UNPKG

@inrupt/solid-client

Version:

Make your web apps work with Solid Pods.

docs.inrupt.com/client-libraries/solid-client-js/

inrupt/solid-client-js

331 lines (330 loc) • 20.3 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
/** * Copyright 2020 Inrupt Inc. * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal in * the Software without restriction, including without limitation the rights to use, * copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the * Software, and to permit persons to whom the Software is furnished to do so, * subject to the following conditions: * * The above copyright notice and this permission notice shall be included in * all copies or substantial portions of the Software. * * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ import { WithAccessibleAcr, WithAcp } from "../acp/acp"; import { IriString, UrlString, WebId, WithResourceInfo } from "../interfaces"; import { Access } from "./universal"; export declare function internal_hasInaccessiblePolicies(resource: WithAccessibleAcr & WithResourceInfo): boolean; declare const knownActorRelations: ("http://www.w3.org/ns/solid/acp#agent" | "http://www.w3.org/ns/solid/acp#group")[]; /** * Union type of all relations defined in `knownActorRelations`. * * When the ACP spec evolves to support additional relations of Rules to Actors, * adding those relations to `knownActorRelations` will cause TypeScript to warn * us everywhere to update everywhere the ActorRelation type is used and that * needs additional work to handle it. */ declare type ActorRelation = typeof knownActorRelations extends Array<infer E> ? E : never; /** * Get an overview of what access is defined for a given actor in a Resource's Access Control Resource. * * This will only return a value if all relevant access is defined in just the Resource's Access * Control Resource; in other words, if an Access Policy or Access Rule applies that is re-used for * other Resources, this function will not be able to determine the access relevant to this actor. * * Additionally, this only considers access given _explicitly_ to the given actor, i.e. without * additional conditions. * * In other words, this function will generally understand and return the access as set by * [[internal_setActorAccess]], but not understand more convoluted Policies. * * @param resource Resource that was fetched together with its linked Access Control Resource. * @param actorRelation What type of actor (e.g. acp:agent or acp:group) you want to get the access for. * @param actor Which instance of the given actor type you want to get the access for. * @returns What Access modes are granted to the given actor explicitly, or null if it could not be determined. */ export declare function internal_getActorAccess(resource: WithResourceInfo & WithAcp, actorRelation: ActorRelation, actor: IriString): Access | null; /** * Get an overview of what access is defined for a given Agent in a Resource's Access Control Resource. * * This will only return a value if all relevant access is defined in just the Resource's Access * Control Resource; in other words, if an Access Policy or Access Rule applies that is re-used for * other Resources, this function will not be able to determine the access relevant to this Agent. * * Additionally, this only considers access given _explicitly_ to the given Agent, i.e. without * additional conditions. * * In other words, this function will generally understand and return the access as set by * [[internal_setAgentAccess]], but not understand more convoluted Policies. * * @param resource Resource that was fetched together with its linked Access Control Resource. * @param webId WebID of the Agent you want to get the access for. * @returns What Access modes are granted to the given Agent explicitly, or null if it could not be determined. */ export declare function internal_getAgentAccess(resource: WithResourceInfo & WithAcp, webId: WebId): Access | null; /** * Get an overview of what access is defined for a given Group in a Resource's Access Control Resource. * * This will only return a value if all relevant access is defined in just the Resource's Access * Control Resource; in other words, if an Access Policy or Access Rule applies that is re-used for * other Resources, this function will not be able to determine the access relevant to this Group. * * Additionally, this only considers access given _explicitly_ to the given Group, i.e. without * additional conditions. * * In other words, this function will generally understand and return the access as set by * [[internal_setGroupAccess]], but not understand more convoluted Policies. * * @param resource Resource that was fetched together with its linked Access Control Resource. * @param groupUrl URL of the Group you want to get the access for. * @returns What Access modes are granted to the given Group explicitly, or null if it could not be determined. */ export declare function internal_getGroupAccess(resource: WithResourceInfo & WithAcp, groupUrl: UrlString): Access | null; /** * Get an overview of what access is defined for everybody in a Resource's Access Control Resource. * * This will only return a value if all relevant access is defined in just the Resource's Access * Control Resource; in other words, if an Access Policy or Access Rule applies that is re-used for * other Resources, this function will not be able to determine the access relevant to everybody. * * Additionally, this only considers access given _explicitly_ to everybody, i.e. without * additional conditions. * * In other words, this function will generally understand and return the access as set by * [[internal_setPublicAccess]], but not understand more convoluted Policies. * * @param resource Resource that was fetched together with its linked Access Control Resource. * @returns What Access modes are granted to everyone explicitly, or null if it could not be determined. */ export declare function internal_getPublicAccess(resource: WithResourceInfo & WithAcp): Access | null; /** * Get an overview of what access is defined for all authenticated Agents in a Resource's Access Control Resource. * * This will only return a value if all relevant access is defined in just the Resource's Access * Control Resource; in other words, if an Access Policy or Access Rule applies that is re-used for * other Resources, this function will not be able to determine the access relevant to authenticated * Agents. * * Additionally, this only considers access given _explicitly_ to authenticated Agents, i.e. without * additional conditions. * * In other words, this function will generally understand and return the access as set by * [[internal_setAuthenticatedAccess]], but not understand more convoluted Policies. * * @param resource Resource that was fetched together with its linked Access Control Resource. * @returns What Access modes are granted to authenticated users explicitly, or null if it could not be determined. */ export declare function internal_getAuthenticatedAccess(resource: WithResourceInfo & WithAcp): Access | null; /** * Iterate through all the actors active for an ACR, and list all of their access. * @param resource The resource for which we want to list the access * @param actorRelation The type of actor we want to list access for * @returns A map with each actor access indexed by their URL, or null if some * external policies are referenced. */ export declare function internal_getActorAccessAll(resource: WithResourceInfo & WithAcp, actorRelation: ActorRelation): Record<string, Access> | null; /** * Get an overview of what access are defined for all Groups in a Resource's Access Control Resource. * * This will only return a value if all relevant access is defined in just the Resource's Access * Control Resource; in other words, if an Access Policy or Access Rule applies that is re-used for * other Resources, this function will not be able to determine the access relevant to the mentionned * Groups. * * Additionally, this only considers access given _explicitly_ to individual Groups, i.e. without * additional conditions. * * In other words, this function will generally understand and return the access as set by * [[internal_setAgentAccess]], but not understand more convoluted Policies. * * @param resource Resource that was fetched together with its linked Access Control Resource. * @returns A map with each Group's access indexed by their URL, or null if some * external policies are referenced. */ export declare function internal_getGroupAccessAll(resource: WithResourceInfo & WithAcp): Record<UrlString, Access> | null; /** * Get an overview of what access are defined for all Agents in a Resource's Access Control Resource. * * This will only return a value if all relevant access is defined in just the Resource's Access * Control Resource; in other words, if an Access Policy or Access Rule applies that is re-used for * other Resources, this function will not be able to determine the access relevant to the mentionned * Agents. * * Additionally, this only considers access given _explicitly_ to individual Agents, i.e. without * additional conditions. * * In other words, this function will generally understand and return the access as set by * [[internal_setAgentAccess]], but not understand more convoluted Policies. * * @param resource Resource that was fetched together with its linked Access Control Resource. * @returns A map with each Agent's access indexed by their WebID, or null if some * external policies are referenced. */ export declare function internal_getAgentAccessAll(resource: WithResourceInfo & WithAcp): Record<WebId, Access> | null; /** * Set access to a Resource for a specific actor. * * This function adds the relevant Access Control Policies and Rules to a * Resource's Access Control Resource to define the given access for the given * actor specifically. In other words, it can, for example, add Policies that * give a particular Group Read access to the Resource. However, if other * Policies specify that everyone in that Group is *denied* Read access *except* * for a particular Agent, then that will be left intact. * This means that, unless *only* this module's functions are used to manipulate * access to this Resource, the set access might not be equal to the effective * access for an agent matching the given actor. * * There are a number of preconditions that have to be fulfilled for this * function to work: * - Access to the Resource is determined via an Access Control Resource. * - The Resource's Access Control Resource does not refer to (Policies or Rules * in) other Resources. * - The current user has access to the Resource's Access Control Resource. * * If those conditions do not hold, this function will return `null`. * * Additionally, take note that the given access will only be applied to the * given Resource; if that Resource is a Container, access will have to be set * for its contained Resources independently. * * @param resource Resource that was fetched together with its linked Access Control Resource. * @param actorRelation What type of actor (e.g. acp:agent or acp:group) you want to set the access for. * @param actor Which instance of the given actor type you want to set the access for. * @param access What access (read, append, write, controlRead, controlWrite) to set for the given actor. `true` to allow, `false` to deny, and `undefined` to leave unchanged. * @returns The Resource with the updated Access Control Resource attached, if updated successfully, or `null` if not. */ export declare function internal_setActorAccess<ResourceExt extends WithResourceInfo & WithAcp>(resource: ResourceExt, actorRelation: ActorRelation, actor: UrlString, access: Partial<Access>): ResourceExt | null; /** * Set access to a Resource for a specific Agent. * * This function adds the relevant Access Control Policies and Rules to a * Resource's Access Control Resource to define the given access for the given * Agent specifically. In other words, it can, for example, add Policies that * give a particular Agent Read access to the Resource. However, if other * Policies specify that that Agent is *denied* Read access *except* if they're * in a particular Group, then that will be left intact. * This means that, unless *only* this function is used to manipulate access to * this Resource, the set access might not be equal to the effective access for * the given Agent. * * There are a number of preconditions that have to be fulfilled for this * function to work: * - Access to the Resource is determined via an Access Control Resource. * - The Resource's Access Control Resource does not refer to (Policies or Rules * in) other Resources. * - The current user has access to the Resource's Access Control Resource. * * If those conditions do not hold, this function will return `null`. * * Additionally, take note that the given