pkg/bufman/proto/registry/v1alpha1/authz.proto - dubbo-kubernetes - Git at Google



 syntax = "proto3";

 package bufman.dubbo.apache.org.registry.v1alpha1;

 import "registry/v1alpha1/role.proto";

 // AuthzService supplies authorization helpers.
 service AuthzService {
   // UserCanCreateOrganizationRepository returns whether the user is authorized
   // to create repositories in an organization.
   rpc UserCanCreateOrganizationRepository(UserCanCreateOrganizationRepositoryRequest) returns (UserCanCreateOrganizationRepositoryResponse) {
     option idempotency_level = NO_SIDE_EFFECTS;
   }
   // UserCanSeeRepositorySettings returns whether the user is authorized
   // to see repository settings.
   rpc UserCanSeeRepositorySettings(UserCanSeeRepositorySettingsRequest) returns (UserCanSeeRepositorySettingsResponse) {
     option idempotency_level = NO_SIDE_EFFECTS;
   }
   // UserCanSeeOrganizationSettings returns whether the user is authorized
   // to see organization settings.
   rpc UserCanSeeOrganizationSettings(UserCanSeeOrganizationSettingsRequest) returns (UserCanSeeOrganizationSettingsResponse) {
     option idempotency_level = NO_SIDE_EFFECTS;
   }
   // UserCanReadPlugin returns whether the user has read access to the specified plugin.
   rpc UserCanReadPlugin(UserCanReadPluginRequest) returns (UserCanReadPluginResponse) {
     option deprecated = true;
     option idempotency_level = NO_SIDE_EFFECTS;
   }
   // UserCanCreatePluginVersion returns whether the user is authorized
   // to create a plugin version under the specified plugin.
   rpc UserCanCreatePluginVersion(UserCanCreatePluginVersionRequest) returns (UserCanCreatePluginVersionResponse) {
     option deprecated = true;
     option idempotency_level = NO_SIDE_EFFECTS;
   }
   // UserCanCreateTemplateVersion returns whether the user is authorized
   // to create a template version under the specified template.
   rpc UserCanCreateTemplateVersion(UserCanCreateTemplateVersionRequest) returns (UserCanCreateTemplateVersionResponse) {
     option deprecated = true;
     option idempotency_level = NO_SIDE_EFFECTS;
   }
   // UserCanCreateOrganizationPlugin returns whether the user is authorized to create
   // a plugin in an organization.
   rpc UserCanCreateOrganizationPlugin(UserCanCreateOrganizationPluginRequest) returns (UserCanCreateOrganizationPluginResponse) {
     option deprecated = true;
     option idempotency_level = NO_SIDE_EFFECTS;
   }
   // UserCanCreateOrganizationPlugin returns whether the user is authorized to create
   // a template in an organization.
   rpc UserCanCreateOrganizationTemplate(UserCanCreateOrganizationTemplateRequest) returns (UserCanCreateOrganizationTemplateResponse) {
     option deprecated = true;
     option idempotency_level = NO_SIDE_EFFECTS;
   }
   // UserCanSeePluginSettings returns whether the user is authorized
   // to see plugin settings.
   rpc UserCanSeePluginSettings(UserCanSeePluginSettingsRequest) returns (UserCanSeePluginSettingsResponse) {
     option deprecated = true;
     option idempotency_level = NO_SIDE_EFFECTS;
   }
   // UserCanSeeTemplateSettings returns whether the user is authorized
   // to see template settings.
   rpc UserCanSeeTemplateSettings(UserCanSeeTemplateSettingsRequest) returns (UserCanSeeTemplateSettingsResponse) {
     option deprecated = true;
     option idempotency_level = NO_SIDE_EFFECTS;
   }
   // UserCanAddOrganizationMember returns whether the user is authorized to add
   // any members to the organization and the list of roles they can add.
   rpc UserCanAddOrganizationMember(UserCanAddOrganizationMemberRequest) returns (UserCanAddOrganizationMemberResponse) {
     option idempotency_level = NO_SIDE_EFFECTS;
   }
   // UserCanUpdateOrganizationMember returns whether the user is authorized to update
   // any members' membership information in the organization and the list of roles they can update.
   rpc UserCanUpdateOrganizationMember(UserCanUpdateOrganizationMemberRequest) returns (UserCanUpdateOrganizationMemberResponse) {
     option idempotency_level = NO_SIDE_EFFECTS;
   }
   // UserCanRemoveOrganizationMember returns whether the user is authorized to remove
   // any members from the organization and the list of roles they can remove.
   rpc UserCanRemoveOrganizationMember(UserCanRemoveOrganizationMemberRequest) returns (UserCanRemoveOrganizationMemberResponse) {
     option idempotency_level = NO_SIDE_EFFECTS;
   }
   // UserCanDeleteOrganization returns whether the user is authorized
   // to delete an organization.
   rpc UserCanDeleteOrganization(UserCanDeleteOrganizationRequest) returns (UserCanDeleteOrganizationResponse) {
     option idempotency_level = NO_SIDE_EFFECTS;
   }
   // UserCanDeleteRepository returns whether the user is authorized
   // to delete a repository.
   rpc UserCanDeleteRepository(UserCanDeleteRepositoryRequest) returns (UserCanDeleteRepositoryResponse) {
     option idempotency_level = NO_SIDE_EFFECTS;
   }
   // UserCanDeleteTemplate returns whether the user is authorized
   // to delete a template.
   rpc UserCanDeleteTemplate(UserCanDeleteTemplateRequest) returns (UserCanDeleteTemplateResponse) {
     option deprecated = true;
     option idempotency_level = NO_SIDE_EFFECTS;
   }
   // UserCanDeletePlugin returns whether the user is authorized
   // to delete a plugin.
   rpc UserCanDeletePlugin(UserCanDeletePluginRequest) returns (UserCanDeletePluginResponse) {
     option deprecated = true;
     option idempotency_level = NO_SIDE_EFFECTS;
   }
   // UserCanDeleteUser returns whether the user is authorized
   // to delete a user.
   rpc UserCanDeleteUser(UserCanDeleteUserRequest) returns (UserCanDeleteUserResponse) {
     option idempotency_level = NO_SIDE_EFFECTS;
   }
   // UserCanSeeServerAdminPanel returns whether the user is authorized
   // to see server admin panel.
   rpc UserCanSeeServerAdminPanel(UserCanSeeServerAdminPanelRequest) returns (UserCanSeeServerAdminPanelResponse) {
     option idempotency_level = NO_SIDE_EFFECTS;
   }
   // UserCanManageRepositoryContributors returns whether the user is authorized to manage
   // any contributors to the repository and the list of roles they can manage.
   rpc UserCanManageRepositoryContributors(UserCanManageRepositoryContributorsRequest) returns (UserCanManageRepositoryContributorsResponse) {
     option idempotency_level = NO_SIDE_EFFECTS;
   }
 }

 message UserCanCreateOrganizationRepositoryRequest {
   // The ID of the organization for which to check
   // whether the user is authorized.
   string organization_id = 1;
 }

 message UserCanCreateOrganizationRepositoryResponse {
   bool authorized = 1;
 }

 message UserCanSeeRepositorySettingsRequest {
   // The ID of the repository for which to check
   // whether the user is authorized.
   string repository_id = 1;
 }

 message UserCanSeeRepositorySettingsResponse {
   bool authorized = 1;
 }

 message UserCanSeeOrganizationSettingsRequest {
   // The ID of the organization for which to check
   // whether the user is authorized.
   string organization_id = 1;
 }

 message UserCanSeeOrganizationSettingsResponse {
   bool authorized = 1;
 }

 message UserCanReadPluginRequest {
   option deprecated = true;
   // The owner of the plugin.
   string owner = 1;
   // The name of the plugin.
   string name = 2;
 }

 message UserCanReadPluginResponse {
   option deprecated = true;
   bool authorized = 1;
 }

 message UserCanCreatePluginVersionRequest {
   option deprecated = true;
   // The owner of the plugin.
   string owner = 1;
   // The name of the plugin.
   string name = 2;
 }

 message UserCanCreatePluginVersionResponse {
   option deprecated = true;
   bool authorized = 1;
 }

