UNPKG

24.8 kBJavaScriptView Raw
1"use strict";
2Object.defineProperty(exports, "__esModule", { value: true });
3const explanations_1 = require("./util/explanations");
4const scopes_1 = require("./util/scopes");
5function createAuthXExplanations(realm = {
6 authx: "authx"
7}) {
8 // Authority
9 const commonAuthorityActions = {
10 [scopes_1.createV2AuthXScopeAction({
11 basic: "r",
12 details: ""
13 })]: "read the basic fields of",
14 [scopes_1.createV2AuthXScopeAction({
15 basic: "r",
16 details: "r"
17 })]: "read potentially sensitive details of",
18 [scopes_1.createV2AuthXScopeAction({
19 basic: "r",
20 details: "*"
21 })]: "read all fields of",
22 [scopes_1.createV2AuthXScopeAction({
23 basic: "w",
24 details: ""
25 })]: "write basic fields for",
26 [scopes_1.createV2AuthXScopeAction({
27 basic: "w",
28 details: "w"
29 })]: "write potentially sensitive details for",
30 [scopes_1.createV2AuthXScopeAction({
31 basic: "w",
32 details: "*"
33 })]: "write all fields of",
34 [scopes_1.createV2AuthXScopeAction({
35 basic: "*",
36 details: "*"
37 })]: "read and write all fields of"
38 };
39 const authority = [
40 [
41 realm,
42 {
43 [scopes_1.createV2AuthXScopeContext({
44 type: "authority",
45 authorityId: "(authority_id)"
46 })]: 'the authority with id "(authority_id)"'
47 },
48 commonAuthorityActions
49 ],
50 [
51 realm,
52 {
53 [scopes_1.createV2AuthXScopeContext({
54 type: "authority",
55 authorityId: ""
56 })]: "a new authority",
57 [scopes_1.createV2AuthXScopeContext({
58 type: "authority",
59 authorityId: "*"
60 })]: "any new or existing authority"
61 },
62 {
63 ...commonAuthorityActions,
64 [scopes_1.createV2AuthXScopeAction({
65 basic: "*",
66 details: "*"
67 })]: "create, read and write all fields of"
68 }
69 ]
70 ];
71 // Client
72 const commonClientActions = {
73 [scopes_1.createV2AuthXScopeAction({
74 basic: "r",
75 secrets: ""
76 })]: "read the basic fields of",
77 [scopes_1.createV2AuthXScopeAction({
78 basic: "r",
79 secrets: "r"
80 })]: "read secrets of",
81 [scopes_1.createV2AuthXScopeAction({
82 basic: "r",
83 secrets: "*"
84 })]: "read all fields of",
85 [scopes_1.createV2AuthXScopeAction({
86 basic: "w",
87 secrets: ""
88 })]: "write basic fields for",
89 [scopes_1.createV2AuthXScopeAction({
90 basic: "w",
91 secrets: "w"
92 })]: "write secrets for",
93 [scopes_1.createV2AuthXScopeAction({
94 basic: "w",
95 secrets: "*"
96 })]: "write all fields of",
97 [scopes_1.createV2AuthXScopeAction({
98 basic: "*",
99 secrets: "*"
100 })]: "read and write all fields of"
101 };
102 const client = [
103 [
104 realm,
105 {
106 [scopes_1.createV2AuthXScopeContext({
107 type: "client",
108 clientId: "(client_id)"
109 })]: 'the client with id "(client_id)"',
110 [scopes_1.createV2AuthXScopeContext({
111 type: "client",
112 clientId: "{current_client_id}"
113 })]: "the current client"
114 },
115 commonClientActions
116 ],
117 [
118 realm,
119 {
120 [scopes_1.createV2AuthXScopeContext({
121 type: "client",
122 clientId: ""
123 })]: "a new client",
124 [scopes_1.createV2AuthXScopeContext({
125 type: "client",
126 clientId: "*"
127 })]: "any new or existing client"
128 },
129 {
130 ...commonClientActions,
131 [scopes_1.createV2AuthXScopeAction({
132 basic: "*",
133 secrets: "*"
134 })]: "create, read and write all fields of"
135 }
136 ]
137 ];
138 // Role
139 const commonRoleActions = {
140 [scopes_1.createV2AuthXScopeAction({
141 basic: "r",
142 scopes: "",
143 users: ""
144 })]: "read the basic fields of",
145 [scopes_1.createV2AuthXScopeAction({
146 basic: "r",
147 scopes: "r",
