garage/src/model/permission.rs

use std::cmp::Ordering;

use serde::{Deserialize, Serialize};

use garage_util::crdt::*;

/// Permission given to a key in a bucket
#[derive(PartialOrd, Ord, PartialEq, Eq, Clone, Copy, Debug, Serialize, Deserialize)]
pub struct BucketKeyPerm {
	/// Timestamp at which the permission was given
	pub timestamp: u64,

	/// The key can be used to read the bucket
	pub allow_read: bool,
	/// The key can be used to write objects to the bucket
	pub allow_write: bool,
	/// The key can be used to control other aspects of the bucket:
	/// - enable / disable website access
	/// - delete bucket
	pub allow_owner: bool,
}

impl BucketKeyPerm {
	pub const NO_PERMISSIONS: Self = Self {
		timestamp: 0,
		allow_read: false,
		allow_write: false,
		allow_owner: false,
	};

	pub const ALL_PERMISSIONS: Self = Self {
		timestamp: 0,
		allow_read: true,
		allow_write: true,
		allow_owner: true,
	};

	pub fn is_any(&self) -> bool {
		self.allow_read || self.allow_write || self.allow_owner
	}
}

impl Crdt for BucketKeyPerm {
	fn merge(&mut self, other: &Self) {
		match other.timestamp.cmp(&self.timestamp) {
			Ordering::Greater => {
				*self = *other;
			}
			Ordering::Equal if other != self => {
				warn!("Different permission sets with same timestamp: {:?} and {:?}, merging to most restricted permission set.", self, other);
				if !other.allow_read {
					self.allow_read = false;
				}
				if !other.allow_write {
					self.allow_write = false;
				}
				if !other.allow_owner {
					self.allow_owner = false;
				}
			}
			_ => (),
		}
	}
}
New model for buckets 2021-12-14 12:55:11 +00:00			`use std::cmp::Ordering;`

			`use serde::{Deserialize, Serialize};`

			`use garage_util::crdt::*;`

			`/// Permission given to a key in a bucket`
			`#[derive(PartialOrd, Ord, PartialEq, Eq, Clone, Copy, Debug, Serialize, Deserialize)]`
			`pub struct BucketKeyPerm {`
			`/// Timestamp at which the permission was given`
			`pub timestamp: u64,`

			`/// The key can be used to read the bucket`
			`pub allow_read: bool,`
Model changes 2021-12-16 10:47:58 +00:00			`/// The key can be used to write objects to the bucket`
New model for buckets 2021-12-14 12:55:11 +00:00			`pub allow_write: bool,`
Model changes 2021-12-16 10:47:58 +00:00			`/// The key can be used to control other aspects of the bucket:`
			`/// - enable / disable website access`
			`/// - delete bucket`
			`pub allow_owner: bool,`
New model for buckets 2021-12-14 12:55:11 +00:00			`}`

Refactor logic for setting/unsetting aliases 2022-01-03 16:22:40 +00:00			`impl BucketKeyPerm {`
Small changes in key model and refactoring 2022-01-04 17:59:17 +00:00			`pub const NO_PERMISSIONS: Self = Self {`
			`timestamp: 0,`
			`allow_read: false,`
			`allow_write: false,`
			`allow_owner: false,`
			`};`
Implement CreateBucket 2022-01-05 14:56:48 +00:00
			`pub const ALL_PERMISSIONS: Self = Self {`
			`timestamp: 0,`
			`allow_read: true,`
			`allow_write: true,`
			`allow_owner: true,`
			`};`

			`pub fn is_any(&self) -> bool {`
			`self.allow_read \|\| self.allow_write \|\| self.allow_owner`
			`}`
Refactor logic for setting/unsetting aliases 2022-01-03 16:22:40 +00:00			`}`

New model for buckets 2021-12-14 12:55:11 +00:00			`impl Crdt for BucketKeyPerm {`
			`fn merge(&mut self, other: &Self) {`
			`match other.timestamp.cmp(&self.timestamp) {`
			`Ordering::Greater => {`
			`self = other;`
			`}`
			`Ordering::Equal if other != self => {`
			`warn!("Different permission sets with same timestamp: {:?} and {:?}, merging to most restricted permission set.", self, other);`
			`if !other.allow_read {`
			`self.allow_read = false;`
			`}`
			`if !other.allow_write {`
			`self.allow_write = false;`
			`}`
New buckets for 0.6.0: small fixes, including: - ensure bucket names are correct aws s3 names - when making aliases, ensure timestamps of links in both ways are the same - fix small remarks by trinity - don't have a separate website_access field 2021-12-17 10:53:13 +00:00			`if !other.allow_owner {`
			`self.allow_owner = false;`
			`}`
New model for buckets 2021-12-14 12:55:11 +00:00			`}`
			`_ => (),`
			`}`
			`}`
			`}`