search

solid / authorization-panel

Github repository for the Solid Authorization Panel
MIT License
19 stars 20 forks source link

Individuals matching context with client/issuer #313

Closed langsamu closed 2 years ago

langsamu commented 2 years ago

Fixes #312

langsamu commented 2 years ago

I don't see how I could edit the pseudocode, so here is the part that should change in 6.5.2:

function isSatisfiedMatcher(matcher, context) {
  // An empty matcher is never satisfied.
  if (matcher.agents.size === 0 && matcher.clients.size === 0 && matcher.issuers.size === 0 && matcher.vcs.size === 0)
      return false

  // For each attribute, if any values are defined, then at least one of them must match the context.

  if (matcher.agents.size !== 0) {
      let isMatch = false

      for (const agent of matcher.agents)
          if (agentMatches(agent, context)) {
              isMatch = true
              break
          }

      if (!isMatch)
          return false
  }

  if (matcher.clients.size !== 0) {
      let isMatch = false

      for (const client of matcher.clients)
          if (clientMatches(client, context)) {
              isMatch = true
              break
          }

      if (!isMatch)
          return false
  }

  if (matcher.issuers.size !== 0) {
      let isMatch = false

      for (const issuer of matcher.issuers)
          if (issuerMatches(issuer, context)) {
              isMatch = true
              break
          }

      if (!isMatch)
          return false
  }

  if (matcher.vcs.size !== 0) {
      let isMatch = false

      for (const vc of matcher.vcs)
          if (vcMatches(vc, context)) {
              isMatch = true
              break
          }

      if (!isMatch)
          return false
  }

  // At this point, the matcher is satisfied because
  // - there was at least one defined attribute and
  // - at least one value of each defined attribute matched the context.
  return true
}

const publicAgent = "https://www.w3.org/ns/solid/acp#PublicAgent"
const authenticatedAgent = "https://www.w3.org/ns/solid/acp#AuthenticatedAgent"
const creatorAgent = "https://www.w3.org/ns/solid/acp#CreatorAgent"
const ownerAgent = "https://www.w3.org/ns/solid/acp#OwnerAgent"
function agentMatches(agent, context) {
  if (agent === publicAgent)
      return true

  if (agent === authenticatedAgent && context.agent !== null)
      return true

  if (agent === creatorAgent && context.creators.includes(context.agent))
      return true

  if (agent === ownerAgent && context.owners.includes(context.agent))
      return true

  if (agent === context.agent)
      return true
}

const publicClient = "https://www.w3.org/ns/solid/acp#PublicClient"
const authenticatedClient = "https://www.w3.org/ns/solid/acp#AuthenticatedClient"
function clientMatches(client, context) {
  if (client === publicClient)
      return true

  if (client === authenticatedClient && context.client !== null)
      return true

  if (client === context.client)
      return true
}

const publicIssuer = "https://www.w3.org/ns/solid/acp#PublicIssuer"
const authenticatedIssuer = "https://www.w3.org/ns/solid/acp#AuthenticatedIssuer"
function issuerMatches(issuer, context) {
  if (issuer === publicIssuer)
      return true

  if (issuer === authenticatedIssuer && context.issuer !== null)
      return true

  if (issuer === context.issuer)
      return true
}

function vcMatches(vc, context) {
  if (context.vcs.includes(vc))
      return true
}
matthieubosquet commented 2 years ago

@langsamu I generated the pseudocode, it's now in the PR https://github.com/solid/authorization-panel/pull/313/commits/2757ad9b108833aa100f4e0b3199d62b9c296e60.