Class AccessControl

AccessControl service provides high-level access checks, like testing user's permission or handling list queries access conditions.

Hierarchy

AccessControl

Constructors

constructor

new AccessControl(_rolesMgr: RolesManager, _accessValidator: AccessValidationServiceInterface, _runtimeConfig: RuntimeConfig): AccessControl
Parameters
- _rolesMgr: RolesManager
- _accessValidator: AccessValidationServiceInterface
- _runtimeConfig: RuntimeConfig
Returns AccessControl
- Defined in src/backends/AccessControl.ts:88

Properties

`Protected` _accessValidator

_accessValidator: AccessValidationServiceInterface

`Private` `Optional` _knownActions

_knownActions?: KnownActions

A cached list of known access check actions used by knownActions.

`Protected` _rolesMgr

_rolesMgr: RolesManager

`Protected` _runtimeConfig

_runtimeConfig: RuntimeConfig

`Readonly` hooks

hooks: AccessControlHooks

Access control hooks.

Accessors

`Private` knownActions

get knownActions(): KnownActions
Returns a list of known access check actions.

Returns KnownActions
- Defined in src/backends/AccessControl.ts:537

Methods

checkRoleAccess

checkRoleAccess(context: KosmosUserContext<object> & {
src?: string;
}, type: string, action: string): void
This method is used to check if the user has the required permissions to preform the requested action

TODO: Find the correct type of context. The 'src' property doesn't seem to be defined anywhere.

Returns
Parameters
- context: KosmosUserContext<object> & {
  src?: string;
  }
- type: string
  
  The entity type name
- action: string
Returns void
- Defined in src/backends/AccessControl.ts:442

compareAuthorisationDecision

compareAuthorisationDecision(cedarAccessDecision: Object, kosmosAccessDecision: boolean): boolean
Parameters
- cedarAccessDecision: Object
- kosmosAccessDecision: boolean
Returns boolean
- Defined in src/backends/AccessControl.ts:420

getConditions

getConditions(context: KosmosUserContext<object>, type: string, action: string): undefined | RuntimeFilter
Returns query access conditions for a given action.
Parameters
- context: KosmosUserContext<object>
  
  The user context
- type: string
  
  The entity type
- action: string
  
  Action
Returns undefined | RuntimeFilter
- Defined in src/backends/AccessControl.ts:495

getServiceContext

getServiceContext(context: KosmosUserContext<object>): {
    accessKeys?: string[];
    contextStorage?: object;
    iss?: string;
    queryCache?: QueryCacheContext;
    tenant: string;
    user: string;
    user_email: string;
    user_roles: string[];
}
Parameters
- context: KosmosUserContext<object>
Returns {
    accessKeys?: string[];
    contextStorage?: object;
    iss?: string;
    queryCache?: QueryCacheContext;
    tenant: string;
    user: string;
    user_email: string;
    user_roles: string[];
}
- Optional accessKeys?: string[]
- Optional contextStorage?: object
- Optional iss?: string
- Optional queryCache?: QueryCacheContext
- tenant: string
- user: string
- user_email: string
- user_roles: string[]
- Defined in src/backends/AccessControl.ts:102

isAuthorisedToCreateEdge

isAuthorisedToCreateEdge(context: KosmosUserContext<object> & {
    src?: string;
}, principal: Object, resource: Object, sourceVertex: Object, destinationVertex: Object, properties: Object, dataSourceWrapper: DataSourceWrapper, connectToVertices?: never[]): Promise<{
    action: string;
    decision: Object;
    error?: undefined;
    principal: Object;
    resource: Object;
} | {
    action: string;
    decision: boolean;
    error: unknown;
    principal: Object;
    resource: Object;
}>
Parameters
- context: KosmosUserContext<object> & {
  src?: string;
  }
- principal: Object
- resource: Object
- sourceVertex: Object
- destinationVertex: Object
- properties: Object
- dataSourceWrapper: DataSourceWrapper
- connectToVertices: never[] = []
Returns Promise<{
    action: string;
    decision: Object;
    error?: undefined;
    principal: Object;
    resource: Object;
} | {
    action: string;
    decision: boolean;
    error: unknown;
    principal: Object;
    resource: Object;
}>
- Defined in src/backends/AccessControl.ts:166

isAuthorisedToCreateVertex

isAuthorisedToCreateVertex(context: KosmosUserContext<object> & {
    src?: string;
}, principal: Object, resource: Object, requestData: Object, connectToVertices: ConnectionToAdd[], dataSourceWrapper: DataSourceWrapper): Promise<{
    action: string;
    decision: Object;
    error?: undefined;
    principal: Object;
    resource: Object;
} | {
    action: string;
    decision: boolean;
    error: unknown;
    principal: Object;
    resource: Object;
}>
Parameters
- context: KosmosUserContext<object> & {
  src?: string;
  }
- principal: Object
- resource: Object
- requestData: Object
- connectToVertices: ConnectionToAdd[]
- dataSourceWrapper: DataSourceWrapper
Returns Promise<{
    action: string;
    decision: Object;
    error?: undefined;
    principal: Object;
    resource: Object;
} | {
    action: string;
    decision: boolean;
    error: unknown;
    principal: Object;
    resource: Object;
}>
- Defined in src/backends/AccessControl.ts:109

