From e175368e0516c1b48d5f2710a498276c51a4d89d Mon Sep 17 00:00:00 2001
From: David Christofas <dchristofas@owncloud.com>
Date: Mon, 13 Dec 2021 13:20:34 +0100
Subject: [PATCH] first prototype for the permissions service api

---
 cs3/gateway/v1beta1/gateway_api.proto         |   7 +
 cs3/permissions/v1beta1/permissions_api.proto |  59 ++++++
 cs3/permissions/v1beta1/resources.proto       |  40 ++++
 docs/index.html                               | 197 +++++++++++++++++-
 4 files changed, 301 insertions(+), 2 deletions(-)
 create mode 100644 cs3/permissions/v1beta1/permissions_api.proto
 create mode 100644 cs3/permissions/v1beta1/resources.proto

diff --git a/cs3/gateway/v1beta1/gateway_api.proto b/cs3/gateway/v1beta1/gateway_api.proto
index 9123ac62..d1dd1349 100644
--- a/cs3/gateway/v1beta1/gateway_api.proto
+++ b/cs3/gateway/v1beta1/gateway_api.proto
@@ -39,6 +39,7 @@ import "cs3/identity/user/v1beta1/user_api.proto";
 import "cs3/ocm/core/v1beta1/ocm_core_api.proto";
 import "cs3/ocm/invite/v1beta1/invite_api.proto";
 import "cs3/ocm/provider/v1beta1/provider_api.proto";
+import "cs3/permissions/v1beta1/permissions_api.proto";
 import "cs3/preferences/v1beta1/preferences_api.proto";
 import "cs3/rpc/v1beta1/status.proto";
 import "cs3/sharing/collaboration/v1beta1/collaboration_api.proto";
@@ -382,6 +383,12 @@ service GatewayAPI {
   rpc GetTransferStatus(cs3.tx.v1beta1.GetTransferStatusRequest) returns (cs3.tx.v1beta1.GetTransferStatusResponse);
   // Requests to cancel a transfer.
   rpc CancelTransfer(cs3.tx.v1beta1.CancelTransferRequest) returns (cs3.tx.v1beta1.CancelTransferResponse);
+  // *****************************************************************/
+  // ************************** Permissions **************************/
+  // *****************************************************************/
+
+  // CheckPermission checks if a user or group has a certain permission.
+  rpc CheckPermission(cs3.permissions.v1beta1.CheckPermissionRequest) returns (cs3.permissions.v1beta1.CheckPermissionResponse);
 }
 
 // CAUTION:
diff --git a/cs3/permissions/v1beta1/permissions_api.proto b/cs3/permissions/v1beta1/permissions_api.proto
new file mode 100644
index 00000000..3ad83c8d
--- /dev/null
+++ b/cs3/permissions/v1beta1/permissions_api.proto
@@ -0,0 +1,59 @@
+// Copyright 2018-2021 CERN
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// In applying this license, CERN does not waive the privileges and immunities
+// granted to it by virtue of its status as an Intergovernmental Organization
+// or submit itself to any jurisdiction.
+
+syntax = "proto3";
+
+package cs3.permissions.v1beta1;
+
+option csharp_namespace = "Cs3.Permissions.V1Beta1";
+option go_package = "permissionsv1beta1";
+option java_multiple_files = true;
+option java_outer_classname = "PermissionsApiProto";
+option java_package = "com.cs3.permissions.v1beta1";
+option objc_class_prefix = "CPX";
+option php_namespace = "Cs3\\Permissions\\V1Beta1";
+
+import "cs3/permissions/v1beta1/resources.proto";
+import "cs3/rpc/v1beta1/status.proto";
+import "cs3/storage/provider/v1beta1/resources.proto";
+
+// PermissionsAPI defines a service for permissions.
+service PermissionsAPI {
+  // CheckPermission defines a method to check permission/role.
+  rpc CheckPermission(CheckPermissionRequest) returns (CheckPermissionResponse);
+}
+
+// CheckPermissionsRequest is used to check if a user has a certain permission.
+message CheckPermissionRequest {
+  //REQUIRED.
+  // The permission to check.
+  string permission = 1;
+  // REQUIRED.
+  // The subject holding the permission.
+  cs3.permissions.v1beta1.SubjectReference subject_ref = 2;
+  // OPTIONAL.
+  // The target resource of the permission.
+  cs3.storage.provider.v1beta1.Reference ref = 3;
+}
+
+// CheckPermissionsResponse ...
+message CheckPermissionResponse {
+  // REQUIRED.
+  // The response status.
+  cs3.rpc.v1beta1.Status status = 1;
+}
diff --git a/cs3/permissions/v1beta1/resources.proto b/cs3/permissions/v1beta1/resources.proto
new file mode 100644
index 00000000..752d28ce
--- /dev/null
+++ b/cs3/permissions/v1beta1/resources.proto
@@ -0,0 +1,40 @@
+// Copyright 2018-2021 CERN
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// In applying this license, CERN does not waive the privileges and immunities
+// granted to it by virtue of its status as an Intergovernmental Organization
+// or submit itself to any jurisdiction.
+
+syntax = "proto3";
+
+package cs3.permissions.v1beta1;
+
+option csharp_namespace = "Cs3.Permissions.V1Beta1";
+option go_package = "permissionsv1beta1";
+option java_multiple_files = true;
+option java_outer_classname = "ResourcesProto";
+option java_package = "com.cs3.permissions.v1beta1";
+option objc_class_prefix = "CPX";
+option php_namespace = "Cs3\\Permissions\\V1Beta1";
+
+import "cs3/identity/group/v1beta1/resources.proto";
+import "cs3/identity/user/v1beta1/resources.proto";
+
+// SubjectReference references either a user or a group by id.
+message SubjectReference {
+  oneof spec {
+    cs3.identity.user.v1beta1.UserId user_id = 1;
+    cs3.identity.group.v1beta1.GroupId group_id = 2;
+  }
+}
diff --git a/docs/index.html b/docs/index.html
index d7d7e5db..9aab2a80 100644
--- a/docs/index.html
+++ b/docs/index.html
@@ -244,6 +244,44 @@ <h2>Table of Contents</h2>
               
