mirror of
https://github.com/opencloud-eu/opencloud.git
synced 2026-01-05 03:40:01 -06:00
refactor settings/pkg/store/defaults
Signed-off-by: jkoberg <jkoberg@owncloud.com>
This commit is contained in:
jkoberg
@@ -220,7 +220,7 @@ func (g Graph) GetSingleDrive(w http.ResponseWriter, r *http.Request) {
|
||||
|
||||
func (g Graph) canCreateSpace(ctx context.Context, ownPersonalHome bool) bool {
|
||||
pr, err := g.permissionsService.GetPermissionByID(ctx, &settingssvc.GetPermissionByIDRequest{
|
||||
PermissionId: settingsServiceExt.CreateSpacePermissionID,
|
||||
PermissionId: settingsServiceExt.CreateSpacesPermission(0).Id,
|
||||
})
|
||||
if err != nil || pr.Permission == nil {
|
||||
return false
|
||||
@@ -586,13 +586,13 @@ func (g Graph) ListStorageSpacesWithFilters(ctx context.Context, filters []*stor
|
||||
s := settingssvc.NewPermissionService("com.owncloud.api.settings", grpcClient)
|
||||
|
||||
_, err = s.GetPermissionByID(ctx, &settingssvc.GetPermissionByIDRequest{
|
||||
PermissionId: settingsServiceExt.ListAllSpacesPermissionID,
|
||||
PermissionId: settingsServiceExt.ListSpacesPermission(0).Id,
|
||||
})
|
||||
|
||||
permissions := make(map[string]struct{}, 1)
|
||||
// No error means the user has the permission
|
||||
if err == nil {
|
||||
permissions[settingsServiceExt.ListAllSpacesPermissionName] = struct{}{}
|
||||
permissions[settingsServiceExt.ListSpacesPermission(0).Id] = struct{}{}
|
||||
}
|
||||
value, err := json.Marshal(permissions)
|
||||
if err != nil {
|
||||
@@ -930,10 +930,10 @@ func getQuota(quota *libregraph.Quota, defaultQuota string) *storageprovider.Quo
|
||||
}
|
||||
}
|
||||
|
||||
func (g Graph) canSetSpaceQuota(ctx context.Context, user *userv1beta1.User, typ string) (bool, error) {
|
||||
permID := settingsServiceExt.SetPersonalSpaceQuotaPermissionID
|
||||
func (g Graph) canSetSpaceQuota(ctx context.Context, _ *userv1beta1.User, typ string) (bool, error) {
|
||||
permID := settingsServiceExt.SetPersonalSpaceQuotaPermission(0).Id
|
||||
if typ == _spaceTypeProject {
|
||||
permID = settingsServiceExt.SetProjectSpaceQuotaPermissionID
|
||||
permID = settingsServiceExt.SetProjectSpaceQuotaPermission(0).Id
|
||||
}
|
||||
_, err := g.permissionsService.GetPermissionByID(ctx, &settingssvc.GetPermissionByIDRequest{PermissionId: permID})
|
||||
if err != nil {
|
||||
|
||||
@@ -8,122 +8,20 @@ import (
|
||||
const (
|
||||
// BundleUUIDRoleAdmin represents the admin role
|
||||
BundleUUIDRoleAdmin = "71881883-1768-46bd-a24d-a356a2afdf7f"
|
||||
|
||||
// BundleUUIDRoleSpaceAdmin represents the space admin role
|
||||
BundleUUIDRoleSpaceAdmin = "2aadd357-682c-406b-8874-293091995fdd"
|
||||
|
||||
// BundleUUIDRoleUser represents the user role.
|
||||
BundleUUIDRoleUser = "d7beeea8-8ff4-406b-8fb6-ab2dd81e6b11"
|
||||
|
||||
// BundleUUIDRoleUserLight represents the user light role.
|
||||
BundleUUIDRoleUserLight = "38071a68-456a-4553-846a-fa67bf5596cc"
|
||||
|
||||
// BundleUUIDProfile represents the user profile
|
||||
BundleUUIDProfile = "2a506de7-99bd-4f0d-994e-c38e72c28fd9"
|
||||
|
||||
// RoleManagementPermissionID is the hardcoded setting UUID for the role management permission
|
||||
RoleManagementPermissionID string = "a53e601e-571f-4f86-8fec-d4576ef49c62"
|
||||
// RoleManagementPermissionName is the hardcoded setting name for the role management permission
|
||||
RoleManagementPermissionName string = "Roles.ReadWrite"
|
||||
|
||||
// SettingsManagementPermissionID is the hardcoded setting UUID for the settings management permission
|
||||
SettingsManagementPermissionID string = "3d58f441-4a05-42f8-9411-ef5874528ae1"
|
||||
// SettingsManagementPermissionName is the hardcoded setting name for the settings management permission
|
||||
SettingsManagementPermissionName string = "Settings.ReadWrite"
|
||||
|
||||
// LanguageReadWriteID is the hardcoded setting UUID for the language read write all permission
|
||||
LanguageReadWriteID string = "7d81f103-0488-4853-bce5-98dcce36d649"
|
||||
// LanguageReadWriteName is the hardcoded setting name for the language read write all permission
|
||||
LanguageReadWriteName string = "Language.ReadWrite"
|
||||
|
||||
// DisableEmailNotificationsPermissionID is the hardcoded setting UUID for the disable email notifications permission
|
||||
DisableEmailNotificationsPermissionID string = "ad5bb5e5-dc13-4cd3-9304-09a424564ea8"
|
||||
// DisableEmailNotificationsPermissionName is the hardcoded setting name for the disable email notifications permission
|
||||
DisableEmailNotificationsPermissionName string = "EmailNotifications.ReadWriteDisabled"
|
||||
// DisableEmailNotificationsPermissionDisplayName is the hardcoded setting name for the disable email notifications permission
|
||||
DisableEmailNotificationsPermissionDisplayName string = "Disable Email Notifications"
|
||||
|
||||
// AutoAcceptSharesPermissionID is the hardcoded setting UUID for the disable email notifications permission
|
||||
AutoAcceptSharesPermissionID string = "4e41363c-a058-40a5-aec8-958897511209"
|
||||
// AutoAcceptSharesPermissionName is the hardcoded setting name for the disable email notifications permission
|
||||
AutoAcceptSharesPermissionName string = "AutoAcceptShares.ReadWriteDisabled"
|
||||
// AutoAcceptSharesPermissionDisplayName is the hardcoded setting name for the disable email notifications permission
|
||||
AutoAcceptSharesPermissionDisplayName string = "enable/disable auto accept shares"
|
||||
|
||||
// SetPersonalSpaceQuotaPermissionID is the hardcoded setting UUID for the set personal space quota permission
|
||||
SetPersonalSpaceQuotaPermissionID string = "4e6f9709-f9e7-44f1-95d4-b762d27b7896"
|
||||
