UNPKG

graphdb-workbench

Version:

The web application for GraphDB APIs

github.com/Ontotext-AD/graphdb-workbench

Ontotext-AD/graphdb-workbench

114 lines (113 loc) 5.6 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
import { Service } from '../../providers/service/service'; import { Authority } from '../../models/security'; import { Repository } from '../../models/repositories'; /** * Service responsible for handling authorization-related operations. */ export declare class AuthorizationService implements Service { private readonly repositoryService; private readonly securityContextService; private readonly repositoryStorageService; private readonly repositoryContextService; /** * Determines if free access is allowed based on the security configuration. * @returns {boolean} True if free access is enabled, false otherwise. */ hasFreeAccess(): boolean; initializeFreeAccess(): void; /** * Overrides the default (admin) user, when no security is enabled. * This is done by setting graphdb.workbench.default.auth=true. * * When a user does this, he will get a repository manager user instead of the admin. He has the ability to override * the user's app settings and authorities. */ initializeOverrideAuth(): void; /** * Checks if the current user has an admin role. * @returns {boolean} True if the user has an admin role, false otherwise. */ isAdmin(): boolean; /** * Checks if the current user has the repository manager role. * @returns {boolean} True if the user has the repository manager role, false otherwise. */ isRepoManager(): boolean; /** * Checks if the user has a specific role based on the provided authority, configuration, and user details. * @param {Authority} role - The authority role to check. * @returns {boolean} True if the user has the specified role, false otherwise. */ hasRole(role?: Authority): boolean; /** * Checks if the current user has read permissions for the specified repository. * This method evaluates if the user can read the repository based on security configuration, * user authentication status, and user roles. * * @param {Repository} repository - The repository to check read permissions for. * @returns {boolean} True if the user has read permissions for the repository, false otherwise. */ canReadRepo(repository?: Repository): boolean; /** * Checks if the current user has write permissions for the specified repository. * This method evaluates if the user can write to the repository based on security configuration, * user authentication status, and user roles. * @param repository - The repository to check write permissions for. * @returns True if the user has write permissions for the repository, false otherwise. */ canWriteRepo(repository?: Repository): boolean; /** * Checks if the current user has GraphQL read permissions for the specified repository. * This method determines if the user can execute GraphQL read operations on the repository. * * @param {Repository} repository - The repository to check GraphQL read permissions for. * @returns {boolean} True if the user has GraphQL read permissions for the repository, false otherwise. */ canReadGqlRepo(repository?: Repository): boolean; /** * Checks if the current user has GraphQL write permissions for the specified repository. * This method determines if the user can execute GraphQL write operations on the repository. * * @param {Repository} repository - The repository to check GraphQL write permissions for. * @returns {boolean} True if the user has GraphQL write permissions for the repository, false otherwise. */ canWriteGqlRepo(repository?: Repository): boolean; /** * Checks if the current user has any GraphQL permissions (read or write) for the specified repository. * This is a convenience method that combines the results of canReadGqlRepo and canWriteGqlRepo. * * @param {Repository} repository - The repository to check GraphQL permissions for. * @returns {boolean} True if the user has any GraphQL permissions for the repository, false otherwise. */ hasGqlRights(repository: Repository): boolean; /** * Checks if the current user has any GraphQL permissions (read or write) for the active repository. * @returns True if the user has any GraphQL permissions for the current repository, false otherwise. */ hasGraphqlRightsOverCurrentRepo(): boolean; /** * Determines if the current user has authority to access the active route. * * This method checks if the user has the necessary permissions to access the current route * based on the route's defined authority requirements and the user's assigned roles. * The method follows these rules: * - If no active route exists, access is denied * - Admin users always have access to all routes * - Routes without defined authority requirements are accessible to all * - If no repository is selected, authority checks are bypassed * - If the user has any of the authorities required by the route, access is granted * * @returns {boolean} True if the user has authority to access the current route, false otherwise */ hasAuthority(): boolean; /** * Updates the permissions for restricted pages based on the current user's roles and authorities. */ updatePermissions(): void; private resolveAuthorities; private getSecurityConfig; private getAuthenticatedUser; private hasBaseRights; private hasGraphqlAuthority; private isAdminOrRepoManager; }