@backstage-community/plugin-rbac-common 1.14.1 → 1.15.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +10 -0
- package/dist/index.d.ts +4 -2
- package/dist/permissions.cjs.js +1 -2
- package/dist/permissions.cjs.js.map +1 -1
- package/dist/permissions.esm.js +1 -2
- package/dist/permissions.esm.js.map +1 -1
- package/dist/types.cjs.js.map +1 -1
- package/dist/types.esm.js.map +1 -1
- package/package.json +1 -1
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,15 @@
|
|
|
1
1
|
## @backstage-community/plugin-rbac-common [1.8.2](https://github.com/janus-idp/backstage-plugins/compare/@backstage-community/plugin-rbac-common@1.8.1...@backstage-community/plugin-rbac-common@1.8.2) (2024-08-06)
|
|
2
2
|
|
|
3
|
+
## 1.15.0
|
|
4
|
+
|
|
5
|
+
### Minor Changes
|
|
6
|
+
|
|
7
|
+
- d278b4c: Adds the ability to assign ownership to roles that can then be used to conditionally filter roles, permission policies, and conditional policies. The conditional filter can now be accomplished through the use of the new RBAC conditional rule `IS_OWNER`.
|
|
8
|
+
|
|
9
|
+
`IS_OWNER` can be used to grant limited access to the RBAC plugins where in admins might want leads to control their own team's access.
|
|
10
|
+
|
|
11
|
+
Removed the resource type from the `policy.entity.create` permission to prevent conditional rules being applied to the permission. At the moment, the plugins will still continue to work as expected. However, it is strongly recommended updating all permission policies that utilize the resource type `policy-entity` with the action `create` (ex. `role:default/some_role, policy-entity, create, allow` to `role:default/some_role, policy.entity.create, create, allow`) to prevent any future degradation in service. A migration has been supplied to automatically update all permission policies that have not originated from the CSV file. The CSV file was skipped as a duplication event could happen during reloads / restarts. This means that the CSV file will need to be updated manually to ensure that all references to the old permission policy, resource type `policy-entity` with an action of `create`, have been updated to the named permission `policy.entity.create` with an action of `create`.
|
|
12
|
+
|
|
3
13
|
## 1.14.1
|
|
4
14
|
|
|
5
15
|
### Patch Changes
|
package/dist/index.d.ts
CHANGED
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
import { NotAllowedError } from '@backstage/errors';
|
|
2
|
+
import * as _backstage_plugin_permission_common from '@backstage/plugin-permission-common';
|
|
2
3
|
import { PermissionAttributes, ConditionalPolicyDecision, ResourcePermission } from '@backstage/plugin-permission-common';
|
|
3
4
|
|
|
4
5
|
/**
|
|
@@ -25,6 +26,7 @@ type RoleMetadata = {
|
|
|
25
26
|
author?: string;
|
|
26
27
|
lastModified?: string;
|
|
27
28
|
createdAt?: string;
|
|
29
|
+
owner?: string;
|
|
28
30
|
};
|
|
29
31
|
/**
|
|
30
32
|
* @public
|
|
@@ -161,7 +163,7 @@ declare const policyEntityReadPermission: ResourcePermission<"policy-entity">;
|
|
|
161
163
|
* @public
|
|
162
164
|
* This permission is used to authorize the creation of new permission policies.
|
|
163
165
|
*/
|
|
164
|
-
declare const policyEntityCreatePermission:
|
|
166
|
+
declare const policyEntityCreatePermission: _backstage_plugin_permission_common.BasicPermission;
|
|
165
167
|
/**
|
|
166
168
|
* @public
|
|
167
169
|
* This permission is used to authorize actions that involve removing permission
|
|
@@ -177,6 +179,6 @@ declare const policyEntityUpdatePermission: ResourcePermission<"policy-entity">;
|
|
|
177
179
|
* @public
|
|
178
180
|
* List of all permissions on permission polices.
