generated from okp4/template-oss
-
Notifications
You must be signed in to change notification settings - Fork 128
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(logic): specify parameters for module logic
- Loading branch information
Showing
2 changed files
with
122 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,53 @@ | ||
syntax = "proto3"; | ||
|
||
package logic.v1beta; | ||
|
||
import "gogoproto/gogo.proto"; | ||
|
||
option go_package = "github.com/okp4/okp4d/x/logic/types"; | ||
|
||
// An ACL specifies the access permissions on the associated resource for an actor, as a combination of actions such as | ||
// read, write or delete. It is quite similar to UNIX file access permissions. | ||
// | ||
// Basically, an ACL is composed of: | ||
// - a tag that denotes the authorization scheme to use, for instance: the wallet address which specifies an authorization scheme based on this address; | ||
// - an optional tag qualifier that denotes the identifier in the tag scope. For instance the okp4 address of an actor for the tag "address"; | ||
// - a set of permissions, denoting the combination of actions an actor is allowed to perform on the resource. | ||
// | ||
// ACLs can be expressed in the compact form of a URN: | ||
// | ||
// <tag>:<qualifier>:[<permission>,]*<permission> | ||
// | ||
// Here are some examples of ACLs and a description of their effects: | ||
// | ||
// - `address:okp41jyz4hc5tuweugs2xjn5fxd8rqehv6t3nl6y3le:store,remove` : the actor with the given okp4 address under control is authorized to perform the action "store". | ||
// - `address::query` : any actor (with any address) is authorized to perform the action "query". | ||
message ACL { | ||
// Tag that denotes the authorization scheme to use. | ||
// Several different tags may exist, depending on the domain objects and the services that manages them. | ||
// | ||
// For instance: | ||
// - `address`: the ACL requires a specific wallet address. | ||
string tag = 1 | ||
[(gogoproto.moretags) = "yaml:\"tag\""]; | ||
|
||
// Qualifier that denotes the identifier in the tag scope. | ||
// Several different qualifiers may exist in the system, depending on the tag. | ||
// | ||
// For instance: | ||
// - `address`: for the tag `address`, the identifier represents the unique resource identifier of the user, e.g. `3AW302xlzVugABjjEJ`. | ||
string qualifier = 2 | ||
[(gogoproto.nullable) = true, (gogoproto.moretags) = "yaml:\"qualifier\""]; | ||
|
||
// Set of permissions (at least one). | ||
// Several different permissions may exist depending on the nature of the domain objects and the different operations supported by | ||
// these objects. | ||
// | ||
// - `store`: permission to store a program. | ||
// For instance: | ||
// - `remove`: permission to remove a program. | ||
// - `query`: permission to query a program. | ||
// - ... | ||
repeated string permissions = 3 | ||
[(gogoproto.moretags) = "yaml:\"permissions\""]; | ||
} |