@spinajs/rbac-http 2.0.349 → 2.0.351
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/cjs/controllers/GrantsController.d.ts +7 -0
- package/lib/cjs/controllers/GrantsController.d.ts.map +1 -0
- package/lib/cjs/controllers/GrantsController.js +37 -0
- package/lib/cjs/controllers/GrantsController.js.map +1 -0
- package/lib/cjs/decorators.d.ts +2 -2
- package/lib/cjs/decorators.d.ts.map +1 -1
- package/lib/cjs/decorators.js +4 -4
- package/lib/cjs/decorators.js.map +1 -1
- package/lib/cjs/index.d.ts +1 -0
- package/lib/cjs/index.d.ts.map +1 -1
- package/lib/cjs/index.js +1 -0
- package/lib/cjs/index.js.map +1 -1
- package/lib/cjs/interfaces.d.ts +2 -2
- package/lib/cjs/interfaces.d.ts.map +1 -1
- package/lib/cjs/policies/RbacPolicy.js +4 -4
- package/lib/cjs/policies/RbacPolicy.js.map +1 -1
- package/lib/mjs/controllers/GrantsController.d.ts +7 -0
- package/lib/mjs/controllers/GrantsController.d.ts.map +1 -0
- package/lib/mjs/controllers/GrantsController.js +34 -0
- package/lib/mjs/controllers/GrantsController.js.map +1 -0
- package/lib/mjs/decorators.d.ts +2 -2
- package/lib/mjs/decorators.d.ts.map +1 -1
- package/lib/mjs/decorators.js +4 -4
- package/lib/mjs/decorators.js.map +1 -1
- package/lib/mjs/index.d.ts +1 -0
- package/lib/mjs/index.d.ts.map +1 -1
- package/lib/mjs/index.js +1 -0
- package/lib/mjs/index.js.map +1 -1
- package/lib/mjs/interfaces.d.ts +2 -2
- package/lib/mjs/interfaces.d.ts.map +1 -1
- package/lib/mjs/policies/RbacPolicy.js +4 -4
- package/lib/mjs/policies/RbacPolicy.js.map +1 -1
- package/lib/tsconfig.cjs.tsbuildinfo +1 -1
- package/lib/tsconfig.mjs.tsbuildinfo +1 -1
- package/package.json +10 -10
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
import { BaseController, Ok } from '@spinajs/http';
|
|
2
|
+
import { AccessControl } from '@spinajs/rbac';
|
|
3
|
+
export declare class GrantsController extends BaseController {
|
|
4
|
+
protected AC: AccessControl;
|
|
5
|
+
getGrants(): Ok;
|
|
6
|
+
}
|
|
7
|
+
//# sourceMappingURL=GrantsController.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"GrantsController.d.ts","sourceRoot":"","sources":["../../../src/controllers/GrantsController.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAiB,EAAE,EAAU,MAAM,eAAe,CAAC;AAC1E,OAAO,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAI9C,qBAEa,gBAAiB,SAAQ,cAAc;IAGhD,SAAS,CAAC,EAAE,EAAE,aAAa,CAAC;IAGrB,SAAS;CAInB"}
|
|
@@ -0,0 +1,37 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
|
|
3
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
4
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
5
|
+
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
6
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
7
|
+
};
|
|
8
|
+
var __metadata = (this && this.__metadata) || function (k, v) {
|
|
9
|
+
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
10
|
+
};
|
|
11
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
|
+
exports.GrantsController = void 0;
|
|
13
|
+
const http_1 = require("@spinajs/http");
|
|
14
|
+
const rbac_1 = require("@spinajs/rbac");
|
|
15
|
+
const di_1 = require("@spinajs/di");
|
|
16
|
+
const LoggedPolicy_js_1 = require("../policies/LoggedPolicy.js");
|
|
17
|
+
let GrantsController = class GrantsController extends http_1.BaseController {
|
|
18
|
+
getGrants() {
|
|
19
|
+
return new http_1.Ok(this.AC.getGrants());
|
|
20
|
+
}
|
|
21
|
+
};
|
|
22
|
+
exports.GrantsController = GrantsController;
|
|
23
|
+
__decorate([
|
|
24
|
+
(0, di_1.Autoinject)(rbac_1.AccessControl),
|
|
25
|
+
__metadata("design:type", rbac_1.AccessControl)
|
|
26
|
+
], GrantsController.prototype, "AC", void 0);
|
|
27
|
+
__decorate([
|
|
28
|
+
(0, http_1.Get)(),
|
|
29
|
+
__metadata("design:type", Function),
|
|
30
|
+
__metadata("design:paramtypes", []),
|
|
31
|
+
__metadata("design:returntype", void 0)
|
|
32
|
+
], GrantsController.prototype, "getGrants", null);
|
|
33
|
+
exports.GrantsController = GrantsController = __decorate([
|
|
34
|
+
(0, http_1.BasePath)('grants'),
|
|
35
|
+
(0, http_1.Policy)(LoggedPolicy_js_1.LoggedPolicy)
|
|
36
|
+
], GrantsController);
|
|
37
|
+
//# sourceMappingURL=GrantsController.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"GrantsController.js","sourceRoot":"","sources":["../../../src/controllers/GrantsController.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,wCAA0E;AAC1E,wCAA8C;AAC9C,oCAAyC;AACzC,iEAA2D;AAIpD,IAAM,gBAAgB,GAAtB,MAAM,gBAAiB,SAAQ,qBAAc;IAMzC,SAAS;QACZ,OAAO,IAAI,SAAE,CAAC,IAAI,CAAC,EAAE,CAAC,SAAS,EAAE,CAAC,CAAC;IACvC,CAAC;CAEJ,CAAA;AAVY,4CAAgB;AAGf;IADT,IAAA,eAAU,EAAC,oBAAa,CAAC;8BACZ,oBAAa;4CAAC;AAGrB;IADN,IAAA,UAAG,GAAE;;;;iDAGL;2BARQ,gBAAgB;IAF5B,IAAA,eAAQ,EAAC,QAAQ,CAAC;IAClB,IAAA,aAAM,EAAC,8BAAY,CAAC;GACR,gBAAgB,CAU5B"}
|
package/lib/cjs/decorators.d.ts
CHANGED
|
@@ -7,14 +7,14 @@ export declare function setRbacMetadata(target: any, callback: (meta: IRbacDescr
|
|
|
7
7
|
* @param resource - name of resource
|
|
8
8
|
* @param permission - default permission
|
|
9
9
|
*/
|
|
10
|
-
export declare function Resource(resource: string, permission?: PermissionType): any;
|
|
10
|
+
export declare function Resource(resource: string, permission?: PermissionType[]): any;
