UNPKG

24.8 kBJavaScriptView Raw
1"use strict";
2Object.defineProperty(exports, "__esModule", { value: true });
3exports.createAuthXExplanations = void 0;
4const explanations_1 = require("./util/explanations");
5const scopes_1 = require("./util/scopes");
6function createAuthXExplanations(realm = {
7 authx: "authx"
8}) {
9 // Authority
10 const commonAuthorityActions = {
11 [scopes_1.createV2AuthXScopeAction({
12 basic: "r",
13 details: ""
14 })]: "read the basic fields of",
15 [scopes_1.createV2AuthXScopeAction({
16 basic: "r",
17 details: "r"
18 })]: "read potentially sensitive details of",
19 [scopes_1.createV2AuthXScopeAction({
20 basic: "r",
21 details: "*"
22 })]: "read all fields of",
23 [scopes_1.createV2AuthXScopeAction({
24 basic: "w",
25 details: ""
26 })]: "write basic fields for",
27 [scopes_1.createV2AuthXScopeAction({
28 basic: "w",
29 details: "w"
30 })]: "write potentially sensitive details for",
31 [scopes_1.createV2AuthXScopeAction({
32 basic: "w",
33 details: "*"
34 })]: "write all fields of",
35 [scopes_1.createV2AuthXScopeAction({
36 basic: "*",
37 details: "*"
38 })]: "read and write all fields of"
39 };
40 const authority = [
41 [
42 realm,
43 {
44 [scopes_1.createV2AuthXScopeContext({
45 type: "authority",
46 authorityId: "(authority_id)"
47 })]: 'the authority with id "(authority_id)"'
48 },
49 commonAuthorityActions
50 ],
51 [
52 realm,
53 {
54 [scopes_1.createV2AuthXScopeContext({
55 type: "authority",
56 authorityId: ""
57 })]: "a new authority",
58 [scopes_1.createV2AuthXScopeContext({
59 type: "authority",
60 authorityId: "*"
61 })]: "any new or existing authority"
62 },
63 {
64 ...commonAuthorityActions,
65 [scopes_1.createV2AuthXScopeAction({
66 basic: "*",
67 details: "*"
68 })]: "create, read and write all fields of"
69 }
70 ]
71 ];
72 // Client
73 const commonClientActions = {
74 [scopes_1.createV2AuthXScopeAction({
75 basic: "r",
76 secrets: ""
77 })]: "read the basic fields of",
78 [scopes_1.createV2AuthXScopeAction({
79 basic: "r",
80 secrets: "r"
81 })]: "read secrets of",
82 [scopes_1.createV2AuthXScopeAction({
83 basic: "r",
84 secrets: "*"
85 })]: "read all fields of",
86 [scopes_1.createV2AuthXScopeAction({
87 basic: "w",
88 secrets: ""
89 })]: "write basic fields for",
90 [scopes_1.createV2AuthXScopeAction({
91 basic: "w",
92 secrets: "w"
93 })]: "write secrets for",
94 [scopes_1.createV2AuthXScopeAction({
95 basic: "w",
96 secrets: "*"
97 })]: "write all fields of",
98 [scopes_1.createV2AuthXScopeAction({
99 basic: "*",
100 secrets: "*"
101 })]: "read and write all fields of"
102 };
103 const client = [
104 [
105 realm,
106 {
107 [scopes_1.createV2AuthXScopeContext({
108 type: "client",
109 clientId: "(client_id)"
110 })]: 'the client with id "(client_id)"',
111 [scopes_1.createV2AuthXScopeContext({
112 type: "client",
113 clientId: "{current_client_id}"
114 })]: "the current client"
115 },
116 commonClientActions
117 ],
118 [
119 realm,
120 {
121 [scopes_1.createV2AuthXScopeContext({
122 type: "client",
123 clientId: ""
124 })]: "a new client",
125 [scopes_1.createV2AuthXScopeContext({
126 type: "client",
127 clientId: "*"
128 })]: "any new or existing client"
129 },
130 {
131 ...commonClientActions,
132 [scopes_1.createV2AuthXScopeAction({
133 basic: "*",
134 secrets: "*"
135 })]: "create, read and write all fields of"
136 }
137 ]
138 ];
139 // Role
140 const commonRoleActions = {
141 [scopes_1.createV2AuthXScopeAction({
142 basic: "r",
143 scopes: "",
144 users: ""
145 })]: "read the basic fields of",
146 [scopes_1.createV2AuthXScopeAction({
