advance --print-default of bffhd

bffhd/authorization/permissions.rs

@@ -32,7 +32,7 @@ pub struct PrivilegesBuf {
 // i.e. "bffh.perm" is not the same as "bffհ.реrm" (Armenian 'հ':Հ and Cyrillic 'е':Е)
 // See also https://util.unicode.org/UnicodeJsps/confusables.jsp
 pub struct PermissionBuf {
-    inner: String,
+    pub inner: String,
 }
 impl PermissionBuf {
     #[inline(always)]

bffhd/authorization/roles.rs

@@ -131,11 +131,11 @@ pub struct Role {
     /// This makes situations where different levels of access are required easier: Each higher
     /// level of access sets the lower levels of access as parent, inheriting their permission; if
     /// you are allowed to manage a machine you are then also allowed to use it and so on
-    parents: Vec<String>,
+    pub parents: Vec<String>,
 
     // If a role doesn't define permissions, default to an empty Vec.
     #[serde(default, skip_serializing_if = "Vec::is_empty")]
-    permissions: Vec<PermRule>,
+    pub permissions: Vec<PermRule>,
 }
 
 impl Role {

bffhd/config/dhall.rs

@@ -5,7 +5,7 @@ use std::path::PathBuf;
 
 use serde::{Deserialize, Serialize};
 
-use crate::authorization::permissions::PrivilegesBuf;
+use crate::authorization::permissions::{PermissionBuf, PrivilegesBuf, PermRule};
 use crate::authorization::roles::Role;
 use crate::capnp::{Listen, TlsListen};
 use crate::logging::LogConfig;
@@ -60,28 +60,13 @@ pub struct MachineDescription {
 
 #[derive(Debug, Clone, Serialize, Deserialize)]
 pub struct Config {
+    pub spacename: String,
+
+    pub instanceurl: String,
+
     /// A list of address/port pairs to listen on.
     pub listens: Vec<Listen>,
 
-    /// Machine descriptions to load
-    pub machines: HashMap<String, MachineDescription>,
-
-    /// Actors to load and their configuration options
-    pub actors: HashMap<String, ModuleConfig>,
-
-    /// Initiators to load and their configuration options
-    pub initiators: HashMap<String, ModuleConfig>,
-
-    pub mqtt_url: String,
-
-    pub actor_connections: Vec<(String, String)>,
-    pub init_connections: Vec<(String, String)>,
-
-    pub db_path: PathBuf,
-    pub auditlog_path: PathBuf,
-
-    pub roles: HashMap<String, Role>,
-
     #[serde(flatten)]
     pub tlsconfig: TlsListen,
 
@@ -94,9 +79,22 @@ pub struct Config {
     #[serde(default, skip)]
     pub logging: LogConfig,
 
-    pub spacename: String,
+    pub mqtt_url: String,
+    pub db_path: PathBuf,
+    pub auditlog_path: PathBuf,
 
-    pub instanceurl: String,
+    pub roles: HashMap<String, Role>,
+
+    /// Machine descriptions to load
+    pub machines: HashMap<String, MachineDescription>,
+
+    /// Actors to load and their configuration options
+    pub actors: HashMap<String, ModuleConfig>,
+    pub actor_connections: Vec<(String, String)>,
+
+    /// Initiators to load and their configuration options
+    pub initiators: HashMap<String, ModuleConfig>,
+    pub init_connections: Vec<(String, String)>,
 }
 
