UNPKG

@restorecommerce/acs-client

Version:

Access Control Service Client

restorecommerce/libs

168 lines 5.72 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
import { Attribute } from '@restorecommerce/rc-grpc-clients/dist/generated-server/io/restorecommerce/attribute'; import { RoleAssociation, Subject, DeepPartial } from '@restorecommerce/rc-grpc-clients/dist/generated-server/io/restorecommerce/auth'; import { Meta } from '@restorecommerce/rc-grpc-clients/dist/generated-server/io/restorecommerce/meta'; import { FilterOp } from '@restorecommerce/rc-grpc-clients/dist/generated-server/io/restorecommerce/resource_base'; import { Response_Decision, ReverseQuery } from '@restorecommerce/rc-grpc-clients/dist/generated-server/io/restorecommerce/access_control'; import { Effect } from '@restorecommerce/rc-grpc-clients/dist/generated-server/io/restorecommerce/rule'; import { PolicySetRQ } from '@restorecommerce/rc-grpc-clients/dist/generated-server/io/restorecommerce/policy_set'; import { PolicyRQ } from '@restorecommerce/rc-grpc-clients/dist/generated-server/io/restorecommerce/policy'; import { RuleRQ, Target as AttributeTarget } from '@restorecommerce/rc-grpc-clients/dist/generated-server/io/restorecommerce/rule'; import { Response_Decision as Decision, Context, Response } from '@restorecommerce/rc-grpc-clients/dist/generated-server/io/restorecommerce/access_control'; export { Decision, Context, RuleRQ, PolicyRQ, PolicySetRQ, Response as ACSResponse, AttributeTarget, }; export declare enum AuthZAction { CREATE = "CREATE", READ = "READ", MODIFY = "MODIFY", DELETE = "DELETE", EXECUTE = "EXECUTE", DROP = "DROP", ALL = "*" } export declare enum Operation { isAllowed = "isAllowed", whatIsAllowed = "whatIsAllowed" } export interface ACSResource { resource: string; id?: string | string[]; property?: string[]; } export interface CtxResource { id: string; meta: { created?: Date; modified?: Date; modified_by?: string; owners: Attribute[]; }; [key: string]: any; } export interface ACSClientContext { subject?: DeepPartial<Subject>; resources?: CtxResource[]; } export interface Database { database: 'arangoDB' | 'postgres'; } export interface AuthZSubject { id: string; } export interface HierarchicalScope { id: string; role?: string; children?: HierarchicalScope[]; } export interface ResolvedSubject { id: string; scope: string; token: string; role_associations?: RoleAssociation[]; hierarchical_scopes?: HierarchicalScope[]; } export interface Obligation { resource: string; property: string[]; } export type DecisionResponse = Response & { obligations?: Obligation[]; }; export interface Target<TSubject, TResource, TAction> { subjects: TSubject; resources: TResource; actions: TAction; } export interface Request<TTarget, TContext> { target: TTarget; context: TContext; } /** * isAllowed Authorization interface */ export interface AuthZ<TSubject, TContext = any, TResource = ACSResource, TAction = AuthZAction> { /** * Check is the subject is allowed to do an action on a specific resource */ isAllowed(request: Request<Target<TSubject, TResource, TAction>, TContext>, ctx: ACSClientContext, useCache: boolean, roleScopingEntityURN: string): Promise<DecisionResponse>; } export interface Credentials { type: string; [key: string]: any; } export type AuthZTarget = Target<Subject, ACSResource[], AuthZAction>; export type NoAuthTarget = Target<UnauthenticatedData, ACSResource[], AuthZAction>; export type AuthZWhatIsAllowedTarget = Target<Subject, ACSResource[], AuthZAction>; export type NoAuthWhatIsAllowedTarget = Target<UnauthenticatedData, ACSResource[], AuthZAction>; export interface AuthZContext { security: any; } export interface ResourceData { id: string; meta: Meta; [key: string]: any; } export interface AuthZRequest extends Request<AuthZTarget, AuthZContext> { target: AuthZTarget; context: AuthZContext; } export interface AuthZResponse extends Response { decision: Response_Decision; obligation: string; } export interface IAuthZ extends AuthZ<Subject | UnauthenticatedData, AuthZContext, ACSResource[], AuthZAction> { whatIsAllowed: (request: Request<AuthZWhatIsAllowedTarget | NoAuthWhatIsAllowedTarget, AuthZContext>, ctx: ACSClientContext, useCache: boolean, roleScopingEntityURN: string) => Promise<PolicySetRQResponse>; } export interface UserCredentials extends Credentials { identifier: string; password: string; } export interface OwnerAttribute { id: string; value: string; } export interface UnauthenticatedContext { session: UnauthenticatedSession; } export interface UnauthenticatedSession { data: UnauthenticatedData; } export interface UnauthenticatedData { unauthenticated: true; } export interface UserScope { role_associations: RoleAssociation[]; scopeOrganization: string; } export interface AccessControlObjectInterface { id?: string; name?: string; description?: string; target?: AttributeTarget; effect?: Effect; condition?: string; } export interface ResourceFilterMap { resource: string; filters: FilterOp[]; } export interface CustomQueryArgs { resource: string; custom_queries: string[]; custom_arguments: any; } export type PolicySetRQResponse = ReverseQuery & { filters?: ResourceFilterMap[]; custom_query_args?: CustomQueryArgs[]; obligations?: Obligation[]; decision?: Response_Decision; }; export interface TargetReq { subjects: Attribute[]; resources: Attribute[]; actions: Attribute[]; } export interface ACSClientOptions { operation?: Operation; database?: 'arangoDB' | 'postgres'; useCache?: boolean; } //# sourceMappingURL=interfaces.d.ts.map