Skip to content

Commit 4bb1b8f

Browse files
RubenVerborghRubenVerborgh
committed
Pass permission set to checkAccess.
1 parent fa23c82 commit 4bb1b8f

File tree

2 files changed

+15
-36
lines changed

2 files changed

+15
-36
lines changed

lib/acl-checker.js

Lines changed: 9 additions & 33 deletions
Original file line numberDiff line numberDiff line change
@@ -26,17 +26,10 @@ class ACLChecker {
2626

2727
// Check the permissions within the nearest ACL
2828
return this.getNearestACL(resource)
29-
.then(({ acl, graph, isContainer }) =>
30-
this.checkAccess(
31-
graph, // The ACL graph
32-
user, // The webId of the user
33-
mode, // Read/Write/Append
34-
resource, // The resource we want to access
35-
isContainer,
36-
acl, // The current Acl file!
37-
options
38-
)
39-
)
29+
.then(nearestAcl => {
30+
const acls = this.getPermissionSet(nearestAcl, resource, options)
31+
return this.checkAccess(acls, user, mode, resource)
32+
})
4033
.then(() => { debug('ACL policy found') })
4134
.catch(err => {
4235
debug(`Error: ${err.message}`)
@@ -95,32 +88,15 @@ class ACLChecker {
9588
return urls
9689
}
9790

98-
/**
99-
* Tests whether a graph (parsed .acl resource) allows a given operation
100-
* for a given user. Calls the provided callback with `null` if the user
101-
* has access, otherwise calls it with an error.
102-
* @method checkAccess
103-
* @param graph {Graph} Parsed RDF graph of current .acl resource
104-
* @param user {String} WebID URI of the user accessing the resource
105-
* @param mode {String} Access mode, e.g. 'Read', 'Write', etc.
106-
* @param resource {String} URI of the resource being accessed
107-
* @param isContainer {boolean}
108-
* @param acl {String} URI of this current .acl resource
109-
* @param options {Object} Options hashmap
110-
* @param [options.origin] Request's `Origin:` header
111-
* @param [options.host] Request's host URI (with protocol)
112-
*/
113-
checkAccess (graph, user, mode, resource, isContainer, acl, options = {}) {
114-
const acls = this.getPermissionSet(graph, resource, isContainer, acl, options)
115-
116-
return acls.checkAccess(resource, user, mode)
91+
// Tests whether the permissions allow a given operation
92+
checkAccess (permissionSet, user, mode, resource) {
93+
return permissionSet.checkAccess(resource, user, mode)
11794
.then(hasAccess => {
11895
if (hasAccess) {
11996
this.debug(`${mode} access permitted to ${user}`)
12097
return true
12198
} else {
122-
this.debug(`${mode} access NOT permitted to ${user}` +
123-
this.strictOrigin ? ` and origin ${options.origin}` : '')
99+
this.debug(`${mode} access NOT permitted to ${user}`)
124100
throw new Error('ACL file found but no matching policy found')
125101
}
126102
})
@@ -132,7 +108,7 @@ class ACLChecker {
132108
}
133109

134110
// Gets the permission set for the given resource
135-
getPermissionSet (graph, resource, isContainer, acl, options = {}) {
111+
getPermissionSet ({ acl, graph, isContainer }, resource, options = {}) {
136112
const debug = this.debug
137113
if (!graph || graph.length === 0) {
138114
debug('ACL ' + acl + ' is empty')

test/unit/acl-checker-test.js

Lines changed: 6 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -29,7 +29,8 @@ describe('ACLChecker unit test', () => {
2929
let graph = {}
3030
let user, mode, resource, aclUrl
3131
let acl = new ACLChecker({ debug })
32-
return expect(acl.checkAccess(graph, user, mode, resource, true, aclUrl))
32+
let acls = acl.getPermissionSet({ graph, acl: aclUrl }, resource)
33+
return expect(acl.checkAccess(acls, user, mode, resource))
3334
.to.eventually.be.true
3435
})
3536
it('should callback with error on grant failure', () => {
@@ -39,7 +40,8 @@ describe('ACLChecker unit test', () => {
3940
let graph = {}
4041
let user, mode, resource, aclUrl
4142
let acl = new ACLChecker({ debug })
42-
return expect(acl.checkAccess(graph, user, mode, resource, true, aclUrl))
43+
let acls = acl.getPermissionSet({ graph, acl: aclUrl }, resource)
44+
return expect(acl.checkAccess(acls, user, mode, resource))
4345
.to.be.rejectedWith('ACL file found but no matching policy found')
4446
})
4547
it('should callback with error on grant error', () => {
@@ -49,7 +51,8 @@ describe('ACLChecker unit test', () => {
4951
let graph = {}
5052
let user, mode, resource, aclUrl
5153
let acl = new ACLChecker({ debug })
52-
return expect(acl.checkAccess(graph, user, mode, resource, true, aclUrl))
54+
let acls = acl.getPermissionSet({ graph, acl: aclUrl }, resource)
55+
return expect(acl.checkAccess(acls, user, mode, resource))
5356
.to.be.rejectedWith('Error thrown during checkAccess()')
5457
})
5558
})

0 commit comments

Comments
 (0)