|
|
11
11
|
/**
|
|
12
12
|
*
|
|
13
13
|
* Assigns permission for controller route
|
|
14
14
|
*
|
|
15
15
|
* @param permission - permission to set
|
|
16
16
|
*/
|
|
17
|
-
export declare function Permission(permission?: PermissionType): any;
|
|
17
|
+
export declare function Permission(permission?: PermissionType[]): any;
|
|
18
18
|
/**
|
|
19
19
|
* Retrieves user from session if is logged in
|
|
20
20
|
*/
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"decorators.d.ts","sourceRoot":"","sources":["../../src/decorators.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAkC,cAAc,EAAE,MAAM,iBAAiB,CAAC;AAIlG,eAAO,MAAM,yBAAyB,eAA6C,CAAC;AAEpF,wBAAgB,eAAe,CAAC,MAAM,EAAE,GAAG,EAAE,QAAQ,EAAE,CAAC,IAAI,EAAE,eAAe,KAAK,IAAI,QAerF;AAqBD;;;;;GAKG;AACH,wBAAgB,QAAQ,CAAC,QAAQ,EAAE,MAAM,EAAE,UAAU,GAAE,
|
|
1
|
+
{"version":3,"file":"decorators.d.ts","sourceRoot":"","sources":["../../src/decorators.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAkC,cAAc,EAAE,MAAM,iBAAiB,CAAC;AAIlG,eAAO,MAAM,yBAAyB,eAA6C,CAAC;AAEpF,wBAAgB,eAAe,CAAC,MAAM,EAAE,GAAG,EAAE,QAAQ,EAAE,CAAC,IAAI,EAAE,eAAe,KAAK,IAAI,QAerF;AAqBD;;;;;GAKG;AACH,wBAAgB,QAAQ,CAAC,QAAQ,EAAE,MAAM,EAAE,UAAU,GAAE,cAAc,EAAgB,OAOpF;AAED;;;;;GAKG;AACH,wBAAgB,UAAU,CAAC,UAAU,GAAE,cAAc,EAAgB,OAapE;AAED;;GAEG;AACH,wBAAgB,IAAI,0GAEnB;AAED;;GAEG;AACH,wBAAgB,WAAW,0GAE1B;AAED,wBAAgB,OAAO,0GAEtB"}
|
package/lib/cjs/decorators.js
CHANGED
|
@@ -10,7 +10,7 @@ function setRbacMetadata(target, callback) {
|
|
|
10
10
|
metadata = {
|
|
11
11
|
Resource: '',
|
|
12
12
|
Routes: new Map(),
|
|
13
|
-
Permission: 'readOwn',
|
|
13
|
+
Permission: ['readOwn'],
|
|
14
14
|
};
|
|
15
15
|
Reflect.defineMetadata(exports.ACL_CONTROLLER_DESCRIPTOR, metadata, target.prototype || target);
|
|
16
16
|
}
|
|
@@ -26,7 +26,7 @@ function descriptor(callback) {
|
|
|
26
26
|
metadata = {
|
|
27
27
|
Resource: '',
|
|
28
28
|
Routes: new Map(),
|
|
29
|
-
Permission: 'readOwn',
|
|
29
|
+
Permission: ['readOwn'],
|
|
30
30
|
};
|
|
31
31
|
Reflect.defineMetadata(exports.ACL_CONTROLLER_DESCRIPTOR, metadata, target.prototype || target);
|
|
32
32
|
}
|
|
@@ -41,7 +41,7 @@ function descriptor(callback) {
|
|
|
41
41
|
* @param resource - name of resource
|
|
42
42
|
* @param permission - default permission
|
|
43
43
|
*/
|
|
44
|
-
function Resource(resource, permission = 'readOwn') {
|
|
44
|
+
function Resource(resource, permission = ['readOwn']) {
|
|
45
45
|
return descriptor((metadata, target) => {
|
|
46
46
|
(0, http_1.Policy)(RbacPolicy_js_1.RbacPolicy)(target, null, null);
|
|
47
47
|
metadata.Resource = resource;
|
|
@@ -55,7 +55,7 @@ exports.Resource = Resource;
|
|
|
55
55
|
*
|
|
56
56
|
* @param permission - permission to set
|
|
57
57
|
*/
|
|
58
|
-
function Permission(permission = 'readOwn') {
|
|
58
|
+
function Permission(permission = ['readOwn']) {
|
|
59
59
|
return descriptor((metadata, target, propertyKey) => {
|
|
60
60
|
if (propertyKey) {
|
|
61
61
|
if (!metadata.Routes.has(propertyKey)) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"decorators.js","sourceRoot":"","sources":["../../src/decorators.ts"],"names":[],"mappings":";;;AACA,wCAAyD;AACzD,4DAAsD;AAEzC,QAAA,yBAAyB,GAAG,MAAM,CAAC,kCAAkC,CAAC,CAAC;AAEpF,SAAgB,eAAe,CAAC,MAAW,EAAE,QAAyC;IACpF,IAAI,QAAQ,GAAoB,OAAO,CAAC,WAAW,CAAC,iCAAyB,EAAE,MAAM,CAAC,SAAS,IAAI,MAAM,CAAC,CAAC;IAC3G,IAAI,CAAC,QAAQ,EAAE;QACb,QAAQ,GAAG;YACT,QAAQ,EAAE,EAAE;YACZ,MAAM,EAAE,IAAI,GAAG,EAA0C;YACzD,UAAU,EAAE,SAAS;
|
|
1
|
+
{"version":3,"file":"decorators.js","sourceRoot":"","sources":["../../src/decorators.ts"],"names":[],"mappings":";;;AACA,wCAAyD;AACzD,4DAAsD;AAEzC,QAAA,yBAAyB,GAAG,MAAM,CAAC,kCAAkC,CAAC,CAAC;AAEpF,SAAgB,eAAe,CAAC,MAAW,EAAE,QAAyC;IACpF,IAAI,QAAQ,GAAoB,OAAO,CAAC,WAAW,CAAC,iCAAyB,EAAE,MAAM,CAAC,SAAS,IAAI,MAAM,CAAC,CAAC;IAC3G,IAAI,CAAC,QAAQ,EAAE;QACb,QAAQ,GAAG;YACT,QAAQ,EAAE,EAAE;YACZ,MAAM,EAAE,IAAI,GAAG,EAA0C;YACzD,UAAU,EAAE,CAAC,SAAS,CAAC;SACxB,CAAC;QAEF,OAAO,CAAC,cAAc,CAAC,iCAAyB,EAAE,QAAQ,EAAE,MAAM,CAAC,SAAS,IAAI,MAAM,CAAC,CAAC;KACzF;IAED,IAAI,QAAQ,EAAE;QACZ,QAAQ,CAAC,QAAQ,CAAC,CAAC;KACpB;AACH,CAAC;AAfD,0CAeC;AAED,SAAS,UAAU,CAAC,QAA0I;IAC5J,OAAO,CAAC,MAAW,EAAE,WAA4B,EAAE,iBAA8C,EAAE,EAAE;QACnG,IAAI,QAAQ,GAAoB,OAAO,CAAC,WAAW,CAAC,iCAAyB,EAAE,MAAM,CAAC,SAAS,IAAI,MAAM,CAAC,CAAC;QAC3G,IAAI,CAAC,QAAQ,EAAE;YACb,QAAQ,GAAG;gBACT,QAAQ,EAAE,EAAE;gBACZ,MAAM,EAAE,IAAI,GAAG,EAA0C;gBACzD,UAAU,EAAE,CAAC,SAAS,CAAC;aACxB,CAAC;YAEF,OAAO,CAAC,cAAc,CAAC,iCAAyB,EAAE,QAAQ,EAAE,MAAM,CAAC,SAAS,IAAI,MAAM,CAAC,CAAC;SACzF;QAED,IAAI,QAAQ,EAAE;YACZ,QAAQ,CAAC,QAAQ,EAAE,MAAM,EAAE,WAAW,EAAE,iBAAiB,CAAC,CAAC;SAC5D;IACH,CAAC,CAAC;AACJ,CAAC;AAED;;;;;GAKG;AACH,SAAgB,QAAQ,CAAC,QAAgB,EAAE,aAA+B,CAAC,SAAS,CAAC;IACnF,OAAO,UAAU,CAAC,CAAC,QAAyB,EAAE,MAAW,EAAE,EAAE;QAC3D,IAAA,aAAM,EAAC,0BAAU,CAAC,CAAC,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;QAEvC,QAAQ,CAAC,QAAQ,GAAG,QAAQ,CAAC;QAC7B,QAAQ,CAAC,UAAU,GAAG,UAAU,CAAC;IACnC,CAAC,CAAC,CAAC;AACL,CAAC;AAPD,4BAOC;AAED;;;;;GAKG;AACH,SAAgB,UAAU,CAAC,aAA+B,CAAC,SAAS,CAAC;IACnE,OAAO,UAAU,CAAC,CAAC,QAAyB,EAAE,MAAW,EAAE,WAAmB,EAAE,EAAE;QAChF,IAAI,WAAW,EAAE;YACf,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE;gBACrC,MAAM,KAAK,GAAG;oBACZ,UAAU,EAAE,UAAU;iBACvB,CAAC;gBACF,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC;aACzC;SACF;QAED,IAAA,aAAM,EAAC,0BAAU,CAAC,CAAC,MAAM,EAAE,WAAW,EAAE,IAAI,CAAC,CAAC;IAChD,CAAC,CAAC,CAAC;AACL,CAAC;AAbD,gCAaC;AAED;;GAEG;AACH,SAAgB,IAAI;IAClB,OAAO,IAAA,YAAK,EAAC,IAAA,gBAAS,EAAC,SAAS,CAAC,CAAC,CAAC;AACrC,CAAC;AAFD,oBAEC;AAED;;GAEG;AACH,SAAgB,WAAW;IACzB,OAAO,IAAA,YAAK,EAAC,IAAA,gBAAS,EAAC,YAAY,CAAC,CAAC,CAAC;AACxC,CAAC;AAFD,kCAEC;AAED,SAAgB,OAAO;IACrB,OAAO,IAAA,YAAK,EAAC,IAAA,gBAAS,EAAC,mBAAmB,CAAC,CAAC,CAAC;AAC/C,CAAC;AAFD,0BAEC"}
