@atproto/oauth-scopes 0.3.1 → 0.4.0-next.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +27 -0
- package/dist/atproto-oauth-scope.js +28 -35
- package/dist/atproto-oauth-scope.js.map +1 -1
- package/dist/index.js +11 -27
- package/dist/index.js.map +1 -1
- package/dist/lib/lexicon.js +1 -2
- package/dist/lib/mime.js +4 -10
- package/dist/lib/mime.js.map +1 -1
- package/dist/lib/nsid.js +2 -6
- package/dist/lib/nsid.js.map +1 -1
- package/dist/lib/parser.js +6 -31
- package/dist/lib/parser.js.map +1 -1
- package/dist/lib/resource-permission.js +1 -2
- package/dist/lib/syntax-lexicon.js +2 -11
- package/dist/lib/syntax-lexicon.js.map +1 -1
- package/dist/lib/syntax-string.js +6 -25
- package/dist/lib/syntax-string.js.map +1 -1
- package/dist/lib/syntax.js +2 -6
- package/dist/lib/syntax.js.map +1 -1
- package/dist/lib/util.js +3 -8
- package/dist/lib/util.js.map +1 -1
- package/dist/scope-missing-error.js +5 -29
- package/dist/scope-missing-error.js.map +1 -1
- package/dist/scope-permissions-transition.js +2 -6
- package/dist/scope-permissions-transition.js.map +1 -1
- package/dist/scope-permissions.js +19 -29
- package/dist/scope-permissions.js.map +1 -1
- package/dist/scopes/account-permission.js +24 -43
- package/dist/scopes/account-permission.js.map +1 -1
- package/dist/scopes/blob-permission.js +26 -40
- package/dist/scopes/blob-permission.js.map +1 -1
- package/dist/scopes/identity-permission.js +16 -30
- package/dist/scopes/identity-permission.js.map +1 -1
- package/dist/scopes/include-scope.js +35 -54
- package/dist/scopes/include-scope.js.map +1 -1
- package/dist/scopes/repo-permission.js +39 -59
- package/dist/scopes/repo-permission.js.map +1 -1
- package/dist/scopes/rpc-permission.js +28 -50
- package/dist/scopes/rpc-permission.js.map +1 -1
- package/dist/scopes-set.js +19 -23
- package/dist/scopes-set.js.map +1 -1
- package/jest.config.cjs +14 -0
- package/package.json +10 -9
- package/src/scopes/include-scope.test.ts +5 -5
- package/tsconfig.build.tsbuildinfo +1 -1
- package/jest.config.js +0 -5
|
@@ -1,39 +1,15 @@
|
|
|
1
|
-
|
|
2
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.ScopeMissingError = void 0;
|
|
4
|
-
class ScopeMissingError extends Error {
|
|
1
|
+
export class ScopeMissingError extends Error {
|
|
5
2
|
get statusCode() {
|
|
6
3
|
return this.status;
|
|
7
4
|
}
|
|
8
5
|
constructor(scope) {
|
|
9
6
|
super(`Missing required scope "${scope}"`);
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
configurable: true,
|
|
13
|
-
writable: true,
|
|
14
|
-
value: scope
|
|
15
|
-
});
|
|
16
|
-
Object.defineProperty(this, "name", {
|
|
17
|
-
enumerable: true,
|
|
18
|
-
configurable: true,
|
|
19
|
-
writable: true,
|
|
20
|
-
value: 'ScopeMissingError'
|
|
21
|
-
});
|
|
7
|
+
this.scope = scope;
|
|
8
|
+
this.name = 'ScopeMissingError';
|
|
22
9
|
// compatibility layer with http-errors package. The goal if to make
|
|
23
10
|
// isHttpError(new ScopeMissingError) return true.
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
configurable: true,
|
|
27
|
-
writable: true,
|
|
28
|
-
value: 403
|
|
29
|
-
});
|
|
30
|
-
Object.defineProperty(this, "expose", {
|
|
31
|
-
enumerable: true,
|
|
32
|
-
configurable: true,
|
|
33
|
-
writable: true,
|
|
34
|
-
value: true
|
|
35
|
-
});
|
|
11
|
+
this.status = 403;
|
|
12
|
+
this.expose = true;
|
|
36
13
|
}
|
|
37
14
|
}
|
|
38
|
-
exports.ScopeMissingError = ScopeMissingError;
|
|
39
15
|
//# sourceMappingURL=scope-missing-error.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"scope-missing-error.js","sourceRoot":"","sources":["../src/scope-missing-error.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"scope-missing-error.js","sourceRoot":"","sources":["../src/scope-missing-error.ts"],"names":[],"mappings":"AAAA,MAAM,OAAO,iBAAkB,SAAQ,KAAK;IAO1C,IAAI,UAAU;QACZ,OAAO,IAAI,CAAC,MAAM,CAAA;IACpB,CAAC;IAED,YAA4B,KAAa;QACvC,KAAK,CAAC,2BAA2B,KAAK,GAAG,CAAC,CAAA;QADhB,UAAK,GAAL,KAAK,CAAQ;QAVzC,SAAI,GAAG,mBAAmB,CAAA;QAE1B,oEAAoE;QACpE,kDAAkD;QAClD,WAAM,GAAG,GAAG,CAAA;QACZ,WAAM,GAAG,IAAI,CAAA;IAOb,CAAC;CACF","sourcesContent":["export class ScopeMissingError extends Error {\n name = 'ScopeMissingError'\n\n // compatibility layer with http-errors package. The goal if to make\n // isHttpError(new ScopeMissingError) return true.\n status = 403\n expose = true\n get statusCode() {\n return this.status\n }\n\n constructor(public readonly scope: string) {\n super(`Missing required scope \"${scope}\"`)\n }\n}\n"]}
|
|
@@ -1,12 +1,9 @@
|
|
|
1
|
-
|
|
2
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.ScopePermissionsTransition = void 0;
|
|
4
|
-
const scope_permissions_js_1 = require("./scope-permissions.js");
|
|
1
|
+
import { ScopePermissions, } from './scope-permissions.js';
|
|
5
2
|
/**
|
|
6
3
|
* Overrides the default permission set to allow transitional scopes to be used
|
|
7
4
|
* in place of the generic scopes.
