Permissions
In order to ensure your Loop is executing in a secure manner, you must declare which network URL domains, file system path globs, and Aptitudes your Loop will use.
Attempts to access a file path, url, or aptitude which have not been added to your permissions will fail.
Permissions are declared inside of the Loop
package.json within a ldk/permissions json object. The included Webpack configuration also allows Loop Authors to configure alternate permissions for different development environments. Please note: Healthcare systems are very protective of their IT space, which is due to the sensitive nature of information being handled. Healthcare systems want to know exactly what information/technology is being accessed in their space, and in an effort to be transparent about this, Olive Helps requires Loops to request permission to use its various Aptitudes. When an Aptitude is properly declared in the
permissions block of your Loop’s package.json, it will show up on a submitted Loop’s Library page, telling the end user what capabilities this Loop is accessing. Any attempt to use an undeclared Aptitude (or URL, filepath, etc) will be denied by the Olive Helps application.Example permissions object in the
package.json:"ldk": {
"permissions": {
"clipboard": {},
"filesystem": {
"pathGlobs": [
{
"value": "/some/path/something.txt"
}
]
},
"network": {
"urlDomains": [
{
"value": "*.google.com"
}
]
},
"window": {}
}
},
Supports any domain URL reference and domain wildcards.
"ldk": {
"network": {
"urlDomains": [
{
"value": string
}
]
}
}
Example Strings |
"*.google.com" |
"github.com/" |
"en.wikipedia.org" |
Supports any filesystem path and path wildcards.
When you include filesystem permissions, you have access to the Loop's working directory by default. You will automatically have access to any subdirectories, and files within it. If your Loop only needs access to its working folder, provide an empty object:
{
"ldk": {
"permissions": {
"filesystem": {}
}
}
}
To specify other locations, use the following syntax:
"ldk": {
"filesystem": {
"pathGlobs": [
{
"value": string
}
]
}
}
{
"ldk": {
"permissions": {
"filesystem": {
"pathGlobs": [
{
// Provides access to all files in the /tmp directory that have a .txt extension.
"value": "/tmp/*.txt"
},
{
// Provides access to all directories and files under the /tmp directory.
"value": "/tmp/**"
},
{
// Provides access to all files with .txt extensions in the /tmp directory or any of its subdirectories.
"value": "/tmp/**/*.txt"
},
{
// Provides access to all files with .txt extensions in any subdirectory of /tmp.
"value": "/tmp/*/*.txt"
}
]
}
}
}
}
To access a file or directory inside the working directory, provide a relative path:
const csvContents = await ldk.filesystem.readFile('./my-file.csv');
- Your Loop can do whatever it wants in this directory, but it cannot destroy its working directory. For example
filesystem.remove("./")will fail. - All relative paths are allowed as long as they resolve to something in the working directory.
- File paths which refer to parent directories (example:
../) must be specifically provided if not within the working directory. - Shutting down or updating a Loop does not delete the working directory or its contents.
- Other Loops will not be able to access this directory.
{
"ldk": {
"permissions":
{
"browser": {
"urlDomains": [
{
"value": "*.fda.gov", // Allows any subdomain of fda.gov, but
}, // not any path
{
"value": "*.fda.gov/*", // Allows any subdomain and path of fda.gov
},
...
],
},
}
},
}
Simply provide the Aptitude name.
"ldk": {
"clipboard": {},
"process": {}
}
Valid Options | | |
"clipboard" | "cursor" | "keyboard" |
"process" | "search" | "ui" |
"user" | "vault" | "whisper" |
"window" | | |
Last modified 1yr ago