|
package/lib/cjs/index.d.ts
CHANGED
|
@@ -9,4 +9,5 @@ export * from "./policies/BlockGuest.js";
|
|
|
9
9
|
export * from "./policies/LoggedPolicy.js";
|
|
10
10
|
export * from "./policies/NotLoggedPolicy.js";
|
|
11
11
|
export * from "./policies/RbacPolicy.js";
|
|
12
|
+
export * from "./controllers/GrantsController.js";
|
|
12
13
|
//# sourceMappingURL=index.d.ts.map
|
package/lib/cjs/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,iBAAiB,CAAC;AAChC,cAAc,iBAAiB,CAAC;AAChC,cAAc,kBAAkB,CAAC;AACjC,cAAc,0BAA0B,CAAC;AACzC,cAAc,mBAAmB,CAAC;AAClC,cAAc,iBAAiB,CAAC;AAEhC,cAAc,0BAA0B,CAAC;AACzC,cAAc,0BAA0B,CAAC;AACzC,cAAc,4BAA4B,CAAC;AAC3C,cAAc,+BAA+B,CAAC;AAC9C,cAAc,0BAA0B,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,iBAAiB,CAAC;AAChC,cAAc,iBAAiB,CAAC;AAChC,cAAc,kBAAkB,CAAC;AACjC,cAAc,0BAA0B,CAAC;AACzC,cAAc,mBAAmB,CAAC;AAClC,cAAc,iBAAiB,CAAC;AAEhC,cAAc,0BAA0B,CAAC;AACzC,cAAc,0BAA0B,CAAC;AACzC,cAAc,4BAA4B,CAAC;AAC3C,cAAc,+BAA+B,CAAC;AAC9C,cAAc,0BAA0B,CAAC;AAEzC,cAAc,mCAAmC,CAAC"}
|
package/lib/cjs/index.js
CHANGED
|
@@ -25,4 +25,5 @@ __exportStar(require("./policies/BlockGuest.js"), exports);
|
|
|
25
25
|
__exportStar(require("./policies/LoggedPolicy.js"), exports);
|
|
26
26
|
__exportStar(require("./policies/NotLoggedPolicy.js"), exports);
|
|
27
27
|
__exportStar(require("./policies/RbacPolicy.js"), exports);
|
|
28
|
+
__exportStar(require("./controllers/GrantsController.js"), exports);
|
|
28
29
|
//# sourceMappingURL=index.js.map
|
package/lib/cjs/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,kDAAgC;AAChC,kDAAgC;AAChC,mDAAiC;AACjC,2DAAyC;AACzC,oDAAkC;AAClC,kDAAgC;AAEhC,2DAAyC;AACzC,2DAAyC;AACzC,6DAA2C;AAC3C,gEAA8C;AAC9C,2DAAyC"}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,kDAAgC;AAChC,kDAAgC;AAChC,mDAAiC;AACjC,2DAAyC;AACzC,oDAAkC;AAClC,kDAAgC;AAEhC,2DAAyC;AACzC,2DAAyC;AACzC,6DAA2C;AAC3C,gEAA8C;AAC9C,2DAAyC;AAEzC,oEAAkD"}
|
package/lib/cjs/interfaces.d.ts
CHANGED
|
@@ -16,7 +16,7 @@ export interface IRbacDescriptor {
|
|
|
16
16
|
*
|
|
17
17
|
* '*' means that to acces resource we only need role with assigned resource
|
|
18
18
|
*/
|
|
19
|
-
Permission: PermissionType;
|
|
19
|
+
Permission: PermissionType[];
|
|
20
20
|
/**
|
|
21
21
|
* Per routes permissions
|
|
22
22
|
*/
|
|
@@ -26,7 +26,7 @@ export interface IRbacRoutePermissionDescriptor {
|
|
|
26
26
|
/**
|
|
27
27
|
* controller route permission. It overrides acl descriptor options
|
|
28
28
|
*/
|
|
29
|
-
Permission: PermissionType;
|
|
29
|
+
Permission: PermissionType[];
|
|
30
30
|
}
|
|
31
31
|
export declare abstract class TwoFactorAuthProvider {
|
|
32
32
|
/**
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"interfaces.d.ts","sourceRoot":"","sources":["../../src/interfaces.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AAE/C,MAAM,MAAM,cAAc,GAAG,SAAS,GAAG,SAAS,GAAG,WAAW,GAAG,WAAW,GAAG,WAAW,GAAG,WAAW,GAAG,WAAW,GAAG,WAAW,CAAC;AAEvI,OAAO,QAAQ,eAAe,CAAC;IAC7B,UAAU,0BAA0B;QAClC,IAAI,EAAE,IAAI,GAAG,IAAI,CAAC;QAClB,OAAO,EAAE,QAAQ,CAAC;KACnB;CACF;AAED,MAAM,WAAW,eAAe;IAC9B;;OAEG;IACH,QAAQ,EAAE,MAAM,CAAC;IAEjB;;;;OAIG;IACH,UAAU,EAAE,cAAc,CAAC;
|
|
1
|
+
{"version":3,"file":"interfaces.d.ts","sourceRoot":"","sources":["../../src/interfaces.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AAE/C,MAAM,MAAM,cAAc,GAAG,SAAS,GAAG,SAAS,GAAG,WAAW,GAAG,WAAW,GAAG,WAAW,GAAG,WAAW,GAAG,WAAW,GAAG,WAAW,CAAC;AAEvI,OAAO,QAAQ,eAAe,CAAC;IAC7B,UAAU,0BAA0B;QAClC,IAAI,EAAE,IAAI,GAAG,IAAI,CAAC;QAClB,OAAO,EAAE,QAAQ,CAAC;KACnB;CACF;AAED,MAAM,WAAW,eAAe;IAC9B;;OAEG;IACH,QAAQ,EAAE,MAAM,CAAC;IAEjB;;;;OAIG;IACH,UAAU,EAAE,cAAc,EAAE,CAAC;IAE7B;;OAEG;IACH,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE,8BAA8B,CAAC,CAAC;CACrD;AAED,MAAM,WAAW,8BAA8B;IAC7C;;OAEG;IACH,UAAU,EAAE,cAAc,EAAE,CAAC;CAC9B;AAED,8BAAsB,qBAAqB;IACzC;;OAEG;aACa,UAAU,CAAC,IAAI,EAAE,IAAI,GAAG,OAAO,CAAC,GAAG,GAAG,IAAI,CAAC;IAE3D;;OAEG;aACa,OAAO,CAAC,IAAI,EAAE,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;IAElD;;OAEG;aACa,WAAW,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,GAAG,OAAO,CAAC,OAAO,CAAC;IAExE;;OAEG;aACa,SAAS,CAAC,IAAI,EAAE,IAAI,GAAG,OAAO,CAAC,OAAO,CAAC;IAEvD;;;;OAIG;aACa,aAAa,CAAC,IAAI,EAAE,IAAI,GAAG,OAAO,CAAC,OAAO,CAAC;CAC5D;AAED,8BAAsB,mBAAmB;CAAG;AAE5C,MAAM,WAAW,mBAAmB;IAClC,OAAO,EAAE,OAAO,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,iBAAiB;IAChC,OAAO,EAAE,OAAO,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;CACjB"}
|
|
@@ -19,18 +19,18 @@ class RbacPolicy extends http_1.BasePolicy {
|
|
|
19
19
|
}
|
|
20
20
|
async execute(req, action, instance) {
|
|
21
21
|
const descriptor = Reflect.getMetadata(decorators_js_1.ACL_CONTROLLER_DESCRIPTOR, instance);
|
|
22
|
-
let permission = descriptor.Permission ??
