Diffusion JavaScript API 6.1.5 Class: SecurityScriptBuilder

new SecurityScriptBuilder()

A builder that can be used to create scripts for use with Session.security#updateStore.

Facilitates producing scripts that control the assigment of permissions to roles.

Methods

build() → {String}

Create the script string.

Returns:

The script

Type: String

removeTopicPermissions(role, path) → {SecurityScriptBuilder}

Remove any previously assigned permissions from a particular topic for a given role.

This is different from setting no permissions to a topic. By removing permissions set for a topic, permissions will be inherited from the nearest set of permissions that have been assigned higher in the topic path hierarchy or from the default topic permissions if no more specific permissions are found.

Parameters:

Name	Type	Description
`role`	String	The role to remove topic permissions from.
`path`	String	The topic path to remove permissions from.

Returns:

Type: SecurityScriptBuilder

setDefaultTopicPermissions(role, permissions) → {SecurityScriptBuilder}

Set the default permissions that a particular role will have for topics.

Parameters:

Name	Type	Argument	Default	Description
`role`	String			The role to set topic permissions for.
`permissions`	Array.<String>	<optional>	[]	The topic permissions to assign for the role.

Returns:

Type: SecurityScriptBuilder

setGlobalPermissions(role, permissions) → {SecurityScriptBuilder}

Set the global permissions assigned to a particular role.

Parameters:

Name	Type	Argument	Default	Description
`role`	String			The role to set global permissions for.
`permissions`	Array.<String>	<optional>	[]	The permissions to assign globally for a role.

Returns:

Type: SecurityScriptBuilder

setRoleIncludes(role, roles) → {SecurityScriptBuilder}

Specify a set of a roles that another role should inherit permissions from.

Parameters:

Name	Type	Argument	Default	Description
`role`	String			The role
`roles`	Array.<String>	<optional>	[]	The set of roles to inherit from.

Returns:

Type: SecurityScriptBuilder

setRolesForAnonymousSessions(roles) → {SecurityScriptBuilder}

Sets the roles to be assigned by default to all anonymous sessions.

Parameters:

Name	Type	Argument	Default	Description
`roles`	Array.<String>	<optional>	[]	The roles to be assigned. An empty array, or no argument, will result in anonymous sessions being assigned no roles by default.

Returns:

Type: SecurityScriptBuilder

setRolesForNamedSession(roles) → {SecurityScriptBuilder}

Sets the roles to be assigned by default to all sessions that authenticate with a principal.

Parameters:

Name	Type	Argument	Default	Description
`roles`	Array.<String>	<optional>	[]	The roles to be assigned. Any empty array, or no argument, will result in named sessions being assigned no roles by default.

Returns:

Type: SecurityScriptBuilder

setTopicPermissions(role, path, permissions) → {SecurityScriptBuilder}

Sets specific topic permissions for a named role.

When permissions are assigned to a role for a topic path they will apply to the topic and any topics below the specified path. Topic-scoped permissions are assigned to roles for specific topic paths. The permission assignment applies to all descendant topics, unless there is a more specific assignment.

To evaluate whether a session has permission for a topic, the server starts at that topic and searches up the tree to find the nearest permissions assignment. The first assignment is the only one considered, even if the session has roles involved in assignments further up the hierarchy.

Parameters:

Name	Type	Description
`role`	String	The role to assign permissions for.
`path`	String	The topic path to assign permissions.
`permissions`	Array.<String>	The permissions to assign to the role for the specified path. Any empty array or no argument would specify that the role has no permissions at this path, which differs from there being no permissions assigned for that path (see SecurityScriptBuilder#removeTopicPermissions).

Returns:

Type: SecurityScriptBuilder