|
|
179
181
|
*/
|
|
180
|
-
declare const policyEntityPermissions: ResourcePermission<"policy-entity">[];
|
|
182
|
+
declare const policyEntityPermissions: (ResourcePermission<"policy-entity"> | _backstage_plugin_permission_common.BasicPermission)[];
|
|
181
183
|
|
|
182
184
|
export { CONDITION_ALIAS_SIGN, ConditionalAliases, type NamedPolicy, type NonEmptyArray, type PermissionAction, PermissionActionValues, type PermissionInfo, type PermissionPolicyMetadata, type PluginPermissionMetaData, type Policy, type PolicyDetails, type PolicyEntityPermission, RESOURCE_TYPE_POLICY_ENTITY, type ResourcedPolicy, type Role, type RoleBasedPolicy, type RoleConditionalPolicyDecision, type RoleMetadata, type Source, UnauthorizedError, type UpdatePolicy, isResourcedPolicy, isValidPermissionAction, policyEntityCreatePermission, policyEntityDeletePermission, policyEntityPermissions, policyEntityReadPermission, policyEntityUpdatePermission, toPermissionAction };
|
package/dist/permissions.cjs.js
CHANGED
|
@@ -14,8 +14,7 @@ const policyEntityCreatePermission = pluginPermissionCommon.createPermission({
|
|
|
14
14
|
name: "policy.entity.create",
|
|
15
15
|
attributes: {
|
|
16
16
|
action: "create"
|
|
17
|
-
}
|
|
18
|
-
resourceType: RESOURCE_TYPE_POLICY_ENTITY
|
|
17
|
+
}
|
|
19
18
|
});
|
|
20
19
|
const policyEntityDeletePermission = pluginPermissionCommon.createPermission({
|
|
21
20
|
name: "policy.entity.delete",
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"permissions.cjs.js","sources":["../src/permissions.ts"],"sourcesContent":["/*\n * Copyright 2024 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\nimport {\n createPermission,\n ResourcePermission,\n} from '@backstage/plugin-permission-common';\n\n/**\n * @public\n */\nexport const RESOURCE_TYPE_POLICY_ENTITY = 'policy-entity';\n\n/**\n * @public\n * Convenience type for permission entity\n */\nexport type PolicyEntityPermission = ResourcePermission<\n typeof RESOURCE_TYPE_POLICY_ENTITY\n>;\n\n/**\n * @public\n * This permission is used to authorize actions that involve reading\n * permission policies.\n */\nexport const policyEntityReadPermission = createPermission({\n name: 'policy.entity.read',\n attributes: {\n action: 'read',\n },\n resourceType: RESOURCE_TYPE_POLICY_ENTITY,\n});\n\n/**\n * @public\n * This permission is used to authorize the creation of new permission policies.\n */\nexport const policyEntityCreatePermission = createPermission({\n name: 'policy.entity.create',\n attributes: {\n action: 'create',\n },\n
|
|
1
|
+
{"version":3,"file":"permissions.cjs.js","sources":["../src/permissions.ts"],"sourcesContent":["/*\n * Copyright 2024 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\nimport {\n createPermission,\n ResourcePermission,\n} from '@backstage/plugin-permission-common';\n\n/**\n * @public\n */\nexport const RESOURCE_TYPE_POLICY_ENTITY = 'policy-entity';\n\n/**\n * @public\n * Convenience type for permission entity\n */\nexport type PolicyEntityPermission = ResourcePermission<\n typeof RESOURCE_TYPE_POLICY_ENTITY\n>;\n\n/**\n * @public\n * This permission is used to authorize actions that involve reading\n * permission policies.\n */\nexport const policyEntityReadPermission = createPermission({\n name: 'policy.entity.read',\n attributes: {\n action: 'read',\n },\n resourceType: RESOURCE_TYPE_POLICY_ENTITY,\n});\n\n/**\n * @public\n * This permission is used to authorize the creation of new permission policies.