| commit | f2f1a0593eb683566fac164a81a6af8419baf2b9 | [log] [tgz] |
|---|---|---|
| author | Ivan Pilat <ivanpi@google.com> | Fri Jun 03 16:24:39 2016 -0700 |
| committer | Ivan Pilat <ivanpi@google.com> | Fri Jun 03 23:56:11 2016 +0000 |
| tree | 23b821abc41ffad0bdba7de52656490afdc06098 | |
| parent | e87d5c31e5298e9a333ffc9c764159a3417ee9e5 [diff] |
syncbase: Infer id blessings and enforce on creation. Id blessings in database, collection, and syncgroup names are properly inferred from the context - preferring app and app:user, falling back to ... and user. Inference fails if ambiguous (blessings for different apps/users or no conventional blessings). Perms are sanity checked to be non-empty, contain at least one admin, and contain only tags relevant to the hierarchy level (DB: XRWA, Collection: RWA, SG: RA). Passing nil perms when creating a database or collection now defaults to giving the creator all permissions instead of inheriting from the parent in the hierarchy. Implicit permissions are enforced for database, collection, and syncgroup creation - the creator must have a blessing that matches the blessing pattern in the id. This requirement is waived for service admins when creating databases, but not in other cases (collection and syncgroup metadata is synced, so the chain of trust must not be broken). Also fixed glob (double encode step). MultiPart: 2/4 Change-Id: I4cf99ef2c9644bfe6b4bfe0888b7662cd631e4d5
This repository contains a reference implementation of the Vanadium APIs.
Unlike the APIs in https://github.com/vanadium/go.v23, which promises to provide backward compatibility this repository makes no such promises.