rbac 5.0.3 → 6.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/HISTORY.md +21 -3
- package/LICENSE +21 -0
- package/README.md +36 -82
- package/dist/Base.js +15 -31
- package/dist/Base.js.map +1 -1
- package/dist/Memory.js +113 -190
- package/dist/Memory.js.map +1 -1
- package/dist/Permission.js +11 -36
- package/dist/Permission.js.map +1 -1
- package/dist/RBAC.js +238 -458
- package/dist/RBAC.js.map +1 -1
- package/dist/Role.js +26 -70
- package/dist/Role.js.map +1 -1
- package/dist/Storage.js +55 -119
- package/dist/Storage.js.map +1 -1
- package/dist/index.js +46 -27
- package/dist/index.js.map +1 -1
- package/package.json +15 -60
- package/.babelrc +0 -32
- package/.eslintignore +0 -7
- package/.eslintrc +0 -19
- package/.travis.yml +0 -16
- package/dist/RBAC.test.js +0 -360
- package/dist/RBAC.test.js.map +0 -1
- package/gulpfile.js +0 -10
- package/jsdocConfig.js +0 -20
package/dist/RBAC.js
CHANGED
|
@@ -1,33 +1,26 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
|
|
3
|
-
exports
|
|
3
|
+
Object.defineProperty(exports, "__esModule", {
|
|
4
|
+
value: true
|
|
5
|
+
});
|
|
4
6
|
exports.default = void 0;
|
|
5
|
-
|
|
6
|
-
var _isPlainObject = _interopRequireDefault(require("lodash/isPlainObject"));
|
|
7
|
-
|
|
8
7
|
var _Base = _interopRequireDefault(require("./Base"));
|
|
9
|
-
|
|
10
8
|
var _Role = _interopRequireDefault(require("./Role"));
|
|
11
|
-
|
|
12
9
|
var _Permission = _interopRequireDefault(require("./Permission"));
|
|
13
|
-
|
|
14
10
|
var _Storage = _interopRequireDefault(require("./Storage"));
|
|
15
|
-
|
|
16
11
|
var _Memory = _interopRequireDefault(require("./Memory"));
|
|
17
|
-
|
|
18
|
-
function
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
12
|
+
function _interopRequireDefault(e) { return e && e.__esModule ? e : { default: e }; }
|
|
13
|
+
function isPlainObject(value) {
|
|
14
|
+
if (typeof value !== 'object' || value === null) return false;
|
|
15
|
+
const proto = Object.getPrototypeOf(value);
|
|
16
|
+
return proto === Object.prototype || proto === null;
|
|
17
|
+
}
|
|
24
18
|
const DEFAULT_OPTIONS = {
|
|
25
19
|
permissions: {},
|
|
26
20
|
roles: [],
|
|
27
21
|
grant: {},
|
|
28
22
|
delimiter: '_'
|
|
29
23
|
};
|
|
30
|
-
|
|
31
24
|
class RBAC {
|
|
32
25
|
/**
|
|
33
26
|
* Convert Array of permissions to permission name
|
|
@@ -42,9 +35,9 @@ class RBAC {
|
|
|
42
35
|
if (!delimiter) {
|
|
43
36
|
throw new Error('Delimiter is not defined');
|
|
44
37
|
}
|
|
45
|
-
|
|
46
38
|
return permissions.map(permission => _Permission.default.createName(permission[0], permission[1], delimiter));
|
|
47
39
|
}
|
|
40
|
+
|
|
48
41
|
/**
|
|
49
42
|
* RBAC constructor
|
|
50
43
|
* @constructor RBAC
|
|
@@ -54,186 +47,132 @@ class RBAC {
|
|
|
54
47
|
* @param {Object} [options.permissions] List of permissions
|
|
55
48
|
* @param {Object} [options.grants] List of grants
|
|
56
49
|
*/
|
|
57
|
-
|
|
58
|
-
|
|
59
50
|
constructor(options) {
|
|
60
|
-
this.options =
|
|
51
|
+
this.options = {
|
|
52
|
+
...DEFAULT_OPTIONS,
|
|
53
|
+
...options
|
|
54
|
+
};
|
|
61
55
|
this.storage = this.options.storage || new _Memory.default();
|
|
62
56
|
this.storage.useRBAC(this);
|
|
63
57
|
}
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
permissions,
|
|
72
|
-
grants
|
|
73
|
-
} = _this.options;
|
|
74
|
-
return _this.create(roles, permissions, grants);
|
|
75
|
-
})();
|
|
58
|
+
async init() {
|
|
59
|
+
const {
|
|
60
|
+
roles,
|
|
61
|
+
permissions,
|
|
62
|
+
grants
|
|
63
|
+
} = this.options;
|
|
64
|
+
return this.create(roles, permissions, grants);
|
|
76
65
|
}
|
|
66
|
+
|
|
77
67
|
/**
|
|
78
68
|
* Get instance of Role or Permission by his name
