UNPKG

rbac-engine

Version:

Role-based access control engine with policy-based permissions

78 lines 3.03 kB
"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.AccessControl = void 0; const evaluator_1 = require("./policy/evaluator"); const factory_1 = require("./db/factory"); const builders_1 = require("./builders"); class AccessControl { constructor(client, repositoryConstructor) { this.repository = (0, factory_1.createRepository)(client, repositoryConstructor); } async init() { await this.repository.setupTables(); } async createUser(user) { return await this.repository.createUser(user); } async createRole(role) { return await this.repository.createRole(role); } async assignRoleToUser(userId, roleId) { return await this.repository.assignRoleToUser(userId, roleId); } async createPolicy(policy) { const policyObject = policy instanceof builders_1.PolicyBuilder ? policy.build() : policy; return await this.repository.createPolicy(policyObject); } async attachPolicyToRole(policyId, roleId) { return await this.repository.attachPolicyToRole(policyId, roleId); } async attachPolicyToUser(policyId, userId) { return await this.repository.attachPolicyToUser(policyId, userId); } async getUser(userId) { return await this.repository.getUser(userId); } async getRole(roleId) { return await this.repository.getRole(roleId); } async getUserPolicies(userId) { return await this.repository.getUserPolicies(userId); } async getRolePolicies(roleId) { return await this.repository.getRolePolicies(roleId); } async updateRole(role) { return await this.repository.updateRole(role); } async updatePolicy(policy) { return await this.repository.updatePolicy(policy); } async deletePolicy(policyId) { return await this.repository.deletePolicy(policyId); } async deleteRole(roleId) { return await this.repository.deleteRole(roleId); } async detachPolicyFromRole(policyId, roleId) { return await this.repository.detachPolicyFromRole(policyId, roleId); } async detachPolicyFromUser(policyId, userId) { return await this.repository.detachPolicyFromUser(policyId, userId); } async removeRoleFromUser(userId, roleId) { return await this.repository.removeRoleFromUser(userId, roleId); } async hasAccess(userId, action, resource, context = {}) { const user = await this.getUser(userId); const [getUserPolicies, rolePoliciesNested] = await Promise.all([ this.getUserPolicies(userId), await Promise.all((user.roles || []).map(roleId => this.getRolePolicies(roleId))) ]); const rolePolicies = rolePoliciesNested.flat(); const allPolicies = [...getUserPolicies, ...rolePolicies]; return (0, evaluator_1.evaluate)(allPolicies, action, resource, context); } } exports.AccessControl = AccessControl; //# sourceMappingURL=core.js.map