diff --git a/lib/user/v2/privilege/PrivilegeManager.d.ts b/lib/user/v2/privilege/PrivilegeManager.d.ts new file mode 100644 index 00000000..1068f1e1 --- /dev/null +++ b/lib/user/v2/privilege/PrivilegeManager.d.ts @@ -0,0 +1,23 @@ +import { Resource, Path } from '../../../manager/v2/export'; +export declare type PrivilegeManagerCallback = (error: Error, hasAccess: boolean) => void; +export declare type PrivilegeManagerMethod = (fullPath: Path, resource: Resource, callback: PrivilegeManagerCallback) => void; +export declare type BasicPrivilege = 'canWrite' | 'canWriteLocks' | 'canWriteContent' | 'canWriteContentTranslated' | 'canWriteContentSource' | 'canWriteProperties' | 'canRead' | 'canReadLocks' | 'canReadContent' | 'canReadContentTranslated' | 'canReadContentSource' | 'canReadProperties'; +export declare class PrivilegeManager { + can(fullPath: Path | string, resource: Resource, privilege: BasicPrivilege, callback: PrivilegeManagerCallback): void; + can(fullPath: Path | string, resource: Resource, privilege: string, callback: PrivilegeManagerCallback): void; + can(fullPath: Path | string, resource: Resource, privilege: BasicPrivilege[], callback: PrivilegeManagerCallback): void; + can(fullPath: Path | string, resource: Resource, privilege: string[], callback: PrivilegeManagerCallback): void; + protected _can?(fullPath: Path, resource: Resource, privilege: string, callback: PrivilegeManagerCallback): void; + protected canWrite(fullPath: Path, resource: Resource, callback: PrivilegeManagerCallback): void; + protected canWriteLocks(fullPath: Path, resource: Resource, callback: PrivilegeManagerCallback): void; + protected canWriteContent(fullPath: Path, resource: Resource, callback: PrivilegeManagerCallback): void; + protected canWriteContentTranslated(fullPath: Path, resource: Resource, callback: PrivilegeManagerCallback): void; + protected canWriteContentSource(fullPath: Path, resource: Resource, callback: PrivilegeManagerCallback): void; + protected canWriteProperties(fullPath: Path, resource: Resource, callback: PrivilegeManagerCallback): void; + protected canRead(fullPath: Path, resource: Resource, callback: PrivilegeManagerCallback): void; + protected canReadLocks(fullPath: Path, resource: Resource, callback: PrivilegeManagerCallback): void; + protected canReadContent(fullPath: Path, resource: Resource, callback: PrivilegeManagerCallback): void; + protected canReadContentTranslated(fullPath: Path, resource: Resource, callback: PrivilegeManagerCallback): void; + protected canReadContentSource(fullPath: Path, resource: Resource, callback: PrivilegeManagerCallback): void; + protected canReadProperties(fullPath: Path, resource: Resource, callback: PrivilegeManagerCallback): void; +} diff --git a/lib/user/v2/privilege/PrivilegeManager.js b/lib/user/v2/privilege/PrivilegeManager.js new file mode 100644 index 00000000..4a1cca47 --- /dev/null +++ b/lib/user/v2/privilege/PrivilegeManager.js @@ -0,0 +1,85 @@ +"use strict"; +Object.defineProperty(exports, "__esModule", { value: true }); +var export_1 = require("../../../manager/v2/export"); +var Workflow_1 = require("../../../helper/Workflow"); +function checkAll(pm, fns, fullPath, resource, callback) { + new Workflow_1.Workflow() + .each(fns, function (fn, cb) { return fn.bind(pm)(fullPath, resource, cb); }) + .error(function (e) { return callback(e, false); }) + .done(function (successes) { return callback(null, successes.every(function (b) { return !!b; })); }); +} +var PrivilegeManager = (function () { + function PrivilegeManager() { + } + PrivilegeManager.prototype.can = function (_fullPath, resource, _privilege, callback) { + var _this = this; + if (_privilege.constructor !