loopback4-authorization/dist/types.d.ts

ARC authorization extension for loopback-next applications.

/// <reference types="express" />
import { Request } from '@loopback/express';
import { FileAdapter, Model } from 'casbin';
import PostgresAdapter from 'casbin-pg-adapter';
/**
 * Authorize action method type
 *
 * @param userPermissions - Array of permission keys granted to the user
 * This is actually a union of permissions picked up based on role
 * attached to the user and allowed permissions at specific user level
 */
export type AuthorizeFn = (userPermissions: string[], request?: Request) => Promise<boolean>;
/**
 * Casbin authorize action method type
 * @param user - User object corresponding to the logged in user
 * @param resVal - value of the resource for which authorisation is being sought
 *
 */
export type CasbinAuthorizeFn = (user: IAuthUserWithPermissions, resVal: string, request: Request) => Promise<boolean>;
export type PermissionObject = {
    [controller: string]: {
        [method: string]: string[];
    };
};
/**
 * Authorization metadata interface for the method decorator
 */
export interface AuthorizationMetadata {
    permissions: string[];
    resource?: string;
    /**
     * Boolean flag to determine whether we are using casbin policy format or not
     * isCasbinPolicy = true, when we are providing casbin format policy doc in application
     * isCasbinPolicy = false, when we are implementing provider in app to give casbin policy
     */
    isCasbinPolicy?: boolean;
}
/**
 * Authorization config type for providing config to the component
 */
export interface AuthorizationConfig {
    /**
     * Specify paths to always allow. No permissions check needed.
     */
    allowAlwaysPaths: string[];
}
/**
 * Permissions interface to be implemented by models
 */
export interface Permissions<T> {
    permissions: T[];
}
/**
 * Override permissions at user level
 */
export interface UserPermissionsOverride<T> {
    permissions: UserPermission<T>[];
}
/**
 * User Permission model
 * used for explicit allow/deny any permission at user level
 */
export interface UserPermission<T> {
    permission: T;
    allowed: boolean;
}
/**
 * User permissions manipulation method type.
 *
 * This is where we can add our business logic to read and
 * union permissions associated to user via role with
 * those associated directly to the user.
 *
 */
export type UserPermissionsFn<T> = (userPermissions: UserPermission<T>[], rolePermissions: T[]) => T[];
/**
 * Casbin enforcer getter method type
 *
 * This method provides the Casbin config
 * required to initialise a Casbin enforcer
 */
export type CasbinEnforcerConfigGetterFn = (authUser: IAuthUserWithPermissions, resource: string, isCasbinPolicy?: boolean) => Promise<CasbinConfig>;
/**
 * Casbin resource value modifier method type
 *
 * This method can help modify the resource value
 * for integration with casbin, as per business logic
 */
export type CasbinResourceModifierFn = (pathParams: string[], req: Request) => Promise<string>;
/**
 * Casbin config object
 */
export interface CasbinConfig {
    model: string | Model;
    policy?: string | PostgresAdapter | FileAdapter;
    allowedRes?: ResourcePermissionObject[];
}
export interface ResourcePermissionObject {
    resource: string;
    permission: string;
}
export interface IAuthUser {
    id?: number | string;
    username: string;
    password?: string;
}
export interface IUserPrefs {
    locale?: string;
}
export interface IAuthUserWithPermissions<ID = string> extends IAuthUser {
    id?: string;
    identifier?: ID;
    permissions: string[];
    authClientId: number;
    userPreferences?: IUserPrefs;
    email?: string;
    role: string;
    firstName: string;
    lastName: string;
    middleName?: string;
    allowedResources?: string[];
}
export interface IUserResource<ResourceValueType> {
    resourceName: string;
    resourceValue: ResourceValueType;
    allowed: boolean;
}