Rename service visibility to scope.

generate/generate.go

@@ -105,8 +105,8 @@ func servicePermissions(root string) (*permissions.ServicePermissions, error) {
 			Tenant:  permissions.Tenant{},
 			Project: permissions.Project{},
 		}
-		methods    = permissions.Methods{}
-		visibility = permissions.Visibility{
+		methods = permissions.Methods{}
+		scope   = permissions.Scope{
 			Public: map[string]bool{
 				// Allow service reflection to list available methods
 				serverReflectionInfov1alpha1: true,
@@ -152,44 +152,44 @@ func servicePermissions(root string) (*permissions.ServicePermissions, error) {
 						switch *methodOpt.IdentifierValue {
 						case v1.TenantRole_TENANT_ROLE_OWNER.String():
 							roles.Tenant[v1.TenantRole_TENANT_ROLE_OWNER.String()] = append(roles.Tenant[v1.TenantRole_TENANT_ROLE_OWNER.String()], methodName)
-							visibility.Tenant[methodName] = true
+							scope.Tenant[methodName] = true
 						case v1.TenantRole_TENANT_ROLE_EDITOR.String():
 							roles.Tenant[v1.TenantRole_TENANT_ROLE_EDITOR.String()] = append(roles.Tenant[v1.TenantRole_TENANT_ROLE_EDITOR.String()], methodName)
-							visibility.Tenant[methodName] = true
+							scope.Tenant[methodName] = true
 						case v1.TenantRole_TENANT_ROLE_VIEWER.String():
 							roles.Tenant[v1.TenantRole_TENANT_ROLE_VIEWER.String()] = append(roles.Tenant[v1.TenantRole_TENANT_ROLE_VIEWER.String()], methodName)
-							visibility.Tenant[methodName] = true
+							scope.Tenant[methodName] = true
 						case v1.TenantRole_TENANT_ROLE_GUEST.String():
 							roles.Tenant[v1.TenantRole_TENANT_ROLE_GUEST.String()] = append(roles.Tenant[v1.TenantRole_TENANT_ROLE_GUEST.String()], methodName)
-							visibility.Tenant[methodName] = true
+							scope.Tenant[methodName] = true
 						case v1.TenantRole_TENANT_ROLE_UNSPECIFIED.String():
 							// noop
 						// Project
 						case v1.ProjectRole_PROJECT_ROLE_OWNER.String():
 							roles.Project[v1.ProjectRole_PROJECT_ROLE_OWNER.String()] = append(roles.Project[v1.ProjectRole_PROJECT_ROLE_OWNER.String()], methodName)
-							visibility.Project[methodName] = true
+							scope.Project[methodName] = true
 						case v1.ProjectRole_PROJECT_ROLE_EDITOR.String():
 							roles.Project[v1.ProjectRole_PROJECT_ROLE_EDITOR.String()] = append(roles.Project[v1.ProjectRole_PROJECT_ROLE_EDITOR.String()], methodName)
-							visibility.Project[methodName] = true
+							scope.Project[methodName] = true
 						case v1.ProjectRole_PROJECT_ROLE_VIEWER.String():
 							roles.Project[v1.ProjectRole_PROJECT_ROLE_VIEWER.String()] = append(roles.Project[v1.ProjectRole_PROJECT_ROLE_VIEWER.String()], methodName)
-							visibility.Project[methodName] = true
+							scope.Project[methodName] = true
 						case v1.ProjectRole_PROJECT_ROLE_UNSPECIFIED.String():
 							// noop
 						// Admin
 						case v1.AdminRole_ADMIN_ROLE_EDITOR.String():
 							roles.Admin[v1.AdminRole_ADMIN_ROLE_EDITOR.String()] = append(roles.Admin[v1.AdminRole_ADMIN_ROLE_EDITOR.String()], methodName)
-							visibility.Admin[methodName] = true
+							scope.Admin[methodName] = true
 						case v1.AdminRole_ADMIN_ROLE_VIEWER.String():
 							roles.Admin[v1.AdminRole_ADMIN_ROLE_VIEWER.String()] = append(roles.Admin[v1.AdminRole_ADMIN_ROLE_VIEWER.String()], methodName)
-							visibility.Admin[methodName] = true
+							scope.Admin[methodName] = true
 						case v1.AdminRole_ADMIN_ROLE_UNSPECIFIED.String():
 							// noop
 						// Visibility
 						case v1.Visibility_VISIBILITY_PUBLIC.String():
-							visibility.Public[methodName] = true
+							scope.Public[methodName] = true
 						case v1.Visibility_VISIBILITY_SELF.String():
-							visibility.Self[methodName] = true
+							scope.Self[methodName] = true
 						case v1.Visibility_VISIBILITY_UNSPECIFIED.String():
 							// noop
 						// Chargeable
@@ -221,7 +221,7 @@ func servicePermissions(root string) (*permissions.ServicePermissions, error) {
 	sp := &permissions.ServicePermissions{
 		Roles:      roles,
 		Methods:    methods,
-		Visibility: visibility,
+		Scope:      scope,
 		Chargeable: chargeable,
 		Auditable:  auditable,
 		Services:   services,

