@via-profit/ability 1.0.1

package/dist/AbilityStatement.d.ts

@@ -0,0 +1,98 @@
+export type AbilityStatementStatus = 'permit' | 'deny';
+type SubjectPrefix = 'subject.' | 'environment.';
+export type AbilityStatementMatches = [
+    `${SubjectPrefix}${string}`,
+    AbilityCondition,
+    string | number | boolean
+];
+export type AbilityCondition = '=' | '<>' | '>' | '<' | '<=' | '>=' | 'in';
+declare class AbilityStatement {
+    matches: AbilityStatementMatches;
+    name: string;
+    effect: AbilityStatementStatus;
+    /**
+     * Create the statement to compare
+     *
+     * @param statementName {string} - The statement name
+     * @param effect {AbilityStatementStatus} - Return value
+     * @param matches {AbilityStatementMatches} - The matching rule he matching rule can be on of the format:
+     * \
+     * For example, be compared two's data\
+     * \
+     * _The subject_
+     * ```json
+     * {"userID": "1", "userDepartament": "NBC"}
+     * ```
+     * and _The resource_
+     * ```json
+     * {"departamentID": "154", "departamentName": "NBC"}
+     * ```
+     * \
+     * Now we can make the matching rule:
+     * ```json
+     * ["subject.userDepartament", "=", "resource.departamentName"]
+     * ```
+     *
+     * \
+     * **Example 2.**\
+     * In this case will be compared resource and string:
+     * \
+     * _The subject_
+     * ```json
+     * {"userID": "1", "userDepartament": "NBC"}
+     * ```
+     * and _The resource_ will be «undefined».\
+     * Now we can make the matching rule:
+     * ```json
+     * ["subject.userDepartament", "=", "NBC"]
+     * ```
+     * \
+     * **Example 3.**\
+     * In this case will be compared resource and array of string:\
+     * \
+     * _The subject_
+     * ```json
+     * {"userID": "1", "userDepartament": "NBC"}
+     * ```
+     * and _The resource_
+     * ```json
+     * ["FOX", "NBC", "AONE"]
+     * ```
+     * \
+     * Now we can make the matching rule:
+     * ```json
+     * ["subject.userDepartament", "=", "resource"]
+     * ```
+     * **Note: In this rule whe set the resource field as the «resource» string.\
+     * This means that we will compare the entire resource as a whole,\
+     * and not search for it by field name.**
+     * \
+     * **Example 4.**\
+     * In this case will be compared resource and array of string:\
+     * \
+     * _The subject_
+     * ```json
+     * {"user": {"account": {"roles": ["admin", "viewer"]}}}
+     * ```
+     * and _The resource_
+     * ```json
+     * undefined
+     * ```
+     * \
+     * Now we can make the matching rule:
+     * ```json
+     * ["subject.user.account.roles", "in", "admin"]
+     */
+    constructor(statementName: string, matches: AbilityStatementMatches, effect?: AbilityStatementStatus);
+    getName(): string;
+    getEffect(): AbilityStatementStatus;
+    isPermit(...args: Parameters<AbilityStatement['check']>): boolean;
+    isDeny(...args: Parameters<AbilityStatement['check']>): boolean;
+    check(subject: unknown, resource?: unknown | undefined, environment?: unknown | undefined): AbilityStatementStatus;
+    extractValues(sub: unknown, res?: unknown | undefined, env?: unknown | undefined): [
+        string | number | boolean | (string | number)[] | null | undefined,
+        string | number | boolean | (string | number)[] | null | undefined
+    ];
+    getDotNotationValue(resource: unknown, desc: string): unknown;
+}
+export default AbilityStatement;

package/dist/index.d.ts

@@ -0,0 +1,5 @@
+import AbilityService from './AbilityService';
+export * from './AbilityPolicy';
+export * from './AbilityService';
+export * from './AbilityRule';
+export default AbilityService;

package/dist/index.js

@@ -0,0 +1,573 @@
+/******/ (() => { // webpackBootstrap
+/******/ 	"use strict";
+/******/ 	var __webpack_modules__ = ({
+
+/***/ 844:
+/***/ (function(__unused_webpack_module, exports, __webpack_require__) {
+
+
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", ({ value: true }));
+exports.AbilityPolicy = void 0;
+const AbilityRule_1 = __importDefault(__webpack_require__(476));
+class AbilityPolicy {
+    /**
+     * List of rules
+     */
+    rules = [];
+    /**
+     * Nested policies
+     */
+    policies = [];
+    /**
+     * Rules compare method.\
+     * For the «and» method the rule will be permitted if all\
+     * rules will be returns «permit» status and for the «or» - if\
+     * one of the rules returns as «permit»
+     */
+    rulesCompareMethod = 'and';