// SetPersonalSpaceQuotaPermissionName is the hardcoded setting name for the set personal space quota permission
|
||||
SetPersonalSpaceQuotaPermissionName string = "Drives.ReadWritePersonalQuota"
|
||||
|
||||
// SetProjectSpaceQuotaPermissionID is the hardcoded setting UUID for the set project space quota permission
|
||||
SetProjectSpaceQuotaPermissionID string = "977f0ae6-0da2-4856-93f3-22e0a8482489"
|
||||
// SetProjectSpaceQuotaPermissionName is the hardcoded setting name for the set project space quota permission
|
||||
SetProjectSpaceQuotaPermissionName string = "Drives.ReadWriteProjectQuota"
|
||||
|
||||
// ListAllSpacesPermissionID is the hardcoded setting UUID for the list all spaces permission
|
||||
ListAllSpacesPermissionID string = "016f6ddd-9501-4a0a-8ebe-64a20ee8ec82"
|
||||
// ListAllSpacesPermissionName is the hardcoded setting name for the list all spaces permission
|
||||
ListAllSpacesPermissionName string = "Drives.List"
|
||||
|
||||
// CreateSpacePermissionID is the hardcoded setting UUID for the create space permission
|
||||
CreateSpacePermissionID string = "79e13b30-3e22-11eb-bc51-0b9f0bad9a58"
|
||||
// CreateSpacePermissionName is the hardcoded setting name for the create space permission
|
||||
CreateSpacePermissionName string = "Drives.Create"
|
||||
|
||||
// DeleteHomeSpacesPermissionID is the hardcoded setting UUID for the delete home space permission
|
||||
DeleteHomeSpacesPermissionID string = "5de9fe0a-4bc5-4a47-b758-28f370caf169"
|
||||
// DeleteHomeSpacesPermissionName is the hardcoded setting name for the delete home space permission
|
||||
DeleteHomeSpacesPermissionName string = "Drives.DeletePersonal"
|
||||
|
||||
// DeleteAllSpacesPermissionID is the hardcoded setting UUID for the delete all spaces permission
|
||||
DeleteAllSpacesPermissionID string = "fb60b004-c1fa-4f09-bf87-55ce7d46ac61"
|
||||
// DeleteAllSpacesPermissionName is the hardcoded setting name for the delete all space permission
|
||||
DeleteAllSpacesPermissionName string = "Drives.DeleteProject"
|
||||
|
||||
// ManageSpacePropertiesPermissionID is the hardcoded setting UUID for the manage space properties permission
|
||||
ManageSpacePropertiesPermissionID string = "b44b4054-31a2-42b8-bb71-968b15cfbd4f"
|
||||
// ManageSpacePropertiesPermissionName is the hardcoded setting name for the manage space properties permission
|
||||
ManageSpacePropertiesPermissionName string = "Drives.ReadWrite"
|
||||
|
||||
// SpaceAbilityPermissionID is the hardcoded setting UUID for the space ability permission
|
||||
SpaceAbilityPermissionID string = "cf3faa8c-50d9-4f84-9650-ff9faf21aa9d"
|
||||
// SpaceAbilityPermissionName is the hardcoded setting name for the space ability permission
|
||||
SpaceAbilityPermissionName string = "Drives.ReadWriteEnabled"
|
||||
|
||||
// SettingUUIDProfileLanguage is the hardcoded setting UUID for the user profile language
|
||||
SettingUUIDProfileLanguage = "aa8cfbe5-95d4-4f7e-a032-c3c01f5f062f"
|
||||
// SettingUUIDProfileDisableNotifications is the hardcoded setting UUID for the disable notifications setting
|
||||
SettingUUIDProfileDisableNotifications = "33ffb5d6-cd07-4dc0-afb0-84f7559ae438"
|
||||
// SettingUUIDProfileAutoAcceptShares is the hardcoded setting UUID for the disable notifications setting
|
||||
SettingUUIDProfileAutoAcceptShares = "ec3ed4a3-3946-4efc-8f9f-76d38b12d3a9"
|
||||
|
||||
// AccountManagementPermissionID is the hardcoded setting UUID for the account management permission
|
||||
AccountManagementPermissionID string = "8e587774-d929-4215-910b-a317b1e80f73"
|
||||
// AccountManagementPermissionName is the hardcoded setting name for the account management permission
|
||||
AccountManagementPermissionName string = "Accounts.ReadWrite"
|
||||
// GroupManagementPermissionID is the hardcoded setting UUID for the group management permission
|
||||
GroupManagementPermissionID string = "522adfbe-5908-45b4-b135-41979de73245"
|
||||
// GroupManagementPermissionName is the hardcoded setting name for the group management permission
|
||||
GroupManagementPermissionName string = "Groups.ReadWrite"
|
||||
// SelfManagementPermissionID is the hardcoded setting UUID for the self management permission
|
||||
SelfManagementPermissionID string = "e03070e9-4362-4cc6-a872-1c7cb2eb2b8e"
|
||||
// SelfManagementPermissionName is the hardcoded setting name for the self management permission
|
||||
SelfManagementPermissionName string = "Self.ReadWrite"
|
||||
|
||||
// ChangeLogoPermissionID is the hardcoded setting UUID for the change-logo permission
|
||||
ChangeLogoPermissionID string = "ed83fc10-1f54-4a9e-b5a7-fb517f5f3e01"
|
||||
// ChangeLogoPermissionName is the hardcoded setting name for the change-logo permission
|
||||
ChangeLogoPermissionName string = "Logo.Write"
|
||||
|
||||
// WritePublicLinkPermissionID is the hardcoded setting UUID for the PublicLink.Write permission
|
||||
WritePublicLinkPermissionID string = "11516bbd-7157-49e1-b6ac-d00c820f980b"
|
||||
// WritePublicLinkPermissionName is the hardcoded setting name for the PublicLink.Write permission
|
||||
WritePublicLinkPermissionName string = "PublicLink.Write"
|
||||
|
||||
// DeleteReadOnlyPublicLinkPasswordID is the hardcoded setting UUID for the ReadOnlyPublicLinkPassword.Delete permission
|
||||
DeleteReadOnlyPublicLinkPasswordID string = "e9a697c5-c67b-40fc-982b-bcf628e9916d"
|
||||
// DeleteReadOnlyPublicLinkPasswordName is the hardcoded setting name for the ReadOnlyPublicLinkPassword.Delete permission
|
||||
DeleteReadOnlyPublicLinkPasswordName string = "ReadOnlyPublicLinkPassword.Delete"
|
||||
)
|
||||
|
||||
// GenerateBundlesDefaultRoles bootstraps the default roles.
