From afd55ac90b4e6744545009a0319dfb4d4eaf610f Mon Sep 17 00:00:00 2001
From: alexvanin <alexey@nspcc.ru>
Date: Wed, 1 Apr 2020 18:40:04 +0300
Subject: [PATCH] acl: Define target of access control rules

Basic NeoFS ACL applies access rules to request sender. Request
senders are combined in groups that calls `targets`.

Basic ACL rules may be applied to these targets:

  1. User - request sender is the owner of the container,
     used in the request.

  2. System - request sender is the storage node
     within the container used in the request or
     inner ring node.

  3. Others - request sender is none of the above.

 Extended ACL rules may be applied for targets, provided with
 extra information.

  4. PubKey - request sender has provided public key.
---
 acl/types.proto | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)
 create mode 100644 acl/types.proto

diff --git a/acl/types.proto b/acl/types.proto
new file mode 100644
index 0000000..f20423f
--- /dev/null
+++ b/acl/types.proto
@@ -0,0 +1,27 @@
+syntax = "proto3";
+package acl;
+option go_package = "github.com/nspcc-dev/neofs-api-go/acl";
+option csharp_namespace = "NeoFS.API.Acl";
+
+import "github.com/gogo/protobuf/gogoproto/gogo.proto";
+option (gogoproto.stable_marshaler_all) = true;
+
+// Target of the access control rule in access control list.
+enum Target {
+    // Unknown target, default value.
+    Unknown = 0;
+
+    // User target rule is applied if sender is the owner of the container.
+    User    = 1;
+
+    // System target rule is applied if sender is the storage node within the
+    // container or inner ring node.
+    System  = 2;
+
+    // Others target rule is applied if sender is not user or system target.
+    Others  = 3;
+
+    // PubKey target rule is applied if sender has public key provided in
+    // extended ACL.
+    PubKey  = 4;
+}