               
               
+            </ul>
+          </li>
+        
+          
+          <li>
+            <a href="#cs3%2fpermissions%2fv1beta1%2fpermissions_api.proto">cs3/permissions/v1beta1/permissions_api.proto</a>
+            <ul>
+              
+                <li>
+                  <a href="#cs3.permissions.v1beta1.CheckPermissionRequest"><span class="badge">M</span>CheckPermissionRequest</a>
+                </li>
+              
+                <li>
+                  <a href="#cs3.permissions.v1beta1.CheckPermissionResponse"><span class="badge">M</span>CheckPermissionResponse</a>
+                </li>
+              
+              
+              
+              
+                <li>
+                  <a href="#cs3.permissions.v1beta1.PermissionsAPI"><span class="badge">S</span>PermissionsAPI</a>
+                </li>
+              
+            </ul>
+          </li>
+        
+          
+          <li>
+            <a href="#cs3%2fpermissions%2fv1beta1%2fresources.proto">cs3/permissions/v1beta1/resources.proto</a>
+            <ul>
+              
+                <li>
+                  <a href="#cs3.permissions.v1beta1.SubjectReference"><span class="badge">M</span>SubjectReference</a>
+                </li>
+              
+              
+              
+              
             </ul>
           </li>
         
@@ -3099,7 +3137,18 @@ <h3 id="cs3.gateway.v1beta1.GatewayAPI">GatewayAPI</h3>
                 <td>CancelTransfer</td>
                 <td><a href="#cs3.tx.v1beta1.CancelTransferRequest">.cs3.tx.v1beta1.CancelTransferRequest</a></td>
                 <td><a href="#cs3.tx.v1beta1.CancelTransferResponse">.cs3.tx.v1beta1.CancelTransferResponse</a></td>
-                <td><p>Requests to cancel a transfer.</p></td>
+                <td><p>Requests to cancel a transfer.
+
+*****************************************************************/
+************************** Permissions **************************/
+*****************************************************************/</p></td>
+              </tr>
+            
+              <tr>
+                <td>CheckPermission</td>
+                <td><a href="#cs3.permissions.v1beta1.CheckPermissionRequest">.cs3.permissions.v1beta1.CheckPermissionRequest</a></td>
+                <td><a href="#cs3.permissions.v1beta1.CheckPermissionResponse">.cs3.permissions.v1beta1.CheckPermissionResponse</a></td>
+                <td><p>CheckPermission checks if a user or group has a certain permission.</p></td>
               </tr>
             
           </tbody>
@@ -3236,6 +3285,150 @@ <h3 id="cs3.gateway.v1beta1.FileUploadProtocol">FileUploadProtocol</h3>
       
     
       
