Hynes/Void-Homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(auth): capability check — user/cron/worker allow; agents tiered allow/suggest/deny

Browse Source
This commit is contained in:
root
2026-05-31 11:06:00 +10:00
parent 10902bc6ac
commit cd71d64523
3 changed files with 112 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
lib/auth/capability.js Normal file
View File

@@ -0,0 +1,19 @@
export function canAct(actor, action, entity_type) {
if (!actor) return 'deny';
if (actor.kind === 'user') return 'allow';
if (actor.kind === 'cron' || actor.kind === 'worker' || actor.kind === 'system') return 'allow';
if (actor.kind !== 'agent') return 'deny';
const caps = actor.capabilities || {};
const scopes = actor.scopes || {};
if (action === 'read') return caps.read ? 'allow' : 'deny';
const isMutation = ['create','update','delete'].includes(action);
if (!isMutation) return 'deny';
if (caps.write && scopes[entity_type]) return 'allow';
if (caps.suggest) return 'suggest';
return 'deny';
}