forked from TrueCloudLab/frostfs-sdk-go
[#170] acl: Document package functionality
Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
This commit is contained in:
Pavel Karpy
Alex Vanin
parent
030bbce2cf
commit
58d4f4a55f
2 changed files with 42 additions and 0 deletions
40
acl/doc.go
Normal file
40
acl/doc.go
Normal file
|
|
@ -0,0 +1,40 @@
|
|||
/*
|
||||
Package acl provides primitives to perform handling basic ACL management in NeoFS.
|
||||
|
||||
BasicACL type provides functionality for managing container basic access-control list.
|
||||
For example, setting public basic ACL that could not be extended with any eACL rules:
|
||||
|
||||
import "github.com/nspcc-dev/neofs-sdk-go/container"
|
||||
...
|
||||
c := container.New()
|
||||
c.SetBasicACL(acl.PublicBasicRule)
|
||||
|
||||
Using package types in an application is recommended to potentially work with
|
||||
different protocol versions with which these types are compatible.
|
||||
|
||||
Basic ACL bits meaning:
|
||||
|
||||
┌──┬──┬──┬──┬──┬──┬──┬──┬──┬──┬──┬──┬──┬──┬──┬──┐
|
||||
│31│30│29│28│27│26│25│24│23│22│21│20│19│18│17│16│ <- Bit
|
||||
├──┼──┼──┼──┼──┴──┴──┴──┼──┴──┴──┴──┼──┴──┴──┴──┤
|
||||
│ │ │ │ │ RANGEHASH │ RANGE │ SEARCH │ <- Object service method
|
||||
│ │ │ │ ├──┬──┬──┬──┼──┬──┬──┬──┼──┬──┬──┬──┤
|
||||
│ │ │ X│ F│ U│ S│ O│ B│ U│ S│ O│ B│ U│ S│ O│ B│ <- Rule
|
||||
├──┼──┼──┼──┼──┼──┼──┼──┼──┼──┼──┼──┼──┼──┼──┼──┤
|
||||
│15│14│13│12│11│10│09│08│07│06│05│04│03│02│01│00│ <- Bit
|
||||
├──┴──┴──┴──┼──┴──┴──┴──┼──┴──┴──┴──┼──┴──┴──┴──┤
|
||||
│ DELETE │ PUT │ HEAD │ GET │ <- Object service method
|
||||
├──┬──┬──┬──┼──┬──┬──┬──┼──┬──┬──┬──┼──┬──┬──┬──┤
|
||||
│ U│ S│ O│ B│ U│ S│ O│ B│ U│ S│ O│ B│ U│ S│ O│ B│ <- Rule
|
||||
└──┴──┴──┴──┴──┴──┴──┴──┴──┴──┴──┴──┴──┴──┴──┴──┘
|
||||
|
||||
U - Allows access to the owner of the container.
|
||||
S - Allows access to Inner Ring and container nodes in the current version of network map.
|
||||
O - Clients that do not match any of the categories above.
|
||||
B - Allows using Bear Token ACL rules to replace eACL rules.
|
||||
F - Flag denying Extended ACL. If set Extended ACL is ignored.
|
||||
X - Flag denying different owners of the request and the object.
|
||||
|
||||
Remaining bits are reserved and are not used.
|
||||
*/
|
||||
package acl
|
||||
|
|
@ -9,6 +9,8 @@ import (
|
|||
// BasicACL is Access Control List that defines who can interact with containers and what exactly they can do.
|
||||
type BasicACL uint32
|
||||
|
||||
// String returns BasicACL string representation
|
||||
// in hexadecimal form with 0x prefix.
|
||||
func (a BasicACL) String() string {
|
||||
return fmt.Sprintf("0x%08x", uint32(a))
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue