acl: Define target of access control rules

Basic NeoFS ACL applies access rules to request sender. Request senders are combined in groups that calls `targets`. Basic ACL rules may be applied to these targets: 1. User - request sender is the owner of the container, used in the request. 2. System - request sender is the storage node within the container used in the request or inner ring node. 3. Others - request sender is none of the above. Extended ACL rules may be applied for targets, provided with extra information. 4. PubKey - request sender has provided public key.
2020-04-01 18:40:04 +03:00 · 2020-04-01 18:40:04 +03:00 · afd55ac90b
commit afd55ac90b
parent b48cc534f4
1 changed files with 27 additions and 0 deletions
--- a/acl/types.proto
+++ b/acl/types.proto
@ -0,0 +1,27 @@
+syntax = "proto3";
+package acl;
+option go_package = "github.com/nspcc-dev/neofs-api-go/acl";
+option csharp_namespace = "NeoFS.API.Acl";
+
+import "github.com/gogo/protobuf/gogoproto/gogo.proto";
+option (gogoproto.stable_marshaler_all) = true;
+
+// Target of the access control rule in access control list.
+enum Target {
+    // Unknown target, default value.
+    Unknown = 0;
+
+    // User target rule is applied if sender is the owner of the container.
+    User    = 1;
+
+    // System target rule is applied if sender is the storage node within the
+    // container or inner ring node.
+    System  = 2;
+
+    // Others target rule is applied if sender is not user or system target.
+    Others  = 3;
+
+    // PubKey target rule is applied if sender has public key provided in
+    // extended ACL.
+    PubKey  = 4;
+}