|
|
22
|
+
let permission = descriptor.Permission ?? [];
|
|
23
23
|
// check if route has its own permission
|
|
24
24
|
if (descriptor.Routes.has(action.Method)) {
|
|
25
|
-
permission = descriptor.Routes.get(action.Method).Permission ??
|
|
25
|
+
permission = descriptor.Routes.get(action.Method).Permission ?? [];
|
|
26
26
|
}
|
|
27
|
-
if (!descriptor || !descriptor.Permission) {
|
|
27
|
+
if (!descriptor || !descriptor.Permission || descriptor.Permission.length === 0) {
|
|
28
28
|
throw new exceptions_1.Forbidden(`no route permission or resources assigned`);
|
|
29
29
|
}
|
|
30
30
|
if (!req.storage || !req.storage.User || !req.storage.Session.Data.get('Authorized')) {
|
|
31
31
|
throw new exceptions_1.Forbidden('user not logged or session expired');
|
|
32
32
|
}
|
|
33
|
-
if (!checkRoutePermission(req, descriptor.Resource,
|
|
33
|
+
if (!permission.some(p => checkRoutePermission(req, descriptor.Resource, p).granted)) {
|
|
34
34
|
throw new exceptions_1.Forbidden(`role(s) ${req.storage.User.Role} does not have permission ${permission} for resource ${descriptor.Resource}`);
|
|
35
35
|
}
|
|
36
36
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"RbacPolicy.js","sourceRoot":"","sources":["../../../src/policies/RbacPolicy.ts"],"names":[],"mappings":";;;AACA,wCAAqF;AACrF,oDAAgD;AAChD,oDAA6D;AAE7D,oCAAiC;AAGjC;;GAEG;AACH,MAAa,UAAW,SAAQ,iBAAU;IAGxC;QACE,KAAK,EAAE,CAAC;QAER,IAAI,CAAC,EAAE,GAAG,OAAE,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;IACpC,CAAC;IAEM,SAAS,CAAC,OAAe,EAAE,SAAsB;QACtD,0BAA0B;QAC1B,OAAO,IAAI,CAAC;IACd,CAAC;IAEM,KAAK,CAAC,OAAO,CAAC,GAAa,EAAE,MAAc,EAAE,QAAqB;QACvE,MAAM,UAAU,GAAoB,OAAO,CAAC,WAAW,CAAC,yCAAyB,EAAE,QAAQ,CAAC,CAAC;QAC7F,IAAI,UAAU,GAAG,UAAU,CAAC,UAAU,IAAI,EAAE,CAAC;QAE7C,wCAAwC;QACxC,IAAI,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE;YACxC,UAAU,GAAG,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,UAAU,IAAI,EAAE,CAAC;SACpE;QAED,IAAI,CAAC,UAAU,IAAI,CAAC,UAAU,CAAC,UAAU,EAAE;
|
|
1
|
+
{"version":3,"file":"RbacPolicy.js","sourceRoot":"","sources":["../../../src/policies/RbacPolicy.ts"],"names":[],"mappings":";;;AACA,wCAAqF;AACrF,oDAAgD;AAChD,oDAA6D;AAE7D,oCAAiC;AAGjC;;GAEG;AACH,MAAa,UAAW,SAAQ,iBAAU;IAGxC;QACE,KAAK,EAAE,CAAC;QAER,IAAI,CAAC,EAAE,GAAG,OAAE,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;IACpC,CAAC;IAEM,SAAS,CAAC,OAAe,EAAE,SAAsB;QACtD,0BAA0B;QAC1B,OAAO,IAAI,CAAC;IACd,CAAC;IAEM,KAAK,CAAC,OAAO,CAAC,GAAa,EAAE,MAAc,EAAE,QAAqB;QACvE,MAAM,UAAU,GAAoB,OAAO,CAAC,WAAW,CAAC,yCAAyB,EAAE,QAAQ,CAAC,CAAC;QAC7F,IAAI,UAAU,GAAG,UAAU,CAAC,UAAU,IAAI,EAAE,CAAC;QAE7C,wCAAwC;QACxC,IAAI,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE;YACxC,UAAU,GAAG,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,UAAU,IAAI,EAAE,CAAC;SACpE;QAED,IAAI,CAAC,UAAU,IAAI,CAAC,UAAU,CAAC,UAAU,IAAI,UAAU,CAAC,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE;YAC/E,MAAM,IAAI,sBAAS,CAAC,2CAA2C,CAAC,CAAC;SAClE;QAED,IAAI,CAAC,GAAG,CAAC,OAAO,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,YAAY,CAAC,EAAE;YACpF,MAAM,IAAI,sBAAS,CAAC,oCAAoC,CAAC,CAAC;SAC3D;QAED,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,oBAAoB,CAAC,GAAG,EAAE,UAAU,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,EAAE;YACpF,MAAM,IAAI,sBAAS,CAAC,WAAW,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,6BAA6B,UAAU,iBAAiB,UAAU,CAAC,QAAQ,EAAE,CAAC,CAAC;SACpI;IACH,CAAC;CACF;AAnCD,gCAmCC;AAED,SAAgB,mBAAmB,CAAC,IAAuB,EAAE,QAAgB,EAAE,UAAkB;IAC/F,MAAM,EAAE,GAAG,OAAE,CAAC,GAAG,CAAgB,eAAe,CAAC,CAAC;IAClD,OAAQ,EAAE,CAAC,GAAG,CAAC,IAAI,CAAS,CAAC,UAAU,CAAC,CAAC,QAAQ,CAAC,CAAC;AACrD,CAAC;AAHD,kDAGC;AAED,SAAgB,mBAAmB,CAAC,IAAU,EAAE,QAAgB,EAAE,UAAkB;IAClF,MAAM,EAAE,GAAG,OAAE,CAAC,GAAG,CAAgB,eAAe,CAAC,CAAC;IAElD,IAAI,CAAC,IAAI,EAAE;QACT,OAAO,IAAI,CAAC;KACb;IAED,OAAQ,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAS,CAAC,UAAU,CAAC,CAAC,QAAQ,CAAC,CAAC;AAC1D,CAAC;AARD,kDAQC;AAED,SAAgB,oBAAoB,CAAC,GAAa,EAAE,QAAgB,EAAE,UAAkB;IACtF,IAAI,CAAC,GAAG,CAAC,OAAO,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE;QACrC,OAAO,IAAI,CAAC;KACb;IAED,OAAO,mBAAmB,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAC;AACrE,CAAC;AAND,oDAMC"}
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
import { BaseController, Ok } from '@spinajs/http';
|
|
2
|
+
import { AccessControl } from '@spinajs/rbac';
|
|
3
|
+
export declare class GrantsController extends BaseController {
|
|
4
|
+
protected AC: AccessControl;
|
|
5
|
+
getGrants(): Ok;
|
|
6
|
+
}
|
|
7
|
+
