UNPKG

pauldron-policy

Version:

Simple JSON-based Authorization Policy Engine

github.com/mojitoholic/pauldron

mojitoholic/pauldron

40 lines (35 loc) 1.21 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
function combineDecisionsDenyOverrides (decisions) { const AuthzDecisionsPriorities = { "Deny": 3, "Indeterminate": 2, "Permit": 1, "NotApplicable": 0 }; const finalAuthorizationDecision = decisions .map((decision) => decision.authorization) .reduce((sofar, thisDecision) => ( (AuthzDecisionsPriorities[sofar] >= AuthzDecisionsPriorities[thisDecision]) ? sofar : thisDecision ), "NotApplicable"); const finalObligations = decisions .map((decision) => decision.obligations) .reduce((sofar, thisObligation) => ( { ...sofar , ...thisObligation} ), {}); return { authorization: finalAuthorizationDecision, obligations: (finalAuthorizationDecision === "Indeterminate" || finalAuthorizationDecision === "Permit") ? finalObligations : {} }; } // deny-override function evaluate(request, policies, engines) { const decisions = policies.map((policy) => ( engines[policy.type].evaluate(request, policy) )); return combineDecisionsDenyOverrides(decisions); } module.exports = { evaluate, combineDecisionsDenyOverrides };