From 18b698d4292ef7e91611896ffd845196f85aa5f5 Mon Sep 17 00:00:00 2001
From: alexvanin <alexey@nspcc.ru>
Date: Wed, 1 Apr 2020 19:03:46 +0300
Subject: [PATCH] container: Replace `AccessGroup` with `BasicACL`

With new ACL conception, access control lists in NeoFS
defined as a required basic ACL and optional extended ACL.

Basic ACL must be set up in container structure. It is a bit
mask stored in 32-bit unsigned integer.

Seven nibbles represent seven object operations: get, put,
head, search, delete, range, range-hash.

Every nibble defines access rules for three targets: user,
owner, others and has permission bit for bearer token.

There is a permission bit for extended ACL and three unused
bits.
---
 container/service.proto |  4 ++--
 container/types.proto   | 17 +++--------------
 2 files changed, 5 insertions(+), 16 deletions(-)

diff --git a/container/service.proto b/container/service.proto
index bccf924..7df2c66 100644
--- a/container/service.proto
+++ b/container/service.proto
@@ -42,8 +42,8 @@ message PutRequest {
     // Rules define storage policy for the object inside the container.
     netmap.PlacementRule rules               = 4 [(gogoproto.nullable) = false];
 
-    // Container ACL.
-    AccessGroup Group                        = 5 [(gogoproto.nullable) = false];
+    // BasicACL of the container.
+    uint32 BasicACL                          = 5;
 
     // RequestMetaHeader contains information about request meta headers (should be embedded into message)
     service.RequestMetaHeader Meta           = 98 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
diff --git a/container/types.proto b/container/types.proto
index a0d035d..dc79bd3 100644
--- a/container/types.proto
+++ b/container/types.proto
@@ -18,18 +18,7 @@ message Container {
     uint64 Capacity            = 3;
     // Rules define storage policy for the object inside the container.
     netmap.PlacementRule Rules = 4 [(gogoproto.nullable) = false];
-    // Container ACL.
-    AccessControlList List     = 5 [(gogoproto.nullable) = false];
-}
-
-message AccessGroup {
-    // Group access mode.
-    uint32 AccessMode         = 1;
-    // Group members.
-    repeated bytes UserGroup  = 2 [(gogoproto.customtype) = "OwnerID", (gogoproto.nullable) = false];
-}
-
-message AccessControlList {
-    // List of access groups.
-    repeated AccessGroup List = 1 [(gogoproto.nullable) = false];
+    // BasicACL with access control rules for owner, system, others and
+    // permission bits for bearer token and extended ACL.
+    uint32 BasicACL            = 5;
 }