//# sourceMappingURL=GrantsController.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"GrantsController.d.ts","sourceRoot":"","sources":["../../../src/controllers/GrantsController.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAiB,EAAE,EAAU,MAAM,eAAe,CAAC;AAC1E,OAAO,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAI9C,qBAEa,gBAAiB,SAAQ,cAAc;IAGhD,SAAS,CAAC,EAAE,EAAE,aAAa,CAAC;IAGrB,SAAS;CAInB"}
|
|
@@ -0,0 +1,34 @@
|
|
|
1
|
+
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
|
|
2
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
3
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
4
|
+
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
5
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
6
|
+
};
|
|
7
|
+
var __metadata = (this && this.__metadata) || function (k, v) {
|
|
8
|
+
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
9
|
+
};
|
|
10
|
+
import { BaseController, BasePath, Get, Ok, Policy } from '@spinajs/http';
|
|
11
|
+
import { AccessControl } from '@spinajs/rbac';
|
|
12
|
+
import { Autoinject } from '@spinajs/di';
|
|
13
|
+
import { LoggedPolicy } from '../policies/LoggedPolicy.js';
|
|
14
|
+
let GrantsController = class GrantsController extends BaseController {
|
|
15
|
+
getGrants() {
|
|
16
|
+
return new Ok(this.AC.getGrants());
|
|
17
|
+
}
|
|
18
|
+
};
|
|
19
|
+
__decorate([
|
|
20
|
+
Autoinject(AccessControl),
|
|
21
|
+
__metadata("design:type", AccessControl)
|
|
22
|
+
], GrantsController.prototype, "AC", void 0);
|
|
23
|
+
__decorate([
|
|
24
|
+
Get(),
|
|
25
|
+
__metadata("design:type", Function),
|
|
26
|
+
__metadata("design:paramtypes", []),
|
|
27
|
+
__metadata("design:returntype", void 0)
|
|
28
|
+
], GrantsController.prototype, "getGrants", null);
|
|
29
|
+
GrantsController = __decorate([
|
|
30
|
+
BasePath('grants'),
|
|
31
|
+
Policy(LoggedPolicy)
|
|
32
|
+
], GrantsController);
|
|
33
|
+
export { GrantsController };
|
|
34
|
+
//# sourceMappingURL=GrantsController.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"GrantsController.js","sourceRoot":"","sources":["../../../src/controllers/GrantsController.ts"],"names":[],"mappings":";;;;;;;;;AAAA,OAAO,EAAE,cAAc,EAAE,QAAQ,EAAE,GAAG,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,eAAe,CAAC;AAC1E,OAAO,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAC9C,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAIpD,IAAM,gBAAgB,GAAtB,MAAM,gBAAiB,SAAQ,cAAc;IAMzC,SAAS;QACZ,OAAO,IAAI,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,SAAS,EAAE,CAAC,CAAC;IACvC,CAAC;CAEJ,CAAA;AAPa;IADT,UAAU,CAAC,aAAa,CAAC;8BACZ,aAAa;4CAAC;AAGrB;IADN,GAAG,EAAE;;;;iDAGL;AARQ,gBAAgB;IAF5B,QAAQ,CAAC,QAAQ,CAAC;IAClB,MAAM,CAAC,YAAY,CAAC;GACR,gBAAgB,CAU5B"}
|
package/lib/mjs/decorators.d.ts
CHANGED
|
@@ -7,14 +7,14 @@ export declare function setRbacMetadata(target: any, callback: (meta: IRbacDescr
|
|
|
7
7
|
* @param resource - name of resource
|
|
8
8
|
* @param permission - default permission
|
|
9
9
|
*/
|
|
10
|
-
export declare function Resource(resource: string, permission?: PermissionType): any;
|
|
10
|
+
export declare function Resource(resource: string, permission?: PermissionType[]): any;
|
|
11
11
|
/**
|
|
12
12
|
*
|
|
13
13
|
* Assigns permission for controller route
|
|
14
14
|
*
|
|
15
15
|
* @param permission - permission to set
|
|
16
16
|
*/
|
|
17
|
-
export declare function Permission(permission?: PermissionType): any;
|
|
17
|
+
export declare function Permission(permission?: PermissionType[]): any;
|
|
18
18
|
/**
|
|
19
19
|
* Retrieves user from session if is logged in
|
|
20
20
|
*/
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"decorators.d.ts","sourceRoot":"","sources":["../../src/decorators.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAkC,cAAc,EAAE,MAAM,iBAAiB,CAAC;AAIlG,eAAO,MAAM,yBAAyB,eAA6C,CAAC;AAEpF,wBAAgB,eAAe,CAAC,MAAM,EAAE,GAAG,EAAE,QAAQ,EAAE,CAAC,IAAI,EAAE,eAAe,KAAK,IAAI,QAerF;AAqBD;;;;;GAKG;AACH,wBAAgB,QAAQ,CAAC,QAAQ,EAAE,MAAM,EAAE,UAAU,GAAE,
|
|
1
|
+
{"version":3,"file":"decorators.d.ts","sourceRoot":"","sources":["../../src/decorators.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAkC,cAAc,EAAE,MAAM,iBAAiB,CAAC;AAIlG,eAAO,MAAM,yBAAyB,eAA6C,CAAC;AAEpF,wBAAgB,eAAe,CAAC,MAAM,EAAE,GAAG,EAAE,QAAQ,EAAE,CAAC,IAAI,EAAE,eAAe,KAAK,IAAI,QAerF;AAqBD;;;;;GAKG;AACH,wBAAgB,QAAQ,CAAC,QAAQ,EAAE,MAAM,EAAE,UAAU,GAAE,cAAc,EAAgB,OAOpF;AAED;;;;;GAKG;AACH,wBAAgB,UAAU,CAAC,UAAU,GAAE,cAAc,EAAgB,OAapE;AAED;;GAEG;AACH,wBAAgB,IAAI,0GAEnB;AAED;;GAEG;AACH,wBAAgB,WAAW,0GAE1B;AAED,wBAAgB,OAAO,0GAEtB"}
|
package/lib/mjs/decorators.js
CHANGED
|
@@ -7,7 +7,7 @@ export function setRbacMetadata(target, callback) {
|
|
|
7
7
|
metadata = {