 message UserCanCreateTemplateVersionRequest {
   option deprecated = true;
   // The owner of the template.
   string owner = 1;
   // The name of the template.
   string name = 2;
 }

 message UserCanCreateTemplateVersionResponse {
   option deprecated = true;
   bool authorized = 1;
 }

 message UserCanCreateOrganizationPluginRequest {
   option deprecated = true;
   // The ID of the organization for which to check
   // whether the user is authorized.
   string organization_id = 1;
 }

 message UserCanCreateOrganizationPluginResponse {
   option deprecated = true;
   bool authorized = 1;
 }

 message UserCanCreateOrganizationTemplateRequest {
   option deprecated = true;
   // The ID of the organization for which to check
   // whether the user is authorized.
   string organization_id = 1;
 }

 message UserCanCreateOrganizationTemplateResponse {
   option deprecated = true;
   bool authorized = 1;
 }

 message UserCanSeePluginSettingsRequest {
   option deprecated = true;
   // The owner of the plugin.
   string owner = 1;
   // The name of the plugin.
   string name = 2;
 }

 message UserCanSeePluginSettingsResponse {
   option deprecated = true;
   bool authorized = 1;
 }

 message UserCanSeeTemplateSettingsRequest {
   option deprecated = true;
   // The owner of the template.
   string owner = 1;
   // The name of the template.
   string name = 2;
 }

 message UserCanSeeTemplateSettingsResponse {
   option deprecated = true;
   bool authorized = 1;
 }

 message UserCanAddOrganizationMemberRequest {
   // The ID of the organization for which to check
   // whether the user is authorized.
   string organization_id = 1;
 }

 message UserCanAddOrganizationMemberResponse {
   // The list of roles that the user is authorized to add, empty list means the user is
   // not authorized to add any members.
   repeated OrganizationRole authorized_roles = 1;
 }

 message UserCanUpdateOrganizationMemberRequest {
   // The ID of the organization for which to check
   // whether the user is authorized.
   string organization_id = 1;
 }

 message UserCanUpdateOrganizationMemberResponse {
   // The list of roles that the user is authorized to update (from and to), empty list means the user is
   // not authorized to update any members' role.
   repeated OrganizationRole authorized_roles = 1;
 }

 message UserCanRemoveOrganizationMemberRequest {
   // The ID of the organization for which to check
   // whether the user is authorized.
   string organization_id = 1;
 }

 message UserCanRemoveOrganizationMemberResponse {
   // The list of roles that the user is authorized to remove, empty list means the user is
   // not authorized to remove any members.
   repeated OrganizationRole authorized_roles = 1;
 }

 message UserCanDeleteOrganizationRequest {
   // The ID of the organization for which to check
   // whether the user is authorized.
   string organization_id = 1;
 }

 message UserCanDeleteOrganizationResponse {
   bool authorized = 1;
 }

 message UserCanDeleteRepositoryRequest {
   // The ID of the repository for which to check
   // whether the user is authorized.
   string repository_id = 1;
 }

 message UserCanDeleteRepositoryResponse {
   bool authorized = 1;
 }

 message UserCanDeleteTemplateRequest {
   option deprecated = true;
   // The ID of the template for which to check
   // whether the user is authorized.
   string template_id = 1;
 }

 message UserCanDeleteTemplateResponse {
   option deprecated = true;
   bool authorized = 1;
 }

 message UserCanDeletePluginRequest {
   option deprecated = true;
   // The ID of the plugin for which to check
   // whether the user is authorized.
   string plugin_id = 1;
 }

 message UserCanDeletePluginResponse {
   option deprecated = true;
   bool authorized = 1;
 }

 message UserCanDeleteUserRequest {}

 message UserCanDeleteUserResponse {
   bool authorized = 1;
 }

 message UserCanSeeServerAdminPanelRequest {}

 message UserCanSeeServerAdminPanelResponse {
   bool authorized = 1;
 }

 message UserCanManageRepositoryContributorsRequest {
   // The ID of the repository for which to check
   // whether the user is authorized.
   string repository_id = 1;
 }

 message UserCanManageRepositoryContributorsResponse {
   // The list of roles that the user is authorized to manage, empty list means the user is
   // not authorized to manage any contributors.
   repeated RepositoryRole authorized_roles = 1;
 }


	syntax = "proto3";

	package bufman.dubbo.apache.org.registry.v1alpha1;

	import "registry/v1alpha1/role.proto";

