From 5caea34fd9520770601f41977a86e0f351e49be0 Mon Sep 17 00:00:00 2001
From: David Christofas
Date: Wed, 17 Nov 2021 17:17:24 +0100
Subject: [PATCH] first prototype for the permissions service api
---
cs3/gateway/v1beta1/gateway_api.proto | 7 +
cs3/permissions/v1beta1/permissions_api.proto | 59 ++++++
cs3/permissions/v1beta1/resources.proto | 40 ++++
docs/index.html | 197 +++++++++++++++++-
4 files changed, 301 insertions(+), 2 deletions(-)
create mode 100644 cs3/permissions/v1beta1/permissions_api.proto
create mode 100644 cs3/permissions/v1beta1/resources.proto
diff --git a/cs3/gateway/v1beta1/gateway_api.proto b/cs3/gateway/v1beta1/gateway_api.proto
index 9123ac62..6fa0e63d 100644
--- a/cs3/gateway/v1beta1/gateway_api.proto
+++ b/cs3/gateway/v1beta1/gateway_api.proto
@@ -39,6 +39,7 @@ import "cs3/identity/user/v1beta1/user_api.proto";
import "cs3/ocm/core/v1beta1/ocm_core_api.proto";
import "cs3/ocm/invite/v1beta1/invite_api.proto";
import "cs3/ocm/provider/v1beta1/provider_api.proto";
+import "cs3/permissions/v1beta1/permissions_api.proto";
import "cs3/preferences/v1beta1/preferences_api.proto";
import "cs3/rpc/v1beta1/status.proto";
import "cs3/sharing/collaboration/v1beta1/collaboration_api.proto";
@@ -382,6 +383,12 @@ service GatewayAPI {
rpc GetTransferStatus(cs3.tx.v1beta1.GetTransferStatusRequest) returns (cs3.tx.v1beta1.GetTransferStatusResponse);
// Requests to cancel a transfer.
rpc CancelTransfer(cs3.tx.v1beta1.CancelTransferRequest) returns (cs3.tx.v1beta1.CancelTransferResponse);
+ // *****************************************************************/
+ // ************************** FILE TRANSFER ************************/
+ // *****************************************************************/
+
+ // CheckPermission checks if a user or group has a certain permission.
+ rpc CheckPermission(cs3.permissions.v1beta1.CheckPermissionRequest) returns (cs3.permissions.v1beta1.CheckPermissionResponse);
}
// CAUTION:
diff --git a/cs3/permissions/v1beta1/permissions_api.proto b/cs3/permissions/v1beta1/permissions_api.proto
new file mode 100644
index 00000000..3ad83c8d
--- /dev/null
+++ b/cs3/permissions/v1beta1/permissions_api.proto
@@ -0,0 +1,59 @@
+// Copyright 2018-2021 CERN
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// In applying this license, CERN does not waive the privileges and immunities
+// granted to it by virtue of its status as an Intergovernmental Organization
+// or submit itself to any jurisdiction.
+
+syntax = "proto3";
+
+package cs3.permissions.v1beta1;
+
+option csharp_namespace = "Cs3.Permissions.V1Beta1";
+option go_package = "permissionsv1beta1";
+option java_multiple_files = true;
+option java_outer_classname = "PermissionsApiProto";
+option java_package = "com.cs3.permissions.v1beta1";
+option objc_class_prefix = "CPX";
+option php_namespace = "Cs3\\Permissions\\V1Beta1";
+
+import "cs3/permissions/v1beta1/resources.proto";
+import "cs3/rpc/v1beta1/status.proto";
+import "cs3/storage/provider/v1beta1/resources.proto";
+
+// PermissionsAPI defines a service for permissions.
+service PermissionsAPI {
+ // CheckPermission defines a method to check permission/role.
+ rpc CheckPermission(CheckPermissionRequest) returns (CheckPermissionResponse);
+}
+
+// CheckPermissionsRequest is used to check if a user has a certain permission.
+message CheckPermissionRequest {
+ //REQUIRED.
+ // The permission to check.
+ string permission = 1;
+ // REQUIRED.
+ // The subject holding the permission.
+ cs3.permissions.v1beta1.SubjectReference subject_ref = 2;
+ // OPTIONAL.
+ // The target resource of the permission.