|
|
8
8
|
Resource: '',
|
|
9
9
|
Routes: new Map(),
|
|
10
|
-
Permission: 'readOwn',
|
|
10
|
+
Permission: ['readOwn'],
|
|
11
11
|
};
|
|
12
12
|
Reflect.defineMetadata(ACL_CONTROLLER_DESCRIPTOR, metadata, target.prototype || target);
|
|
13
13
|
}
|
|
@@ -22,7 +22,7 @@ function descriptor(callback) {
|
|
|
22
22
|
metadata = {
|
|
23
23
|
Resource: '',
|
|
24
24
|
Routes: new Map(),
|
|
25
|
-
Permission: 'readOwn',
|
|
25
|
+
Permission: ['readOwn'],
|
|
26
26
|
};
|
|
27
27
|
Reflect.defineMetadata(ACL_CONTROLLER_DESCRIPTOR, metadata, target.prototype || target);
|
|
28
28
|
}
|
|
@@ -37,7 +37,7 @@ function descriptor(callback) {
|
|
|
37
37
|
* @param resource - name of resource
|
|
38
38
|
* @param permission - default permission
|
|
39
39
|
*/
|
|
40
|
-
export function Resource(resource, permission = 'readOwn') {
|
|
40
|
+
export function Resource(resource, permission = ['readOwn']) {
|
|
41
41
|
return descriptor((metadata, target) => {
|
|
42
42
|
Policy(RbacPolicy)(target, null, null);
|
|
43
43
|
metadata.Resource = resource;
|
|
@@ -50,7 +50,7 @@ export function Resource(resource, permission = 'readOwn') {
|
|
|
50
50
|
*
|
|
51
51
|
* @param permission - permission to set
|
|
52
52
|
*/
|
|
53
|
-
export function Permission(permission = 'readOwn') {
|
|
53
|
+
export function Permission(permission = ['readOwn']) {
|
|
54
54
|
return descriptor((metadata, target, propertyKey) => {
|
|
55
55
|
if (propertyKey) {
|
|
56
56
|
if (!metadata.Routes.has(propertyKey)) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"decorators.js","sourceRoot":"","sources":["../../src/decorators.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,eAAe,CAAC;AACzD,OAAO,EAAE,UAAU,EAAE,MAAM,0BAA0B,CAAC;AAEtD,MAAM,CAAC,MAAM,yBAAyB,GAAG,MAAM,CAAC,kCAAkC,CAAC,CAAC;AAEpF,MAAM,UAAU,eAAe,CAAC,MAAW,EAAE,QAAyC;IACpF,IAAI,QAAQ,GAAoB,OAAO,CAAC,WAAW,CAAC,yBAAyB,EAAE,MAAM,CAAC,SAAS,IAAI,MAAM,CAAC,CAAC;IAC3G,IAAI,CAAC,QAAQ,EAAE;QACb,QAAQ,GAAG;YACT,QAAQ,EAAE,EAAE;YACZ,MAAM,EAAE,IAAI,GAAG,EAA0C;YACzD,UAAU,EAAE,SAAS;
|
|
1
|
+
{"version":3,"file":"decorators.js","sourceRoot":"","sources":["../../src/decorators.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,eAAe,CAAC;AACzD,OAAO,EAAE,UAAU,EAAE,MAAM,0BAA0B,CAAC;AAEtD,MAAM,CAAC,MAAM,yBAAyB,GAAG,MAAM,CAAC,kCAAkC,CAAC,CAAC;AAEpF,MAAM,UAAU,eAAe,CAAC,MAAW,EAAE,QAAyC;IACpF,IAAI,QAAQ,GAAoB,OAAO,CAAC,WAAW,CAAC,yBAAyB,EAAE,MAAM,CAAC,SAAS,IAAI,MAAM,CAAC,CAAC;IAC3G,IAAI,CAAC,QAAQ,EAAE;QACb,QAAQ,GAAG;YACT,QAAQ,EAAE,EAAE;YACZ,MAAM,EAAE,IAAI,GAAG,EAA0C;YACzD,UAAU,EAAE,CAAC,SAAS,CAAC;SACxB,CAAC;QAEF,OAAO,CAAC,cAAc,CAAC,yBAAyB,EAAE,QAAQ,EAAE,MAAM,CAAC,SAAS,IAAI,MAAM,CAAC,CAAC;KACzF;IAED,IAAI,QAAQ,EAAE;QACZ,QAAQ,CAAC,QAAQ,CAAC,CAAC;KACpB;AACH,CAAC;AAED,SAAS,UAAU,CAAC,QAA0I;IAC5J,OAAO,CAAC,MAAW,EAAE,WAA4B,EAAE,iBAA8C,EAAE,EAAE;QACnG,IAAI,QAAQ,GAAoB,OAAO,CAAC,WAAW,CAAC,yBAAyB,EAAE,MAAM,CAAC,SAAS,IAAI,MAAM,CAAC,CAAC;QAC3G,IAAI,CAAC,QAAQ,EAAE;YACb,QAAQ,GAAG;gBACT,QAAQ,EAAE,EAAE;gBACZ,MAAM,EAAE,IAAI,GAAG,EAA0C;gBACzD,UAAU,EAAE,CAAC,SAAS,CAAC;aACxB,CAAC;YAEF,OAAO,CAAC,cAAc,CAAC,yBAAyB,EAAE,QAAQ,EAAE,MAAM,CAAC,SAAS,IAAI,MAAM,CAAC,CAAC;SACzF;QAED,IAAI,QAAQ,EAAE;YACZ,QAAQ,CAAC,QAAQ,EAAE,MAAM,EAAE,WAAW,EAAE,iBAAiB,CAAC,CAAC;SAC5D;IACH,CAAC,CAAC;AACJ,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,QAAQ,CAAC,QAAgB,EAAE,aAA+B,CAAC,SAAS,CAAC;IACnF,OAAO,UAAU,CAAC,CAAC,QAAyB,EAAE,MAAW,EAAE,EAAE;QAC3D,MAAM,CAAC,UAAU,CAAC,CAAC,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;QAEvC,QAAQ,CAAC,QAAQ,GAAG,QAAQ,CAAC;QAC7B,QAAQ,CAAC,UAAU,GAAG,UAAU,CAAC;IACnC,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,UAAU,CAAC,aAA+B,CAAC,SAAS,CAAC;IACnE,OAAO,UAAU,CAAC,CAAC,QAAyB,EAAE,MAAW,EAAE,WAAmB,EAAE,EAAE;QAChF,IAAI,WAAW,EAAE;YACf,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE;gBACrC,MAAM,KAAK,GAAG;oBACZ,UAAU,EAAE,UAAU;iBACvB,CAAC;gBACF,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC;aACzC;SACF;QAED,MAAM,CAAC,UAAU,CAAC,CAAC,MAAM,EAAE,WAAW,EAAE,IAAI,CAAC,CAAC;IAChD,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,IAAI;IAClB,OAAO,KAAK,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC,CAAC;AACrC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,WAAW;IACzB,OAAO,KAAK,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC,CAAC;AACxC,CAAC;AAED,MAAM,UAAU,OAAO;IACrB,OAAO,KAAK,CAAC,SAAS,CAAC,mBAAmB,CAAC,CAAC,CAAC;AAC/C,CAAC"}
|
package/lib/mjs/index.d.ts
CHANGED
|
@@ -9,4 +9,5 @@ export * from "./policies/BlockGuest.js";
|
|
|
9
9
|
export * from "./policies/LoggedPolicy.js";
|
|
10
10
|
export * from "./policies/NotLoggedPolicy.js";
|
|
11
11
|
