1 | import {
|
2 | DomainDescriptionMap,
|
3 | generate,
|
4 | Explanation
|
5 | } from "./util/explanations";
|
6 |
|
7 | import {
|
8 | AuthorityAction,
|
9 | AuthorizationAction,
|
10 | ClientAction,
|
11 | CredentialAction,
|
12 | GrantAction,
|
13 | RoleAction,
|
14 | UserAction,
|
15 | AuthorityContext,
|
16 | AuthorizationContext,
|
17 | ClientContext,
|
18 | CredentialContext,
|
19 | GrantContext,
|
20 | RoleContext,
|
21 | UserContext,
|
22 | createV2AuthXScopeAction,
|
23 | createV2AuthXScopeContext
|
24 | } from "./util/scopes";
|
25 |
|
26 | export function createAuthXExplanations(
|
27 | realm: DomainDescriptionMap = {
|
28 | authx: "authx"
|
29 | }
|
30 | ): ReadonlyArray<Explanation> {
|
31 |
|
32 | const commonAuthorityActions = {
|
33 | [createV2AuthXScopeAction({
|
34 | basic: "r",
|
35 | details: ""
|
36 | } as AuthorityAction)]: "read the basic fields of",
|
37 | [createV2AuthXScopeAction({
|
38 | basic: "r",
|
39 | details: "r"
|
40 | } as AuthorityAction)]: "read potentially sensitive details of",
|
41 | [createV2AuthXScopeAction({
|
42 | basic: "r",
|
43 | details: "*"
|
44 | } as AuthorityAction)]: "read all fields of",
|
45 | [createV2AuthXScopeAction({
|
46 | basic: "w",
|
47 | details: ""
|
48 | } as AuthorityAction)]: "write basic fields for",
|
49 | [createV2AuthXScopeAction({
|
50 | basic: "w",
|
51 | details: "w"
|
52 | } as AuthorityAction)]: "write potentially sensitive details for",
|
53 | [createV2AuthXScopeAction({
|
54 | basic: "w",
|
55 | details: "*"
|
56 | } as AuthorityAction)]: "write all fields of",
|
57 | [createV2AuthXScopeAction({
|
58 | basic: "*",
|
59 | details: "*"
|
60 | } as AuthorityAction)]: "read and write all fields of"
|
61 | };
|
62 |
|
63 | const authority: [
|
64 | DomainDescriptionMap,
|
65 | DomainDescriptionMap,
|
66 | DomainDescriptionMap
|
67 | ][] = [
|
68 | [
|
69 | realm,
|
70 | {
|
71 | [createV2AuthXScopeContext({
|
72 | type: "authority",
|
73 | authorityId: "(authority_id)"
|
74 | } as AuthorityContext)]: 'the authority with id "(authority_id)"'
|
75 | },
|
76 | commonAuthorityActions
|
77 | ],
|
78 | [
|
79 | realm,
|
80 | {
|
81 | [createV2AuthXScopeContext({
|
82 | type: "authority",
|
83 | authorityId: ""
|
84 | } as AuthorityContext)]: "a new authority",
|
85 | [createV2AuthXScopeContext({
|
86 | type: "authority",
|
87 | authorityId: "*"
|
88 | } as AuthorityContext)]: "any new or existing authority"
|
89 | },
|
90 | {
|
91 | ...commonAuthorityActions,
|
92 | [createV2AuthXScopeAction({
|
93 | basic: "*",
|
94 | details: "*"
|
95 | } as AuthorityAction)]: "create, read and write all fields of"
|
96 | }
|
97 | ]
|
98 | ];
|
99 |
|
100 |
|
101 | const commonClientActions = {
|
102 | [createV2AuthXScopeAction({
|
103 | basic: "r",
|
104 | secrets: ""
|
105 | } as ClientAction)]: "read the basic fields of",
|
106 | [createV2AuthXScopeAction({
|
107 | basic: "r",
|
108 | secrets: "r"
|
109 | } as ClientAction)]: "read secrets of",
|
110 | [createV2AuthXScopeAction({
|
111 | basic: "r",
|
112 | secrets: "*"
|
113 | } as ClientAction)]: "read all fields of",
|
114 | [createV2AuthXScopeAction({
|
115 | basic: "w",
|
116 | secrets: ""
|
