AuthZ | Node.js SDK

AuthZ

constructor(token: PangeaToken, config: PangeaConfig): AuthZService

Creates a new AuthZService with the given Pangea API token and configuration.

required parameters

tokenPangeaToken

Pangea API token.

configPangeaConfig

Configuration.

Response Object

AuthZService

const config = new PangeaConfig({ domain: "pangea_domain" });
const audit = new AuthZService("pangea_token", config);

Check Authorization

check(request: CheckRequest): Promise<PangeaResponse<CheckResult>>

Check if a subject is authorized to perform an action on a resource in the AuthZ Service.

required parameters

requestCheckRequest

An object representing the request to check authorization.

• {AuthZ.Resource} request.resource - The resource to check authorization on.
• {string} request.action - The action to check authorization for.
• {AuthZ.Subject} request.subject - The subject attempting the action.
• {boolean} [request.debug] - Setting this value to true will provide detailed debug information.
• {AuthZ.Dictionary} [request.attributes] - Additional attributes for the authorization check.

Response Object

CheckResult

Promise<PangeaResponse<CheckResult>>

const response = await authz.check({
  resource: { type: 'folder', id: 'resource1' },
  action: 'read',
  subject: { type: 'user', id: 'user1' },
  debug: true,
});

List Resources

listResources(request: ListResourcesRequest): Promise<PangeaResponse<ListResourcesResult>>

List resources that a subject is authorized to perform a specified action on in the AuthZ Service.

required parameters

requestListResourcesRequest

An object representing the request to list resources.

• {string} request.type - The type of the resources.
• {string} request.action - The action to list resources for.
• {AuthZ.Subject} request.subject - The subject attempting the action.

Response Object

ListResourcesResult

Promise<PangeaResponse<ListResourcesResult>>

const response = await authz.listResources({
  type: 'folder',
  action: 'read',
  subject: { type: 'user', id: 'user1' },
});

List Subjects

listSubjects(request: ListSubjectsRequest): Promise<PangeaResponse<ListSubjectsResult>>

List subjects that are authorized to perform a specified action on a resource in the AuthZ Service.

required parameters

requestListSubjectsRequest

An object representing the request to list subjects.

• {AuthZ.Resource} request.resource - The resource to list subjects for.
• {string} request.action - The action to list subjects for.

Response Object

ListSubjectsResult

Promise<PangeaResponse<ListSubjectsResult>>

const response = await authz.listSubjects({
  resource: { type: 'folder', id: 'resource1' },
  action: 'read',
});

Tuple Create

tupleCreate(request: TupleCreateRequest): Promise<PangeaResponse<TupleCreateResult>>

Create tuples in the AuthZ Service. The request will fail if there is no schema or the tuples do not validate against the schema.

required parameters

requestTupleCreateRequest

An object representing the request to create tuples.

• {AuthZ.Tuple[]} request.tuples - List of tuples to be created.

Response Object

TupleCreateResult

Promise<PangeaResponse<TupleCreateResult>>

const response = await authz.tupleCreate({
  tuples: [
    {
      resource: { type: 'folder', id: 'resource1' },
      relation: 'editor',
      subject: { type: 'user', id: 'user1' },
    },
    // Add more tuples as needed
  ],
});

Tuple Delete

tupleDelete(request: TupleDeleteRequest): Promise<PangeaResponse<TupleDeleteResult>>

Delete tuples in the AuthZ Service based on the provided criteria.

required parameters

requestTupleDeleteRequest

An object representing the request to delete tuples.

• {AuthZ.Tuple[]} request.tuples - List of tuples to be deleted.

Response Object

TupleDeleteResult

Promise<PangeaResponse<TupleDeleteResult>>

const response = await authz.tupleDelete({
  tuples: [
    {
      resource: { type: 'folder', id: 'resource1' },
      relation: 'owner',
      subject: { type: 'user', id: 'user1' },
    },
    // Add more tuples to be deleted as needed
  ],
});

Tuple List

tupleList(request: TupleListRequest): Promise<PangeaResponse<TupleListResult>>

List tuples in the AuthZ Service based on provided filters.

required parameters

requestTupleListRequest

An object representing the request to list tuples.

• {AuthZ.TupleListFilter} request.filter - Filter object to narrow down the list of tuples.
• {number} [request.size] - Maximum results to include in the response. Minimum is 1.
• {string} [request.last] - Reflected value from a previous response to obtain the next page of results.
• {AuthZ.ItemOrder} [request.order] - Order results asc(ending) or desc(ending).
• {AuthZ.TupleOrderBy} [request.order_by] - Which field to order results by.

Response Object

TupleListResult

Promise<PangeaResponse<TupleListResult>>

const response = await authz.tupleList({
  filter: {
    resource_type: 'folder',
    resource_id: 'resource1',
  },
  size: 10,
});

Enum ItemOrder

ItemOrder

ASC = "asc"

DESC = "desc"

Enum TupleOrderBy

TupleOrderBy

RELATION = "relation"

RESOURCE_ID = "resource_id"

RESOURCE_NAMESPACE = "resource_namespace"

SUBJECT_ACTION = "subject_action"

SUBJECT_ID = "subject_id"

SUBJECT_NAMESPACE = "subject_namespace"

Interface CheckRequest

CheckRequest

required parameters

action

string

resourceResource

subjectSubject

optional parameters

attributesDictionary

debug

boolean

Interface CheckResult

CheckResult

required parameters

allowed

boolean

depth

number

schema_id

string

schema_version

number

optional parameters

debugDebug

Interface Debug

Debug

required parameters

pathArray<DebugPath>

Interface DebugPath

DebugPath

required parameters

action

string

id

string

type

string

Interface ListResourcesRequest

ListResourcesRequest

required parameters

action

string

subjectSubject

type

string

optional parameters

attributesDictionary

A JSON object of attribute data.

Interface ListResourcesResult

ListResourcesResult

required parameters

ids

Array<string>

Interface ListSubjectsRequest

ListSubjectsRequest

required parameters

action

string

resourceResource

optional parameters

attributesDictionary

A JSON object of attribute data.

Interface ListSubjectsResult

ListSubjectsResult

required parameters

subjectsArray<Subject>

Interface Resource

Resource

required parameters

type

string

optional parameters

id

string

Interface Subject

Subject

required parameters

id

string

type

string

optional parameters

action

string

Interface Tuple

Tuple

required parameters

relation

string

resourceResource

subjectSubject

Interface TupleCreateRequest

TupleCreateRequest

required parameters

tuplesArray<Tuple>

Interface TupleCreateResult

TupleCreateResult

Interface TupleDeleteRequest

TupleDeleteRequest

required parameters

tuplesArray<Tuple>

Interface TupleDeleteResult

TupleDeleteResult

Interface TupleListFilter

TupleListFilter

optional parameters

relation

string

relation__contains

Array<string>

relation__in

Array<string>

resource_id

string

resource_id__contains

Array<string>

resource_id__in

Array<string>

resource_type

string

resource_type__contains

Array<string>

resource_type__in

Array<string>

subject_action

string

subject_action__contains

Array<string>

subject_action__in

Array<string>

subject_id

string

subject_id__contains

Array<string>

subject_id__in

Array<string>

subject_type

string

subject_type__contains

Array<string>

subject_type__in

Array<string>

Interface TupleListRequest

TupleListRequest

required parameters

filterTupleListFilter

optional parameters

last

string

orderItemOrder

order_byTupleOrderBy

size

number

Interface TupleListResult

TupleListResult

required parameters

count

number

last

string

tuplesArray<Tuple>