core.js: Exposing the method that given an AccessList and blesssings[],
returns true if there is a match.
The methood is put on the VDL defined AccessList, similar to Go.
Change-Id: I29ae0ca3e99c153d783bec6024c253c8f28c9fbe
diff --git a/src/security/access/accesslist-extensions.js b/src/security/access/accesslist-extensions.js
new file mode 100644
index 0000000..d1ff744
--- /dev/null
+++ b/src/security/access/accesslist-extensions.js
@@ -0,0 +1,38 @@
+// Copyright 2015 The Vanadium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+/*
+ * Extends the vdl generated AccessList by adding additional methods.
+ * @fileoverview
+ */
+
+var blessingMatches = require('./blessing-matching');
+var AccessList = require('../../gen-vdl/v.io/v23/security/access').AccessList;
+
+/**
+ * Returns true iff the AccessList grants access to a principal that
+ * presents blessings.
+ * (i.e., if at least one of the blessings matches the AccessList).
+ * @param {string[]} blessings Presented blessing names.
+ * @return {boolean}
+ * @name includes
+ * @method
+ * @memberof module:vanadium.security.access.AccessList.prototype
+ */
+ AccessList.prototype.includes = function(blessings) {
+ var accessList = this;
+
+ // Remove the blessing that are blacklisted.
+ var unblacklistedNames = blessings.filter(function(blessing) {
+ return accessList.notIn.every(function(pattern) {
+ return !blessingMatches(blessing, pattern);
+ });
+ });
+ // Check the remaining blessing for a match in the white list.
+ return unblacklistedNames.some(function(blessing) {
+ return accessList.in.some(function(pattern) {
+ return blessingMatches(blessing, pattern);
+ });
+ });
+ };
\ No newline at end of file
diff --git a/src/security/access/index.js b/src/security/access/index.js
index 6964eb8..d5fafda 100644
--- a/src/security/access/index.js
+++ b/src/security/access/index.js
@@ -2,6 +2,9 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
+// Require the extensions files.
+require('./accesslist-extensions');
+
var extend = require('xtend');
/* jshint ignore:start */
/**
diff --git a/src/security/access/permissions-authorizer.js b/src/security/access/permissions-authorizer.js
index 6c4e1c4..c2a03ad 100644
--- a/src/security/access/permissions-authorizer.js
+++ b/src/security/access/permissions-authorizer.js
@@ -5,7 +5,6 @@
* @fileoverview The Permissions authorizer
* @private
*/
-var blessingMatches = require('./blessing-matching');
var unwrap = require('../../vdl/type-util').unwrap;
var makeError = require('../../verror/make-errors');
var actions = require('../../verror/actions');
@@ -66,27 +65,9 @@
var key = unwrap(tags[0]);
var lists = permissions.get(key);
- if (!lists || !canAccess(call.remoteBlessingStrings, lists.in,
- lists.notIn)) {
+ if (!lists || !lists.includes(call.remoteBlessingStrings)) {
throw new NoPermissionsError(ctx, call.remoteBlessingStrings, [], key);
}
return;
};
-}
-
-// Returns whether name passed in has permission for the passed in
-// label.
-function canAccess(names, inSet, notInSet) {
- // Remove the names that are blacklisted.
- var unblacklistedNames = names.filter(function(name) {
- return notInSet.every(function(pattern) {
- return !blessingMatches(name, pattern);
- });
- });
- // Check the remaining names for a match in the white list.
- return unblacklistedNames.some(function(name) {
- return inSet.some(function(pattern) {
- return blessingMatches(name, pattern);
- });
- });
-}
+}
\ No newline at end of file