117 | } as ClientAction)]: "write basic fields for",
|
118 | [createV2AuthXScopeAction({
|
119 | basic: "w",
|
120 | secrets: "w"
|
121 | } as ClientAction)]: "write secrets for",
|
122 | [createV2AuthXScopeAction({
|
123 | basic: "w",
|
124 | secrets: "*"
|
125 | } as ClientAction)]: "write all fields of",
|
126 | [createV2AuthXScopeAction({
|
127 | basic: "*",
|
128 | secrets: "*"
|
129 | } as ClientAction)]: "read and write all fields of"
|
130 | };
|
131 |
|
132 | const client: [
|
133 | DomainDescriptionMap,
|
134 | DomainDescriptionMap,
|
135 | DomainDescriptionMap
|
136 | ][] = [
|
137 | [
|
138 | realm,
|
139 | {
|
140 | [createV2AuthXScopeContext({
|
141 | type: "client",
|
142 | clientId: "(client_id)"
|
143 | } as ClientContext)]: 'the client with id "(client_id)"',
|
144 | [createV2AuthXScopeContext({
|
145 | type: "client",
|
146 | clientId: "{current_client_id}"
|
147 | } as ClientContext)]: "the current client"
|
148 | },
|
149 | commonClientActions
|
150 | ],
|
151 | [
|
152 | realm,
|
153 | {
|
154 | [createV2AuthXScopeContext({
|
155 | type: "client",
|
156 | clientId: ""
|
157 | } as ClientContext)]: "a new client",
|
158 | [createV2AuthXScopeContext({
|
159 | type: "client",
|
160 | clientId: "*"
|
161 | } as ClientContext)]: "any new or existing client"
|
162 | },
|
163 | {
|
164 | ...commonClientActions,
|
165 | [createV2AuthXScopeAction({
|
166 | basic: "*",
|
167 | secrets: "*"
|
168 | } as ClientAction)]: "create, read and write all fields of"
|
169 | }
|
170 | ]
|
171 | ];
|
172 |
|
173 |
|
174 | const commonRoleActions = {
|
175 | [createV2AuthXScopeAction({
|
176 | basic: "r",
|
177 | scopes: "",
|
178 | users: ""
|
179 | } as RoleAction)]: "read the basic fields of",
|
180 | [createV2AuthXScopeAction({
|
181 | basic: "r",
|
182 | scopes: "r",
|
183 | users: ""
|
184 | } as RoleAction)]: "read scopes of",
|
185 | [createV2AuthXScopeAction({
|
186 | basic: "r",
|
187 | scopes: "",
|
188 | users: "r"
|
189 | } as RoleAction)]: "read users of",
|
190 | [createV2AuthXScopeAction({
|
191 | basic: "r",
|
192 | scopes: "*",
|
193 | users: "*"
|
194 | } as RoleAction)]: "read all fields of",
|
195 | [createV2AuthXScopeAction({
|
196 | basic: "w",
|
197 | scopes: "",
|
198 | users: ""
|
199 | } as RoleAction)]: "write basic fields for",
|
200 | [createV2AuthXScopeAction({
|
201 | basic: "w",
|
202 | scopes: "r",
|
203 | users: ""
|
204 | } as RoleAction)]: "write scopes for",
|
205 | [createV2AuthXScopeAction({
|
206 | basic: "w",
|
207 | scopes: "",
|
208 | users: "r"
|
209 | } as RoleAction)]: "write users for",
|
210 | [createV2AuthXScopeAction({
|
211 | basic: "w",
|
212 | scopes: "*",
|
213 | users: "*"
|
214 | } as RoleAction)]: "write all fields of",
|
215 | [createV2AuthXScopeAction({
|
216 | basic: "*",
|
217 | scopes: "*",
|
218 | users: "*"
|
219 | } as RoleAction)]: "read and write all fields of"
|
220 | };
|
221 |
|
222 | const role: [
|
223 | DomainDescriptionMap,
|
224 | DomainDescriptionMap,
|
225 | DomainDescriptionMap
|
226 | ][] = [
|
227 | [
|
228 | realm,
|
229 | {
|
230 | [createV2AuthXScopeContext({
|
231 | type: "role",
|
232 | roleId: "(role_id)"
|
233 | } as RoleContext)]: 'the role with id "(role_id)"'