\n */\nexport const policyEntityCreatePermission = createPermission({\n name: 'policy.entity.create',\n attributes: {\n action: 'create',\n },\n});\n\n/**\n * @public\n * This permission is used to authorize actions that involve removing permission\n * policies.\n */\nexport const policyEntityDeletePermission = createPermission({\n name: 'policy.entity.delete',\n attributes: {\n action: 'delete',\n },\n resourceType: RESOURCE_TYPE_POLICY_ENTITY,\n});\n\n/**\n * @public\n * This permission is used to authorize updating permission policies\n */\nexport const policyEntityUpdatePermission = createPermission({\n name: 'policy.entity.update',\n attributes: {\n action: 'update',\n },\n resourceType: RESOURCE_TYPE_POLICY_ENTITY,\n});\n\n/**\n * @public\n * List of all permissions on permission polices.\n */\nexport const policyEntityPermissions = [\n policyEntityReadPermission,\n policyEntityCreatePermission,\n policyEntityDeletePermission,\n policyEntityUpdatePermission,\n];\n"],"names":["createPermission"],"mappings":";;;;AAuBO,MAAM,2BAA8B,GAAA;AAepC,MAAM,6BAA6BA,uCAAiB,CAAA;AAAA,EACzD,IAAM,EAAA,oBAAA;AAAA,EACN,UAAY,EAAA;AAAA,IACV,MAAQ,EAAA;AAAA,GACV;AAAA,EACA,YAAc,EAAA;AAChB,CAAC;AAMM,MAAM,+BAA+BA,uCAAiB,CAAA;AAAA,EAC3D,IAAM,EAAA,sBAAA;AAAA,EACN,UAAY,EAAA;AAAA,IACV,MAAQ,EAAA;AAAA;AAEZ,CAAC;AAOM,MAAM,+BAA+BA,uCAAiB,CAAA;AAAA,EAC3D,IAAM,EAAA,sBAAA;AAAA,EACN,UAAY,EAAA;AAAA,IACV,MAAQ,EAAA;AAAA,GACV;AAAA,EACA,YAAc,EAAA;AAChB,CAAC;AAMM,MAAM,+BAA+BA,uCAAiB,CAAA;AAAA,EAC3D,IAAM,EAAA,sBAAA;AAAA,EACN,UAAY,EAAA;AAAA,IACV,MAAQ,EAAA;AAAA,GACV;AAAA,EACA,YAAc,EAAA;AAChB,CAAC;AAMM,MAAM,uBAA0B,GAAA;AAAA,EACrC,0BAAA;AAAA,EACA,4BAAA;AAAA,EACA,4BAAA;AAAA,EACA;AACF;;;;;;;;;"}
|
package/dist/permissions.esm.js
CHANGED
|
@@ -12,8 +12,7 @@ const policyEntityCreatePermission = createPermission({
|
|
|
12
12
|
name: "policy.entity.create",
|
|
13
13
|
attributes: {
|
|
14
14
|
action: "create"
|
|
15
|
-
}
|
|
16
|
-
resourceType: RESOURCE_TYPE_POLICY_ENTITY
|
|
15
|
+
}
|
|
17
16
|
});
|
|
18
17
|
const policyEntityDeletePermission = createPermission({
|
|
19
18
|
name: "policy.entity.delete",
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"permissions.esm.js","sources":["../src/permissions.ts"],"sourcesContent":["/*\n * Copyright 2024 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\nimport {\n createPermission,\n ResourcePermission,\n} from '@backstage/plugin-permission-common';\n\n/**\n * @public\n */\nexport const RESOURCE_TYPE_POLICY_ENTITY = 'policy-entity';\n\n/**\n * @public\n * Convenience type for permission entity\n */\nexport type PolicyEntityPermission = ResourcePermission<\n typeof RESOURCE_TYPE_POLICY_ENTITY\n>;\n\n/**\n * @public\n * This permission is used to authorize actions that involve reading\n * permission policies.\n */\nexport const policyEntityReadPermission = createPermission({\n name: 'policy.entity.read',\n attributes: {\n action: 'read',\n },\n resourceType: RESOURCE_TYPE_POLICY_ENTITY,\n});\n\n/**\n * @public\n * This permission is used to authorize the creation of new permission policies.\n */\nexport const policyEntityCreatePermission = createPermission({\n name: 'policy.entity.create',\n attributes: {\n action: 'create',\n },\n
|
|
1
|
+
