aboutsummaryrefslogtreecommitdiff
path: root/src/model/permission.rs
blob: b8f7dd71ef8566b196647b0939657ef8f5723579 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
use std::cmp::Ordering;

use serde::{Deserialize, Serialize};

use garage_util::crdt::*;

/// Permission given to a key in a bucket
#[derive(PartialOrd, Ord, PartialEq, Eq, Clone, Copy, Debug, Serialize, Deserialize)]
pub struct BucketKeyPerm {
	/// Timestamp at which the permission was given
	pub timestamp: u64,

	/// The key can be used to read the bucket
	pub allow_read: bool,
	/// The key can be used to write objects to the bucket
	pub allow_write: bool,
	/// The key can be used to control other aspects of the bucket:
	/// - enable / disable website access
	/// - delete bucket
	pub allow_owner: bool,
}

impl BucketKeyPerm {
	pub fn no_permissions() -> Self {
		Self {
			timestamp: 0,
			allow_read: false,
			allow_write: false,
			allow_owner: false,
		}
	}
}

impl Crdt for BucketKeyPerm {
	fn merge(&mut self, other: &Self) {
		match other.timestamp.cmp(&self.timestamp) {
			Ordering::Greater => {
				*self = *other;
			}
			Ordering::Equal if other != self => {
				warn!("Different permission sets with same timestamp: {:?} and {:?}, merging to most restricted permission set.", self, other);
				if !other.allow_read {
					self.allow_read = false;
				}
				if !other.allow_write {
					self.allow_write = false;
				}
				if !other.allow_owner {
					self.allow_owner = false;
				}
			}
			_ => (),
		}
	}
}