Add capabilities to entity permission rules

2f3e4ad1 · Timm Fitschen · a6650844 · 2f3e4ad1
Verified Commit 2f3e4ad1 authored 3 years ago by Timm Fitschen
--- a/proto/caosdb/entity/v1/main.proto
+++ b/proto/caosdb/entity/v1/main.proto
@@ -719,6 +719,10 @@ message EntityACL {
  string id = 1;
  // The rules which make up the ACL
  repeated EntityPermissionRule rules = 2;
+  // relevant permissions of the current session, e.g. if the current user is
+  // allowed to update the ACL. This is read-only and will be ignored by the
+  // server.
+  repeated EntityPermission permissions = 3;
 }

 // Permission rules for Entity ACL
@@ -731,6 +735,16 @@ message EntityPermissionRule {
  bool grant = 3;
  // permissions
  repeated EntityPermission permissions = 4;
+  // capabilities
+  repeated EntityPermissionRuleCapability capabilities = 5;
+}
+
+// What (given enough permissions) can be done with an EntityPermissionRule. E.g. globel entity permission rules, which are to be specified in a configuration file cannot be deleted, thus they are missing the ENTITY_PERMISSION_RULE_CAPABILITY_DELETE capability.
+enum EntityPermissionRuleCapability {
+  // Unspecified capability.
+  ENTITY_PERMISSION_RULE_CAPABILITY_UNSPECIFIED = 0;
+  // This permission rule can be deleted/removed from the ACL
+  ENTITY_PERMISSION_RULE_CAPABILITY_DELETE = 1;
 }

 // TODO replace by enum