UNPKG

21.7 kBPlain TextView Raw
1import {
2 DomainDescriptionMap,
3 generate,
4 Explanation
5} from "./util/explanations";
6
7import {
8 AuthorityAction,
9 AuthorizationAction,
10 ClientAction,
11 CredentialAction,
12 GrantAction,
13 RoleAction,
14 UserAction,
15 AuthorityContext,
16 AuthorizationContext,
17 ClientContext,
18 CredentialContext,
19 GrantContext,
20 RoleContext,
21 UserContext,
22 createV2AuthXScopeAction,
23 createV2AuthXScopeContext
24} from "./util/scopes";
25
26export function createAuthXExplanations(
27 realm: DomainDescriptionMap = {
28 authx: "authx"
29 }
30): ReadonlyArray<Explanation> {
31 // Authority
32 const commonAuthorityActions = {
33 [createV2AuthXScopeAction({
34 basic: "r",
35 details: ""
36 } as AuthorityAction)]: "read the basic fields of",
37 [createV2AuthXScopeAction({
38 basic: "r",
39 details: "r"
40 } as AuthorityAction)]: "read potentially sensitive details of",
41 [createV2AuthXScopeAction({
42 basic: "r",
43 details: "*"
44 } as AuthorityAction)]: "read all fields of",
45 [createV2AuthXScopeAction({
46 basic: "w",
47 details: ""
48 } as AuthorityAction)]: "write basic fields for",
49 [createV2AuthXScopeAction({
50 basic: "w",
51 details: "w"
52 } as AuthorityAction)]: "write potentially sensitive details for",
53 [createV2AuthXScopeAction({
54 basic: "w",
55 details: "*"
56 } as AuthorityAction)]: "write all fields of",
57 [createV2AuthXScopeAction({
58 basic: "*",
59 details: "*"
60 } as AuthorityAction)]: "read and write all fields of"
61 };
62
63 const authority: [
64 DomainDescriptionMap,
65 DomainDescriptionMap,
66 DomainDescriptionMap
67 ][] = [
68 [
69 realm,
70 {
71 [createV2AuthXScopeContext({
72 type: "authority",
73 authorityId: "(authority_id)"
74 } as AuthorityContext)]: 'the authority with id "(authority_id)"'
75 },
76 commonAuthorityActions
77 ],
78 [
79 realm,
80 {
81 [createV2AuthXScopeContext({
82 type: "authority",
83 authorityId: ""
84 } as AuthorityContext)]: "a new authority",
85 [createV2AuthXScopeContext({
86 type: "authority",
87 authorityId: "*"
88 } as AuthorityContext)]: "any new or existing authority"
89 },
90 {
91 ...commonAuthorityActions,
92 [createV2AuthXScopeAction({
93 basic: "*",
94 details: "*"
95 } as AuthorityAction)]: "create, read and write all fields of"
96 }
97 ]
98 ];
99
100 // Client
101 const commonClientActions = {
102 [createV2AuthXScopeAction({
103 basic: "r",
104 secrets: ""
105 } as ClientAction)]: "read the basic fields of",
106 [createV2AuthXScopeAction({
107 basic: "r",
108 secrets: "r"
109 } as ClientAction)]: "read secrets of",
110 [createV2AuthXScopeAction({
111 basic: "r",
112 secrets: "*"
113 } as ClientAction)]: "read all fields of",
114 [createV2AuthXScopeAction({
115 basic: "w",
116 secrets: ""
117 } as ClientAction)]: "write basic fields for",
118 [createV2AuthXScopeAction({
119 basic: "w",
120 secrets: "w"
121 } as ClientAction)]: "write secrets for",
122 [createV2AuthXScopeAction({
123 basic: "w",
124 secrets: "*"
125 } as ClientAction)]: "write all fields of",
126 [createV2AuthXScopeAction({
127 basic: "*",
128 secrets: "*"
129 } as ClientAction)]: "read and write all fields of"
130 };
131
132 const client: [
133 DomainDescriptionMap,
134 DomainDescriptionMap,
135 DomainDescriptionMap
136 ][] = [
137 [
138 realm,
139 {
140 [createV2AuthXScopeContext({
141 type: "client",
142 clientId: "(client_id)"
143 } as ClientContext)]: 'the client with id "(client_id)"',
144 [createV2AuthXScopeContext({
145 type: "client",
146 clientId: "{current_client_id}"
147 } as ClientContext)]: "the current client"
148 },
149 commonClientActions
150 ],
151 [
152 realm,
153 {
154 [createV2AuthXScopeContext({
155 type: "client",
156 clientId: ""
157 } as ClientContext)]: "a new client",
158 [createV2AuthXScopeContext({
159 type: "client",
160 clientId: "*"
161 } as ClientContext)]: "any new or existing client"
162 },
163 {
164 ...commonClientActions,
