gsp-protocol 1.5.2

Group Signaling Protocol โ€” the signalling sub-protocol of the Group Protocol Stack. Carries membership, role and stream-state events on top of the GBP base layer.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200

//! Role registry and permission checks (GSP ยง5 โ€” `ROLE_CHANGE`).
//!
//! GSP defines `ROLE_CHANGE` but leaves the role hierarchy and the
//! permission semantics up to the application. [`RoleRegistry`] captures
//! both pieces in a small, allocation-light data structure:
//!
//! * a numeric **role id** is bound to a stable role name (for logs);
//! * each role carries a [`Permissions`] bitset that the application can
//!   query before applying side-effecting signals.

use gbp_core::MemberId;
use std::collections::HashMap;

/// Application-defined permission bits. The first eight slots are
/// pre-named to cover the common audio/text/role permissions; bits 8..32
/// are free for application use.
#[derive(Copy, Clone, Debug, Default, PartialEq, Eq)]
pub struct Permissions(pub u32);

impl Permissions {
    /// Bit 0: may publish to text streams (GTP).
    pub const SEND_TEXT: u32 = 1 << 0;
    /// Bit 1: may publish to audio streams (GAP).
    pub const SEND_AUDIO: u32 = 1 << 1;
    /// Bit 2: may emit signals (GSP).
    pub const SEND_SIGNAL: u32 = 1 << 2;
    /// Bit 3: may mute / unmute other members.
    pub const MUTE_OTHERS: u32 = 1 << 3;
    /// Bit 4: may approve `ROLE_CHANGE` requests.
    pub const ASSIGN_ROLES: u32 = 1 << 4;
    /// Bit 5: may invite new members (drives MLS adds).
    pub const INVITE: u32 = 1 << 5;
    /// Bit 6: may remove members from the group.
    pub const REMOVE_MEMBERS: u32 = 1 << 6;
    /// Bit 7: may close / archive the group.
    pub const CLOSE_GROUP: u32 = 1 << 7;

    /// `true` if every bit in `mask` is set.
    pub const fn has(self, mask: u32) -> bool {
        self.0 & mask == mask
    }

    /// Bitwise OR.
    pub const fn with(self, mask: u32) -> Self {
        Self(self.0 | mask)
    }

    /// Bitwise AND-NOT.
    pub const fn without(self, mask: u32) -> Self {
        Self(self.0 & !mask)
    }
}

impl core::ops::BitOr<u32> for Permissions {
    type Output = Self;
    fn bitor(self, rhs: u32) -> Self::Output {
        Self(self.0 | rhs)
    }
}

/// Role definition in [`RoleRegistry`].
#[derive(Clone, Debug)]
pub struct RoleSpec {
    /// Numeric role id (matches the `role_claim` field on the wire).
    pub id: u32,
    /// Stable human-readable name for logs.
    pub name: String,
    /// Permissions granted by the role.
    pub permissions: Permissions,
}

/// Errors returned by [`RoleRegistry`].
#[derive(Debug, thiserror::Error)]
pub enum RoleError {
    /// The role id is not registered.
    #[error("unknown role: {0}")]
    UnknownRole(u32),
    /// The acting member is not authorised for this operation.
    #[error("member {member} lacks permission 0x{permission:08X}")]
    Unauthorised {
        /// Acting member.
        member: MemberId,
        /// Required permission mask.
        permission: u32,
    },
}

/// Bidirectional mapping of role ids to [`RoleSpec`]s plus an assignment
/// table tracking each member's current role.
#[derive(Default)]
pub struct RoleRegistry {
    roles: HashMap<u32, RoleSpec>,
    assignments: HashMap<MemberId, u32>,
}

impl RoleRegistry {
    /// Empty registry.
    pub fn new() -> Self {
        Self::default()
    }

    /// Registers a role. Replaces any existing role with the same id.
    pub fn define(&mut self, spec: RoleSpec) {
        self.roles.insert(spec.id, spec);
    }

    /// Convenience: defines a role from primitive components.
    pub fn define_role(&mut self, id: u32, name: impl Into<String>, permissions: Permissions) {
        self.define(RoleSpec {
            id,
            name: name.into(),
            permissions,
        });
    }

    /// Looks up a role by id.
    pub fn role(&self, id: u32) -> Option<&RoleSpec> {
        self.roles.get(&id)
    }

    /// Iterates every defined role.
    pub fn roles(&self) -> impl Iterator<Item = &RoleSpec> {
        self.roles.values()
    }

    /// Assigns a role to a member.
    pub fn assign(&mut self, member: MemberId, role_id: u32) -> Result<(), RoleError> {
        if !self.roles.contains_key(&role_id) {
            return Err(RoleError::UnknownRole(role_id));
        }
        self.assignments.insert(member, role_id);
        Ok(())
    }

    /// Returns the role currently assigned to `member`, if any.
    pub fn role_of(&self, member: MemberId) -> Option<&RoleSpec> {
        let id = self.assignments.get(&member)?;
        self.roles.get(id)
    }

    /// Returns the effective permissions of `member` (zero if no role is
    /// assigned).
    pub fn permissions_of(&self, member: MemberId) -> Permissions {
        self.role_of(member)
            .map(|r| r.permissions)
            .unwrap_or_default()
    }

    /// `Ok(())` if `member` carries every bit in `mask`; otherwise
    /// [`RoleError::Unauthorised`].
    pub fn require(&self, member: MemberId, mask: u32) -> Result<(), RoleError> {
        if self.permissions_of(member).has(mask) {
            Ok(())
        } else {
            Err(RoleError::Unauthorised {
                member,
                permission: mask,
            })
        }
    }
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn permissions_and_require() {
        let mut r = RoleRegistry::new();
        r.define_role(1, "viewer", Permissions::default());
        r.define_role(
            10,
            "speaker",
            Permissions::default() | Permissions::SEND_TEXT | Permissions::SEND_AUDIO,
        );
        r.define_role(
            100,
            "admin",
            Permissions::default()
                | Permissions::SEND_TEXT
                | Permissions::SEND_AUDIO
                | Permissions::MUTE_OTHERS
                | Permissions::ASSIGN_ROLES,
        );

        r.assign(2, 10).unwrap();
        r.assign(3, 100).unwrap();

        assert!(r.require(2, Permissions::SEND_TEXT).is_ok());
        assert!(r.require(2, Permissions::MUTE_OTHERS).is_err());
        assert!(r.require(3, Permissions::MUTE_OTHERS).is_ok());
    }

    #[test]
    fn unknown_role_rejected() {
        let mut r = RoleRegistry::new();
        let err = r.assign(1, 42).unwrap_err();
        assert!(matches!(err, RoleError::UnknownRole(42)));
    }
}