{"version":3,"file":"permissions.esm.js","sources":["../src/permissions.ts"],"sourcesContent":["/*\n * Copyright 2024 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\nimport {\n createPermission,\n ResourcePermission,\n} from '@backstage/plugin-permission-common';\n\n/**\n * @public\n */\nexport const RESOURCE_TYPE_POLICY_ENTITY = 'policy-entity';\n\n/**\n * @public\n * Convenience type for permission entity\n */\nexport type PolicyEntityPermission = ResourcePermission<\n typeof RESOURCE_TYPE_POLICY_ENTITY\n>;\n\n/**\n * @public\n * This permission is used to authorize actions that involve reading\n * permission policies.\n */\nexport const policyEntityReadPermission = createPermission({\n name: 'policy.entity.read',\n attributes: {\n action: 'read',\n },\n resourceType: RESOURCE_TYPE_POLICY_ENTITY,\n});\n\n/**\n * @public\n * This permission is used to authorize the creation of new permission policies.\n */\nexport const policyEntityCreatePermission = createPermission({\n name: 'policy.entity.create',\n attributes: {\n action: 'create',\n },\n});\n\n/**\n * @public\n * This permission is used to authorize actions that involve removing permission\n * policies.\n */\nexport const policyEntityDeletePermission = createPermission({\n name: 'policy.entity.delete',\n attributes: {\n action: 'delete',\n },\n resourceType: RESOURCE_TYPE_POLICY_ENTITY,\n});\n\n/**\n * @public\n * This permission is used to authorize updating permission policies\n */\nexport const policyEntityUpdatePermission = createPermission({\n name: 'policy.entity.update',\n attributes: {\n action: 'update',\n },\n resourceType: RESOURCE_TYPE_POLICY_ENTITY,\n});\n\n/**\n * @public\n * List of all permissions on permission polices.\n */\nexport const policyEntityPermissions = [\n policyEntityReadPermission,\n policyEntityCreatePermission,\n policyEntityDeletePermission,\n policyEntityUpdatePermission,\n];\n"],"names":[],"mappings":";;AAuBO,MAAM,2BAA8B,GAAA;AAepC,MAAM,6BAA6B,gBAAiB,CAAA;AAAA,EACzD,IAAM,EAAA,oBAAA;AAAA,EACN,UAAY,EAAA;AAAA,IACV,MAAQ,EAAA;AAAA,GACV;AAAA,EACA,YAAc,EAAA;AAChB,CAAC;AAMM,MAAM,+BAA+B,gBAAiB,CAAA;AAAA,EAC3D,IAAM,EAAA,sBAAA;AAAA,EACN,UAAY,EAAA;AAAA,IACV,MAAQ,EAAA;AAAA;AAEZ,CAAC;AAOM,MAAM,+BAA+B,gBAAiB,CAAA;AAAA,EAC3D,IAAM,EAAA,sBAAA;AAAA,EACN,UAAY,EAAA;AAAA,IACV,MAAQ,EAAA;AAAA,GACV;AAAA,EACA,YAAc,EAAA;AAChB,CAAC;AAMM,MAAM,+BAA+B,gBAAiB,CAAA;AAAA,EAC3D,IAAM,EAAA,sBAAA;AAAA,EACN,UAAY,EAAA;AAAA,IACV,MAAQ,EAAA;AAAA,GACV;AAAA,EACA,YAAc,EAAA;AAChB,CAAC;AAMM,MAAM,uBAA0B,GAAA;AAAA,EACrC,0BAAA;AAAA,EACA,4BAAA;AAAA,EACA,4BAAA;AAAA,EACA;AACF;;;;"}
|
package/dist/types.cjs.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.cjs.js","sources":["../src/types.ts"],"sourcesContent":["/*\n * Copyright 2024 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\nimport { NotAllowedError } from '@backstage/errors';\nimport {\n ConditionalPolicyDecision,\n PermissionAttributes,\n} from '@backstage/plugin-permission-common';\n\n/**\n * @public\n * 'rest' created via REST API\n * 'csv-file' created via policies-csv-file with defined path in the application configuration\n * 'configuration' created from application configuration\n * 'legacy'; preexisting policies\n */\nexport type Source = string;\n\n/**\n * @public\n */\nexport type PermissionPolicyMetadata = {\n source: Source;\n};\n\n/**\n * @public\n */\nexport type RoleMetadata = {\n description?: string;\n source?: Source;\n modifiedBy?: string;\n author?: string;\n lastModified?: string;\n createdAt?: string;\n};\n\n/**\n * @public\n */\nexport type Policy = {\n permission?: string;\n policy?: string;\n};\n\n/**\n * @public\n */\nexport type RoleBasedPolicy = Policy & {\n entityReference?: string;\n effect?: string;\n metadata?: PermissionPolicyMetadata;\n};\n\n/**\n * @public\n */\nexport type Role = {\n memberReferences: string[];\n name: string;\n metadata?: RoleMetadata;\n};\n\n/**\n * @public\n */\nexport type UpdatePolicy = {\n oldPolicy: Policy;\n newPolicy: Policy;\n};\n\n/**\n * @public\n */\nexport type NamedPolicy = {\n name: string;\n\n