165 [createV2AuthXScopeAction({
166 basic: "*",
167 secrets: "*"
168 } as ClientAction)]: "create, read and write all fields of"
169 }
170 ]
171 ];
172
173 // Role
174 const commonRoleActions = {
175 [createV2AuthXScopeAction({
176 basic: "r",
177 scopes: "",
178 users: ""
179 } as RoleAction)]: "read the basic fields of",
180 [createV2AuthXScopeAction({
181 basic: "r",
182 scopes: "r",
183 users: ""
184 } as RoleAction)]: "read scopes of",
185 [createV2AuthXScopeAction({
186 basic: "r",
187 scopes: "",
188 users: "r"
189 } as RoleAction)]: "read users of",
190 [createV2AuthXScopeAction({
191 basic: "r",
192 scopes: "*",
193 users: "*"
194 } as RoleAction)]: "read all fields of",
195 [createV2AuthXScopeAction({
196 basic: "w",
197 scopes: "",
198 users: ""
199 } as RoleAction)]: "write basic fields for",
200 [createV2AuthXScopeAction({
201 basic: "w",
202 scopes: "r",
203 users: ""
204 } as RoleAction)]: "write scopes for",
205 [createV2AuthXScopeAction({
206 basic: "w",
207 scopes: "",
208 users: "r"
209 } as RoleAction)]: "write users for",
210 [createV2AuthXScopeAction({
211 basic: "w",
212 scopes: "*",
213 users: "*"
214 } as RoleAction)]: "write all fields of",
215 [createV2AuthXScopeAction({
216 basic: "*",
217 scopes: "*",
218 users: "*"
219 } as RoleAction)]: "read and write all fields of"
220 };
221
222 const role: [
223 DomainDescriptionMap,
224 DomainDescriptionMap,
225 DomainDescriptionMap
226 ][] = [
227 [
228 realm,
229 {
230 [createV2AuthXScopeContext({
231 type: "role",
232 roleId: "(role_id)"
233 } as RoleContext)]: 'the role with id "(role_id)"'
234 },
235 commonRoleActions
236 ],
237 [
238 realm,
239 {
240 [createV2AuthXScopeContext({
241 type: "role",
242 roleId: ""
243 } as RoleContext)]: "a new role",
244 [createV2AuthXScopeContext({
245 type: "role",
246 roleId: "*"
247 } as RoleContext)]: "any new or existing role"
248 },
249 {
250 ...commonRoleActions,
251 [createV2AuthXScopeAction({
252 basic: "*",
253 scopes: "*",
254 users: "*"
255 } as RoleAction)]: "create, read and write all fields of"
256 }
257 ]
258 ];
259
260 // User
261 const commonUserActions = {
262 [createV2AuthXScopeAction({
263 basic: "r"
264 } as UserAction)]: "read the basic fields of",
265 [createV2AuthXScopeAction({
266 basic: "w"
267 } as UserAction)]: "write basic fields for",
268 [createV2AuthXScopeAction({
269 basic: "*"
270 } as UserAction)]: "read and write basic fields of"
271 };
272
273 const user: [
274 DomainDescriptionMap,
275 DomainDescriptionMap,
276 DomainDescriptionMap
277 ][] = [
278 [
279 realm,
280 {
281 [createV2AuthXScopeContext({
282 type: "user",
283 userId: "(user_id)"
284 } as UserContext)]: 'the user with id "(user_id)"',
285 [createV2AuthXScopeContext({
286 type: "user",
287 userId: "{current_user_id}"
288 } as UserContext)]: "the current user"
289 },
290 commonUserActions
291 ],
292 [
293 realm,
294 {
295 [createV2AuthXScopeContext({
296 type: "user",
297 userId: ""
298 } as UserContext)]: "a new user",
299 [createV2AuthXScopeContext({
300 type: "user",
301 userId: "*"
302 } as UserContext)]: "any new or existing user"
303 },
304 {
305 ...commonUserActions,
306 [createV2AuthXScopeAction({
307 basic: "*"
308 } as UserAction)]: "create, read and write basic fields of"
309 }
310 ]
311 ];
312
313 // Credential
314 const credential: [
315 DomainDescriptionMap,
316 DomainDescriptionMap,
317 DomainDescriptionMap
318 ][] = [
319 [
320 realm,
321 {
322 [createV2AuthXScopeContext({
323 type: "credential",
324 authorityId: "(authority_id)",
325 credentialId: "(credential_id)",
326 userId: "(user_id)"
327 } as CredentialContext)]: 'the credential with id "(credential_id)"',
328
329 [createV2AuthXScopeContext({
330 type: "credential",
331 authorityId: "(authority_id)",
332 credentialId: "*",
333 userId: "(user_id)"
334 } as CredentialContext)]: 'any new or existing credential belonging to both the user with id "(user_id)" and authority with id "(authority_id)"',
