Permissions

Overview

Permissions are declared inside of the Loop package.json within a ldk/permissions json object. The included Webpack configuration also allows Loop Authors to configure alternate permissions for different development environments.

Please note: Healthcare systems are very protective of their IT space, which is due to the sensitive nature of information being handled. Healthcare systems want to know exactly what information/technology is being accessed in their space, and in an effort to be transparent about this, Olive Helps requires Loops to request permission to use its various Aptitudes. When an Aptitude is properly declared in the permissions block of your Loop’s package.json, it will show up on a submitted Loop’s Library page, telling the end user what capabilities this Loop is accessing. Any attempt to use an undeclared Aptitude (or URL, filepath, etc) will be denied by the Olive Helps application.

Example permissions object in the package.json:

"ldk": {
  "permissions": {
    "clipboard": {},
    "filesystem": {
      "pathGlobs": [
        {
          "value": "/some/path/something.txt"
        }
      ]
    },
    "network": {
      "urlDomains": [
        {
          "value": "*.google.com"
        }
      ]
    },
    "window": {}
  }
},

Network Permissions

Supports any domain URL reference and domain wildcards.

"ldk": {
  "network": {
    "urlDomains": [
      {
        "value": string
      }
    ]
  }
}

Examples

Filesystem Permissions

Supports any filesystem path and path wildcards.

When you include filesystem permissions, you have access to the Loop's working directory by default. You will automatically have access to any subdirectories, and files within it. If your Loop only needs access to its working folder, provide an empty object:

{
  "ldk": {
    "permissions": {
      "filesystem": {}
    }
  }
}

To specify other locations, use the following syntax:

"ldk": {
  "filesystem": {
    "pathGlobs": [
      {
        "value": string
      }
    ]
  }
}

Examples

{
  "ldk": {
    "permissions": {
      "filesystem": {
        "pathGlobs": [
          {
            // Provides access to all files in the /tmp directory that have a .txt extension.
            "value": "/tmp/*.txt"
          },
          {
            // Provides access to all directories and files under the /tmp directory.
            "value": "/tmp/**"
          },
          {
            // Provides access to all files with .txt extensions in the /tmp directory or any of its subdirectories.
            "value": "/tmp/**/*.txt"
          },
          {
            // Provides access to all files with .txt extensions in any subdirectory of /tmp.
            "value": "/tmp/*/*.txt"
          }
        ]
      }
    }
  }
}

Code Usage

To access a file or directory inside the working directory, provide a relative path:

const csvContents = await ldk.filesystem.readFile('./my-file.csv');

• Your Loop can do whatever it wants in this directory, but it cannot destroy its working directory. For example filesystem.remove("./") will fail.

• All relative paths are allowed as long as they resolve to something in the working directory.

• File paths which refer to parent directories (example: ../) must be specifically provided if not within the working directory.

• Shutting down or updating a Loop does not delete the working directory or its contents.

• Other Loops will not be able to access this directory.

Browser Permissions

{
  "ldk": {
    "permissions":
    {
      "browser": {
        "urlDomains": [
          {
            "value": "*.fda.gov", // Allows any subdomain of fda.gov, but
          },                      // not any path
          {
             "value": "*.fda.gov/*", // Allows any subdomain and path of fda.gov
          },
          ...
        ],
      },
    }
  },
}

Aptitude Permissions

Simply provide the Aptitude name.

Examples

"ldk": {
  "clipboard": {},
  "process": {}
}