|
234 | },
|
235 | commonRoleActions
|
236 | ],
|
237 | [
|
238 | realm,
|
239 | {
|
240 | [createV2AuthXScopeContext({
|
241 | type: "role",
|
242 | roleId: ""
|
243 | } as RoleContext)]: "a new role",
|
244 | [createV2AuthXScopeContext({
|
245 | type: "role",
|
246 | roleId: "*"
|
247 | } as RoleContext)]: "any new or existing role"
|
248 | },
|
249 | {
|
250 | ...commonRoleActions,
|
251 | [createV2AuthXScopeAction({
|
252 | basic: "*",
|
253 | scopes: "*",
|
254 | users: "*"
|
255 | } as RoleAction)]: "create, read and write all fields of"
|
256 | }
|
257 | ]
|
258 | ];
|
259 |
|
260 |
|
261 | const commonUserActions = {
|
262 | [createV2AuthXScopeAction({
|
263 | basic: "r"
|
264 | } as UserAction)]: "read the basic fields of",
|
265 | [createV2AuthXScopeAction({
|
266 | basic: "w"
|
267 | } as UserAction)]: "write basic fields for",
|
268 | [createV2AuthXScopeAction({
|
269 | basic: "*"
|
270 | } as UserAction)]: "read and write basic fields of"
|
271 | };
|
272 |
|
273 | const user: [
|
274 | DomainDescriptionMap,
|
275 | DomainDescriptionMap,
|
276 | DomainDescriptionMap
|
277 | ][] = [
|
278 | [
|
279 | realm,
|
280 | {
|
281 | [createV2AuthXScopeContext({
|
282 | type: "user",
|
283 | userId: "(user_id)"
|
284 | } as UserContext)]: 'the user with id "(user_id)"',
|
285 | [createV2AuthXScopeContext({
|
286 | type: "user",
|
287 | userId: "{current_user_id}"
|
288 | } as UserContext)]: "the current user"
|
289 | },
|
290 | commonUserActions
|
291 | ],
|
292 | [
|
293 | realm,
|
294 | {
|
295 | [createV2AuthXScopeContext({
|
296 | type: "user",
|
297 | userId: ""
|
298 | } as UserContext)]: "a new user",
|
299 | [createV2AuthXScopeContext({
|
300 | type: "user",
|
301 | userId: "*"
|
302 | } as UserContext)]: "any new or existing user"
|
303 | },
|
304 | {
|
305 | ...commonUserActions,
|
306 | [createV2AuthXScopeAction({
|
307 | basic: "*"
|
308 | } as UserAction)]: "create, read and write basic fields of"
|
309 | }
|
310 | ]
|
311 | ];
|
312 |
|
313 |
|
314 | const credential: [
|
315 | DomainDescriptionMap,
|
316 | DomainDescriptionMap,
|
317 | DomainDescriptionMap
|
318 | ][] = [
|
319 | [
|
320 | realm,
|
321 | {
|
322 | [createV2AuthXScopeContext({
|
323 | type: "credential",
|
324 | authorityId: "(authority_id)",
|
325 | credentialId: "(credential_id)",
|
326 | userId: "(user_id)"
|
327 | } as CredentialContext)]: 'the credential with id "(credential_id)"',
|
328 |
|
329 | [createV2AuthXScopeContext({
|
330 | type: "credential",
|
331 | authorityId: "(authority_id)",
|
332 | credentialId: "*",
|
333 | userId: "(user_id)"
|
334 | } as CredentialContext)]: 'any new or existing credential belonging to both the user with id "(user_id)" and authority with id "(authority_id)"',
|
335 | [createV2AuthXScopeContext({
|
336 | type: "credential",
|
337 | authorityId: "(authority_id)",
|
338 | credentialId: "*",
|
339 | userId: "{current_user_id}"
|
340 | } as CredentialContext)]: 'any new or existing credential belonging to both the current user and authority with id "(authority_id)"',
|
341 | [createV2AuthXScopeContext({
|
342 | type: "credential",
|
343 | authorityId: "*",
|
344 | credentialId: "*",
|