|
||||
@@ -148,280 +46,24 @@ func generateBundleAdminRole() *settingsmsg.Bundle {
|
||||
Type: settingsmsg.Resource_TYPE_SYSTEM,
|
||||
},
|
||||
Settings: []*settingsmsg.Setting{
|
||||
{
|
||||
Id: RoleManagementPermissionID,
|
||||
Name: RoleManagementPermissionName,
|
||||
DisplayName: "Role Management",
|
||||
Description: "This permission gives full access to everything that is related to role management.",
|
||||
Resource: &settingsmsg.Resource{
|
||||
Type: settingsmsg.Resource_TYPE_USER,
|
||||
Id: "all",
|
||||
},
|
||||
Value: &settingsmsg.Setting_PermissionValue{
|
||||
PermissionValue: &settingsmsg.Permission{
|
||||
Operation: settingsmsg.Permission_OPERATION_READWRITE,
|
||||
Constraint: settingsmsg.Permission_CONSTRAINT_ALL,
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
Id: SettingsManagementPermissionID,
|
||||
Name: SettingsManagementPermissionName,
|
||||
DisplayName: "Settings Management",
|
||||
Description: "This permission gives full access to everything that is related to settings management.",
|
||||
Resource: &settingsmsg.Resource{
|
||||
Type: settingsmsg.Resource_TYPE_USER,
|
||||
Id: "all",
|
||||
},
|
||||
Value: &settingsmsg.Setting_PermissionValue{
|
||||
PermissionValue: &settingsmsg.Permission{
|
||||
Operation: settingsmsg.Permission_OPERATION_READWRITE,
|
||||
Constraint: settingsmsg.Permission_CONSTRAINT_ALL,
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
Id: LanguageReadWriteID,
|
||||
Name: LanguageReadWriteName,
|
||||
DisplayName: "Permission to read and set the language (anyone)",
|
||||
Resource: &settingsmsg.Resource{
|
||||
Type: settingsmsg.Resource_TYPE_SETTING,
|
||||
Id: SettingUUIDProfileLanguage,
|
||||
},
|
||||
Value: &settingsmsg.Setting_PermissionValue{
|
||||
PermissionValue: &settingsmsg.Permission{
|
||||
Operation: settingsmsg.Permission_OPERATION_READWRITE,
|
||||
Constraint: settingsmsg.Permission_CONSTRAINT_ALL,
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
Id: DisableEmailNotificationsPermissionID,
|
||||
Name: DisableEmailNotificationsPermissionName,
|
||||
DisplayName: DisableEmailNotificationsPermissionDisplayName,
|
||||
Resource: &settingsmsg.Resource{
|
||||
Type: settingsmsg.Resource_TYPE_SETTING,
|
||||
Id: SettingUUIDProfileDisableNotifications,
|
||||
},
|
||||
Value: &settingsmsg.Setting_PermissionValue{
|
||||
PermissionValue: &settingsmsg.Permission{
|
||||
Operation: settingsmsg.Permission_OPERATION_READWRITE,
|
||||
Constraint: settingsmsg.Permission_CONSTRAINT_OWN,
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
Id: AutoAcceptSharesPermissionID,
|
||||
Name: AutoAcceptSharesPermissionName,
|
||||
DisplayName: AutoAcceptSharesPermissionDisplayName,
|
||||
Resource: &settingsmsg.Resource{
|
||||
Type: settingsmsg.Resource_TYPE_SETTING,
|
||||
Id: SettingUUIDProfileAutoAcceptShares,
|
||||
},
|
||||
Value: &settingsmsg.Setting_PermissionValue{
|
||||
PermissionValue: &settingsmsg.Permission{
|
||||
Operation: settingsmsg.Permission_OPERATION_READWRITE,
|
||||
Constraint: settingsmsg.Permission_CONSTRAINT_OWN,
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
Id: AccountManagementPermissionID,
|
||||
Name: AccountManagementPermissionName,
|
||||
DisplayName: "Account Management",
|
||||
Description: "This permission gives full access to everything that is related to account management.",
|
||||
Resource: &settingsmsg.Resource{
|
||||
Type: settingsmsg.Resource_TYPE_USER,
|
||||
Id: "all",
|
||||
},
|
||||
Value: &settingsmsg.Setting_PermissionValue{
|
||||
PermissionValue: &settingsmsg.Permission{
|
||||
Operation: settingsmsg.Permission_OPERATION_READWRITE,
|
||||
Constraint: settingsmsg.Permission_CONSTRAINT_ALL,
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
Id: GroupManagementPermissionID,
|
||||
Name: GroupManagementPermissionName,
|
||||
DisplayName: "Group Management",
|
||||
Description: "This permission gives full access to everything that is related to group management.",
|
||||
Resource: &settingsmsg.Resource{
|
||||
Type: settingsmsg.Resource_TYPE_GROUP,
|
||||
Id: "all",
|
||||
},
|
||||
Value: &settingsmsg.Setting_PermissionValue{
|
||||
PermissionValue: &settingsmsg.Permission{
|
||||
Operation: settingsmsg.Permission_OPERATION_READWRITE,
|
||||
Constraint: settingsmsg.Permission_CONSTRAINT_ALL,
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
Id: SetPersonalSpaceQuotaPermissionID,
|
||||
Name: SetPersonalSpaceQuotaPermissionName,
|
||||
DisplayName: "Set Personal Space Quota",
|
||||
Description: "This permission allows managing personal space quotas.",
|
||||
Resource: &settingsmsg.Resource{
|
||||
Type: settingsmsg.Resource_TYPE_SYSTEM,
|
||||
},
|
||||
Value: &settingsmsg.Setting_PermissionValue{
|
||||
PermissionValue: &settingsmsg.Permission{
|
||||
Operation: settingsmsg.Permission_OPERATION_READWRITE,
|
||||
Constraint: settingsmsg.Permission_CONSTRAINT_ALL,
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
Id: SetProjectSpaceQuotaPermissionID,
|
||||
Name: SetProjectSpaceQuotaPermissionName,
|
||||
DisplayName: "Set Project Space Quota",
|
||||
Description: "This permission allows managing project space quotas.",
|
||||
Resource: &settingsmsg.Resource{
|
||||
Type: settingsmsg.Resource_TYPE_SYSTEM,
|
||||
},
|
||||
Value: &settingsmsg.Setting_PermissionValue{
|
||||
PermissionValue: &settingsmsg.Permission{
|
||||
Operation: settingsmsg.Permission_OPERATION_READWRITE,
|
||||
Constraint: settingsmsg.Permission_CONSTRAINT_ALL,
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
Id: CreateSpacePermissionID,
|
||||
Name: CreateSpacePermissionName,
|
||||
DisplayName: "Create Space",
|
||||
Description: "This permission allows creating new spaces.",
|
||||
Resource: &settingsmsg.Resource{
|
||||
Type: settingsmsg.Resource_TYPE_SYSTEM,
|
||||
},
|
||||
Value: &settingsmsg.Setting_PermissionValue{
|
||||
PermissionValue: &settingsmsg.Permission{
|
||||
Operation: settingsmsg.Permission_OPERATION_READWRITE,
|
||||
Constraint: settingsmsg.Permission_CONSTRAINT_ALL,
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
Id: ListAllSpacesPermissionID,
|
||||
Name: ListAllSpacesPermissionName,
|
||||
DisplayName: "List All Spaces",
|
||||
Description: "This permission allows listing all spaces.",
|
||||
Resource: &settingsmsg.Resource{
|
||||
Type: settingsmsg.Resource_TYPE_SYSTEM,
|
||||
},
|
||||
Value: &settingsmsg.Setting_PermissionValue{
|
||||
PermissionValue: &settingsmsg.Permission{
|
||||
Operation: settingsmsg.Permission_OPERATION_READ,
|
||||
Constraint: settingsmsg.Permission_CONSTRAINT_ALL,
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
Id: DeleteHomeSpacesPermissionID,
|
||||
Name: DeleteHomeSpacesPermissionName,
|
||||
DisplayName: "Delete All Home Spaces",
|
||||
Description: "This permission allows deleting home spaces.",
|
||||
Resource: &settingsmsg.Resource{
|
||||
Type: settingsmsg.Resource_TYPE_SYSTEM,
|
||||
},
|
||||
Value: &settingsmsg.Setting_PermissionValue{
|
||||
PermissionValue: &settingsmsg.Permission{
|
||||
Operation: settingsmsg.Permission_OPERATION_DELETE,
|
||||
Constraint: settingsmsg.Permission_CONSTRAINT_ALL,
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
Id: DeleteAllSpacesPermissionID,
|
||||
Name: DeleteAllSpacesPermissionName,
|
||||
DisplayName: "Delete AllSpaces",
|
||||
Description: "This permission allows deleting all spaces.",
|
||||
Resource: &settingsmsg.Resource{
|
||||
Type: settingsmsg.Resource_TYPE_SYSTEM,