|
|
79
69
|
* @method RBAC#get
|
|
80
70
|
* @param {String} name Name of item
|
|
81
71
|
*/
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
get(name) {
|
|
85
|
-
var _this2 = this;
|
|
86
|
-
|
|
87
|
-
return _asyncToGenerator(function* () {
|
|
88
|
-
return _this2.storage.get(name);
|
|
89
|
-
})();
|
|
72
|
+
async get(name) {
|
|
73
|
+
return this.storage.get(name);
|
|
90
74
|
}
|
|
75
|
+
|
|
91
76
|
/**
|
|
92
77
|
* Register role or permission to actual RBAC instance
|
|
93
78
|
* @method RBAC#add
|
|
94
79
|
* @param {Base} item Instance of Base
|
|
95
80
|
*/
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
|
|
102
|
-
|
|
103
|
-
|
|
104
|
-
}
|
|
105
|
-
|
|
106
|
-
if (item.rbac !== _this3) {
|
|
107
|
-
throw new Error('Item is associated to another RBAC instance');
|
|
108
|
-
}
|
|
109
|
-
|
|
110
|
-
return _this3.storage.add(item);
|
|
111
|
-
})();
|
|
81
|
+
async add(item) {
|
|
82
|
+
if (!item) {
|
|
83
|
+
throw new Error('Item is undefined');
|
|
84
|
+
}
|
|
85
|
+
if (item.rbac !== this) {
|
|
86
|
+
throw new Error('Item is associated to another RBAC instance');
|
|
87
|
+
}
|
|
88
|
+
return this.storage.add(item);
|
|
112
89
|
}
|
|
90
|
+
|
|
113
91
|
/**
|
|
114
92
|
* Remove role or permission from RBAC
|
|
115
93
|
* @method RBAC#remove
|
|
116
94
|
* @param {Base} item Instance of role or permission
|
|
117
95
|
*/
|
|
118
|
-
|
|
119
|
-
|
|
120
|
-
|
|
121
|
-
|
|
122
|
-
|
|
123
|
-
|
|
124
|
-
|
|
125
|
-
|
|
126
|
-
}
|
|
127
|
-
|
|
128
|
-
if (item.rbac !== _this4) {
|
|
129
|
-
throw new Error('Item is associated to another RBAC instance');
|
|
130
|
-
}
|
|
131
|
-
|
|
132
|
-
return _this4.storage.remove(item);
|
|
133
|
-
})();
|
|
96
|
+
async remove(item) {
|
|
97
|
+
if (!item) {
|
|
98
|
+
throw new Error('Item is undefined');
|
|
99
|
+
}
|
|
100
|
+
if (item.rbac !== this) {
|
|
101
|
+
throw new Error('Item is associated to another RBAC instance');
|
|
102
|
+
}
|
|
103
|
+
return this.storage.remove(item);
|
|
134
104
|
}
|
|
105
|
+
|
|
135
106
|
/**
|
|
136
107
|
* Remove role or permission from RBAC
|
|
137
108
|
* @method RBAC#removeByName
|
|
138
109
|
* @param {String} name Name of role or permission
|
|
139
110
|
*/
|
|
140
|
-
|
|
141
|
-
|
|
142
|
-
|
|
143
|
-
|
|
144
|
-
|
|
145
|
-
return
|
|
146
|
-
const item = yield _this5.get(name);
|
|
147
|
-
|
|
148
|
-
if (!item) {
|
|
149
|
-
return true;
|
|
150
|
-
}
|
|
151
|
-
|
|
152
|
-
return item.remove();
|
|
153
|
-
})();
|
|
111
|
+
async removeByName(name) {
|
|
112
|
+
const item = await this.get(name);
|
|
113
|
+
if (!item) {
|
|
114
|
+
return true;
|
|
115
|
+
}
|
|
116
|
+
return item.remove();
|
|
154
117
|
}
|
|
118
|
+
|
|
155
119
|
/**
|
|
156
120
|
* Grant permission or role to the role
|
|
157
121
|
* @method RBAC#grant
|
|
158
122
|
* @param {Role} role Instance of the role
|
|
159
123
|
* @param {Base} child Instance of the role or permission
|
|
160
124
|
*/
|
|
161
|
-
|
|
162
|
-
|
|
163
|
-
|
|
164
|
-
|
|
165
|
-
|
|
166
|
-
|
|
167
|
-
|
|
168
|
-
|
|
169
|
-
|
|
170
|
-
|
|
171
|
-
|
|
172
|
-
throw new Error('Item is associated to another RBAC instance');
|
|
173
|
-
}
|
|
174
|
-
|
|
175
|
-
if (!(role instanceof _Role.default)) {
|
|
176
|
-
throw new Error('Role is not instance of Role');
|
|
177
|
-
}
|
|
178
|
-
|
|
179
|
-
return _this6.storage.grant(role, child);
|
|
180
|
-
})();
|
|
125
|
+
async grant(role, child) {
|
|
126
|
+
if (!role || !child) {
|
|
127
|
+
throw new Error('One of item is undefined');
|
|
128
|
+
}
|
|
129
|
+
if (role.rbac !== this || child.rbac !== this) {
|
|
130
|
+
throw new Error('Item is associated to another RBAC instance');
