SudoSOS Back-end API / rbac / RoleManager

Class: RoleManager

The role manager is responsible for the management of registered roles in the system, and performing access checks based on user roles and user access.

Constructors

Constructor

new RoleManager(): RoleManager;

Returns

RoleManager

Methods

can()

can(
   roles, 
   action, 
   relations, 
   entity, 
attributes): Promise<boolean>;

Performs an access check for the given parameters. This method can be used to verify if a user with the given role(s) is permitted to perform the given action (eg. create, read, update, delete) on the given properties of the given data entity, to which the user has the given relations.

Parameters

Parameter	Type	Description
`roles`	`string` \| `string`[]	The role name or list of role names to perform the check for. If a single role is supplied as string, it is converted to a list.
`action`	`string`	The action on the entity to check access for. Commonly used actions are 'create', 'read', 'update', and 'delete'.
`relations`	`string` \| `string`[]	The ownership relations towards the object. The ownership relations describes the status of the user related to the object: the user can be the owner, creator, editor, or not related at all. Commonly used ownership relations are 'own', 'created' and 'all'.
`entity`	`string`	The entity type name of the object. Most often this is a database entity, but it could also be a computed entity such as 'balance'.
`attributes`	`string`[]	The list of attributes to access. The wildcard '*' can be used to verify that the user is allowed to access all properties.

Returns

Promise<boolean>

True if access is allowed, false otherwise.

getRoles()

getRoles(user, getPermissions?): Promise<Role[]>;

Get all role names for which the given user passes the assignment check.

Parameters

Parameter	Type	Default value	Description
`user`	`User`	`undefined`	The user for which role checking is performed.
`getPermissions`	`boolean`	`false`	Whether the permissions of each role should also be returned

Returns

Promise<Role[]>

a list of role names.

getUserOrgans()

getUserOrgans(user): Promise<User[]>;

Returns all the ORGANS the user has rights over

Parameters

Parameter	Type	Description
`user`	`User`	-

Returns

Promise<User[]>

initialize()

initialize(): Promise<RoleManager>;

Returns

Promise<RoleManager>

setRoleUsers()

setRoleUsers(users, roleName): Promise<AssignedRole & object[]>;

Sets (overwrites) all the assigned users of a role.

Parameters

Parameter	Type	Description
`users`	`User`[]	The users being set the role
`roleName`	`string`	The role to set

Returns

Promise<AssignedRole & object[]>

containers

Classes

Interfaces

Type Aliases

point-of-sale

Classes

Interfaces

Type Aliases

product-categories

Classes

Interfaces

products

Classes

Interfaces

Type Aliases

Functions

vat

Enumerations

Classes

Interfaces

Functions

inactive-administrative-cost-request

Interfaces

inactive-administrative-cost-response

Interfaces

wrapped-response

Interfaces

user-notification-preference-controller

Classes

user-notification-preference

Enumerations

Classes

inactive-administrative-cost

Classes

user

Classes

wrapped

Classes

base.html

Interfaces

Functions

inactive-administrative-cost-report.html

Interfaces

Functions

transaction.html

Interfaces

Functions

transfer.html

Interfaces

Functions

inactive-administrative-cost-notification

Classes

transaction-notification

Classes

Functions

user-got-inactive-administrative-cost

Classes

user-type-updated

Classes

user-type-updated-with-reset

Classes

1761324427011-member-authenticator

Classes

1761328648026-add-organ-membership-index

Classes

1763399087409-rename-gewis-to-external

Classes

1764615514906-user-notification-preference

Classes

1764842063654-add-wrapped-table

Classes

1765826596888-add-wrapped-organ-member

Classes

1768697568707-user-setting

Classes

1769000095806-add-last-seen-to-user

Classes

abstract-channel

Classes

mail-channel