+    /**
+     * Policies compare method.\
+     * For the «and» method the policy will be permitted if all\
+     * policies will be returns «permit» status and for the «or» - if\
+     * one of the policies returns as «permit»
+     */
+    policiesCompareMethod = 'and';
+    /**
+     * Policy name
+     */
+    name;
+    /**
+     * Policy description
+     */
+    description = null;
+    /**
+     * Policy ID
+     */
+    id;
+    constructor(policyName, policyID, description) {
+        this.name = policyName || Symbol('name');
+        this.id = policyID || Symbol('id');
+        this.description = typeof description === 'string' ? description : null;
+    }
+    addRule(rule, compareMethod = 'and') {
+        this.rules.push(rule);
+        this.rulesCompareMethod = compareMethod;
+        return this;
+    }
+    addRules(rules, compareMethod = 'and') {
+        rules.forEach(rule => this.addRule(rule, compareMethod));
+        return this;
+    }
+    addPolicy(policy, compareMethod = 'and') {
+        this.policies.push(policy);
+        this.policiesCompareMethod = compareMethod;
+        return this;
+    }
+    addPolicies(policies, compareMethod = 'and') {
+        policies.forEach(policy => this.addPolicy(policy, compareMethod));
+        return this;
+    }
+    getName() {
+        return this.name;
+    }
+    getID() {
+        return this.id;
+    }
+    getPolicies() {
+        return this.policies;
+    }
+    getRules() {
+        return this.rules;
+    }
+    setDescription(description) {
+        this.description = description;
+        return this;
+    }
+    enforce(subject, resource, environment) {
+        const { permission, deniedPolicies } = this.check(subject, resource, environment);
+        if (permission === 'deny') {
+            throw new Error(`Permission denied. ${deniedPolicies[0].getName().toString()}`);
+        }
+    }
+    isPermit(subject, resource, environment) {
+        const { permission } = this.check(subject, resource, environment);
+        return permission === 'permit';
+    }
+    isDeny(subject, resource, environment) {
+        const { permission } = this.check(subject, resource, environment);
+        return permission === 'deny';
+    }
+    check(subject, resource, environment) {
+        const deniedRules = [];
+        const deniedPolicies = [];
+        const ruleStatuses = [];
+        const policyStatuses = [];
+        AbilityPolicy.validatePolicy(this);
+        this.policies.forEach(policy => {
+            const policyResult = policy.check(subject, resource, environment);
+            policyStatuses.push(policyResult.permission);
+            if (policyResult.permission === 'deny') {
+                deniedPolicies.push(policy);
+            }
+            policyResult.deniedRules.forEach(rule => {
+                deniedRules.push(rule);
+            });
+        });
+        this.rules.forEach(rule => {
+            const permission = rule.check(subject, resource, environment);
+            ruleStatuses.push(permission);
+            if (permission === 'deny') {
+                deniedRules.push(rule);
+                deniedPolicies.push(this);
+            }
+        });
+        let res = 'deny';
+        if (policyStatuses.length) {
+            res = policyStatuses[this.policiesCompareMethod === 'and' ? 'every' : 'some'](status => status === 'permit')
+                ? 'permit'
+                : 'deny';
+        }
+        if (ruleStatuses.length) {
+            res = ruleStatuses[this.rulesCompareMethod === 'and' ? 'every' : 'some'](status => status === 'permit')
+                ? 'permit'
+                : 'deny';
+        }
+        return {
+            permission: res,
+            deniedRules,
+            deniedPolicies,
+        };
+    }
+    /**
+     * Parse the config JSON format to Policy class instance
+     */
+    static parse(configOrJson) {
+        const { id, name, description, rules, policies, rulesCompareMethod, policiesCompareMethod } = typeof configOrJson === 'string'
+            ? JSON.parse(configOrJson)
+            : configOrJson;
+        // Create the empty policy
+        const policy = new AbilityPolicy(name, id, description);
+        if (description) {
+            policy.setDescription(description);
+        }
+        // Adding rules if exists
+        if (rules && rules.length > 0) {
+            const abilityRules = rules.map(ruleConfig => AbilityRule_1.default.parse(ruleConfig));
+            policy.addRules(abilityRules, rulesCompareMethod);
