1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
//! ACL trait-level helper operations.
//!
//! The direct-`DatabaseConnection` implementations that backed the
//! `AclDb` blanket impl moved into the closed `cognee-access-control`
//! crate: the auth entities
//! they depended on (`acl`, `permission`, `principal`, `user_role`,
//! `user_tenant`) no longer exist on the OSS schema.
//!
//! What remains here is the trait-only helper used by the OSS ingestion
//! pipeline (which still wires an `&dyn AclDb`) and the canonical
//! `PERMISSION_NAMES` list both halves of the split agree on.
use instrument;
use Uuid;
use crateDatabaseError;
/// All permission names defined in the system.
pub const PERMISSION_NAMES: & = &;
/// Grant all four permissions (read, write, delete, share) to a principal
/// on a dataset via the [`AclDb`](crate::traits::AclDb) trait.
///
/// Used by the ingestion pipeline to bless the dataset owner on every
/// `add` of a freshly-created dataset. Works with any `&dyn AclDb`
/// implementation, so OSS callers can pair it with `MockAclDb` (tests)
/// or with the closed `AccessControl` newtype (production cloud builds).
pub async