345 | userId: "(user_id)"
|
346 | } as CredentialContext)]: 'any new or existing credential belonging to the user with id "(user_id)"',
|
347 | [createV2AuthXScopeContext({
|
348 | type: "credential",
|
349 | authorityId: "*",
|
350 | credentialId: "*",
|
351 | userId: "{current_user_id}"
|
352 | } as CredentialContext)]: "any new or existing credential belonging to the current user",
|
353 | [createV2AuthXScopeContext({
|
354 | type: "credential",
|
355 | authorityId: "(authority_id)",
|
356 | credentialId: "*",
|
357 | userId: "*"
|
358 | } as CredentialContext)]: 'any new or existing credential belonging to the authority with id "(authority_id)"',
|
359 |
|
360 | [createV2AuthXScopeContext({
|
361 | type: "credential",
|
362 | authorityId: "*",
|
363 | credentialId: "*",
|
364 | userId: "*"
|
365 | } as CredentialContext)]: "any new or existing credential"
|
366 | },
|
367 | {
|
368 | [createV2AuthXScopeAction({
|
369 | basic: "r",
|
370 | details: ""
|
371 | } as CredentialAction)]: "read the basic fields of",
|
372 | [createV2AuthXScopeAction({
|
373 | basic: "r",
|
374 | details: "r"
|
375 | } as CredentialAction)]: "read potentially sensitive details of",
|
376 | [createV2AuthXScopeAction({
|
377 | basic: "r",
|
378 | details: "*"
|
379 | } as CredentialAction)]: "read all fields of",
|
380 | [createV2AuthXScopeAction({
|
381 | basic: "w",
|
382 | details: ""
|
383 | } as CredentialAction)]: "write basic fields for",
|
384 | [createV2AuthXScopeAction({
|
385 | basic: "w",
|
386 | details: "w"
|
387 | } as CredentialAction)]: "write potentially sensitive details for",
|
388 | [createV2AuthXScopeAction({
|
389 | basic: "w",
|
390 | details: "*"
|
391 | } as CredentialAction)]: "write all fields of",
|
392 | [createV2AuthXScopeAction({
|
393 | basic: "*",
|
394 | details: "*"
|
395 | } as CredentialAction)]: "create, read and write all fields of"
|
396 | }
|
397 | ]
|
398 | ];
|
399 |
|
400 | const grant: [
|
401 | DomainDescriptionMap,
|
402 | DomainDescriptionMap,
|
403 | DomainDescriptionMap
|
404 | ][] = [
|
405 |
|
406 | [
|
407 | realm,
|
408 | {
|
409 | [createV2AuthXScopeContext({
|
410 | type: "grant",
|
411 | clientId: "(client_id)",
|
412 | grantId: "(grant_id)",
|
413 | userId: "(user_id)"
|
414 | } as GrantContext)]: 'the grant with id "(grant_id)"',
|
415 | [createV2AuthXScopeContext({
|
416 | type: "grant",
|
417 | clientId: "{current_client_id}",
|
418 | grantId: "{current_grant_id}",
|
419 | userId: "{current_user_id}"
|
420 | } as GrantContext)]: "the current grant",
|
421 |
|
422 | [createV2AuthXScopeContext({
|
423 | type: "grant",
|
424 | clientId: "(client_id)",
|
425 | grantId: "*",
|
426 | userId: "(user_id)"
|
427 | } as GrantContext)]: 'any new or existing grant belonging to both the user with id "(user_id)" and the client with id "(client_id)"',
|
428 | [createV2AuthXScopeContext({
|
429 | type: "grant",
|
430 | clientId: "{current_client_id}",
|
431 | grantId: "*",
|
432 | userId: "{current_user_id}"
|
433 | } as GrantContext)]: "any new or existing grant belonging to both the current user and the current client",
|
434 | [createV2AuthXScopeContext({
|
435 | type: "grant",
|
436 | clientId: "(client_id)",