|
|
8
5
|
*/
|
|
9
|
-
class ScopePermissionsTransition extends
|
|
6
|
+
export class ScopePermissionsTransition extends ScopePermissions {
|
|
10
7
|
get hasTransitionGeneric() {
|
|
11
8
|
return this.scopes.has('transition:generic');
|
|
12
9
|
}
|
|
@@ -50,5 +47,4 @@ class ScopePermissionsTransition extends scope_permissions_js_1.ScopePermissions
|
|
|
50
47
|
return super.allowsRpc(options);
|
|
51
48
|
}
|
|
52
49
|
}
|
|
53
|
-
exports.ScopePermissionsTransition = ScopePermissionsTransition;
|
|
54
50
|
//# sourceMappingURL=scope-permissions-transition.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"scope-permissions-transition.js","sourceRoot":"","sources":["../src/scope-permissions-transition.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"scope-permissions-transition.js","sourceRoot":"","sources":["../src/scope-permissions-transition.ts"],"names":[],"mappings":"AAAA,OAAO,EAKL,gBAAgB,GACjB,MAAM,wBAAwB,CAAA;AAE/B;;;GAGG;AACH,MAAM,OAAO,0BAA2B,SAAQ,gBAAgB;IAC9D,IAAI,oBAAoB;QACtB,OAAO,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAA;IAC9C,CAAC;IAED,IAAI,kBAAkB;QACpB,OAAO,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAA;IAC5C,CAAC;IAED,IAAI,qBAAqB;QACvB,OAAO,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,sBAAsB,CAAC,CAAA;IAChD,CAAC;IAEQ,aAAa,CAAC,OAA+B;QACpD,IACE,OAAO,CAAC,IAAI,KAAK,OAAO;YACxB,OAAO,CAAC,MAAM,KAAK,MAAM;YACzB,IAAI,CAAC,kBAAkB,EACvB,CAAC;YACD,OAAO,IAAI,CAAA;QACb,CAAC;QAED,OAAO,KAAK,CAAC,aAAa,CAAC,OAAO,CAAC,CAAA;IACrC,CAAC;IAEQ,UAAU,CAAC,OAA4B;QAC9C,IAAI,IAAI,CAAC,oBAAoB,EAAE,CAAC;YAC9B,OAAO,IAAI,CAAA;QACb,CAAC;QAED,OAAO,KAAK,CAAC,UAAU,CAAC,OAAO,CAAC,CAAA;IAClC,CAAC;IAEQ,UAAU,CAAC,OAA4B;QAC9C,IAAI,IAAI,CAAC,oBAAoB,EAAE,CAAC;YAC9B,OAAO,IAAI,CAAA;QACb,CAAC;QAED,OAAO,KAAK,CAAC,UAAU,CAAC,OAAO,CAAC,CAAA;IAClC,CAAC;IAEQ,SAAS,CAAC,OAA2B;QAC5C,MAAM,EAAE,GAAG,EAAE,GAAG,OAAO,CAAA;QAEvB,IAAI,IAAI,CAAC,oBAAoB,IAAI,GAAG,KAAK,GAAG,EAAE,CAAC;YAC7C,OAAO,IAAI,CAAA;QACb,CAAC;QAED,IAAI,IAAI,CAAC,oBAAoB,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;YAC/D,OAAO,IAAI,CAAA;QACb,CAAC;QAED,IAAI,IAAI,CAAC,qBAAqB,IAAI,GAAG,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;YAC/D,OAAO,IAAI,CAAA;QACb,CAAC;QAED,OAAO,KAAK,CAAC,SAAS,CAAC,OAAO,CAAC,CAAA;IACjC,CAAC;CACF","sourcesContent":["import {\n AccountPermissionMatch,\n BlobPermissionMatch,\n RepoPermissionMatch,\n RpcPermissionMatch,\n ScopePermissions,\n} from './scope-permissions.js'\n\n/**\n * Overrides the default permission set to allow transitional scopes to be used\n * in place of the generic scopes.\n */\nexport class ScopePermissionsTransition extends ScopePermissions {\n get hasTransitionGeneric(): boolean {\n return this.scopes.has('transition:generic')\n }\n\n get hasTransitionEmail(): boolean {\n return this.scopes.has('transition:email')\n }\n\n get hasTransitionChatBsky(): boolean {\n return this.scopes.has('transition:chat.bsky')\n }\n\n override allowsAccount(options: AccountPermissionMatch): boolean {\n if (\n options.attr === 'email' &&\n options.action === 'read' &&\n this.hasTransitionEmail\n ) {\n return true\n }\n\n return super.allowsAccount(options)\n }\n\n override allowsBlob(options: BlobPermissionMatch): boolean {\n if (this.hasTransitionGeneric) {\n return true\n }\n\n return super.allowsBlob(options)\n }\n\n override allowsRepo(options: RepoPermissionMatch): boolean {\n if (this.hasTransitionGeneric) {\n return true\n }\n\n return super.allowsRepo(options)\n }\n\n override allowsRpc(options: RpcPermissionMatch) {\n const { lxm } = options\n\n if (this.hasTransitionGeneric && lxm === '*') {\n return true\n }\n\n if (this.hasTransitionGeneric && !lxm.startsWith('chat.bsky.')) {\n return true\n }\n\n if (this.hasTransitionChatBsky && lxm.startsWith('chat.bsky.')) {\n return true\n }\n\n return super.allowsRpc(options)\n }\n}\n"]}
|
|
@@ -1,22 +1,13 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
const rpc_permission_js_1 = require("./scopes/rpc-permission.js");
|
|
10
|
-
const scopes_set_js_1 = require("./scopes-set.js");
|
|
11
|
-
class ScopePermissions {
|
|
1
|
+
import { ScopeMissingError } from './scope-missing-error.js';
|
|
2
|
+
import { AccountPermission, } from './scopes/account-permission.js';
|
|
3
|
+
import { BlobPermission, } from './scopes/blob-permission.js';
|
|
4
|
+
import { IdentityPermission, } from './scopes/identity-permission.js';
|
|
5
|
+
import { RepoPermission, } from './scopes/repo-permission.js';
|
|
6
|
+
import { RpcPermission } from './scopes/rpc-permission.js';
|
|
7
|
+
import { ScopesSet } from './scopes-set.js';
|
|
8
|
+
export class ScopePermissions {
|
|
12
9
|
constructor(scope) {
|