335 [createV2AuthXScopeContext({
336 type: "credential",
337 authorityId: "(authority_id)",
338 credentialId: "*",
339 userId: "{current_user_id}"
340 } as CredentialContext)]: 'any new or existing credential belonging to both the current user and authority with id "(authority_id)"',
341 [createV2AuthXScopeContext({
342 type: "credential",
343 authorityId: "*",
344 credentialId: "*",
345 userId: "(user_id)"
346 } as CredentialContext)]: 'any new or existing credential belonging to the user with id "(user_id)"',
347 [createV2AuthXScopeContext({
348 type: "credential",
349 authorityId: "*",
350 credentialId: "*",
351 userId: "{current_user_id}"
352 } as CredentialContext)]: "any new or existing credential belonging to the current user",
353 [createV2AuthXScopeContext({
354 type: "credential",
355 authorityId: "(authority_id)",
356 credentialId: "*",
357 userId: "*"
358 } as CredentialContext)]: 'any new or existing credential belonging to the authority with id "(authority_id)"',
359
360 [createV2AuthXScopeContext({
361 type: "credential",
362 authorityId: "*",
363 credentialId: "*",
364 userId: "*"
365 } as CredentialContext)]: "any new or existing credential"
366 },
367 {
368 [createV2AuthXScopeAction({
369 basic: "r",
370 details: ""
371 } as CredentialAction)]: "read the basic fields of",
372 [createV2AuthXScopeAction({
373 basic: "r",
374 details: "r"
375 } as CredentialAction)]: "read potentially sensitive details of",
376 [createV2AuthXScopeAction({
377 basic: "r",
378 details: "*"
379 } as CredentialAction)]: "read all fields of",
380 [createV2AuthXScopeAction({
381 basic: "w",
382 details: ""
383 } as CredentialAction)]: "write basic fields for",
384 [createV2AuthXScopeAction({
385 basic: "w",
386 details: "w"
387 } as CredentialAction)]: "write potentially sensitive details for",
388 [createV2AuthXScopeAction({
389 basic: "w",
390 details: "*"
391 } as CredentialAction)]: "write all fields of",
392 [createV2AuthXScopeAction({
393 basic: "*",
394 details: "*"
395 } as CredentialAction)]: "create, read and write all fields of"
396 }
397 ]
398 ];
399
400 const grant: [
401 DomainDescriptionMap,
402 DomainDescriptionMap,
403 DomainDescriptionMap
404 ][] = [
405 // Grant
406 [
407 realm,
408 {
409 [createV2AuthXScopeContext({
410 type: "grant",
411 clientId: "(client_id)",
412 grantId: "(grant_id)",
413 userId: "(user_id)"
414 } as GrantContext)]: 'the grant with id "(grant_id)"',
415 [createV2AuthXScopeContext({
416 type: "grant",
417 clientId: "{current_client_id}",
418 grantId: "{current_grant_id}",
419 userId: "{current_user_id}"
420 } as GrantContext)]: "the current grant",
421
422 [createV2AuthXScopeContext({
423 type: "grant",
424 clientId: "(client_id)",
425 grantId: "*",
426 userId: "(user_id)"
427 } as GrantContext)]: 'any new or existing grant belonging to both the user with id "(user_id)" and the client with id "(client_id)"',
428 [createV2AuthXScopeContext({
429 type: "grant",
430 clientId: "{current_client_id}",
431 grantId: "*",
432 userId: "{current_user_id}"
433 } as GrantContext)]: "any new or existing grant belonging to both the current user and the current client",
434 [createV2AuthXScopeContext({
435 type: "grant",
436 clientId: "(client_id)",
437 grantId: "*",
438 userId: "{current_user_id}"
439 } as GrantContext)]: 'any new or existing grant belonging to both the current user and the client with id "(client_id)"',
440 [createV2AuthXScopeContext({
441 type: "grant",
442 clientId: "{current_client_id}",
443 grantId: "*",
444 userId: "(user_id)"
445 } as GrantContext)]: 'any new or existing grant belonging to both the user with id "(user_id)" and the current client',
446
447 [createV2AuthXScopeContext({
448 type: "grant",
449 clientId: "*",
450 grantId: "*",
451 userId: "(user_id)"
452 } as GrantContext)]: 'any new or existing grant belonging to the user with id "(user_id)"',