|
437 | grantId: "*",
|
438 | userId: "{current_user_id}"
|
439 | } as GrantContext)]: 'any new or existing grant belonging to both the current user and the client with id "(client_id)"',
|
440 | [createV2AuthXScopeContext({
|
441 | type: "grant",
|
442 | clientId: "{current_client_id}",
|
443 | grantId: "*",
|
444 | userId: "(user_id)"
|
445 | } as GrantContext)]: 'any new or existing grant belonging to both the user with id "(user_id)" and the current client',
|
446 |
|
447 | [createV2AuthXScopeContext({
|
448 | type: "grant",
|
449 | clientId: "*",
|
450 | grantId: "*",
|
451 | userId: "(user_id)"
|
452 | } as GrantContext)]: 'any new or existing grant belonging to the user with id "(user_id)"',
|
453 | [createV2AuthXScopeContext({
|
454 | type: "grant",
|
455 | clientId: "*",
|
456 | grantId: "*",
|
457 | userId: "{current_user_id}"
|
458 | } as GrantContext)]: "any new or existing grant belonging to the current user",
|
459 | [createV2AuthXScopeContext({
|
460 | type: "grant",
|
461 | clientId: "(client_id)",
|
462 | grantId: "*",
|
463 | userId: "*"
|
464 | } as GrantContext)]: 'any new or existing grant belonging to the client with id "(client_id)"',
|
465 | [createV2AuthXScopeContext({
|
466 | type: "grant",
|
467 | clientId: "{current_client_id}",
|
468 | grantId: "*",
|
469 | userId: "*"
|
470 | } as GrantContext)]: "any new or existing grant belonging to the current client",
|
471 |
|
472 | [createV2AuthXScopeContext({
|
473 | type: "grant",
|
474 | clientId: "*",
|
475 | grantId: "*",
|
476 | userId: "*"
|
477 | } as GrantContext)]: "any new or existing grant"
|
478 | },
|
479 | {
|
480 | [createV2AuthXScopeAction({
|
481 | basic: "r",
|
482 | scopes: "",
|
483 | secrets: ""
|
484 | } as GrantAction)]: "read the basic fields of",
|
485 | [createV2AuthXScopeAction({
|
486 | basic: "r",
|
487 | scopes: "r",
|
488 | secrets: ""
|
489 | } as GrantAction)]: "read scopes of",
|
490 | [createV2AuthXScopeAction({
|
491 | basic: "r",
|
492 | scopes: "",
|
493 | secrets: "r"
|
494 | } as GrantAction)]: "read secrets of",
|
495 | [createV2AuthXScopeAction({
|
496 | basic: "r",
|
497 | scopes: "*",
|
498 | secrets: "*"
|
499 | } as GrantAction)]: "read all fields of",
|
500 | [createV2AuthXScopeAction({
|
501 | basic: "w",
|
502 | scopes: "",
|
503 | secrets: ""
|
504 | } as GrantAction)]: "write basic fields for",
|
505 | [createV2AuthXScopeAction({
|
506 | basic: "w",
|
507 | scopes: "w",
|
508 | secrets: ""
|
509 | } as GrantAction)]: "write scopes for",
|
510 | [createV2AuthXScopeAction({
|
511 | basic: "w",
|
512 | scopes: "",
|
513 | secrets: "w"
|
514 | } as GrantAction)]: "write secrets for",
|
515 | [createV2AuthXScopeAction({
|
516 | basic: "w",
|
517 | scopes: "*",
|
518 | secrets: "*"
|
519 | } as GrantAction)]: "write all fields for",
|
520 | [createV2AuthXScopeAction({
|
521 | basic: "*",
|
522 | scopes: "*",
|
523 | secrets: "*"
|
524 | } as GrantAction)]: "create, read and write all fields for"
|
525 | }
|
526 | ]
|
527 | ];
|
528 |
|
529 |
|
530 | const authorization: [
|
531 | DomainDescriptionMap,
|
532 | DomainDescriptionMap,
|
533 | DomainDescriptionMap
|
534 | ][] = [
|
535 | [
|
536 | realm,
|