export * from "./policies/RbacPolicy.js";
|
|
12
|
+
export * from "./controllers/GrantsController.js";
|
|
12
13
|
//# sourceMappingURL=index.d.ts.map
|
package/lib/mjs/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,iBAAiB,CAAC;AAChC,cAAc,iBAAiB,CAAC;AAChC,cAAc,kBAAkB,CAAC;AACjC,cAAc,0BAA0B,CAAC;AACzC,cAAc,mBAAmB,CAAC;AAClC,cAAc,iBAAiB,CAAC;AAEhC,cAAc,0BAA0B,CAAC;AACzC,cAAc,0BAA0B,CAAC;AACzC,cAAc,4BAA4B,CAAC;AAC3C,cAAc,+BAA+B,CAAC;AAC9C,cAAc,0BAA0B,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,iBAAiB,CAAC;AAChC,cAAc,iBAAiB,CAAC;AAChC,cAAc,kBAAkB,CAAC;AACjC,cAAc,0BAA0B,CAAC;AACzC,cAAc,mBAAmB,CAAC;AAClC,cAAc,iBAAiB,CAAC;AAEhC,cAAc,0BAA0B,CAAC;AACzC,cAAc,0BAA0B,CAAC;AACzC,cAAc,4BAA4B,CAAC;AAC3C,cAAc,+BAA+B,CAAC;AAC9C,cAAc,0BAA0B,CAAC;AAEzC,cAAc,mCAAmC,CAAC"}
|
package/lib/mjs/index.js
CHANGED
|
@@ -9,4 +9,5 @@ export * from "./policies/BlockGuest.js";
|
|
|
9
9
|
export * from "./policies/LoggedPolicy.js";
|
|
10
10
|
export * from "./policies/NotLoggedPolicy.js";
|
|
11
11
|
export * from "./policies/RbacPolicy.js";
|
|
12
|
+
export * from "./controllers/GrantsController.js";
|
|
12
13
|
//# sourceMappingURL=index.js.map
|
package/lib/mjs/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,iBAAiB,CAAC;AAChC,cAAc,iBAAiB,CAAC;AAChC,cAAc,kBAAkB,CAAC;AACjC,cAAc,0BAA0B,CAAC;AACzC,cAAc,mBAAmB,CAAC;AAClC,cAAc,iBAAiB,CAAC;AAEhC,cAAc,0BAA0B,CAAC;AACzC,cAAc,0BAA0B,CAAC;AACzC,cAAc,4BAA4B,CAAC;AAC3C,cAAc,+BAA+B,CAAC;AAC9C,cAAc,0BAA0B,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,iBAAiB,CAAC;AAChC,cAAc,iBAAiB,CAAC;AAChC,cAAc,kBAAkB,CAAC;AACjC,cAAc,0BAA0B,CAAC;AACzC,cAAc,mBAAmB,CAAC;AAClC,cAAc,iBAAiB,CAAC;AAEhC,cAAc,0BAA0B,CAAC;AACzC,cAAc,0BAA0B,CAAC;AACzC,cAAc,4BAA4B,CAAC;AAC3C,cAAc,+BAA+B,CAAC;AAC9C,cAAc,0BAA0B,CAAC;AAEzC,cAAc,mCAAmC,CAAC"}
|
package/lib/mjs/interfaces.d.ts
CHANGED
|
@@ -16,7 +16,7 @@ export interface IRbacDescriptor {
|
|
|
16
16
|
*
|
|
17
17
|
* '*' means that to acces resource we only need role with assigned resource
|
|
18
18
|
*/
|
|
19
|
-
Permission: PermissionType;
|
|
19
|
+
Permission: PermissionType[];
|
|
20
20
|
/**
|
|
21
21
|
* Per routes permissions
|
|
22
22
|
*/
|
|
@@ -26,7 +26,7 @@ export interface IRbacRoutePermissionDescriptor {
|
|
|
26
26
|
/**
|
|
27
27
|
* controller route permission. It overrides acl descriptor options
|
|
28
28
|
*/
|
|
29
|
-
Permission: PermissionType;
|
|
29
|
+
Permission: PermissionType[];
|
|
30
30
|
}
|
|
31
31
|
export declare abstract class TwoFactorAuthProvider {
|
|
32
32
|
/**
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"interfaces.d.ts","sourceRoot":"","sources":["../../src/interfaces.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AAE/C,MAAM,MAAM,cAAc,GAAG,SAAS,GAAG,SAAS,GAAG,WAAW,GAAG,WAAW,GAAG,WAAW,GAAG,WAAW,GAAG,WAAW,GAAG,WAAW,CAAC;AAEvI,OAAO,QAAQ,eAAe,CAAC;IAC7B,UAAU,0BAA0B;QAClC,IAAI,EAAE,IAAI,GAAG,IAAI,CAAC;QAClB,OAAO,EAAE,QAAQ,CAAC;KACnB;CACF;AAED,MAAM,WAAW,eAAe;IAC9B;;OAEG;IACH,QAAQ,EAAE,MAAM,CAAC;IAEjB;;;;OAIG;IACH,UAAU,EAAE,cAAc,CAAC;
|
|
1
|
+
{"version":3,"file":"interfaces.d.ts","sourceRoot":"","sources":["../../src/interfaces.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AAE/C,MAAM,MAAM,cAAc,GAAG,SAAS,GAAG,SAAS,GAAG,WAAW,GAAG,WAAW,GAAG,WAAW,GAAG,WAAW,GAAG,WAAW,GAAG,WAAW,CAAC;AAEvI,OAAO,QAAQ,eAAe,CAAC;IAC7B,UAAU,0BAA0B;QAClC,IAAI,EAAE,IAAI,GAAG,IAAI,CAAC;QAClB,OAAO,EAAE,QAAQ,CAAC;KACnB;CACF;AAED,MAAM,WAAW,eAAe;IAC9B;;OAEG;IACH,QAAQ,EAAE,MAAM,CAAC;IAEjB;;;;OAIG;IACH,UAAU,EAAE,cAAc,EAAE,CAAC;IAE7B;;OAEG;IACH,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE,8BAA8B,CAAC,CAAC;CACrD;AAED,MAAM,WAAW,8BAA8B;IAC7C;;OAEG;IACH,UAAU,EAAE,cAAc,EAAE,CAAC;CAC9B;AAED,8BAAsB,qBAAqB;IACzC;;OAEG;aACa,UAAU,CAAC,IAAI,EAAE,IAAI,GAAG,OAAO,CAAC,GAAG,GAAG,IAAI,CAAC;IAE3D;;OAEG;aACa,OAAO,CAAC,IAAI,EAAE,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;IAElD;;OAEG;aACa,WAAW,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,GAAG,OAAO,CAAC,OAAO,CAAC;IAExE;;OAEG;aACa,SAAS,CAAC,IAAI,EAAE,IAAI,GAAG,OAAO,CAAC,OAAO,CAAC;IAEvD;;;;OAIG;aACa,aAAa,CAAC,IAAI,EAAE,IAAI,GAAG,OAAO,CAAC,OAAO,CAAC;CAC5D;AAED,8BAAsB,mBAAmB;CAAG;AAE5C,MAAM,WAAW,mBAAmB;IAClC,OAAO,EAAE,OAAO,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,iBAAiB;IAChC,OAAO,EAAE,OAAO,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;CACjB"}
|
|
@@ -16,18 +16,18 @@ export class RbacPolicy extends BasePolicy {
|
|
|
16
16
|
}
|
|
17
17
|
async execute(req, action, instance) {
|
|
18
18
|
const descriptor = Reflect.getMetadata(ACL_CONTROLLER_DESCRIPTOR, instance);
|
|
19
|
-
let permission = descriptor.Permission ??