147 basic: "r",
148 scopes: "r",
149 users: ""
150 })]: "read scopes of",
151 [scopes_1.createV2AuthXScopeAction({
152 basic: "r",
153 scopes: "",
154 users: "r"
155 })]: "read users of",
156 [scopes_1.createV2AuthXScopeAction({
157 basic: "r",
158 scopes: "*",
159 users: "*"
160 })]: "read all fields of",
161 [scopes_1.createV2AuthXScopeAction({
162 basic: "w",
163 scopes: "",
164 users: ""
165 })]: "write basic fields for",
166 [scopes_1.createV2AuthXScopeAction({
167 basic: "w",
168 scopes: "r",
169 users: ""
170 })]: "write scopes for",
171 [scopes_1.createV2AuthXScopeAction({
172 basic: "w",
173 scopes: "",
174 users: "r"
175 })]: "write users for",
176 [scopes_1.createV2AuthXScopeAction({
177 basic: "w",
178 scopes: "*",
179 users: "*"
180 })]: "write all fields of",
181 [scopes_1.createV2AuthXScopeAction({
182 basic: "*",
183 scopes: "*",
184 users: "*"
185 })]: "read and write all fields of"
186 };
187 const role = [
188 [
189 realm,
190 {
191 [scopes_1.createV2AuthXScopeContext({
192 type: "role",
193 roleId: "(role_id)"
194 })]: 'the role with id "(role_id)"'
195 },
196 commonRoleActions
197 ],
198 [
199 realm,
200 {
201 [scopes_1.createV2AuthXScopeContext({
202 type: "role",
203 roleId: ""
204 })]: "a new role",
205 [scopes_1.createV2AuthXScopeContext({
206 type: "role",
207 roleId: "*"
208 })]: "any new or existing role"
209 },
210 {
211 ...commonRoleActions,
212 [scopes_1.createV2AuthXScopeAction({
213 basic: "*",
214 scopes: "*",
215 users: "*"
216 })]: "create, read and write all fields of"
217 }
218 ]
219 ];
220 // User
221 const commonUserActions = {
222 [scopes_1.createV2AuthXScopeAction({
223 basic: "r"
224 })]: "read the basic fields of",
225 [scopes_1.createV2AuthXScopeAction({
226 basic: "w"
227 })]: "write basic fields for",
228 [scopes_1.createV2AuthXScopeAction({
229 basic: "*"
230 })]: "read and write basic fields of"
231 };
232 const user = [
233 [
234 realm,
235 {
236 [scopes_1.createV2AuthXScopeContext({
237 type: "user",
238 userId: "(user_id)"
239 })]: 'the user with id "(user_id)"',
240 [scopes_1.createV2AuthXScopeContext({
241 type: "user",
242 userId: "{current_user_id}"
243 })]: "the current user"
244 },
245 commonUserActions
246 ],
247 [
248 realm,
249 {
250 [scopes_1.createV2AuthXScopeContext({
251 type: "user",
252 userId: ""
253 })]: "a new user",
254 [scopes_1.createV2AuthXScopeContext({
255 type: "user",
256 userId: "*"
257 })]: "any new or existing user"
258 },
259 {
260 ...commonUserActions,
261 [scopes_1.createV2AuthXScopeAction({
262 basic: "*"
263 })]: "create, read and write basic fields of"
264 }
265 ]
266 ];
267 // Credential
268 const credential = [
269 [
270 realm,
271 {
272 [scopes_1.createV2AuthXScopeContext({
273 type: "credential",
274 authorityId: "(authority_id)",
275 credentialId: "(credential_id)",
276 userId: "(user_id)"
277 })]: 'the credential with id "(credential_id)"',
278 [scopes_1.createV2AuthXScopeContext({
279 type: "credential",
280 authorityId: "(authority_id)",
281 credentialId: "*",
282 userId: "(user_id)"
283 })]: 'any new or existing credential belonging to both the user with id "(user_id)" and authority with id "(authority_id)"',
284 [scopes_1.createV2AuthXScopeContext({
285 type: "credential",
286 authorityId: "(authority_id)",
287 credentialId: "*",
288 userId: "{current_user_id}"
289 })]: 'any new or existing credential belonging to both the current user and authority with id "(authority_id)"',
290 [scopes_1.createV2AuthXScopeContext({
291 type: "credential",
292 authorityId: "*",