|
13
|
-
|
|
14
|
-
enumerable: true,
|
|
15
|
-
configurable: true,
|
|
16
|
-
writable: true,
|
|
17
|
-
value: void 0
|
|
18
|
-
});
|
|
19
|
-
this.scopes = new scopes_set_js_1.ScopesSet(!scope // "" | null | undefined
|
|
10
|
+
this.scopes = new ScopesSet(!scope // "" | null | undefined
|
|
20
11
|
? undefined
|
|
21
12
|
: typeof scope === 'string'
|
|
22
13
|
? scope.split(' ')
|
|
@@ -27,8 +18,8 @@ class ScopePermissions {
|
|
|
27
18
|
}
|
|
28
19
|
assertAccount(options) {
|
|
29
20
|
if (!this.allowsAccount(options)) {
|
|
30
|
-
const scope =
|
|
31
|
-
throw new
|
|
21
|
+
const scope = AccountPermission.scopeNeededFor(options);
|
|
22
|
+
throw new ScopeMissingError(scope);
|
|
32
23
|
}
|
|
33
24
|
}
|
|
34
25
|
allowsIdentity(options) {
|
|
@@ -36,8 +27,8 @@ class ScopePermissions {
|
|
|
36
27
|
}
|
|
37
28
|
assertIdentity(options) {
|
|
38
29
|
if (!this.allowsIdentity(options)) {
|
|
39
|
-
const scope =
|
|
40
|
-
throw new
|
|
30
|
+
const scope = IdentityPermission.scopeNeededFor(options);
|
|
31
|
+
throw new ScopeMissingError(scope);
|
|
41
32
|
}
|
|
42
33
|
}
|
|
43
34
|
allowsBlob(options) {
|
|
@@ -45,8 +36,8 @@ class ScopePermissions {
|
|
|
45
36
|
}
|
|
46
37
|
assertBlob(options) {
|
|
47
38
|
if (!this.allowsBlob(options)) {
|
|
48
|
-
const scope =
|
|
49
|
-
throw new
|
|
39
|
+
const scope = BlobPermission.scopeNeededFor(options);
|
|
40
|
+
throw new ScopeMissingError(scope);
|
|
50
41
|
}
|
|
51
42
|
}
|
|
52
43
|
allowsRepo(options) {
|
|
@@ -54,8 +45,8 @@ class ScopePermissions {
|
|
|
54
45
|
}
|
|
55
46
|
assertRepo(options) {
|
|
56
47
|
if (!this.allowsRepo(options)) {
|
|
57
|
-
const scope =
|
|
58
|
-
throw new
|
|
48
|
+
const scope = RepoPermission.scopeNeededFor(options);
|
|
49
|
+
throw new ScopeMissingError(scope);
|
|
59
50
|
}
|
|
60
51
|
}
|
|
61
52
|
allowsRpc(options) {
|
|
@@ -63,10 +54,9 @@ class ScopePermissions {
|
|
|
63
54
|
}
|
|
64
55
|
assertRpc(options) {
|
|
65
56
|
if (!this.allowsRpc(options)) {
|
|
66
|
-
const scope =
|
|
67
|
-
throw new
|
|
57
|
+
const scope = RpcPermission.scopeNeededFor(options);
|
|
58
|
+
throw new ScopeMissingError(scope);
|
|
68
59
|
}
|
|
69
60
|
}
|
|
70
61
|
}
|
|
71
|
-
exports.ScopePermissions = ScopePermissions;
|
|
72
62
|
//# sourceMappingURL=scope-permissions.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"scope-permissions.js","sourceRoot":"","sources":["../src/scope-permissions.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"scope-permissions.js","sourceRoot":"","sources":["../src/scope-permissions.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAA;AAC5D,OAAO,EACL,iBAAiB,GAElB,MAAM,gCAAgC,CAAA;AACvC,OAAO,EACL,cAAc,GAEf,MAAM,6BAA6B,CAAA;AACpC,OAAO,EACL,kBAAkB,GAEnB,MAAM,iCAAiC,CAAA;AACxC,OAAO,EACL,cAAc,GAEf,MAAM,6BAA6B,CAAA;AACpC,OAAO,EAAE,aAAa,EAAsB,MAAM,4BAA4B,CAAA;AAC9E,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAA;AAU3C,MAAM,OAAO,gBAAgB;IAG3B,YAAY,KAAwC;QAClD,IAAI,CAAC,MAAM,GAAG,IAAI,SAAS,CACzB,CAAC,KAAK,CAAC,wBAAwB;YAC7B,CAAC,CAAC,SAAS;YACX,CAAC,CAAC,OAAO,KAAK,KAAK,QAAQ;gBACzB,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC;gBAClB,CAAC,CAAC,KAAK,CACZ,CAAA;IACH,CAAC;IAEM,aAAa,CAAC,OAA+B;QAClD,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,SAAS,EAAE,OAAO,CAAC,CAAA;IAChD,CAAC;IACM,aAAa,CAAC,OAA+B;QAClD,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC,EAAE,CAAC;YACjC,MAAM,KAAK,GAAG,iBAAiB,CAAC,cAAc,CAAC,OAAO,CAAC,CAAA;YACvD,MAAM,IAAI,iBAAiB,CAAC,KAAK,CAAC,CAAA;QACpC,CAAC;IACH,CAAC;IAEM,cAAc,CAAC,OAAgC;QACpD,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,UAAU,EAAE,OAAO,CAAC,CAAA;IACjD,CAAC;IACM,cAAc,CAAC,OAAgC;QACpD,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,EAAE,CAAC;YAClC,MAAM,KAAK,GAAG,kBAAkB,CAAC,cAAc,CAAC,OAAO,CAAC,CAAA;YACxD,MAAM,IAAI,iBAAiB,CAAC,KAAK,CAAC,CAAA;QACpC,CAAC;IACH,CAAC;IAEM,UAAU,CAAC,OAA4B;QAC5C,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;IAC7C,CAAC;IACM,UAAU,CAAC,OAA4B;QAC5C,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;YAC9B,MAAM,KAAK,GAAG,cAAc,CAAC,cAAc,CAAC,OAAO,CAAC,CAAA;YACpD,MAAM,IAAI,iBAAiB,CAAC,KAAK,CAAC,CAAA;QACpC,CAAC;IACH,CAAC;IAEM,UAAU,CAAC,OAA4B;QAC5C,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;IAC7C,CAAC;IACM,UAAU,CAAC,OAA4B;QAC5C,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;YAC9B,MAAM,KAAK,GAAG,cAAc,CAAC,cAAc,CAAC,OAAO,CAAC,CAAA;YACpD,MAAM,IAAI,iBAAiB,CAAC,KAAK,CAAC,CAAA;QACpC,CAAC;IACH,CAAC;IAEM,SAAS,CAAC,OAA2B;QAC1C,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,OAAO,CAAC,CAAA;IAC5C,CAAC;IACM,SAAS,CAAC,OAA2B;QAC1C,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,CAAC;YAC7B,MAAM,KAAK,GAAG,aAAa,CAAC,cAAc,CAAC,OAAO,CAAC,CAAA;YACnD,MAAM,IAAI,iBAAiB,CAAC,KAAK,CAAC,CAAA;QACpC,CAAC;IACH,CAAC;CACF","sourcesContent":["import { ScopeMissingError } from './scope-missing-error.js'\nimport {\n AccountPermission,\n AccountPermissionMatch,\n} from './scopes/account-permission.js'\nimport {\n BlobPermission,\n BlobPermissionMatch,\n} from './scopes/blob-permission.js'\nimport {\n IdentityPermission,\n IdentityPermissionMatch,\n} from './scopes/identity-permission.js'\nimport {\n RepoPermission,\n RepoPermissionMatch,\n} from './scopes/repo-permission.js'\nimport { RpcPermission, RpcPermissionMatch } from './scopes/rpc-permission.js'\nimport { ScopesSet } from './scopes-set.js'\n\nexport type {\n AccountPermissionMatch,\n BlobPermissionMatch,\n IdentityPermissionMatch,\n RepoPermissionMatch,\n RpcPermissionMatch,\n}\n\nexport class ScopePermissions {\n public readonly scopes: ScopesSet\n\n constructor(scope?: null | string | Iterable<string>) {\n this.scopes = new ScopesSet(\n !scope // \"\" | null | undefined\n ? undefined\n : typeof scope === 'string'\n ? scope.split(' ')\n : scope,\n )\n }\n\n public allowsAccount(options: AccountPermissionMatch): boolean {\n return this.scopes.matches('account', options)\n }\n public assertAccount(options: AccountPermissionMatch): void {\n if (!this.allowsAccount(options)) {\n const scope = AccountPermission.scopeNeededFor(options)\n throw new ScopeMissingError(scope)\n }\n }\n\n public allowsIdentity(options: IdentityPermissionMatch): boolean {\n return this.scopes.matches('identity', options)\n }\n public assertIdentity(options: IdentityPermissionMatch): void {\n if (!this.allowsIdentity(options)) {\n const scope = IdentityPermission.scopeNeededFor(options)\n throw new ScopeMissingError(scope)\n }\n }\n\n public allowsBlob(options: BlobPermissionMatch): boolean {\n return this.scopes.matches('blob', options)\n }\n public assertBlob(options: BlobPermissionMatch): void {\n if (!this.allowsBlob(options)) {\n const scope = BlobPermission.scopeNeededFor(options)\n throw new ScopeMissingError(scope)\n }\n }\n\n public allowsRepo(options: RepoPermissionMatch): boolean {\n return this.scopes.matches('repo', options)\n }\n public assertRepo(options: RepoPermissionMatch): void {\n if (!this.allowsRepo(options)) {\n const scope = RepoPermission.scopeNeededFor(options)\n throw new ScopeMissingError(scope)\n }\n }\n\n public allowsRpc(options: RpcPermissionMatch): boolean {\n return this.scopes.matches('rpc', options)\n }\n public assertRpc(options: RpcPermissionMatch): void {\n if (!this.allowsRpc(options)) {\n const scope = RpcPermission.scopeNeededFor(options)\n throw new ScopeMissingError(scope)\n }\n }\n}\n"]}
|
|
@@ -1,30 +1,17 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
const
|
|
6
|
-
const syntax_js_1 = require("../lib/syntax.js");
|
|
7
|
-
const util_js_1 = require("../lib/util.js");
|
|
8
|
-
exports.ACCOUNT_ATTRIBUTES = Object.freeze([
|
|
1
|
+
import { Parser } from '../lib/parser.js';
|
|
2
|
+
import { ScopeStringSyntax } from '../lib/syntax-string.js';
|
|
3
|
+
import { isScopeStringFor } from '../lib/syntax.js';
|
|
4
|
+
import { knownValuesValidator } from '../lib/util.js';
|
|
5
|
+
export const ACCOUNT_ATTRIBUTES = Object.freeze([
|
|
9
6
|
'email',
|
|
10
7
|
'repo',
|
|
11
8
|
'status',
|
|
12
9
|
]);
|
|
13
|
-
|
|
14
|
-
class AccountPermission {
|
|
10
|
+
export const ACCOUNT_ACTIONS = Object.freeze(['read', 'manage']);
|
|
11
|
+
export class AccountPermission {
|
|
15
12
|
constructor(attr, action) {
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
configurable: true,
|
|
19
|
-
writable: true,
|
|
20
|
-
value: attr
|
|
21
|
-
});
|
|
22
|
-
Object.defineProperty(this, "action", {
|
|
23
|
-
enumerable: true,
|
|
24
|
-
configurable: true,
|
|
25
|
-
writable: true,
|
|
26
|
-
value: action
|
|
27
|
-
});
|
|
13
|
+
this.attr = attr;
|
|
14
|
+
this.action = action;
|
|
28
15
|
}
|
|
29
16
|
matches(options) {
|
|
30
17
|
return (this.attr === options.attr &&
|
|
@@ -33,10 +20,23 @@ class AccountPermission {
|
|
|
33
20
|
toString() {
|
|
34
21
|
return AccountPermission.parser.format(this);
|
|
35
22
|
}
|
|
23
|
+
static { this.parser = new Parser('account', {
|
|
24
|
+
attr: {
|
|
25
|
+
multiple: false,
|
|
26
|
+
required: true,
|
|
27
|
+
validate: knownValuesValidator(ACCOUNT_ATTRIBUTES),
|
|
28
|
+
},
|
|
29
|
+
action: {
|
|
30
|
+
multiple: true,
|
|
31
|
+
required: false,
|
|
32
|
+
validate: knownValuesValidator(ACCOUNT_ACTIONS),
|
|
33
|
+
default: ['read'],
|
|
34
|
+
},
|
|
35
|
+
}, 'attr'); }
|
|
36
36
|
static fromString(scope) {
|
|
37
|
-
if (!