|
|
131
|
+
}
|
|
132
|
+
if (!(role instanceof _Role.default)) {
|
|
133
|
+
throw new Error('Role is not instance of Role');
|
|
134
|
+
}
|
|
135
|
+
return this.storage.grant(role, child);
|
|
181
136
|
}
|
|
137
|
+
|
|
182
138
|
/**
|
|
183
139
|
* Revoke permission or role from the role
|
|
184
140
|
* @method RBAC#revoke
|
|
185
141
|
* @param {Role} role Instance of the role
|
|
186
142
|
* @param {Base} child Instance of the role or permission
|
|
187
143
|
*/
|
|
188
|
-
|
|
189
|
-
|
|
190
|
-
|
|
191
|
-
|
|
192
|
-
|
|
193
|
-
|
|
194
|
-
|
|
195
|
-
|
|
196
|
-
}
|
|
197
|
-
|
|
198
|
-
if (role.rbac !== _this7 || child.rbac !== _this7) {
|
|
199
|
-
throw new Error('Item is associated to another RBAC instance');
|
|
200
|
-
}
|
|
201
|
-
|
|
202
|
-
return _this7.storage.revoke(role, child);
|
|
203
|
-
})();
|
|
144
|
+
async revoke(role, child) {
|
|
145
|
+
if (!role || !child) {
|
|
146
|
+
throw new Error('One of item is undefined');
|
|
147
|
+
}
|
|
148
|
+
if (role.rbac !== this || child.rbac !== this) {
|
|
149
|
+
throw new Error('Item is associated to another RBAC instance');
|
|
150
|
+
}
|
|
151
|
+
return this.storage.revoke(role, child);
|
|
204
152
|
}
|
|
153
|
+
|
|
205
154
|
/**
|
|
206
155
|
* Revoke permission or role from the role by names
|
|
207
156
|
* @method RBAC#revokeByName
|
|
208
157
|
* @param {String} roleName Instance of the role
|
|
209
158
|
* @param {String} childName Instance of the role or permission
|
|
210
159
|
*/
|
|
211
|
-
|
|
212
|
-
|
|
213
|
-
|
|
214
|
-
var _this8 = this;
|
|
215
|
-
|
|
216
|
-
return _asyncToGenerator(function* () {
|
|
217
|
-
const [role, child] = yield Promise.all([_this8.get(roleName), _this8.get(childName)]);
|
|
218
|
-
return _this8.revoke(role, child);
|
|
219
|
-
})();
|
|
160
|
+
async revokeByName(roleName, childName) {
|
|
161
|
+
const [role, child] = await Promise.all([this.get(roleName), this.get(childName)]);
|
|
162
|
+
return this.revoke(role, child);
|
|
220
163
|
}
|
|
164
|
+
|
|
221
165
|
/**
|
|
222
166
|
* Grant permission or role from the role by names
|
|
223
167
|
* @method RBAC#grantByName
|
|
224
168
|
* @param {String} roleName Instance of the role
|
|
225
169
|
* @param {String} childName Instance of the role or permission
|
|
226
170
|
*/
|
|
227
|
-
|
|
228
|
-
|
|
229
|
-
|
|
230
|
-
var _this9 = this;
|
|
231
|
-
|
|
232
|
-
return _asyncToGenerator(function* () {
|
|
233
|
-
const [role, child] = yield Promise.all([_this9.get(roleName), _this9.get(childName)]);
|
|
234
|
-
return _this9.grant(role, child);
|
|
235
|
-
})();
|
|
171
|
+
async grantByName(roleName, childName) {
|
|
172
|
+
const [role, child] = await Promise.all([this.get(roleName), this.get(childName)]);
|
|
173
|
+
return this.grant(role, child);
|
|
236
174
|
}
|
|
175
|
+
|
|
237
176
|
/**
|
|
238
177
|
* Create a new role assigned to actual instance of RBAC
|
|
239
178
|
* @method RBAC#createRole
|
|
@@ -241,21 +180,14 @@ class RBAC {
|
|
|
241
180
|
* @param {Boolean} [add] True if you need to add it to the storage
|
|
242
181
|
* @return {Role} Instance of the Role
|
|
243
182
|
*/
|
|
244
|
-
|
|
245
|
-
|
|
246
|
-
|
|
247
|
-
|
|
248
|
-
|
|
249
|
-
return
|
|
250
|
-
const role = new _Role.default(_this10, roleName);
|
|
251
|
-
|
|
252
|
-
if (add) {
|
|
253
|
-
yield role.add();
|
|
254
|
-
}
|
|
255
|
-
|
|
256
|
-
return role;
|
|
257
|
-
})();
|
|
183
|
+
async createRole(roleName, add) {
|
|
184
|
+
const role = new _Role.default(this, roleName);
|
|
185
|
+
if (add) {
|
|
186
|
+
await role.add();
|
|
187
|
+
}
|
|
188
|
+
return role;
|
|
258
189
|
}
|
|
190
|
+
|
|
259
191
|
/**
|
|
260
192
|
