Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
32 changed files
with
848 additions
and
260 deletions.
There are no files selected for viewing
9 changes: 9 additions & 0 deletions
9
config/ldp/authorization/authorizers/access-checkers/agent.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
{ | ||
"@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^1.0.0/components/context.jsonld", | ||
"@graph": [ | ||
{ | ||
"@id": "urn:solid-server:default:AgentAccessChecker", | ||
"@type": "AgentAccessChecker" | ||
} | ||
] | ||
} |
9 changes: 9 additions & 0 deletions
9
config/ldp/authorization/authorizers/access-checkers/agentClass.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
{ | ||
"@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^1.0.0/components/context.jsonld", | ||
"@graph": [ | ||
{ | ||
"@id": "urn:solid-server:default:AgentClassAccessChecker", | ||
"@type": "AgentClassAccessChecker" | ||
} | ||
] | ||
} |
20 changes: 20 additions & 0 deletions
20
config/ldp/authorization/authorizers/access-checkers/agentGroup.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
{ | ||
"@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^1.0.0/components/context.jsonld", | ||
"@graph": [ | ||
{ | ||
"@id": "urn:solid-server:default:AgentGroupAccessChecker", | ||
"@type": "AgentGroupAccessChecker", | ||
"converter": { "@id": "urn:solid-server:default:RepresentationConverter" }, | ||
"cache": { | ||
"@id": "urn:solid-server:default:ExpiringAclCache", | ||
"@type": "WrappedExpiringStorage", | ||
"source": { "@type": "MemoryMapStorage" } | ||
} | ||
}, | ||
{ | ||
"comment": "Makes sure the expiring storage cleanup timer is stopped when the application needs to stop.", | ||
"@id": "urn:solid-server:default:Finalizer", | ||
"ParallelFinalizer:_finalizers": [ { "@id": "urn:solid-server:default:ExpiringAclCache" } ] | ||
} | ||
] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
import type { Store, Term } from 'n3'; | ||
import type { Credentials } from '../../authentication/Credentials'; | ||
import { AsyncHandler } from '../../util/handlers/AsyncHandler'; | ||
|
||
/** | ||
* Performs an authorization check against the given acl resource. | ||
*/ | ||
export abstract class AccessChecker extends AsyncHandler<AccessCheckerArgs, boolean> {} | ||
|
||
export interface AccessCheckerArgs { | ||
/** | ||
* A store containing the relevant triples of the authorization. | ||
*/ | ||
acl: Store; | ||
|
||
/** | ||
* Authorization rule to be processed. | ||
*/ | ||
rule: Term; | ||
|
||
/** | ||
* Credentials of the entity that wants to use the resource. | ||
*/ | ||
credentials: Credentials; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
import { ACL } from '../../util/Vocabularies'; | ||
import type { AccessCheckerArgs } from './AccessChecker'; | ||
import { AccessChecker } from './AccessChecker'; | ||
|
||
/** | ||
* Checks if the given WebID has been given access. | ||
*/ | ||
export class AgentAccessChecker extends AccessChecker { | ||
public async handle({ acl, rule, credentials }: AccessCheckerArgs): Promise<boolean> { | ||
if (typeof credentials.webId === 'string') { | ||
return acl.countQuads(rule, ACL.terms.agent, credentials.webId, null) !== 0; | ||
} | ||
return false; | ||
} | ||
} |
18 changes: 18 additions & 0 deletions
18
src/authorization/access-checkers/AgentClassAccessChecker.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
import { ACL, FOAF } from '../../util/Vocabularies'; | ||
import type { AccessCheckerArgs } from './AccessChecker'; | ||
import { AccessChecker } from './AccessChecker'; | ||
|
||
/** | ||
* Checks access based on the agent class. | ||
*/ | ||
export class AgentClassAccessChecker extends AccessChecker { | ||
public async handle({ acl, rule, credentials }: AccessCheckerArgs): Promise<boolean> { | ||
if (acl.countQuads(rule, ACL.terms.agentClass, FOAF.terms.Agent, null) !== 0) { | ||
return true; | ||
} | ||
if (typeof credentials.webId === 'string') { | ||
return acl.countQuads(rule, ACL.terms.agentClass, ACL.terms.AuthenticatedAgent, null) !== 0; | ||
} | ||
return false; | ||
} | ||
} |
Oops, something went wrong.