293 credentialId: "*",
294 userId: "(user_id)"
295 })]: 'any new or existing credential belonging to the user with id "(user_id)"',
296 [scopes_1.createV2AuthXScopeContext({
297 type: "credential",
298 authorityId: "*",
299 credentialId: "*",
300 userId: "{current_user_id}"
301 })]: "any new or existing credential belonging to the current user",
302 [scopes_1.createV2AuthXScopeContext({
303 type: "credential",
304 authorityId: "(authority_id)",
305 credentialId: "*",
306 userId: "*"
307 })]: 'any new or existing credential belonging to the authority with id "(authority_id)"',
308 [scopes_1.createV2AuthXScopeContext({
309 type: "credential",
310 authorityId: "*",
311 credentialId: "*",
312 userId: "*"
313 })]: "any new or existing credential"
314 },
315 {
316 [scopes_1.createV2AuthXScopeAction({
317 basic: "r",
318 details: ""
319 })]: "read the basic fields of",
320 [scopes_1.createV2AuthXScopeAction({
321 basic: "r",
322 details: "r"
323 })]: "read potentially sensitive details of",
324 [scopes_1.createV2AuthXScopeAction({
325 basic: "r",
326 details: "*"
327 })]: "read all fields of",
328 [scopes_1.createV2AuthXScopeAction({
329 basic: "w",
330 details: ""
331 })]: "write basic fields for",
332 [scopes_1.createV2AuthXScopeAction({
333 basic: "w",
334 details: "w"
335 })]: "write potentially sensitive details for",
336 [scopes_1.createV2AuthXScopeAction({
337 basic: "w",
338 details: "*"
339 })]: "write all fields of",
340 [scopes_1.createV2AuthXScopeAction({
341 basic: "*",
342 details: "*"
343 })]: "create, read and write all fields of"
344 }
345 ]
346 ];
347 const grant = [
348 // Grant
349 [
350 realm,
351 {
352 [scopes_1.createV2AuthXScopeContext({
353 type: "grant",
354 clientId: "(client_id)",
355 grantId: "(grant_id)",
356 userId: "(user_id)"
357 })]: 'the grant with id "(grant_id)"',
358 [scopes_1.createV2AuthXScopeContext({
359 type: "grant",
360 clientId: "{current_client_id}",
361 grantId: "{current_grant_id}",
362 userId: "{current_user_id}"
363 })]: "the current grant",
364 [scopes_1.createV2AuthXScopeContext({
365 type: "grant",
366 clientId: "(client_id)",
367 grantId: "*",
368 userId: "(user_id)"
369 })]: 'any new or existing grant belonging to both the user with id "(user_id)" and the client with id "(client_id)"',
370 [scopes_1.createV2AuthXScopeContext({
371 type: "grant",
372 clientId: "{current_client_id}",
373 grantId: "*",
374 userId: "{current_user_id}"
375 })]: "any new or existing grant belonging to both the current user and the current client",
376 [scopes_1.createV2AuthXScopeContext({
377 type: "grant",
378 clientId: "(client_id)",
379 grantId: "*",
380 userId: "{current_user_id}"
381 })]: 'any new or existing grant belonging to both the current user and the client with id "(client_id)"',
382 [scopes_1.createV2AuthXScopeContext({
383 type: "grant",
384 clientId: "{current_client_id}",
385 grantId: "*",
386 userId: "(user_id)"
387 })]: 'any new or existing grant belonging to both the user with id "(user_id)" and the current client',
388 [scopes_1.createV2AuthXScopeContext({
389 type: "grant",
390 clientId: "*",
391 grantId: "*",
392 userId: "(user_id)"
393 })]: 'any new or existing grant belonging to the user with id "(user_id)"',
394 [scopes_1.createV2AuthXScopeContext({
395 type: "grant",
396 clientId: "*",
397 grantId: "*",
398 userId: "{current_user_id}"
399 })]: "any new or existing grant belonging to the current user",
400 [scopes_1.createV2AuthXScopeContext({
401 type: "grant",
402 clientId: "(client_id)",
403 grantId: "*",
404 userId: "*"