|
||||
},
|
||||
Value: &settingsmsg.Setting_PermissionValue{
|
||||
PermissionValue: &settingsmsg.Permission{
|
||||
Operation: settingsmsg.Permission_OPERATION_DELETE,
|
||||
Constraint: settingsmsg.Permission_CONSTRAINT_ALL,
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
Id: ChangeLogoPermissionID,
|
||||
Name: ChangeLogoPermissionName,
|
||||
DisplayName: "Change logo",
|
||||
Description: "This permission permits to change the system logo.",
|
||||
Resource: &settingsmsg.Resource{
|
||||
Type: settingsmsg.Resource_TYPE_SYSTEM,
|
||||
},
|
||||
Value: &settingsmsg.Setting_PermissionValue{
|
||||
PermissionValue: &settingsmsg.Permission{
|
||||
Operation: settingsmsg.Permission_OPERATION_READWRITE,
|
||||
Constraint: settingsmsg.Permission_CONSTRAINT_ALL,
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
Id: WritePublicLinkPermissionID,
|
||||
Name: WritePublicLinkPermissionName,
|
||||
DisplayName: "Write publiclink",
|
||||
Description: "This permission allows creating public links.",
|
||||
Resource: &settingsmsg.Resource{
|
||||
Type: settingsmsg.Resource_TYPE_SHARE,
|
||||
},
|
||||
Value: &settingsmsg.Setting_PermissionValue{
|
||||
PermissionValue: &settingsmsg.Permission{
|
||||
Operation: settingsmsg.Permission_OPERATION_WRITE,
|
||||
Constraint: settingsmsg.Permission_CONSTRAINT_ALL,
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
Id: DeleteReadOnlyPublicLinkPasswordID,
|
||||
Name: DeleteReadOnlyPublicLinkPasswordName,
|
||||
DisplayName: "Delete Read-Only Public link password",
|
||||
Description: "This permission permits to opt out of a public link password enforcement.",
|
||||
Resource: &settingsmsg.Resource{
|
||||
Type: settingsmsg.Resource_TYPE_SHARE,
|
||||
},
|
||||
Value: &settingsmsg.Setting_PermissionValue{
|
||||
PermissionValue: &settingsmsg.Permission{
|
||||
Operation: settingsmsg.Permission_OPERATION_WRITE,
|
||||
Constraint: settingsmsg.Permission_CONSTRAINT_ALL,
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
Id: ManageSpacePropertiesPermissionID,
|
||||
Name: ManageSpacePropertiesPermissionName,
|
||||
DisplayName: "Manage space properties",
|
||||
Description: "This permission allows managing space properties such as name and description.",
|
||||
Resource: &settingsmsg.Resource{
|
||||
Type: settingsmsg.Resource_TYPE_SYSTEM,
|
||||
},
|
||||
Value: &settingsmsg.Setting_PermissionValue{
|
||||
PermissionValue: &settingsmsg.Permission{
|
||||
Operation: settingsmsg.Permission_OPERATION_READWRITE,
|
||||
Constraint: settingsmsg.Permission_CONSTRAINT_ALL,
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
Id: SpaceAbilityPermissionID,
|
||||
Name: SpaceAbilityPermissionName,
|
||||
DisplayName: "Space ability",
|
||||
Description: "This permission allows enabling and disabling spaces.",
|
||||
Resource: &settingsmsg.Resource{
|
||||
Type: settingsmsg.Resource_TYPE_SYSTEM,
|
||||
},
|
||||
Value: &settingsmsg.Setting_PermissionValue{
|
||||
PermissionValue: &settingsmsg.Permission{
|
||||
Operation: settingsmsg.Permission_OPERATION_READWRITE,
|
||||
Constraint: settingsmsg.Permission_CONSTRAINT_ALL,
|
||||
},
|
||||
},
|
||||
},
|
||||
RoleManagementPermission(All),
|
||||
SettingsManagementPermission(All),
|
||||
LanguageManagementPermission(All),
|
||||
DisableEmailNotificationsPermission(Own),
|
||||
AutoAcceptSharesPermission(Own),
|
||||
AccountManagementPermission(All),
|
||||
GroupManagementPermission(All),
|
||||
SetPersonalSpaceQuotaPermission(All),
|
||||
SetProjectSpaceQuotaPermission(All),
|
||||
CreateSpacesPermission(All),
|
||||
ListSpacesPermission(All),
|
||||
DeletePersonalSpacesPermission(All),
|
||||
DeleteProjectSpacesPermission(All),
|
||||
ChangeLogoPermission(All),
|
||||
WritePublicLinkPermission(All),
|
||||
DeleteReadOnlyPublicLinkPasswordPermission(All),
|
||||
ManageSpacePropertiesPermission(All),
|
||||
SpaceAbilityPermission(All),
|
||||
},
|
||||
}
|
||||
}
|
||||
@@ -437,202 +79,19 @@ func generateBundleSpaceAdminRole() *settingsmsg.Bundle {
|
||||
Type: settingsmsg.Resource_TYPE_SYSTEM,
|
||||
},
|
||||
Settings: []*settingsmsg.Setting{
|
||||
{
|
||||
Id: ManageSpacePropertiesPermissionID,
|
||||
Name: ManageSpacePropertiesPermissionName,
|
||||
DisplayName: "Manage space properties",
|
||||
Description: "This permission allows managing space properties such as name and description.",
|
||||
Resource: &settingsmsg.Resource{
|
||||
Type: settingsmsg.Resource_TYPE_SYSTEM,
|
||||
},
|
||||
Value: &settingsmsg.Setting_PermissionValue{
|
||||
PermissionValue: &settingsmsg.Permission{
|
||||
Operation: settingsmsg.Permission_OPERATION_READWRITE,
|
||||
Constraint: settingsmsg.Permission_CONSTRAINT_ALL,
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
Id: SpaceAbilityPermissionID,
|
||||
Name: SpaceAbilityPermissionName,
|
||||
DisplayName: "Space ability",
|
||||
Description: "This permission allows enabling and disabling spaces.",
|
||||
Resource: &settingsmsg.Resource{
|
||||
Type: settingsmsg.Resource_TYPE_SYSTEM,
|
||||
},
|
||||
Value: &settingsmsg.Setting_PermissionValue{
|
||||
PermissionValue: &settingsmsg.Permission{
|
||||
Operation: settingsmsg.Permission_OPERATION_READWRITE,
|
||||
Constraint: settingsmsg.Permission_CONSTRAINT_ALL,
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
Id: DeleteAllSpacesPermissionID,
|
||||
Name: DeleteAllSpacesPermissionName,
|
||||
DisplayName: "Delete AllSpaces",
|
||||
Description: "This permission allows to delete all spaces.",
|
||||
Resource: &settingsmsg.Resource{
|
||||
Type: settingsmsg.Resource_TYPE_SYSTEM,
|
||||
},
|
||||
Value: &settingsmsg.Setting_PermissionValue{
|
||||
PermissionValue: &settingsmsg.Permission{
|
||||
Operation: settingsmsg.Permission_OPERATION_DELETE,
|
||||
Constraint: settingsmsg.Permission_CONSTRAINT_ALL,
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
Id: SetProjectSpaceQuotaPermissionID,
|
||||
Name: SetProjectSpaceQuotaPermissionName,
|
||||
DisplayName: "Set Project Space Quota",
|
||||
Description: "This permission allows managing project space quotas.",
|
||||
Resource: &settingsmsg.Resource{
|
||||
Type: settingsmsg.Resource_TYPE_SYSTEM,
|
||||
},
|
||||
Value: &settingsmsg.Setting_PermissionValue{
|
||||
PermissionValue: &settingsmsg.Permission{
|
||||
Operation: settingsmsg.Permission_OPERATION_READWRITE,
|
||||
Constraint: settingsmsg.Permission_CONSTRAINT_ALL,
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
Id: CreateSpacePermissionID,
|
||||
Name: CreateSpacePermissionName,
|
||||
DisplayName: "Create Space",
|
||||
Description: "This permission allows creating new spaces.",
|
||||
Resource: &settingsmsg.Resource{
|
||||
Type: settingsmsg.Resource_TYPE_SYSTEM,
|
||||
},
|
||||
Value: &settingsmsg.Setting_PermissionValue{
|
||||
PermissionValue: &settingsmsg.Permission{
|
||||
Operation: settingsmsg.Permission_OPERATION_READWRITE,
|
||||
Constraint: settingsmsg.Permission_CONSTRAINT_ALL,
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
Id: ListAllSpacesPermissionID,
|
||||
Name: ListAllSpacesPermissionName,
|
||||
DisplayName: "List All Spaces",
|
||||
Description: "This permission allows list all spaces.",
|
||||
Resource: &settingsmsg.Resource{
|
||||
Type: settingsmsg.Resource_TYPE_SYSTEM,
|
||||
},
|
||||
Value: &settingsmsg.Setting_PermissionValue{
|
||||
PermissionValue: &settingsmsg.Permission{
|
||||
Operation: settingsmsg.Permission_OPERATION_READ,
|
||||
Constraint: settingsmsg.Permission_CONSTRAINT_ALL,