* Create a new permission assigned to actual instance of RBAC
|
|
261
193
|
* @method RBAC#createPermission
|
|
@@ -264,245 +196,140 @@ class RBAC {
|
|
|
264
196
|
* @param {Boolean} [add] True if you need to add it to the storage
|
|
265
197
|
* @return {Permission} Instance of the Permission
|
|
266
198
|
*/
|
|
267
|
-
|
|
268
|
-
|
|
269
|
-
|
|
270
|
-
|
|
271
|
-
|
|
272
|
-
return
|
|
273
|
-
const permission = new _Permission.default(_this11, action, resource);
|
|
274
|
-
|
|
275
|
-
if (add) {
|
|
276
|
-
yield permission.add();
|
|
277
|
-
}
|
|
278
|
-
|
|
279
|
-
return permission;
|
|
280
|
-
})();
|
|
199
|
+
async createPermission(action, resource, add) {
|
|
200
|
+
const permission = new _Permission.default(this, action, resource);
|
|
201
|
+
if (add) {
|
|
202
|
+
await permission.add();
|
|
203
|
+
}
|
|
204
|
+
return permission;
|
|
281
205
|
}
|
|
206
|
+
|
|
282
207
|
/**
|
|
283
208
|
* Callback returns true if role or permission exists
|
|
284
209
|
* @method RBAC#exists
|
|
285
210
|
* @param {String} name Name of item
|
|
286
211
|
*/
|
|
287
|
-
|
|
288
|
-
|
|
289
|
-
exists(name) {
|
|
290
|
-
var _this12 = this;
|
|
291
|
-
|
|
292
|
-
return _asyncToGenerator(function* () {
|
|
293
|
-
return _this12.storage.exists(name);
|
|
294
|
-
})();
|
|
212
|
+
async exists(name) {
|
|
213
|
+
return this.storage.exists(name);
|
|
295
214
|
}
|
|
215
|
+
|
|
296
216
|
/**
|
|
297
217
|
* Callback returns true if role exists
|
|
298
218
|
* @method RBAC#existsRole
|
|
299
219
|
* @param {String} name Name of item
|
|
300
220
|
*/
|
|
301
|
-
|
|
302
|
-
|
|
303
|
-
existsRole(name) {
|
|
304
|
-
var _this13 = this;
|
|
305
|
-
|
|
306
|
-
return _asyncToGenerator(function* () {
|
|
307
|
-
return _this13.storage.existsRole(name);
|
|
308
|
-
})();
|
|
221
|
+
async existsRole(name) {
|
|
222
|
+
return this.storage.existsRole(name);
|
|
309
223
|
}
|
|
224
|
+
|
|
310
225
|
/**
|
|
311
226
|
* Callback returns true if permission exists
|
|
312
227
|
* @method RBAC#existsPermission
|
|
313
228
|
* @param {String} action Name of action
|
|
314
229
|
* @param {String} resource Name of resource
|
|
315
230
|
*/
|
|
316
|
-
|
|
317
|
-
|
|
318
|
-
existsPermission(action, resource) {
|
|
319
|
-
var _this14 = this;
|
|
320
|
-
|
|
321
|
-
return _asyncToGenerator(function* () {
|
|
322
|
-
return _this14.storage.existsPermission(action, resource);
|
|
323
|
-
})();
|
|
231
|
+
async existsPermission(action, resource) {
|
|
232
|
+
return this.storage.existsPermission(action, resource);
|
|
324
233
|
}
|
|
234
|
+
|
|
325
235
|
/**
|
|
326
236
|
* Return instance of Role by his name
|
|
327
237
|
* @method RBAC#getRole
|
|
328
238
|
* @param {String} name Name of role
|
|
329
239
|
*/
|
|
330
|
-
|
|
331
|
-
|
|
332
|
-
getRole(name) {
|
|
333
|
-
var _this15 = this;
|
|
334
|
-
|
|
335
|
-
return _asyncToGenerator(function* () {
|
|
336
|
-
return _this15.storage.getRole(name);
|
|
337
|
-
})();
|
|
240
|
+
async getRole(name) {
|
|
241
|
+
return this.storage.getRole(name);
|
|
338
242
|
}
|
|
243
|
+
|
|
339
244
|
/**
|
|
340
245
|
* Return all instances of Role
|
|
341
246
|
* @method RBAC#getRoles
|
|
342
247
|
*/
|
|
343
|
-
|
|
344
|
-
|
|
345
|
-
getRoles() {
|
|
346
|
-
var _this16 = this;
|
|
347
|
-
|
|
348
|
-
return _asyncToGenerator(function* () {
|
|
349
|
-
return _this16.storage.getRoles();
|
|
350
|
-
})();
|
|
248
|
+
async getRoles() {
|
|
249
|
+
return this.storage.getRoles();
|
|
351
250
|
}
|
|
251
|
+
|
|
352
252
|
/**
|
|
353
253
|
* Return instance of Permission by his action and resource
|
|
354
254
|
* @method RBAC#getPermission
|
|
355
255
|
* @param {String} action Name of action