453 [createV2AuthXScopeContext({
454 type: "grant",
455 clientId: "*",
456 grantId: "*",
457 userId: "{current_user_id}"
458 } as GrantContext)]: "any new or existing grant belonging to the current user",
459 [createV2AuthXScopeContext({
460 type: "grant",
461 clientId: "(client_id)",
462 grantId: "*",
463 userId: "*"
464 } as GrantContext)]: 'any new or existing grant belonging to the client with id "(client_id)"',
465 [createV2AuthXScopeContext({
466 type: "grant",
467 clientId: "{current_client_id}",
468 grantId: "*",
469 userId: "*"
470 } as GrantContext)]: "any new or existing grant belonging to the current client",
471
472 [createV2AuthXScopeContext({
473 type: "grant",
474 clientId: "*",
475 grantId: "*",
476 userId: "*"
477 } as GrantContext)]: "any new or existing grant"
478 },
479 {
480 [createV2AuthXScopeAction({
481 basic: "r",
482 scopes: "",
483 secrets: ""
484 } as GrantAction)]: "read the basic fields of",
485 [createV2AuthXScopeAction({
486 basic: "r",
487 scopes: "r",
488 secrets: ""
489 } as GrantAction)]: "read scopes of",
490 [createV2AuthXScopeAction({
491 basic: "r",
492 scopes: "",
493 secrets: "r"
494 } as GrantAction)]: "read secrets of",
495 [createV2AuthXScopeAction({
496 basic: "r",
497 scopes: "*",
498 secrets: "*"
499 } as GrantAction)]: "read all fields of",
500 [createV2AuthXScopeAction({
501 basic: "w",
502 scopes: "",
503 secrets: ""
504 } as GrantAction)]: "write basic fields for",
505 [createV2AuthXScopeAction({
506 basic: "w",
507 scopes: "w",
508 secrets: ""
509 } as GrantAction)]: "write scopes for",
510 [createV2AuthXScopeAction({
511 basic: "w",
512 scopes: "",
513 secrets: "w"
514 } as GrantAction)]: "write secrets for",
515 [createV2AuthXScopeAction({
516 basic: "w",
517 scopes: "*",
518 secrets: "*"
519 } as GrantAction)]: "write all fields for",
520 [createV2AuthXScopeAction({
521 basic: "*",
522 scopes: "*",
523 secrets: "*"
524 } as GrantAction)]: "create, read and write all fields for"
525 }
526 ]
527 ];
528
529 // Authorization
530 const authorization: [
531 DomainDescriptionMap,
532 DomainDescriptionMap,
533 DomainDescriptionMap
534 ][] = [
535 [
536 realm,
537 {
538 [createV2AuthXScopeContext({
539 type: "authorization",
540 authorizationId: "(authorization_id)",
541 clientId: "(client_id)",
542 grantId: "(grant_id)",
543 userId: "(user_id)"
544 } as AuthorizationContext)]: 'the authorization with id "(authorization_id)',
545 [createV2AuthXScopeContext({
546 type: "authorization",
547 authorizationId: "{current_authorization_id}",
548 clientId: "{current_client_id}",
549 grantId: "{current_grant_id}",
550 userId: "{current_user_id}"
551 } as AuthorizationContext)]: "the current authorization",
552
553 [createV2AuthXScopeContext({
554 type: "authorization",
555 authorizationId: "*",
556 clientId: "(client_id)",
557 grantId: "(grant_id)",
558 userId: "(user_id)"
559 } as AuthorizationContext)]: 'any new or existing authorization belonging to the grant with id "(grant_id)"',
560 [createV2AuthXScopeContext({
561 type: "authorization",
562 authorizationId: "*",
563 clientId: "{current_client_id}",
564 grantId: "{current_grant_id}",
565 userId: "{current_user_id}"
566 } as AuthorizationContext)]: "any new or existing authorization belonging to the current grant",
567
568 [createV2AuthXScopeContext({
569 type: "authorization",
570 authorizationId: "*",
571 clientId: "(client_id)",
572 grantId: "*",
573 userId: "(user_id)"
574 } as AuthorizationContext)]: 'any new or existing authorization belonging to both the user with id "(user_id)" and the client with id "(client_id)"',
575 [createV2AuthXScopeContext({
576 type: "authorization",
577 authorizationId: "*",
578 clientId: "{current_client_id}",
579 grantId: "*",
580 userId: "{current_user_id}"
581 } as AuthorizationContext)]: "any new or existing authorization belonging to both the current user and the current client",
