diffusion
Version:
Diffusion JavaScript client
181 lines (180 loc) • 6.81 kB
JavaScript
"use strict";
/**
* @module Session.security
*
* Access to the [[Security]] feature
* @preferred
*/
Object.defineProperty(exports, "__esModule", { value: true });
exports.ValidationType = exports.PathPermission = exports.GlobalPermission = void 0;
/**
* Permissions that are applied globally
*/
var GlobalPermission;
(function (GlobalPermission) {
/**
* Add an authentication handler
*/
GlobalPermission["AUTHENTICATE"] = "AUTHENTICATE";
/**
* List or listen to client sessions
*/
GlobalPermission["VIEW_SESSION"] = "VIEW_SESSION";
/**
* Alter a client session
*/
GlobalPermission["MODIFY_SESSION"] = "MODIFY_SESSION";
/**
* Required to register any server-side handler
*/
GlobalPermission["REGISTER_HANDLER"] = "REGISTER_HANDLER";
/**
* View the server's runtime state
*/
GlobalPermission["VIEW_SERVER"] = "VIEW_SERVER";
/**
* Change the server's runtime state
*/
GlobalPermission["CONTROL_SERVER"] = "CONTROL_SERVER";
/**
* Read the security configuration
*/
GlobalPermission["VIEW_SECURITY"] = "VIEW_SECURITY";
/**
* Change the security configuration
*/
GlobalPermission["MODIFY_SECURITY"] = "MODIFY_SECURITY";
/**
* A permission that is unsupported by the session
*/
GlobalPermission["UNKNOWN_GLOBAL_PERMISSION"] = "UNKNOWN_GLOBAL_PERMISSION";
/**
* List topic views
*/
GlobalPermission["READ_TOPIC_VIEWS"] = "READ_TOPIC_VIEWS";
/**
* Modify topic views
*/
GlobalPermission["MODIFY_TOPIC_VIEWS"] = "MODIFY_TOPIC_VIEWS";
})(GlobalPermission = exports.GlobalPermission || (exports.GlobalPermission = {}));
/**
* Permissions that are applied on a path
*/
var PathPermission;
(function (PathPermission) {
/**
* Required to receive information from a topic.
*
* If a session does not have read_path permission for a topic, the topic
* will be excluded from the results of subscription or fetch operations for
* the session, and the topic's details cannot be retrieved by the session.
*/
PathPermission["READ_TOPIC"] = "READ_TOPIC";
/**
* Update topics
*/
PathPermission["UPDATE_TOPIC"] = "UPDATE_TOPIC";
/**
* Add or remove topics
*/
PathPermission["MODIFY_TOPIC"] = "MODIFY_TOPIC";
/**
* Send a message to a handler registered with the server
*/
PathPermission["SEND_TO_MESSAGE_HANDLER"] = "SEND_TO_MESSAGE_HANDLER";
/**
* Send a message another session
*/
PathPermission["SEND_TO_SESSION"] = "SEND_TO_SESSION";
/**
* Use a topic selector that selects a topic path.
*
* To fetch or subscribe using a topic selector, a session must have
* SELECT_TOPIC permission for each individual path that the selector may
* match. This allows SELECT_TOPIC to be granted to a branch of the topic
* tree and explicitly revoked for specific sub-branches.
*
* For full path pattern topic selectors, the model is even more
* restrictive: SELECT_TOPIC permission is required for all paths, at and
* below the path prefix of the selector. This is necessary to prevent
* circumvention using advanced regular expressions.
*
* When the subscription or fetch request completes, the resulting topics
* are further filtered based on the {@link PathPermission.READ_TOPIC} permission.
*
* A session that has `READ_TOPIC` but not `SELECT_TOPIC` for a
* particular topic path cannot subscribe directly to topics belonging to
* the path. However, the session can be independently subscribed by a
* control session that has {@link GlobalPermission.MODIFY_SESSION}
* permission in addition to the appropriate `SELECT_TOPIC`
* permission.
*
* @since 5.7
*/
PathPermission["SELECT_TOPIC"] = "SELECT_TOPIC";
/**
* Evaluate queries that return a non-current view of a time series topic.
*
* <p>
* The `READ_TOPIC` permission is required to evaluate any type of
* `Query` for a time series topic. This permission is additionally
* required for queries that potentially return a non-current view of all or
* part of a time series. Such queries include value range queries that
* specify an edit range, and all types of edit range query.
*/
PathPermission["QUERY_OBSOLETE_TIME_SERIES_EVENTS"] = "QUERY_OBSOLETE_TIME_SERIES_EVENTS";
/*
* Submit edits to time series topic events.
*
* <p>
* The `UPDATE_TOPIC` permission is required to update a time series
* topic. This permission is additionally required to submit
* edits to a time series topic.
*/
PathPermission["EDIT_TIME_SERIES_EVENTS"] = "EDIT_TIME_SERIES_EVENTS";
/**
* Submit edits to time series topic events which have an author which is
* the same as the principal of the calling session.
*
* <p>This permission is a more restrictive alternative to
* `EDIT_TIME_SERIES_EVENTS`.
*
* <p>
* The `UPDATE_TOPIC` permission is required to update a time series
* topic. This permission is additionally required to submit
* edits to a time series topic where the event
* author is the same as the principal of the calling session.
*/
PathPermission["EDIT_OWN_TIME_SERIES_EVENTS"] = "EDIT_OWN_TIME_SERIES_EVENTS";
/**
* Acquire a session lock.
*/
PathPermission["ACQUIRE_LOCK"] = "ACQUIRE_LOCK";
/**
* Expose a branch of the topic tree as a virtual session tree.
*
* The `EXPOSE_BRANCH` path permission is powerful since it allows a
* session to expose a whole branch of the topic tree under a different set
* of path permissions.
*
* A session granted `EXPOSE_BRANCH` for a particular path effectively
* has the permission for all descendant paths. From a security perspective,
* if a role grants `EXPOSE_BRANCH` at branch `X` it is
* ineffectual for it also to deny `EXPOSE_BRANCH` at a child branch
* `X/Y` because a branch mapping to `X` can still expose paths
* below `X/Y`.
*/
PathPermission["EXPOSE_BRANCH"] = "EXPOSE_BRANCH";
/**
* A permission that is unsupported by the session
*/
PathPermission["UNKNOWN_PATH_PERMISSION"] = "UNKNOWN_PATH_PERMISSION";
})(PathPermission = exports.PathPermission || (exports.PathPermission = {}));
/**
* Type of a SessionPropertyValidation for a correspondent client proposed property.
*/
var ValidationType;
(function (ValidationType) {
ValidationType[ValidationType["REGEX"] = 0] = "REGEX";
ValidationType[ValidationType["VALUES"] = 1] = "VALUES";
})(ValidationType = exports.ValidationType || (exports.ValidationType = {}));