| // Copyright 2015 The Vanadium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style |
| // license that can be found in the LICENSE file. |
| |
| // This file was auto-generated by the vanadium vdl tool. |
| var vdl = require('vanadium').vdl; |
| var canonicalize = require('vanadium').vdl.canonicalize; |
| |
| |
| |
| |
| |
| var access = require('./../../security/access'); |
| |
| module.exports = {}; |
| |
| |
| |
| // Types: |
| |
| |
| |
| |
| // Consts: |
| |
| |
| |
| // Errors: |
| |
| |
| |
| // Services: |
| |
| |
| |
| function Object(){} |
| module.exports.Object = Object; |
| |
| |
| |
| Object.prototype.setPermissions = function(ctx, serverCall, perms, version) { |
| throw new Error('Method SetPermissions not implemented'); |
| }; |
| |
| |
| Object.prototype.getPermissions = function(ctx, serverCall) { |
| throw new Error('Method GetPermissions not implemented'); |
| }; |
| |
| |
| |
| Object.prototype._serviceDescription = { |
| name: 'Object', |
| pkgPath: 'v.io/v23/services/permissions', |
| doc: "// Object provides access control for Vanadium objects.\n//\n// Vanadium services implementing dynamic access control would typically embed\n// this interface and tag additional methods defined by the service with one of\n// Admin, Read, Write, Resolve etc. For example, the VDL definition of the\n// object would be:\n//\n// package mypackage\n//\n// import \"v.io/v23/security/access\"\n// import \"v.io/v23/services/permissions\"\n//\n// type MyObject interface {\n// permissions.Object\n// MyRead() (string, error) {access.Read}\n// MyWrite(string) error {access.Write}\n// }\n//\n// If the set of pre-defined tags is insufficient, services may define their\n// own tag type and annotate all methods with this new type.\n//\n// Instead of embedding this Object interface, define SetPermissions and\n// GetPermissions in their own interface. Authorization policies will typically\n// respect annotations of a single type. For example, the VDL definition of an\n// object would be:\n//\n// package mypackage\n//\n// import \"v.io/v23/security/access\"\n//\n// type MyTag string\n//\n// const (\n// Blue = MyTag(\"Blue\")\n// Red = MyTag(\"Red\")\n// )\n//\n// type MyObject interface {\n// MyMethod() (string, error) {Blue}\n//\n// // Allow clients to change access via the access.Object interface:\n// SetPermissions(perms access.Permissions, version string) error {Red}\n// GetPermissions() (perms access.Permissions, version string, err error) {Blue}\n// }", |
| embeds: [], |
| methods: [ |
| |
| |
| { |
| name: 'SetPermissions', |
| doc: "// SetPermissions replaces the current Permissions for an object. version\n// allows for optional, optimistic concurrency control. If non-empty,\n// version's value must come from GetPermissions. If any client has\n// successfully called SetPermissions in the meantime, the version will be\n// stale and SetPermissions will fail. If empty, SetPermissions performs an\n// unconditional update.\n//\n// Permissions objects are expected to be small. It is up to the\n// implementation to define the exact limit, though it should probably be\n// around 100KB. Large lists of principals can be represented concisely using\n// blessings.\n//\n// There is some ambiguity when calling SetPermissions on a mount point.\n// Does it affect the mount itself or does it affect the service endpoint\n// that the mount points to? The chosen behavior is that it affects the\n// service endpoint. To modify the mount point's Permissions, use\n// ResolveToMountTable to get an endpoint and call SetPermissions on that.\n// This means that clients must know when a name refers to a mount point to\n// change its Permissions.", |
| inArgs: [{ |
| name: 'perms', |
| doc: "", |
| type: new access.Permissions()._type |
| }, |
| { |
| name: 'version', |
| doc: "", |
| type: vdl.types.STRING |
| }, |
| ], |
| outArgs: [], |
| inStream: null, |
| outStream: null, |
| tags: [canonicalize.reduce(new access.Tag("Admin", true), new access.Tag()._type), ] |
| }, |
| |
| |
| { |
| name: 'GetPermissions', |
| doc: "// GetPermissions returns the complete, current Permissions for an object. The\n// returned version can be passed to a subsequent call to SetPermissions for\n// optimistic concurrency control. A successful call to SetPermissions will\n// invalidate version, and the client must call GetPermissions again to get\n// the current version.", |
| inArgs: [], |
| outArgs: [{ |
| name: 'perms', |
| doc: "", |
| type: new access.Permissions()._type |
| }, |
| { |
| name: 'version', |
| doc: "", |
| type: vdl.types.STRING |
| }, |
| ], |
| inStream: null, |
| outStream: null, |
| tags: [canonicalize.reduce(new access.Tag("Admin", true), new access.Tag()._type), ] |
| }, |
| |
| ] |
| }; |
| |
| |
| |
| |
| |