|
|
19
|
+
let permission = descriptor.Permission ?? [];
|
|
20
20
|
// check if route has its own permission
|
|
21
21
|
if (descriptor.Routes.has(action.Method)) {
|
|
22
|
-
permission = descriptor.Routes.get(action.Method).Permission ??
|
|
22
|
+
permission = descriptor.Routes.get(action.Method).Permission ?? [];
|
|
23
23
|
}
|
|
24
|
-
if (!descriptor || !descriptor.Permission) {
|
|
24
|
+
if (!descriptor || !descriptor.Permission || descriptor.Permission.length === 0) {
|
|
25
25
|
throw new Forbidden(`no route permission or resources assigned`);
|
|
26
26
|
}
|
|
27
27
|
if (!req.storage || !req.storage.User || !req.storage.Session.Data.get('Authorized')) {
|
|
28
28
|
throw new Forbidden('user not logged or session expired');
|
|
29
29
|
}
|
|
30
|
-
if (!checkRoutePermission(req, descriptor.Resource,
|
|
30
|
+
if (!permission.some(p => checkRoutePermission(req, descriptor.Resource, p).granted)) {
|
|
31
31
|
throw new Forbidden(`role(s) ${req.storage.User.Role} does not have permission ${permission} for resource ${descriptor.Resource}`);
|
|
32
32
|
}
|
|
33
33
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"RbacPolicy.js","sourceRoot":"","sources":["../../../src/policies/RbacPolicy.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,UAAU,EAA4C,MAAM,eAAe,CAAC;AACrF,OAAO,EAAE,SAAS,EAAE,MAAM,qBAAqB,CAAC;AAChD,OAAO,EAAE,yBAAyB,EAAE,MAAM,kBAAkB,CAAC;AAE7D,OAAO,EAAE,EAAE,EAAE,MAAM,aAAa,CAAC;AAGjC;;GAEG;AACH,MAAM,OAAO,UAAW,SAAQ,UAAU;IAGxC;QACE,KAAK,EAAE,CAAC;QAER,IAAI,CAAC,EAAE,GAAG,EAAE,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;IACpC,CAAC;IAEM,SAAS,CAAC,OAAe,EAAE,SAAsB;QACtD,0BAA0B;QAC1B,OAAO,IAAI,CAAC;IACd,CAAC;IAEM,KAAK,CAAC,OAAO,CAAC,GAAa,EAAE,MAAc,EAAE,QAAqB;QACvE,MAAM,UAAU,GAAoB,OAAO,CAAC,WAAW,CAAC,yBAAyB,EAAE,QAAQ,CAAC,CAAC;QAC7F,IAAI,UAAU,GAAG,UAAU,CAAC,UAAU,IAAI,EAAE,CAAC;QAE7C,wCAAwC;QACxC,IAAI,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE;YACxC,UAAU,GAAG,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,UAAU,IAAI,EAAE,CAAC;SACpE;QAED,IAAI,CAAC,UAAU,IAAI,CAAC,UAAU,CAAC,UAAU,EAAE;
|
|
1
|
+
{"version":3,"file":"RbacPolicy.js","sourceRoot":"","sources":["../../../src/policies/RbacPolicy.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,UAAU,EAA4C,MAAM,eAAe,CAAC;AACrF,OAAO,EAAE,SAAS,EAAE,MAAM,qBAAqB,CAAC;AAChD,OAAO,EAAE,yBAAyB,EAAE,MAAM,kBAAkB,CAAC;AAE7D,OAAO,EAAE,EAAE,EAAE,MAAM,aAAa,CAAC;AAGjC;;GAEG;AACH,MAAM,OAAO,UAAW,SAAQ,UAAU;IAGxC;QACE,KAAK,EAAE,CAAC;QAER,IAAI,CAAC,EAAE,GAAG,EAAE,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;IACpC,CAAC;IAEM,SAAS,CAAC,OAAe,EAAE,SAAsB;QACtD,0BAA0B;QAC1B,OAAO,IAAI,CAAC;IACd,CAAC;IAEM,KAAK,CAAC,OAAO,CAAC,GAAa,EAAE,MAAc,EAAE,QAAqB;QACvE,MAAM,UAAU,GAAoB,OAAO,CAAC,WAAW,CAAC,yBAAyB,EAAE,QAAQ,CAAC,CAAC;QAC7F,IAAI,UAAU,GAAG,UAAU,CAAC,UAAU,IAAI,EAAE,CAAC;QAE7C,wCAAwC;QACxC,IAAI,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE;YACxC,UAAU,GAAG,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,UAAU,IAAI,EAAE,CAAC;SACpE;QAED,IAAI,CAAC,UAAU,IAAI,CAAC,UAAU,CAAC,UAAU,IAAI,UAAU,CAAC,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE;YAC/E,MAAM,IAAI,SAAS,CAAC,2CAA2C,CAAC,CAAC;SAClE;QAED,IAAI,CAAC,GAAG,CAAC,OAAO,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,YAAY,CAAC,EAAE;YACpF,MAAM,IAAI,SAAS,CAAC,oCAAoC,CAAC,CAAC;SAC3D;QAED,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,oBAAoB,CAAC,GAAG,EAAE,UAAU,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,EAAE;YACpF,MAAM,IAAI,SAAS,CAAC,WAAW,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,6BAA6B,UAAU,iBAAiB,UAAU,CAAC,QAAQ,EAAE,CAAC,CAAC;SACpI;IACH,CAAC;CACF;AAED,MAAM,UAAU,mBAAmB,CAAC,IAAuB,EAAE,QAAgB,EAAE,UAAkB;IAC/F,MAAM,EAAE,GAAG,EAAE,CAAC,GAAG,CAAgB,eAAe,CAAC,CAAC;IAClD,OAAQ,EAAE,CAAC,GAAG,CAAC,IAAI,CAAS,CAAC,UAAU,CAAC,CAAC,QAAQ,CAAC,CAAC;AACrD,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,IAAU,EAAE,QAAgB,EAAE,UAAkB;IAClF,MAAM,EAAE,GAAG,EAAE,CAAC,GAAG,CAAgB,eAAe,CAAC,CAAC;IAElD,IAAI,CAAC,IAAI,EAAE;QACT,OAAO,IAAI,CAAC;KACb;IAED,OAAQ,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAS,CAAC,UAAU,CAAC,CAAC,QAAQ,CAAC,CAAC;AAC1D,CAAC;AAED,MAAM,UAAU,oBAAoB,CAAC,GAAa,EAAE,QAAgB,EAAE,UAAkB;IACtF,IAAI,CAAC,GAAG,CAAC,OAAO,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE;QACrC,OAAO,IAAI,CAAC;KACb;IAED,OAAO,mBAAmB,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAC;AACrE,CAAC"}
|