamedPolicy = { name: string; policy: string; }; /** * @public */ type ResourcedPolicy = NamedPolicy & { resourceType: string; }; /** * @public */ type PolicyDetails = NamedPolicy | ResourcedPolicy; /** * @public */ declare function isResourcedPolicy(policy: PolicyDetails): policy is ResourcedPolicy; /** * @public */ type PluginPermissionMetaData = { pluginId: string; policies: PolicyDetails[]; }; /** * @public */ type NonEmptyArray<T> = [T, ...T[]]; /** * @public * Permission framework attributes action has values: 'create' | 'read' | 'update' | 'delete' | undefined. * But we are introducing an action named "use" when action does not exist('undefined') to avoid * a more complicated model with multiple policy and request shapes. */ declare const PermissionActionValues: readonly ["create", "read", "update", "delete", "use"]; /** * @public */ type PermissionAction = (typeof PermissionActionValues)[number]; /** * @public */ declare const toPermissionAction: (attr: PermissionAttributes) => PermissionAction; /** * @public */ declare function isValidPermissionAction(action: string): action is PermissionAction; /** * @public */ type PermissionInfo = { name: string; action: PermissionAction; }; /** * @public * Frontend should use RoleConditionalPolicyDecision<PermissionAction> */ type RoleConditionalPolicyDecision<T extends PermissionAction | PermissionInfo> = ConditionalPolicyDecision & { id: number; roleEntityRef: string; permissionMapping: T[]; }; /** * @public */ declare const ConditionalAliases: { readonly CURRENT_USER: "currentUser"; readonly OWNER_REFS: "ownerRefs"; }; /** * @public */ declare const CONDITION_ALIAS_SIGN = "$"; /** * @public * UnauthorizedError should be uniformely used for authorization errors. */ declare class UnauthorizedError extends NotAllowedError { constructor(); } /** * @public * List of plugins that are supports Backstage permission framework. */ type PermissionDependentPluginList = { ids: string[]; }; /** * @public */ declare const RESOURCE_TYPE_POLICY_ENTITY = "policy-entity"; /** * @public * Convenience type for permission entity */ type PolicyEntityPermission = ResourcePermission<typeof RESOURCE_TYPE_POLICY_ENTITY>; /** * @public * This permission is used to authorize actions that involve reading * permission policies. */ declare const policyEntityReadPermission: ResourcePermission<"policy-entity">; /** * @public * This permission is used to authorize the creation of new permission policies. */ declare const policyEntityCreatePermission: _backstage_plugin_permission_common.BasicPermission; /** * @public * This permission is used to authorize actions that involve removing permission * policies. */ declare const policyEntityDeletePermission: ResourcePermission<"policy-entity">; /** * @public * This permission is used to authorize updating permission policies */ declare const policyEntityUpdatePermission: ResourcePermission<"policy-entity">; /** * @public * List of all permissions on permission polices. */ declare const policyEntityPermissions: (ResourcePermission<"policy-entity"> | _backstage_plugin_permission_common.BasicPermission)[]; export { CONDITION_ALIAS_SIGN, ConditionalAliases, type NamedPolicy, type NonEmptyArray, type PermissionAction, PermissionActionValues, type PermissionDependentPluginList, type PermissionInfo, type PermissionPolicyMetadata, type PluginPermissionMetaData, type Policy, type PolicyDetails, type PolicyEntityPermission, RESOURCE_TYPE_POLICY_ENTITY, type ResourcedPolicy, type Role, type RoleBasedPolicy, type RoleConditionalPolicyDecision, type RoleMetadata, type Source, UnauthorizedError, type UpdatePolicy, isResourcedPolicy, isValidPermissionAction, policyEntityCreatePermission, policyEntityDeletePermission, policyEntityPermissions, policyEntityReadPermission, policyEntityUpdatePermission, toPermissionAction };