+      <div class="file-heading">
+        <h2 id="cs3/permissions/v1beta1/permissions_api.proto">cs3/permissions/v1beta1/permissions_api.proto</h2><a href="#title">Top</a>
+      </div>
+      <p></p>
+
+      
+        <h3 id="cs3.permissions.v1beta1.CheckPermissionRequest">CheckPermissionRequest</h3>
+        <p>CheckPermissionsRequest is used to check if a user has a certain permission.</p>
+
+        
+          <table class="field-table">
+            <thead>
+              <tr><td>Field</td><td>Type</td><td>Label</td><td>Description</td></tr>
+            </thead>
+            <tbody>
+              
+                <tr>
+                  <td>permission</td>
+                  <td><a href="#string">string</a></td>
+                  <td></td>
+                  <td><p>REQUIRED.
+The permission to check. </p></td>
+                </tr>
+              
+                <tr>
+                  <td>subject_ref</td>
+                  <td><a href="#cs3.permissions.v1beta1.SubjectReference">SubjectReference</a></td>
+                  <td></td>
+                  <td><p>REQUIRED.
+The subject holding the permission. </p></td>
+                </tr>
+              
+                <tr>
+                  <td>ref</td>
+                  <td><a href="#cs3.storage.provider.v1beta1.Reference">cs3.storage.provider.v1beta1.Reference</a></td>
+                  <td></td>
+                  <td><p>OPTIONAL.
+The target resource of the permission. </p></td>
+                </tr>
+              
+            </tbody>
+          </table>
+
+          
+
+        
+      
+        <h3 id="cs3.permissions.v1beta1.CheckPermissionResponse">CheckPermissionResponse</h3>
+        <p>CheckPermissionsResponse ...</p>
+
+        
+          <table class="field-table">
+            <thead>
+              <tr><td>Field</td><td>Type</td><td>Label</td><td>Description</td></tr>
+            </thead>
+            <tbody>
+              
+                <tr>
+                  <td>status</td>
+                  <td><a href="#cs3.rpc.v1beta1.Status">cs3.rpc.v1beta1.Status</a></td>
+                  <td></td>
+                  <td><p>REQUIRED.
+The response status. </p></td>
+                </tr>
+              
+            </tbody>
+          </table>
+
+          
+
+        
+      
+
+      
+
+      
+
+      
+        <h3 id="cs3.permissions.v1beta1.PermissionsAPI">PermissionsAPI</h3>
+        <p>PermissionsAPI defines a service for permissions.</p>
+        <table class="enum-table">
+          <thead>
+            <tr><td>Method Name</td><td>Request Type</td><td>Response Type</td><td>Description</td></tr>
+          </thead>
+          <tbody>
+            
+              <tr>
+                <td>CheckPermission</td>
+                <td><a href="#cs3.permissions.v1beta1.CheckPermissionRequest">CheckPermissionRequest</a></td>
+                <td><a href="#cs3.permissions.v1beta1.CheckPermissionResponse">CheckPermissionResponse</a></td>
+                <td><p>CheckPermission defines a method to check permission/role.</p></td>
+              </tr>
+            
+          </tbody>
+        </table>
+
+        
+    
+      
+      <div class="file-heading">
+        <h2 id="cs3/permissions/v1beta1/resources.proto">cs3/permissions/v1beta1/resources.proto</h2><a href="#title">Top</a>
+      </div>
+      <p></p>
+
+      
+        <h3 id="cs3.permissions.v1beta1.SubjectReference">SubjectReference</h3>
+        <p>SubjectReference references either a user or a group by id.</p>
+
+        
+          <table class="field-table">
+            <thead>
+              <tr><td>Field</td><td>Type</td><td>Label</td><td>Description</td></tr>
+            </thead>
+            <tbody>
+              
+                <tr>
+                  <td>user_id</td>
+                  <td><a href="#cs3.identity.user.v1beta1.UserId">cs3.identity.user.v1beta1.UserId</a></td>
+                  <td></td>
+                  <td><p> </p></td>
+                </tr>
+              
+                <tr>
+                  <td>group_id</td>
+                  <td><a href="#cs3.identity.group.v1beta1.GroupId">cs3.identity.group.v1beta1.GroupId</a></td>
+                  <td></td>
+                  <td><p> </p></td>
+                </tr>
+              
+            </tbody>
+          </table>
+
+          
+
+        
+      
+
+      
+
+      
+
+      
+    
+      
       <div class="file-heading">
         <h2 id="cs3/preferences/v1beta1/preferences_api.proto">cs3/preferences/v1beta1/preferences_api.proto</h2><a href="#title">Top</a>
       </div>
@@ -5709,7 +5902,7 @@ <h3 id="cs3.app.registry.v1beta1.MimeTypeInfo">MimeTypeInfo</h3>
                   <td><p>OPTIONAL.
 Whether the mime type is eligible for file creation in the web UI.
 Defaults to false, i.e. files with this mime type can be opened
-but not directly allow_creationd from the web UI. </p></td>
+but not directly created from the web UI. </p></td>
                 </tr>
               
                 <tr>