UNPKG

rbac-engine

Version:

Role-based access control engine with policy-based permissions

120 lines 4.16 kB
"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.PolicyBuilder = void 0; const statement_builder_1 = require("./statement-builder"); const types_1 = require("./types"); class PolicyBuilder { constructor(id) { this.documentVersion = '2023-11-15'; this.policyStatements = []; this.hasSimpleStatement = false; this.policyId = id; } version(version) { this.documentVersion = version; return this; } allow(actions) { this.ensureSimpleStatementMode(); this.simpleStatementBuilder.allow(actions); return this; } deny(actions) { this.ensureSimpleStatementMode(); this.simpleStatementBuilder.deny(actions); return this; } on(resources) { this.ensureSimpleStatementMode(); this.simpleStatementBuilder.on(resources); return this; } when(conditions) { this.ensureSimpleStatementMode(); this.simpleStatementBuilder.when(conditions); return this; } activeFrom(startDate) { this.ensureSimpleStatementMode(); this.simpleStatementBuilder.activeFrom(startDate); return this; } activeUntil(endDate) { this.ensureSimpleStatementMode(); this.simpleStatementBuilder.activeUntil(endDate); return this; } statement(statementBuilder) { if (this.hasSimpleStatement) { throw new types_1.BuilderValidationError('Cannot mix simple statement methods (allow/deny/on/when) with statement() method. ' + 'Use either simple mode or complex mode, not both.'); } const statement = statementBuilder instanceof statement_builder_1.StatementBuilder ? statementBuilder.build() : statementBuilder; this.policyStatements.push(statement); return this; } addStatements(statements) { statements.forEach(stmt => this.statement(stmt)); return this; } ensureSimpleStatementMode() { if (this.policyStatements.length > 0) { throw new types_1.BuilderValidationError('Cannot use simple statement methods (allow/deny/on/when) after using statement() method. ' + 'Use either simple mode or complex mode, not both.'); } if (!this.simpleStatementBuilder) { this.simpleStatementBuilder = new statement_builder_1.StatementBuilder(); this.hasSimpleStatement = true; } } validate() { const errors = []; if (!this.policyId || typeof this.policyId !== 'string') { errors.push('Policy ID must be a non-empty string'); } if (!this.documentVersion || typeof this.documentVersion !== 'string') { errors.push('Policy document version must be a non-empty string'); } const allStatements = this.getAllStatements(); if (allStatements.length === 0) { errors.push('Policy must contain at least one statement. Use allow()/deny() methods or statement() method.'); } return { isValid: errors.length === 0, errors }; } getAllStatements() { const allStatements = [...this.policyStatements]; if (this.hasSimpleStatement && this.simpleStatementBuilder) { try { allStatements.push(this.simpleStatementBuilder.build()); } catch (error) { } } return allStatements; } build() { const validation = this.validate(); if (!validation.isValid) { throw new types_1.BuilderValidationError('Invalid policy configuration', validation.errors); } const allStatements = this.getAllStatements(); const document = { Version: this.documentVersion, Statement: allStatements }; return { id: this.policyId, document }; } static create(id) { return new PolicyBuilder(id); } } exports.PolicyBuilder = PolicyBuilder; //# sourceMappingURL=policy-builder.js.map