UNPKG

@inrupt/solid-client

Version:

Make your web apps work with Solid Pods.

inrupt.github.io/solid-client-js/

inrupt/solid-client-js

124 lines (121 loc) 5.32 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
import { getPolicyUrlAll } from '../policy/getPolicyUrlAll.mjs'; import 'jsonld-streaming-parser'; import 'jsonld-context-parser'; import '@inrupt/solid-client-errors'; import 'http-link-header'; import 'n3'; import { getThing } from '../../thing/thing.mjs'; import { getUrlAll } from '../../thing/get.mjs'; import { internal_getAcr } from '../control.internal.mjs'; import { getAcrPolicyUrlAll } from '../policy/getAcrPolicyUrlAll.mjs'; import { ACP } from '../constants.mjs'; import { getAllowModes } from '../policy/getAllowModes.mjs'; import { getDenyModes } from '../policy/getDenyModes.mjs'; // Copyright Inrupt Inc. // // Permission is hereby granted, free of charge, to any person obtaining a copy // of this software and associated documentation files (the "Software"), to deal in // the Software without restriction, including without limitation the rights to use, // copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the // Software, and to permit persons to whom the Software is furnished to do so, // subject to the following conditions: // // The above copyright notice and this permission notice shall be included in // all copies or substantial portions of the Software. // // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, // INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A // PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT // HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE // SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. // /** @hidden */ function isAgentMatched(acr, policy, webId) { // TODO: Proper solution // Finalise, release and use the TypeScript ACP Solid library // internal_getActorAccess in acp_v2:96 doesn't reduce the policies properly // policyAppliesTo in acp_v2:256 assumes that every matcher is an agent matcher // // TODO: Stopgap solution // Implement a simplistic reduce function that // matches policies where the agent is present in the matchers const allOfMatchers = getUrlAll(policy, ACP.allOf) .map((url) => getThing(internal_getAcr(acr), url)) .filter((thing) => thing !== null); const allOfMatched = allOfMatchers.every((thing) => { return getUrlAll(thing, ACP.agent).includes(webId); }); const anyOfMatchers = getUrlAll(policy, ACP.anyOf) .map((url) => getThing(internal_getAcr(acr), url)) .filter((thing) => thing !== null); const anyOfMatched = anyOfMatchers.some((thing) => { return getUrlAll(thing, ACP.agent).includes(webId); }); const noneOfMatchers = getUrlAll(policy, ACP.noneOf) .map((url) => getThing(internal_getAcr(acr), url)) .filter((thing) => thing !== null); const noneOfMatched = noneOfMatchers.some((thing) => { return getUrlAll(thing, ACP.agent).includes(webId); }); return (allOfMatchers.length + anyOfMatchers.length > 0 && (allOfMatchers.length === 0 || allOfMatched) && (anyOfMatchers.length === 0 || anyOfMatched) && (noneOfMatchers.length === 0 || !noneOfMatched)); } /** @hidden */ function reduceModes(policy, modes, type) { const allowed = getAllowModes(policy); const denied = getDenyModes(policy); if (type === "control") { return { read: modes.read, append: modes.append, write: modes.write, controlRead: (modes.controlRead || allowed.read) && !denied.read, controlWrite: (modes.controlWrite || allowed.write) && !denied.write, }; } return { read: (modes.read || allowed.read) && !denied.read, append: (modes.append || allowed.append) && !denied.append, write: (modes.write || allowed.write) && !denied.write, controlRead: modes.controlRead, controlWrite: modes.controlWrite, }; } /** * Get an overview of what access is defined for a given Agent. * * @param resourceWithAcr URL of the Resource you want to read the access for. * @param webId WebID of the Agent you want to get the access for. * @since 1.16.0 */ async function getAgentAccess(resourceWithAcr, webId) { // TODO: add support for external resources let resourceAccess = { read: false, append: false, write: false, controlRead: false, controlWrite: false, }; const policyAll = getPolicyUrlAll(resourceWithAcr) .map((url) => getThing(internal_getAcr(resourceWithAcr), url)) .filter((policy) => policy !== null); policyAll.forEach((policy) => { if (isAgentMatched(resourceWithAcr, policy, webId)) { resourceAccess = reduceModes(policy, resourceAccess, "resource"); } }); const acrPolicyAll = getAcrPolicyUrlAll(resourceWithAcr) .map((url) => getThing(internal_getAcr(resourceWithAcr), url)) .filter((policy) => policy !== null); acrPolicyAll.forEach((policy) => { if (isAgentMatched(resourceWithAcr, policy, webId)) { resourceAccess = reduceModes(policy, resourceAccess, "control"); } }); return resourceAccess; } export { getAgentAccess };