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
Id: LanguageReadWriteID,
|
||||
Name: LanguageReadWriteName,
|
||||
DisplayName: "Permission to read and set the language (self)",
|
||||
Resource: &settingsmsg.Resource{
|
||||
Type: settingsmsg.Resource_TYPE_SETTING,
|
||||
Id: SettingUUIDProfileLanguage,
|
||||
},
|
||||
Value: &settingsmsg.Setting_PermissionValue{
|
||||
PermissionValue: &settingsmsg.Permission{
|
||||
Operation: settingsmsg.Permission_OPERATION_READWRITE,
|
||||
Constraint: settingsmsg.Permission_CONSTRAINT_OWN,
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
Id: DisableEmailNotificationsPermissionID,
|
||||
Name: DisableEmailNotificationsPermissionName,
|
||||
DisplayName: DisableEmailNotificationsPermissionDisplayName,
|
||||
Resource: &settingsmsg.Resource{
|
||||
Type: settingsmsg.Resource_TYPE_SETTING,
|
||||
Id: SettingUUIDProfileDisableNotifications,
|
||||
},
|
||||
Value: &settingsmsg.Setting_PermissionValue{
|
||||
PermissionValue: &settingsmsg.Permission{
|
||||
Operation: settingsmsg.Permission_OPERATION_READWRITE,
|
||||
Constraint: settingsmsg.Permission_CONSTRAINT_OWN,
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
Id: AutoAcceptSharesPermissionID,
|
||||
Name: AutoAcceptSharesPermissionName,
|
||||
DisplayName: AutoAcceptSharesPermissionDisplayName,
|
||||
Resource: &settingsmsg.Resource{
|
||||
Type: settingsmsg.Resource_TYPE_SETTING,
|
||||
Id: SettingUUIDProfileAutoAcceptShares,
|
||||
},
|
||||
Value: &settingsmsg.Setting_PermissionValue{
|
||||
PermissionValue: &settingsmsg.Permission{
|
||||
Operation: settingsmsg.Permission_OPERATION_READWRITE,
|
||||
Constraint: settingsmsg.Permission_CONSTRAINT_OWN,
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
Id: SelfManagementPermissionID,
|
||||
Name: SelfManagementPermissionName,
|
||||
DisplayName: "Self Management",
|
||||
Description: "This permission gives access to self management.",
|
||||
Resource: &settingsmsg.Resource{
|
||||
Type: settingsmsg.Resource_TYPE_USER,
|
||||
Id: "me",
|
||||
},
|
||||
Value: &settingsmsg.Setting_PermissionValue{
|
||||
PermissionValue: &settingsmsg.Permission{
|
||||
Operation: settingsmsg.Permission_OPERATION_READWRITE,
|
||||
Constraint: settingsmsg.Permission_CONSTRAINT_OWN,
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
Id: CreateSpacePermissionID,
|
||||
Name: CreateSpacePermissionName,
|
||||
DisplayName: "Create own Space",
|
||||
Description: "This permission allows creating a space owned by the current user.",
|
||||
Resource: &settingsmsg.Resource{
|
||||
Type: settingsmsg.Resource_TYPE_SYSTEM, // TODO resource type space? self? me? own?
|
||||
},
|
||||
Value: &settingsmsg.Setting_PermissionValue{
|
||||
PermissionValue: &settingsmsg.Permission{
|
||||
Operation: settingsmsg.Permission_OPERATION_CREATE,
|
||||
Constraint: settingsmsg.Permission_CONSTRAINT_OWN,
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
Id: WritePublicLinkPermissionID,
|
||||
Name: WritePublicLinkPermissionName,
|
||||
DisplayName: "Write publiclink",
|
||||
Description: "This permission permits to write a public link.",
|
||||
Resource: &settingsmsg.Resource{
|
||||
Type: settingsmsg.Resource_TYPE_SHARE,
|
||||
},
|
||||
Value: &settingsmsg.Setting_PermissionValue{
|
||||
PermissionValue: &settingsmsg.Permission{
|
||||
Operation: settingsmsg.Permission_OPERATION_WRITE,
|
||||
Constraint: settingsmsg.Permission_CONSTRAINT_ALL,
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
Id: DeleteReadOnlyPublicLinkPasswordID,
|
||||
Name: DeleteReadOnlyPublicLinkPasswordName,
|
||||
DisplayName: "Delete Read-Only Public link password",
|
||||
Description: "This permission permits to opt out of a public link password enforcement.",
|
||||
Resource: &settingsmsg.Resource{
|
||||
Type: settingsmsg.Resource_TYPE_SHARE,
|
||||
},
|
||||
Value: &settingsmsg.Setting_PermissionValue{
|
||||
PermissionValue: &settingsmsg.Permission{
|
||||
Operation: settingsmsg.Permission_OPERATION_WRITE,
|
||||
Constraint: settingsmsg.Permission_CONSTRAINT_ALL,
|
||||
},
|
||||
},
|
||||
},
|
||||
ManageSpacePropertiesPermission(All),
|
||||
SpaceAbilityPermission(All),
|
||||
DeleteProjectSpacesPermission(All),
|
||||
SetProjectSpaceQuotaPermission(All),
|
||||
CreateSpacesPermission(All),
|
||||
ListSpacesPermission(All),
|
||||
LanguageManagementPermission(Own),
|
||||
DisableEmailNotificationsPermission(Own),
|
||||
AutoAcceptSharesPermission(Own),
|
||||
SelfManagementPermission(Own),
|
||||
CreateSpacesPermission(Own),
|
||||
WritePublicLinkPermission(All),
|
||||
DeleteReadOnlyPublicLinkPasswordPermission(All),
|
||||
},
|
||||
}
|
||||
}
|
||||
@@ -648,97 +107,12 @@ func generateBundleUserRole() *settingsmsg.Bundle {
|
||||
Type: settingsmsg.Resource_TYPE_SYSTEM,
|
||||
},
|
||||
Settings: []*settingsmsg.Setting{
|
||||
{
|
||||
Id: LanguageReadWriteID,
|
||||
Name: LanguageReadWriteName,
|
||||
DisplayName: "Permission to read and set the language (self)",
|
||||
Resource: &settingsmsg.Resource{
|
||||
Type: settingsmsg.Resource_TYPE_SETTING,
|
||||
Id: SettingUUIDProfileLanguage,
|
||||
},
|
||||
Value: &settingsmsg.Setting_PermissionValue{
|
||||
PermissionValue: &settingsmsg.Permission{
|
||||
Operation: settingsmsg.Permission_OPERATION_READWRITE,
|
||||
Constraint: settingsmsg.Permission_CONSTRAINT_OWN,
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
Id: DisableEmailNotificationsPermissionID,
|
||||
Name: DisableEmailNotificationsPermissionName,
|
||||
DisplayName: DisableEmailNotificationsPermissionDisplayName,
|
||||
Resource: &settingsmsg.Resource{
|
||||
Type: settingsmsg.Resource_TYPE_SETTING,
|
||||
Id: SettingUUIDProfileDisableNotifications,
|
||||
},
|
||||
Value: &settingsmsg.Setting_PermissionValue{
|
||||
PermissionValue: &settingsmsg.Permission{
|
||||
Operation: settingsmsg.Permission_OPERATION_READWRITE,
|
||||
Constraint: settingsmsg.Permission_CONSTRAINT_OWN,
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
Id: AutoAcceptSharesPermissionID,
|
||||
Name: AutoAcceptSharesPermissionName,
|
||||
DisplayName: AutoAcceptSharesPermissionDisplayName,
|
||||
Resource: &settingsmsg.Resource{
|
||||
Type: settingsmsg.Resource_TYPE_SETTING,
|
||||
Id: SettingUUIDProfileAutoAcceptShares,
|
||||
},
|
||||
Value: &settingsmsg.Setting_PermissionValue{
|
||||
PermissionValue: &settingsmsg.Permission{
|
||||
Operation: settingsmsg.Permission_OPERATION_READWRITE,
|
||||
Constraint: settingsmsg.Permission_CONSTRAINT_OWN,
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
Id: SelfManagementPermissionID,
|
||||
Name: SelfManagementPermissionName,
|
||||
DisplayName: "Self Management",
|
||||
Description: "This permission gives access to self management.",
|
||||
Resource: &settingsmsg.Resource{
|
||||
Type: settingsmsg.Resource_TYPE_USER,
|
||||
Id: "me",
|
||||
},
|
||||
Value: &settingsmsg.Setting_PermissionValue{
|
||||
PermissionValue: &settingsmsg.Permission{
|
||||
Operation: settingsmsg.Permission_OPERATION_READWRITE,
|
||||
Constraint: settingsmsg.Permission_CONSTRAINT_OWN,
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
Id: CreateSpacePermissionID,
|
||||
Name: CreateSpacePermissionName,
|
||||
DisplayName: "Create own Space",
|
||||
Description: "This permission allows creating a space owned by the current user.",
|
||||
Resource: &settingsmsg.Resource{
|
||||
Type: settingsmsg.Resource_TYPE_SYSTEM, // TODO resource type space? self? me? own?