148 users: ""
149 })]: "read scopes of",
150 [scopes_1.createV2AuthXScopeAction({
151 basic: "r",
152 scopes: "",
153 users: "r"
154 })]: "read users of",
155 [scopes_1.createV2AuthXScopeAction({
156 basic: "r",
157 scopes: "*",
158 users: "*"
159 })]: "read all fields of",
160 [scopes_1.createV2AuthXScopeAction({
161 basic: "w",
162 scopes: "",
163 users: ""
164 })]: "write basic fields for",
165 [scopes_1.createV2AuthXScopeAction({
166 basic: "w",
167 scopes: "r",
168 users: ""
169 })]: "write scopes for",
170 [scopes_1.createV2AuthXScopeAction({
171 basic: "w",
172 scopes: "",
173 users: "r"
174 })]: "write users for",
175 [scopes_1.createV2AuthXScopeAction({
176 basic: "w",
177 scopes: "*",
178 users: "*"
179 })]: "write all fields of",
180 [scopes_1.createV2AuthXScopeAction({
181 basic: "*",
182 scopes: "*",
183 users: "*"
184 })]: "read and write all fields of"
185 };
186 const role = [
187 [
188 realm,
189 {
190 [scopes_1.createV2AuthXScopeContext({
191 type: "role",
192 roleId: "(role_id)"
193 })]: 'the role with id "(role_id)"'
194 },
195 commonRoleActions
196 ],
197 [
198 realm,
199 {
200 [scopes_1.createV2AuthXScopeContext({
201 type: "role",
202 roleId: ""
203 })]: "a new role",
204 [scopes_1.createV2AuthXScopeContext({
205 type: "role",
206 roleId: "*"
207 })]: "any new or existing role"
208 },
209 {
210 ...commonRoleActions,
211 [scopes_1.createV2AuthXScopeAction({
212 basic: "*",
213 scopes: "*",
214 users: "*"
215 })]: "create, read and write all fields of"
216 }
217 ]
218 ];
219 // User
220 const commonUserActions = {
221 [scopes_1.createV2AuthXScopeAction({
222 basic: "r"
223 })]: "read the basic fields of",
224 [scopes_1.createV2AuthXScopeAction({
225 basic: "w"
226 })]: "write basic fields for",
227 [scopes_1.createV2AuthXScopeAction({
228 basic: "*"
229 })]: "read and write basic fields of"
230 };
231 const user = [
232 [
233 realm,
234 {
235 [scopes_1.createV2AuthXScopeContext({
236 type: "user",
237 userId: "(user_id)"
238 })]: 'the user with id "(user_id)"',
239 [scopes_1.createV2AuthXScopeContext({
240 type: "user",
241 userId: "{current_user_id}"
242 })]: "the current user"
243 },
244 commonUserActions
245 ],
246 [
247 realm,
248 {
249 [scopes_1.createV2AuthXScopeContext({
250 type: "user",
251 userId: ""
252 })]: "a new user",
253 [scopes_1.createV2AuthXScopeContext({
254 type: "user",
255 userId: "*"
256 })]: "any new or existing user"
257 },
258 {
259 ...commonUserActions,
260 [scopes_1.createV2AuthXScopeAction({
261 basic: "*"
262 })]: "create, read and write basic fields of"
263 }
264 ]
265 ];
266 // Credential
267 const credential = [
268 [
269 realm,
270 {
271 [scopes_1.createV2AuthXScopeContext({
272 type: "credential",
273 authorityId: "(authority_id)",
274 credentialId: "(credential_id)",
275 userId: "(user_id)"
276 })]: 'the credential with id "(credential_id)"',
277 [scopes_1.createV2AuthXScopeContext({
278 type: "credential",
279 authorityId: "(authority_id)",
280 credentialId: "*",
281 userId: "(user_id)"
282 })]: 'any new or existing credential belonging to both the user with id "(user_id)" and authority with id "(authority_id)"',
283 [scopes_1.createV2AuthXScopeContext({
284 type: "credential",
285 authorityId: "(authority_id)",
286 credentialId: "*",
287 userId: "{current_user_id}"
288 })]: 'any new or existing credential belonging to both the current user and authority with id "(authority_id)"',
289 [scopes_1.createV2AuthXScopeContext({
290 type: "credential",
291 authorityId: "*",
292 credentialId: "*",
293 userId: "(user_id)"
