Manages permissions of users.

interface IPermissionSystem<TUser extends IUser = IUser> {
    checkForContent(
        actingUser: TUser,
        permission: ContentPermission,
        contentId: string,
    ): Promise<boolean>;
    checkForGeneralAction(
        actingUser: TUser,
        permission: GeneralPermission,
    ): Promise<boolean>;
    checkForTemporaryFile(
        actingUser: TUser,
        permission: TemporaryFilePermission,
        filename: string,
    ): Promise<boolean>;
    checkForUserData(
        actingUser: TUser,
        permission: UserDataPermission,
        contentId: string,
        affectedUserId?: string,
    ): Promise<boolean>;
}

Type Parameters

Implemented by

Methods

  • Checks if a user has a certain permission on a content object

    Parameters

    • actingUser: TUser

      the user who is currently active

    • permission: ContentPermission

      the permission to check

    • contentId: string

      the content for which to check; if the permission if ContentPermission.List or ContentPermission.Create the id will be undefined

    Returns Promise<boolean>

    true if the user is allowed to do it

  • Checks if a user has a certain permission that is not associated with any object, but part of their general role.

    Parameters

    Returns Promise<boolean>

    true if the user is allowed to do it

  • Checks if a user has a certain permission on a temporary file

    Parameters

    • actingUser: TUser

      the currently active user

    • permission: TemporaryFilePermission

      the permission to check

    • filename: string

      the file the user is trying to access; can be undefined if the the check is for TemporaryFilePermission.Create

    Returns Promise<boolean>

    true if the user is allowed to do it

  • Checks if a user has a certain permission on a user data object.

    Parameters

    • actingUser: TUser

      the user who is currently active

    • permission: UserDataPermission

      the permission to check

    • contentId: string

      the content id to which the user data belongs

    • OptionalaffectedUserId: string

      (optional) if the acting user tries to access user data that is not their own, the affected user will be specified here

    Returns Promise<boolean>

    true if the user is allowed to do it