	// AuthzService supplies authorization helpers.
	service AuthzService {
	// UserCanCreateOrganizationRepository returns whether the user is authorized
	// to create repositories in an organization.
	rpc UserCanCreateOrganizationRepository(UserCanCreateOrganizationRepositoryRequest) returns (UserCanCreateOrganizationRepositoryResponse) {
	option idempotency_level = NO_SIDE_EFFECTS;
	}
	// UserCanSeeRepositorySettings returns whether the user is authorized
	// to see repository settings.
	rpc UserCanSeeRepositorySettings(UserCanSeeRepositorySettingsRequest) returns (UserCanSeeRepositorySettingsResponse) {
	option idempotency_level = NO_SIDE_EFFECTS;
	}
	// UserCanSeeOrganizationSettings returns whether the user is authorized
	// to see organization settings.
	rpc UserCanSeeOrganizationSettings(UserCanSeeOrganizationSettingsRequest) returns (UserCanSeeOrganizationSettingsResponse) {
	option idempotency_level = NO_SIDE_EFFECTS;
	}
	// UserCanReadPlugin returns whether the user has read access to the specified plugin.
	rpc UserCanReadPlugin(UserCanReadPluginRequest) returns (UserCanReadPluginResponse) {
	option deprecated = true;
	option idempotency_level = NO_SIDE_EFFECTS;
	}
	// UserCanCreatePluginVersion returns whether the user is authorized
	// to create a plugin version under the specified plugin.
	rpc UserCanCreatePluginVersion(UserCanCreatePluginVersionRequest) returns (UserCanCreatePluginVersionResponse) {
	option deprecated = true;
	option idempotency_level = NO_SIDE_EFFECTS;
	}
	// UserCanCreateTemplateVersion returns whether the user is authorized
	// to create a template version under the specified template.
	rpc UserCanCreateTemplateVersion(UserCanCreateTemplateVersionRequest) returns (UserCanCreateTemplateVersionResponse) {
	option deprecated = true;
	option idempotency_level = NO_SIDE_EFFECTS;
	}
	// UserCanCreateOrganizationPlugin returns whether the user is authorized to create
	// a plugin in an organization.
	rpc UserCanCreateOrganizationPlugin(UserCanCreateOrganizationPluginRequest) returns (UserCanCreateOrganizationPluginResponse) {
	option deprecated = true;
	option idempotency_level = NO_SIDE_EFFECTS;
	}
	// UserCanCreateOrganizationPlugin returns whether the user is authorized to create
	// a template in an organization.
	rpc UserCanCreateOrganizationTemplate(UserCanCreateOrganizationTemplateRequest) returns (UserCanCreateOrganizationTemplateResponse) {
	option deprecated = true;
	option idempotency_level = NO_SIDE_EFFECTS;
	}
	// UserCanSeePluginSettings returns whether the user is authorized
	// to see plugin settings.
	rpc UserCanSeePluginSettings(UserCanSeePluginSettingsRequest) returns (UserCanSeePluginSettingsResponse) {
	option deprecated = true;
	option idempotency_level = NO_SIDE_EFFECTS;
	}
	// UserCanSeeTemplateSettings returns whether the user is authorized
	// to see template settings.
	rpc UserCanSeeTemplateSettings(UserCanSeeTemplateSettingsRequest) returns (UserCanSeeTemplateSettingsResponse) {
	option deprecated = true;
	option idempotency_level = NO_SIDE_EFFECTS;
	}
	// UserCanAddOrganizationMember returns whether the user is authorized to add
	// any members to the organization and the list of roles they can add.
	rpc UserCanAddOrganizationMember(UserCanAddOrganizationMemberRequest) returns (UserCanAddOrganizationMemberResponse) {
	option idempotency_level = NO_SIDE_EFFECTS;
	}
	// UserCanUpdateOrganizationMember returns whether the user is authorized to update
	// any members' membership information in the organization and the list of roles they can update.
	rpc UserCanUpdateOrganizationMember(UserCanUpdateOrganizationMemberRequest) returns (UserCanUpdateOrganizationMemberResponse) {
	option idempotency_level = NO_SIDE_EFFECTS;
	}
	// UserCanRemoveOrganizationMember returns whether the user is authorized to remove
	// any members from the organization and the list of roles they can remove.
	rpc UserCanRemoveOrganizationMember(UserCanRemoveOrganizationMemberRequest) returns (UserCanRemoveOrganizationMemberResponse) {
	option idempotency_level = NO_SIDE_EFFECTS;
	}
	// UserCanDeleteOrganization returns whether the user is authorized
	// to delete an organization.
	rpc UserCanDeleteOrganization(UserCanDeleteOrganizationRequest) returns (UserCanDeleteOrganizationResponse) {
	option idempotency_level = NO_SIDE_EFFECTS;
	}
	// UserCanDeleteRepository returns whether the user is authorized
	// to delete a repository.
	rpc UserCanDeleteRepository(UserCanDeleteRepositoryRequest) returns (UserCanDeleteRepositoryResponse) {
	option idempotency_level = NO_SIDE_EFFECTS;
	}
	// UserCanDeleteTemplate returns whether the user is authorized
	// to delete a template.
	rpc UserCanDeleteTemplate(UserCanDeleteTemplateRequest) returns (UserCanDeleteTemplateResponse) {
	option deprecated = true;
	option idempotency_level = NO_SIDE_EFFECTS;
	}
	// UserCanDeletePlugin returns whether the user is authorized
	// to delete a plugin.
	rpc UserCanDeletePlugin(UserCanDeletePluginRequest) returns (UserCanDeletePluginResponse) {
	option deprecated = true;
	option idempotency_level = NO_SIDE_EFFECTS;
	}
	// UserCanDeleteUser returns whether the user is authorized
	// to delete a user.
	rpc UserCanDeleteUser(UserCanDeleteUserRequest) returns (UserCanDeleteUserResponse) {
	option idempotency_level = NO_SIDE_EFFECTS;
	}
	// UserCanSeeServerAdminPanel returns whether the user is authorized
	// to see server admin panel.
	rpc UserCanSeeServerAdminPanel(UserCanSeeServerAdminPanelRequest) returns (UserCanSeeServerAdminPanelResponse) {
	option idempotency_level = NO_SIDE_EFFECTS;
	}
	// UserCanManageRepositoryContributors returns whether the user is authorized to manage
	// any contributors to the repository and the list of roles they can manage.
	rpc UserCanManageRepositoryContributors(UserCanManageRepositoryContributorsRequest) returns (UserCanManageRepositoryContributorsResponse) {
	option idempotency_level = NO_SIDE_EFFECTS;
	}
	}