+ cs3.storage.provider.v1beta1.Reference ref = 3;
+}
+
+// CheckPermissionsResponse ...
+message CheckPermissionResponse {
+ // REQUIRED.
+ // The response status.
+ cs3.rpc.v1beta1.Status status = 1;
+}
diff --git a/cs3/permissions/v1beta1/resources.proto b/cs3/permissions/v1beta1/resources.proto
new file mode 100644
index 00000000..752d28ce
--- /dev/null
+++ b/cs3/permissions/v1beta1/resources.proto
@@ -0,0 +1,40 @@
+// Copyright 2018-2021 CERN
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// In applying this license, CERN does not waive the privileges and immunities
+// granted to it by virtue of its status as an Intergovernmental Organization
+// or submit itself to any jurisdiction.
+
+syntax = "proto3";
+
+package cs3.permissions.v1beta1;
+
+option csharp_namespace = "Cs3.Permissions.V1Beta1";
+option go_package = "permissionsv1beta1";
+option java_multiple_files = true;
+option java_outer_classname = "ResourcesProto";
+option java_package = "com.cs3.permissions.v1beta1";
+option objc_class_prefix = "CPX";
+option php_namespace = "Cs3\\Permissions\\V1Beta1";
+
+import "cs3/identity/group/v1beta1/resources.proto";
+import "cs3/identity/user/v1beta1/resources.proto";
+
+// SubjectReference references either a user or a group by id.
+message SubjectReference {
+ oneof spec {
+ cs3.identity.user.v1beta1.UserId user_id = 1;
+ cs3.identity.group.v1beta1.GroupId group_id = 2;
+ }
+}
diff --git a/docs/index.html b/docs/index.html
index d7d7e5db..9984db0b 100644
--- a/docs/index.html
+++ b/docs/index.html
@@ -244,6 +244,44 @@ Table of Contents
+
+
+
+
+
+ cs3/permissions/v1beta1/permissions_api.proto
+
+
+
+
+
+ cs3/permissions/v1beta1/resources.proto
+
@@ -3099,7 +3137,18 @@ GatewayAPI
CancelTransfer |
.cs3.tx.v1beta1.CancelTransferRequest |
.cs3.tx.v1beta1.CancelTransferResponse |
- Requests to cancel a transfer. |
+ Requests to cancel a transfer.
+
+*****************************************************************/
+************************** FILE TRANSFER ************************/
+*****************************************************************/ |
+
+
+
+ CheckPermission |
+ .cs3.permissions.v1beta1.CheckPermissionRequest |
+ .cs3.permissions.v1beta1.CheckPermissionResponse |
+ CheckPermission checks if a user or group has a certain permission. |
@@ -3236,6 +3285,150 @@ FileUploadProtocol
+
+
cs3/permissions/v1beta1/permissions_api.proto
Top
+
+
+
+
+ CheckPermissionRequest
+ CheckPermissionsRequest is used to check if a user has a certain permission.
+
+
+
+
+ Field | Type | Label | Description |
+
+
+
+
+ permission |
+ string |
+ |
+ REQUIRED.
+The permission to check. |
+
+
+
+ subject_ref |
+ SubjectReference |
+ |
+ REQUIRED.
+The subject holding the permission. |
+
+
+
+ ref |
+ cs3.storage.provider.v1beta1.Reference |
+ |
+ OPTIONAL.
+The target resource of the permission. |
+
+
+
+
+
+
+
+
+
+ CheckPermissionResponse
+ CheckPermissionsResponse ...
+
+
+
+
+ Field | Type | Label | Description |
+
+
+
+
+ status |
+ cs3.rpc.v1beta1.Status |
+ |
+ REQUIRED.
+The response status. |
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ PermissionsAPI
+ PermissionsAPI defines a service for permissions.
+
+
+
+
+
+
+
cs3/permissions/v1beta1/resources.proto
Top
+
+
+
+
+ SubjectReference
+ SubjectReference references either a user or a group by id.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
cs3/preferences/v1beta1/preferences_api.proto
Top
@@ -5709,7 +5902,7 @@ MimeTypeInfo
OPTIONAL.
Whether the mime type is eligible for file creation in the web UI.
Defaults to false, i.e. files with this mime type can be opened
-but not directly allow_creationd from the web UI. |
+but not directly created from the web UI.