2021-12-14 13:55:11 +01:00
|
|
|
use std::cmp::Ordering;
|
|
|
|
|
|
|
|
use serde::{Deserialize, Serialize};
|
|
|
|
|
|
|
|
use garage_util::crdt::*;
|
|
|
|
|
|
|
|
/// Permission given to a key in a bucket
|
|
|
|
#[derive(PartialOrd, Ord, PartialEq, Eq, Clone, Copy, Debug, Serialize, Deserialize)]
|
|
|
|
pub struct BucketKeyPerm {
|
|
|
|
/// Timestamp at which the permission was given
|
|
|
|
pub timestamp: u64,
|
|
|
|
|
|
|
|
/// The key can be used to read the bucket
|
|
|
|
pub allow_read: bool,
|
2021-12-16 11:47:58 +01:00
|
|
|
/// The key can be used to write objects to the bucket
|
2021-12-14 13:55:11 +01:00
|
|
|
pub allow_write: bool,
|
2021-12-16 11:47:58 +01:00
|
|
|
/// The key can be used to control other aspects of the bucket:
|
|
|
|
/// - enable / disable website access
|
|
|
|
/// - delete bucket
|
|
|
|
pub allow_owner: bool,
|
2021-12-14 13:55:11 +01:00
|
|
|
}
|
|
|
|
|
2022-01-03 17:22:40 +01:00
|
|
|
impl BucketKeyPerm {
|
2022-01-04 18:59:17 +01:00
|
|
|
pub const NO_PERMISSIONS: Self = Self {
|
|
|
|
timestamp: 0,
|
|
|
|
allow_read: false,
|
|
|
|
allow_write: false,
|
|
|
|
allow_owner: false,
|
|
|
|
};
|
2022-01-05 15:56:48 +01:00
|
|
|
|
|
|
|
pub const ALL_PERMISSIONS: Self = Self {
|
|
|
|
timestamp: 0,
|
|
|
|
allow_read: true,
|
|
|
|
allow_write: true,
|
|
|
|
allow_owner: true,
|
|
|
|
};
|
|
|
|
|
|
|
|
pub fn is_any(&self) -> bool {
|
|
|
|
self.allow_read || self.allow_write || self.allow_owner
|
|
|
|
}
|
2022-01-03 17:22:40 +01:00
|
|
|
}
|
|
|
|
|
2021-12-14 13:55:11 +01:00
|
|
|
impl Crdt for BucketKeyPerm {
|
|
|
|
fn merge(&mut self, other: &Self) {
|
|
|
|
match other.timestamp.cmp(&self.timestamp) {
|
|
|
|
Ordering::Greater => {
|
|
|
|
*self = *other;
|
|
|
|
}
|
|
|
|
Ordering::Equal if other != self => {
|
|
|
|
warn!("Different permission sets with same timestamp: {:?} and {:?}, merging to most restricted permission set.", self, other);
|
|
|
|
if !other.allow_read {
|
|
|
|
self.allow_read = false;
|
|
|
|
}
|
|
|
|
if !other.allow_write {
|
|
|
|
self.allow_write = false;
|
|
|
|
}
|
2021-12-17 11:53:13 +01:00
|
|
|
if !other.allow_owner {
|
|
|
|
self.allow_owner = false;
|
|
|
|
}
|
2021-12-14 13:55:11 +01:00
|
|
|
}
|
|
|
|
_ => (),
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|