294 })]: 'any new or existing credential belonging to the user with id "(user_id)"',
295 [scopes_1.createV2AuthXScopeContext({
296 type: "credential",
297 authorityId: "*",
298 credentialId: "*",
299 userId: "{current_user_id}"
300 })]: "any new or existing credential belonging to the current user",
301 [scopes_1.createV2AuthXScopeContext({
302 type: "credential",
303 authorityId: "(authority_id)",
304 credentialId: "*",
305 userId: "*"
306 })]: 'any new or existing credential belonging to the authority with id "(authority_id)"',
307 [scopes_1.createV2AuthXScopeContext({
308 type: "credential",
309 authorityId: "*",
310 credentialId: "*",
311 userId: "*"
312 })]: "any new or existing credential"
313 },
314 {
315 [scopes_1.createV2AuthXScopeAction({
316 basic: "r",
317 details: ""
318 })]: "read the basic fields of",
319 [scopes_1.createV2AuthXScopeAction({
320 basic: "r",
321 details: "r"
322 })]: "read potentially sensitive details of",
323 [scopes_1.createV2AuthXScopeAction({
324 basic: "r",
325 details: "*"
326 })]: "read all fields of",
327 [scopes_1.createV2AuthXScopeAction({
328 basic: "w",
329 details: ""
330 })]: "write basic fields for",
331 [scopes_1.createV2AuthXScopeAction({
332 basic: "w",
333 details: "w"
334 })]: "write potentially sensitive details for",
335 [scopes_1.createV2AuthXScopeAction({
336 basic: "w",
337 details: "*"
338 })]: "write all fields of",
339 [scopes_1.createV2AuthXScopeAction({
340 basic: "*",
341 details: "*"
342 })]: "create, read and write all fields of"
343 }
344 ]
345 ];
346 const grant = [
347 // Grant
348 [
349 realm,
350 {
351 [scopes_1.createV2AuthXScopeContext({
352 type: "grant",
353 clientId: "(client_id)",
354 grantId: "(grant_id)",
355 userId: "(user_id)"
356 })]: 'the grant with id "(grant_id)"',
357 [scopes_1.createV2AuthXScopeContext({
358 type: "grant",
359 clientId: "{current_client_id}",
360 grantId: "{current_grant_id}",
361 userId: "{current_user_id}"
362 })]: "the current grant",
363 [scopes_1.createV2AuthXScopeContext({
364 type: "grant",
365 clientId: "(client_id)",
366 grantId: "*",
367 userId: "(user_id)"
368 })]: 'any new or existing grant belonging to both the user with id "(user_id)" and the client with id "(client_id)"',
369 [scopes_1.createV2AuthXScopeContext({
370 type: "grant",
371 clientId: "{current_client_id}",
372 grantId: "*",
373 userId: "{current_user_id}"
374 })]: "any new or existing grant belonging to both the current user and the current client",
375 [scopes_1.createV2AuthXScopeContext({
376 type: "grant",
377 clientId: "(client_id)",
378 grantId: "*",
379 userId: "{current_user_id}"
380 })]: 'any new or existing grant belonging to both the current user and the client with id "(client_id)"',
381 [scopes_1.createV2AuthXScopeContext({
382 type: "grant",
383 clientId: "{current_client_id}",
384 grantId: "*",
385 userId: "(user_id)"
386 })]: 'any new or existing grant belonging to both the user with id "(user_id)" and the current client',
387 [scopes_1.createV2AuthXScopeContext({
388 type: "grant",
389 clientId: "*",
390 grantId: "*",
391 userId: "(user_id)"
392 })]: 'any new or existing grant belonging to the user with id "(user_id)"',
393 [scopes_1.createV2AuthXScopeContext({
394 type: "grant",
395 clientId: "*",
396 grantId: "*",
397 userId: "{current_user_id}"
398 })]: "any new or existing grant belonging to the current user",
399 [scopes_1.createV2AuthXScopeContext({
400 type: "grant",
401 clientId: "(client_id)",
402 grantId: "*",
403 userId: "*"