|
|
37
|
+
if (!isScopeStringFor(scope, 'account'))
|
|
38
38
|
return null;
|
|
39
|
-
const syntax =
|
|
39
|
+
const syntax = ScopeStringSyntax.fromString(scope);
|
|
40
40
|
return AccountPermission.fromSyntax(syntax);
|
|
41
41
|
}
|
|
42
42
|
static fromSyntax(syntax) {
|
|
@@ -52,23 +52,4 @@ class AccountPermission {
|
|
|
52
52
|
});
|
|
53
53
|
}
|
|
54
54
|
}
|
|
55
|
-
exports.AccountPermission = AccountPermission;
|
|
56
|
-
Object.defineProperty(AccountPermission, "parser", {
|
|
57
|
-
enumerable: true,
|
|
58
|
-
configurable: true,
|
|
59
|
-
writable: true,
|
|
60
|
-
value: new parser_js_1.Parser('account', {
|
|
61
|
-
attr: {
|
|
62
|
-
multiple: false,
|
|
63
|
-
required: true,
|
|
64
|
-
validate: (0, util_js_1.knownValuesValidator)(exports.ACCOUNT_ATTRIBUTES),
|
|
65
|
-
},
|
|
66
|
-
action: {
|
|
67
|
-
multiple: true,
|
|
68
|
-
required: false,
|
|
69
|
-
validate: (0, util_js_1.knownValuesValidator)(exports.ACCOUNT_ACTIONS),
|
|
70
|
-
default: ['read'],
|
|
71
|
-
},
|
|
72
|
-
}, 'attr')
|
|
73
|
-
});
|
|
74
55
|
//# sourceMappingURL=account-permission.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"account-permission.js","sourceRoot":"","sources":["../../src/scopes/account-permission.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"account-permission.js","sourceRoot":"","sources":["../../src/scopes/account-permission.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAA;AAEzC,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAA;AAC3D,OAAO,EAA0B,gBAAgB,EAAE,MAAM,kBAAkB,CAAA;AAC3E,OAAO,EAAE,oBAAoB,EAAE,MAAM,gBAAgB,CAAA;AAErD,MAAM,CAAC,MAAM,kBAAkB,GAAG,MAAM,CAAC,MAAM,CAAC;IAC9C,OAAO;IACP,MAAM;IACN,QAAQ;CACA,CAAC,CAAA;AAGX,MAAM,CAAC,MAAM,eAAe,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,EAAE,QAAQ,CAAU,CAAC,CAAA;AAQzE,MAAM,OAAO,iBAAiB;IAG5B,YACkB,IAAsB,EACtB,MAAgC;QADhC,SAAI,GAAJ,IAAI,CAAkB;QACtB,WAAM,GAAN,MAAM,CAA0B;IAC/C,CAAC;IAEJ,OAAO,CAAC,OAA+B;QACrC,OAAO,CACL,IAAI,CAAC,IAAI,KAAK,OAAO,CAAC,IAAI;YAC1B,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CACzE,CAAA;IACH,CAAC;IAED,QAAQ;QACN,OAAO,iBAAiB,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAA;IAC9C,CAAC;aAEyB,WAAM,GAAG,IAAI,MAAM,CAC3C,SAAS,EACT;QACE,IAAI,EAAE;YACJ,QAAQ,EAAE,KAAK;YACf,QAAQ,EAAE,IAAI;YACd,QAAQ,EAAE,oBAAoB,CAAC,kBAAkB,CAAC;SACnD;QACD,MAAM,EAAE;YACN,QAAQ,EAAE,IAAI;YACd,QAAQ,EAAE,KAAK;YACf,QAAQ,EAAE,oBAAoB,CAAC,eAAe,CAAC;YAC/C,OAAO,EAAE,CAAC,MAAe,CAAC;SAC3B;KACF,EACD,MAAM,CACP,CAAA;IAED,MAAM,CAAC,UAAU,CAAC,KAAa;QAC7B,IAAI,CAAC,gBAAgB,CAAC,KAAK,EAAE,SAAS,CAAC;YAAE,OAAO,IAAI,CAAA;QACpD,MAAM,MAAM,GAAG,iBAAiB,CAAC,UAAU,CAAC,KAAK,CAAC,CAAA;QAClD,OAAO,iBAAiB,CAAC,UAAU,CAAC,MAAM,CAAC,CAAA;IAC7C,CAAC;IAED,MAAM,CAAC,UAAU,CAAC,MAA8B;QAC9C,MAAM,MAAM,GAAG,iBAAiB,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAA;QACrD,IAAI,CAAC,MAAM;YAAE,OAAO,IAAI,CAAA;QAExB,OAAO,IAAI,iBAAiB,CAAC,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,MAAM,CAAC,CAAA;IAC1D,CAAC;IAED,MAAM,CAAC,cAAc,CAAC,OAA+B;QACnD,OAAO,iBAAiB,CAAC,MAAM,CAAC,MAAM,CAAC;YACrC,IAAI,EAAE,OAAO,CAAC,IAAI;YAClB,MAAM,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC;SACzB,CAAC,CAAA;IACJ,CAAC","sourcesContent":["import { Parser } from '../lib/parser.js'\nimport { ResourcePermission } from '../lib/resource-permission.js'\nimport { ScopeStringSyntax } from '../lib/syntax-string.js'\nimport { NeRoArray, ScopeSyntax, isScopeStringFor } from '../lib/syntax.js'\nimport { knownValuesValidator } from '../lib/util.js'\n\nexport const ACCOUNT_ATTRIBUTES = Object.freeze([\n 'email',\n 'repo',\n 'status',\n] as const)\nexport type AccountAttribute = (typeof ACCOUNT_ATTRIBUTES)[number]\n\nexport const ACCOUNT_ACTIONS = Object.freeze(['read', 'manage'] as const)\nexport type AccountAction = (typeof ACCOUNT_ACTIONS)[number]\n\nexport type AccountPermissionMatch = {\n attr: AccountAttribute\n action: AccountAction\n}\n\nexport class AccountPermission\n implements ResourcePermission<'account', AccountPermissionMatch>\n{\n constructor(\n public readonly attr: AccountAttribute,\n public readonly action: NeRoArray<AccountAction>,\n ) {}\n\n matches(options: AccountPermissionMatch) {\n return (\n this.attr === options.attr &&\n (this.action.includes('manage') || this.action.includes(options.action))\n )\n }\n\n toString() {\n return AccountPermission.parser.format(this)\n }\n\n protected static readonly parser = new Parser(\n 'account',\n {\n attr: {\n multiple: false,\n required: true,\n validate: knownValuesValidator(ACCOUNT_ATTRIBUTES),\n },\n action: {\n multiple: true,\n required: false,\n validate: knownValuesValidator(ACCOUNT_ACTIONS),\n default: ['read' as const],\n },\n },\n 'attr',\n )\n\n static fromString(scope: string) {\n if (!isScopeStringFor(scope, 'account')) return null\n const syntax = ScopeStringSyntax.fromString(scope)\n return AccountPermission.fromSyntax(syntax)\n }\n\n static fromSyntax(syntax: ScopeSyntax<'account'>) {\n const result = AccountPermission.parser.parse(syntax)\n if (!result) return null\n\n return new AccountPermission(result.attr, result.action)\n }\n\n static scopeNeededFor(options: AccountPermissionMatch) {\n return AccountPermission.parser.format({\n attr: options.attr,\n action: [options.action],\n })\n }\n}\n"]}
