1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64

use std::cmp::Ordering;

use serde::{Deserialize, Serialize};

use garage_util::crdt::*;

/// Permission given to a key in a bucket
#[derive(PartialOrd, Ord, PartialEq, Eq, Clone, Copy, Debug, Serialize, Deserialize)]
pub struct BucketKeyPerm {
	/// Timestamp at which the permission was given
	pub timestamp: u64,

	/// The key can be used to read the bucket
	pub allow_read: bool,
	/// The key can be used to write objects to the bucket
	pub allow_write: bool,
	/// The key can be used to control other aspects of the bucket:
	/// - enable / disable website access
	/// - delete bucket
	pub allow_owner: bool,
}

impl BucketKeyPerm {
	pub const NO_PERMISSIONS: Self = Self {
		timestamp: 0,
		allow_read: false,
		allow_write: false,
		allow_owner: false,
	};

	pub const ALL_PERMISSIONS: Self = Self {
		timestamp: 0,
		allow_read: true,
		allow_write: true,
		allow_owner: true,
	};

	pub fn is_any(&self) -> bool {
		self.allow_read || self.allow_write || self.allow_owner
	}
}

impl Crdt for BucketKeyPerm {
	fn merge(&mut self, other: &Self) {
		match other.timestamp.cmp(&self.timestamp) {
			Ordering::Greater => {
				*self = *other;
			}
			Ordering::Equal if other != self => {
				warn!("Different permission sets with same timestamp: {:?} and {:?}, merging to most restricted permission set.", self, other);
				if !other.allow_read {
					self.allow_read = false;
				}
				if !other.allow_write {
					self.allow_write = false;
				}
				if !other.allow_owner {
					self.allow_owner = false;
				}
			}
			_ => (),
		}
	}
}