syncbase: Infer id blessings and enforce on creation.

Id blessings in database, collection, and syncgroup names are
properly inferred from the context - preferring app and app:user,
falling back to ... and user. Inference fails if ambiguous
(blessings for different apps/users or no conventional blessings).

Perms are sanity checked to be non-empty, contain at least one admin,
and contain only tags relevant to the hierarchy level (DB: XRWA,
Collection: RWA, SG: RA).

Passing nil perms when creating a database or collection now defaults
to giving the creator all permissions instead of inheriting from the
parent in the hierarchy.

Implicit permissions are enforced for database, collection, and
syncgroup creation - the creator must have a blessing that matches
the blessing pattern in the id. This requirement is waived for service
admins when creating databases, but not in other cases (collection and
syncgroup metadata is synced, so the chain of trust must not be broken).

Also fixed glob (double encode step).

MultiPart: 4/4
Change-Id: I1004838ac7d8263c88f27e7968569a3c9c2cbd6f
13 files changed
tree: 80a2e6268840288de42f2b991db77aa001ecb521
  1. go/
  2. .gitignore
  3. AUTHORS
  4. CONTRIBUTING.md
  5. CONTRIBUTORS
  6. LICENSE
  7. PATENTS
  8. VERSION