forked from TheThingsNetwork/lorawan-stack
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathrights.proto
More file actions
205 lines (183 loc) · 8.54 KB
/
rights.proto
File metadata and controls
205 lines (183 loc) · 8.54 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
// Copyright © 2019 The Things Network Foundation, The Things Industries B.V.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
syntax = "proto3";
package ttn.lorawan.v3;
import "github.com/envoyproxy/protoc-gen-validate/validate/validate.proto";
import "github.com/gogo/protobuf/gogoproto/gogo.proto";
import "lorawan-stack/api/identifiers.proto";
option go_package = "go.thethings.network/lorawan-stack/v3/pkg/ttnpb";
// Right is the enum that defines all the different rights to do something in the network.
enum Right {
option (gogoproto.goproto_enum_prefix) = false;
right_invalid = 0;
// The right to view user information.
RIGHT_USER_INFO = 1;
// The right to edit basic user settings.
RIGHT_USER_SETTINGS_BASIC = 2;
// The right to view and edit user API keys.
RIGHT_USER_SETTINGS_API_KEYS = 3;
// The right to delete user account.
RIGHT_USER_DELETE = 4;
// The right to view and edit authorized OAuth clients of the user.
RIGHT_USER_AUTHORIZED_CLIENTS = 5;
// The right to list applications the user is a collaborator of.
RIGHT_USER_APPLICATIONS_LIST = 6;
// The right to create an application under the user account.
RIGHT_USER_APPLICATIONS_CREATE = 7;
// The right to list gateways the user is a collaborator of.
RIGHT_USER_GATEWAYS_LIST = 8;
// The right to create a gateway under the account of the user.
RIGHT_USER_GATEWAYS_CREATE = 9;
// The right to list OAuth clients the user is a collaborator of.
RIGHT_USER_CLIENTS_LIST = 10;
// The right to create an OAuth client under the account of the user.
RIGHT_USER_CLIENTS_CREATE = 11;
// The right to list organizations the user is a member of.
RIGHT_USER_ORGANIZATIONS_LIST = 12;
// The right to create an organization under the user account.
RIGHT_USER_ORGANIZATIONS_CREATE = 13;
// The pseudo-right for all (current and future) user rights.
RIGHT_USER_ALL = 14;
// The right to view application information.
RIGHT_APPLICATION_INFO = 15;
// The right to edit basic application settings.
RIGHT_APPLICATION_SETTINGS_BASIC = 16;
// The right to view and edit application API keys.
RIGHT_APPLICATION_SETTINGS_API_KEYS = 17;
// The right to view and edit application collaborators.
RIGHT_APPLICATION_SETTINGS_COLLABORATORS = 18;
// The right to view and edit application packages and associations.
RIGHT_APPLICATION_SETTINGS_PACKAGES = 56;
// The right to delete application.
RIGHT_APPLICATION_DELETE = 19;
// The right to view devices in application.
RIGHT_APPLICATION_DEVICES_READ = 20;
// The right to create devices in application.
RIGHT_APPLICATION_DEVICES_WRITE = 21;
// The right to view device keys in application.
// Note that keys may not be stored in a way that supports viewing them.
RIGHT_APPLICATION_DEVICES_READ_KEYS = 22;
// The right to edit device keys in application.
RIGHT_APPLICATION_DEVICES_WRITE_KEYS = 23;
// The right to read application traffic (uplink and downlink).
RIGHT_APPLICATION_TRAFFIC_READ = 24;
// The right to write uplink application traffic.
RIGHT_APPLICATION_TRAFFIC_UP_WRITE = 25;
// The right to write downlink application traffic.
RIGHT_APPLICATION_TRAFFIC_DOWN_WRITE = 26;
// The right to link as Application to a Network Server for traffic exchange,
// i.e. read uplink and write downlink (API keys only).
// This right is typically only given to an Application Server.
// This right implies RIGHT_APPLICATION_INFO.
RIGHT_APPLICATION_LINK = 27;
// The pseudo-right for all (current and future) application rights.
RIGHT_APPLICATION_ALL = 28;
// The pseudo-right for all (current and future) OAuth client rights.
RIGHT_CLIENT_ALL = 29;
// The right to view gateway information.
RIGHT_GATEWAY_INFO = 30;
// The right to edit basic gateway settings.
RIGHT_GATEWAY_SETTINGS_BASIC = 31;
// The right to view and edit gateway API keys.
RIGHT_GATEWAY_SETTINGS_API_KEYS = 32;
// The right to view and edit gateway collaborators.