policy: string;\n};\n\n/**\n * @public\n */\nexport type ResourcedPolicy = NamedPolicy & {\n resourceType: string;\n};\n\n/**\n * @public\n */\nexport type PolicyDetails = NamedPolicy | ResourcedPolicy;\n\n/**\n * @public\n */\nexport function isResourcedPolicy(\n policy: PolicyDetails,\n): policy is ResourcedPolicy {\n return 'resourceType' in policy;\n}\n\n/**\n * @public\n */\nexport type PluginPermissionMetaData = {\n pluginId: string;\n policies: PolicyDetails[];\n};\n\n/**\n * @public\n */\nexport type NonEmptyArray<T> = [T, ...T[]];\n\n/**\n * @public\n * Permission framework attributes action has values: 'create' | 'read' | 'update' | 'delete' | undefined.\n * But we are introducing an action named \"use\" when action does not exist('undefined') to avoid\n * a more complicated model with multiple policy and request shapes.\n */\nexport const PermissionActionValues = [\n 'create',\n 'read',\n 'update',\n 'delete',\n 'use',\n] as const;\n\n/**\n * @public\n */\nexport type PermissionAction = (typeof PermissionActionValues)[number];\n\n/**\n * @public\n */\nexport const toPermissionAction = (\n attr: PermissionAttributes,\n): PermissionAction => attr.action ?? 'use';\n\n/**\n * @public\n */\nexport function isValidPermissionAction(\n action: string,\n): action is PermissionAction {\n return (PermissionActionValues as readonly string[]).includes(action);\n}\n\n/**\n * @public\n */\nexport type PermissionInfo = {\n name: string;\n action: PermissionAction;\n};\n\n/**\n * @public\n * Frontend should use RoleConditionalPolicyDecision<PermissionAction>\n */\nexport type RoleConditionalPolicyDecision<\n T extends PermissionAction | PermissionInfo,\n> = ConditionalPolicyDecision & {\n id: number;\n roleEntityRef: string;\n\n permissionMapping: T[];\n};\n\n/**\n * @public\n */\nexport const ConditionalAliases = {\n CURRENT_USER: 'currentUser',\n OWNER_REFS: 'ownerRefs',\n} as const;\n\n/**\n * @public\n */\nexport const CONDITION_ALIAS_SIGN = '$';\n\n/**\n * @public\n * UnauthorizedError should be uniformely used for authorization errors.\n */\nexport class UnauthorizedError extends NotAllowedError {\n constructor() {\n super('Unauthorized');\n }\n}\n"],"names":["NotAllowedError"],"mappings":";;;;
|
|
1
|
+
{"version":3,"file":"types.cjs.js","sources":["../src/types.ts"],"sourcesContent":["/*\n * Copyright 2024 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\nimport { NotAllowedError } from '@backstage/errors';\nimport {\n ConditionalPolicyDecision,\n PermissionAttributes,\n} from '@backstage/plugin-permission-common';\n\n/**\n * @public\n * 'rest' created via REST API\n * 'csv-file' created via policies-csv-file with defined path in the application configuration\n * 'configuration' created from application configuration\n * 'legacy'; preexisting policies\n */\nexport type Source = string;\n\n/**\n * @public\n */\nexport type PermissionPolicyMetadata = {\n source: Source;\n};\n\n/**\n * @public\n */\nexport type RoleMetadata = {\n description?: string;\n source?: Source;\n modifiedBy?: string;\n author?: string;\n lastModified?: string;\n createdAt?: string;\n owner?: string;\n};\n\n/**\n * @public\n */\nexport type Policy = {\n permission?: string;\n policy?: string;\n};\n\n/**\n * @public\n */\nexport type RoleBasedPolicy = Policy & {\n entityReference?: string;\n effect?: string;\n metadata?: PermissionPolicyMetadata;\n};\n\n/**\n * @public\n */\nexport type Role = {\n memberReferences: string[];\n name: string;\n metadata?: RoleMetadata;\n};\n\n/**\n * @public\n */\nexport type UpdatePolicy = {\n oldPolicy: Policy;\n newPolicy: Policy;\n};\n\n/**\n * @public\n */\nexport type NamedPolicy = {\n name: string;\n\n policy: string;\n};\n\n/**\n * @public\n */\nexport type ResourcedPolicy = NamedPolicy & {\n resourceType: string;\n};\n\n/**\n * @public\n */\nexport type PolicyDetails = NamedPolicy | ResourcedPolicy;\n\n/**\n * @public\n */\nexport function isResourcedPolicy(\n policy: PolicyDetails,\n): policy is ResourcedPolicy {\n return 'resourceType' in policy;\n}\n\n/**\n * @public\n */\nexport type PluginPermissionMetaData = {\n pluginId: string;\n policies: PolicyDetails[];\n};\n\n/**\n * @public\n */\nexport type NonEmptyArray<T> = [T, ...T[]];\n\n/**\n * @public\n * Permission framework attributes action has values: 'create' | 'read' | 'update' | 'delete' | undefined.\n * But we are introducing an action named \"use\" when action does not exist('undefined') to avoid\n * a more complicated model with multiple policy and request shapes.\n */\nexport const PermissionActionValues = [\n 'create',\n 'read',\n 'update',\n 'delete',\n 'use',\n] as const;\n\n/**\n * @public\n */\nexport type PermissionAction = (typeof PermissionActionValues)[number];\n\n/**\n * @public\n */\nexport const toPermissionAction = (\n attr: PermissionAttributes,\n): PermissionAction => attr.action ?? 'use';\n\n/**\n * @public\n */\nexport function isValidPermissionAction(\n action: string,\n): action is PermissionAction {\n return (PermissionActionValues as readonly string[]).includes(action);\n}\n\n/**\n * @public\n */\nexport type PermissionInfo = {\n name: string;\n action: PermissionAction;\n};\n\n/**\n * @public\n * Frontend should use RoleConditionalPolicyDecision<PermissionAction>\n */\nexport type RoleConditionalPolicyDecision<\n T extends PermissionAction | PermissionInfo,\n> = ConditionalPolicyDecision & {\n id: number;\n roleEntityRef: string;\n\n permissionMapping: T[];\n};\n\n/**\n * @public\n */\nexport const ConditionalAliases = {\n CURRENT_USER: 'currentUser',\n OWNER_REFS: 'ownerRefs',\n} as const;\n\n/**\n * @public\n */\nexport const CONDITION_ALIAS_SIGN = '$';\n\n/**\n * @public\n * UnauthorizedError should be uniformely used for authorization errors.\n */\nexport class UnauthorizedError extends NotAllowedError {\n constructor() {\n super('Unauthorized');\n }\n}\n"],"names":["NotAllowedError"],"mappings":";;;;AA4GO,SAAS,kBACd,MAC2B,EAAA;AAC3B,EAAA,OAAO,cAAkB,IAAA,MAAA;AAC3B;AAqBO,MAAM,sBAAyB,GAAA;AAAA,EACpC,QAAA;AAAA,EACA,MAAA;AAAA,EACA,QAAA;AAAA,EACA,QAAA;AAAA,EACA;AACF;AAUO,MAAM,kBAAqB,GAAA,CAChC,IACqB,KAAA,IAAA,CAAK,MAAU,IAAA;AAK/B,SAAS,wBACd,MAC4B,EAAA;AAC5B,EAAQ,OAAA,sBAAA,CAA6C,SAAS,MAAM,CAAA;AACtE;AA0BO,MAAM,kBAAqB,GAAA;AAAA,EAChC,YAAc,EAAA,aAAA;AAAA,EACd,UAAY,EAAA;AACd;AAKO,MAAM,oBAAuB,GAAA;AAM7B,MAAM,0BAA0BA,sBAAgB,CAAA;AAAA,EACrD,WAAc,GAAA;AACZ,IAAA,KAAA,CAAM,cAAc,CAAA;AAAA;AAExB;;;;;;;;;;"}
|
package/dist/types.esm.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.esm.js","sources":["../src/types.ts"],"sourcesContent":["/*\n * Copyright 2024 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\nimport { NotAllowedError } from '@backstage/errors';\nimport {\n ConditionalPolicyDecision,\n PermissionAttributes,\n} from '@backstage/plugin-permission-common';\n\n/**\n * @public\n * 'rest' created via REST API\n * 'csv-file' created via policies-csv-file with defined path in the application configuration\n * 'configuration' created from application configuration\n * 'legacy'; preexisting policies\n */\nexport type Source = string;\n\n/**\n * @public\n */\nexport type PermissionPolicyMetadata = {\n source: Source;\n};\n\n/**\n * @public\n */\nexport type RoleMetadata = {\n description?: string;\n source?: Source;\n modifiedBy?: string;\n author?: string;\n lastModified?: string;\n createdAt?: string;\n};\n\n/**\n * @public\n */\nexport type Policy = {\n permission?: string;\n policy?: string;\n};\n\n/**\n * @public\n */\nexport type RoleBasedPolicy = Policy & {\n entityReference?: string;\n effect?: string;\n metadata?: PermissionPolicyMetadata;\n};\n\n/**\n * @public\n */\nexport type Role = {\n memberReferences: string[];\n name: string;\n metadata?: RoleMetadata;\n};\n\n/**\n * @public\n */\nexport type UpdatePolicy = {\n oldPolicy: Policy;\n newPolicy: Policy;\n};\n\n/**\n * @public\n */\nexport type NamedPolicy = {\n name: string;\n\n policy: string;\n};\n\n/**\n * @public\n */\nexport type ResourcedPolicy = NamedPolicy & {\n resourceType: string;\n};\n\n/**\n * @public\n */\nexport type PolicyDetails = NamedPolicy | ResourcedPolicy;\n\n/**\n * @public\n */\nexport function isResourcedPolicy(\n policy: PolicyDetails,\n): policy is ResourcedPolicy {\n return 'resourceType' in policy;\n}\n\n/**\n * @public\n */\nexport type PluginPermissionMetaData = {\n pluginId: string;\n policies: PolicyDetails[];\n};\n\n/**\n * @public\n */\nexport type NonEmptyArray<T> = [T, ...T[]];\n\n/**\n * @public\n * Permission framework attributes action has values: 'create' | 'read' | 'update' | 'delete' | undefined.\n * But we are introducing an action named \"use\" when action does not exist('undefined') to avoid\n * a more complicated model with multiple policy and request shapes.\n */\nexport const PermissionActionValues = [\n 'create',\n 'read',\n 'update',\n 'delete',\n 'use',\n] as const;\n\n/**\n * @public\n */\nexport type PermissionAction = (typeof PermissionActionValues)[number];\n\n/**\n * @public\n */\nexport const toPermissionAction = (\n attr: PermissionAttributes,\n): PermissionAction => attr.action ?? 'use';\n\n/**\n * @public\n */\nexport function isValidPermissionAction(\n action: string,\n): action is PermissionAction {\n return (PermissionActionValues as readonly string[]).includes(action);\n}\n\n/**\n * @public\n */\nexport type PermissionInfo = {\n name: string;\n action: PermissionAction;\n};\n\n/**\n * @public\n * Frontend should use RoleConditionalPolicyDecision<PermissionAction>\n */\nexport type RoleConditionalPolicyDecision<\n T extends PermissionAction | PermissionInfo,\n> = ConditionalPolicyDecision & {\n id: number;\n roleEntityRef: string;\n\n permissionMapping: T[];\n};\n\n/**\n * @public\n */\nexport const ConditionalAliases = {\n CURRENT_USER: 'currentUser',\n OWNER_REFS: 'ownerRefs',\n} as const;\n\n/**\n * @public\n */\nexport const CONDITION_ALIAS_SIGN = '$';\n\n/**\n * @public\n * UnauthorizedError should be uniformely used for authorization errors.\n */\nexport class UnauthorizedError extends NotAllowedError {\n constructor() {\n super('Unauthorized');\n }\n}\n"],"names":[],"mappings":";;
|
|
1
|
+
{"version":3,"file":"types.esm.js","sources":["../src/types.ts"],"sourcesContent":["/*\n * Copyright 2024 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\nimport { NotAllowedError } from '@backstage/errors';\nimport {\n ConditionalPolicyDecision,\n PermissionAttributes,\n} from '@backstage/plugin-permission-common';\n\n/**\n * @public\n * 'rest' created via REST API\n * 'csv-file' created via policies-csv-file with defined path in the application configuration\n * 'configuration' created from application configuration\n * 'legacy'; preexisting policies\n */\nexport type Source = string;\n\n/**\n * @public\n */\nexport type PermissionPolicyMetadata = {\n source: Source;\n};\n\n/**\n * @public\n */\nexport type RoleMetadata = {\n description?: string;\n source?: Source;\n modifiedBy?: string;\n author?: string;\n lastModified?: string;\n createdAt?: string;\n owner?: string;\n};\n\n/**\n * @public\n */\nexport type Policy = {\n permission?: string;\n policy?: string;\n};\n\n/**\n * @public\n */\nexport type RoleBasedPolicy = Policy & {\n entityReference?: string;\n effect?: string;\n metadata?: PermissionPolicyMetadata;\n};\n\n/**\n * @public\n */\nexport type Role = {\n memberReferences: string[];\n name: string;\n metadata?: RoleMetadata;\n};\n\n/**\n * @public\n */\nexport type UpdatePolicy = {\n oldPolicy: Policy;\n newPolicy: Policy;\n};\n\n/**\n * @public\n */\nexport type NamedPolicy = {\n name: string;\n\n policy: string;\n};\n\n/**\n * @public\n */\nexport type ResourcedPolicy = NamedPolicy & {\n resourceType: string;\n};\n\n/**\n * @public\n */\nexport type PolicyDetails = NamedPolicy | ResourcedPolicy;\n\n/**\n * @public\n */\nexport function isResourcedPolicy(\n policy: PolicyDetails,\n): policy is ResourcedPolicy {\n return 'resourceType' in policy;\n}\n\n/**\n * @public\n */\nexport type PluginPermissionMetaData = {\n pluginId: string;\n policies: PolicyDetails[];\n};\n\n/**\n * @public\n */\nexport type NonEmptyArray<T> = [T, ...T[]];\n\n/**\n * @public\n * Permission framework attributes action has values: 'create' | 'read' | 'update' | 'delete' | undefined.\n * But we are introducing an action named \"use\" when action does not exist('undefined') to avoid\n * a more complicated model with multiple policy and request shapes.\n */\nexport const PermissionActionValues = [\n 'create',\n 'read',\n 'update',\n 'delete',\n 'use',\n] as const;\n\n/**\n * @public\n */\nexport type PermissionAction = (typeof PermissionActionValues)[number];\n\n/**\n * @public\n */\nexport const toPermissionAction = (\n attr: PermissionAttributes,\n): PermissionAction => attr.action ?? 'use';\n\n/**\n * @public\n */\nexport function isValidPermissionAction(\n action: string,\n): action is PermissionAction {\n return (PermissionActionValues as readonly string[]).includes(action);\n}\n\n/**\n * @public\n */\nexport type PermissionInfo = {\n name: string;\n action: PermissionAction;\n};\n\n/**\n * @public\n * Frontend should use RoleConditionalPolicyDecision<PermissionAction>\n */\nexport type RoleConditionalPolicyDecision<\n T extends PermissionAction | PermissionInfo,\n> = ConditionalPolicyDecision & {\n id: number;\n roleEntityRef: string;\n\n permissionMapping: T[];\n};\n\n/**\n * @public\n */\nexport const ConditionalAliases = {\n CURRENT_USER: 'currentUser',\n OWNER_REFS: 'ownerRefs',\n} as const;\n\n/**\n * @public\n */\nexport const CONDITION_ALIAS_SIGN = '$';\n\n/**\n * @public\n * UnauthorizedError should be uniformely used for authorization errors.\n */\nexport class UnauthorizedError extends NotAllowedError {\n constructor() {\n super('Unauthorized');\n }\n}\n"],"names":[],"mappings":";;AA4GO,SAAS,kBACd,MAC2B,EAAA;AAC3B,EAAA,OAAO,cAAkB,IAAA,MAAA;AAC3B;AAqBO,MAAM,sBAAyB,GAAA;AAAA,EACpC,QAAA;AAAA,EACA,MAAA;AAAA,EACA,QAAA;AAAA,EACA,QAAA;AAAA,EACA;AACF;AAUO,MAAM,kBAAqB,GAAA,CAChC,IACqB,KAAA,IAAA,CAAK,MAAU,IAAA;AAK/B,SAAS,wBACd,MAC4B,EAAA;AAC5B,EAAQ,OAAA,sBAAA,CAA6C,SAAS,MAAM,CAAA;AACtE;AA0BO,MAAM,kBAAqB,GAAA;AAAA,EAChC,YAAc,EAAA,aAAA;AAAA,EACd,UAAY,EAAA;AACd;AAKO,MAAM,oBAAuB,GAAA;AAM7B,MAAM,0BAA0B,eAAgB,CAAA;AAAA,EACrD,WAAc,GAAA;AACZ,IAAA,KAAA,CAAM,cAAc,CAAA;AAAA;AAExB;;;;"}
|
package/package.json
CHANGED