+        }
+        // Adding policies if exixts
+        if (policies && policies.length > 0) {
+            const nestedPolicies = policies.map(nestedConfig => AbilityPolicy.parse(nestedConfig));
+            policy.addPolicies(nestedPolicies, policiesCompareMethod);
+        }
+        return policy;
+    }
+    static validatePolicy(policy) {
+        if (policy.policies.length > 0 && policy.rules.length > 0) {
+            throw new Error("The policy can't have a policies and rules at the same time");
+        }
+        if (policy.policies.length === 0 && policy.rules.length === 0) {
+            throw new Error('The policy must have a nested policies or rules');
+        }
+    }
+}
+exports.AbilityPolicy = AbilityPolicy;
+exports["default"] = AbilityPolicy;
+
+
+/***/ }),
+
+/***/ 476:
+/***/ ((__unused_webpack_module, exports) => {
+
+
+Object.defineProperty(exports, "__esModule", ({ value: true }));
+exports.AbilityRule = void 0;
+class AbilityRule {
+    matches;
+    name;
+    effect;
+    /**
+     * Create the rule to compare
+     *
+     * @param ruleName {string} - The rule name
+     * @param effect {AbilityRuleStatus} - Return value
+     * @param matches {AbilityRuleMatches} - The matching rule he matching rule can be on of the format:
+     * \
+     * For example, be compared two's data\
+     * \
+     * _The subject_
+     * ```json
+     * {"userID": "1", "userDepartament": "NBC"}
+     * ```
+     * and _The resource_
+     * ```json
+     * {"departamentID": "154", "departamentName": "NBC"}
+     * ```
+     * \
+     * Now we can make the matching rule:
+     * ```json
+     * ["subject.userDepartament", "=", "resource.departamentName"]
+     * ```
+     *
+     * \
+     * **Example 2.**\
+     * In this case will be compared resource and string:
+     * \
+     * _The subject_
+     * ```json
+     * {"userID": "1", "userDepartament": "NBC"}
+     * ```
+     * and _The resource_ will be «undefined».\
+     * Now we can make the matching rule:
+     * ```json
+     * ["subject.userDepartament", "=", "NBC"]
+     * ```
+     * \
+     * **Example 3.**\
+     * In this case will be compared resource and array of string:\
+     * \
+     * _The subject_
+     * ```json
+     * {"userID": "1", "userDepartament": "NBC"}
+     * ```
+     * and _The resource_
+     * ```json
+     * ["FOX", "NBC", "AONE"]
+     * ```
+     * \
+     * Now we can make the matching rule:
+     * ```json
+     * ["subject.userDepartament", "=", "resource"]
+     * ```
+     * **Note: In this rule whe set the resource field as the «resource» string.\
+     * This means that we will compare the entire resource as a whole,\
+     * and not search for it by field name.**
+     * \
+     * **Example 4.**\
+     * In this case will be compared resource and array of string:\
+     * \
+     * _The subject_
+     * ```json
+     * {"user": {"account": {"roles": ["admin", "viewer"]}}}
+     * ```
+     * and _The resource_
+     * ```json
+     * undefined
+     * ```
+     * \
+     * Now we can make the matching rule:
+     * ```json
+     * ["subject.user.account.roles", "in", "admin"]
+     */
+    constructor(matches, effect = 'permit', ruleName) {
+        this.name = ruleName || Symbol('name');
+        this.effect = effect;
+        this.matches = matches;
+    }
+    getName() {
+        return this.name;
+    }
+    getEffect() {
+        return this.effect;
+    }
+    isPermit(subject, resource, environment) {
+        return 'permit' === this.check(subject, resource, environment);
+    }
+    isDeny(subject, resource, environment) {
+        return 'deny' === this.check(subject, resource, environment);
+    }
+    check(subject, resource, environment) {
+        const [_subjectFieldName, condition, _resourceFieldName] = this.matches;
+        let is = false;
+        const [valueS, valueO] = this.extractValues(subject, resource, environment);
+        if (condition === '<') {
+            is = Number(valueS) < Number(valueO);
+        }
+        if (condition === '<=') {
+            is = Number(valueS) <= Number(valueO);
+        }
+        if (condition === '>') {
+            is = Number(valueS) > Number(valueO);
+        }
+        if (condition === '>=') {
+            is = Number(valueS) >= Number(valueO);
+        }
+        if (condition === '=') {
+            is = valueS === valueO;
+        }
+        if (condition === '<>') {
+            is = valueS !== valueO;
+        }
+        if (condition === 'in') {