	message UserCanCreateOrganizationRepositoryRequest {
	// The ID of the organization for which to check
	// whether the user is authorized.
	string organization_id = 1;
	}

	message UserCanCreateOrganizationRepositoryResponse {
	bool authorized = 1;
	}

	message UserCanSeeRepositorySettingsRequest {
	// The ID of the repository for which to check
	// whether the user is authorized.
	string repository_id = 1;
	}

	message UserCanSeeRepositorySettingsResponse {
	bool authorized = 1;
	}

	message UserCanSeeOrganizationSettingsRequest {
	// The ID of the organization for which to check
	// whether the user is authorized.
	string organization_id = 1;
	}

	message UserCanSeeOrganizationSettingsResponse {
	bool authorized = 1;
	}

	message UserCanReadPluginRequest {
	option deprecated = true;
	// The owner of the plugin.
	string owner = 1;
	// The name of the plugin.
	string name = 2;
	}

	message UserCanReadPluginResponse {
	option deprecated = true;
	bool authorized = 1;
	}

	message UserCanCreatePluginVersionRequest {
	option deprecated = true;
	// The owner of the plugin.
	string owner = 1;
	// The name of the plugin.
	string name = 2;
	}

	message UserCanCreatePluginVersionResponse {
	option deprecated = true;
	bool authorized = 1;
	}

	message UserCanCreateTemplateVersionRequest {
	option deprecated = true;
	// The owner of the template.
	string owner = 1;
	// The name of the template.
	string name = 2;
	}