|
|
356
256
|
* @param {String} resource Name of resource
|
|
357
257
|
*/
|
|
358
|
-
|
|
359
|
-
|
|
360
|
-
getPermission(action, resource) {
|
|
361
|
-
var _this17 = this;
|
|
362
|
-
|
|
363
|
-
return _asyncToGenerator(function* () {
|
|
364
|
-
return _this17.storage.getPermission(action, resource);
|
|
365
|
-
})();
|
|
258
|
+
async getPermission(action, resource) {
|
|
259
|
+
return this.storage.getPermission(action, resource);
|
|
366
260
|
}
|
|
261
|
+
|
|
367
262
|
/**
|
|
368
263
|
* Return instance of Permission by his name
|
|
369
264
|
* @method RBAC#getPermission
|
|
370
265
|
* @param {String} name Name of permission
|
|
371
266
|
*/
|
|
372
|
-
|
|
373
|
-
|
|
374
|
-
|
|
375
|
-
var _this18 = this;
|
|
376
|
-
|
|
377
|
-
return _asyncToGenerator(function* () {
|
|
378
|
-
const data = _Permission.default.decodeName(name, _this18.options.delimiter);
|
|
379
|
-
|
|
380
|
-
return _this18.storage.getPermission(data.action, data.resource);
|
|
381
|
-
})();
|
|
267
|
+
async getPermissionByName(name) {
|
|
268
|
+
const data = _Permission.default.decodeName(name, this.options.delimiter);
|
|
269
|
+
return this.storage.getPermission(data.action, data.resource);
|
|
382
270
|
}
|
|
271
|
+
|
|
383
272
|
/**
|
|
384
273
|
* Return all instances of Permission
|
|
385
274
|
* @method RBAC#getPermissions
|
|
386
275
|
*/
|
|
387
|
-
|
|
388
|
-
|
|
389
|
-
getPermissions() {
|
|
390
|
-
var _this19 = this;
|
|
391
|
-
|
|
392
|
-
return _asyncToGenerator(function* () {
|
|
393
|
-
return _this19.storage.getPermissions();
|
|
394
|
-
})();
|
|
276
|
+
async getPermissions() {
|
|
277
|
+
return this.storage.getPermissions();
|
|
395
278
|
}
|
|
279
|
+
|
|
396
280
|
/**
|
|
397
281
|
* Create multiple permissions in one step
|
|
398
282
|
* @method RBAC#createPermissions
|
|
399
283
|
* @param {Object} permissions Object of permissions
|
|
400
284
|
* @param {Boolean} [add=true] True if you need to add it to the storage
|
|
401
285
|
*/
|
|
402
|
-
|
|
403
|
-
|
|
404
|
-
|
|
405
|
-
|
|
406
|
-
|
|
407
|
-
|
|
408
|
-
|
|
409
|
-
|
|
410
|
-
|
|
411
|
-
|
|
412
|
-
|
|
413
|
-
|
|
414
|
-
|
|
415
|
-
function () {
|
|
416
|
-
var _ref = _asyncToGenerator(function* (resource) {
|
|
417
|
-
const actions = resources[resource];
|
|
418
|
-
yield Promise.all(actions.map(
|
|
419
|
-
/*#__PURE__*/
|
|
420
|
-
function () {
|
|
421
|
-
var _ref2 = _asyncToGenerator(function* (action) {
|
|
422
|
-
const permission = yield _this20.createPermission(action, resource, add);
|
|
423
|
-
permissions[permission.name] = permission;
|
|
424
|
-
});
|
|
425
|
-
|
|
426
|
-
return function (_x2) {
|
|
427
|
-
return _ref2.apply(this, arguments);
|
|
428
|
-
};
|
|
429
|
-
}()));
|
|
430
|
-
});
|
|
431
|
-
|
|
432
|
-
return function (_x) {
|
|
433
|
-
return _ref.apply(this, arguments);
|
|
434
|
-
};
|
|
435
|
-
}()));
|
|
436
|
-
return permissions;
|
|
437
|
-
})();
|
|
286
|
+
async createPermissions(resources, add = true) {
|
|
287
|
+
if (!isPlainObject(resources)) {
|
|
288
|
+
throw new Error('Resources is not a plain object');
|
|
289
|
+
}
|
|
290
|
+
const permissions = {};
|
|
291
|
+
await Promise.all(Object.keys(resources).map(async resource => {
|
|
292
|
+
const actions = resources[resource];
|
|
293
|
+
await Promise.all(actions.map(async action => {
|
|
294
|
+
const permission = await this.createPermission(action, resource, add);
|
|
295
|
+
permissions[permission.name] = permission;
|
|
296
|
+
}));
|
|
297
|
+
}));
|
|
298
|
+
return permissions;
|
|
438
299
|
}
|
|
300
|
+
|
|
439
301
|
/**
|
|
440
302
|
* Create multiple roles in one step assigned to actual instance of RBAC
|
|
441
303
|
