carbond.security.ObjectAcl

extends Acl

ObjectAcl description

Instance Properties

entries
AclEntry[]
Inherited fromAcl
Default []
Description description An array of ACL descriptors. Each descriptor provides the mechanism to match against a user object by ID or group membership and determine the whether or not a request is allowed for the user and operation using some predicate.
groupDefinitions
Object.<string, (function()|string)>
Inherited fromAcl
Default {}
Description This is mapping of group names to “extractors”. An extractor can be a function or a string. If it is a function, it should take a user object as its sole argument and return the group name as a string. Otherwise, it should be a string in property path notation (e.g., “foo.bar.baz”).
object
xxx
Required
Description xxx
ownerField
xxx
Required
Description xxx
permissionDefinitions
xxx
Required
Description xxx

Methods

and
Inherited fromAcl
Arguments
  • acl (Acl) – The second ACL
Return type Acl
Description Generates an ACL that is the logical conjunction of this ACL and a second ACL
doSanitize  
Arguments
  • value (xxx) – xxx
  • user (xxx) – xxx
  • filterArrays (xxx) – xxx
  • acl (xxx) – xxx
Returns xxx
Return type xxx
Description doSanitize description
doSanitizeArray  
Arguments
  • arr (xxx) – xxx
  • user (xxx) – xxx
  • filterArrays (xxx) – xxx
  • acl (xxx) – xxx
Throws Error xxx
Returns xxx
Return type xxx
Description doSanitizeArray
doSanitizeObject  
Arguments
  • obj (xxx) – xxx
  • user (xxx) – xxx
  • filterArrays (xxx) – xxx
  • acl (xxx) – xxx
Returns xxx
Return type xxx
Description doSanitizeObject description
hasPermission
Inherited fromAcl
Arguments
  • user (Object) – A user object
  • permission (string) – The name of the operation being authorized
  • env (Object.<string, Object>) – Request context (e.g., {req: req})
Throws Error
Returns Whether or not the request is authorized
Return type boolean
Description Determines whether the current request is allowed based on the current user (as returned by authenticate) and operation
isOwner  
Arguments
  • user (xxx) – xxx
  • object (xxx) – xxx
Returns xxx
Return type xxx
Description isOwner description
or
Inherited fromAcl
Arguments
  • acl (Acl) – The second ACL
Return type Acl
Description or Generates an ACL that is the logical disjunction of this ACL and a second ACL
sanitize  
Arguments
  • value (xxx) – xxx
  • user (xxx) – xxx
  • filterSingleValue (xxx) – xxx
  • filterArrays (xxx) – xxx
  • acl (xxx) – xxx
Throws Error xxx
Returns xxx
Return type xxx
Description Processes values such that if there exist objects with acls that deny read access, they will be forbidden or sanitized appropriately. If the value is an array of Objects, and there exists an Object in the array that has an __acl__ that denies read access, a 403 will be returned, unless filterArrayValues is true, in which case such objects will be removed from the result array If the value is an Object, and has an __acl__ that denies read access a 403 will be returned unless filterSingleValie is true (used by insert for example). XXX? If the value is an Object or array of Objects, all Objects returned will have properties denited byu an __acl__ removed such that the Objects returned are sanitized of any properties the user does not have permission to read
sanitize  
Arguments
  • user (xxx) – xxx
  • filterSingleValue (xxx) – xxx
  • filterArrays (xxx) – xxx
  • acl (xxx) – xxx
Returns xxx
Return type xxx
Description sanitize