AuthZ

constructor(token: PangeaToken, config: PangeaConfig): AuthZService

Creates a new AuthZService with the given Pangea API token and configuration.

Pangea API token.

Configuration.

AuthZService

const config = new PangeaConfig({ domain: "pangea_domain" });
const audit = new AuthZService("pangea_token", config);

Check Authorization

check(request: CheckRequest): Promise<PangeaResponse<CheckResult>>

Check if a subject is authorized to perform an action on a resource in the AuthZ Service.

requestCheckRequest

An object representing the request to check authorization.

{AuthZ.Resource} request.resource - The resource to check authorization on.
{string} request.action - The action to check authorization for.
{AuthZ.Subject} request.subject - The subject attempting the action.
{boolean} [request.debug] - Setting this value to true will provide detailed debug information.
{AuthZ.Dictionary} [request.attributes] - Additional attributes for the authorization check.

CheckResult

Promise<PangeaResponse<CheckResult>>

const response = await authz.check({
  resource: { type: 'folder', id: 'resource1' },
  action: 'read',
  subject: { type: 'user', id: 'user1' },
  debug: true,
});

List Resources

listResources(request: ListResourcesRequest): Promise<PangeaResponse<ListResourcesResult>>

List resources that a subject is authorized to perform a specified action on in the AuthZ Service.

requestListResourcesRequest

An object representing the request to list resources.

{string} request.type - The type of the resources.
{string} request.action - The action to list resources for.
{AuthZ.Subject} request.subject - The subject attempting the action.

ListResourcesResult

Promise<PangeaResponse<ListResourcesResult>>

const response = await authz.listResources({
  type: 'folder',
  action: 'read',
  subject: { type: 'user', id: 'user1' },
});

List Subjects

listSubjects(request: ListSubjectsRequest): Promise<PangeaResponse<ListSubjectsResult>>

List subjects that are authorized to perform a specified action on a resource in the AuthZ Service.

requestListSubjectsRequest

An object representing the request to list subjects.

{AuthZ.Resource} request.resource - The resource to list subjects for.
{string} request.action - The action to list subjects for.

ListSubjectsResult

Promise<PangeaResponse<ListSubjectsResult>>

const response = await authz.listSubjects({
  resource: { type: 'folder', id: 'resource1' },
  action: 'read',
});

Tuple Create

tupleCreate(request: TupleCreateRequest): Promise<PangeaResponse<TupleCreateResult>>

Create tuples in the AuthZ Service. The request will fail if there is no schema or the tuples do not validate against the schema.

requestTupleCreateRequest

An object representing the request to create tuples.

{AuthZ.Tuple[]} request.tuples - List of tuples to be created.

TupleCreateResult

Promise<PangeaResponse<TupleCreateResult>>

const response = await authz.tupleCreate({
  tuples: [
    {
      resource: { type: 'folder', id: 'resource1' },
      relation: 'editor',
      subject: { type: 'user', id: 'user1' },
    },
    // Add more tuples as needed
  ],
});

Tuple Delete

tupleDelete(request: TupleDeleteRequest): Promise<PangeaResponse<TupleDeleteResult>>

Delete tuples in the AuthZ Service based on the provided criteria.

requestTupleDeleteRequest

An object representing the request to delete tuples.

{AuthZ.Tuple[]} request.tuples - List of tuples to be deleted.

TupleDeleteResult

Promise<PangeaResponse<TupleDeleteResult>>

const response = await authz.tupleDelete({
  tuples: [
    {
      resource: { type: 'folder', id: 'resource1' },
      relation: 'owner',
      subject: { type: 'user', id: 'user1' },
    },
    // Add more tuples to be deleted as needed
  ],
});

Tuple List

tupleList(request: TupleListRequest): Promise<PangeaResponse<TupleListResult>>

List tuples in the AuthZ Service based on provided filters.

requestTupleListRequest

An object representing the request to list tuples.

{AuthZ.TupleListFilter} request.filter - Filter object to narrow down the list of tuples.
{number} [request.size] - Maximum results to include in the response. Minimum is 1.
{string} [request.last] - Reflected value from a previous response to obtain the next page of results.
{AuthZ.ItemOrder} [request.order] - Order results asc(ending) or desc(ending).
{AuthZ.TupleOrderBy} [request.order_by] - Which field to order results by.

TupleListResult

Promise<PangeaResponse<TupleListResult>>

const response = await authz.tupleList({
  filter: {
    resource_type: 'folder',
    resource_id: 'resource1',
  },
  size: 10,
});

Enum ItemOrder

ItemOrder

ASC = "asc"

DESC = "desc"

Enum TupleOrderBy

TupleOrderBy

RELATION = "relation"

RESOURCE_ID = "resource_id"

RESOURCE_NAMESPACE = "resource_namespace"

SUBJECT_ACTION = "subject_action"

SUBJECT_ID = "subject_id"

SUBJECT_NAMESPACE = "subject_namespace"

Interface CheckRequest

CheckRequest

action

string

resourceResource

subjectSubject

attributesDictionary

debug

boolean

Interface CheckResult

CheckResult

allowed

boolean

depth

number

schema_id

string

schema_version

number

debugDebug

Interface Debug

Debug

pathArray<DebugPath>

Interface DebugPath

DebugPath

action

string

id

string

type

string

Interface ListResourcesRequest

ListResourcesRequest

action

string

subjectSubject

type

string

attributesDictionary

A JSON object of attribute data.

Interface ListResourcesResult

ListResourcesResult

ids

Array<string>

Interface ListSubjectsRequest

ListSubjectsRequest

action

string

resourceResource

attributesDictionary

A JSON object of attribute data.

Interface ListSubjectsResult

ListSubjectsResult

subjectsArray<Subject>

Interface Resource

Resource

type

string

id

string

Interface Subject

Subject

id

string

Interface TupleDeleteResult

TupleDeleteResult

Interface TupleListFilter

Array<string>

Interface TupleListRequest

TupleListRequest

filterTupleListFilter

last

string

orderItemOrder

order_byTupleOrderBy

size

number

Interface TupleListResult

TupleListResult

count

number

last

string

tuplesArray<Tuple>

AuthZ

Response Object

AuthZService

Check Authorization

Response Object

Promise<PangeaResponse<CheckResult>>

List Resources

Response Object

Promise<PangeaResponse<ListResourcesResult>>

List Subjects

Response Object

Promise<PangeaResponse<ListSubjectsResult>>

Tuple Create

Response Object

Promise<PangeaResponse<TupleCreateResult>>

Tuple Delete

Response Object

Promise<PangeaResponse<TupleDeleteResult>>

Tuple List

Response Object

Promise<PangeaResponse<TupleListResult>>

Enum ItemOrder

Enum TupleOrderBy

Interface CheckRequest

string

optional parameters

boolean

Interface CheckResult

boolean

number

string

number

optional parameters

Interface Debug

Interface DebugPath

string

string

string

Interface ListResourcesRequest

string

string

optional parameters

Interface ListResourcesResult

Array<string>

Interface ListSubjectsRequest

string

optional parameters

Interface ListSubjectsResult

Interface Resource

string

optional parameters

string

Interface Subject

string

string

optional parameters

string

Interface Tuple

string

Interface TupleCreateRequest

Interface TupleCreateResult

Interface TupleDeleteRequest

Interface TupleDeleteResult

Interface TupleListFilter

string

Array<string>

Array<string>

string

Array<string>

Array<string>

string

Array<string>

Array<string>

string

Array<string>

Array<string>

string

Array<string>

Array<string>

string