access will only be applied to the * given Resource; if that Resource is a Container, access will have to be set * for its contained Resources independently. * * @param resource Resource that was fetched together with its linked Access Control Resource. * @param webId Which Agent you want to set the access for. * @param access What access (read, append, write, controlRead, controlWrite) to set for the given Agent. `true` to allow, `false` to deny, and `undefined` to leave unchanged. * @returns The Resource with the updated Access Control Resource attached, if updated successfully, or `null` if not. */ export declare function internal_setAgentAccess<ResourceExt extends WithResourceInfo & WithAcp>(resource: ResourceExt, webId: WebId, access: Partial<Access>): ResourceExt | null; /** * Set access to a Resource for a specific Group. * * This function adds the relevant Access Control Policies and Rules to a * Resource's Access Control Resource to define the given access for the given * Group specifically. In other words, it can, for example, add Policies that * give a particular Group Read access to the Resource. However, if other * Policies specify that it is *denied* Read access *except* if they're a * particular Agent, then that will be left intact. * This means that, unless *only* this module's functions are used to manipulate * access to this Resource, the set access might not be equal to the effective * access for Agents in the given Group. * * There are a number of preconditions that have to be fulfilled for this * function to work: * - Access to the Resource is determined via an Access Control Resource. * - The Resource's Access Control Resource does not refer to (Policies or Rules * in) other Resources. * - The current user has access to the Resource's Access Control Resource. * * If those conditions do not hold, this function will return `null`. * * Additionally, take note that the given access will only be applied to the * given Resource; if that Resource is a Container, access will have to be set * for its contained Resources independently. * * @param resource Resource that was fetched together with its linked Access Control Resource. * @param groupUrl Which Group you want to set the access for. * @param access What access (read, append, write, controlRead, controlWrite) to set for the given Group. `true` to allow, `false` to deny, and `undefined` to leave unchanged. * @returns The Resource with the updated Access Control Resource attached, if updated successfully, or `null` if not. */ export declare function internal_setGroupAccess<ResourceExt extends WithResourceInfo & WithAcp>(resource: ResourceExt, groupUrl: WebId, access: Partial<Access>): ResourceExt | null; /** * Set access to a Resource for everybody. * * This function adds the relevant Access Control Policies and Rules to a * Resource's Access Control Resource to define the given access for everybody * specifically. In other words, it can, for example, add Policies that * give everybody Read access to the Resource. However, if other * Policies specify that everybody is *denied* Read access *except* if they're * in a particular Group, then that will be left intact. * This means that, unless *only* this module's functions are used to manipulate * access to this Resource, the set access might not be equal to the effective * access for a particular Agent. * * There are a number of preconditions that have to be fulfilled for this * function to work: * - Access to the Resource is determined via an Access Control Resource. * - The Resource's Access Control Resource does not refer to (Policies or Rules * in) other Resources. * - The current user has access to the Resource's Access Control Resource. * * If those conditions do not hold, this function will return `null`. * * Additionally, take note that the given access will only be applied to the * given Resource; if that Resource is a Container, access will have to be set * for its contained Resources independently. * * @param resource Resource that was fetched together with its linked Access Control Resource. * @param access What access (read, append, write, controlRead, controlWrite) to set for everybody. `true` to allow, `false` to deny, and `undefined` to leave unchanged. * @returns The Resource with the updated Access Control Resource attached, if updated successfully, or `null` if not. */ export declare function internal_setPublicAccess<ResourceExt extends WithResourceInfo & WithAcp>(resource: ResourceExt, access: Partial<Access>): ResourceExt | null; /** * Set access to a Resource for authenticated Agents. * * This function adds the relevant Access Control Policies and Rules to a * Resource's Access Control Resource to define the given access for * authenticated Agents specifically. In other words, it can, for example, add * Policies that give authenticated Agents Read access to the Resource. However, * if other Policies specify that authenaticated Agents are *denied* Read access * *except* if they're in a particular Group, then that will be left intact. * This means that, unless *only* this module's functions are used to manipulate * access to this Resource, the set access might not be equal to the effective * access for a particular Agent. * * There are a number of preconditions that have to be fulfilled for this * function to work: * - Access to the Resource is determined via an Access Control Resource. * - The Resource's Access Control Resource does not refer to (Policies or Rules * in) other Resources. * - The current user has access to the Resource's Access Control Resource. * * If those conditions do not hold, this function will return `null`. * * Additionally, take note that the given access will only be applied to the * given Resource; if that Resource is a Container, access will have to be set * for its contained Resources independently. * * @param resource Resource that was fetched together with its linked Access Control Resource. * @param access What access (read, append, write, controlRead, controlWrite) to set for authenticated Agents. `true` to allow, `false` to deny, and `undefined` to leave unchanged. * @returns The Resource with the updated Access Control Resource attached, if updated successfully, or `null` if not. */ export declare function internal_setAuthenticatedAccess<ResourceExt extends WithResourceInfo & WithAcp>(resource: ResourceExt, access: Partial<Access>): ResourceExt | null; export {};