|
|
@@ -1,30 +1,38 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
const
|
|
6
|
-
|
|
7
|
-
const syntax_js_1 = require("../lib/syntax.js");
|
|
8
|
-
exports.DEFAULT_ACCEPT = Object.freeze(['*/*']);
|
|
9
|
-
class BlobPermission {
|
|
1
|
+
import { isAccept, matchesAnyAccept } from '../lib/mime.js';
|
|
2
|
+
import { Parser } from '../lib/parser.js';
|
|
3
|
+
import { ScopeStringSyntax } from '../lib/syntax-string.js';
|
|
4
|
+
import { isScopeStringFor, } from '../lib/syntax.js';
|
|
5
|
+
export const DEFAULT_ACCEPT = Object.freeze(['*/*']);
|
|
6
|
+
export class BlobPermission {
|
|
10
7
|
constructor(accept) {
|
|
11
|
-
|
|
12
|
-
enumerable: true,
|
|
13
|
-
configurable: true,
|
|
14
|
-
writable: true,
|
|
15
|
-
value: accept
|
|
16
|
-
});
|
|
8
|
+
this.accept = accept;
|
|
17
9
|
}
|
|
18
10
|
matches(options) {
|
|
19
|
-
return
|
|
11
|
+
return matchesAnyAccept(this.accept, options.mime);
|
|
20
12
|
}
|
|
21
13
|
toString() {
|
|
22
14
|
return BlobPermission.parser.format(this);
|
|
23
15
|
}
|
|
16
|
+
static { this.parser = new Parser('blob', {
|
|
17
|
+
accept: {
|
|
18
|
+
multiple: true,
|
|
19
|
+
required: true,
|
|
20
|
+
validate: isAccept,
|
|
21
|
+
normalize: (value) => {
|
|
22
|
+
// Returns a more concise representation of the accept values.
|
|
23
|
+
if (value.includes('*/*'))
|
|
24
|
+
return DEFAULT_ACCEPT;
|
|
25
|
+
return value
|
|
26
|
+
.map(toLowerCase)
|
|
27
|
+
.filter(isNonRedundant)
|
|
28
|
+
.sort();
|
|
29
|
+
},
|
|
30
|
+
},
|
|
31
|
+
}, 'accept'); }
|
|
24
32
|
static fromString(scope) {
|
|
25
|
-
if (!
|
|
33
|
+
if (!isScopeStringFor(scope, 'blob'))
|
|
26
34
|
return null;
|
|
27
|
-
const syntax =
|
|
35
|
+
const syntax = ScopeStringSyntax.fromString(scope);
|
|
28
36
|
return BlobPermission.fromSyntax(syntax);
|
|
29
37
|
}
|
|
30
38
|
static fromSyntax(syntax) {
|
|
@@ -39,28 +47,6 @@ class BlobPermission {
|
|
|
39
47
|
});
|
|
40
48
|
}
|
|
41
49
|
}
|
|
42
|
-
exports.BlobPermission = BlobPermission;
|
|
43
|
-
Object.defineProperty(BlobPermission, "parser", {
|
|
44
|
-
enumerable: true,
|
|
45
|
-
configurable: true,
|
|
46
|
-
writable: true,
|
|
47
|
-
value: new parser_js_1.Parser('blob', {
|
|
48
|
-
accept: {
|
|
49
|
-
multiple: true,
|
|
50
|
-
required: true,
|
|
51
|
-
validate: mime_js_1.isAccept,
|
|
52
|
-
normalize: (value) => {
|
|
53
|
-
// Returns a more concise representation of the accept values.
|
|
54
|
-
if (value.includes('*/*'))
|
|
55
|
-
return exports.DEFAULT_ACCEPT;
|
|
56
|
-
return value
|
|
57
|
-
.map(toLowerCase)
|
|
58
|
-
.filter(isNonRedundant)
|
|
59
|
-
.sort();
|
|
60
|
-
},
|
|
61
|
-
},
|
|
62
|
-
}, 'accept')
|
|
63
|
-
});
|
|
64
50
|
function toLowerCase(value) {
|
|
65
51
|
return (typeof value === 'string' ? value.toLowerCase() : value);
|
|
66
52
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"blob-permission.js","sourceRoot":"","sources":["../../src/scopes/blob-permission.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"blob-permission.js","sourceRoot":"","sources":["../../src/scopes/blob-permission.ts"],"names":[],"mappings":"AAAA,OAAO,EAAU,QAAQ,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAA;AACnE,OAAO,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAA;AAEzC,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAA;AAC3D,OAAO,EAKL,gBAAgB,GACjB,MAAM,kBAAkB,CAAA;AAIzB,MAAM,CAAC,MAAM,cAAc,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,KAAK,CAAU,CAAC,CAAA;AAM7D,MAAM,OAAO,cAAc;IAGzB,YAA4B,MAAyB;QAAzB,WAAM,GAAN,MAAM,CAAmB;IAAG,CAAC;IAEzD,OAAO,CAAC,OAA4B;QAClC,OAAO,gBAAgB,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC,IAAI,CAAC,CAAA;IACpD,CAAC;IAED,QAAQ;QACN,OAAO,cAAc,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAA;IAC3C,CAAC;aAEyB,WAAM,GAAG,IAAI,MAAM,CAC3C,MAAM,EACN;QACE,MAAM,EAAE;YACN,QAAQ,EAAE,IAAI;YACd,QAAQ,EAAE,IAAI;YACd,QAAQ,EAAE,QAAQ;YAClB,SAAS,EAAE,CAAC,KAAK,EAAE,EAAE;gBACnB,8DAA8D;gBAC9D,IAAI,KAAK,CAAC,QAAQ,CAAC,KAAK,CAAC;oBAAE,OAAO,cAAc,CAAA;gBAEhD,OAAO,KAAK;qBACT,GAAG,CAAC,WAAW,CAAC;qBAChB,MAAM,CAAC,cAAc,CAAC;qBACtB,IAAI,EAAqB,CAAA;YAC9B,CAAC;SACF;KACF,EACD,QAAQ,CACT,CAAA;IAED,MAAM,CAAC,UAAU,CAAC,KAAa;QAC7B,IAAI,CAAC,gBAAgB,CAAC,KAAK,EAAE,MAAM,CAAC;YAAE,OAAO,IAAI,CAAA;QACjD,MAAM,MAAM,GAAG,iBAAiB,CAAC,UAAU,CAAC,KAAK,CAAC,CAAA;QAClD,OAAO,cAAc,CAAC,UAAU,CAAC,MAAM,CAAC,CAAA;IAC1C,CAAC;IAED,MAAM,CAAC,UAAU,CAAC,MAA2B;QAC3C,MAAM,MAAM,GAAG,cAAc,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAA;QAClD,IAAI,CAAC,MAAM;YAAE,OAAO,IAAI,CAAA;