@0xe89d197dcef9c49b;

using CSharp = import "programming_language/csharp.capnp";
$CSharp.namespace("FabAccessAPI.Schema");

using import "resource.capnp".Resource;
using import "resource.capnp".RestoredResource;
using import "claim.capnp".Claim;
using import "utils.capnp".SturdyRef;
using import "utils.capnp".Fallible;
using import "projects.capnp".Project;
using import "auth.capnp".Authentication;

interface Resources {
    restore @0 () -> ( resources :List(RestoredResource) );
    # Returns the list of valid claims the session owner of this `Resources` currently has.

    list @1 () -> ( resources :List(Resource) );
    # Returns all resources that the user can currently disclose.

    getByName @2 ( name :Text ) -> Fallible(Resource, GetError);
    # Returns a NULL capability if the resource doesn't exist or a user doesn't have read permission for that resource.

    getByUrn @3 ( urn :Text ) -> Fallible(Resource, GetError);
    # Returns a NULL capability if the resource doesn't exist or a user doesn't have read permission for that resource.
   
    getByUrl @4 ( url :Text ) -> Fallible(Resource, GetError);
    # Returns a NULL capability if the resource doesn't exist or a user doesn't have read permission for that resource.

    struct GetError {
        notFound @0 :Void;
    }

    acceptToken @5 ( token :SturdyRef, project :Project ) -> Fallible(Claim, AcceptTokenError);

    acceptTokenSubstituteUser @7 ( token :SturdyRef, project :Project ) 
        -> Fallible(Authentication(Claim), AcceptTokenError);

    setAlias @6 ( original_resource_id :Text ) -> ( alias_id :Text );
    # Replace any set alias for the given resource id with a newly generated
    # random id. The new ID is returned as `alias_id`.

    struct AcceptTokenError {
        permissionDenied @0 :Void;
    }
}