From 018e6f4c08f3b12483334d71e3b873926da2f1d5 Mon Sep 17 00:00:00 2001 From: Gerrit Date: Mon, 3 Mar 2025 11:03:35 +0100 Subject: [PATCH] Rename service visibility to scope. --- generate/generate.go | 28 +++++++++++++------------- generate/go_servicepermissions.tpl | 24 +++++++++++----------- go/permissions/permissions.go | 10 ++++----- go/permissions/permissions_test.go | 2 +- go/permissions/servicepermissions.go | 12 +++++------ js/permissions/servicepermissions.json | 2 +- 6 files changed, 39 insertions(+), 39 deletions(-) diff --git a/generate/generate.go b/generate/generate.go index c2905780..fff36cb8 100644 --- a/generate/generate.go +++ b/generate/generate.go @@ -105,8 +105,8 @@ func servicePermissions(root string) (*permissions.ServicePermissions, error) { Tenant: permissions.Tenant{}, Project: permissions.Project{}, } - methods = permissions.Methods{} - visibility = permissions.Visibility{ + methods = permissions.Methods{} + scope = permissions.Scope{ Public: map[string]bool{ // Allow service reflection to list available methods serverReflectionInfov1alpha1: true, @@ -152,44 +152,44 @@ func servicePermissions(root string) (*permissions.ServicePermissions, error) { switch *methodOpt.IdentifierValue { case v1.TenantRole_TENANT_ROLE_OWNER.String(): roles.Tenant[v1.TenantRole_TENANT_ROLE_OWNER.String()] = append(roles.Tenant[v1.TenantRole_TENANT_ROLE_OWNER.String()], methodName) - visibility.Tenant[methodName] = true + scope.Tenant[methodName] = true case v1.TenantRole_TENANT_ROLE_EDITOR.String(): roles.Tenant[v1.TenantRole_TENANT_ROLE_EDITOR.String()] = append(roles.Tenant[v1.TenantRole_TENANT_ROLE_EDITOR.String()], methodName) - visibility.Tenant[methodName] = true + scope.Tenant[methodName] = true case v1.TenantRole_TENANT_ROLE_VIEWER.String(): roles.Tenant[v1.TenantRole_TENANT_ROLE_VIEWER.String()] = append(roles.Tenant[v1.TenantRole_TENANT_ROLE_VIEWER.String()], methodName) - visibility.Tenant[methodName] = true + scope.Tenant[methodName] = true case v1.TenantRole_TENANT_ROLE_GUEST.String(): roles.Tenant[v1.TenantRole_TENANT_ROLE_GUEST.String()] = append(roles.Tenant[v1.TenantRole_TENANT_ROLE_GUEST.String()], methodName) - visibility.Tenant[methodName] = true + scope.Tenant[methodName] = true case v1.TenantRole_TENANT_ROLE_UNSPECIFIED.String(): // noop // Project case v1.ProjectRole_PROJECT_ROLE_OWNER.String(): roles.Project[v1.ProjectRole_PROJECT_ROLE_OWNER.String()] = append(roles.Project[v1.ProjectRole_PROJECT_ROLE_OWNER.String()], methodName) - visibility.Project[methodName] = true + scope.Project[methodName] = true case v1.ProjectRole_PROJECT_ROLE_EDITOR.String(): roles.Project[v1.ProjectRole_PROJECT_ROLE_EDITOR.String()] = append(roles.Project[v1.ProjectRole_PROJECT_ROLE_EDITOR.String()], methodName) - visibility.Project[methodName] = true + scope.Project[methodName] = true case v1.ProjectRole_PROJECT_ROLE_VIEWER.String(): roles.Project[v1.ProjectRole_PROJECT_ROLE_VIEWER.String()] = append(roles.Project[v1.ProjectRole_PROJECT_ROLE_VIEWER.String()], methodName) - visibility.Project[methodName] = true + scope.Project[methodName] = true case v1.ProjectRole_PROJECT_ROLE_UNSPECIFIED.String(): // noop // Admin case v1.AdminRole_ADMIN_ROLE_EDITOR.String(): roles.Admin[v1.AdminRole_ADMIN_ROLE_EDITOR.String()] = append(roles.Admin[v1.AdminRole_ADMIN_ROLE_EDITOR.String()], methodName) - visibility.Admin[methodName] = true + scope.Admin[methodName] = true case