QAExB,OAAO,IAAI,cAAc,CAAC,MAAM,CAAC,MAAM,CAAC,CAAA;IAC1C,CAAC;IAED,MAAM,CAAC,cAAc,CAAC,OAA4B;QAChD,OAAO,cAAc,CAAC,MAAM,CAAC,MAAM,CAAC;YAClC,MAAM,EAAE,CAAC,OAAO,CAAC,IAAc,CAAC;SACjC,CAAC,CAAA;IACJ,CAAC;;AAGH,SAAS,WAAW,CAClB,KAAQ;IAER,OAAO,CACL,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,KAAK,CACvB,CAAA;AACpC,CAAC;AAED,SAAS,cAAc,CACrB,KAAiB,EACjB,KAAa,EACb,GAA0B;IAE1B,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,OAAO,IAAI,CAAA;IACb,CAAC;IACD,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QACzB,4EAA4E;QAC5E,8DAA8D;QAC9D,OAAO,IAAI,CAAA;IACb,CAAC;IACD,MAAM,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;IACnC,IAAI,GAAG,CAAC,QAAQ,CAAC,GAAG,IAAI,IAAI,CAAC,EAAE,CAAC;QAC9B,wEAAwE;QACxE,2EAA2E;QAC3E,0EAA0E;QAC1E,MAAM;QACN,OAAO,KAAK,CAAA;IACd,CAAC;IACD,OAAO,IAAI,CAAA;AACb,CAAC","sourcesContent":["import { Accept, isAccept, matchesAnyAccept } from '../lib/mime.js'\nimport { Parser } from '../lib/parser.js'\nimport { ResourcePermission } from '../lib/resource-permission.js'\nimport { ScopeStringSyntax } from '../lib/syntax-string.js'\nimport {\n NeArray,\n NeRoArray,\n ParamValue,\n ScopeSyntax,\n isScopeStringFor,\n} from '../lib/syntax.js'\n\nexport { type Accept }\n\nexport const DEFAULT_ACCEPT = Object.freeze(['*/*'] as const)\n\nexport type BlobPermissionMatch = {\n mime: string\n}\n\nexport class BlobPermission\n implements ResourcePermission<'blob', BlobPermissionMatch>\n{\n constructor(public readonly accept: NeRoArray<Accept>) {}\n\n matches(options: BlobPermissionMatch) {\n return matchesAnyAccept(this.accept, options.mime)\n }\n\n toString() {\n return BlobPermission.parser.format(this)\n }\n\n protected static readonly parser = new Parser(\n 'blob',\n {\n accept: {\n multiple: true,\n required: true,\n validate: isAccept,\n normalize: (value) => {\n // Returns a more concise representation of the accept values.\n if (value.includes('*/*')) return DEFAULT_ACCEPT\n\n return value\n .map(toLowerCase)\n .filter(isNonRedundant)\n .sort() as NeArray<Accept>\n },\n },\n },\n 'accept',\n )\n\n static fromString(scope: string) {\n if (!isScopeStringFor(scope, 'blob')) return null\n const syntax = ScopeStringSyntax.fromString(scope)\n return BlobPermission.fromSyntax(syntax)\n }\n\n static fromSyntax(syntax: ScopeSyntax<'blob'>) {\n const result = BlobPermission.parser.parse(syntax)\n if (!result) return null\n\n return new BlobPermission(result.accept)\n }\n\n static scopeNeededFor(options: BlobPermissionMatch) {\n return BlobPermission.parser.format({\n accept: [options.mime as Accept],\n })\n }\n}\n\nfunction toLowerCase<T extends ParamValue>(\n value: T,\n): T extends string ? string : T {\n return (\n typeof value === 'string' ? value.toLowerCase() : value\n ) as T extends string ? string : T\n}\n\nfunction isNonRedundant(\n value: ParamValue,\n index: number,\n arr: readonly ParamValue[],\n): boolean {\n if (typeof value !== 'string') {\n return true\n }\n if (value.endsWith('/*')) {\n // assuming the array contains unique element, wildcards cannot be redundant\n // with one another ('image/*' is not redundant with 'text/*')\n return true\n }\n const base = value.split('/', 1)[0]\n if (arr.includes(`${base}/*`)) {\n // If another value in the array is a wildcard for the same base, we can\n // skip this one as it is redundant. e.g. if the array contains 'image/png'\n // and 'image/*', we can skip 'image/png' because 'image/*' already covers\n // it.\n return false\n }\n return true\n}\n"]}
|
|
@@ -1,19 +1,11 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
const
|
|
6
|
-
|
|
7
|
-
const util_js_1 = require("../lib/util.js");
|
|
8
|
-
exports.IDENTITY_ATTRIBUTES = Object.freeze(['handle', '*']);
|
|
9
|
-
class IdentityPermission {
|
|
1
|
+
import { Parser } from '../lib/parser.js';
|
|
2
|
+
import { ScopeStringSyntax } from '../lib/syntax-string.js';
|
|
3
|
+
import { isScopeStringFor } from '../lib/syntax.js';
|
|
4
|
+
import { knownValuesValidator } from '../lib/util.js';
|
|
5
|
+
export const IDENTITY_ATTRIBUTES = Object.freeze(['handle', '*']);
|
|
6
|
+
export class IdentityPermission {
|
|
10
7
|
constructor(attr) {
|
|
11
|
-
|
|
12
|
-
enumerable: true,
|
|
13
|
-
configurable: true,
|
|
14
|
-
writable: true,
|
|
15
|
-
value: attr
|
|
16
|
-
});
|
|
8
|
+
this.attr = attr;
|
|
17
9
|
}
|
|
18
10
|
matches(options) {
|
|
19
11
|
return this.attr === '*' || this.attr === options.attr;
|
|
@@ -21,10 +13,17 @@ class IdentityPermission {
|
|
|
21
13
|
toString() {
|
|
22
14
|
return IdentityPermission.parser.format(this);
|
|
23
15
|
}
|
|
16
|
+
static { this.parser = new Parser('identity', {
|
|
17
|
+
attr: {
|
|
18
|
+
multiple: false,
|
|
19
|
+
required: true,
|
|
20
|
+
validate: knownValuesValidator(IDENTITY_ATTRIBUTES),
|
|
21
|
+
},
|
|
22
|
+
}, 'attr'); }
|
|
24
23
|
static fromString(scope) {
|
|
25
|
-
if (!
