@via-profit/ability 1.0.3 → 1.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/AbilityPolicy.d.ts +1 -0
- package/dist/AbilityRule.d.ts +4 -0
- package/dist/index.js +28 -0
- package/package.json +1 -1
- package/dist/AbilityStatement.d.ts +0 -98
package/dist/AbilityPolicy.d.ts
CHANGED
|
@@ -73,6 +73,7 @@ export declare class AbilityPolicy<Subject = unknown, Resource = unknown, Enviro
|
|
|
73
73
|
* Parse the config JSON format to Policy class instance
|
|
74
74
|
*/
|
|
75
75
|
static parse<Subject = unknown, Resource = unknown, Environment = unknown>(configOrJson: AbilityPolicyConfig | string): AbilityPolicy<Subject, Resource, Environment>;
|
|
76
|
+
static export(policy: AbilityPolicy): AbilityPolicyConfig;
|
|
76
77
|
static validatePolicy(policy: AbilityPolicy): void | never;
|
|
77
78
|
}
|
|
78
79
|
export default AbilityPolicy;
|
package/dist/AbilityRule.d.ts
CHANGED
|
@@ -104,5 +104,9 @@ export declare class AbilityRule<Subject = unknown, Resource = unknown, Environm
|
|
|
104
104
|
* of config and returns the AbilityRule class instance
|
|
105
105
|
*/
|
|
106
106
|
static parse<Subject = unknown, Resource = unknown, Environment = unknown>(configOrJson: AbilityRuleConfig | string): AbilityRule<Subject, Resource, Environment>;
|
|
107
|
+
/**
|
|
108
|
+
* Export the rule to config object
|
|
109
|
+
*/
|
|
110
|
+
static export(rule: AbilityRule): AbilityRuleConfig;
|
|
107
111
|
}
|
|
108
112
|
export default AbilityRule;
|
package/dist/index.js
CHANGED
|
@@ -150,6 +150,12 @@ class AbilityPolicy {
|
|
|
150
150
|
: configOrJson;
|
|
151
151
|
// Create the empty policy
|
|
152
152
|
const policy = new AbilityPolicy(name, id, description);
|
|
153
|
+
if (policiesCompareMethod) {
|
|
154
|
+
policy.policiesCompareMethod = policiesCompareMethod;
|
|
155
|
+
}
|
|
156
|
+
if (rulesCompareMethod) {
|
|
157
|
+
policy.rulesCompareMethod = rulesCompareMethod;
|
|
158
|
+
}
|
|
153
159
|
if (description) {
|
|
154
160
|
policy.setDescription(description);
|
|
155
161
|
}
|
|
@@ -165,6 +171,17 @@ class AbilityPolicy {
|
|
|
165
171
|
}
|
|
166
172
|
return policy;
|
|
167
173
|
}
|
|
174
|
+
static export(policy) {
|
|
175
|
+
const config = {
|
|
176
|
+
id: policy.id.toString(),
|
|
177
|
+
name: policy.name.toString(),
|
|
178
|
+
rulesCompareMethod: policy.rulesCompareMethod,
|
|
179
|
+
policiesCompareMethod: policy.policiesCompareMethod,
|
|
180
|
+
policies: policy.policies ? policy.policies.map(p => AbilityPolicy.export(p)) : undefined,
|
|
181
|
+
rules: policy.rules ? policy.rules.map(rule => AbilityRule_1.default.export(rule)) : undefined,
|
|
182
|
+
};
|
|
183
|
+
return config;
|
|
184
|
+
}
|
|
168
185
|
static validatePolicy(policy) {
|
|
169
186
|
if (policy.policies.length > 0 && policy.rules.length > 0) {
|
|
170
187
|
throw new Error("The policy can't have a policies and rules at the same time");
|
|
@@ -384,6 +401,17 @@ class AbilityRule {
|
|
|
384
401
|
: configOrJson;
|
|
385
402
|
return new AbilityRule(matches, effect, name);
|
|
386
403
|
}
|
|
404
|
+
/**
|
|
405
|
+
* Export the rule to config object
|
|
406
|
+
*/
|
|
407
|
+
static export(rule) {
|
|
408
|
+
const config = {
|
|
409
|
+
name: rule.name,
|
|
410
|
+
effect: rule.effect,
|
|
411
|
+
matches: rule.matches,
|
|
412
|
+
};
|
|
413
|
+
return config;
|
|
414
|
+
}
|
|
387
415
|
}
|
|
388
416
|
exports.AbilityRule = AbilityRule;
|
|
389
417
|
exports["default"] = AbilityRule;
|
package/package.json
CHANGED
|
@@ -1,98 +0,0 @@
|
|
|
1
|
-
export type AbilityStatementStatus = 'permit' | 'deny';
|
|
2
|
-
type SubjectPrefix = 'subject.' | 'environment.';
|
|
3
|
-
export type AbilityStatementMatches = [
|
|
4
|
-
`${SubjectPrefix}${string}`,
|
|
5
|
