ice-static
/
Eve-Project


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324
							"use strict";

Object.defineProperty(exports, "__esModule", {
  value: true
});
exports.default = void 0;
var _ParseRole = _interopRequireDefault(require("./ParseRole"));
var _ParseUser = _interopRequireDefault(require("./ParseUser"));
function _interopRequireDefault(obj) {
  return obj && obj.__esModule ? obj : {
    default: obj
  };
}
/**
 * @flow
 */
/*:: type PermissionsMap = { [permission: string]: boolean };*/
/*:: type ByIdMap = { [userId: string]: PermissionsMap };*/
const PUBLIC_KEY = '*';

/**
 * Creates a new ACL.
 * If no argument is given, the ACL has no permissions for anyone.
 * If the argument is a Parse.User, the ACL will have read and write
 *   permission for only that user.
 * If the argument is any other JSON object, that object will be interpretted
 *   as a serialized ACL created with toJSON().
 *
 * <p>An ACL, or Access Control List can be added to any
 * <code>Parse.Object</code> to restrict access to only a subset of users
 * of your application.</p>
 *
 * @alias Parse.ACL
 */
class ParseACL {
  /*:: permissionsById: ByIdMap;*/
  /**
   * @param {(Parse.User | object)} arg1 The user to initialize the ACL for
   */
  constructor(arg1 /*: ParseUser | ByIdMap*/) {
    this.permissionsById = {};
    if (arg1 && typeof arg1 === 'object') {
      if (arg1 instanceof _ParseUser.default) {
        this.setReadAccess(arg1, true);
        this.setWriteAccess(arg1, true);
      } else {
        for (const userId in arg1) {
          const accessList = arg1[userId];
          this.permissionsById[userId] = {};
          for (const permission in accessList) {
            const allowed = accessList[permission];
            if (permission !== 'read' && permission !== 'write') {
              throw new TypeError('Tried to create an ACL with an invalid permission type.');
            }
            if (typeof allowed !== 'boolean') {
              throw new TypeError('Tried to create an ACL with an invalid permission value.');
            }
            this.permissionsById[userId][permission] = allowed;
          }
        }
      }
    } else if (typeof arg1 === 'function') {
      throw new TypeError('ParseACL constructed with a function. Did you forget ()?');
    }
  }

  /**
   * Returns a JSON-encoded version of the ACL.
   *
   * @returns {object}
   */
  toJSON() /*: ByIdMap*/{
    const permissions = {};
    for (const p in this.permissionsById) {
      permissions[p] = this.permissionsById[p];
    }
    return permissions;
  }

  /**
   * Returns whether this ACL is equal to another object
   *
   * @param {ParseACL} other The other object's ACL to compare to
   * @returns {boolean}
   */
  equals(other /*: ParseACL*/) /*: boolean*/{
    if (!(other instanceof ParseACL)) {
      return false;
    }
    const users = Object.keys(this.permissionsById);
    const otherUsers = Object.keys(other.permissionsById);
    if (users.length !== otherUsers.length) {
      return false;
    }
    for (const u in this.permissionsById) {
      if (!other.permissionsById[u]) {
        return false;
      }
      if (this.permissionsById[u].read !== other.permissionsById[u].read) {
        return false;
      }
      if (this.permissionsById[u].write !== other.permissionsById[u].write) {
        return false;
      }
    }
    return true;
  }
  _setAccess(accessType /*: string*/, userId /*: ParseUser | ParseRole | string*/, allowed /*: boolean*/) {
    if (userId instanceof _ParseUser.default) {
      userId = userId.id;
    } else if (userId instanceof _ParseRole.default) {
      const name = userId.getName();
      if (!name) {
        throw new TypeError('Role must have a name');
      }
      userId = 'role:' + name;
    }
    if (typeof userId !== 'string') {
      throw new TypeError('userId must be a string.');
    }
    if (typeof allowed !== 'boolean') {
      throw new TypeError('allowed must be either true or false.');
    }
    let permissions = this.permissionsById[userId];
    if (!permissions) {
      if (!allowed) {
        // The user already doesn't have this permission, so no action is needed
        return;
      } else {
        permissions = {};
        this.permissionsById[userId] = permissions;
      }
    }
    if (allowed) {
      this.permissionsById[userId][accessType] = true;
    } else {
      delete permissions[accessType];
      if (Object.keys(permissions).length === 0) {
        delete this.permissionsById[userId];
      }
    }
  }
  _getAccess(accessType /*: string*/, userId /*: ParseUser | ParseRole | string*/) /*: boolean*/{
    if (userId instanceof _ParseUser.default) {
      userId = userId.id;
      if (!userId) {
        throw new Error('Cannot get access for a ParseUser without an ID');
      }
    } else if (userId instanceof _ParseRole.default) {
      const name = userId.getName();
      if (!name) {
        throw new TypeError('Role must have a name');
      }
      userId = 'role:' + name;
    }
    const permissions = this.permissionsById[userId];
    if (!permissions) {
      return false;
    }
    return !!permissions[accessType];
  }

  /**
   * Sets whether the given user is allowed to read this object.
   *
   * @param userId An instance of Parse.User or its objectId.
   * @param {boolean} allowed Whether that user should have read access.
   */
  setReadAccess(userId /*: ParseUser | ParseRole | string*/, allowed /*: boolean*/) {
    this._setAccess('read', userId, allowed);
  }

