Page Menu
Home
Sealhub
Search
Configure Global Search
Log In
Files
F3010720
policy.ts
No One
Temporary
Actions
Download File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Size
2 KB
Referenced Files
None
Subscribers
None
policy.ts
View Options
import
Context
from
"../context"
;
import
Query
from
"../datastore/query"
;
import
{
AllowAll
}
from
"../datastore/allow-all"
;
import
{
CollectionItem
}
from
"../main"
;
export
type
PolicyDefinition
=
[
PolicyClass
,
any
]
|
Policy
|
PolicyClass
;
export
type
PolicyDecision
=
{
allowed
:
boolean
;
reason
:
string
;
}
|
null
;
export
type
PolicyClass
=
{
new
(
params
?:
any
)
:
Policy
;
type_name
:
string
;
};
export
default
abstract
class
Policy
{
static
type_name
:
string
;
constructor
(
public
params
:
any
=
{})
{
this
.
params
=
params
;
}
// return null if not possible to give an answer
abstract
checkerFunction
(
context
:
Context
,
item_getter
?:
()
=>
Promise
<
CollectionItem
<
any
>>
)
:
Promise
<
PolicyDecision
|
null
>
;
async
isItemSensitive
(
_
:
Context
)
{
return
false
;
}
protected
abstract
_getRestrictingQuery
(
context
:
Context
)
:
Promise
<
Query
>
;
async
getRestrictingQuery
(
context
:
Context
)
:
Promise
<
Query
>
{
if
(
context
.
is_super
)
{
return
new
AllowAll
();
}
return
this
.
_getRestrictingQuery
(
context
);
}
async
check
(
context
:
Context
,
item_getter
?:
()
=>
Promise
<
CollectionItem
<
any
>>
)
:
Promise
<
PolicyDecision
|
null
>
{
context
.
app
.
Logger
.
debug3
(
"POLICY"
,
`Checking policy`
,
{
this
:
this
,
context
,
},
1
);
if
(
context
.
is_super
)
{
return
Policy
.
allow
(
context
.
app
.
i18n
(
"policy_allow"
));
}
const
is_item_sensitive
=
await
this
.
isItemSensitive
(
context
);
if
(
is_item_sensitive
&&
item_getter
===
undefined
)
{
return
null
;
}
return
this
.
checkerFunction
(
context
,
item_getter
);
}
public
static
fromDefinition
(
definition
:
PolicyDefinition
)
:
Policy
{
let
ret
:
Policy
|
null
=
null
;
if
(
definition
instanceof
Policy
)
{
ret
=
definition
;
}
else
if
(
Array
.
isArray
(
definition
))
{
ret
=
new
definition
[
0
](
definition
[
1
]);
}
else
if
(
typeof
definition
==
"function"
)
{
ret
=
new
(
definition
as
PolicyClass
)({});
}
if
(
!
ret
)
{
throw
new
Error
(
"could not read the definition"
);
}
return
ret
;
}
static
allow
(
reason
:
string
)
{
return
{
allowed
:
true
,
reason
};
}
static
deny
(
reason
:
string
)
{
return
{
allowed
:
false
,
reason
};
}
}
export
abstract
class
ReducingPolicy
extends
Policy
{
policies
:
Policy
[];
constructor
(
params
:
Policy
[])
{
super
(
params
);
this
.
policies
=
params
.
map
((
definition
)
=>
Policy
.
fromDefinition
(
definition
)
);
}
checkAllPolicies
(
context
:
Context
,
item_getter
?:
()
=>
Promise
<
CollectionItem
>
)
:
Promise
<
PolicyDecision
[]
>
{
return
Promise
.
all
(
this
.
policies
.
map
((
strategy
)
=>
strategy
.
check
(
context
,
item_getter
)
)
);
}
}
File Metadata
Details
Attached
Mime Type
text/x-java
Expires
Wed, May 7, 19:46 (1 d, 4 h)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
661130
Default Alt Text
policy.ts (2 KB)
Attached To
Mode
rS Sealious
Attached
Detach File
Event Timeline
Log In to Comment