rbac-engine
Version:
Role-based access control engine with policy-based permissions
120 lines • 4.16 kB
JavaScript
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.PolicyBuilder = void 0;
const statement_builder_1 = require("./statement-builder");
const types_1 = require("./types");
class PolicyBuilder {
constructor(id) {
this.documentVersion = '2023-11-15';
this.policyStatements = [];
this.hasSimpleStatement = false;
this.policyId = id;
}
version(version) {
this.documentVersion = version;
return this;
}
allow(actions) {
this.ensureSimpleStatementMode();
this.simpleStatementBuilder.allow(actions);
return this;
}
deny(actions) {
this.ensureSimpleStatementMode();
this.simpleStatementBuilder.deny(actions);
return this;
}
on(resources) {
this.ensureSimpleStatementMode();
this.simpleStatementBuilder.on(resources);
return this;
}
when(conditions) {
this.ensureSimpleStatementMode();
this.simpleStatementBuilder.when(conditions);
return this;
}
activeFrom(startDate) {
this.ensureSimpleStatementMode();
this.simpleStatementBuilder.activeFrom(startDate);
return this;
}
activeUntil(endDate) {
this.ensureSimpleStatementMode();
this.simpleStatementBuilder.activeUntil(endDate);
return this;
}
statement(statementBuilder) {
if (this.hasSimpleStatement) {
throw new types_1.BuilderValidationError('Cannot mix simple statement methods (allow/deny/on/when) with statement() method. ' +
'Use either simple mode or complex mode, not both.');
}
const statement = statementBuilder instanceof statement_builder_1.StatementBuilder
? statementBuilder.build()
: statementBuilder;
this.policyStatements.push(statement);
return this;
}
addStatements(statements) {
statements.forEach(stmt => this.statement(stmt));
return this;
}
ensureSimpleStatementMode() {
if (this.policyStatements.length > 0) {
throw new types_1.BuilderValidationError('Cannot use simple statement methods (allow/deny/on/when) after using statement() method. ' +
'Use either simple mode or complex mode, not both.');
}
if (!this.simpleStatementBuilder) {
this.simpleStatementBuilder = new statement_builder_1.StatementBuilder();
this.hasSimpleStatement = true;
}
}
validate() {
const errors = [];
if (!this.policyId || typeof this.policyId !== 'string') {
errors.push('Policy ID must be a non-empty string');
}
if (!this.documentVersion || typeof this.documentVersion !== 'string') {
errors.push('Policy document version must be a non-empty string');
}
const allStatements = this.getAllStatements();
if (allStatements.length === 0) {
errors.push('Policy must contain at least one statement. Use allow()/deny() methods or statement() method.');
}
return {
isValid: errors.length === 0,
errors
};
}
getAllStatements() {
const allStatements = [...this.policyStatements];
if (this.hasSimpleStatement && this.simpleStatementBuilder) {
try {
allStatements.push(this.simpleStatementBuilder.build());
}
catch (error) {
}
}
return allStatements;
}
build() {
const validation = this.validate();
if (!validation.isValid) {
throw new types_1.BuilderValidationError('Invalid policy configuration', validation.errors);
}
const allStatements = this.getAllStatements();
const document = {
Version: this.documentVersion,
Statement: allStatements
};
return {
id: this.policyId,
document
};
}
static create(id) {
return new PolicyBuilder(id);
}
}
exports.PolicyBuilder = PolicyBuilder;
//# sourceMappingURL=policy-builder.js.map