537 | {
|
538 | [createV2AuthXScopeContext({
|
539 | type: "authorization",
|
540 | authorizationId: "(authorization_id)",
|
541 | clientId: "(client_id)",
|
542 | grantId: "(grant_id)",
|
543 | userId: "(user_id)"
|
544 | } as AuthorizationContext)]: 'the authorization with id "(authorization_id)',
|
545 | [createV2AuthXScopeContext({
|
546 | type: "authorization",
|
547 | authorizationId: "{current_authorization_id}",
|
548 | clientId: "{current_client_id}",
|
549 | grantId: "{current_grant_id}",
|
550 | userId: "{current_user_id}"
|
551 | } as AuthorizationContext)]: "the current authorization",
|
552 |
|
553 | [createV2AuthXScopeContext({
|
554 | type: "authorization",
|
555 | authorizationId: "*",
|
556 | clientId: "(client_id)",
|
557 | grantId: "(grant_id)",
|
558 | userId: "(user_id)"
|
559 | } as AuthorizationContext)]: 'any new or existing authorization belonging to the grant with id "(grant_id)"',
|
560 | [createV2AuthXScopeContext({
|
561 | type: "authorization",
|
562 | authorizationId: "*",
|
563 | clientId: "{current_client_id}",
|
564 | grantId: "{current_grant_id}",
|
565 | userId: "{current_user_id}"
|
566 | } as AuthorizationContext)]: "any new or existing authorization belonging to the current grant",
|
567 |
|
568 | [createV2AuthXScopeContext({
|
569 | type: "authorization",
|
570 | authorizationId: "*",
|
571 | clientId: "(client_id)",
|
572 | grantId: "*",
|
573 | userId: "(user_id)"
|
574 | } as AuthorizationContext)]: 'any new or existing authorization belonging to both the user with id "(user_id)" and the client with id "(client_id)"',
|
575 | [createV2AuthXScopeContext({
|
576 | type: "authorization",
|
577 | authorizationId: "*",
|
578 | clientId: "{current_client_id}",
|
579 | grantId: "*",
|
580 | userId: "{current_user_id}"
|
581 | } as AuthorizationContext)]: "any new or existing authorization belonging to both the current user and the current client",
|
582 | [createV2AuthXScopeContext({
|
583 | type: "authorization",
|
584 | authorizationId: "*",
|
585 | clientId: "{current_client_id}",
|
586 | grantId: "*",
|
587 | userId: "(user_id)"
|
588 | } as AuthorizationContext)]: 'any new or existing authorization belonging to both the user with id "(user_id)" and the current client',
|
589 | [createV2AuthXScopeContext({
|
590 | type: "authorization",
|
591 | authorizationId: "*",
|
592 | clientId: "(client_id)",
|
593 | grantId: "*",
|
594 | userId: "{current_user_id}"
|
595 | } as AuthorizationContext)]: 'any new or existing authorization belonging to both the current user and the client with id "(client_id)"',
|
596 |
|
597 | [createV2AuthXScopeContext({
|
598 | type: "authorization",
|
599 | authorizationId: "*",
|
600 | clientId: "(client_id)",
|
601 | grantId: "*",
|
602 | userId: "*"
|
603 | } as AuthorizationContext)]: 'any new or existing authorization belonging to the client with id "(client_id)"',
|
604 | [createV2AuthXScopeContext({
|
605 | type: "authorization",
|
606 | authorizationId: "*",
|
607 | clientId: "{current_client_id}",
|
608 | grantId: "*",
|
609 | userId: "*"
|
610 | } as AuthorizationContext)]: "any new or existing authorization belonging to the current client",
|
611 |