 impl Config {
@@ -123,50 +121,108 @@ impl Default for Config {
     fn default() -> Self {
         let mut actors: HashMap<String, ModuleConfig> = HashMap::new();
         let mut initiators: HashMap<String, ModuleConfig> = HashMap::new();
-        let machines = HashMap::new();
+        let mut roles: HashMap<String, Role> = HashMap::new();
+        let mut machines: HashMap<String, MachineDescription> = HashMap::new();
+
+        roles.insert(
+            "admin".to_string(),
+                Role {
+                    parents: Vec::new(),
+                    permissions: vec![
+                       PermRule::Base(PermissionBuf {inner: "bffh.users.info".to_string()}),
+                       PermRule::Base(PermissionBuf {inner: "bffh.users.manage".to_string()}),
+                       PermRule::Base(PermissionBuf {inner: "bffh.users.admin".to_string()}),
+                     ]
+                }
+        );
+
+        roles.insert(
+            "member".to_string(),
+                Role {
+                    parents: Vec::new(),
+                    permissions: vec![
+                       PermRule::Base(PermissionBuf {inner: "lab.some.disclose".to_string()}),
+                       PermRule::Base(PermissionBuf {inner: "lab.some.read".to_string()}),
+                       PermRule::Base(PermissionBuf {inner: "lab.some.write".to_string()}),
+                       PermRule::Base(PermissionBuf {inner: "lab.some.manage".to_string()})
+                     ]
+                }
+        );
+
+        machines.insert(
+            "resource_a".to_string(),
+            MachineDescription {
+                name: "Resource A".to_string(),
+                description: Option::from("Some description".to_string()),
+                wiki: Option::from("Some wiki url".to_string()),
+                category: Option::from("Some category".to_string()),
+                privs: PrivilegesBuf {
+                    disclose: PermissionBuf {inner: "lab.some.disclose".to_string()},
+                    read: PermissionBuf {inner: "lab.some.read".to_string()},
+                    write: PermissionBuf {inner: "lab.some.write".to_string()},
+                    manage: PermissionBuf {inner: "lab.some.manage".to_string()},
+                }
+            }
+        );
+
+        machines.insert(
+            "resource_b".to_string(),
+            MachineDescription {
+                name: "Resource B".to_string(),
+                description: Option::from("Some description".to_string()),
+                wiki: Option::from("Some wiki url".to_string()),
+                category: Option::from("Some category".to_string()),
+                privs: PrivilegesBuf {
+                    disclose: PermissionBuf {inner: "lab.some.disclose".to_string()},
+                    read: PermissionBuf {inner: "lab.some.read".to_string()},
+                    write: PermissionBuf {inner: "lab.some.write".to_string()},
+                    manage: PermissionBuf {inner: "lab.some.manage".to_string()},
+                }
+            }
+        );
 
         actors.insert(
-            "Actor".to_string(),
+            "actor_123".to_string(),
             ModuleConfig {
                 module: "Shelly".to_string(),
                 params: HashMap::new(),
             },
         );
+
         initiators.insert(
-            "Initiator".to_string(),
+            "initiator_123".to_string(),
             ModuleConfig {
-                module: "TCP-Listen".to_string(),
+                module: "Process".to_string(),
                 params: HashMap::new(),
             },
         );
 
         Config {
+            spacename: "fabaccess.sample.space".into(),
+            instanceurl: "https://fabaccess.sample.space".into(),
             listens: vec![Listen {
                 address: "127.0.0.1".to_string(),
                 port: None,
             }],
-            actors,
-            initiators,
-            machines,
-            mqtt_url: "tcp://localhost:1883".to_string(),
-            actor_connections: vec![("Testmachine".to_string(), "Actor".to_string())],
-            init_connections: vec![("Initiator".to_string(), "Testmachine".to_string())],
-
-            db_path: PathBuf::from("/var/lib/bffh/bffh.db"),
-            auditlog_path: PathBuf::from("/var/log/bffh/audit.json"),
-            roles: HashMap::new(),
-
             tlsconfig: TlsListen {
                 certfile: PathBuf::from("/etc/bffh/certs/bffh.crt"),
                 keyfile: PathBuf::from("/etc/bffh/certs/bffh.key"),
                 ..Default::default()
             },
-
             tlskeylog: None,
             verbosity: 0,
             logging: LogConfig::default(),
-            instanceurl: "".into(),
-            spacename: "".into(),
+            mqtt_url: "mqtt://127.0.0.1:1883".to_string(),
+            db_path: PathBuf::from("/var/lib/bffh/bffh.db"),
+            auditlog_path: PathBuf::from("/var/log/bffh/audit.json"),
+            roles,
+            machines,
+            actors,
+            actor_connections: vec![("actor_123".to_string(), "resource_a".to_string())],
+            initiators,
+            init_connections: vec![("initiator_123".to_string(), "resource_b".to_string())],
+
+
         }
     }
 }