Class: ACL
ACL
A Model for access control meta data.
System grants permissions to principals (users/applications, can be grouped into roles).
Protected resource: the model data and operations (model/property/method/relation/…)
For a given principal, such as client application and/or user, is it allowed to access (read/write/execute) the protected resource?
Name | Type | Description |
---|---|---|
model |
String
|
Name of the model. |
property |
String
|
Name of the property, method, scope, or relation. |
accessType |
String
|
Type of access being granted: one of READ, WRITE, or EXECUTE. |
permission |
String
|
Type of permission granted. One of:
|
principalType |
String
|
Type of the principal; one of: Application, Use, Role. |
principalId |
String
|
ID of the principal - such as appId, userId or roleId. |
settings |
Object
|
Extends the |
settings.defaultPermission |
String
|
Default permission setting: ALLOW, DENY, ALARM, or AUDIT. Default is ALLOW. Set to DENY to prohibit all API access by default. |
ACL.checkAccessForContext(context, callback)
Check if the request has the permission to access.
Name | Type | Description |
---|---|---|
context |
Object
|
See below. |
callback |
Function
|
Callback function |
Name | Type | Description |
---|---|---|
principals |
Array.<Object>
|
An array of principals. |
model |
String or Model
|
The model name or model class. |
id |
|
The model instance ID. |
property |
String
|
The property/method/relation name. |
accessType |
String
|
The access type: READ, REPLICATE, WRITE, or EXECUTE. |
ACL.checkAccessForToken(token, model, modelId, method, callback)
Check if the given access token can invoke the method
Name | Type | Description |
---|---|---|
token |
AccessToken
|
The access token |
model |
String
|
The model name |
modelId |
|
The model id |
method |
String
|
The method name |
callback |
Function
|
Callback function |
Name | Type | Description |
---|---|---|
err |
String or Error
|
The error object |
allowed |
Boolean
|
is the request allowed |
ACL.checkPermission(principalType, principalId, model, property, accessType, callback)
Check if the given principal is allowed to access the model/property
Name | Type | Description |
---|---|---|
principalType |
String
|
The principal type. |
principalId |
String
|
The principal ID. |
model |
String
|
The model name. |
property |
String
|
The property/method/relation name. |
accessType |
String
|
The access type. |
callback |
Function
|
Callback function. |
Name | Type | Description |
---|---|---|
err |
String or Error
|
The error object |
result |
AccessRequest
|
The access permission |
ACL.getMatchingScore(rule, req)
Calculate the matching score for the given rule and request
Name | Type | Description |
---|---|---|
rule |
ACL
|
The ACL entry |
req |
AccessRequest
|
The request |
Name | Type | Description |
---|---|---|
result |
Number
|
ACL.isMappedToRole(principalType, principalId, role, cb)
Check if the given principal is mapped to the role
Name | Type | Description |
---|---|---|
principalType |
String
|
Principal type |
principalId |
String
|
Principal id/name |
role |
String
|
Role id/name |
cb |
Function
|
Callback function |
ACL.resolvePrincipal(type, id, cb)
Resolve a principal by type/id
Name | Type | Description |
---|---|---|
type |
String
|
Principal type - ROLE/APP/USER |
id |
String or Number
|
Principal id or name |
cb |
Function
|
Callback function |
aCL.score(req)
Get matching score for the given AccessRequest
.
Name | Type | Description |
---|---|---|
req |
AccessRequest
|
The request |
Name | Type | Description |
---|---|---|
result |
Number
|
score |