582 [createV2AuthXScopeContext({
583 type: "authorization",
584 authorizationId: "*",
585 clientId: "{current_client_id}",
586 grantId: "*",
587 userId: "(user_id)"
588 } as AuthorizationContext)]: 'any new or existing authorization belonging to both the user with id "(user_id)" and the current client',
589 [createV2AuthXScopeContext({
590 type: "authorization",
591 authorizationId: "*",
592 clientId: "(client_id)",
593 grantId: "*",
594 userId: "{current_user_id}"
595 } as AuthorizationContext)]: 'any new or existing authorization belonging to both the current user and the client with id "(client_id)"',
596
597 [createV2AuthXScopeContext({
598 type: "authorization",
599 authorizationId: "*",
600 clientId: "(client_id)",
601 grantId: "*",
602 userId: "*"
603 } as AuthorizationContext)]: 'any new or existing authorization belonging to the client with id "(client_id)"',
604 [createV2AuthXScopeContext({
605 type: "authorization",
606 authorizationId: "*",
607 clientId: "{current_client_id}",
608 grantId: "*",
609 userId: "*"
610 } as AuthorizationContext)]: "any new or existing authorization belonging to the current client",
611
612 [createV2AuthXScopeContext({
613 type: "authorization",
614 authorizationId: "*",
615 clientId: "*",
616 grantId: "*",
617 userId: "(user_id)"
618 } as AuthorizationContext)]: 'any new or existing authorization belonging to the user with id "(user_id)"',
619 [createV2AuthXScopeContext({
620 type: "authorization",
621 authorizationId: "*",
622 clientId: "*",
623 grantId: "*",
624 userId: "{current_user_id}"
625 } as AuthorizationContext)]: "any new or existing authorization belonging to the current user",
626
627 [createV2AuthXScopeContext({
628 type: "authorization",
629 authorizationId: "*",
630 clientId: "*",
631 grantId: "*",
632 userId: "*"
633 } as AuthorizationContext)]: "any new or existing authorization"
634 },
635 {
636 [createV2AuthXScopeAction({
637 basic: "r",
638 scopes: "",
639 secrets: ""
640 } as AuthorizationAction)]: "read the basic fields of",
641 [createV2AuthXScopeAction({
642 basic: "r",
643 scopes: "r",
644 secrets: ""
645 } as AuthorizationAction)]: "read scopes of",
646 [createV2AuthXScopeAction({
647 basic: "r",
648 scopes: "",
649 secrets: "r"
650 } as AuthorizationAction)]: "read secrets of",
651 [createV2AuthXScopeAction({
652 basic: "r",
653 scopes: "*",
654 secrets: "*"
655 } as AuthorizationAction)]: "read all fields of",
656 [createV2AuthXScopeAction({
657 basic: "w",
658 scopes: "",
659 secrets: ""
660 } as AuthorizationAction)]: "write basic fields for",
661 [createV2AuthXScopeAction({
662 basic: "w",
663 scopes: "w",
664 secrets: ""
665 } as AuthorizationAction)]: "write scopes for",
666 [createV2AuthXScopeAction({
667 basic: "w",
668 scopes: "",
669 secrets: "w"
670 } as AuthorizationAction)]: "write secrets for",
671 [createV2AuthXScopeAction({
672 basic: "w",
673 scopes: "*",
674 secrets: "*"
675 } as AuthorizationAction)]: "write all fields for",
676 [createV2AuthXScopeAction({
677 basic: "*",
678 scopes: "*",
679 secrets: "*"
680 } as AuthorizationAction)]: "create, read and write all fields for"
681 }
682 ]
683 ];
684
685 return generate([
686 ...authority,
687 ...client,
688 ...role,
689 ...user,
690 ...credential,
691 ...grant,
692 ...authorization,
693 [
694 realm,
695 { "v2.*.*.*.*.*.*.*.*": "any new or existing entity" },
696 {
697 "r....": "read the basic fields of",
698 "r..r..": "read scopes of",
699 "r....r": "read users of",
700 "w....": "write basic fields for",
701 "w..w..": "write scopes for",
702 "w....w": "write users for",
703 "r.r...": "read potentially sensitive details of",
704 "w.w...": "write potentially sensitive details for",
705 "r...r.": "read secrets of",
706 "w...w.": "read secrets of",
707 "r.*.*.*.*": "read all fields of",
708 "w.*.*.*.*": "write all fields for",
709 "*.*.*.*.*": "create, read, and write all fields for"
710 }
711 ]
712 ]);
713}