IPermissionPolicy

Interface

Defines a system level policy for a specific permission. All conditions must be met for the permission to be granted. Additinonal conditions may be added by an entity to further limit access when the permission is checed in the contex to the entity. e.g. "hub:project:create" in the context of an Initiative, may further restrict to members of a specfic group

Properties

Property Type Notes
permission Permission

Permission being defined

assertions Optional IPolicyAssertion[]

More complex policies can be defined with a set of assertions

authenticated Optional boolean

Must the user authenticated?

availability Optional HubAvailability[]

Is this permission gated to a specific availability? This is used to limit access to features that are not yet available in production

dependencies Optional Permission[]

Parent permissions this permission is dependent on

entityConfigurable Optional boolean

Can an entity provide additional conditions to further limit access?

entityDelete Optional boolean

Can the user delete the entity being accessed?

entityEdit Optional boolean

Is the user an owner of the entity being accessed?

entityOwner Optional boolean

Must the user be the owner of the entity being accessed?

environments Optional HubEnvironment[]

Is this permission gated to a specific environment? (e.g. devext, qaext) This is used to limit access to features that are not yet available in production

flagValue Optional boolean

Value set by the feature flagging system to override the default permission behavior. This can be used to demo features to specific users or groups, during a specific user session. If true, the permission will be granted as long as the license and privilege requirements are met. If false, the permission will be denied for all users - typically as a means to check for graceful degradation if a system is offline.

licenses Optional HubLicense[]

What licenses are required for this permission to be granted. This is checking the licese of the current user's org. It is not transitive to the entity being accessed. e.g. If a user is in a Partner "hub-basic" org, they can not create "premium" entities (e.g. Projects)

privileges Optional PlatformPrivilege[]

Any platform level privileges required for this permission to be granted e.g. "portal:user:createItem"

services Optional HubService[]

What services are required to be online for this permission to be granted


Interface defined in common/src/permissions/types/IPermissionPolicy.ts:13