diff --git a/pkg/clients/transport/grpc/protobuf_type_converters.microgen.go b/pkg/clients/transport/grpc/protobuf_type_converters.microgen.go index 5212c0b5d2dc9c96533f5f64aee9ed58ab241b41..c3b72dd48df7c5fe2997ada5c8315872070791a5 100644 --- a/pkg/clients/transport/grpc/protobuf_type_converters.microgen.go +++ b/pkg/clients/transport/grpc/protobuf_type_converters.microgen.go @@ -136,8 +136,8 @@ func PtrPermissionRuleToProto(rule *permission.Rule) (*commonpb.Rule, error) { Actions: actions, Access: commonpb.Access(rule.Access), HiddenFields: rule.HiddenFields, - ReadonlyFields: rule.ReadonlyFields, - WriteonlyFields: rule.WriteonlyFields, + ReadonlyFields: rule.DenyReadFields, + WriteonlyFields: rule.DenyWriteFields, ReadFilter: rule.ReadFilter, WriteFilter: rule.WriteFilter, }, nil @@ -156,8 +156,8 @@ func ProtoToPtrPermissionRule(protoRule *commonpb.Rule) (*permission.Rule, error Actions: actions, Access: permission.Access(protoRule.Access), HiddenFields: protoRule.HiddenFields, - ReadonlyFields: protoRule.ReadonlyFields, - WriteonlyFields: protoRule.WriteonlyFields, + DenyReadFields: protoRule.ReadonlyFields, + DenyWriteFields: protoRule.WriteonlyFields, ReadFilter: protoRule.ReadFilter, WriteFilter: protoRule.WriteFilter, }, nil diff --git a/pkg/permission/ruleset.go b/pkg/permission/ruleset.go index 0843afc79922be9a20c06009d4084a281b3cd68f..538e1a47b455404f6d4dd6d41ec957cbfc943a66 100644 --- a/pkg/permission/ruleset.go +++ b/pkg/permission/ruleset.go @@ -23,9 +23,9 @@ type Rule struct { // Поля не передаются API клиенту HiddenFields []string `json:"hiddenFields,omitempty" bson:"hiddenFields,omitempty"` // Клиент не может сохранять данные поля - ReadonlyFields []string `json:"readonlyFields,omitempty" bson:"readonlyFields,omitempty"` + DenyReadFields []string `json:"denyReadFields,omitempty" bson:"denyReadFields,omitempty"` // Клиент может сохранить данные поля, но поля не передаются в API - WriteonlyFields []string `json:"writeonlyFields,omitempty" bson:"writeonlyFields,omitempty"` + DenyWriteFields []string `json:"denyWriteFields,omitempty" bson:"denyWriteFields,omitempty"` // Дополнительный фильтр ReadFilter string `json:"readFilter,omitempty" bson:"readFilter,omitempty"` WriteFilter string `json:"writeFilter,omitempty" bson:"writeFilter,omitempty"` @@ -44,8 +44,8 @@ func (r Rule) Clone() *Rule { Actions: append([]Action(nil), r.Actions...), Access: r.Access, HiddenFields: append([]string(nil), r.HiddenFields...), - ReadonlyFields: append([]string(nil), r.ReadonlyFields...), - WriteonlyFields: append([]string(nil), r.WriteonlyFields...), + DenyReadFields: append([]string(nil), r.DenyReadFields...), + DenyWriteFields: append([]string(nil), r.DenyWriteFields...), ReadFilter: r.ReadFilter, WriteFilter: r.WriteFilter, } @@ -57,8 +57,8 @@ func (r Rule) WithReadFilter(f string) *Rule { Actions: append([]Action(nil), r.Actions...), Access: r.Access, HiddenFields: append([]string(nil), r.HiddenFields...), - ReadonlyFields: append([]string(nil), r.ReadonlyFields...), - WriteonlyFields: append([]string(nil), r.WriteonlyFields...), + DenyReadFields: append([]string(nil), r.DenyReadFields...), + DenyWriteFields: append([]string(nil), r.DenyWriteFields...), ReadFilter: f, WriteFilter: r.WriteFilter, } @@ -70,8 +70,8 @@ func (r Rule) WithWriteFilter(f string) *Rule { Actions: append([]Action(nil), r.Actions...), Access: r.Access, HiddenFields: append([]string(nil), r.HiddenFields...), - ReadonlyFields: append([]string(nil), r.ReadonlyFields...), - WriteonlyFields: append([]string(nil), r.WriteonlyFields...), + DenyReadFields: append([]string(nil), r.DenyReadFields...), + DenyWriteFields: append([]string(nil), r.DenyWriteFields...), ReadFilter: r.ReadFilter, WriteFilter: f, } @@ -83,8 +83,8 @@ func (r Rule) WithReadWriteFilter(f string) *Rule { Actions: append([]Action(nil), r.Actions...), Access: r.Access, HiddenFields: append([]string(nil), r.HiddenFields...), - ReadonlyFields: append([]string(nil), r.ReadonlyFields...), - WriteonlyFields: append([]string(nil), r.WriteonlyFields...), + DenyReadFields: append([]string(nil), r.DenyReadFields...), + DenyWriteFields: append([]string(nil), r.DenyWriteFields...), ReadFilter: f, WriteFilter: f, } @@ -96,8 +96,8 @@ func (r Rule) WithReadonlyFields(ff ...string) *Rule { Actions: append([]Action(nil), r.Actions...), Access: r.Access, HiddenFields: append([]string(nil), r.HiddenFields...), - ReadonlyFields: append(ff, r.ReadonlyFields...), - WriteonlyFields: append([]string(nil), r.WriteonlyFields...), + DenyReadFields: append(ff, r.DenyReadFields...), + DenyWriteFields: append([]string(nil), r.DenyWriteFields...), ReadFilter: r.ReadFilter, WriteFilter: r.WriteFilter, } @@ -109,8 +109,8 @@ func (r Rule) WithHiddenFields(ff ...string) *Rule { Actions: append([]Action(nil), r.Actions...), Access: r.Access, HiddenFields: append(ff, r.HiddenFields...), - ReadonlyFields: append([]string(nil), r.ReadonlyFields...), - WriteonlyFields: append([]string(nil), r.WriteonlyFields...), + DenyReadFields: append([]string(nil), r.DenyReadFields...), + DenyWriteFields: append([]string(nil), r.DenyWriteFields...), ReadFilter: r.ReadFilter, WriteFilter: r.WriteFilter, } @@ -127,10 +127,10 @@ func (r Rule) GetPermission(action Action) *Permission { case ActionRead: p.Filter = r.ReadFilter p.UnallowedFields = append(p.UnallowedFields, r.HiddenFields...) - p.UnallowedFields = append(p.UnallowedFields, r.WriteonlyFields...) + p.UnallowedFields = append(p.UnallowedFields, r.DenyWriteFields...) case ActionCreate, ActionUpdate, ActionDelete: p.Filter = r.WriteFilter - p.UnallowedFields = append(p.UnallowedFields, r.ReadonlyFields...) + p.UnallowedFields = append(p.UnallowedFields, r.DenyReadFields...) } p.UnallowedFields = data.SetFromSlice(p.UnallowedFields) @@ -216,8 +216,8 @@ func MergeRule(rules ...*Rule) *Rule { result.Actions = data.GetIntersection(result.Actions, r.Actions) result.HiddenFields = data.SetFromSlice(append(result.HiddenFields, r.HiddenFields...)) - result.ReadonlyFields = data.SetFromSlice(append(result.ReadonlyFields, r.ReadonlyFields...)) - result.WriteonlyFields = data.SetFromSlice(append(result.WriteonlyFields, r.WriteonlyFields...)) + result.DenyReadFields = data.SetFromSlice(append(result.DenyReadFields, r.DenyReadFields...)) + result.DenyWriteFields = data.SetFromSlice(append(result.DenyWriteFields, r.DenyWriteFields...)) if r.WriteFilter != "" { writeFilter = append(writeFilter, r.WriteFilter) } @@ -246,8 +246,8 @@ func (r PrivilegedRuleset) GetRule(collectionID string) *Rule { CollectionID: collectionID, Actions: []Action{ActionRead, ActionCreate, ActionUpdate, ActionDelete}, HiddenFields: []string{}, - ReadonlyFields: []string{}, - WriteonlyFields: []string{}, + DenyReadFields: []string{}, + DenyWriteFields: []string{}, } } diff --git a/pkg/permission/ruleset_test.go b/pkg/permission/ruleset_test.go index 175c36261152afcf2b2c585382588f97b5465591..a38644b0118fe7cdfe0f90b2078dbc5a7d044c5a 100644 --- a/pkg/permission/ruleset_test.go +++ b/pkg/permission/ruleset_test.go @@ -18,21 +18,21 @@ func TestMerge(t *testing.T) { }{ { name: "simple", - first: &Rule{Actions: []Action{ActionUpdate, ActionCreate}, CollectionID: col1, HiddenFields: []string{"1", "2"}, WriteonlyFields: []string{"7"}, ReadonlyFields: []string{"4"}, ReadFilter: "3 != 'test'", WriteFilter: "4 == '0_0'"}, - second: &Rule{Actions: []Action{ActionUpdate, ActionDelete}, CollectionID: col2, HiddenFields: []string{"3", "2"}, WriteonlyFields: []string{}, ReadonlyFields: []string{"5"}, ReadFilter: "5 != 'dev'", WriteFilter: "4 == '0_0'"}, - expect: &Rule{Actions: []Action{ActionUpdate}, HiddenFields: []string{"1", "2", "3"}, WriteonlyFields: []string{"7"}, ReadonlyFields: []string{"4", "5"}, ReadFilter: "3 != 'test' && 5 != 'dev'", WriteFilter: "4 == '0_0'"}, + first: &Rule{Actions: []Action{ActionUpdate, ActionCreate}, CollectionID: col1, HiddenFields: []string{"1", "2"}, DenyWriteFields: []string{"7"}, DenyReadFields: []string{"4"}, ReadFilter: "3 != 'test'", WriteFilter: "4 == '0_0'"}, + second: &Rule{Actions: []Action{ActionUpdate, ActionDelete}, CollectionID: col2, HiddenFields: []string{"3", "2"}, DenyWriteFields: []string{}, DenyReadFields: []string{"5"}, ReadFilter: "5 != 'dev'", WriteFilter: "4 == '0_0'"}, + expect: &Rule{Actions: []Action{ActionUpdate}, HiddenFields: []string{"1", "2", "3"}, DenyWriteFields: []string{"7"}, DenyReadFields: []string{"4", "5"}, ReadFilter: "3 != 'test' && 5 != 'dev'", WriteFilter: "4 == '0_0'"}, }, { name: "first is privileged", first: PrivilegedRuleset{}.GetRule(col1), second: &Rule{Actions: []Action{ActionUpdate, ActionDelete}, CollectionID: col2, WriteFilter: "test"}, - expect: &Rule{Actions: []Action{ActionUpdate, ActionDelete}, WriteFilter: "test", ReadFilter: "", HiddenFields: []string{}, WriteonlyFields: []string{}, ReadonlyFields: []string{}}, + expect: &Rule{Actions: []Action{ActionUpdate, ActionDelete}, WriteFilter: "test", ReadFilter: "", HiddenFields: []string{}, DenyWriteFields: []string{}, DenyReadFields: []string{}}, }, { name: "second is privileged", first: &Rule{Actions: []Action{ActionUpdate, ActionDelete}, CollectionID: col1, WriteFilter: "test"}, second: PrivilegedRuleset{}.GetRule(col2), - expect: &Rule{Actions: []Action{ActionUpdate, ActionDelete}, WriteFilter: "test", ReadFilter: "", HiddenFields: []string{}, WriteonlyFields: []string{}, ReadonlyFields: []string{}}, + expect: &Rule{Actions: []Action{ActionUpdate, ActionDelete}, WriteFilter: "test", ReadFilter: "", HiddenFields: []string{}, DenyWriteFields: []string{}, DenyReadFields: []string{}}, }, { name: "both is privileged", @@ -61,25 +61,25 @@ func TestRule_GetPermission(t *testing.T) { { name: "ActionRead", action: ActionRead, - rule: Rule{Actions: []Action{ActionRead, ActionUpdate}, ReadonlyFields: []string{"f1"}, HiddenFields: []string{"f2"}, WriteonlyFields: []string{"f3"}}, + rule: Rule{Actions: []Action{ActionRead, ActionUpdate}, DenyReadFields: []string{"f1"}, HiddenFields: []string{"f2"}, DenyWriteFields: []string{"f3"}}, unallowedFields: []string{"f2", "f3"}, }, { name: "ActionRead readonly&writeonly", action: ActionRead, - rule: Rule{Actions: []Action{ActionRead, ActionUpdate}, ReadonlyFields: []string{"f1"}, HiddenFields: []string{"f2"}, WriteonlyFields: []string{"f1"}}, + rule: Rule{Actions: []Action{ActionRead, ActionUpdate}, DenyReadFields: []string{"f1"}, HiddenFields: []string{"f2"}, DenyWriteFields: []string{"f1"}}, unallowedFields: []string{"f1", "f2"}, }, { name: "ActionUpdate", action: ActionUpdate, - rule: Rule{Actions: []Action{ActionRead, ActionUpdate}, ReadonlyFields: []string{"f1"}, HiddenFields: []string{"f2"}, WriteonlyFields: []string{"f3"}}, + rule: Rule{Actions: []Action{ActionRead, ActionUpdate}, DenyReadFields: []string{"f1"}, HiddenFields: []string{"f2"}, DenyWriteFields: []string{"f3"}}, unallowedFields: []string{"f1"}, }, { name: "ActionUpdate readonly&writeonly", action: ActionUpdate, - rule: Rule{Actions: []Action{ActionRead, ActionUpdate}, ReadonlyFields: []string{"f1"}, HiddenFields: []string{"f2"}, WriteonlyFields: []string{"f1"}}, + rule: Rule{Actions: []Action{ActionRead, ActionUpdate}, DenyReadFields: []string{"f1"}, HiddenFields: []string{"f2"}, DenyWriteFields: []string{"f1"}}, unallowedFields: []string{"f1"}, }, } diff --git a/pkg/roles/transport/grpc/protobuf_type_converters.microgen.go b/pkg/roles/transport/grpc/protobuf_type_converters.microgen.go index 10f207e5ebf3e07804009bf0bbb62401e0bdbf9a..e066ef1913f986321753e69fffbf10207a874d5b 100644 --- a/pkg/roles/transport/grpc/protobuf_type_converters.microgen.go +++ b/pkg/roles/transport/grpc/protobuf_type_converters.microgen.go @@ -82,8 +82,8 @@ func PtrPermissionRuleToProto(rule *permission.Rule) (*commonpb.Rule, error) { Actions: actions, Access: commonpb.Access(rule.Access), HiddenFields: rule.HiddenFields, - ReadonlyFields: rule.ReadonlyFields, - WriteonlyFields: rule.WriteonlyFields, + ReadonlyFields: rule.DenyReadFields, + WriteonlyFields: rule.DenyWriteFields, ReadFilter: rule.ReadFilter, WriteFilter: rule.WriteFilter, }, nil @@ -102,8 +102,8 @@ func ProtoToPtrPermissionRule(protoRule *commonpb.Rule) (*permission.Rule, error Actions: actions, Access: permission.Access(protoRule.Access), HiddenFields: protoRule.HiddenFields, - ReadonlyFields: protoRule.ReadonlyFields, - WriteonlyFields: protoRule.WriteonlyFields, + DenyReadFields: protoRule.ReadonlyFields, + DenyWriteFields: protoRule.WriteonlyFields, ReadFilter: protoRule.ReadFilter, WriteFilter: protoRule.WriteFilter, }, nil diff --git a/proto/roles/roles.pb.go b/proto/roles/roles.pb.go index 0d70814977a6b765b8377739bd3f43704b98ec02..08e8b485edfde6d7ab8a510addd726c84f936cc8 100644 --- a/proto/roles/roles.pb.go +++ b/proto/roles/roles.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.31.0 -// protoc v4.24.3 +// protoc v4.23.4 // source: roles/roles.proto package roles diff --git a/proto/roles/roles_grpc.pb.go b/proto/roles/roles_grpc.pb.go index 13000eb2e08429aa6fcc93d5e133d4e3012c05ff..b9c888ef91310f1802bd76ab335d9ddda33ef8a8 100644 --- a/proto/roles/roles_grpc.pb.go +++ b/proto/roles/roles_grpc.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go-grpc. DO NOT EDIT. // versions: // - protoc-gen-go-grpc v1.3.0 -// - protoc v4.24.3 +// - protoc v4.23.4 // source: roles/roles.proto package roles