AuthZ | Node.js SDK

AuthZ

constructor(token: PangeaToken, config: PangeaConfig): AuthZService

Creates a new AuthZService with the given Pangea API token and configuration.

tokenPangeaToken

Pangea API token.

configPangeaConfig

Configuration.

AuthZService

const config = new PangeaConfig({ domain: "pangea_domain" });
const audit = new AuthZService("pangea_token", config);

Check Authorization

check(request: CheckRequest): Promise<PangeaResponse<CheckResult>>

Check if a subject is authorized to perform an action on a resource in the AuthZ Service.

requestCheckRequest

An object representing the request to check authorization.

• {AuthZ.Resource} request.resource - The resource to check authorization on.
• {string} request.action - The action to check authorization for.
• {AuthZ.Subject} request.subject - The subject attempting the action.
• {boolean} [request.debug] - Setting this value to true will provide detailed debug information.
• {AuthZ.Dictionary} [request.attributes] - Additional attributes for the authorization check.

CheckResult

Promise<PangeaResponse<CheckResult>>

const response = await authz.check({
  resource: { type: 'folder', id: 'resource1' },
  action: 'read',
  subject: { type: 'user', id: 'user1' },
  debug: true,
});

List Resources

listResources(request: ListResourcesRequest): Promise<PangeaResponse<ListResourcesResult>>

List resources that a subject is authorized to perform a specified action on in the AuthZ Service.

requestListResourcesRequest

An object representing the request to list resources.

• {string} request.type - The type of the resources.
• {string} request.action - The action to list resources for.
• {AuthZ.Subject} request.subject - The subject attempting the action.

ListResourcesResult

Promise<PangeaResponse<ListResourcesResult>>

const response = await authz.listResources({
  type: 'folder',
  action: 'read',
  subject: { type: 'user', id: 'user1' },
});

List Subjects

listSubjects(request: ListSubjectsRequest): Promise<PangeaResponse<ListSubjectsResult>>

List subjects that are authorized to perform a specified action on a resource in the AuthZ Service.

requestListSubjectsRequest

An object representing the request to list subjects.

• {AuthZ.Resource} request.resource - The resource to list subjects for.
• {string} request.action - The action to list subjects for.

ListSubjectsResult

Promise<PangeaResponse<ListSubjectsResult>>

const response = await authz.listSubjects({
  resource: { type: 'folder', id: 'resource1' },
  action: 'read',
});

Tuple Create

tupleCreate(request: TupleCreateRequest): Promise<PangeaResponse<TupleCreateResult>>

Create tuples in the AuthZ Service. The request will fail if there is no schema or the tuples do not validate against the schema.

requestTupleCreateRequest

An object representing the request to create tuples.

• {AuthZ.Tuple[]} request.tuples - List of tuples to be created.

TupleCreateResult

Promise<PangeaResponse<TupleCreateResult>>

const response = await authz.tupleCreate({
  tuples: [
    {
      resource: { type: 'folder', id: 'resource1' },
      relation: 'editor',
      subject: { type: 'user', id: 'user1' },
    },
    // Add more tuples as needed
  ],
});

Tuple Delete

tupleDelete(request: TupleDeleteRequest): Promise<PangeaResponse<TupleDeleteResult>>

Delete tuples in the AuthZ Service based on the provided criteria.

requestTupleDeleteRequest

An object representing the request to delete tuples.

• {AuthZ.Tuple[]} request.tuples - List of tuples to be deleted.

TupleDeleteResult

Promise<PangeaResponse<TupleDeleteResult>>

const response = await authz.tupleDelete({
  tuples: [
    {
      resource: { type: 'folder', id: 'resource1' },
      relation: 'owner',
      subject: { type: 'user', id: 'user1' },
    },
    // Add more tuples to be deleted as needed
  ],
});

Tuple List

tupleList(request: TupleListRequest): Promise<PangeaResponse<TupleListResult>>

List tuples in the AuthZ Service based on provided filters.

requestTupleListRequest

An object representing the request to list tuples.

• {AuthZ.TupleListFilter} request.filter - Filter object to narrow down the list of tuples.
• {number} [request.size] - Maximum results to include in the response. Minimum is 1.
• {string} [request.last] - Reflected value from a previous response to obtain the next page of results.
• {AuthZ.ItemOrder} [request.order] - Order results asc(ending) or desc(ending).
• {AuthZ.TupleOrderBy} [request.order_by] - Which field to order results by.

TupleListResult

Promise<PangeaResponse<TupleListResult>>

const response = await authz.tupleList({
  filter: {
    resource_type: 'folder',
    resource_id: 'resource1',
  },
  size: 10,
});

Enum ItemOrder

ItemOrder

ASC = "asc"

DESC = "desc"

Enum TupleOrderBy

TupleOrderBy

RELATION = "relation"

RESOURCE_ID = "resource_id"

RESOURCE_NAMESPACE = "resource_namespace"

SUBJECT_ACTION = "subject_action"

SUBJECT_ID = "subject_id"

SUBJECT_NAMESPACE = "subject_namespace"

Interface CheckRequest

CheckRequest

action

string

resourceResource

subjectSubject

attributesDictionary

debug

boolean

Interface CheckResult

CheckResult

allowed

boolean

depth

number

schema_id

string

schema_version

number

debugDebug

Interface Debug

Debug

pathArray<DebugPath>

Interface DebugPath

DebugPath

action

string

id

string

type

string

Interface ListResourcesRequest

ListResourcesRequest

action

string

subjectSubject

type

string

attributesDictionary

A JSON object of attribute data.

Interface ListResourcesResult

ListResourcesResult

ids

Array<string>

Interface ListSubjectsRequest

ListSubjectsRequest

action

string

resourceResource

attributesDictionary

A JSON object of attribute data.

Interface ListSubjectsResult

ListSubjectsResult

subjectsArray<Subject>

Interface Resource

Resource

type

string

id

string

Interface Subject

Subject

id

string

type

string

action

string

Interface Tuple

Tuple

relation

string

resourceResource

subjectSubject

Interface TupleCreateRequest

TupleCreateRequest

tuplesArray<Tuple>

Interface TupleCreateResult

TupleCreateResult

Interface TupleDeleteRequest

TupleDeleteRequest

tuplesArray<Tuple>

Interface TupleDeleteResult

TupleDeleteResult

Interface TupleListFilter

TupleListFilter

relation

string

relation__contains

Array<string>

relation__in

Array<string>

resource_id

string

resource_id__contains

Array<string>

resource_id__in

Array<string>

resource_type

string

resource_type__contains

Array<string>

resource_type__in

Array<string>

subject_action

string

subject_action__contains

Array<string>

subject_action__in

Array<string>

subject_id

string

subject_id__contains

Array<string>

subject_id__in

Array<string>

subject_type

string

subject_type__contains

Array<string>

subject_type__in

Array<string>

Interface TupleListRequest

TupleListRequest

filterTupleListFilter

last

string

orderItemOrder

order_byTupleOrderBy

size

number

Interface TupleListResult

TupleListResult

count

number

last

string

tuplesArray<Tuple>