|
||||
},
|
||||
Value: &settingsmsg.Setting_PermissionValue{
|
||||
PermissionValue: &settingsmsg.Permission{
|
||||
Operation: settingsmsg.Permission_OPERATION_CREATE,
|
||||
Constraint: settingsmsg.Permission_CONSTRAINT_OWN,
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
Id: WritePublicLinkPermissionID,
|
||||
Name: WritePublicLinkPermissionName,
|
||||
DisplayName: "Write publiclink",
|
||||
Description: "This permission permits to write a public link.",
|
||||
Resource: &settingsmsg.Resource{
|
||||
Type: settingsmsg.Resource_TYPE_SHARE,
|
||||
},
|
||||
Value: &settingsmsg.Setting_PermissionValue{
|
||||
PermissionValue: &settingsmsg.Permission{
|
||||
Operation: settingsmsg.Permission_OPERATION_WRITE,
|
||||
Constraint: settingsmsg.Permission_CONSTRAINT_ALL,
|
||||
},
|
||||
},
|
||||
},
|
||||
LanguageManagementPermission(Own),
|
||||
DisableEmailNotificationsPermission(Own),
|
||||
AutoAcceptSharesPermission(Own),
|
||||
SelfManagementPermission(Own),
|
||||
CreateSpacesPermission(Own),
|
||||
WritePublicLinkPermission(All),
|
||||
},
|
||||
}
|
||||
}
|
||||
@@ -754,51 +128,9 @@ func generateBundleUserLightRole() *settingsmsg.Bundle {
|
||||
Type: settingsmsg.Resource_TYPE_SYSTEM,
|
||||
},
|
||||
Settings: []*settingsmsg.Setting{
|
||||
{
|
||||
Id: LanguageReadWriteID,
|
||||
Name: LanguageReadWriteName,
|
||||
DisplayName: "Permission to read and set the language (self)",
|
||||
Resource: &settingsmsg.Resource{
|
||||
Type: settingsmsg.Resource_TYPE_SETTING,
|
||||
Id: SettingUUIDProfileLanguage,
|
||||
},
|
||||
Value: &settingsmsg.Setting_PermissionValue{
|
||||
PermissionValue: &settingsmsg.Permission{
|
||||
Operation: settingsmsg.Permission_OPERATION_READWRITE,
|
||||
Constraint: settingsmsg.Permission_CONSTRAINT_OWN,
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
Id: DisableEmailNotificationsPermissionID,
|
||||
Name: DisableEmailNotificationsPermissionName,
|
||||
DisplayName: DisableEmailNotificationsPermissionDisplayName,
|
||||
Resource: &settingsmsg.Resource{
|
||||
Type: settingsmsg.Resource_TYPE_SETTING,
|
||||
Id: SettingUUIDProfileDisableNotifications,
|
||||
},
|
||||
Value: &settingsmsg.Setting_PermissionValue{
|
||||
PermissionValue: &settingsmsg.Permission{
|
||||
Operation: settingsmsg.Permission_OPERATION_READWRITE,
|
||||
Constraint: settingsmsg.Permission_CONSTRAINT_OWN,
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
Id: AutoAcceptSharesPermissionID,
|
||||
Name: AutoAcceptSharesPermissionName,
|
||||
DisplayName: AutoAcceptSharesPermissionDisplayName,
|
||||
Resource: &settingsmsg.Resource{
|
||||
Type: settingsmsg.Resource_TYPE_SETTING,
|
||||
Id: SettingUUIDProfileAutoAcceptShares,
|
||||
},
|
||||
Value: &settingsmsg.Setting_PermissionValue{
|
||||
PermissionValue: &settingsmsg.Permission{
|
||||
Operation: settingsmsg.Permission_OPERATION_READWRITE,
|
||||
Constraint: settingsmsg.Permission_CONSTRAINT_OWN,
|
||||
},
|
||||
},
|
||||
},
|
||||
LanguageManagementPermission(Own),
|
||||
DisableEmailNotificationsPermission(Own),
|
||||
AutoAcceptSharesPermission(Own),
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
376
services/settings/pkg/store/defaults/permissions.go
Normal file
376
services/settings/pkg/store/defaults/permissions.go
Normal file
@@ -0,0 +1,376 @@
|
||||
package defaults
|
||||
|
||||
import settingsmsg "github.com/owncloud/ocis/v2/protogen/gen/ocis/messages/settings/v0"
|
||||
|
||||
var (
|
||||
// All is a convenience variable to set constraint to all
|
||||
All = settingsmsg.Permission_CONSTRAINT_ALL
|
||||
// Own is a convenience variable to set constraint to own
|
||||
Own = settingsmsg.Permission_CONSTRAINT_OWN
|
||||
)
|
||||
|
||||
// AccountManagementPermission is the permission to manage accounts
|
||||
func AccountManagementPermission(c settingsmsg.Permission_Constraint) *settingsmsg.Setting {
|
||||
return &settingsmsg.Setting{
|
||||
Id: "8e587774-d929-4215-910b-a317b1e80f73",
|
||||
Name: "Accounts.ReadWrite",
|
||||
DisplayName: "Account Management",
|
||||
Description: "This permission gives full access to everything that is related to account management.",
|
||||
Resource: &settingsmsg.Resource{
|
||||
Type: settingsmsg.Resource_TYPE_USER,
|
||||
Id: "all",
|
||||
},
|
||||
Value: &settingsmsg.Setting_PermissionValue{
|
||||
PermissionValue: &settingsmsg.Permission{
|
||||
Operation: settingsmsg.Permission_OPERATION_READWRITE,
|
||||
Constraint: c,
|
||||
},
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
// AutoAcceptSharesPermission is the permission to enable share auto-accept
|
||||
func AutoAcceptSharesPermission(c settingsmsg.Permission_Constraint) *settingsmsg.Setting {
|
||||
return &settingsmsg.Setting{
|
||||
Id: "4e41363c-a058-40a5-aec8-958897511209",
|
||||
Name: "AutoAcceptShares.ReadWriteDisabled",
|
||||
DisplayName: "enable/disable auto accept shares",
|
||||
Resource: &settingsmsg.Resource{
|
||||
Type: settingsmsg.Resource_TYPE_SETTING,
|
||||
Id: SettingUUIDProfileAutoAcceptShares,
|
||||
},
|
||||
Value: &settingsmsg.Setting_PermissionValue{
|
||||
PermissionValue: &settingsmsg.Permission{
|
||||
Operation: settingsmsg.Permission_OPERATION_READWRITE,
|
||||
Constraint: c,
|
||||
},
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
// ChangeLogoPermission is the permission to change the logo
|
||||
func ChangeLogoPermission(c settingsmsg.Permission_Constraint) *settingsmsg.Setting {
|
||||
return &settingsmsg.Setting{
|
||||
Id: "ed83fc10-1f54-4a9e-b5a7-fb517f5f3e01",
|
||||
Name: "Logo.Write",
|
||||
DisplayName: "Change logo",
|
||||
Description: "This permission permits to change the system logo.",
|
||||
Resource: &settingsmsg.Resource{
|
||||
Type: settingsmsg.Resource_TYPE_SYSTEM,
|
||||
},
|
||||
Value: &settingsmsg.Setting_PermissionValue{
|
||||
PermissionValue: &settingsmsg.Permission{
|
||||
Operation: settingsmsg.Permission_OPERATION_READWRITE,
|
||||
Constraint: c,
|
||||
},
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
// CreateSpacesPermission is the permission to create spaces
|
||||
func CreateSpacesPermission(c settingsmsg.Permission_Constraint) *settingsmsg.Setting {
