vulcain-corejs
Version:
Vulcain micro-service framework
84 lines (82 loc) • 2.39 kB
JavaScript
;
const system_1 = require("../../configurations/globals/system");
/**
* Default policy
*
* @export
* @class DefaultPolicy
*/
class DefaultAuthorizationPolicy {
/**
* Get user scopes
*
* @readonly
* @type {Array<string>}
*/
scopes(requestContext) {
return (requestContext.user && requestContext.user.scopes) || [];
}
/**
* Check if the current user has a specific scope
*
* Rules:
* scope userScope Result
* null/?/* true
* null false
* * true
* x x true
* x-yz x-* true
*
* @param {string} scope
* @returns {number}
*/
hasScope(requestContext, handlerScope) {
if (!handlerScope || handlerScope === "?") {
return true;
}
if (!requestContext.user) {
return false;
}
if (handlerScope === "*") {
return true;
}
const handlerScopes = handlerScope.split(',').map(s => s.trim());
const userScopes = this.scopes(requestContext);
if (!userScopes || userScopes.length === 0) {
return false;
}
if (userScopes[0] === "*") {
return true;
}
for (let userScope of userScopes) {
let parts = userScope.split(':');
if (parts.length < 2) {
return false; // malformed
}
if (parts[0] !== system_1.System.domainName) {
continue;
}
for (let sc of handlerScopes) {
if (userScope === sc) {
return true;
}
// admin:* means all scope beginning by admin:
if (userScope.endsWith("*") && sc.startsWith(userScope.substr(0, userScope.length - 1))) {
return true;
}
}
}
return false;
}
/**
* Check if the current user is an admin
*
* @returns {boolean}
*/
isAdmin(requestContext) {
let scopes = this.scopes(requestContext);
return scopes && scopes.length > 0 && scopes[0] === "*";
}
}
exports.DefaultAuthorizationPolicy = DefaultAuthorizationPolicy;
//# sourceMappingURL=defaultAuthorizationPolicy.js.map