new ACL()
A Model for access control meta data.
System grants permissions to principals (users/applications, can be grouped
into roles).
Protected resource: the model data and operations
(model/property/method/relation/…)
For a given principal, such as client application and/or user, is it allowed
to access (read/write/execute)
the protected resource?
Properties:
| Name | Type | Description | ||||||
|---|---|---|---|---|---|---|---|---|
model |
String | Name of the model. | ||||||
property |
String | Name of the property, method, scope, or relation. | ||||||
accessType |
String | Type of access being granted: one of READ, WRITE, or EXECUTE. | ||||||
permission |
String | Type of permission granted. One of: - ALARM: Generate an alarm, in a system-dependent way, the access specified in the permissions component of the ACL entry. - ALLOW: Explicitly grants access to the resource. - AUDIT: Log, in a system-dependent way, the access specified in the permissions component of the ACL entry. - DENY: Explicitly denies access to the resource. | ||||||
principalType |
String | Type of the principal; one of: APPLICATION, USER, ROLE. | ||||||
principalId |
String | ID of the principal - such as appId, userId or roleId. | ||||||
settings |
Object | Extends the `Model.settings` object.
Properties
|
- Source:
Methods
isAllowed(defaultPermission) → {Boolean}
Test if ACL's permission is ALLOW
Parameters:
| Name | Type | Description |
|---|---|---|
defaultPermission |
String | The default permission to apply if missing in ACL instance |
- Source:
Returns:
true if ACL permission is ALLOW
- Type
- Boolean
score(req) → {Number}
Get matching score for the given `AccessRequest`.
Parameters:
| Name | Type | Description |
|---|---|---|
req |
AccessRequest | The request |
- Source:
Returns:
score
- Type
- Number
(static) getMatchingScore(rule, req) → {Number}
Calculate the matching score for the given rule and request
Parameters:
| Name | Type | Description |
|---|---|---|
rule |
ACL | The ACL entry |
req |
AccessRequest | The request |
- Source:
Returns:
- Type
- Number
(static) isAllowed(permission, defaultPermission) → {Boolean}
Test if ACL's permission is ALLOW
Parameters:
| Name | Type | Description |
|---|---|---|
permission |
String | The permission to test, expects one of 'ALLOW', 'DENY', 'DEFAULT' |
defaultPermission |
String | The default permission to apply if not providing a finite one in the permission parameter |
- Source:
Returns:
true if ACL permission is ALLOW
- Type
- Boolean