From 2f3e4ad1cf515450fcfedb300f66198b82122b7e Mon Sep 17 00:00:00 2001
From: Timm Fitschen <t.fitschen@indiscale.com>
Date: Mon, 20 Dec 2021 12:54:52 +0100
Subject: [PATCH] Add capabilities to entity permission rules

---
 proto/caosdb/entity/v1/main.proto | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/proto/caosdb/entity/v1/main.proto b/proto/caosdb/entity/v1/main.proto
index 543eb49..c2ebde9 100644
--- a/proto/caosdb/entity/v1/main.proto
+++ b/proto/caosdb/entity/v1/main.proto
@@ -719,6 +719,10 @@ message EntityACL {
   string id = 1;
   // The rules which make up the ACL
   repeated EntityPermissionRule rules = 2;
+  // relevant permissions of the current session, e.g. if the current user is
+  // allowed to update the ACL. This is read-only and will be ignored by the
+  // server.
+  repeated EntityPermission permissions = 3;
 }
 
 // Permission rules for Entity ACL
@@ -731,6 +735,16 @@ message EntityPermissionRule {
   bool grant = 3;
   // permissions
   repeated EntityPermission permissions = 4;
+  // capabilities
+  repeated EntityPermissionRuleCapability capabilities = 5;
+}
+
+// What (given enough permissions) can be done with an EntityPermissionRule. E.g. globel entity permission rules, which are to be specified in a configuration file cannot be deleted, thus they are missing the ENTITY_PERMISSION_RULE_CAPABILITY_DELETE capability.
+enum EntityPermissionRuleCapability {
+  // Unspecified capability.
+  ENTITY_PERMISSION_RULE_CAPABILITY_UNSPECIFIED = 0;
+  // This permission rule can be deleted/removed from the ACL
+  ENTITY_PERMISSION_RULE_CAPABILITY_DELETE = 1;
 }
 
 // TODO replace by enum
-- 
GitLab