| |
| |
| syntax = "proto3"; |
| |
| package bufman.dubbo.apache.org.registry.v1alpha1; |
| |
| import "registry/v1alpha1/role.proto"; |
| |
| // AuthzService supplies authorization helpers. |
| service AuthzService { |
| // UserCanCreateOrganizationRepository returns whether the user is authorized |
| // to create repositories in an organization. |
| rpc UserCanCreateOrganizationRepository(UserCanCreateOrganizationRepositoryRequest) returns (UserCanCreateOrganizationRepositoryResponse) { |
| option idempotency_level = NO_SIDE_EFFECTS; |
| } |
| // UserCanSeeRepositorySettings returns whether the user is authorized |
| // to see repository settings. |
| rpc UserCanSeeRepositorySettings(UserCanSeeRepositorySettingsRequest) returns (UserCanSeeRepositorySettingsResponse) { |
| option idempotency_level = NO_SIDE_EFFECTS; |
| } |
| // UserCanSeeOrganizationSettings returns whether the user is authorized |
| // to see organization settings. |
| rpc UserCanSeeOrganizationSettings(UserCanSeeOrganizationSettingsRequest) returns (UserCanSeeOrganizationSettingsResponse) { |
| option idempotency_level = NO_SIDE_EFFECTS; |
| } |
| // UserCanReadPlugin returns whether the user has read access to the specified plugin. |
| rpc UserCanReadPlugin(UserCanReadPluginRequest) returns (UserCanReadPluginResponse) { |
| option deprecated = true; |
| option idempotency_level = NO_SIDE_EFFECTS; |
| } |
| // UserCanCreatePluginVersion returns whether the user is authorized |
| // to create a plugin version under the specified plugin. |
| rpc UserCanCreatePluginVersion(UserCanCreatePluginVersionRequest) returns (UserCanCreatePluginVersionResponse) { |
| option deprecated = true; |
| option idempotency_level = NO_SIDE_EFFECTS; |
| } |
| // UserCanCreateTemplateVersion returns whether the user is authorized |
| // to create a template version under the specified template. |
| rpc UserCanCreateTemplateVersion(UserCanCreateTemplateVersionRequest) returns (UserCanCreateTemplateVersionResponse) { |
| option deprecated = true; |
| option idempotency_level = NO_SIDE_EFFECTS; |
| } |
| // UserCanCreateOrganizationPlugin returns whether the user is authorized to create |
| // a plugin in an organization. |
| rpc UserCanCreateOrganizationPlugin(UserCanCreateOrganizationPluginRequest) returns (UserCanCreateOrganizationPluginResponse) { |
| option deprecated = true; |
| option idempotency_level = NO_SIDE_EFFECTS; |
| } |
| // UserCanCreateOrganizationPlugin returns whether the user is authorized to create |
| // a template in an organization. |
| rpc UserCanCreateOrganizationTemplate(UserCanCreateOrganizationTemplateRequest) returns (UserCanCreateOrganizationTemplateResponse) { |
| option deprecated = true; |
| option idempotency_level = NO_SIDE_EFFECTS; |
| } |
| // UserCanSeePluginSettings returns whether the user is authorized |
| // to see plugin settings. |
| rpc UserCanSeePluginSettings(UserCanSeePluginSettingsRequest) returns (UserCanSeePluginSettingsResponse) { |
| option deprecated = true; |
| option idempotency_level = NO_SIDE_EFFECTS; |
| } |
| // UserCanSeeTemplateSettings returns whether the user is authorized |
| // to see template settings. |
| rpc UserCanSeeTemplateSettings(UserCanSeeTemplateSettingsRequest) returns (UserCanSeeTemplateSettingsResponse) { |
| option deprecated = true; |
| option idempotency_level = NO_SIDE_EFFECTS; |
| } |
| // UserCanAddOrganizationMember returns whether the user is authorized to add |
| // any members to the organization and the list of roles they can add. |
| rpc UserCanAddOrganizationMember(UserCanAddOrganizationMemberRequest) returns (UserCanAddOrganizationMemberResponse) { |
| option idempotency_level = NO_SIDE_EFFECTS; |
| } |
| // UserCanUpdateOrganizationMember returns whether the user is authorized to update |
| // any members' membership information in the organization and the list of roles they can update. |
| rpc UserCanUpdateOrganizationMember(UserCanUpdateOrganizationMemberRequest) returns (UserCanUpdateOrganizationMemberResponse) { |
| option idempotency_level = NO_SIDE_EFFECTS; |
| } |
| // UserCanRemoveOrganizationMember returns whether the user is authorized to remove |
