UNPKG

access-mate

Version:

Attribute base access control using o-is for the conditions

92 lines (81 loc) 2.23 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
'use strict' const uniq = require('lodash.uniq') const simpleStrategy = exports.simple = (policySet, options) => { const context = { action: options.action, target: options.target, environment: options.environment || {}, subject: options.subject || {}, resource: options.resource || {} } return policySet.authorize(context) } const previousResourceStrategy = (policySet, options) => { if(options.previousResource === null || typeof options.previousResource !== 'object') { throw new Error('Option "previousResource" must be specified.') } return simpleStrategy(policySet, { environment: options.environment, subject: options.subject, resource: options.previousResource, action: options.action, target: options.target }) } const mergeResults = (result1, result2) => { return { authorize: result1.authorize && result2.authorize, omit: uniq(result1.omit, result2.uniq) } } exports.crud = (policySet, options) => { switch(options.action) { case 'update': return mergeResults( simpleStrategy(policySet, options), previousResourceStrategy(policySet, options) ) case 'update-from': return previousResourceStrategy(policySet, options) case 'update-into': return simpleStrategy(policySet, options) default: return simpleStrategy(policySet, options) } } exports.bread = (policySet, options) => { switch(options.action) { case 'browse': if(!Array.isArray(options.resources)) { throw new Error('Option "resources" must be specified') } const results = [] for(const resource of options.resources) { const result = simpleStrategy(policySet, { resource, environment: options.environment, subject: options.subject, action: options.action, target: options.target }) results.push(result) } return results case 'edit': return mergeResults( simpleStrategy(policySet, options), previousResourceStrategy(policySet, options) ) case 'edit-from': return previousResourceStrategy(policySet, options) case 'edit-into': return simpleStrategy(policySet, options) case 'read': case 'add': case 'delete': return simpleStrategy(policySet, options) default: throw new Error('Invalid action "' + options.action + '"') } }