+            // [<some>] and [<some>]
+            if (Array.isArray(valueS) && Array.isArray(valueO)) {
+                is = valueS.some(v => valueO.find(v1 => v1 === v));
+            }
+            // <some> and [<some>]
+            if ((typeof valueS === 'string' || typeof valueS === 'number') && Array.isArray(valueO)) {
+                is = valueO.includes(valueS);
+            }
+            // [<some>] and <some>
+            if ((typeof valueO === 'string' || typeof valueO === 'number') && Array.isArray(valueS)) {
+                is = valueS.includes(valueO);
+            }
+        }
+        return is ? this.effect : this.effect === 'permit' ? 'deny' : 'permit';
+    }
+    extractValues(sub, res, env) {
+        const [subjectFieldName, _condition, resourceFieldName] = this.matches;
+        const REGEXP = /^(subject|resource|environment)\./;
+        //  The subject field must be named at «subject.<field-name>»
+        if (!subjectFieldName.match(/^(subject|environment)\./)) {
+            throw new Error(`Matches error. The subject field must be named at «subject.<field-name>», but got ${subjectFieldName}`);
+        }
+        const sFieldName = subjectFieldName.replace(/^(subject|environment)\./, '');
+        const subject = typeof sub === 'undefined' || sub === null ? {} : sub;
+        const resource = typeof res === 'undefined' || res === null ? {} : res;
+        const sValue = subject
+            ? this.getDotNotationValue(subjectFieldName.match(/^subject\./)
+                ? subject
+                : subjectFieldName.match(/^environment\./)
+                    ? env
+                    : {}, sFieldName)
+            : subject;
+        // The resource field name can be «resource».
+        // In this case the resource be compare as is
+        if (resourceFieldName === 'resource') {
+            return [sValue, resource];
+        }
+        // Object field name - is a «resource.<field-name>»
+        if (resource && String(resourceFieldName).match(REGEXP)) {
+            const oFieldName = String(resourceFieldName).replace(REGEXP, '');
+            return [sValue, this.getDotNotationValue(resource, oFieldName)];
+        }
+        // The resource field abne can be «<some-value>» only
+        if (String(resourceFieldName).match(REGEXP) === null) {
+            return [sValue, resourceFieldName];
+        }
+        return [NaN, NaN];
+    }
+    getDotNotationValue(resource, desc) {
+        const arr = desc.split('.');
+        while (arr.length && resource) {
+            const comp = arr.shift() || '';
+            const match = new RegExp('(.+)\\[([0-9]*)\\]').exec(comp);
+            if (match !== null && match.length == 3) {
+                const arrayData = {
+                    arrName: match[1],
+                    arrIndex: match[2],
+                };
+                if (resource[arrayData.arrName] !== undefined) {
+                    resource = resource[arrayData.arrName][arrayData.arrIndex];
+                }
+                else {
+                    resource = undefined;
+                }
+            }
+            else {
+                resource = resource[comp];
+            }
+        }
+        return resource;
+    }
+    /**
+     * Parsing the rule config object or JSON string\
+     * of config and returns the AbilityRule class instance
+     */
+    static parse(configOrJson) {
+        const { name, effect, matches } = typeof configOrJson === 'string'
+            ? JSON.parse(configOrJson)
+            : configOrJson;
+        return new AbilityRule(matches, effect, name);
+    }
+}
+exports.AbilityRule = AbilityRule;
+exports["default"] = AbilityRule;
+
+
+/***/ }),
+
+/***/ 31:
+/***/ (function(__unused_webpack_module, exports, __webpack_require__) {
+
+
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", ({ value: true }));
+const AbilityRule_1 = __importDefault(__webpack_require__(476));
+const AbilityPolicy_1 = __importDefault(__webpack_require__(844));
+class AbilityService {
+    /**
+     * Create the rule to compare
+     *
+     * @param ruleName {string} - The rule name
+     * @param effect {AbilityRuleStatus} - Return value
+     * @param matches {AbilityRuleMatches} - The matching rule he matching rule can be on of the format:
+     * \
+     * For example, be compared two's data\
+     * \
+     * _The subject_
+     * ```json
+     * {"userID": "1", "userDepartament": "NBC"}
+     * ```
+     * and _The resource_
+     * ```json