isAuthorisedToDeleteEdge

isAuthorisedToDeleteEdge(context: KosmosUserContext<object> & {
    src?: string;
}, principal: Object, resource: Object, sourceVertex: Object, destinationVertex: Object, dataSourceWrapper: DataSourceWrapper, connectToVertices?: never[]): Promise<{
    action: string;
    decision: Object;
    error?: undefined;
    principal: Object;
    resource: Object;
} | {
    action: string;
    decision: boolean;
    error: unknown;
    principal: Object;
    resource: Object;
}>
Parameters
- context: KosmosUserContext<object> & {
  src?: string;
  }
- principal: Object
- resource: Object
- sourceVertex: Object
- destinationVertex: Object
- dataSourceWrapper: DataSourceWrapper
- connectToVertices: never[] = []
Returns Promise<{
    action: string;
    decision: Object;
    error?: undefined;
    principal: Object;
    resource: Object;
} | {
    action: string;
    decision: boolean;
    error: unknown;
    principal: Object;
    resource: Object;
}>
- Defined in src/backends/AccessControl.ts:335

isAuthorisedToDeleteVertex

isAuthorisedToDeleteVertex(context: KosmosUserContext<object> & {
    src?: string;
}, principal: Object, resource: Object, dataSourceWrapper: DataSourceWrapper): Promise<{
    action: string;
    decision: Object;
    error?: undefined;
    principal: Object;
    resource: Object;
} | {
    action: string;
    decision: boolean;
    error: unknown;
    principal: Object;
    resource: Object;
}>
Parameters
- context: KosmosUserContext<object> & {
  src?: string;
  }
- principal: Object
- resource: Object
- dataSourceWrapper: DataSourceWrapper
Returns Promise<{
    action: string;
    decision: Object;
    error?: undefined;
    principal: Object;
    resource: Object;
} | {
    action: string;
    decision: boolean;
    error: unknown;
    principal: Object;
    resource: Object;
}>
- Defined in src/backends/AccessControl.ts:297

isAuthorisedToPerformAction

isAuthorisedToPerformAction(context: KosmosUserContext<object> & {
src?: string;
}, principal: Object, action: string, resource: Object, requestData: Object, dataSourceWrapper: DataSourceWrapper): Promise<boolean>
Parameters
- context: KosmosUserContext<object> & {
  src?: string;
  }
- principal: Object
- action: string
- resource: Object
- requestData: Object
- dataSourceWrapper: DataSourceWrapper
Returns Promise<boolean>
- Defined in src/backends/AccessControl.ts:379

isAuthorisedToUpdateEdge

isAuthorisedToUpdateEdge(context: KosmosUserContext<object> & {
    src?: string;
}, principal: Object, resource: Object, sourceVertex: Object, destinationVertex: Object, properties: Object, dataSourceWrapper: DataSourceWrapper): Promise<{
    action: string;
    decision: Object;
    error?: undefined;
    principal: Object;
    resource: Object;
} | {
    action: string;
    decision: boolean;
    error: unknown;
    principal: Object;
    resource: Object;
}>
Parameters
- context: KosmosUserContext<object> & {
  src?: string;
  }
- principal: Object
- resource: Object
- sourceVertex: Object
- destinationVertex: Object
- properties: Object
- dataSourceWrapper: DataSourceWrapper
Returns Promise<{
    action: string;
    decision: Object;
    error?: undefined;
    principal: Object;
    resource: Object;
} | {
    action: string;
    decision: boolean;
    error: unknown;
    principal: Object;
    resource: Object;
}>
- Defined in src/backends/AccessControl.ts:253

isAuthorisedToUpdateVertex

isAuthorisedToUpdateVertex(context: KosmosUserContext<object> & {
    src?: string;
}, principal: Object, resource: Object, requestData: Object, connectToVertices: ConnectionToAdd[], dataSourceWrapper: DataSourceWrapper): Promise<{
    action: string;
    decision: Object;
    error?: undefined;
    principal: Object;
    resource: Object;
} | {
    action: string;
    decision: boolean;
    error: unknown;
    principal: Object;
    resource: Object;
}>
Parameters
- context: KosmosUserContext<object> & {
  src?: string;
  }
- principal: Object
- resource: Object
- requestData: Object
- connectToVertices: ConnectionToAdd[]
- dataSourceWrapper: DataSourceWrapper
Returns Promise<{
    action: string;
    decision: Object;
    error?: undefined;
    principal: Object;
    resource: Object;
} | {
    action: string;
    decision: boolean;
    error: unknown;
    principal: Object;
    resource: Object;
}>
- Defined in src/backends/AccessControl.ts:211

isVerifiedPermissionsCheckEnabled

isVerifiedPermissionsCheckEnabled(): boolean
Returns a boolean showing if verified permission check is enabled.

