azurite/dist/src/table/authentication/OperationAccountSASPermission.js

An open source Azure Storage API compatible server

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.OperationAccountSASPermission = void 0;
const tslib_1 = require("tslib");
const operation_1 = tslib_1.__importDefault(require("../generated/artifacts/operation"));
const AccountSASPermissions_1 = require("../../common/authentication/AccountSASPermissions");
const AccountSASResourceTypes_1 = require("../../common/authentication/AccountSASResourceTypes");
const AccountSASServices_1 = require("../../common/authentication/AccountSASServices");
class OperationAccountSASPermission {
    constructor(service, resourceType, permission) {
        this.service = service;
        this.resourceType = resourceType;
        this.permission = permission;
    }
    validate(services, resourceTypes, permissions) {
        return (this.validateServices(services) &&
            this.validateResourceTypes(resourceTypes) &&
            this.validatePermissions(permissions));
    }
    validateServices(services) {
        return services.toString().includes(this.service);
    }
    validateResourceTypes(resourceTypes) {
        for (const p of this.resourceType) {
            if (resourceTypes.toString().includes(p)) {
                return true;
            }
        }
        return false;
    }
    validatePermissions(permissions) {
        for (const p of this.permission) {
            if (permissions.toString().includes(p)) {
                return true;
            }
        }
        return false;
    }
}
exports.OperationAccountSASPermission = OperationAccountSASPermission;
// The permissions are in the table order
// See https://docs.microsoft.com/en-us/rest/api/storageservices/create-account-sas#table-service
// TODO: Check all required operations
const OPERATION_ACCOUNT_SAS_PERMISSIONS = new Map();
OPERATION_ACCOUNT_SAS_PERMISSIONS.set(operation_1.default.Service_GetProperties, new OperationAccountSASPermission(AccountSASServices_1.AccountSASService.Table, AccountSASResourceTypes_1.AccountSASResourceType.Service, AccountSASPermissions_1.AccountSASPermission.Read));
OPERATION_ACCOUNT_SAS_PERMISSIONS.set(operation_1.default.Service_SetProperties, new OperationAccountSASPermission(AccountSASServices_1.AccountSASService.Table, AccountSASResourceTypes_1.AccountSASResourceType.Service, AccountSASPermissions_1.AccountSASPermission.Write));
OPERATION_ACCOUNT_SAS_PERMISSIONS.set(operation_1.default.Service_GetStatistics, new OperationAccountSASPermission(AccountSASServices_1.AccountSASService.Table, AccountSASResourceTypes_1.AccountSASResourceType.Service, AccountSASPermissions_1.AccountSASPermission.Read));
OPERATION_ACCOUNT_SAS_PERMISSIONS.set(operation_1.default.Table_Query, new OperationAccountSASPermission(AccountSASServices_1.AccountSASService.Table, AccountSASResourceTypes_1.AccountSASResourceType.Container, AccountSASPermissions_1.AccountSASPermission.List));
OPERATION_ACCOUNT_SAS_PERMISSIONS.set(operation_1.default.Table_Create, new OperationAccountSASPermission(AccountSASServices_1.AccountSASService.Table, AccountSASResourceTypes_1.AccountSASResourceType.Container, AccountSASPermissions_1.AccountSASPermission.Create + AccountSASPermissions_1.AccountSASPermission.Write));
OPERATION_ACCOUNT_SAS_PERMISSIONS.set(operation_1.default.Table_SetAccessPolicy, new OperationAccountSASPermission(AccountSASServices_1.AccountSASService.Table, AccountSASResourceTypes_1.AccountSASResourceType.Container, "" // NOT ALLOWED