404 })]: 'any new or existing grant belonging to the client with id "(client_id)"',
405 [scopes_1.createV2AuthXScopeContext({
406 type: "grant",
407 clientId: "{current_client_id}",
408 grantId: "*",
409 userId: "*"
410 })]: "any new or existing grant belonging to the current client",
411 [scopes_1.createV2AuthXScopeContext({
412 type: "grant",
413 clientId: "*",
414 grantId: "*",
415 userId: "*"
416 })]: "any new or existing grant"
417 },
418 {
419 [scopes_1.createV2AuthXScopeAction({
420 basic: "r",
421 scopes: "",
422 secrets: ""
423 })]: "read the basic fields of",
424 [scopes_1.createV2AuthXScopeAction({
425 basic: "r",
426 scopes: "r",
427 secrets: ""
428 })]: "read scopes of",
429 [scopes_1.createV2AuthXScopeAction({
430 basic: "r",
431 scopes: "",
432 secrets: "r"
433 })]: "read secrets of",
434 [scopes_1.createV2AuthXScopeAction({
435 basic: "r",
436 scopes: "*",
437 secrets: "*"
438 })]: "read all fields of",
439 [scopes_1.createV2AuthXScopeAction({
440 basic: "w",
441 scopes: "",
442 secrets: ""
443 })]: "write basic fields for",
444 [scopes_1.createV2AuthXScopeAction({
445 basic: "w",
446 scopes: "w",
447 secrets: ""
448 })]: "write scopes for",
449 [scopes_1.createV2AuthXScopeAction({
450 basic: "w",
451 scopes: "",
452 secrets: "w"
453 })]: "write secrets for",
454 [scopes_1.createV2AuthXScopeAction({
455 basic: "w",
456 scopes: "*",
457 secrets: "*"
458 })]: "write all fields for",
459 [scopes_1.createV2AuthXScopeAction({
460 basic: "*",
461 scopes: "*",
462 secrets: "*"
463 })]: "create, read and write all fields for"
464 }
465 ]
466 ];
467 // Authorization
468 const authorization = [
469 [
470 realm,
471 {
472 [scopes_1.createV2AuthXScopeContext({
473 type: "authorization",
474 authorizationId: "(authorization_id)",
475 clientId: "(client_id)",
476 grantId: "(grant_id)",
477 userId: "(user_id)"
478 })]: 'the authorization with id "(authorization_id)',
479 [scopes_1.createV2AuthXScopeContext({
480 type: "authorization",
481 authorizationId: "{current_authorization_id}",
482 clientId: "{current_client_id}",
483 grantId: "{current_grant_id}",
484 userId: "{current_user_id}"
485 })]: "the current authorization",
486 [scopes_1.createV2AuthXScopeContext({
487 type: "authorization",
488 authorizationId: "*",
489 clientId: "(client_id)",
490 grantId: "(grant_id)",
491 userId: "(user_id)"
492 })]: 'any new or existing authorization belonging to the grant with id "(grant_id)"',
493 [scopes_1.createV2AuthXScopeContext({
494 type: "authorization",
495 authorizationId: "*",
496 clientId: "{current_client_id}",
497 grantId: "{current_grant_id}",
498 userId: "{current_user_id}"
499 })]: "any new or existing authorization belonging to the current grant",
500 [scopes_1.createV2AuthXScopeContext({
501 type: "authorization",
502 authorizationId: "*",
503 clientId: "(client_id)",
504 grantId: "*",
505 userId: "(user_id)"
506 })]: 'any new or existing authorization belonging to both the user with id "(user_id)" and the client with id "(client_id)"',
507 [scopes_1.createV2AuthXScopeContext({
508 type: "authorization",
509 authorizationId: "*",
510 clientId: "{current_client_id}",
511 grantId: "*",
512 userId: "{current_user_id}"
513 })]: "any new or existing authorization belonging to both the current user and the current client",
514 [scopes_1.createV2AuthXScopeContext({
515 type: "authorization",
516 authorizationId: "*",
517 clientId: "{current_client_id}",
518 grantId: "*",
519 userId: "(user_id)"
520 })]: 'any new or existing authorization belonging to both the user with id "(user_id)" and the current client',