405 })]: 'any new or existing grant belonging to the client with id "(client_id)"',
406 [scopes_1.createV2AuthXScopeContext({
407 type: "grant",
408 clientId: "{current_client_id}",
409 grantId: "*",
410 userId: "*"
411 })]: "any new or existing grant belonging to the current client",
412 [scopes_1.createV2AuthXScopeContext({
413 type: "grant",
414 clientId: "*",
415 grantId: "*",
416 userId: "*"
417 })]: "any new or existing grant"
418 },
419 {
420 [scopes_1.createV2AuthXScopeAction({
421 basic: "r",
422 scopes: "",
423 secrets: ""
424 })]: "read the basic fields of",
425 [scopes_1.createV2AuthXScopeAction({
426 basic: "r",
427 scopes: "r",
428 secrets: ""
429 })]: "read scopes of",
430 [scopes_1.createV2AuthXScopeAction({
431 basic: "r",
432 scopes: "",
433 secrets: "r"
434 })]: "read secrets of",
435 [scopes_1.createV2AuthXScopeAction({
436 basic: "r",
437 scopes: "*",
438 secrets: "*"
439 })]: "read all fields of",
440 [scopes_1.createV2AuthXScopeAction({
441 basic: "w",
442 scopes: "",
443 secrets: ""
444 })]: "write basic fields for",
445 [scopes_1.createV2AuthXScopeAction({
446 basic: "w",
447 scopes: "w",
448 secrets: ""
449 })]: "write scopes for",
450 [scopes_1.createV2AuthXScopeAction({
451 basic: "w",
452 scopes: "",
453 secrets: "w"
454 })]: "write secrets for",
455 [scopes_1.createV2AuthXScopeAction({
456 basic: "w",
457 scopes: "*",
458 secrets: "*"
459 })]: "write all fields for",
460 [scopes_1.createV2AuthXScopeAction({
461 basic: "*",
462 scopes: "*",
463 secrets: "*"
464 })]: "create, read and write all fields for"
465 }
466 ]
467 ];
468 // Authorization
469 const authorization = [
470 [
471 realm,
472 {
473 [scopes_1.createV2AuthXScopeContext({
474 type: "authorization",
475 authorizationId: "(authorization_id)",
476 clientId: "(client_id)",
477 grantId: "(grant_id)",
478 userId: "(user_id)"
479 })]: 'the authorization with id "(authorization_id)',
480 [scopes_1.createV2AuthXScopeContext({
481 type: "authorization",
482 authorizationId: "{current_authorization_id}",
483 clientId: "{current_client_id}",
484 grantId: "{current_grant_id}",
485 userId: "{current_user_id}"
486 })]: "the current authorization",
487 [scopes_1.createV2AuthXScopeContext({
488 type: "authorization",
489 authorizationId: "*",
490 clientId: "(client_id)",
491 grantId: "(grant_id)",
492 userId: "(user_id)"
493 })]: 'any new or existing authorization belonging to the grant with id "(grant_id)"',
494 [scopes_1.createV2AuthXScopeContext({
495 type: "authorization",
496 authorizationId: "*",
497 clientId: "{current_client_id}",
498 grantId: "{current_grant_id}",
499 userId: "{current_user_id}"
500 })]: "any new or existing authorization belonging to the current grant",
501 [scopes_1.createV2AuthXScopeContext({
502 type: "authorization",
503 authorizationId: "*",
504 clientId: "(client_id)",
505 grantId: "*",
506 userId: "(user_id)"
507 })]: 'any new or existing authorization belonging to both the user with id "(user_id)" and the client with id "(client_id)"',
508 [scopes_1.createV2AuthXScopeContext({
509 type: "authorization",
510 authorizationId: "*",
511 clientId: "{current_client_id}",
512 grantId: "*",
513 userId: "{current_user_id}"
514 })]: "any new or existing authorization belonging to both the current user and the current client",
515 [scopes_1.createV2AuthXScopeContext({
516 type: "authorization",
517 authorizationId: "*",
518 clientId: "{current_client_id}",
519 grantId: "*",
520 userId: "(user_id)"
521 })]: 'any new or existing authorization belonging to both the user with id "(user_id)" and the current client',