== String) { + new Workflow_1.Workflow() + .each(_privilege, function (privilege, cb) { return _this.can(_fullPath, resource, privilege, cb); }) + .error(function (e) { return callback(e, false); }) + .done(function (checks) { return callback(null, checks.every(function (b) { return !!b; })); }); + return; + } + var fullPath = new export_1.Path(_fullPath); + var privilege = _privilege; + if (this._can) + return this._can(fullPath, resource, privilege, callback); + var method = this[privilege]; + if (method) + method.bind(this)(fullPath, resource, callback); + else + callback(null, true); + }; + PrivilegeManager.prototype.canWrite = function (fullPath, resource, callback) { + checkAll(this, [ + this.canWriteLocks, + this.canWriteContent, + this.canWriteProperties + ], fullPath, resource, callback); + }; + PrivilegeManager.prototype.canWriteLocks = function (fullPath, resource, callback) { + callback(null, true); + }; + PrivilegeManager.prototype.canWriteContent = function (fullPath, resource, callback) { + checkAll(this, [ + this.canWriteContentSource, + this.canWriteContentTranslated + ], fullPath, resource, callback); + }; + PrivilegeManager.prototype.canWriteContentTranslated = function (fullPath, resource, callback) { + callback(null, true); + }; + PrivilegeManager.prototype.canWriteContentSource = function (fullPath, resource, callback) { + callback(null, true); + }; + PrivilegeManager.prototype.canWriteProperties = function (fullPath, resource, callback) { + callback(null, true); + }; + PrivilegeManager.prototype.canRead = function (fullPath, resource, callback) { + checkAll(this, [ + this.canReadLocks, + this.canReadContent, + this.canReadProperties + ], fullPath, resource, callback); + }; + PrivilegeManager.prototype.canReadLocks = function (fullPath, resource, callback) { + callback(null, true); + }; + PrivilegeManager.prototype.canReadContent = function (fullPath, resource, callback) { + checkAll(this, [ + this.canReadContentSource, + this.canReadContentTranslated + ], fullPath, resource, callback); + }; + PrivilegeManager.prototype.canReadContentTranslated = function (fullPath, resource, callback) { + callback(null, true); + }; + PrivilegeManager.prototype.canReadContentSource = function (fullPath, resource, callback) { + callback(null, true); + }; + PrivilegeManager.prototype.canReadProperties = function (fullPath, resource, callback) { + callback(null, true); + }; + return PrivilegeManager; +}()); +exports.PrivilegeManager = PrivilegeManager; diff --git a/src/user/v2/privilege/PrivilegeManager.ts b/src/user/v2/privilege/PrivilegeManager.ts new file mode 100644 index 00000000..ce80cedb --- /dev/null +++ b/src/user/v2/privilege/PrivilegeManager.ts @@ -0,0 +1,137 @@ +import { RequestContext } from '../../../server/v2/RequestContext' +import { Resource, Path } from '../../../manager/v2/export' +import { Lock } from '../../../resource/lock/Lock' +import { LockType } from '../../../resource/lock/LockType' +import { LockScope } from '../../../resource/lock/LockScope' +import { Workflow } from '../../../helper/Workflow' + +export type PrivilegeManagerCallback = (error : Error, hasAccess : boolean) => void; +export type PrivilegeManagerMethod = (fullPath : Path, resource : Resource, callback : PrivilegeManagerCallback) => void + +export type BasicPrivilege = + 'canWrite' + | 'canWriteLocks' + | 'canWriteContent' + | 'canWriteContentTranslated' + | 'canWriteContentSource' + | 'canWriteProperties' + | 'canRead' + | 'canReadLocks' + | 'canReadContent' + | 'canReadContentTranslated' + | 'canReadContentSource' + | 'canReadProperties' + +function checkAll(pm : PrivilegeManager, fns : PrivilegeManagerMethod[], fullPath : Path, resource : Resource, callback : PrivilegeManagerCallback) +{ + new