	message UserCanCreateTemplateVersionResponse {
	option deprecated = true;
	bool authorized = 1;
	}

	message UserCanCreateOrganizationPluginRequest {
	option deprecated = true;
	// The ID of the organization for which to check
	// whether the user is authorized.
	string organization_id = 1;
	}

	message UserCanCreateOrganizationPluginResponse {
	option deprecated = true;
	bool authorized = 1;
	}

	message UserCanCreateOrganizationTemplateRequest {
	option deprecated = true;
	// The ID of the organization for which to check
	// whether the user is authorized.
	string organization_id = 1;
	}

	message UserCanCreateOrganizationTemplateResponse {
	option deprecated = true;
	bool authorized = 1;
	}

	message UserCanSeePluginSettingsRequest {
	option deprecated = true;
	// The owner of the plugin.
	string owner = 1;
	// The name of the plugin.
	string name = 2;
	}

	message UserCanSeePluginSettingsResponse {
	option deprecated = true;
	bool authorized = 1;
	}

	message UserCanSeeTemplateSettingsRequest {
	option deprecated = true;
	// The owner of the template.
	string owner = 1;
	// The name of the template.
	string name = 2;
	}

	message UserCanSeeTemplateSettingsResponse {
	option deprecated = true;
	bool authorized = 1;
	}

	message UserCanAddOrganizationMemberRequest {
	// The ID of the organization for which to check
	// whether the user is authorized.
	string organization_id = 1;
	}

	message UserCanAddOrganizationMemberResponse {
	// The list of roles that the user is authorized to add, empty list means the user is
	// not authorized to add any members.
	repeated OrganizationRole authorized_roles = 1;
	}

	message UserCanUpdateOrganizationMemberRequest {
	// The ID of the organization for which to check
	// whether the user is authorized.
	string organization_id = 1;
	}

	message UserCanUpdateOrganizationMemberResponse {
	// The list of roles that the user is authorized to update (from and to), empty list means the user is
	// not authorized to update any members' role.
	repeated OrganizationRole authorized_roles = 1;
	}

	message UserCanRemoveOrganizationMemberRequest {
	// The ID of the organization for which to check
	// whether the user is authorized.
	string organization_id = 1;
	}

	message UserCanRemoveOrganizationMemberResponse {
	// The list of roles that the user is authorized to remove, empty list means the user is
	// not authorized to remove any members.
	repeated OrganizationRole authorized_roles = 1;
	}

	message UserCanDeleteOrganizationRequest {
	// The ID of the organization for which to check
	// whether the user is authorized.
	string organization_id = 1;
	}

	message UserCanDeleteOrganizationResponse {
	bool authorized = 1;
	}

	message UserCanDeleteRepositoryRequest {
	// The ID of the repository for which to check
	// whether the user is authorized.
	string repository_id = 1;
	}

	message UserCanDeleteRepositoryResponse {
	bool authorized = 1;
	}

	message UserCanDeleteTemplateRequest {
	option deprecated = true;
	// The ID of the template for which to check
	// whether the user is authorized.
	string template_id = 1;
	}

	message UserCanDeleteTemplateResponse {
	option deprecated = true;
	bool authorized = 1;
	}

	message UserCanDeletePluginRequest {
	option deprecated = true;
	// The ID of the plugin for which to check
	// whether the user is authorized.
	string plugin_id = 1;
	}

	message UserCanDeletePluginResponse {
	option deprecated = true;
	bool authorized = 1;
	}

	message UserCanDeleteUserRequest {}

	message UserCanDeleteUserResponse {
	bool authorized = 1;
	}

	message UserCanSeeServerAdminPanelRequest {}

	message UserCanSeeServerAdminPanelResponse {
	bool authorized = 1;
	}

	message UserCanManageRepositoryContributorsRequest {
	// The ID of the repository for which to check
	// whether the user is authorized.
	string repository_id = 1;
	}

	message UserCanManageRepositoryContributorsResponse {
	// The list of roles that the user is authorized to manage, empty list means the user is
	// not authorized to manage any contributors.
	repeated RepositoryRole authorized_roles = 1;
	}