));
OPERATION_ACCOUNT_SAS_PERMISSIONS.set(operation_1.default.Table_GetAccessPolicy, new OperationAccountSASPermission(AccountSASServices_1.AccountSASService.Table, AccountSASResourceTypes_1.AccountSASResourceType.Container, "" // NOT ALLOWED
));
OPERATION_ACCOUNT_SAS_PERMISSIONS.set(operation_1.default.Table_Delete, new OperationAccountSASPermission(AccountSASServices_1.AccountSASService.Table, AccountSASResourceTypes_1.AccountSASResourceType.Container, AccountSASPermissions_1.AccountSASPermission.Delete));
OPERATION_ACCOUNT_SAS_PERMISSIONS.set(operation_1.default.Table_QueryEntities, new OperationAccountSASPermission(AccountSASServices_1.AccountSASService.Table, AccountSASResourceTypes_1.AccountSASResourceType.Container, AccountSASPermissions_1.AccountSASPermission.Read));
OPERATION_ACCOUNT_SAS_PERMISSIONS.set(operation_1.default.Table_QueryEntitiesWithPartitionAndRowKey, new OperationAccountSASPermission(AccountSASServices_1.AccountSASService.Table, AccountSASResourceTypes_1.AccountSASResourceType.Object, AccountSASPermissions_1.AccountSASPermission.Read));
OPERATION_ACCOUNT_SAS_PERMISSIONS.set(operation_1.default.Table_InsertEntity, new OperationAccountSASPermission(AccountSASServices_1.AccountSASService.Table, AccountSASResourceTypes_1.AccountSASResourceType.Object, AccountSASPermissions_1.AccountSASPermission.Add));
// TODO do we need to specify InsertOrMergeEntity?
// TODO do we need to specify InsertOrUpdateEntity
// or are they two separate operations with respective permissions
OPERATION_ACCOUNT_SAS_PERMISSIONS.set(operation_1.default.Table_UpdateEntity, new OperationAccountSASPermission(AccountSASServices_1.AccountSASService.Table, AccountSASResourceTypes_1.AccountSASResourceType.Object, AccountSASPermissions_1.AccountSASPermission.Update));
OPERATION_ACCOUNT_SAS_PERMISSIONS.set(operation_1.default.Table_MergeEntity, new OperationAccountSASPermission(AccountSASServices_1.AccountSASService.Table, AccountSASResourceTypes_1.AccountSASResourceType.Object, AccountSASPermissions_1.AccountSASPermission.Update));
OPERATION_ACCOUNT_SAS_PERMISSIONS.set(operation_1.default.Table_MergeEntityWithMerge, new OperationAccountSASPermission(AccountSASServices_1.AccountSASService.Table, AccountSASResourceTypes_1.AccountSASResourceType.Object, AccountSASPermissions_1.AccountSASPermission.Update));
OPERATION_ACCOUNT_SAS_PERMISSIONS.set(operation_1.default.Table_DeleteEntity, new OperationAccountSASPermission(AccountSASServices_1.AccountSASService.Table, AccountSASResourceTypes_1.AccountSASResourceType.Object, AccountSASPermissions_1.AccountSASPermission.Delete));
OPERATION_ACCOUNT_SAS_PERMISSIONS.set(operation_1.default.Table_Batch, new OperationAccountSASPermission(AccountSASServices_1.AccountSASService.Table, AccountSASResourceTypes_1.AccountSASResourceType.Object +
    AccountSASResourceTypes_1.AccountSASResourceType.Service +
    AccountSASResourceTypes_1.AccountSASResourceType.Container, AccountSASPermissions_1.AccountSASPermission.Delete +
    AccountSASPermissions_1.AccountSASPermission.Add +
    AccountSASPermissions_1.AccountSASPermission.Create +
    AccountSASPermissions_1.AccountSASPermission.List +
    AccountSASPermissions_1.AccountSASPermission.Process +
    AccountSASPermissions_1.AccountSASPermission.Read +
    AccountSASPermissions_1.AccountSASPermission.Update +
    AccountSASPermissions_1.AccountSASPermission.Write));
exports.default = OPERATION_ACCOUNT_SAS_PERMISSIONS;
//# sourceMappingURL=OperationAccountSASPermission.js.map