Workflow() + .each(fns, (fn, cb) => fn.bind(pm)(fullPath, resource, cb)) + .error((e) => callback(e, false)) + .done((successes) => callback(null, successes.every((b) => !!b))) +} + +export class PrivilegeManager +{ + can(fullPath : Path | string, resource : Resource, privilege : BasicPrivilege, callback : PrivilegeManagerCallback) : void + can(fullPath : Path | string, resource : Resource, privilege : string, callback : PrivilegeManagerCallback) : void + can(fullPath : Path | string, resource : Resource, privilege : BasicPrivilege[], callback : PrivilegeManagerCallback) : void + can(fullPath : Path | string, resource : Resource, privilege : string[], callback : PrivilegeManagerCallback) : void + can(_fullPath : Path | string, resource : Resource, _privilege : BasicPrivilege | string | BasicPrivilege[] | string[], callback : PrivilegeManagerCallback) : void + { + if(_privilege.constructor !== String) + { + new Workflow() + .each(_privilege as string[], (privilege, cb) => this.can(_fullPath, resource, privilege, cb)) + .error((e) => callback(e, false)) + .done((checks) => callback(null, checks.every((b) => !!b))); + return; + } + + const fullPath = new Path(_fullPath); + const privilege = _privilege as string; + + if(this._can) + return this._can(fullPath, resource, privilege, callback); + + const method : PrivilegeManagerMethod = this[privilege]; + if(method) + method.bind(this)(fullPath, resource, callback); + else + callback(null, true); + } + protected _can?(fullPath : Path, resource : Resource, privilege : string, callback : PrivilegeManagerCallback) : void + + protected canWrite(fullPath : Path, resource : Resource, callback : PrivilegeManagerCallback) : void + { + checkAll(this, [ + this.canWriteLocks, + this.canWriteContent, + this.canWriteProperties + ], fullPath, resource, callback); + } + + protected canWriteLocks(fullPath : Path, resource : Resource, callback : PrivilegeManagerCallback) : void + { + callback(null, true); + } + + protected canWriteContent(fullPath : Path, resource : Resource, callback : PrivilegeManagerCallback) : void + { + checkAll(this, [ + this.canWriteContentSource, + this.canWriteContentTranslated + ], fullPath, resource, callback); + } + + protected canWriteContentTranslated(fullPath : Path, resource : Resource, callback : PrivilegeManagerCallback) : void + { + callback(null, true); + } + + protected canWriteContentSource(fullPath : Path, resource : Resource, callback : PrivilegeManagerCallback) : void + { + callback(null, true); + } + + protected canWriteProperties(fullPath : Path, resource : Resource, callback : PrivilegeManagerCallback) : void + { + callback(null, true); + } + + protected canRead(fullPath : Path, resource : Resource, callback : PrivilegeManagerCallback) : void + { + checkAll(this, [ + this.canReadLocks, + this.canReadContent, + this.canReadProperties + ], fullPath, resource, callback); + } + + protected canReadLocks(fullPath : Path, resource : Resource, callback : PrivilegeManagerCallback) : void + { + callback(null, true); + } + + protected canReadContent(fullPath : Path, resource : Resource, callback : PrivilegeManagerCallback) : void + { + checkAll(this, [ + this.canReadContentSource, + this.canReadContentTranslated + ], fullPath, resource, callback); + } + + protected canReadContentTranslated(fullPath : Path, resource : Resource, callback : PrivilegeManagerCallback) : void + { + callback(null, true); + } + + protected canReadContentSource(fullPath : Path, resource : Resource, callback : PrivilegeManagerCallback) : void + { + callback(null, true); + } + + protected canReadProperties(fullPath : Path, resource : Resource, callback : PrivilegeManagerCallback) : void + { + callback(null, true); + } +}