@backstage/plugin-permission-node
Home > @backstage/plugin-permission-node
Common permission and authorization utilities for backend plugins
Classes
Class |
Description |
---|---|
A thin wrapper around PermissionClient that allows all service-to-service requests. |
Functions
Function |
Description |
---|---|
Takes some permission conditions and returns a definitive authorization result on the resource to which they apply. | |
Creates the recommended condition-related exports for a given plugin based on the built-in PermissionRules it supports. | |
Creates a condition factory function for a given authorization rule and parameter types. | |
A higher-order helper function which accepts an array of PermissionRules, and returns a ConditionTransformer which transforms input conditions into equivalent plugin-specific query fragments using the supplied rules. | |
Create an express Router which provides an authorization route to allow integration between the permission backend and other Backstage backend plugins. Plugin owners that wish to support conditional authorization for their resources should add the router created by this function to their express app inside their In case the In case resources is provided, the routes can handle permissions for multiple resource types. | |
Helper function to ensure that PermissionRule definitions are typed correctly. | |
Utility function used to parse a PermissionCriteria | |
Utility function used to parse a PermissionCriteria | |
Utility function used to parse a PermissionCriteria of type | |
Helper for making plugin-specific createPermissionRule functions, that have the TResource and TQuery type parameters populated but infer the params from the supplied rule. This helps ensure that rules created for this plugin use consistent types for the resource and query. |
Interfaces
Interface |
Description |
---|---|
A policy to evaluate authorization requests for any permissioned action performed in Backstage. |
Type Aliases
Type Alias |
Description |
---|---|
A batch of ApplyConditionsRequestEntry objects. | |
A request to load the referenced resource and apply conditions in order to finalize a conditional authorization response. | |
A batch of ApplyConditionsResponseEntry objects. | |
The result of applying the conditions, expressed as a definitive authorize result of ALLOW or DENY. | |
A utility type for mapping a single PermissionRule to its corresponding PermissionCondition. | |
A utility type for mapping PermissionRules to their corresponding PermissionConditions. | |
A function which accepts PermissionConditions logically grouped in a PermissionCriteria object, and transforms the PermissionConditions into plugin specific query fragments while retaining the enclosing criteria shape. | |
Options for creating a permission integration router specific for a particular resource type. | |
Response type for the .metadata endpoint. | |
Serialized permission rules, with the paramsSchema converted from a ZodSchema to a JsonSchema. | |
Options for creating a permission integration router exposing permissions and rules from multiple resource types. | |
A conditional rule that can be provided in an response to an authorization request. | |
A query to be evaluated by the PermissionPolicy. | |
The context within which a policy query is evaluated. |