  /**
   * Get whether the given user id is *explicitly* allowed to read this object.
   * Even if this returns false, the user may still be able to access it if
   * getPublicReadAccess returns true or a role that the user belongs to has
   * write access.
   *
   * @param userId An instance of Parse.User or its objectId, or a Parse.Role.
   * @returns {boolean}
   */
  getReadAccess(userId /*: ParseUser | ParseRole | string*/) /*: boolean*/{
    return this._getAccess('read', userId);
  }

  /**
   * Sets whether the given user id is allowed to write this object.
   *
   * @param userId An instance of Parse.User or its objectId, or a Parse.Role..
   * @param {boolean} allowed Whether that user should have write access.
   */
  setWriteAccess(userId /*: ParseUser | ParseRole | string*/, allowed /*: boolean*/) {
    this._setAccess('write', userId, allowed);
  }

  /**
   * Gets whether the given user id is *explicitly* allowed to write this object.
   * Even if this returns false, the user may still be able to write it if
   * getPublicWriteAccess returns true or a role that the user belongs to has
   * write access.
   *
   * @param userId An instance of Parse.User or its objectId, or a Parse.Role.
   * @returns {boolean}
   */
  getWriteAccess(userId /*: ParseUser | ParseRole | string*/) /*: boolean*/{
    return this._getAccess('write', userId);
  }

  /**
   * Sets whether the public is allowed to read this object.
   *
   * @param {boolean} allowed
   */
  setPublicReadAccess(allowed /*: boolean*/) {
    this.setReadAccess(PUBLIC_KEY, allowed);
  }

  /**
   * Gets whether the public is allowed to read this object.
   *
   * @returns {boolean}
   */
  getPublicReadAccess() /*: boolean*/{
    return this.getReadAccess(PUBLIC_KEY);
  }

  /**
   * Sets whether the public is allowed to write this object.
   *
   * @param {boolean} allowed
   */
  setPublicWriteAccess(allowed /*: boolean*/) {
    this.setWriteAccess(PUBLIC_KEY, allowed);
  }

  /**
   * Gets whether the public is allowed to write this object.
   *
   * @returns {boolean}
   */
  getPublicWriteAccess() /*: boolean*/{
    return this.getWriteAccess(PUBLIC_KEY);
  }

  /**
   * Gets whether users belonging to the given role are allowed
   * to read this object. Even if this returns false, the role may
   * still be able to write it if a parent role has read access.
   *
   * @param role The name of the role, or a Parse.Role object.
   * @returns {boolean} true if the role has read access. false otherwise.
   * @throws {TypeError} If role is neither a Parse.Role nor a String.
   */
  getRoleReadAccess(role /*: ParseRole | string*/) /*: boolean*/{
    if (role instanceof _ParseRole.default) {
      // Normalize to the String name
      role = role.getName();
    }
    if (typeof role !== 'string') {
      throw new TypeError('role must be a ParseRole or a String');
    }
    return this.getReadAccess('role:' + role);
  }

  /**
   * Gets whether users belonging to the given role are allowed
   * to write this object. Even if this returns false, the role may
   * still be able to write it if a parent role has write access.
   *
   * @param role The name of the role, or a Parse.Role object.
   * @returns {boolean} true if the role has write access. false otherwise.
   * @throws {TypeError} If role is neither a Parse.Role nor a String.
   */
  getRoleWriteAccess(role /*: ParseRole | string*/) /*: boolean*/{
    if (role instanceof _ParseRole.default) {
      // Normalize to the String name
      role = role.getName();
    }
    if (typeof role !== 'string') {
      throw new TypeError('role must be a ParseRole or a String');
    }
    return this.getWriteAccess('role:' + role);
  }

  /**
   * Sets whether users belonging to the given role are allowed
   * to read this object.
   *
   * @param role The name of the role, or a Parse.Role object.
   * @param {boolean} allowed Whether the given role can read this object.
   * @throws {TypeError} If role is neither a Parse.Role nor a String.
   */
  setRoleReadAccess(role /*: ParseRole | string*/, allowed /*: boolean*/) {
    if (role instanceof _ParseRole.default) {
      // Normalize to the String name
      role = role.getName();
    }
    if (typeof role !== 'string') {
      throw new TypeError('role must be a ParseRole or a String');
    }
    this.setReadAccess('role:' + role, allowed);
  }

  /**
   * Sets whether users belonging to the given role are allowed
   * to write this object.
   *
   * @param role The name of the role, or a Parse.Role object.
   * @param {boolean} allowed Whether the given role can write this object.
   * @throws {TypeError} If role is neither a Parse.Role nor a String.
   */
  setRoleWriteAccess(role /*: ParseRole | string*/, allowed /*: boolean*/) {
    if (role instanceof _ParseRole.default) {
      // Normalize to the String name
      role = role.getName();
    }
    if (typeof role !== 'string') {
      throw new TypeError('role must be a ParseRole or a String');
    }
    this.setWriteAccess('role:' + role, allowed);
  }
}
var _default = ParseACL;
exports.default = _default;