v1.AdminRole_ADMIN_ROLE_VIEWER.String(): roles.Admin[v1.AdminRole_ADMIN_ROLE_VIEWER.String()] = append(roles.Admin[v1.AdminRole_ADMIN_ROLE_VIEWER.String()], methodName) - visibility.Admin[methodName] = true + scope.Admin[methodName] = true case v1.AdminRole_ADMIN_ROLE_UNSPECIFIED.String(): // noop // Visibility case v1.Visibility_VISIBILITY_PUBLIC.String(): - visibility.Public[methodName] = true + scope.Public[methodName] = true case v1.Visibility_VISIBILITY_SELF.String(): - visibility.Self[methodName] = true + scope.Self[methodName] = true case v1.Visibility_VISIBILITY_UNSPECIFIED.String(): // noop // Chargeable @@ -221,7 +221,7 @@ func servicePermissions(root string) (*permissions.ServicePermissions, error) { sp := &permissions.ServicePermissions{ Roles: roles, Methods: methods, - Visibility: visibility, + Scope: scope, Chargeable: chargeable, Auditable: auditable, Services: services, diff --git a/generate/go_servicepermissions.tpl b/generate/go_servicepermissions.tpl index c1647675..b85b3a2d 100644 --- a/generate/go_servicepermissions.tpl +++ b/generate/go_servicepermissions.tpl @@ -49,29 +49,29 @@ func GetServicePermissions() *ServicePermissions { "{{ $key }}": {{ $value }} , {{- end }} }, - Visibility: Visibility{ + Scope: Scope{ Public: map[string]bool{ -{{- range $key, $value := .Visibility.Public }} +{{- range $key, $value := .Scope.Public }} "{{ $key }}": {{ $value }} , {{- end }} }, Self: map[string]bool{ -{{- range $key, $value := .Visibility.Self }} +{{- range $key, $value := .Scope.Self }} "{{ $key }}": {{ $value }} , {{- end }} }, Admin: map[string]bool{ -{{- range $key, $value := .Visibility.Admin }} +{{- range $key, $value := .Scope.Admin }} "{{ $key }}": {{ $value }} , {{- end }} }, Tenant: map[string]bool{ -{{- range $key, $value := .Visibility.Tenant }} +{{- range $key, $value := .Scope.Tenant }} "{{ $key }}": {{ $value }} , {{- end }} }, Project: map[string]bool{ -{{- range $key, $value := .Visibility.Project }} +{{- range $key, $value := .Scope.Project }} "{{ $key }}": {{ $value }} , {{- end }} }, @@ -90,27 +90,27 @@ func GetServicePermissions() *ServicePermissions { } func IsPublicScope(req connect.AnyRequest) bool { - _, ok := GetServicePermissions().Visibility.Public[req.Spec().Procedure] + _, ok := GetServicePermissions().Scope.Public[req.Spec().Procedure] return ok } func IsSelfScope(req connect.AnyRequest) bool { - _, ok := GetServicePermissions().Visibility.Self[req.Spec().Procedure] + _, ok := GetServicePermissions().Scope.Self[req.Spec().Procedure] return ok } func IsAdminScope(req connect.AnyRequest) bool { - _, ok := GetServicePermissions().Visibility.Admin[req.Spec().Procedure] + _, ok := GetServicePermissions().Scope.Admin[req.Spec().Procedure] return ok } func IsTenantScope(req connect.AnyRequest) bool { - _, ok := GetServicePermissions().Visibility.Tenant[req.Spec().Procedure] + _, ok := GetServicePermissions().Scope.Tenant[req.Spec().Procedure] return ok } func IsProjectScope(req connect.AnyRequest) bool { - _, ok := GetServicePermissions().Visibility.Project[req.Spec().Procedure] + _, ok := GetServicePermissions().Scope.Project[req.Spec().Procedure] return ok } @@ -144,4 +144,4 @@ func GetProjectFromRequest(req connect.AnyRequest) (string, bool) { return rq.GetProject(), true } return "", false -} \ No newline at end of file +} diff --git a/go/permissions/permissions.go b/go/permissions/permissions.go index 38c12101..9a2b507e 100644 --- a/go/permissions/permissions.go +++ b/go/permissions/permissions.go @@ -7,11 +7,12 @@ import ( type ServicePermissions