|
612 | [createV2AuthXScopeContext({
|
613 | type: "authorization",
|
614 | authorizationId: "*",
|
615 | clientId: "*",
|
616 | grantId: "*",
|
617 | userId: "(user_id)"
|
618 | } as AuthorizationContext)]: 'any new or existing authorization belonging to the user with id "(user_id)"',
|
619 | [createV2AuthXScopeContext({
|
620 | type: "authorization",
|
621 | authorizationId: "*",
|
622 | clientId: "*",
|
623 | grantId: "*",
|
624 | userId: "{current_user_id}"
|
625 | } as AuthorizationContext)]: "any new or existing authorization belonging to the current user",
|
626 |
|
627 | [createV2AuthXScopeContext({
|
628 | type: "authorization",
|
629 | authorizationId: "*",
|
630 | clientId: "*",
|
631 | grantId: "*",
|
632 | userId: "*"
|
633 | } as AuthorizationContext)]: "any new or existing authorization"
|
634 | },
|
635 | {
|
636 | [createV2AuthXScopeAction({
|
637 | basic: "r",
|
638 | scopes: "",
|
639 | secrets: ""
|
640 | } as AuthorizationAction)]: "read the basic fields of",
|
641 | [createV2AuthXScopeAction({
|
642 | basic: "r",
|
643 | scopes: "r",
|
644 | secrets: ""
|
645 | } as AuthorizationAction)]: "read scopes of",
|
646 | [createV2AuthXScopeAction({
|
647 | basic: "r",
|
648 | scopes: "",
|
649 | secrets: "r"
|
650 | } as AuthorizationAction)]: "read secrets of",
|
651 | [createV2AuthXScopeAction({
|
652 | basic: "r",
|
653 | scopes: "*",
|
654 | secrets: "*"
|
655 | } as AuthorizationAction)]: "read all fields of",
|
656 | [createV2AuthXScopeAction({
|
657 | basic: "w",
|
658 | scopes: "",
|
659 | secrets: ""
|
660 | } as AuthorizationAction)]: "write basic fields for",
|
661 | [createV2AuthXScopeAction({
|
662 | basic: "w",
|
663 | scopes: "w",
|
664 | secrets: ""
|
665 | } as AuthorizationAction)]: "write scopes for",
|
666 | [createV2AuthXScopeAction({
|
667 | basic: "w",
|
668 | scopes: "",
|
669 | secrets: "w"
|
670 | } as AuthorizationAction)]: "write secrets for",
|
671 | [createV2AuthXScopeAction({
|
672 | basic: "w",
|
673 | scopes: "*",
|
674 | secrets: "*"
|
675 | } as AuthorizationAction)]: "write all fields for",
|
676 | [createV2AuthXScopeAction({
|
677 | basic: "*",
|
678 | scopes: "*",
|
679 | secrets: "*"
|
680 | } as AuthorizationAction)]: "create, read and write all fields for"
|
681 | }
|
682 | ]
|
683 | ];
|
684 |
|
685 | return generate([
|
686 | ...authority,
|
687 | ...client,
|
688 | ...role,
|
689 | ...user,
|
690 | ...credential,
|
691 | ...grant,
|
692 | ...authorization,
|
693 | [
|
694 | realm,
|
695 | { "v2.*.*.*.*.*.*.*.*": "any new or existing entity" },
|
696 | {
|
697 | "r....": "read the basic fields of",
|
698 | "r..r..": "read scopes of",
|
699 | "r....r": "read users of",
|
700 | "w....": "write basic fields for",
|
701 | "w..w..": "write scopes for",
|
702 | "w....w": "write users for",
|
703 | "r.r...": "read potentially sensitive details of",
|
704 | "w.w...": "write potentially sensitive details for",
|
705 | "r...r.": "read secrets of",
|
706 | "w...w.": "read secrets of",
|
707 | "r.*.*.*.*": "read all fields of",
|
708 | "w.*.*.*.*": "write all fields for",
|
709 | "*.*.*.*.*": "create, read, and write all fields for"
|
710 | }
|
711 | ]
|
712 | ]);
|
713 | }
|