Returns boolean
- Defined in src/backends/AccessControl.ts:567

isVerifiedPermissionsEnforced

isVerifiedPermissionsEnforced(context: KosmosUserContext<object>): boolean
Returns a boolean showing if Cedar ACL is enabled for this user/config.
Parameters
- context: KosmosUserContext<object>
  
  The user context
Returns boolean
- Defined in src/backends/AccessControl.ts:577

validateAction

validateAction(action: string): string
Validates the access check action.

Returns
The same value if it's valid; throws an error otherwise.
Parameters
- action: string
  
  The access check action.
Returns string
- Defined in src/backends/AccessControl.ts:553

Class AccessControl

Hierarchy

Index

Constructors

Properties

Accessors

Methods

Constructors

constructor

Parameters

_rolesMgr: RolesManager

_accessValidator: AccessValidationServiceInterface

_runtimeConfig: RuntimeConfig

Returns AccessControl

Properties

Protected _accessValidator

Private Optional _knownActions

Protected _rolesMgr

Protected _runtimeConfig

Readonly hooks

Accessors

Private knownActions

Returns KnownActions

Methods

checkRoleAccess

Returns

Parameters

context: KosmosUserContext<object> & { src?: string; }

type: string

action: string

Returns void

compareAuthorisationDecision

Parameters

cedarAccessDecision: Object

kosmosAccessDecision: boolean

Returns boolean

getConditions

Parameters

context: KosmosUserContext<object>

type: string

action: string

Returns undefined | RuntimeFilter

getServiceContext

Parameters

context: KosmosUserContext<object>

Returns { accessKeys?: string[]; contextStorage?: object; iss?: string; queryCache?: QueryCacheContext; tenant: string; user: string; user_email: string; user_roles: string[]; }

Optional accessKeys?: string[]

Optional contextStorage?: object

Optional iss?: string

Optional queryCache?: QueryCacheContext

tenant: string

user: string

user_email: string

user_roles: string[]

isAuthorisedToCreateEdge

Parameters

context: KosmosUserContext<object> & { src?: string; }

principal: Object

resource: Object

sourceVertex: Object

destinationVertex: Object

properties: Object

dataSourceWrapper: DataSourceWrapper

connectToVertices: never[] = []

Returns Promise<{ action: string; decision: Object; error?: undefined; principal: Object; resource: Object; } | { action: string; decision: boolean; error: unknown; principal: Object; resource: Object; }>

isAuthorisedToCreateVertex

Parameters

context: KosmosUserContext<object> & { src?: string; }

principal: Object

resource: Object

requestData: Object

connectToVertices: ConnectionToAdd[]

dataSourceWrapper: DataSourceWrapper

Returns Promise<{ action: string; decision: Object; error?: undefined; principal: Object; resource: Object; } | { action: string; decision: boolean; error: unknown; principal: Object; resource: Object; }>

isAuthorisedToDeleteEdge

Parameters

context: KosmosUserContext<object> & { src?: string; }

principal: Object

resource: Object

sourceVertex: Object

`Protected` _accessValidator

`Private` `Optional` _knownActions

`Protected` _rolesMgr

`Protected` _runtimeConfig

`Readonly` hooks

`Private` knownActions

context: KosmosUserContext<object> & {
src?: string;
}

Returns {
accessKeys?: string[];
contextStorage?: object;
iss?: string;
queryCache?: QueryCacheContext;
tenant: string;
user: string;
user_email: string;
user_roles: string[];
}

`Optional` accessKeys?: string[]

`Optional` contextStorage?: object

`Optional` iss?: string

`Optional` queryCache?: QueryCacheContext

context: KosmosUserContext<object> & {
src?: string;
}

Returns Promise<{
action: string;
decision: Object;
error?: undefined;
principal: Object;
resource: Object;
} | {
action: string;
decision: boolean;
error: unknown;
principal: Object;
resource: Object;
}>

context: KosmosUserContext<object> & {
src?: string;
}

Returns Promise<{
action: string;
decision: Object;
error?: undefined;
principal: Object;
resource: Object;
} | {
action: string;
decision: boolean;
error: unknown;
principal: Object;
resource: Object;
}>

context: KosmosUserContext<object> & {
src?: string;
}

Returns Promise<{
action: string;
decision: Object;
error?: undefined;
principal: Object;
resource: Object;
} | {
action: string;
decision: boolean;
error: unknown;
principal: Object;
resource: Object;
}>

context: KosmosUserContext<object> & {
src?: string;
}

Returns Promise<{
action: string;
decision: Object;
error?: undefined;
principal: Object;
resource: Object;
} | {
action: string;
decision: boolean;
error: unknown;
principal: Object;
resource: Object;
}>

context: KosmosUserContext<object> & {
src?: string;
}

context: KosmosUserContext<object> & {
src?: string;
}

Returns Promise<{
action: string;
decision: Object;
error?: undefined;
principal: Object;
resource: Object;
} | {
action: string;
decision: boolean;
error: unknown;
principal: Object;
resource: Object;
}>

context: KosmosUserContext<object> & {
src?: string;
}

Returns Promise<{
action: string;
decision: Object;
error?: undefined;
principal: Object;
resource: Object;
} | {
action: string;
decision: boolean;
error: unknown;
principal: Object;
resource: Object;
}>