RIGHT_GATEWAY_SETTINGS_COLLABORATORS = 33;
// The right to delete gateway.
RIGHT_GATEWAY_DELETE = 34;
// The right to read gateway traffic.
RIGHT_GATEWAY_TRAFFIC_READ = 35;
// The right to write downlink gateway traffic.
RIGHT_GATEWAY_TRAFFIC_DOWN_WRITE = 36;
// The right to link as Gateway to a Gateway Server for traffic exchange,
// i.e. write uplink and read downlink (API keys only)
// This right is typically only given to a gateway.
// This right implies RIGHT_GATEWAY_INFO.
RIGHT_GATEWAY_LINK = 37;
// The right to view gateway status.
RIGHT_GATEWAY_STATUS_READ = 38;
// The right to view view gateway location.
RIGHT_GATEWAY_LOCATION_READ = 39;
// The pseudo-right for all (current and future) gateway rights.
RIGHT_GATEWAY_ALL = 40;
// The right to view organization information.
RIGHT_ORGANIZATION_INFO = 41;
// The right to edit basic organization settings.
RIGHT_ORGANIZATION_SETTINGS_BASIC = 42;
// The right to view and edit organization API keys.
RIGHT_ORGANIZATION_SETTINGS_API_KEYS = 43;
// The right to view and edit organization members.
RIGHT_ORGANIZATION_SETTINGS_MEMBERS = 44;
// The right to delete organization.
RIGHT_ORGANIZATION_DELETE = 45;
// The right to list the applications the organization is a collaborator of.
RIGHT_ORGANIZATION_APPLICATIONS_LIST = 46;
// The right to create an application under the organization.
RIGHT_ORGANIZATION_APPLICATIONS_CREATE = 47;
// The right to list the gateways the organization is a collaborator of.
RIGHT_ORGANIZATION_GATEWAYS_LIST = 48;
// The right to create a gateway under the organization.
RIGHT_ORGANIZATION_GATEWAYS_CREATE = 49;
// The right to list the OAuth clients the organization is a collaborator of.
RIGHT_ORGANIZATION_CLIENTS_LIST = 50;
// The right to create an OAuth client under the organization.
RIGHT_ORGANIZATION_CLIENTS_CREATE = 51;
// The right to add the organization as a collaborator on an existing entity.
RIGHT_ORGANIZATION_ADD_AS_COLLABORATOR = 52;
// The pseudo-right for all (current and future) organization rights.
RIGHT_ORGANIZATION_ALL = 53;
// The right to send invites to new users.
// Note that this is not prefixed with "USER_"; it is not a right on the user entity.
RIGHT_SEND_INVITES = 54;
// The pseudo-right for all (current and future) possible rights.
RIGHT_ALL = 55;
}
message Rights {
repeated Right rights = 1 [(validate.rules).repeated.items.enum.defined_only = true];
}
message APIKey {
// Immutable and unique public identifier for the API key.
// Generated by the Access Server.
string id = 1 [(gogoproto.customname) = "ID"];
// Immutable and unique secret value of the API key.
// Generated by the Access Server.
string key = 2;
// User-defined (friendly) name for the API key.
string name = 3 [(validate.rules).string.max_len = 50];
// Rights that are granted to this API key.
repeated Right rights = 4 [(validate.rules).repeated.items.enum.defined_only = true];
}
message APIKeys {
repeated APIKey api_keys = 1 [(gogoproto.customname) = "APIKeys"];
}
message Collaborator {
OrganizationOrUserIdentifiers ids = 1 [(gogoproto.embed) = true, (gogoproto.nullable) = false, (validate.rules).message.required = true];
repeated Right rights = 2 [(validate.rules).repeated.items.enum.defined_only = true];
reserved 3; // reserved for future EntityIdentifiers entity = 3;
reserved 4; // reserved for future State state = 4;
reserved 5; // reserved for future google.protobuf.Timestamp created_at = 5;
reserved 6; // reserved for future google.protobuf.Timestamp updated_at = 6;
// NOTE: Keep compatible with GetCollaboratorResponse.
}
message GetCollaboratorResponse {
OrganizationOrUserIdentifiers ids = 1 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
repeated Right rights = 2;
reserved 3; // reserved for future EntityIdentifiers entity = 3;
reserved 4; // reserved for future State state = 4;
reserved 5; // reserved for future google.protobuf.Timestamp created_at = 5;
reserved 6; // reserved for future google.protobuf.Timestamp updated_at = 6;
// NOTE: Keep compatible with Collaborator.
}
message Collaborators {
repeated Collaborator collaborators = 1;
}