* @method RBAC#createRoles
|
|
442
304
|
* @param {Array} roleNames Array of role names
|
|
443
305
|
* @param {Boolean} [add=true] True if you need to add it to the storage
|
|
444
306
|
*/
|
|
445
|
-
|
|
446
|
-
|
|
447
|
-
|
|
448
|
-
|
|
449
|
-
|
|
450
|
-
|
|
451
|
-
|
|
452
|
-
yield Promise.all(roleNames.map(
|
|
453
|
-
/*#__PURE__*/
|
|
454
|
-
function () {
|
|
455
|
-
var _ref3 = _asyncToGenerator(function* (roleName) {
|
|
456
|
-
const role = yield _this21.createRole(roleName, add);
|
|
457
|
-
roles[role.name] = role;
|
|
458
|
-
});
|
|
459
|
-
|
|
460
|
-
return function (_x3) {
|
|
461
|
-
return _ref3.apply(this, arguments);
|
|
462
|
-
};
|
|
463
|
-
}()));
|
|
464
|
-
return roles;
|
|
465
|
-
})();
|
|
307
|
+
async createRoles(roleNames, add = true) {
|
|
308
|
+
const roles = {};
|
|
309
|
+
await Promise.all(roleNames.map(async roleName => {
|
|
310
|
+
const role = await this.createRole(roleName, add);
|
|
311
|
+
roles[role.name] = role;
|
|
312
|
+
}));
|
|
313
|
+
return roles;
|
|
466
314
|
}
|
|
315
|
+
|
|
467
316
|
/**
|
|
468
317
|
* Grant multiple items in one function
|
|
469
318
|
* @method RBAC#grants
|
|
470
319
|
* @param {Object} List of roles
|
|
471
320
|
*/
|
|
472
|
-
|
|
473
|
-
|
|
474
|
-
|
|
475
|
-
|
|
476
|
-
|
|
477
|
-
|
|
478
|
-
|
|
479
|
-
|
|
480
|
-
}
|
|
481
|
-
|
|
482
|
-
yield Promise.all(Object.keys(roles).map(
|
|
483
|
-
/*#__PURE__*/
|
|
484
|
-
function () {
|
|
485
|
-
var _ref4 = _asyncToGenerator(function* (roleName) {
|
|
486
|
-
const grants = roles[roleName];
|
|
487
|
-
yield Promise.all(grants.map(
|
|
488
|
-
/*#__PURE__*/
|
|
489
|
-
function () {
|
|
490
|
-
var _ref5 = _asyncToGenerator(function* (grant) {
|
|
491
|
-
yield _this22.grantByName(roleName, grant);
|
|
492
|
-
});
|
|
493
|
-
|
|
494
|
-
return function (_x5) {
|
|
495
|
-
return _ref5.apply(this, arguments);
|
|
496
|
-
};
|
|
497
|
-
}()));
|
|
498
|
-
});
|
|
499
|
-
|
|
500
|
-
return function (_x4) {
|
|
501
|
-
return _ref4.apply(this, arguments);
|
|
502
|
-
};
|
|
503
|
-
}()));
|
|
504
|
-
})();
|
|
321
|
+
async grants(roles) {
|
|
322
|
+
if (!isPlainObject(roles)) {
|
|
323
|
+
throw new Error('Grants is not a plain object');
|
|
324
|
+
}
|
|
325
|
+
await Promise.all(Object.keys(roles).map(async roleName => {
|
|
326
|
+
const grants = roles[roleName];
|
|
327
|
+
await Promise.all(grants.map(async grant => {
|
|
328
|
+
await this.grantByName(roleName, grant);
|
|
329
|
+
}));
|
|
330
|
+
}));
|
|
505
331
|
}
|
|
332
|
+
|
|
506
333
|
/**
|
|
507
334
|
* Create multiple permissions and roles in one step
|
|
508
335
|
* @method RBAC#create
|
|
@@ -510,24 +337,17 @@ class RBAC {
|
|
|
510
337
|
* @param {Object[]} permissionNames List of permission names
|
|
511
338
|
* @param {Object} [grants] List of grants
|
|
512
339
|
*/
|
|
513
|
-
|
|
514
|
-
|
|
515
|
-
|
|
516
|
-
|
|
517
|
-
|
|
518
|
-
return
|
|
519
|
-
|
|
520
|
-
|
|
521
|
-
|
|
522
|
-
yield _this23.grants(grantsData);
|
|
523
|
-
}
|
|
524
|
-
|
|
525
|
-
return {
|
|
526
|
-
permissions,
|
|
527
|
-
roles
|
|
528
|
-
};
|
|
529
|
-
})();
|
|
340
|
+
async create(roleNames, permissionNames, grantsData) {
|
|
341
|
+
const [permissions, roles] = await Promise.all([this.createPermissions(permissionNames), this.createRoles(roleNames)]);
|
|
342
|
+
if (grantsData) {
|
|
343
|
+
await this.grants(grantsData);
|
|
344
|
+
}
|
|
345
|
+
return {
|
|
346
|
+
permissions,
|
|
347
|
+
roles
|
|
348
|
+
};
|
|
530
349
|
}
|
|
350
|
+
|
|
531
351
|
/**
|
|
532
352
|
* Traverse hierarchy of roles.
|
|
533
353
|
* Callback function returns as second parameter item from hierarchy or null if we are on the end of hierarchy.
