Skip to main content

bc_xid/
privilege.rs

1use bc_envelope::prelude::*;
2use known_values::*;
3
4use crate::{Error, Result};
5
6#[derive(Debug, Clone, PartialEq, Eq, Hash)]
7pub enum Privilege {
8    /// Allow all applicable XID operations
9    All,
10
11    //
12    // Operational Functions
13    /// Authenticate as the subject (e.g., log into services)
14    Auth,
15
16    /// Sign digital communications as the subject
17    Sign,
18
19    /// Encrypt messages from the subject
20    Encrypt,
21
22    /// Elide data under the subject's control
23    Elide,
24
25    /// Issue or revoke verifiable credentials on the subject's authority
26    Issue,
27
28    /// Access resources under the subject's control
29    Access,
30
31    //
32    // Management Functions
33    /// Delegate priviledges to third parties
34    Delegate,
35
36    /// Verify (update) the XID document
37    Verify,
38
39    /// Update service endpoints
40    Update,
41
42    /// Remove the inception key from the XID document
43    Transfer,
44
45    /// Add or remove other verifiers (rotate keys)
46    Elect,
47
48    /// Transition to a new provenance mark chain
49    Burn,
50
51    /// Revoke the XID entirely
52    Revoke,
53}
54
55impl From<&Privilege> for KnownValue {
56    fn from(xid_privilege: &Privilege) -> Self {
57        match xid_privilege {
58            Privilege::All => PRIVILEGE_ALL,
59            Privilege::Auth => PRIVILEGE_AUTH,
60            Privilege::Sign => PRIVILEGE_SIGN,
61            Privilege::Encrypt => PRIVILEGE_ENCRYPT,
62            Privilege::Elide => PRIVILEGE_ELIDE,
63            Privilege::Issue => PRIVILEGE_ISSUE,
64            Privilege::Access => PRIVILEGE_ACCESS,
65
66            Privilege::Delegate => PRIVILEGE_DELEGATE,
67            Privilege::Verify => PRIVILEGE_VERIFY,
68            Privilege::Update => PRIVILEGE_UPDATE,
69            Privilege::Transfer => PRIVILEGE_TRANSFER,
70            Privilege::Elect => PRIVILEGE_ELECT,
71            Privilege::Burn => PRIVILEGE_BURN,
72            Privilege::Revoke => PRIVILEGE_REVOKE,
73        }
74    }
75}
76
77impl TryFrom<&KnownValue> for Privilege {
78    type Error = Error;
79
80    fn try_from(known_value: &KnownValue) -> Result<Self> {
81        match known_value.value() {
82            PRIVILEGE_ALL_RAW => Ok(Self::All),
83            PRIVILEGE_AUTH_RAW => Ok(Self::Auth),
84            PRIVILEGE_SIGN_RAW => Ok(Self::Sign),
85            PRIVILEGE_ENCRYPT_RAW => Ok(Self::Encrypt),
86            PRIVILEGE_ELIDE_RAW => Ok(Self::Elide),
87            PRIVILEGE_ISSUE_RAW => Ok(Self::Issue),
88            PRIVILEGE_ACCESS_RAW => Ok(Self::Access),
89
90            PRIVILEGE_DELEGATE_RAW => Ok(Self::Delegate),
91            PRIVILEGE_VERIFY_RAW => Ok(Self::Verify),
92            PRIVILEGE_UPDATE_RAW => Ok(Self::Update),
93            PRIVILEGE_TRANSFER_RAW => Ok(Self::Transfer),
94            PRIVILEGE_ELECT_RAW => Ok(Self::Elect),
95            PRIVILEGE_BURN_RAW => Ok(Self::Burn),
96            PRIVILEGE_REVOKE_RAW => Ok(Self::Revoke),
97
98            _ => Err(Error::UnknownPrivilege),
99        }
100    }
101}
102
103impl From<&Privilege> for Envelope {
104    fn from(xid_privilege: &Privilege) -> Self {
105        Envelope::new(KnownValue::from(xid_privilege))
106    }
107}
108
109impl TryFrom<Envelope> for Privilege {
110    type Error = Error;
111
112    fn try_from(envelope: Envelope) -> Result<Self> {
113        let subject = envelope.subject();
114        let known_value = subject.try_known_value()?;
115        Privilege::try_from(known_value)
116    }
117}
118
119impl EnvelopeEncodable for Privilege {
120    fn into_envelope(self) -> Envelope { Envelope::from(&self) }
121}