You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
131 lines
4.3 KiB
131 lines
4.3 KiB
import { GetWacRuleSuccess } from "./results/GetWacRuleSuccess.js";
|
|
import { AuthorizationShapeType } from "../.ldo/wac.shapeTypes.js";
|
|
import type { AccessModeList, WacRule } from "./WacRule.js";
|
|
import type { Authorization } from "../.ldo/wac.typings.js";
|
|
import { WacRuleAbsent } from "./results/WacRuleAbsent.js";
|
|
import {
|
|
HttpErrorResult,
|
|
type HttpErrorResultType,
|
|
} from "../requester/results/error/HttpErrorResult.js";
|
|
import { NoncompliantPodError } from "../requester/results/error/NoncompliantPodError.js";
|
|
import type { UnexpectedResourceError } from "@ldo/connected";
|
|
import type { SolidLeaf } from "../resources/SolidLeaf.js";
|
|
import type { SolidContainer } from "../resources/SolidContainer.js";
|
|
import { guaranteeFetch } from "../util/guaranteeFetch.js";
|
|
import type { BasicRequestOptions } from "../requester/requests/requestOptions.js";
|
|
import { rawTurtleToDataset } from "../util/rdfUtils.js";
|
|
|
|
export type GetWacRuleError<ResourceType extends SolidContainer | SolidLeaf> =
|
|
| HttpErrorResultType<ResourceType>
|
|
| NoncompliantPodError<ResourceType>
|
|
| UnexpectedResourceError<ResourceType>;
|
|
|
|
export type GetWacRuleResult<ResourceType extends SolidContainer | SolidLeaf> =
|
|
| GetWacRuleSuccess<ResourceType>
|
|
| GetWacRuleError<ResourceType>
|
|
| WacRuleAbsent<ResourceType>;
|
|
|
|
/**
|
|
* Given the URI of an ACL document, return the Web Access Control (WAC) rules
|
|
* @param aclUri: The URI for the ACL document
|
|
* @param options: Options object to include an authenticated fetch function
|
|
* @returns GetWacRuleResult
|
|
*/
|
|
export async function getWacRuleWithAclUri(
|
|
aclUri: string,
|
|
resource: SolidContainer,
|
|
options?: BasicRequestOptions,
|
|
): Promise<GetWacRuleResult<SolidContainer>>;
|
|
export async function getWacRuleWithAclUri(
|
|
aclUri: string,
|
|
resource: SolidLeaf,
|
|
options?: BasicRequestOptions,
|
|
): Promise<GetWacRuleResult<SolidLeaf>>;
|
|
export async function getWacRuleWithAclUri(
|
|
aclUri: string,
|
|
resource: SolidLeaf | SolidContainer,
|
|
options?: BasicRequestOptions,
|
|
): Promise<GetWacRuleResult<SolidLeaf | SolidContainer>>;
|
|
export async function getWacRuleWithAclUri(
|
|
aclUri: string,
|
|
resource: SolidLeaf | SolidContainer,
|
|
options?: BasicRequestOptions,
|
|
): Promise<GetWacRuleResult<SolidLeaf | SolidContainer>> {
|
|
const fetch = guaranteeFetch(options?.fetch);
|
|
const response = await fetch(aclUri);
|
|
const errorResult = HttpErrorResult.checkResponse(resource, response);
|
|
if (errorResult) return errorResult;
|
|
|
|
if (response.status === 404) {
|
|
return new WacRuleAbsent(resource);
|
|
}
|
|
|
|
// Parse Turtle
|
|
const rawTurtle = await response.text();
|
|
const rawTurtleResult = await rawTurtleToDataset(rawTurtle, aclUri);
|
|
if (rawTurtleResult instanceof Error)
|
|
return new NoncompliantPodError(resource, rawTurtleResult.message);
|
|
const dataset = rawTurtleResult;
|
|
const authorizations = dataset
|
|
.usingType(AuthorizationShapeType)
|
|
.matchSubject(
|
|
"http://www.w3.org/1999/02/22-rdf-syntax-ns#type",
|
|
"http://www.w3.org/ns/auth/acl#Authorization",
|
|
);
|
|
|
|
const wacRule: WacRule = {
|
|
public: {
|
|
read: false,
|
|
write: false,
|
|
append: false,
|
|
control: false,
|
|
},
|
|
authenticated: {
|
|
read: false,
|
|
write: false,
|
|
append: false,
|
|
control: false,
|
|
},
|
|
agent: {},
|
|
};
|
|
|
|
function applyAccessModesToList(
|
|
accessModeList: AccessModeList,
|
|
authorization: Authorization,
|
|
): void {
|
|
authorization.mode?.forEach((mode) => {
|
|
accessModeList[mode["@id"].toLowerCase()] = true;
|
|
});
|
|
}
|
|
|
|
authorizations.forEach((authorization) => {
|
|
if (
|
|
authorization.agentClass?.some(
|
|
(agentClass) => agentClass["@id"] === "Agent",
|
|
)
|
|
) {
|
|
applyAccessModesToList(wacRule.public, authorization);
|
|
applyAccessModesToList(wacRule.authenticated, authorization);
|
|
}
|
|
if (
|
|
authorization.agentClass?.some(
|
|
(agentClass) => agentClass["@id"] === "AuthenticatedAgent",
|
|
)
|
|
) {
|
|
applyAccessModesToList(wacRule.authenticated, authorization);
|
|
}
|
|
authorization.agent?.forEach((agent) => {
|
|
if (!wacRule.agent[agent["@id"]]) {
|
|
wacRule.agent[agent["@id"]] = {
|
|
read: false,
|
|
write: false,
|
|
append: false,
|
|
control: false,
|
|
};
|
|
}
|
|
applyAccessModesToList(wacRule.agent[agent["@id"]], authorization);
|
|
});
|
|
});
|
|
|
|
return new GetWacRuleSuccess(resource, wacRule);
|
|
}
|
|
|