PermissionRule

Home > @backstage/plugin-permission-node > PermissionRule

A conditional rule that can be provided in an response to an authorization request.

Signature:

export type PermissionRule<TResource, TQuery, TResourceType extends string, TParams extends PermissionRuleParams = PermissionRuleParams> = {
    name: string;
    description: string;
    resourceType: TResourceType;
    paramsSchema?: z.ZodSchema<TParams>;
    apply(resource: TResource, params: NoInfer<TParams>): boolean;
    toQuery(params: NoInfer<TParams>): PermissionCriteria<TQuery>;
};

References: PermissionRuleParams, PermissionCriteria

Remarks

Rules can either be evaluated against a resource loaded in memory, or used as filters when loading a collection of resources from a data source. The apply and toQuery methods implement these two concepts.

The two operations should always have the same logical result. If they don’t, the effective outcome of an authorization operation will sometimes differ depending on how the authorization check was performed.