From b48ec883eb67739915be7f9bbeb9bb3f40fb8d89 Mon Sep 17 00:00:00 2001 From: Nadja Reitzenstein Date: Fri, 4 Nov 2022 15:23:25 +0100 Subject: [PATCH] Revamp permissions a bit --- main.capnp | 12 ++++++++---- permissions.capnp | 11 +++++++++++ role.capnp | 18 +++++++++++++++++- users.capnp | 11 +++-------- 4 files changed, 39 insertions(+), 13 deletions(-) create mode 100644 permissions.capnp diff --git a/main.capnp b/main.capnp index e3d00b1..ef47202 100644 --- a/main.capnp +++ b/main.capnp @@ -6,6 +6,8 @@ $CSharp.namespace("FabAccessAPI.Schema"); using import "auth.capnp".Authentication; using import "resources.capnp".Resources; using import "users.capnp".Users; +using import "user.capnp".User; +using import "permissions.capnp".Permissions; struct Version { @@ -37,11 +39,13 @@ struct Session { # An API session with the server. The below capabilities are set to NULL if the authenticated # user doesn't have permission to access the system in question, or if the server does not # implement it. + whoami @0 :User; - resources @0 :Resources; + resources @1 :Resources; # Access to the resources configured. - users @1 :Users; - # User administration. This includes both modifying other users and self-modification, so this - # is allowed for most sessions + users @2 :Users; + # User administration. + + permissions @3 :Permissions; } diff --git a/permissions.capnp b/permissions.capnp new file mode 100644 index 0000000..5873cac --- /dev/null +++ b/permissions.capnp @@ -0,0 +1,11 @@ +@0xaf38846f2a5370ab; + +using CSharp = import "programming_language/csharp.capnp"; +$CSharp.namespace("FabAccessAPI.Schema"); + +using import "role.capnp".Role; + +interface Permissions { + listRoles @0 () -> ( roles :List(Role) ); + getById @1 ( id :Data ) -> ( role :Role ); +} diff --git a/role.capnp b/role.capnp index 19c39c9..38263c6 100644 --- a/role.capnp +++ b/role.capnp @@ -3,6 +3,22 @@ using CSharp = import "programming_language/csharp.capnp"; $CSharp.namespace("FabAccessAPI.Schema"); +using import "utils.capnp".L10NString; +using import "user.capnp".User; + interface Role { - name @0 () -> ( name :Text ); + # A role in the FA authorization context + + id @0 () -> ( id :Data ); + + name @1 () -> ( name :L10NString ); + # The localized name of a role + + admin @2 () -> ( admin :Admin ); +} + +interface Admin $CSharp.name("AdminInterface") { + members @1 () -> ( members :List(User) ); + addUser @0 ( user :User ) -> (); + removeUser @1 ( user :User ) -> (); } diff --git a/users.capnp b/users.capnp index 213ca41..f1a10bb 100644 --- a/users.capnp +++ b/users.capnp @@ -6,14 +6,9 @@ $CSharp.namespace("FabAccessAPI.Schema"); using import "user.capnp".User; interface Users { - whoami @0 () -> ( user :User ); + list @0 () -> ( users :List(User) ); - manage @1 () -> ( manage :Manage ); - interface Manage $CSharp.name("ManageInterface") { - list @0 () -> ( users :List(User) ); + addUser @1 ( username :Text, password :Text ) -> ( user :User ); - addUser @1 ( username :Text, password :Text ) -> ( user :User ); - - removeUser @2 ( user :User ); - } + removeUser @2 ( user :User ); }