|
||||
return &settingsmsg.Setting{
|
||||
Id: "79e13b30-3e22-11eb-bc51-0b9f0bad9a58",
|
||||
Name: "Drives.Create",
|
||||
DisplayName: "Create Space",
|
||||
Description: "This permission allows creating new spaces.",
|
||||
Resource: &settingsmsg.Resource{
|
||||
Type: settingsmsg.Resource_TYPE_SYSTEM,
|
||||
},
|
||||
Value: &settingsmsg.Setting_PermissionValue{
|
||||
PermissionValue: &settingsmsg.Permission{
|
||||
Operation: settingsmsg.Permission_OPERATION_READWRITE,
|
||||
Constraint: c,
|
||||
},
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
// DeletePersonalSpacesPermission is the permission to delete personal spaces
|
||||
func DeletePersonalSpacesPermission(c settingsmsg.Permission_Constraint) *settingsmsg.Setting {
|
||||
return &settingsmsg.Setting{
|
||||
Id: "5de9fe0a-4bc5-4a47-b758-28f370caf169",
|
||||
Name: "Drives.DeletePersonal",
|
||||
DisplayName: "Delete All Home Spaces",
|
||||
Description: "This permission allows deleting home spaces.",
|
||||
Resource: &settingsmsg.Resource{
|
||||
Type: settingsmsg.Resource_TYPE_SYSTEM,
|
||||
},
|
||||
Value: &settingsmsg.Setting_PermissionValue{
|
||||
PermissionValue: &settingsmsg.Permission{
|
||||
Operation: settingsmsg.Permission_OPERATION_DELETE,
|
||||
Constraint: c,
|
||||
},
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
// DeleteProjectSpacesPermission is the permission to delete project spaces
|
||||
func DeleteProjectSpacesPermission(c settingsmsg.Permission_Constraint) *settingsmsg.Setting {
|
||||
return &settingsmsg.Setting{
|
||||
Id: "fb60b004-c1fa-4f09-bf87-55ce7d46ac61",
|
||||
Name: "Drives.DeleteProject",
|
||||
DisplayName: "Delete AllSpaces",
|
||||
Description: "This permission allows deleting all spaces.",
|
||||
Resource: &settingsmsg.Resource{
|
||||
Type: settingsmsg.Resource_TYPE_SYSTEM,
|
||||
},
|
||||
Value: &settingsmsg.Setting_PermissionValue{
|
||||
PermissionValue: &settingsmsg.Permission{
|
||||
Operation: settingsmsg.Permission_OPERATION_DELETE,
|
||||
Constraint: c,
|
||||
},
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
// DeleteReadOnlyPublicLinkPasswordPermission is the permission to delete read-only public link passwords
|
||||
func DeleteReadOnlyPublicLinkPasswordPermission(c settingsmsg.Permission_Constraint) *settingsmsg.Setting {
|
||||
return &settingsmsg.Setting{
|
||||
Id: "e9a697c5-c67b-40fc-982b-bcf628e9916d",
|
||||
Name: "ReadOnlyPublicLinkPassword.Delete",
|
||||
DisplayName: "Delete Read-Only Public link password",
|
||||
Description: "This permission permits to opt out of a public link password enforcement.",
|
||||
Resource: &settingsmsg.Resource{
|
||||
Type: settingsmsg.Resource_TYPE_SHARE,
|
||||
},
|
||||
Value: &settingsmsg.Setting_PermissionValue{
|
||||
PermissionValue: &settingsmsg.Permission{
|
||||
Operation: settingsmsg.Permission_OPERATION_WRITE,
|
||||
Constraint: c,
|
||||
},
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
// DisableEmailNotificationsPermission is the permission to disable email notifications
|
||||
func DisableEmailNotificationsPermission(c settingsmsg.Permission_Constraint) *settingsmsg.Setting {
|
||||
return &settingsmsg.Setting{
|
||||
Id: "ad5bb5e5-dc13-4cd3-9304-09a424564ea8",
|
||||
Name: "EmailNotifications.ReadWriteDisabled",
|
||||
DisplayName: "Disable Email Notifications",
|
||||
Resource: &settingsmsg.Resource{
|
||||
Type: settingsmsg.Resource_TYPE_SETTING,
|
||||
Id: SettingUUIDProfileDisableNotifications,
|
||||
},
|
||||
Value: &settingsmsg.Setting_PermissionValue{
|
||||
PermissionValue: &settingsmsg.Permission{
|
||||
Operation: settingsmsg.Permission_OPERATION_READWRITE,
|
||||
Constraint: c,
|
||||
},
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
// GroupManagementPermission is the permission to manage groups
|
||||
func GroupManagementPermission(c settingsmsg.Permission_Constraint) *settingsmsg.Setting {
|
||||
return &settingsmsg.Setting{
|
||||
Id: "522adfbe-5908-45b4-b135-41979de73245",
|
||||
Name: "Groups.ReadWrite",
|
||||
DisplayName: "Group Management",
|
||||
Description: "This permission gives full access to everything that is related to group management.",
|
||||
Resource: &settingsmsg.Resource{
|
||||
Type: settingsmsg.Resource_TYPE_GROUP,
|
||||
Id: "all",
|
||||
},
|
||||
Value: &settingsmsg.Setting_PermissionValue{
|
||||
PermissionValue: &settingsmsg.Permission{
|
||||
Operation: settingsmsg.Permission_OPERATION_READWRITE,
|
||||
Constraint: c,
|
||||
},
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
// LanguageManagementPermission is the permission to manage the language
|
||||
func LanguageManagementPermission(c settingsmsg.Permission_Constraint) *settingsmsg.Setting {
|
||||
return &settingsmsg.Setting{
|
||||
Id: "7d81f103-0488-4853-bce5-98dcce36d649",
|
||||
Name: "Language.ReadWrite",
|
||||
DisplayName: "Permission to read and set the language",
|
||||
Resource: &settingsmsg.Resource{
|
||||
Type: settingsmsg.Resource_TYPE_SETTING,
|
||||
Id: SettingUUIDProfileLanguage,
|
||||
},
|
||||
Value: &settingsmsg.Setting_PermissionValue{
|
||||
PermissionValue: &settingsmsg.Permission{
|
||||
Operation: settingsmsg.Permission_OPERATION_READWRITE,
|
||||
Constraint: c,
|
||||
},
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
// ListSpacesPermission is the permission to list spaces
|
||||
func ListSpacesPermission(c settingsmsg.Permission_Constraint) *settingsmsg.Setting {
|
||||
return &settingsmsg.Setting{
|
||||
Id: "016f6ddd-9501-4a0a-8ebe-64a20ee8ec82",
|
||||
Name: "Drives.List",
|
||||
DisplayName: "List All Spaces",
|
||||
Description: "This permission allows listing all spaces.",
|
||||
Resource: &settingsmsg.Resource{
|
||||
Type: settingsmsg.Resource_TYPE_SYSTEM,
|
||||
},
|
||||
Value: &settingsmsg.Setting_PermissionValue{
|
||||
PermissionValue: &settingsmsg.Permission{
|
||||
Operation: settingsmsg.Permission_OPERATION_READ,
|
||||
Constraint: c,
|
||||
},
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
// ManageSpacePropertiesPermission is the permission to manage space properties
|
||||
