IPermissionPolicy

Interface

Defines a system level policy for a specific permission. All conditions must be met for the permission to be granted. Additinonal conditions may be added by an entity to further limit access when the permission is checed in the contex to the entity. e.g. "hub:project:create" in the context of an Initiative, may further restrict to members of a specfic group

Properties

Property Type Notes
permission Permission

Permission being defined

subsystems HubSubsystem[]

What subsystems are required to be online for this permission to be granted

alpha Optional boolean

Is this gated to alpha orgs?

assertions Optional IPolicyAssertion[]

More complex policies can be defined with a set of assertions

authenticated Optional boolean

Must the user authenticated?

entityEdit Optional boolean

Is the user an owner of the entity being accessed?

entityOwner Optional boolean

Must the user be the owner of the entity being accessed?

licenses Optional HubLicense[]

What licenses are required for this permission to be granted. This is checking the licese of the current user's org. It is not transitive to the entity being accessed. e.g. If a user is in a Partner "hub-basic" org, they can not create "premium" entities (e.g. Projects)

privileges Optional PlatformPrivilege[]

Any platform level privileges required for this permission to be granted e.g. "portal:user:createItem"


Interface defined in common/src/permissions/types/IPermissionPolicy.ts:14