| // any members from the organization and the list of roles they can remove. |
| rpc UserCanRemoveOrganizationMember(UserCanRemoveOrganizationMemberRequest) returns (UserCanRemoveOrganizationMemberResponse) { |
| option idempotency_level = NO_SIDE_EFFECTS; |
| } |
| // UserCanDeleteOrganization returns whether the user is authorized |
| // to delete an organization. |
| rpc UserCanDeleteOrganization(UserCanDeleteOrganizationRequest) returns (UserCanDeleteOrganizationResponse) { |
| option idempotency_level = NO_SIDE_EFFECTS; |
| } |
| // UserCanDeleteRepository returns whether the user is authorized |
| // to delete a repository. |
| rpc UserCanDeleteRepository(UserCanDeleteRepositoryRequest) returns (UserCanDeleteRepositoryResponse) { |
| option idempotency_level = NO_SIDE_EFFECTS; |
| } |
| // UserCanDeleteTemplate returns whether the user is authorized |
| // to delete a template. |
| rpc UserCanDeleteTemplate(UserCanDeleteTemplateRequest) returns (UserCanDeleteTemplateResponse) { |
| option deprecated = true; |
| option idempotency_level = NO_SIDE_EFFECTS; |
| } |
| // UserCanDeletePlugin returns whether the user is authorized |
| // to delete a plugin. |
| rpc UserCanDeletePlugin(UserCanDeletePluginRequest) returns (UserCanDeletePluginResponse) { |
| option deprecated = true; |
| option idempotency_level = NO_SIDE_EFFECTS; |
| } |
| // UserCanDeleteUser returns whether the user is authorized |
| // to delete a user. |
| rpc UserCanDeleteUser(UserCanDeleteUserRequest) returns (UserCanDeleteUserResponse) { |
| option idempotency_level = NO_SIDE_EFFECTS; |
| } |
| // UserCanSeeServerAdminPanel returns whether the user is authorized |
| // to see server admin panel. |
| rpc UserCanSeeServerAdminPanel(UserCanSeeServerAdminPanelRequest) returns (UserCanSeeServerAdminPanelResponse) { |
| option idempotency_level = NO_SIDE_EFFECTS; |
| } |
| // UserCanManageRepositoryContributors returns whether the user is authorized to manage |
| // any contributors to the repository and the list of roles they can manage. |
| rpc UserCanManageRepositoryContributors(UserCanManageRepositoryContributorsRequest) returns (UserCanManageRepositoryContributorsResponse) { |
| option idempotency_level = NO_SIDE_EFFECTS; |
| } |
| } |
| |
| message UserCanCreateOrganizationRepositoryRequest { |
| // The ID of the organization for which to check |
| // whether the user is authorized. |
| string organization_id = 1; |
| } |
| |
| message UserCanCreateOrganizationRepositoryResponse { |
| bool authorized = 1; |
| } |
| |
| message UserCanSeeRepositorySettingsRequest { |
| // The ID of the repository for which to check |
| // whether the user is authorized. |
| string repository_id = 1; |
| } |
| |
| message UserCanSeeRepositorySettingsResponse { |
| bool authorized = 1; |
| } |
| |
| message UserCanSeeOrganizationSettingsRequest { |
| // The ID of the organization for which to check |
| // whether the user is authorized. |
| string organization_id = 1; |
| } |
| |
| message UserCanSeeOrganizationSettingsResponse { |
| bool authorized = 1; |
| } |
| |
| message UserCanReadPluginRequest { |
| option deprecated = true; |
| // The owner of the plugin. |
| string owner = 1; |
| // The name of the plugin. |
| string name = 2; |
| } |
| |
| message UserCanReadPluginResponse { |
| option deprecated = true; |
| bool authorized = 1; |
| } |
| |
| message UserCanCreatePluginVersionRequest { |
| option deprecated = true; |
| // The owner of the plugin. |
| string owner = 1; |
| // The name of the plugin. |
| string name = 2; |
| } |
| |
| message UserCanCreatePluginVersionResponse { |
| option deprecated = true; |
| bool authorized = 1; |
| } |
| |
| message UserCanCreateTemplateVersionRequest { |
| option deprecated = true; |
| // The owner of the template. |
| string owner = 1; |
| // The name of the template. |
| string name = 2; |
| } |
| |
| message UserCanCreateTemplateVersionResponse { |
| option deprecated = true; |
| bool authorized = 1; |
| } |
| |
| message UserCanCreateOrganizationPluginRequest { |
| option deprecated = true; |
| // The ID of the organization for which to check |
| // whether the user is authorized. |
| string organization_id = 1; |
| } |
| |
| message UserCanCreateOrganizationPluginResponse { |
| option deprecated = true; |
| bool authorized = 1; |
| } |
| |
| message UserCanCreateOrganizationTemplateRequest { |
| option deprecated = true; |
| // The ID of the organization for which to check |
| // whether the user is authorized. |
| string organization_id = 1; |
| } |
| |
| message UserCanCreateOrganizationTemplateResponse { |
| option deprecated = true; |
| bool authorized = 1; |
| } |
| |
| message UserCanSeePluginSettingsRequest { |
| option deprecated = true; |
| // The owner of the plugin. |
| string owner = 1; |
| // The name of the plugin. |
| string name = 2; |
| } |
| |
| message UserCanSeePluginSettingsResponse { |
| option deprecated = true; |
| bool authorized = 1; |
| } |
| |
| message UserCanSeeTemplateSettingsRequest { |
| option deprecated = true; |
| // The owner of the template. |
| string owner = 1; |
| // The name of the template. |
| string name = 2; |
| } |
| |
| message UserCanSeeTemplateSettingsResponse { |
| option deprecated = true; |
| bool authorized = 1; |
| } |
| |
| message UserCanAddOrganizationMemberRequest { |
| // The ID of the organization for which to check |
| // whether the user is authorized. |
| string organization_id = 1; |
| } |
| |
| message UserCanAddOrganizationMemberResponse { |
| // The list of roles that the user is authorized to add, empty list means the user is |
| // not authorized to add any members. |
| repeated OrganizationRole authorized_roles = 1; |
| } |
| |
| message UserCanUpdateOrganizationMemberRequest { |
| // The ID of the organization for which to check |
| // whether the user is authorized. |
| string organization_id = 1; |
| } |
| |
| message UserCanUpdateOrganizationMemberResponse { |
| // The list of roles that the user is authorized to update (from and to), empty list means the user is |
| // not authorized to update any members' role. |
| repeated OrganizationRole authorized_roles = 1; |
| } |
| |
| message UserCanRemoveOrganizationMemberRequest { |
| // The ID of the organization for which to check |
| // whether the user is authorized. |
| string organization_id = 1; |
| } |
| |
| message UserCanRemoveOrganizationMemberResponse { |
| // The list of roles that the user is authorized to remove, empty list means the user is |
| // not authorized to remove any members. |
| repeated OrganizationRole authorized_roles = 1; |
| } |
| |
| message UserCanDeleteOrganizationRequest { |
| // The ID of the organization for which to check |
| // whether the user is authorized. |
| string organization_id = 1; |
| } |
| |
| message UserCanDeleteOrganizationResponse { |
| bool authorized = 1; |
| } |
| |
| message UserCanDeleteRepositoryRequest { |
| // The ID of the repository for which to check |
| // whether the user is authorized. |
| string repository_id = 1; |
| } |
| |
| message UserCanDeleteRepositoryResponse { |
| bool authorized = 1; |
| } |
| |
| message UserCanDeleteTemplateRequest { |
| option deprecated = true; |
| // The ID of the template for which to check |
| // whether the user is authorized. |
| string template_id = 1; |
| } |
| |
| message UserCanDeleteTemplateResponse { |
| option deprecated = true; |
| bool authorized = 1; |
| } |
| |
| message UserCanDeletePluginRequest { |
| option deprecated = true; |
| // The ID of the plugin for which to check |
| // whether the user is authorized. |
| string plugin_id = 1; |
| } |
| |
| message UserCanDeletePluginResponse { |
| option deprecated = true; |
| bool authorized = 1; |
| } |
| |
| message UserCanDeleteUserRequest {} |
| |
| message UserCanDeleteUserResponse { |
| bool authorized = 1; |
| } |
| |
| message UserCanSeeServerAdminPanelRequest {} |
| |
| message UserCanSeeServerAdminPanelResponse { |
| bool authorized = 1; |
| } |
| |
| message UserCanManageRepositoryContributorsRequest { |
| // The ID of the repository for which to check |
| // whether the user is authorized. |
| string repository_id = 1; |
| } |
| |
| message UserCanManageRepositoryContributorsResponse { |
| // The list of roles that the user is authorized to manage, empty list means the user is |
| // not authorized to manage any contributors. |
| repeated RepositoryRole authorized_roles = 1; |
| } |