generate/go_servicepermissions.tpl

@@ -49,29 +49,29 @@ func GetServicePermissions() *ServicePermissions {
 	"{{ $key }}": {{ $value }} ,
 {{- end }}
 		},
-		Visibility: Visibility{
+		Scope: Scope{
 			Public:  map[string]bool{
-{{- range $key, $value := .Visibility.Public }}
+{{- range $key, $value := .Scope.Public }}
 	"{{ $key }}": {{ $value }} ,
 {{- end }}
 			},
 			Self:    map[string]bool{
-{{- range $key, $value := .Visibility.Self }}
+{{- range $key, $value := .Scope.Self }}
 	"{{ $key }}": {{ $value }} ,
 {{- end }}
 			},
 			Admin:    map[string]bool{
-{{- range $key, $value := .Visibility.Admin }}
+{{- range $key, $value := .Scope.Admin }}
 	"{{ $key }}": {{ $value }} ,
 {{- end }}
 			},
 			Tenant:    map[string]bool{
-{{- range $key, $value := .Visibility.Tenant }}
+{{- range $key, $value := .Scope.Tenant }}
 	"{{ $key }}": {{ $value }} ,
 {{- end }}
 			},
 			Project:    map[string]bool{
-{{- range $key, $value := .Visibility.Project }}
+{{- range $key, $value := .Scope.Project }}
 	"{{ $key }}": {{ $value }} ,
 {{- end }}
 			},
@@ -90,27 +90,27 @@ func GetServicePermissions() *ServicePermissions {
 }
 
 func IsPublicScope(req connect.AnyRequest) bool {
-	_, ok := GetServicePermissions().Visibility.Public[req.Spec().Procedure]
+	_, ok := GetServicePermissions().Scope.Public[req.Spec().Procedure]
 	return ok
 }
 
 func IsSelfScope(req connect.AnyRequest) bool {
-	_, ok := GetServicePermissions().Visibility.Self[req.Spec().Procedure]
+	_, ok := GetServicePermissions().Scope.Self[req.Spec().Procedure]
 	return ok
 }
 
 func IsAdminScope(req connect.AnyRequest) bool {
-	_, ok := GetServicePermissions().Visibility.Admin[req.Spec().Procedure]
+	_, ok := GetServicePermissions().Scope.Admin[req.Spec().Procedure]
 	return ok
 }
 
 func IsTenantScope(req connect.AnyRequest) bool {
-	_, ok := GetServicePermissions().Visibility.Tenant[req.Spec().Procedure]
+	_, ok := GetServicePermissions().Scope.Tenant[req.Spec().Procedure]
 	return ok
 }
 
 func IsProjectScope(req connect.AnyRequest) bool {
-	_, ok := GetServicePermissions().Visibility.Project[req.Spec().Procedure]
+	_, ok := GetServicePermissions().Scope.Project[req.Spec().Procedure]
 	return ok
 }
 
@@ -144,4 +144,4 @@ func GetProjectFromRequest(req connect.AnyRequest) (string, bool) {
 		return rq.GetProject(), true
 	}
 	return "", false
-}
+}

go/permissions/permissions.go

@@ -7,11 +7,12 @@ import (
 type ServicePermissions struct {
 	Roles      Roles      `json:"roles"`
 	Methods    Methods    `json:"methods"`
-	Visibility Visibility `json:"visibility"`
+	Scope      Scope      `json:"scope"`
 	Chargeable Chargeable `json:"chargeable,omitempty"`
 	Auditable  Auditable  `json:"auditable,omitempty"`
 	Services   []string   `json:"services,omitempty"`
 }
+
 type (
 	Methods map[string]bool
 
@@ -23,16 +24,15 @@ type (
 	Project map[string][]string
 )
 
-// Roles
 type Roles struct {
 	Admin   Admin   `json:"admin,omitempty"`
 	Tenant  Tenant  `json:"tenant,omitempty"`
 	Project Project `json:"project,omitempty"`
 }
 
-type Visibility struct {
-	Public map[string]bool `json:"public,omitempty"`
-	Self   map[string]bool `json:"self,omitempty"`
+type Scope struct {
+	Public  map[string]bool `json:"public,omitempty"`
+	Self    map[string]bool `json:"self,omitempty"`
 	Admin   map[string]bool `json:"admin,omitempty"`
 	Tenant  map[string]bool `json:"tenant,omitempty"`
 	Project map[string]bool `json:"project,omitempty"`

go/permissions/permissions_test.go

@@ -10,5 +10,5 @@ func TestGetServicePermissions(t *testing.T) {
 	perms := GetServicePermissions()
 	require.NotNil(t, perms)
 	require.Contains(t, perms.Methods, "/api.v1.AssetService/List")
-	require.Contains(t, perms.Visibility.Self, "/api.v1.TokenService/Create")
+	require.Contains(t, perms.Scope.Self, "/api.v1.TokenService/Create")
 }

js/permissions/servicepermissions.json

@@ -230,7 +230,7 @@
     "/status.v1.MessageService/List": true,
     "/status.v1.StatusService/Get": true
   },
-  "visibility": {
+  "scope": {
     "public": {
       "/api.v1.AssetService/List": true,
       "/api.v1.HealthService/Get": true,