-
Notifications
You must be signed in to change notification settings - Fork 3
/
acl.proto
129 lines (105 loc) · 2.76 KB
/
acl.proto
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
syntax = "proto3";
package acl;
service AclService {
rpc AddUserRoles(UserRoles) returns (Empty) {};
rpc RemoveUserRoles(UserRoles) returns (Empty) {};
rpc GetUserRoles(User) returns (Roles) {}; // userRoles
rpc GetRoleUsers(Role) returns (Users) {}; // roleUsers
rpc HasRole(UserRole) returns (AccessResponse) {};
rpc AddRoleParents(RoleParents) returns (Empty) {};
rpc RemoveRoleParents(RoleParents) returns (Empty) {};
rpc RemoveRole(Role) returns (Empty) {};
rpc RemoveResource(Resource) returns (Empty) {};
rpc Allow(AllowRequest) returns (Empty) {};
rpc AllowMultiple(AllowMultipleRequest) returns (Empty) {};
rpc RemoveAllow(RemoveAllowRequest) returns (Empty) {};
rpc GetPermissions(UserResources) returns (ResourcesPermissions) {}; // allowedPermissions
rpc IsAllowed(UserResourcePermissions) returns (AccessResponse) {};
rpc AreAnyRolesAllowed(RoleResourcePermissions) returns (AccessResponse) {};
rpc GetRolePermissions(Role) returns (ResourcesPermissions) {}; // whatResources
rpc GetRolesPermissions(Roles) returns (ResourcesPermissions) {}; // whatResources
rpc GetResources(RolePermissions) returns (Resources) {}; // whatResources
}
message Empty {}
message User {
string user = 1;
}
message Users {
repeated string users = 1;
}
message Role {
string role = 1;
}
message Roles {
repeated string roles = 1;
}
message Resource {
string resource = 1;
}
message Resources {
repeated string resources = 1;
}
message UserRole {
string user = 1;
string role = 2;
}
message UserRoles {
string user = 1;
repeated string roles = 2;
}
message UserResources {
string user = 1;
repeated string resources = 2;
}
message UserPermission {
string user = 1;
string resource = 3;
string permission = 4;
}
message RoleParents {
string role = 1;
repeated string parents = 2;
}
message AllowRequest {
repeated string roles = 1;
repeated string resources = 2;
repeated string permissions = 3;
}
message AllowMultipleRequest {
repeated AllowRequest data = 1;
}
message RemoveAllowRequest {
string role = 1;
repeated string resources = 2;
repeated string permissions = 3;
}
message ResourcesPermissions {
repeated ResourcePermissions data = 1;
}
message ResourcePermissions {
string resource = 1;
repeated string permissions = 2;
}
message AccessResponse {
bool result = 1;
}
message UserResourcePermissions {
string user = 1;
string resource = 2;
repeated string permissions = 3;
}
message RoleResourcePermissions {
string role = 1;
string resource = 2;
repeated string permissions = 3;
}
message RolePermissions {
string role = 1;
repeated string permissions = 2;
}
message IsAllowedRequest {
string user = 1;
string resource = 2;
repeated string permissions = 3;
repeated string roles = 4;
}