521 [scopes_1.createV2AuthXScopeContext({
522 type: "authorization",
523 authorizationId: "*",
524 clientId: "(client_id)",
525 grantId: "*",
526 userId: "{current_user_id}"
527 })]: 'any new or existing authorization belonging to both the current user and the client with id "(client_id)"',
528 [scopes_1.createV2AuthXScopeContext({
529 type: "authorization",
530 authorizationId: "*",
531 clientId: "(client_id)",
532 grantId: "*",
533 userId: "*"
534 })]: 'any new or existing authorization belonging to the client with id "(client_id)"',
535 [scopes_1.createV2AuthXScopeContext({
536 type: "authorization",
537 authorizationId: "*",
538 clientId: "{current_client_id}",
539 grantId: "*",
540 userId: "*"
541 })]: "any new or existing authorization belonging to the current client",
542 [scopes_1.createV2AuthXScopeContext({
543 type: "authorization",
544 authorizationId: "*",
545 clientId: "*",
546 grantId: "*",
547 userId: "(user_id)"
548 })]: 'any new or existing authorization belonging to the user with id "(user_id)"',
549 [scopes_1.createV2AuthXScopeContext({
550 type: "authorization",
551 authorizationId: "*",
552 clientId: "*",
553 grantId: "*",
554 userId: "{current_user_id}"
555 })]: "any new or existing authorization belonging to the current user",
556 [scopes_1.createV2AuthXScopeContext({
557 type: "authorization",
558 authorizationId: "*",
559 clientId: "*",
560 grantId: "*",
561 userId: "*"
562 })]: "any new or existing authorization"
563 },
564 {
565 [scopes_1.createV2AuthXScopeAction({
566 basic: "r",
567 scopes: "",
568 secrets: ""
569 })]: "read the basic fields of",
570 [scopes_1.createV2AuthXScopeAction({
571 basic: "r",
572 scopes: "r",
573 secrets: ""
574 })]: "read scopes of",
575 [scopes_1.createV2AuthXScopeAction({
576 basic: "r",
577 scopes: "",
578 secrets: "r"
579 })]: "read secrets of",
580 [scopes_1.createV2AuthXScopeAction({
581 basic: "r",
582 scopes: "*",
583 secrets: "*"
584 })]: "read all fields of",
585 [scopes_1.createV2AuthXScopeAction({
586 basic: "w",
587 scopes: "",
588 secrets: ""
589 })]: "write basic fields for",
590 [scopes_1.createV2AuthXScopeAction({
591 basic: "w",
592 scopes: "w",
593 secrets: ""
594 })]: "write scopes for",
595 [scopes_1.createV2AuthXScopeAction({
596 basic: "w",
597 scopes: "",
598 secrets: "w"
599 })]: "write secrets for",
600 [scopes_1.createV2AuthXScopeAction({
601 basic: "w",
602 scopes: "*",
603 secrets: "*"
604 })]: "write all fields for",
605 [scopes_1.createV2AuthXScopeAction({
606 basic: "*",
607 scopes: "*",
608 secrets: "*"
609 })]: "create, read and write all fields for"
610 }
611 ]
612 ];
613 return explanations_1.generate([
614 ...authority,
615 ...client,
616 ...role,
617 ...user,
618 ...credential,
619 ...grant,
620 ...authorization,
621 [
622 realm,
623 { "v2.*.*.*.*.*.*.*.*": "any new or existing entity" },
624 {
625 "r....": "read the basic fields of",
626 "r..r..": "read scopes of",
627 "r....r": "read users of",
628 "w....": "write basic fields for",
629 "w..w..": "write scopes for",
630 "w....w": "write users for",
631 "r.r...": "read potentially sensitive details of",
632 "w.w...": "write potentially sensitive details for",
633 "r...r.": "read secrets of",
634 "w...w.": "read secrets of",
635 "r.*.*.*.*": "read all fields of",
636 "w.*.*.*.*": "write all fields for",
637 "*.*.*.*.*": "create, read, and write all fields for"
638 }
639 ]
640 ]);
641}
642exports.createAuthXExplanations = createAuthXExplanations;
643//# sourceMappingURL=explanations.js.map
\No newline at end of file