|
|
24
|
+
if (!isScopeStringFor(scope, 'identity'))
|
|
26
25
|
return null;
|
|
27
|
-
const syntax =
|
|
26
|
+
const syntax = ScopeStringSyntax.fromString(scope);
|
|
28
27
|
return IdentityPermission.fromSyntax(syntax);
|
|
29
28
|
}
|
|
30
29
|
static fromSyntax(syntax) {
|
|
@@ -37,17 +36,4 @@ class IdentityPermission {
|
|
|
37
36
|
return IdentityPermission.parser.format(options);
|
|
38
37
|
}
|
|
39
38
|
}
|
|
40
|
-
exports.IdentityPermission = IdentityPermission;
|
|
41
|
-
Object.defineProperty(IdentityPermission, "parser", {
|
|
42
|
-
enumerable: true,
|
|
43
|
-
configurable: true,
|
|
44
|
-
writable: true,
|
|
45
|
-
value: new parser_js_1.Parser('identity', {
|
|
46
|
-
attr: {
|
|
47
|
-
multiple: false,
|
|
48
|
-
required: true,
|
|
49
|
-
validate: (0, util_js_1.knownValuesValidator)(exports.IDENTITY_ATTRIBUTES),
|
|
50
|
-
},
|
|
51
|
-
}, 'attr')
|
|
52
|
-
});
|
|
53
39
|
//# sourceMappingURL=identity-permission.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"identity-permission.js","sourceRoot":"","sources":["../../src/scopes/identity-permission.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"identity-permission.js","sourceRoot":"","sources":["../../src/scopes/identity-permission.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAA;AAEzC,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAA;AAC3D,OAAO,EAAe,gBAAgB,EAAE,MAAM,kBAAkB,CAAA;AAChE,OAAO,EAAE,oBAAoB,EAAE,MAAM,gBAAgB,CAAA;AAErD,MAAM,CAAC,MAAM,mBAAmB,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,GAAG,CAAU,CAAC,CAAA;AAO1E,MAAM,OAAO,kBAAkB;IAG7B,YAA4B,IAAuB;QAAvB,SAAI,GAAJ,IAAI,CAAmB;IAAG,CAAC;IAEvD,OAAO,CAAC,OAAgC;QACtC,OAAO,IAAI,CAAC,IAAI,KAAK,GAAG,IAAI,IAAI,CAAC,IAAI,KAAK,OAAO,CAAC,IAAI,CAAA;IACxD,CAAC;IAED,QAAQ;QACN,OAAO,kBAAkB,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAA;IAC/C,CAAC;aAEyB,WAAM,GAAG,IAAI,MAAM,CAC3C,UAAU,EACV;QACE,IAAI,EAAE;YACJ,QAAQ,EAAE,KAAK;YACf,QAAQ,EAAE,IAAI;YACd,QAAQ,EAAE,oBAAoB,CAAC,mBAAmB,CAAC;SACpD;KACF,EACD,MAAM,CACP,CAAA;IAED,MAAM,CAAC,UAAU,CAAC,KAAa;QAC7B,IAAI,CAAC,gBAAgB,CAAC,KAAK,EAAE,UAAU,CAAC;YAAE,OAAO,IAAI,CAAA;QACrD,MAAM,MAAM,GAAG,iBAAiB,CAAC,UAAU,CAAC,KAAK,CAAC,CAAA;QAClD,OAAO,kBAAkB,CAAC,UAAU,CAAC,MAAM,CAAC,CAAA;IAC9C,CAAC;IAED,MAAM,CAAC,UAAU,CAAC,MAA+B;QAC/C,MAAM,MAAM,GAAG,kBAAkB,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAA;QACtD,IAAI,CAAC,MAAM;YAAE,OAAO,IAAI,CAAA;QACxB,OAAO,IAAI,kBAAkB,CAAC,MAAM,CAAC,IAAI,CAAC,CAAA;IAC5C,CAAC;IAED,MAAM,CAAC,cAAc,CAAC,OAAgC;QACpD,OAAO,kBAAkB,CAAC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAA;IAClD,CAAC","sourcesContent":["import { Parser } from '../lib/parser.js'\nimport { ResourcePermission } from '../lib/resource-permission.js'\nimport { ScopeStringSyntax } from '../lib/syntax-string.js'\nimport { ScopeSyntax, isScopeStringFor } from '../lib/syntax.js'\nimport { knownValuesValidator } from '../lib/util.js'\n\nexport const IDENTITY_ATTRIBUTES = Object.freeze(['handle', '*'] as const)\nexport type IdentityAttribute = (typeof IDENTITY_ATTRIBUTES)[number]\n\nexport type IdentityPermissionMatch = {\n attr: IdentityAttribute\n}\n\nexport class IdentityPermission\n implements ResourcePermission<'identity', IdentityPermissionMatch>\n{\n constructor(public readonly attr: IdentityAttribute) {}\n\n matches(options: IdentityPermissionMatch) {\n return this.attr === '*' || this.attr === options.attr\n }\n\n toString() {\n return IdentityPermission.parser.format(this)\n }\n\n protected static readonly parser = new Parser(\n 'identity',\n {\n attr: {\n multiple: false,\n required: true,\n validate: knownValuesValidator(IDENTITY_ATTRIBUTES),\n },\n },\n 'attr',\n )\n\n static fromString(scope: string) {\n if (!isScopeStringFor(scope, 'identity')) return null\n const syntax = ScopeStringSyntax.fromString(scope)\n return IdentityPermission.fromSyntax(syntax)\n }\n\n static fromSyntax(syntax: ScopeSyntax<'identity'>) {\n const result = IdentityPermission.parser.parse(syntax)\n if (!result) return null\n return new IdentityPermission(result.attr)\n }\n\n static scopeNeededFor(options: IdentityPermissionMatch): string {\n return IdentityPermission.parser.format(options)\n }\n}\n"]}
|