Class: AuthorizationService
Defined in: src/auth/authorization/authorization-service.ts:218
Authorization service implementation using Casbin.
Remarks
Provides RBAC with role hierarchy and resource ownership checks. Roles are stored in Redis for scalability.
Example
const authzService = new AuthorizationService({
redis,
logger,
});
await authzService.initialize();
const result = await authzService.authorize({
subject: { did: 'did:plc:abc123', roles: ['author'] },
action: 'create',
resource: { type: 'preprint' },
});
Implements
Constructors
new AuthorizationService()
new AuthorizationService(
options):AuthorizationService
Defined in: src/auth/authorization/authorization-service.ts:230
Creates a new AuthorizationService.
Parameters
options
Service options
Returns
Methods
assignRole()
assignRole(
did,role,assignedBy?):Promise<void>
Defined in: src/auth/authorization/authorization-service.ts:318
Assigns a role to a user.
Parameters
did
User's DID
role
Role to assign
assignedBy?
Assigning user's DID
Returns
Promise<void>
Implementation of
IAuthorizationService.assignRole
authorize()
authorize(
request):Promise<AuthorizationResult>
Defined in: src/auth/authorization/authorization-service.ts:258
Checks if subject is authorized for action on resource.
Parameters
request
Authorization request
Returns
Promise<AuthorizationResult>
Authorization decision
Implementation of
IAuthorizationService.authorize
getPermissionsForRole()
getPermissionsForRole(
role):Promise<readonlyPermission[]>
Defined in: src/auth/authorization/authorization-service.ts:457
Gets all permissions for a role.
Parameters
role
Role to query
Returns
Promise<readonly Permission[]>
Array of permissions
Implementation of
IAuthorizationService.getPermissionsForRole
getRoleAssignments()
getRoleAssignments(
did):Promise<readonlyRoleAssignment[]>
Defined in: src/auth/authorization/authorization-service.ts:394
Gets role assignments with metadata.
Parameters
did
User's DID
Returns
Promise<readonly RoleAssignment[]>
Array of role assignments
Implementation of
IAuthorizationService.getRoleAssignments
getRoles()
getRoles(
did):Promise<readonlyRole[]>
Defined in: src/auth/authorization/authorization-service.ts:365
Gets all roles assigned to a user.
Parameters
did
User's DID
Returns
Promise<readonly Role[]>
Array of roles
Implementation of
IAuthorizationService.getRoles
hasAnyRole()
hasAnyRole(
did,roles):Promise<boolean>
Defined in: src/auth/authorization/authorization-service.ts:468
Checks if user has any of the specified roles.
Parameters
did
User's DID
roles
readonly Role[]
Roles to check
Returns
Promise<boolean>
True if user has at least one role
Implementation of
IAuthorizationService.hasAnyRole
hasPermission()
hasPermission(
did,permission):Promise<boolean>
Defined in: src/auth/authorization/authorization-service.ts:436
Checks if user has a specific permission.
Parameters
did
User's DID
permission
Permission to check
Returns
Promise<boolean>
True if permission granted
Implementation of
IAuthorizationService.hasPermission
initialize()
initialize():
Promise<void>
Defined in: src/auth/authorization/authorization-service.ts:242
Initializes the Casbin enforcer.
Returns
Promise<void>
Remarks
Must be called before using authorization methods.
reloadPolicies()
reloadPolicies():
Promise<void>
Defined in: src/auth/authorization/authorization-service.ts:476
Reloads policies from storage.
Returns
Promise<void>
Implementation of
IAuthorizationService.reloadPolicies
revokeRole()
revokeRole(
did,role):Promise<void>
Defined in: src/auth/authorization/authorization-service.ts:346
Revokes a role from a user.
Parameters
did
User's DID
role
Role to revoke
Returns
Promise<void>