garage/src/model/permission.rs

65 lines
1.5 KiB
Rust
Raw Normal View History

2021-12-14 12:55:11 +00:00
use std::cmp::Ordering;
use serde::{Deserialize, Serialize};
use garage_util::crdt::*;
/// Permission given to a key in a bucket
#[derive(PartialOrd, Ord, PartialEq, Eq, Clone, Copy, Debug, Serialize, Deserialize)]
pub struct BucketKeyPerm {
/// Timestamp at which the permission was given
pub timestamp: u64,
/// The key can be used to read the bucket
pub allow_read: bool,
2021-12-16 10:47:58 +00:00
/// The key can be used to write objects to the bucket
2021-12-14 12:55:11 +00:00
pub allow_write: bool,
2021-12-16 10:47:58 +00:00
/// The key can be used to control other aspects of the bucket:
/// - enable / disable website access
/// - delete bucket
pub allow_owner: bool,
2021-12-14 12:55:11 +00:00
}
impl BucketKeyPerm {
pub const NO_PERMISSIONS: Self = Self {
timestamp: 0,
allow_read: false,
allow_write: false,
allow_owner: false,
};
2022-01-05 14:56:48 +00:00
pub const ALL_PERMISSIONS: Self = Self {
timestamp: 0,
allow_read: true,
allow_write: true,
allow_owner: true,
};
pub fn is_any(&self) -> bool {
self.allow_read || self.allow_write || self.allow_owner
}
}
2021-12-14 12:55:11 +00:00
impl Crdt for BucketKeyPerm {
fn merge(&mut self, other: &Self) {
match other.timestamp.cmp(&self.timestamp) {
Ordering::Greater => {
*self = *other;
}
Ordering::Equal if other != self => {
warn!("Different permission sets with same timestamp: {:?} and {:?}, merging to most restricted permission set.", self, other);
if !other.allow_read {
self.allow_read = false;
}
if !other.allow_write {
self.allow_write = false;
}
if !other.allow_owner {
self.allow_owner = false;
}
2021-12-14 12:55:11 +00:00
}
_ => (),
}
}
}