Skip to main content

Interface: IAuthorizationService

Defined in: src/types/interfaces/authorization.interface.ts:274

Authorization service interface.

Remarks

Provides role-based access control using Casbin policy engine. Supports resource ownership checks and scope-based permissions.

Example

const authzService = container.resolve<IAuthorizationService>('IAuthorizationService');

const result = await authzService.authorize({
  subject: { did, roles: ['author'] },
  action: 'update',
  resource: {
    type: 'preprint',
    uri: preprintUri,
    ownerDid: did,
  },
});

if (!result.allowed) {
  throw new AuthorizationError(result.reason ?? 'Access denied');
}

Methods

assignRole()

assignRole(did, role, assignedBy?): Promise<void>

Defined in: src/types/interfaces/authorization.interface.ts:297

Assign role to user.

Parameters

did

DID

User's DID

role

Role

Role to assign

assignedBy?

DID

DID of assigning user (for audit)

Returns

Promise<void>

Remarks

Requires admin or appropriate moderator permissions.

authorize()

authorize(request): Promise<AuthorizationResult>

Defined in: src/types/interfaces/authorization.interface.ts:283

Check if subject is authorized to perform action on resource.

Parameters

request

AuthorizationRequest

Authorization request

Returns

Promise<AuthorizationResult>

Authorization decision

getPermissionsForRole()

getPermissionsForRole(role): Promise<readonly Permission[]>

Defined in: src/types/interfaces/authorization.interface.ts:351

Get all permissions for a role.

Parameters

role

Role

Role to query

Returns

Promise<readonly Permission[]>

Array of permissions

getRoleAssignments()

getRoleAssignments(did): Promise<readonly RoleAssignment[]>

Defined in: src/types/interfaces/authorization.interface.ts:327

Get role assignments with metadata.

Parameters

did

DID

User's DID

Returns

Promise<readonly RoleAssignment[]>

Array of role assignments

getRoles()

getRoles(did): Promise<readonly Role[]>

Defined in: src/types/interfaces/authorization.interface.ts:317

Get all roles for user.

Parameters

did

DID

User's DID

Returns

Promise<readonly Role[]>

Array of assigned roles

hasAnyRole()

hasAnyRole(did, roles): Promise<boolean>

Defined in: src/types/interfaces/authorization.interface.ts:362

Check if user has any of the specified roles.

Parameters

did

DID

User's DID

roles

readonly Role[]

Roles to check

Returns

Promise<boolean>

True if user has at least one role

hasPermission()

hasPermission(did, permission): Promise<boolean>

Defined in: src/types/interfaces/authorization.interface.ts:341

Check if user has specific permission.

Parameters

did

DID

User's DID

permission

Permission

Permission string

Returns

Promise<boolean>

True if permission granted

Remarks

Convenience method for checking a single permission.

reloadPolicies()

reloadPolicies(): Promise<void>

Defined in: src/types/interfaces/authorization.interface.ts:372

Reload policies from storage.

Returns

Promise<void>

Remarks

Used when policies are updated externally.

revokeRole()

revokeRole(did, role): Promise<void>

Defined in: src/types/interfaces/authorization.interface.ts:307

Revoke role from user.

Parameters

did

DID

User's DID

role

Role

Role to revoke

Returns

Promise<void>