github.com/juju/juju@v0.0.0-20240327075706-a90865de2538/core/permission/access.go (about) 1 // Copyright 2016 Canonical Ltd. 2 // Licensed under the AGPLv3, see LICENCE file for details. 3 4 package permission 5 6 import "github.com/juju/errors" 7 8 // Access represents a level of access. 9 type Access string 10 11 const ( 12 // NoAccess allows a user no permissions at all. 13 NoAccess Access = "" 14 15 // Model Permissions 16 17 // ReadAccess allows a user to read information about a permission subject, 18 // without being able to make any changes. 19 ReadAccess Access = "read" 20 21 // WriteAccess allows a user to make changes to a permission subject. 22 WriteAccess Access = "write" 23 24 // ConsumeAccess allows a user to consume a permission subject. 25 ConsumeAccess Access = "consume" 26 27 // AdminAccess allows a user full control over the subject. 28 AdminAccess Access = "admin" 29 30 // Controller permissions 31 32 // LoginAccess allows a user to log-ing into the subject. 33 LoginAccess Access = "login" 34 35 // AddModelAccess allows user to add new models in subjects supporting it. 36 AddModelAccess Access = "add-model" 37 38 // SuperuserAccess allows user unrestricted permissions in the subject. 39 SuperuserAccess Access = "superuser" 40 ) 41 42 var AllAccessLevels = []Access{NoAccess, ReadAccess, WriteAccess, ConsumeAccess, AdminAccess, LoginAccess, AddModelAccess, SuperuserAccess} 43 44 // Validate returns error if the current is not a valid access level. 45 func (a Access) Validate() error { 46 switch a { 47 case NoAccess, AdminAccess, ReadAccess, WriteAccess, 48 LoginAccess, AddModelAccess, SuperuserAccess, ConsumeAccess: 49 return nil 50 } 51 return errors.NotValidf("access level %s", a) 52 } 53 54 // ValidateModelAccess returns error if the passed access is not a valid 55 // model access level. 56 func ValidateModelAccess(access Access) error { 57 switch access { 58 case ReadAccess, WriteAccess, AdminAccess: 59 return nil 60 } 61 return errors.NotValidf("%q model access", access) 62 } 63 64 // ValidateOfferAccess returns error if the passed access is not a valid 65 // offer access level. 66 func ValidateOfferAccess(access Access) error { 67 switch access { 68 case ReadAccess, ConsumeAccess, AdminAccess: 69 return nil 70 } 71 return errors.NotValidf("%q offer access", access) 72 } 73 74 // ValidateCloudAccess returns error if the passed access is not a valid 75 // cloud access level. 76 func ValidateCloudAccess(access Access) error { 77 switch access { 78 case AddModelAccess, AdminAccess: 79 return nil 80 } 81 return errors.NotValidf("%q cloud access", access) 82 } 83 84 // ValidateControllerAccess returns error if the passed access is not a valid 85 // controller access level. 86 func ValidateControllerAccess(access Access) error { 87 switch access { 88 case LoginAccess, SuperuserAccess: 89 return nil 90 } 91 return errors.NotValidf("%q controller access", access) 92 } 93 94 func (a Access) controllerValue() int { 95 switch a { 96 case NoAccess: 97 return 0 98 case LoginAccess: 99 return 1 100 case SuperuserAccess: 101 return 2 102 default: 103 return -1 104 } 105 } 106 107 func (a Access) cloudValue() int { 108 switch a { 109 case AddModelAccess: 110 return 0 111 case AdminAccess: 112 return 1 113 default: 114 return -1 115 } 116 } 117 118 func (a Access) modelValue() int { 119 switch a { 120 case NoAccess: 121 return 0 122 case ReadAccess: 123 return 1 124 case WriteAccess: 125 return 2 126 case AdminAccess: 127 return 3 128 default: 129 return -1 130 } 131 } 132 133 // EqualOrGreaterModelAccessThan returns true if the current access is equal 134 // or greater than the passed in access level. 135 func (a Access) EqualOrGreaterModelAccessThan(access Access) bool { 136 v1, v2 := a.modelValue(), access.modelValue() 137 if v1 < 0 || v2 < 0 { 138 return false 139 } 140 return v1 >= v2 141 } 142 143 // GreaterModelAccessThan returns true if the current access is greater than 144 // the passed in access level. 145 func (a Access) GreaterModelAccessThan(access Access) bool { 146 v1, v2 := a.modelValue(), access.modelValue() 147 if v1 < 0 || v2 < 0 { 148 return false 149 } 150 return v1 > v2 151 } 152 153 // EqualOrGreaterControllerAccessThan returns true if the current access is 154 // equal or greater than the passed in access level. 155 func (a Access) EqualOrGreaterControllerAccessThan(access Access) bool { 156 v1, v2 := a.controllerValue(), access.controllerValue() 157 if v1 < 0 || v2 < 0 { 158 return false 159 } 160 return v1 >= v2 161 } 162 163 // GreaterControllerAccessThan returns true if the current access is 164 // greater than the passed in access level. 165 func (a Access) GreaterControllerAccessThan(access Access) bool { 166 v1, v2 := a.controllerValue(), access.controllerValue() 167 if v1 < 0 || v2 < 0 { 168 return false 169 } 170 return v1 > v2 171 } 172 173 // EqualOrGreaterCloudAccessThan returns true if the current access is 174 // equal or greater than the passed in access level. 175 func (a Access) EqualOrGreaterCloudAccessThan(access Access) bool { 176 v1, v2 := a.cloudValue(), access.cloudValue() 177 if v1 < 0 || v2 < 0 { 178 return false 179 } 180 return v1 >= v2 181 } 182 183 func (a Access) offerValue() int { 184 switch a { 185 case NoAccess: 186 return 0 187 case ReadAccess: 188 return 1 189 case ConsumeAccess: 190 return 2 191 case AdminAccess: 192 return 3 193 default: 194 return -1 195 } 196 } 197 198 // EqualOrGreaterOfferAccessThan returns true if the current access is 199 // equal or greater than the passed in access level. 200 func (a Access) EqualOrGreaterOfferAccessThan(access Access) bool { 201 v1, v2 := a.offerValue(), access.offerValue() 202 if v1 < 0 || v2 < 0 { 203 return false 204 } 205 return v1 >= v2 206 } 207 208 // GreaterOfferAccessThan returns true if the current access is 209 // greater than the passed in access level. 210 func (a Access) GreaterOfferAccessThan(access Access) bool { 211 v1, v2 := a.offerValue(), access.offerValue() 212 if v1 < 0 || v2 < 0 { 213 return false 214 } 215 return v1 > v2 216 }