func ManageSpacePropertiesPermission(c settingsmsg.Permission_Constraint) *settingsmsg.Setting {
|
||||
return &settingsmsg.Setting{
|
||||
Id: "b44b4054-31a2-42b8-bb71-968b15cfbd4f",
|
||||
Name: "Drives.ReadWrite",
|
||||
DisplayName: "Manage space properties",
|
||||
Description: "This permission allows managing space properties such as name and description.",
|
||||
Resource: &settingsmsg.Resource{
|
||||
Type: settingsmsg.Resource_TYPE_SYSTEM,
|
||||
},
|
||||
Value: &settingsmsg.Setting_PermissionValue{
|
||||
PermissionValue: &settingsmsg.Permission{
|
||||
Operation: settingsmsg.Permission_OPERATION_READWRITE,
|
||||
Constraint: c,
|
||||
},
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
// RoleManagementPermission is the permission to manage roles
|
||||
func RoleManagementPermission(c settingsmsg.Permission_Constraint) *settingsmsg.Setting {
|
||||
return &settingsmsg.Setting{
|
||||
Id: "a53e601e-571f-4f86-8fec-d4576ef49c62",
|
||||
Name: "Roles.ReadWrite",
|
||||
DisplayName: "Role Management",
|
||||
Description: "This permission gives full access to everything that is related to role management.",
|
||||
Resource: &settingsmsg.Resource{
|
||||
Type: settingsmsg.Resource_TYPE_USER,
|
||||
Id: "all",
|
||||
},
|
||||
Value: &settingsmsg.Setting_PermissionValue{
|
||||
PermissionValue: &settingsmsg.Permission{
|
||||
Operation: settingsmsg.Permission_OPERATION_READWRITE,
|
||||
Constraint: c,
|
||||
},
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
// SelfManagementPermission is the permission to manage itself
|
||||
func SelfManagementPermission(c settingsmsg.Permission_Constraint) *settingsmsg.Setting {
|
||||
return &settingsmsg.Setting{
|
||||
Id: "e03070e9-4362-4cc6-a872-1c7cb2eb2b8e",
|
||||
Name: "Self.ReadWrite",
|
||||
DisplayName: "Self Management",
|
||||
Description: "This permission gives access to self management.",
|
||||
Resource: &settingsmsg.Resource{
|
||||
Type: settingsmsg.Resource_TYPE_USER,
|
||||
Id: "me",
|
||||
},
|
||||
Value: &settingsmsg.Setting_PermissionValue{
|
||||
PermissionValue: &settingsmsg.Permission{
|
||||
Operation: settingsmsg.Permission_OPERATION_READWRITE,
|
||||
Constraint: c,
|
||||
},
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
// SetPersonalSpaceQuotaPermission is the permission to set the quota for personal spaces
|
||||
func SetPersonalSpaceQuotaPermission(c settingsmsg.Permission_Constraint) *settingsmsg.Setting {
|
||||
return &settingsmsg.Setting{
|
||||
Id: "4e6f9709-f9e7-44f1-95d4-b762d27b7896",
|
||||
Name: "Drives.ReadWritePersonalQuota",
|
||||
DisplayName: "Set Personal Space Quota",
|
||||
Description: "This permission allows managing personal space quotas.",
|
||||
Resource: &settingsmsg.Resource{
|
||||
Type: settingsmsg.Resource_TYPE_SYSTEM,
|
||||
},
|
||||
Value: &settingsmsg.Setting_PermissionValue{
|
||||
PermissionValue: &settingsmsg.Permission{
|
||||
Operation: settingsmsg.Permission_OPERATION_READWRITE,
|
||||
Constraint: c,
|
||||
},
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
// SetProjectSpaceQuotaPermission is the permission to set the quota for project spaces
|
||||
func SetProjectSpaceQuotaPermission(c settingsmsg.Permission_Constraint) *settingsmsg.Setting {
|
||||
return &settingsmsg.Setting{
|
||||
Id: "977f0ae6-0da2-4856-93f3-22e0a8482489",
|
||||
Name: "Drives.ReadWriteProjectQuota",
|
||||
DisplayName: "Set Project Space Quota",
|
||||
Description: "This permission allows managing project space quotas.",
|
||||
Resource: &settingsmsg.Resource{
|
||||
Type: settingsmsg.Resource_TYPE_SYSTEM,
|
||||
},
|
||||
Value: &settingsmsg.Setting_PermissionValue{
|
||||
PermissionValue: &settingsmsg.Permission{
|
||||
Operation: settingsmsg.Permission_OPERATION_READWRITE,
|
||||
Constraint: c,
|
||||
},
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
// SettingsManagementPermission is the permission to manage settings
|
||||
func SettingsManagementPermission(c settingsmsg.Permission_Constraint) *settingsmsg.Setting {
|
||||
return &settingsmsg.Setting{
|
||||
Id: "3d58f441-4a05-42f8-9411-ef5874528ae1",
|
||||
Name: "Settings.ReadWrite",
|
||||
DisplayName: "Settings Management",
|
||||
Description: "This permission gives full access to everything that is related to settings management.",
|
||||
Resource: &settingsmsg.Resource{
|
||||
Type: settingsmsg.Resource_TYPE_USER,
|
||||
Id: "all",
|
||||
},
|
||||
Value: &settingsmsg.Setting_PermissionValue{
|
||||
PermissionValue: &settingsmsg.Permission{
|
||||
Operation: settingsmsg.Permission_OPERATION_READWRITE,
|
||||
Constraint: c,
|
||||
},
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
// SpaceAbilityPermission is the permission to enable or disable spaces
|
||||
func SpaceAbilityPermission(c settingsmsg.Permission_Constraint) *settingsmsg.Setting {
|
||||
return &settingsmsg.Setting{
|
||||
Id: "cf3faa8c-50d9-4f84-9650-ff9faf21aa9d",
|
||||
Name: "Drives.ReadWriteEnabled",
|
||||
DisplayName: "Space ability",
|
||||
Description: "This permission allows enabling and disabling spaces.",
|
||||
Resource: &settingsmsg.Resource{
|
||||
Type: settingsmsg.Resource_TYPE_SYSTEM,
|
||||
},
|
||||
Value: &settingsmsg.Setting_PermissionValue{
|
||||
PermissionValue: &settingsmsg.Permission{
|
||||
Operation: settingsmsg.Permission_OPERATION_READWRITE,
|
||||
Constraint: c,
|
||||
},
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
// WritePublicLinkPermission is the permission to write public links
|
||||
func WritePublicLinkPermission(c settingsmsg.Permission_Constraint) *settingsmsg.Setting {
|
||||
return &settingsmsg.Setting{
|
||||
Id: "11516bbd-7157-49e1-b6ac-d00c820f980b",
|
||||
Name: "PublicLink.Write",
|
||||
DisplayName: "Write publiclink",
|
||||
Description: "This permission allows creating public links.",
|
||||
Resource: &settingsmsg.Resource{
|
||||
Type: settingsmsg.Resource_TYPE_SHARE,
|
||||
},
|
||||
Value: &settingsmsg.Setting_PermissionValue{
|
||||
PermissionValue: &settingsmsg.Permission{
|
||||
Operation: settingsmsg.Permission_OPERATION_WRITE,
|
||||
Constraint: c,
|
||||
},
|
||||
},
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user