carbond.security.EndpointAcl

extends Acl

EndpointAcl description

Instance Properties

entries
AclEntry[]
Inherited fromAcl
Default []
Description description An array of ACL descriptors. Each descriptor provides the mechanism to match against a user object by ID or group membership and determine the whether or not a request is allowed for the user and operation using some predicate.
groupDefinitions
Object.<string, (function()|string)>
Inherited fromAcl
Default {}
Description This is mapping of group names to “extractors”. An extractor can be a function or a string. If it is a function, it should take a user object as its sole argument and return the group name as a string. Otherwise, it should be a string in property path notation (e.g., “foo.bar.baz”).
permissionDefinitions
object
Required
Description mapping of permissions to defaults
selfAndBelow
boolean
Default false
Description xxx

Methods

and
Inherited fromAcl
Arguments
  • acl (Acl) – The second ACL
Return type Acl
Description Generates an ACL that is the logical conjunction of this ACL and a second ACL
hasPermission
Inherited fromAcl
Arguments
  • user (Object) – A user object
  • permission (string) – The name of the operation being authorized
  • env (Object.<string, Object>) – Request context (e.g., {req: req})
Throws Error
Returns Whether or not the request is authorized
Return type boolean
Description Determines whether the current request is allowed based on the current user (as returned by authenticate) and operation
or
Inherited fromAcl
Arguments
  • acl (Acl) – The second ACL
Return type Acl
Description or Generates an ACL that is the logical disjunction of this ACL and a second ACL