|
|
@@ -536,39 +356,29 @@ class RBAC {
|
|
|
536
356
|
* @param {Function} cb Callback function
|
|
537
357
|
* @private
|
|
538
358
|
*/
|
|
539
|
-
|
|
540
|
-
|
|
541
|
-
|
|
542
|
-
|
|
543
|
-
|
|
544
|
-
|
|
545
|
-
const
|
|
546
|
-
|
|
547
|
-
|
|
548
|
-
|
|
549
|
-
|
|
550
|
-
|
|
551
|
-
const {
|
|
552
|
-
name
|
|
553
|
-
} = item;
|
|
554
|
-
|
|
555
|
-
if (item instanceof _Role.default && !used[name]) {
|
|
556
|
-
used[name] = true;
|
|
557
|
-
next.push(name);
|
|
558
|
-
}
|
|
559
|
-
|
|
560
|
-
const result = yield cb(item);
|
|
561
|
-
|
|
562
|
-
if (result !== undefined) {
|
|
563
|
-
return result;
|
|
564
|
-
}
|
|
359
|
+
async traverseGrants(roleName, cb, next = [roleName], used = {}) {
|
|
360
|
+
const actualRole = next.shift();
|
|
361
|
+
used[actualRole] = true;
|
|
362
|
+
const grants = await this.storage.getGrants(actualRole);
|
|
363
|
+
for (let i = 0; i < grants.length; i += 1) {
|
|
364
|
+
const item = grants[i];
|
|
365
|
+
const {
|
|
366
|
+
name
|
|
367
|
+
} = item;
|
|
368
|
+
if (item instanceof _Role.default && !used[name]) {
|
|
369
|
+
used[name] = true;
|
|
370
|
+
next.push(name);
|
|
565
371
|
}
|
|
566
|
-
|
|
567
|
-
if (
|
|
568
|
-
return
|
|
372
|
+
const result = await cb(item);
|
|
373
|
+
if (result !== undefined) {
|
|
374
|
+
return result;
|
|
569
375
|
}
|
|
570
|
-
}
|
|
376
|
+
}
|
|
377
|
+
if (next.length) {
|
|
378
|
+
return this.traverseGrants(null, cb, next, used);
|
|
379
|
+
}
|
|
571
380
|
}
|
|
381
|
+
|
|
572
382
|
/**
|
|
573
383
|
* Return true if role has allowed permission
|
|
574
384
|
* @method RBAC#can
|
|
@@ -577,20 +387,15 @@ class RBAC {
|
|
|
577
387
|
* @param {string} resource Name of resource
|
|
578
388
|
* @return {boolean}
|
|
579
389
|
*/
|
|
580
|
-
|
|
581
|
-
|
|
582
|
-
|
|
583
|
-
|
|
584
|
-
|
|
585
|
-
|
|
586
|
-
|
|
587
|
-
if (item instanceof _Permission.default && item.can(action, resource)) {
|
|
588
|
-
return true;
|
|
589
|
-
}
|
|
590
|
-
});
|
|
591
|
-
return can || false;
|
|
592
|
-
})();
|
|
390
|
+
async can(roleName, action, resource) {
|
|
391
|
+
const can = await this.traverseGrants(roleName, item => {
|
|
392
|
+
if (item instanceof _Permission.default && item.can(action, resource)) {
|
|
393
|
+
return true;
|
|
394
|
+
}
|
|
395
|
+
});
|
|
396
|
+
return can || false;
|
|
593
397
|
}
|
|
398
|
+
|
|
594
399
|
/**
|
|
595
400
|
* Check if the role has any of the given permissions.
|
|
596
401
|
* @method RBAC#canAny
|
|
@@ -598,25 +403,20 @@ class RBAC {
|
|
|
598
403
|
* @param {Object[]} permissions Array (String action, String resource)
|
|
599
404
|
* @return {boolean}
|
|
600
405
|
*/
|
|
406
|
+
async canAny(roleName, permissions) {
|
|
407
|
+
// prepare the names of permissions
|
|
408
|
+
const permissionNames = RBAC.getPermissionNames(permissions, this.options.delimiter);
|
|
601
409
|
|
|
602
|
-
|
|
603
|
-
|
|
604
|
-
|
|
605
|
-
|
|
606
|
-
|
|
607
|
-
|
|
608
|
-
|
|
609
|
-
|
|
610
|
-
const can = yield _this26.traverseGrants(roleName, item => {
|
|
611
|
-
if (item instanceof _Permission.default && permissionNames.includes(item.name)) {
|
|
612
|
-
return true;
|
|
613
|
-
}
|
|
614
|
-
|
|
615
|
-
return undefined;
|
|
616
|
-
});
|
|
617
|
-
return can || false;
|
|
618
|
-
})();
|
|
410
|
+
// traverse hierarchy
|
|
411
|
+
const can = await this.traverseGrants(roleName, item => {
|
|
412
|
+
if (item instanceof _Permission.default && permissionNames.includes(item.name)) {
|
|
413
|
+
return true;
|
|
414
|
+
}
|
|
415
|
+
return undefined;
|
|
416
|
+
});
|
|
417
|
+
return can || false;
|
|
619
418
|
}
|
|
419
|
+
|
|
620
420
|
/**
|
|
621
421
|
* Check if the model has all of the given permissions.
