async authorize()

in addons/addon-base-raas/packages/base-raas-services/lib/environment/environment-authz-service.js [35:71]

• 29 lines of code
• 15 McCabe index (conditional complexity)

  async authorize(requestContext, { resource, action, effect, reason }, ...args) {
    let permissionSoFar = { effect };
    // if effect is "deny" already (due to any of the previous plugins returning "deny") then return "deny" right away
    if (isDeny(permissionSoFar)) return { resource, action, effect, reason };

    // Make sure the caller is active. This basic check is required irrespective of "action" so checking it here
    permissionSoFar = await allowIfActive(requestContext, { action });
    if (isDeny(permissionSoFar)) return permissionSoFar; // return if denying

    // The actions with "-sc" suffix are for env operations using
    // AWS Service Catalog Products/Versions
    switch (action) {
      case 'get':
      case 'update':
      case 'delete':
        return this.allowIfUserHasAccess(requestContext, { action }, ...args);
      case 'get-sc':
      case 'update-sc':
      case 'delete-sc':
        return this.allowIfOwnerOrAdmin(requestContext, { action }, ...args);
      case 'list':
      case 'list-sc':
        return this.authorizeList(requestContext, { action }, ...args);
      case 'create':
        return this.authorizeCreate(requestContext, { action }, ...args);
      case 'create-sc':
        return this.authorizeCreateSc(requestContext, { action }, ...args);
      case 'create-external':
        return this.authorizeCreateExternal(requestContext, { action }, ...args);
      case 'update-study-role-map':
        return this.allowIfOwnerOrAdmin(requestContext, { action }, ...args);
      default:
        // This authorizer does not know how to perform authorization for the specified action.
        // Return with the current authorization decision collected so far (from other plugins, if any)
        return { effect };
    }
  }