+     * {"departamentID": "154", "departamentName": "NBC"}
+     * ```
+     * \
+     * Now we can make the matching rule:
+     * ```json
+     * ["subject.userDepartament", "=", "resource.departamentName"]
+     * ```
+     *
+     * \
+     * **Example 2.**\
+     * In this case will be compared resource and string:
+     * \
+     * _The subject_
+     * ```json
+     * {"userID": "1", "userDepartament": "NBC"}
+     * ```
+     * and _The resource_ will be «undefined».\
+     * Now we can make the matching rule:
+     * ```json
+     * ["subject.userDepartament", "=", "NBC"]
+     * ```
+     * \
+     * **Example 3.**\
+     * In this case will be compared resource and array of string:\
+     * \
+     * _The subject_
+     * ```json
+     * {"userID": "1", "userDepartament": "NBC"}
+     * ```
+     * and _The resource_
+     * ```json
+     * ["FOX", "NBC", "AONE"]
+     * ```
+     * \
+     * Now we can make the matching rule:
+     * ```json
+     * ["subject.userDepartament", "=", "resource"]
+     * ```
+     * **Note: In this rule whe set the resource field as the «resource» string.\
+     * This means that we will compare the entire resource as a whole,\
+     * and not search for it by field name.**
+     */
+    createRule(...args) {
+        return new AbilityRule_1.default(...args);
+    }
+    /**
+     * Create the Policy class instance
+     */
+    createPolicy(...args) {
+        return new AbilityPolicy_1.default(...args);
+    }
+    checkPolicies(policiesResult, compareMethod) {
+        const deniedRules = [];
+        const deniedPolicies = [];
+        const statuses = [];
+        policiesResult.forEach(policyResult => {
+            statuses.push(policyResult.permission);
+            if (policyResult.permission === 'deny') {
+                policyResult.deniedRules.forEach(rule => {
+                    deniedRules.push(rule);
+                });
+                policyResult.deniedRules.forEach(st => {
+                    deniedRules.push(st);
+                });
+            }
+        });
+        const permission = statuses[compareMethod === 'and' ? 'every' : 'some'](status => status === 'permit')
+            ? 'permit'
+            : 'deny';
+        return {
+            permission,
+            deniedRules,
+            deniedPolicies,
+        };
+    }
+    enforcePolicies(policiesResult, compareMethod) {
+        const { permission, deniedRules } = this.checkPolicies(policiesResult, compareMethod);
+        if (permission === 'deny') {
+            throw new Error(`Permission denied. ${deniedRules[0].getName().toString()}`);
+        }
+    }
+}
+exports["default"] = AbilityService;
+
+
+/***/ }),
+
+/***/ 156:
+/***/ (function(__unused_webpack_module, exports, __webpack_require__) {
+
+
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", ({ value: true }));
+const AbilityService_1 = __importDefault(__webpack_require__(31));
+__exportStar(__webpack_require__(844), exports);
+__exportStar(__webpack_require__(31), exports);
+__exportStar(__webpack_require__(476), exports);
+exports["default"] = AbilityService_1.default;
+
+
+/***/ })
+
+/******/ 	});
+/************************************************************************/
+/******/ 	// The module cache
+/******/ 	var __webpack_module_cache__ = {};
+/******/ 	
+/******/ 	// The require function
+/******/ 	function __webpack_require__(moduleId) {
+/******/ 		// Check if module is in cache
+/******/ 		var cachedModule = __webpack_module_cache__[moduleId];
+/******/ 		if (cachedModule !== undefined) {
+/******/ 			return cachedModule.exports;
+/******/ 		}
+/******/ 		// Create a new module (and put it into the cache)
+/******/ 		var module = __webpack_module_cache__[moduleId] = {
+/******/ 			// no module.id needed
+/******/ 			// no module.loaded needed
+/******/ 			exports: {}
+/******/ 		};
+/******/ 	
+/******/ 		// Execute the module function
+/******/ 		__webpack_modules__[moduleId].call(module.exports, module, module.exports, __webpack_require__);
+/******/ 	
+/******/ 		// Return the exports of the module
+/******/ 		return module.exports;
+/******/ 	}
+/******/ 	
+/************************************************************************/
+/******/ 	
+/******/ 	// startup
+/******/ 	// Load entry module and return exports
+/******/ 	// This entry module is referenced by other modules so it can't be inlined
+/******/ 	var __webpack_exports__ = __webpack_require__(156);
+/******/ 	module.exports = __webpack_exports__;
+/******/ 	
+/******/ })()
+;