-
AbilityCondition,
|
|
6
|
-
string | number | boolean
|
|
7
|
-
];
|
|
8
|
-
export type AbilityCondition = '=' | '<>' | '>' | '<' | '<=' | '>=' | 'in';
|
|
9
|
-
declare class AbilityStatement {
|
|
10
|
-
matches: AbilityStatementMatches;
|
|
11
|
-
name: string;
|
|
12
|
-
effect: AbilityStatementStatus;
|
|
13
|
-
/**
|
|
14
|
-
* Create the statement to compare
|
|
15
|
-
*
|
|
16
|
-
* @param statementName {string} - The statement name
|
|
17
|
-
* @param effect {AbilityStatementStatus} - Return value
|
|
18
|
-
* @param matches {AbilityStatementMatches} - The matching rule he matching rule can be on of the format:
|
|
19
|
-
* \
|
|
20
|
-
* For example, be compared two's data\
|
|
21
|
-
* \
|
|
22
|
-
* _The subject_
|
|
23
|
-
* ```json
|
|
24
|
-
* {"userID": "1", "userDepartament": "NBC"}
|
|
25
|
-
* ```
|
|
26
|
-
* and _The resource_
|
|
27
|
-
* ```json
|
|
28
|
-
* {"departamentID": "154", "departamentName": "NBC"}
|
|
29
|
-
* ```
|
|
30
|
-
* \
|
|
31
|
-
* Now we can make the matching rule:
|
|
32
|
-
* ```json
|
|
33
|
-
* ["subject.userDepartament", "=", "resource.departamentName"]
|
|
34
|
-
* ```
|
|
35
|
-
*
|
|
36
|
-
* \
|
|
37
|
-
* **Example 2.**\
|
|
38
|
-
* In this case will be compared resource and string:
|
|
39
|
-
* \
|
|
40
|
-
* _The subject_
|
|
41
|
-
* ```json
|
|
42
|
-
* {"userID": "1", "userDepartament": "NBC"}
|
|
43
|
-
* ```
|
|
44
|
-
* and _The resource_ will be «undefined».\
|
|
45
|
-
* Now we can make the matching rule:
|
|
46
|
-
* ```json
|
|
47
|
-
* ["subject.userDepartament", "=", "NBC"]
|
|
48
|
-
* ```
|
|
49
|
-
* \
|
|
50
|
-
* **Example 3.**\
|
|
51
|
-
* In this case will be compared resource and array of string:\
|
|
52
|
-
* \
|
|
53
|
-
* _The subject_
|
|
54
|
-
* ```json
|
|
55
|
-
* {"userID": "1", "userDepartament": "NBC"}
|
|
56
|
-
* ```
|
|
57
|
-
* and _The resource_
|
|
58
|
-
* ```json
|
|
59
|
-
* ["FOX", "NBC", "AONE"]
|
|
60
|
-
* ```
|
|
61
|
-
* \
|
|
62
|
-
* Now we can make the matching rule:
|
|
63
|
-
* ```json
|
|
64
|
-
* ["subject.userDepartament", "=", "resource"]
|
|
65
|
-
* ```
|
|
66
|
-
* **Note: In this rule whe set the resource field as the «resource» string.\
|
|
67
|
-
* This means that we will compare the entire resource as a whole,\
|
|
68
|
-
* and not search for it by field name.**
|
|
69
|
-
* \
|
|
70
|
-
* **Example 4.**\
|
|
71
|
-
* In this case will be compared resource and array of string:\
|
|
72
|
-
* \
|
|
73
|
-
* _The subject_
|
|
74
|
-
* ```json
|
|
75
|
-
* {"user": {"account": {"roles": ["admin", "viewer"]}}}
|
|
76
|
-
* ```
|
|
77
|
-
* and _The resource_
|
|
78
|
-
* ```json
|
|
79
|
-
* undefined
|
|
80
|
-
* ```
|
|
81
|
-
* \
|
|
82
|
-
* Now we can make the matching rule:
|
|
83
|
-
* ```json
|
|
84
|
-
* ["subject.user.account.roles", "in", "admin"]
|
|
85
|
-
*/
|
|
86
|
-
constructor(statementName: string, matches: AbilityStatementMatches, effect?: AbilityStatementStatus);
|
|
87
|
-
getName(): string;
|
|
88
|
-
getEffect(): AbilityStatementStatus;
|
|
89
|
-
isPermit(...args: Parameters<AbilityStatement['check']>): boolean;
|
|
90
|
-
isDeny(...args: Parameters<AbilityStatement['check']>): boolean;
|
|
91
|
-
check(subject: unknown, resource?: unknown | undefined, environment?: unknown | undefined): AbilityStatementStatus;
|
|
92
|
-
extractValues(sub: unknown, res?: unknown | undefined, env?: unknown | undefined): [
|
|
93
|
-
string | number | boolean | (string | number)[] | null | undefined,
|
|
94
|
-
string | number | boolean | (string | number)[] | null | undefined
|
|
95
|
-
];
|
|
96
|
-
getDotNotationValue(resource: unknown, desc: string): unknown;
|
|
97
|
-
}
|
|
98
|
-
export default AbilityStatement;
|