Created
October 8, 2023 02:37
-
-
Save moo2u2/1b22f8a14086511e512d69e729df8731 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
const Inheritance = '!*'; | |
export const securityFieldName = '__Security'; | |
const permissionCanRead = '+read'; | |
const permissionCannotRead = '-read'; | |
enum ParseState { au, ar, pe, pd }; | |
export type Permissions = { | |
[username: string]: { | |
Item: string[]; | |
Descendants: string[]; | |
}; | |
}; | |
export type SecurityField = { | |
value: Permissions; | |
}; | |
// Equivalent of the Sitecore backend logic at | |
// https://github.com/moo2u2/Sitecore-Permissions/blob/main/SitecorePermissions/code/LayoutService/FieldSerializers/SecurityFieldSerializer.cs | |
export const parseSecurityField = (securityValue: string) => { | |
const security = { value: {} } as SecurityField; | |
if (!securityValue) | |
return security; | |
let userOrRole = ''; | |
let tokens = securityValue.split('|'); | |
let parseState: ParseState = ParseState.au; | |
tokens.forEach(token => { | |
switch (token) { | |
case 'au': | |
parseState = ParseState.au; | |
break; | |
case 'ar': | |
parseState = ParseState.ar; | |
break; | |
case 'pe': | |
parseState = ParseState.pe; | |
break; | |
case 'pd': | |
parseState = ParseState.pd; | |
break; | |
default: { | |
if (token == Inheritance) { | |
security.value[userOrRole].Item.push('Inheritance'); | |
break; | |
} | |
else if (token) { | |
switch (parseState) { | |
case ParseState.au: | |
case ParseState.ar: | |
userOrRole = token; | |
security.value[userOrRole] = { Item: [], Descendants: [] }; | |
break; | |
case ParseState.pe: | |
const permissionsItem = token.split(':'); | |
security.value[userOrRole].Item.push(permissionsItem[0][0] + permissionsItem[1]); | |
break; | |
case ParseState.pd: | |
const permissiondDesc = token.split(':'); | |
security.value[userOrRole].Descendants.push(permissiondDesc[0][0] + permissiondDesc[1]); | |
break; | |
} | |
} | |
break; | |
} | |
} | |
}); | |
return security; | |
}; | |
// Check if role is _not_ authorized to read a given item (by its __Security standard field) | |
// See https://doc.sitecore.com/xp/en/developers/103/platform-administration-and-architecture/assign-access-rights-to-a-security-account.html | |
export const notAuthorized = (permissions: Permissions, role: string): boolean => { | |
if (role in permissions && 'Item' in permissions[role]) { | |
return permissions[role].Item.indexOf(permissionCannotRead) >= 0; | |
} | |
return false; | |
} | |
// Check if any of given roles is unauthorized to read given item | |
export const anyNotAuthorized = (permissions: Permissions, roles: string[]): boolean => { | |
return roles.some(role => notAuthorized(permissions, role)); | |
} | |
// Check if role _is_ authorized to read a given item (by its __Security standard field) | |
export const isAuthorized = (permissions: Permissions, role: string): boolean => { | |
if (role in permissions && 'Item' in permissions[role]) { | |
return permissions[role].Item.indexOf(permissionCanRead) >= 0; | |
} | |
return false; | |
} | |
// Check if all given roles are authorized to read given item | |
export const allAuthorized = (permissions: Permissions, roles: string[]): boolean => { | |
return roles.every(role => isAuthorized(permissions, role)); | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment