1
use actionable::{Action, Identifier, ResourceName};
2
use serde::{Deserialize, Serialize};
3

            
4
use crate::connection::AuthenticationMethod;
5
use crate::document::{DocumentId, KeyId};
6
use crate::schema::{CollectionName, ViewName};
7

            
8
/// The base BonsaiDb resource namespace. All database objects have this as
9
/// their first name segment.
10
#[must_use]
11
7632520
pub fn bonsaidb_resource_name<'a>() -> ResourceName<'a> {
12
7632520
    ResourceName::named("bonsaidb")
13
7632520
}
14

            
15
/// Creates a resource name with the database `name`.
16
#[must_use]
17
7619320
pub fn database_resource_name<'a>(name: impl Into<Identifier<'a>>) -> ResourceName<'a> {
18
7619320
    bonsaidb_resource_name().and(name)
19
7619320
}
20

            
21
/// Creates a resource name for a `collection` within a `database`.
22
#[must_use]
23
1968193
pub fn collection_resource_name<'a>(
24
1968193
    database: impl Into<Identifier<'a>>,
25
1968193
    collection: &CollectionName,
26
1968193
) -> ResourceName<'a> {
27
1968193
    database_resource_name(database).and(collection.to_string())
28
1968193
}
29

            
30
/// Creates a resource name for a document `id` within `collection` within `database`.
31
#[must_use]
32
1186557
pub fn document_resource_name<'a>(
33
1186557
    database: impl Into<Identifier<'a>>,
34
1186557
    collection: &CollectionName,
35
1186557
    id: &'a DocumentId,
36
1186557
) -> ResourceName<'a> {
37
1186557
    collection_resource_name(database, collection)
38
1186557
        .and("document")
39
1186557
        .and(id)
40
1186557
}
41

            
42
/// Creaets a resource name for a `view` within `database`.
43
#[must_use]
44
1171720
pub fn view_resource_name<'a>(database: &'a str, view: &'a ViewName) -> ResourceName<'a> {
45
1171720
    database_resource_name(database)
46
1171720
        .and(view.collection.to_string())
47
1171720
        .and("view")
48
1171720
        .and(view.name.as_ref())
49
1171720
}
50

            
51
/// Creates a resource name for `PubSub` `topic` within `database`.
52
#[must_use]
53
9640
pub fn pubsub_topic_resource_name<'a>(database: &'a str, topic: &'a [u8]) -> ResourceName<'a> {
54
9640
    database_resource_name(database).and("pubsub").and(topic)
55
9640
}
56

            
57
/// Creates a resource name for the key-value store in `database`.
58
#[must_use]
59
3236040
pub fn kv_resource_name(database: &str) -> ResourceName<'_> {
60
3236040
    database_resource_name(database).and("keyvalue")
61
3236040
}
62

            
63
/// Creates a resource name for `key` within `namespace` within the key-value store of `database`.
64
#[must_use]
65
3235720
pub fn keyvalue_key_resource_name<'a>(
66
3235720
    database: &'a str,
67
3235720
    namespace: Option<&'a str>,
68
3235720
    key: &'a str,
69
3235720
) -> ResourceName<'a> {
70
3235720
    kv_resource_name(database)
71
3235720
        .and(namespace.unwrap_or(""))
72
3235720
        .and(key)
73
3235720
}
74

            
75
/// Creates a resource name for encryption key `key_id`.
76
#[must_use]
77
80
pub fn encryption_key_resource_name(key_id: &KeyId) -> ResourceName<'_> {
78
80
    bonsaidb_resource_name()
79
80
        .and("vault")
80
80
        .and("key")
81
80
        .and(match key_id {
82
80
            KeyId::Master => "_master",
83
            KeyId::Id(id) => id.as_ref(),
84
            KeyId::None => unreachable!(),
85
        })
86
80
}
87

            
88
/// Creates a resource name for `user_id`.
89
#[must_use]
90
3520
pub fn user_resource_name<'a>(user_id: u64) -> ResourceName<'a> {
91
3520
    bonsaidb_resource_name().and("user").and(user_id)
92
3520
}
93

            
94
/// Creates a resource name for `role_id`.
95
#[must_use]
96
80
pub fn role_resource_name<'a>(role_id: u64) -> ResourceName<'a> {
97
80
    bonsaidb_resource_name().and("role").and(role_id)
98
80
}
99

            
100
/// Creates a resource name for `token_id`.
101
#[must_use]
102
640
pub fn authentication_token_resource_name<'a>(token_id: u64) -> ResourceName<'a> {
103
640
    bonsaidb_resource_name()
104
640
        .and("authentication-token")
105
640
        .and(token_id)
106
640
}
107

            
108
/// Actions that can be permitted within BonsaiDb.
109
3395560
#[derive(Action, Serialize, Deserialize, Clone, Copy, Debug)]
110
pub enum BonsaiAction {
111
    /// Actions that operate on a server
112
    Server(ServerAction),
113
    /// Actions that operate on a specific database.
114
    Database(DatabaseAction),
115
}
116

            
117
/// Actions that operate on a server.
118
55160
#[derive(Action, Serialize, Deserialize, Clone, Copy, Debug)]
119
pub enum ServerAction {
120
    /// Permits connecting to the server. Upon negotiating authentication, the
121
    /// effective permissions of the connected party will be checked for
122
    /// permissions to `Connect`. If not allowed, the connection will be
123
    /// terminated.
124
    Connect,
125
    /// Permits [`StorageConnection::list_available_schemas`](crate::connection::StorageConnection::list_available_schemas).
126
    ListAvailableSchemas,
127
    /// Permits [`StorageConnection::list_databases`](crate::connection::StorageConnection::list_databases).
128
    ListDatabases,
129
    /// Permits [`StorageConnection::create_database`](crate::connection::StorageConnection::create_database).
130
    CreateDatabase,
131
    /// Permits [`StorageConnection::delete_database`](crate::connection::StorageConnection::delete_database).
132
    DeleteDatabase,
133
    /// Permits [`StorageConnection::create_user`](crate::connection::StorageConnection::create_user).
134
    CreateUser,
135
    /// Permits [`StorageConnection::delete_user`](crate::connection::StorageConnection::delete_user).
136
    DeleteUser,
137
    /// Permits [`StorageConnection::set_user_password`](crate::connection::StorageConnection::set_user_password).
138
    SetPassword,
139
    /// Permits the ability to log in with a password.
140
    Authenticate(AuthenticationMethod),
141
    /// Permits the ability to assume an identity without authenticating that
142
    /// they are the identity in question.
143
    AssumeIdentity,
144
    /// Permits [`StorageConnection::add_permission_group_to_user`](crate::connection::StorageConnection::add_permission_group_to_user) and [`StorageConnection::remove_permission_group_from_user`](crate::connection::StorageConnection::remove_permission_group_from_user).
145
    ModifyUserPermissionGroups,
146
    /// Permits .
147
    /// Permits [`StorageConnection::add_role_to_user`](crate::connection::StorageConnection::add_role_to_user) and [`StorageConnection::remove_role_from_user`](crate::connection::StorageConnection::remove_role_from_user).
148
    ModifyUserRoles,
149
}
150

            
151
/// Actions that operate on a specific database.
152
3340400
#[derive(Action, Serialize, Deserialize, Clone, Copy, Debug)]
153
pub enum DatabaseAction {
154
    /// The ability to compact data to reclaim space.
155
    Compact,
156
    /// Actions that operate on a document.
157
    Document(DocumentAction),
158
    /// Actions that operate on a view.
159
    View(ViewAction),
160
    /// Actions that operate on transactions.
161
    Transaction(TransactionAction),
162
    /// Actions that operate on the `PubSub` system.
163
    PubSub(PubSubAction),
164
    /// Actions that operate on the key-value store.
165
    KeyValue(KeyValueAction),
166
}
167

            
168
/// Actions that operate on a document.
169
1230760
#[derive(Action, Serialize, Deserialize, Clone, Copy, Debug)]
170
pub enum DocumentAction {
171
    /// Allows document retrieval through
172
    /// [`Connection::get()`](crate::connection::LowLevelConnection::get) and
173
    /// [`Connection::get_multiple()`](crate::connection::LowLevelConnection::get_multiple).
174
    /// See [`document_resource_name()`] for the format of document resource
175
    /// names.
176
    Get,
177
    /// Allows listing documents through
178
    /// [`Connection::list()`](crate::connection::LowLevelConnection::list). See
179
    /// [`collection_resource_name()`] for the format of collection resource
180
    /// names.
181
    List,
182
    /// Allows listing documents through
183
    /// [`Connection::list_headers()`](crate::connection::LowLevelConnection::list_headers). See
184
    /// [`collection_resource_name()`] for the format of collection resource
185
    /// names.
186
    ListHeaders,
187
    /// Allows counting documents through
188
    /// [`Connection::count()`](crate::connection::LowLevelConnection::count). See
189
    /// [`collection_resource_name()`] for the format of collection resource
190
    /// names.
191
    Count,
192
    /// Allows inserting a document through
193
    /// [`Connection::apply_transaction()`](crate::connection::LowLevelConnection::apply_transaction).
194
    /// See [`collection_resource_name()`] for the format of collection resource
195
    /// names.
196
    Insert,
197
    /// Allows updating a document through
198
    /// [`Connection::apply_transaction()`](crate::connection::LowLevelConnection::apply_transaction).
199
    /// See [`document_resource_name()`] for the format of document resource
200
    /// names.
201
    Update,
202
    /// Allows overwriting a document by id with
203
    /// [`Connection::apply_transaction()`](crate::connection::LowLevelConnection::apply_transaction).
204
    /// No revision information will be checked. See
205
    /// [`document_resource_name()`] for the format of document resource names.
206
    Overwrite,
207
    /// Allows deleting a document through
208
    /// [`Connection::apply_transaction()`](crate::connection::LowLevelConnection::apply_transaction).
209
    /// See [`document_resource_name()`] for the format of document resource
210
    /// names.
211
    Delete,
212
}
213

            
214
/// Actions that operate on a view.
215
557480
#[derive(Action, Serialize, Deserialize, Clone, Copy, Debug)]
216
pub enum ViewAction {
217
    /// Allows querying a view with
218
    /// [`Connection::query()`](crate::connection::LowLevelConnection::query). See
219
    /// [`view_resource_name`] for the format of view resource names.
220
    Query,
221
    /// Allows reducing a view with
222
    /// [`Connection::reduce()`](crate::connection::LowLevelConnection::reduce). See
223
    /// [`view_resource_name`] for the format of view resource names.
224
    Reduce,
225
    /// Allows deleting associated docs with
226
    /// [`Connection::delete_docs()`](crate::connection::LowLevelConnection::delete_docs).
227
    /// See [`view_resource_name`] for the format of view resource names.
228
    DeleteDocs,
229
}
230

            
231
/// Actions that operate on transactions.
232
334760
#[derive(Action, Serialize, Deserialize, Clone, Copy, Debug)]
233
pub enum TransactionAction {
234
    /// Allows listing executed transactions with
235
    /// [`Connection::list_executed_transactions()`](crate::connection::Connection::list_executed_transactions).
236
    /// This action is checked against the database's resource name. See
237
    /// [`database_resource_name()`] for the format of database resource names.
238
    ListExecuted,
239
    /// Allows retrieving the last executed transaction id with
240
    /// [`Connection::last_transaction_id()`](crate::connection::Connection::last_transaction_id).
241
    /// This action is checked against the database's resource name. See
242
    /// [`database_resource_name()`] for the format of database resource names.
243
    GetLastId,
244
}
245

            
246
/// Actions that operate on the `PubSub` system.
247
4200
#[derive(Action, Serialize, Deserialize, Clone, Copy, Debug)]
248
pub enum PubSubAction {
249
    /// Allows creating a subscriber with
250
    /// [`PubSub::create_subscriber()`](crate::pubsub::PubSub::create_subscriber).
251
    /// This action is checked against the database's resource name. See
252
    /// [`database_resource_name()`] for the format of database resource names.
253
    CreateSuscriber,
254
    /// Allows publishing a payload to a `PubSub` topic with
255
    /// [`PubSub::publish()`](crate::pubsub::PubSub::publish). See
256
    /// [`pubsub_topic_resource_name()`] for the format of `PubSub` topic
257
    /// resource names.
258
    Publish,
259
    /// Allows subscribing to a `PubSub` topic with
260
    /// [`PubSub::subscribe_to()`](crate::pubsub::Subscriber::subscribe_to). See
261
    /// [`pubsub_topic_resource_name()`] for the format of `PubSub` topic
262
    /// resource names.
263
    SubscribeTo,
264
    /// Allows unsubscribing from a `PubSub` topic with
265
    /// [`PubSub::unsubscribe_from()`](crate::pubsub::Subscriber::unsubscribe_from). See
266
    /// [`pubsub_topic_resource_name()`] for the format of `PubSub` topic
267
    /// resource names.
268
    UnsubscribeFrom,
269
}
270

            
271
/// Actions that operate on the key-value store.
272
1212840
#[derive(Action, Serialize, Deserialize, Clone, Copy, Debug)]
273
pub enum KeyValueAction {
274
    /// Allows executing a key-value store operation with
275
    /// [`KeyValue::execute_key_operation()`](crate::keyvalue::KeyValue::execute_key_operation).
276
    /// See [`keyvalue_key_resource_name()`] for the format of key resource names.
277
    ExecuteOperation,
278
}
279

            
280
/// Actions that use encryption keys.
281
160
#[derive(Action, Serialize, Deserialize, Clone, Copy, Debug)]
282
pub enum EncryptionKeyAction {
283
    /// Uses a key to encrypt data.
284
    Encrypt,
285
    /// Uses a key to decrypt data.
286
    Decrypt,
287
}