522 [scopes_1.createV2AuthXScopeContext({
523 type: "authorization",
524 authorizationId: "*",
525 clientId: "(client_id)",
526 grantId: "*",
527 userId: "{current_user_id}"
528 })]: 'any new or existing authorization belonging to both the current user and the client with id "(client_id)"',
529 [scopes_1.createV2AuthXScopeContext({
530 type: "authorization",
531 authorizationId: "*",
532 clientId: "(client_id)",
533 grantId: "*",
534 userId: "*"
535 })]: 'any new or existing authorization belonging to the client with id "(client_id)"',
536 [scopes_1.createV2AuthXScopeContext({
537 type: "authorization",
538 authorizationId: "*",
539 clientId: "{current_client_id}",
540 grantId: "*",
541 userId: "*"
542 })]: "any new or existing authorization belonging to the current client",
543 [scopes_1.createV2AuthXScopeContext({
544 type: "authorization",
545 authorizationId: "*",
546 clientId: "*",
547 grantId: "*",
548 userId: "(user_id)"
549 })]: 'any new or existing authorization belonging to the user with id "(user_id)"',
550 [scopes_1.createV2AuthXScopeContext({
551 type: "authorization",
552 authorizationId: "*",
553 clientId: "*",
554 grantId: "*",
555 userId: "{current_user_id}"
556 })]: "any new or existing authorization belonging to the current user",
557 [scopes_1.createV2AuthXScopeContext({
558 type: "authorization",
559 authorizationId: "*",
560 clientId: "*",
561 grantId: "*",
562 userId: "*"
563 })]: "any new or existing authorization"
564 },
565 {
566 [scopes_1.createV2AuthXScopeAction({
567 basic: "r",
568 scopes: "",
569 secrets: ""
570 })]: "read the basic fields of",
571 [scopes_1.createV2AuthXScopeAction({
572 basic: "r",
573 scopes: "r",
574 secrets: ""
575 })]: "read scopes of",
576 [scopes_1.createV2AuthXScopeAction({
577 basic: "r",
578 scopes: "",
579 secrets: "r"
580 })]: "read secrets of",
581 [scopes_1.createV2AuthXScopeAction({
582 basic: "r",
583 scopes: "*",
584 secrets: "*"
585 })]: "read all fields of",
586 [scopes_1.createV2AuthXScopeAction({
587 basic: "w",
588 scopes: "",
589 secrets: ""
590 })]: "write basic fields for",
591 [scopes_1.createV2AuthXScopeAction({
592 basic: "w",
593 scopes: "w",
594 secrets: ""
595 })]: "write scopes for",
596 [scopes_1.createV2AuthXScopeAction({
597 basic: "w",
598 scopes: "",
599 secrets: "w"
600 })]: "write secrets for",
601 [scopes_1.createV2AuthXScopeAction({
602 basic: "w",
603 scopes: "*",
604 secrets: "*"
605 })]: "write all fields for",
606 [scopes_1.createV2AuthXScopeAction({
607 basic: "*",
608 scopes: "*",
609 secrets: "*"
610 })]: "create, read and write all fields for"
611 }
612 ]
613 ];
614 return explanations_1.generate([
615 ...authority,
616 ...client,
617 ...role,
618 ...user,
619 ...credential,
620 ...grant,
621 ...authorization,
622 [
623 realm,
624 { "v2.*.*.*.*.*.*.*.*": "any new or existing entity" },
625 {
626 "r....": "read the basic fields of",
627 "r..r..": "read scopes of",
628 "r....r": "read users of",
629 "w....": "write basic fields for",
630 "w..w..": "write scopes for",
631 "w....w": "write users for",
632 "r.r...": "read potentially sensitive details of",
633 "w.w...": "write potentially sensitive details for",
634 "r...r.": "read secrets of",
635 "w...w.": "read secrets of",
636 "r.*.*.*.*": "read all fields of",
637 "w.*.*.*.*": "write all fields for",
638 "*.*.*.*.*": "create, read, and write all fields for"
639 }
640 ]
641 ]);
642}
643exports.createAuthXExplanations = createAuthXExplanations;
644//# sourceMappingURL=explanations.js.map
\No newline at end of file