classDiagram
class Subject {
+hasPermission(Resource, Operation): boolean
}
class User {
+username: string
+password: hash
+makeToken(): RefreshToken
}
class Group {
+name: string
}
class Role {
+name: string
+hasPermission(Resource, Operation): boolean
}
class Permission {
+type: enum(ALLOW, DENY)
+recursive: boolean
}
class PolicySet {
+name: string
+description: string
}
class Resource {
+id: string
+idPath(): string[]
+isRoot(): boolean
+hasOperation(Operation): boolean
}
class ResourceType {
+name: string
+description: string
}
class Operation {
+name: string
}
class PermissionScope {
+name: string
+description: string
}
class Token {
+expiration: DateTime
+username: string
}
class RefreshToken {
+makeAccessToken(): AccessToken
}
class AccessToken {
+hasPermission(Resource, Operation): boolean
}
class Audit {
+timestamp: DateTime
+action: string
+user: User
+resource: Resource
+operation: Operation
+result: boolean
}
Subject <|-- User
Subject <|-- Group
User "0..*" -- "0..*" Group
User "0..*" -- "0..*" Role
Role "0..*" -- "1..*" Permission
Permission "0..*" -- "1" Resource
Permission "0..*" -- "1" Operation
Permission "0..*" -- "1" PolicySet
Resource "1" -- "0..*" Resource: parent
Resource "0..*" -- "1" ResourceType
Operation "0..*" -- "1" Resource: rootResource
PermissionScope "1" -- "0..*" Permission
User "1" -- "0..*" Token
Token <|-- RefreshToken
Token <|-- AccessToken
RefreshToken ..> AccessToken: creates
Audit "0..*" -- "1" User
Audit "0..*" -- "1" Resource
Audit "0..*" -- "1" Operation