rbac-engine
Version:
Role-based access control engine with policy-based permissions
78 lines • 3.03 kB
JavaScript
;
Object.defineProperty(exports, "__esModule", { value: true });
exports.AccessControl = void 0;
const evaluator_1 = require("./policy/evaluator");
const factory_1 = require("./db/factory");
const builders_1 = require("./builders");
class AccessControl {
constructor(client, repositoryConstructor) {
this.repository = (0, factory_1.createRepository)(client, repositoryConstructor);
}
async init() {
await this.repository.setupTables();
}
async createUser(user) {
return await this.repository.createUser(user);
}
async createRole(role) {
return await this.repository.createRole(role);
}
async assignRoleToUser(userId, roleId) {
return await this.repository.assignRoleToUser(userId, roleId);
}
async createPolicy(policy) {
const policyObject = policy instanceof builders_1.PolicyBuilder ? policy.build() : policy;
return await this.repository.createPolicy(policyObject);
}
async attachPolicyToRole(policyId, roleId) {
return await this.repository.attachPolicyToRole(policyId, roleId);
}
async attachPolicyToUser(policyId, userId) {
return await this.repository.attachPolicyToUser(policyId, userId);
}
async getUser(userId) {
return await this.repository.getUser(userId);
}
async getRole(roleId) {
return await this.repository.getRole(roleId);
}
async getUserPolicies(userId) {
return await this.repository.getUserPolicies(userId);
}
async getRolePolicies(roleId) {
return await this.repository.getRolePolicies(roleId);
}
async updateRole(role) {
return await this.repository.updateRole(role);
}
async updatePolicy(policy) {
return await this.repository.updatePolicy(policy);
}
async deletePolicy(policyId) {
return await this.repository.deletePolicy(policyId);
}
async deleteRole(roleId) {
return await this.repository.deleteRole(roleId);
}
async detachPolicyFromRole(policyId, roleId) {
return await this.repository.detachPolicyFromRole(policyId, roleId);
}
async detachPolicyFromUser(policyId, userId) {
return await this.repository.detachPolicyFromUser(policyId, userId);
}
async removeRoleFromUser(userId, roleId) {
return await this.repository.removeRoleFromUser(userId, roleId);
}
async hasAccess(userId, action, resource, context = {}) {
const user = await this.getUser(userId);
const [getUserPolicies, rolePoliciesNested] = await Promise.all([
this.getUserPolicies(userId),
await Promise.all((user.roles || []).map(roleId => this.getRolePolicies(roleId)))
]);
const rolePolicies = rolePoliciesNested.flat();
const allPolicies = [...getUserPolicies, ...rolePolicies];
return (0, evaluator_1.evaluate)(allPolicies, action, resource, context);
}
}
exports.AccessControl = AccessControl;
//# sourceMappingURL=core.js.map