Skip to main content
Version: Next

@backstage/plugin-permission-common

Home > @backstage/plugin-permission-common

Isomorphic types and client for Backstage permissions and authorization

Classes

Class

Description

PermissionClient

An isomorphic client for requesting authorization for Backstage permissions.

Enumerations

Enumeration

Description

AuthorizeResult

The result of an authorization request.

Functions

Function

Description

createPermission(input)

Utility function for creating a valid ResourcePermission, inferring the appropriate type and resource type parameter.

createPermission(input)

Utility function for creating a valid BasicPermission.

isCreatePermission(permission)

Check if a given permission is related to a create action.

isDeletePermission(permission)

Check if a given permission is related to a delete action.

isPermission(permission, comparedPermission)

Check if the two parameters are equivalent permissions.

isReadPermission(permission)

Check if a given permission is related to a read action.

isResourcePermission(permission, resourceType)

Check if a given permission is a ResourcePermission. When resourceType is supplied as the second parameter, also checks if the permission has the specified resource type.

isUpdatePermission(permission)

Check if a given permission is related to an update action.

toPermissionEvaluator(permissionAuthorizer)

Convert PermissionAuthorizer to PermissionEvaluator.

Interfaces

Interface

Description

EvaluatorRequestOptions

Options for PermissionEvaluator requests.

This is currently empty, as there are no longer any common options for the permission evaluator.

PermissionAuthorizer

A client interacting with the permission backend can implement this authorizer interface.

PermissionEvaluator

A client interacting with the permission backend can implement this evaluator interface.

Type Aliases

Type Alias

Description

AllOfCriteria

Represents a logical AND for the provided criteria.

AnyOfCriteria

Represents a logical OR for the provided criteria.

AuthorizePermissionRequest

Request object for PermissionEvaluator.authorize(). If a ResourcePermission is provided, it must include a corresponding resourceRef.

AuthorizePermissionResponse

Response object for PermissionEvaluator.authorize().

AuthorizeRequestOptions

Options for authorization requests.

BasicPermission

A standard Permission with no additional capabilities or restrictions.

ConditionalPolicyDecision

A conditional decision returned by the PermissionPolicy.

DefinitivePolicyDecision

A definitive decision returned by the PermissionPolicy.

DiscoveryApi

This is a copy of the core DiscoveryApi, to avoid importing core.

EvaluatePermissionRequest

An individual request sent to the permission backend.

EvaluatePermissionRequestBatch

A batch of requests sent to the permission backend.

EvaluatePermissionResponse

An individual response from the permission backend.

EvaluatePermissionResponseBatch

A batch of responses from the permission backend.

IdentifiedPermissionMessage

A request with a UUID identifier, so that batched responses can be matched up with the original requests.

MetadataResponse

Response type for the .metadata endpoint in createPermissionIntegrationRouter()

MetadataResponseSerializedRule

Serialized permission rules, with the paramsSchema converted from a ZodSchema to a JsonSchema.

NotCriteria

Represents a negation of the provided criteria.

Permission

A permission that can be checked through authorization.

PermissionAttributes

The attributes related to a given permission; these should be generic and widely applicable to all permissions in the system.

PermissionBase

Generic type for building Permission types.

PermissionClientRequestOptions

Options for PermissionClient requests.

PermissionCondition

A condition returned with a CONDITIONAL authorization response.

Conditions are a reference to a rule defined by a plugin, and parameters to apply the rule. For example, a rule might be isOwner from the catalog-backend, and params may be a list of entity claims from a identity token.

PermissionCriteria

Composes several PermissionConditions as criteria with a nested AND/OR structure.

PermissionMessageBatch

A batch of request or response items.

PermissionRuleParam

A parameter to a permission rule.

PermissionRuleParams

Types that can be used as parameters to permission rules.

PolicyDecision

A decision returned by the PermissionPolicy.

QueryPermissionRequest

Request object for PermissionEvaluator.authorizeConditional().

QueryPermissionResponse

Response object for PermissionEvaluator.authorizeConditional().

ResourcePermission

ResourcePermissions are Permissions that can be authorized based on characteristics of a resource such a catalog entity.