struct { Roles Roles `json:"roles"` Methods Methods `json:"methods"` - Visibility Visibility `json:"visibility"` + Scope Scope `json:"scope"` Chargeable Chargeable `json:"chargeable,omitempty"` Auditable Auditable `json:"auditable,omitempty"` Services []string `json:"services,omitempty"` } + type ( Methods map[string]bool @@ -23,16 +24,15 @@ type ( Project map[string][]string ) -// Roles type Roles struct { Admin Admin `json:"admin,omitempty"` Tenant Tenant `json:"tenant,omitempty"` Project Project `json:"project,omitempty"` } -type Visibility struct { - Public map[string]bool `json:"public,omitempty"` - Self map[string]bool `json:"self,omitempty"` +type Scope struct { + Public map[string]bool `json:"public,omitempty"` + Self map[string]bool `json:"self,omitempty"` Admin map[string]bool `json:"admin,omitempty"` Tenant map[string]bool `json:"tenant,omitempty"` Project map[string]bool `json:"project,omitempty"` diff --git a/go/permissions/permissions_test.go b/go/permissions/permissions_test.go index 3a6c4370..ce4ac937 100644 --- a/go/permissions/permissions_test.go +++ b/go/permissions/permissions_test.go @@ -10,5 +10,5 @@ func TestGetServicePermissions(t *testing.T) { perms := GetServicePermissions() require.NotNil(t, perms) require.Contains(t, perms.Methods, "/api.v1.AssetService/List") - require.Contains(t, perms.Visibility.Self, "/api.v1.TokenService/Create") + require.Contains(t, perms.Scope.Self, "/api.v1.TokenService/Create") } diff --git a/go/permissions/servicepermissions.go b/go/permissions/servicepermissions.go index 4ae8c633..189752cc 100755 --- a/go/permissions/servicepermissions.go +++ b/go/permissions/servicepermissions.go @@ -264,7 +264,7 @@ func GetServicePermissions() *ServicePermissions { "/status.v1.MessageService/List": true, "/status.v1.StatusService/Get": true, }, - Visibility: Visibility{ + Scope: Scope{ Public: map[string]bool{ "/api.v1.AssetService/List": true, "/api.v1.HealthService/Get": true, @@ -458,27 +458,27 @@ func GetServicePermissions() *ServicePermissions { } func IsPublicScope(req connect.AnyRequest) bool { - _, ok := GetServicePermissions().Visibility.Public[req.Spec().Procedure] + _, ok := GetServicePermissions().Scope.Public[req.Spec().Procedure] return ok } func IsSelfScope(req connect.AnyRequest) bool { - _, ok := GetServicePermissions().Visibility.Self[req.Spec().Procedure] + _, ok := GetServicePermissions().Scope.Self[req.Spec().Procedure] return ok } func IsAdminScope(req connect.AnyRequest) bool { - _, ok := GetServicePermissions().Visibility.Admin[req.Spec().Procedure] + _, ok := GetServicePermissions().Scope.Admin[req.Spec().Procedure] return ok } func IsTenantScope(req connect.AnyRequest) bool { - _, ok := GetServicePermissions().Visibility.Tenant[req.Spec().Procedure] + _, ok := GetServicePermissions().Scope.Tenant[req.Spec().Procedure] return ok } func IsProjectScope(req connect.AnyRequest) bool { - _, ok := GetServicePermissions().Visibility.Project[req.Spec().Procedure] + _, ok := GetServicePermissions().Scope.Project[req.Spec().Procedure] return ok } diff --git a/js/permissions/servicepermissions.json b/js/permissions/servicepermissions.json index afe3ae1f..736e209d 100755 --- a/js/permissions/servicepermissions.json +++ b/js/permissions/servicepermissions.json @@ -230,7 +230,7 @@ "/status.v1.MessageService/List": true, "/status.v1.StatusService/Get": true }, - "visibility": { + "scope": { "public": { "/api.v1.AssetService/List": true, "/api.v1.HealthService/Get": true,