|
|
622
422
|
* @method RBAC#canAll
|
|
@@ -624,32 +424,26 @@ class RBAC {
|
|
|
624
424
|
* @param {Object[]} permissions Array (String action, String resource)
|
|
625
425
|
* @return {boolean} Current instance
|
|
626
426
|
*/
|
|
627
|
-
|
|
628
|
-
|
|
629
|
-
|
|
630
|
-
|
|
631
|
-
|
|
632
|
-
|
|
633
|
-
|
|
634
|
-
|
|
635
|
-
|
|
636
|
-
|
|
637
|
-
|
|
638
|
-
|
|
639
|
-
|
|
640
|
-
founded[item.name] = true;
|
|
641
|
-
foundedCount += 1;
|
|
642
|
-
|
|
643
|
-
if (foundedCount === permissionNames.length) {
|
|
644
|
-
return true;
|
|
645
|
-
}
|
|
427
|
+
async canAll(roleName, permissions) {
|
|
428
|
+
// prepare the names of permissions
|
|
429
|
+
const permissionNames = RBAC.getPermissionNames(permissions, this.options.delimiter);
|
|
430
|
+
const founded = {};
|
|
431
|
+
let foundedCount = 0;
|
|
432
|
+
|
|
433
|
+
// traverse hierarchy
|
|
434
|
+
await this.traverseGrants(roleName, item => {
|
|
435
|
+
if (item instanceof _Permission.default && permissionNames.includes(item.name) && !founded[item.name]) {
|
|
436
|
+
founded[item.name] = true;
|
|
437
|
+
foundedCount += 1;
|
|
438
|
+
if (foundedCount === permissionNames.length) {
|
|
439
|
+
return true;
|
|
646
440
|
}
|
|
647
|
-
|
|
648
|
-
|
|
649
|
-
|
|
650
|
-
|
|
651
|
-
})();
|
|
441
|
+
}
|
|
442
|
+
return undefined;
|
|
443
|
+
});
|
|
444
|
+
return foundedCount === permissionNames.length;
|
|
652
445
|
}
|
|
446
|
+
|
|
653
447
|
/**
|
|
654
448
|
* Return true if role has allowed permission
|
|
655
449
|
* @method RBAC#hasRole
|
|
@@ -657,50 +451,36 @@ class RBAC {
|
|
|
657
451
|
* @param {String} roleChildName Name of child role
|
|
658
452
|
* @return {boolean}
|
|
659
453
|
*/
|
|
660
|
-
|
|
661
|
-
|
|
662
|
-
|
|
663
|
-
|
|
664
|
-
|
|
665
|
-
|
|
666
|
-
if (roleName === roleChildName) {
|
|
454
|
+
async hasRole(roleName, roleChildName) {
|
|
455
|
+
if (roleName === roleChildName) {
|
|
456
|
+
return true;
|
|
457
|
+
}
|
|
458
|
+
const has = await this.traverseGrants(roleName, item => {
|
|
459
|
+
if (item instanceof _Role.default && item.name === roleChildName) {
|
|
667
460
|
return true;
|
|
668
461
|
}
|
|
669
|
-
|
|
670
|
-
|
|
671
|
-
|
|
672
|
-
return true;
|
|
673
|
-
}
|
|
674
|
-
|
|
675
|
-
return undefined;
|
|
676
|
-
});
|
|
677
|
-
return has || false;
|
|
678
|
-
})();
|
|
462
|
+
return undefined;
|
|
463
|
+
});
|
|
464
|
+
return has || false;
|
|
679
465
|
}
|
|
466
|
+
|
|
680
467
|
/**
|
|
681
468
|
* Return array of all permission assigned to role of RBAC
|
|
682
469
|
* @method RBAC#getScope
|
|
683
470
|
* @param {string} roleName Name of role
|
|
684
471
|
* @return {string[]}
|
|
685
472
|
*/
|
|
473
|
+
async getScope(roleName) {
|
|
474
|
+
const scope = [];
|
|
686
475
|
|
|
687
|
-
|
|
688
|
-
|
|
689
|
-
|
|
690
|
-
|
|
691
|
-
|
|
692
|
-
|
|
693
|
-
|
|
694
|
-
yield _this29.traverseGrants(roleName, item => {
|
|
695
|
-
if (item instanceof _Permission.default && !scope.includes(item.name)) {
|
|
696
|
-
scope.push(item.name);
|
|
697
|
-
}
|
|
698
|
-
});
|
|
699
|
-
return scope;
|
|
700
|
-
})();
|
|
476
|
+
// traverse hierarchy
|
|
477
|
+
await this.traverseGrants(roleName, item => {
|
|
478
|
+
if (item instanceof _Permission.default && !scope.includes(item.name)) {
|
|
479
|
+
scope.push(item.name);
|
|
480
|
+
}
|
|
481
|
+
});
|
|
482
|
+
return scope;
|
|
701
483
|
}
|
|
702
|
-
|
|
703
484
|
}
|
|
704
|
-
|
|
705
485
|
exports.default = RBAC;
|
|
706
486
|
//# sourceMappingURL=RBAC.js.map
|