From 7577c14d5f3570af9c9d19d2b3ec23c420c4d0e7 Mon Sep 17 00:00:00 2001 From: mcrakhman Date: Fri, 23 Jun 2023 16:16:26 +0200 Subject: [PATCH] Add state apply changes --- .../object/acl/aclrecordproto/aclrecord.pb.go | 407 ++++++++++++------ .../acl/aclrecordproto/protos/aclrecord.proto | 13 +- .../object/acl/list/aclrecordbuilder.go | 5 +- commonspace/object/acl/list/aclstate.go | 179 ++++++-- commonspace/object/acl/list/models.go | 6 +- commonspace/object/acl/list/validator.go | 5 +- 6 files changed, 428 insertions(+), 187 deletions(-) diff --git a/commonspace/object/acl/aclrecordproto/aclrecord.pb.go b/commonspace/object/acl/aclrecordproto/aclrecord.pb.go index d7abb519..9bb5eab4 100644 --- a/commonspace/object/acl/aclrecordproto/aclrecord.pb.go +++ b/commonspace/object/acl/aclrecordproto/aclrecord.pb.go @@ -449,9 +449,10 @@ func (m *AclAccountRequestJoin) GetMetadata() []byte { // AclAccountRequestAccept contains the reference to join record and all read keys, encrypted with the identity of the requestor type AclAccountRequestAccept struct { - Identity []byte `protobuf:"bytes,1,opt,name=identity,proto3" json:"identity,omitempty"` - RequestRecordId string `protobuf:"bytes,2,opt,name=requestRecordId,proto3" json:"requestRecordId,omitempty"` - EncryptedReadKeys []byte `protobuf:"bytes,3,opt,name=encryptedReadKeys,proto3" json:"encryptedReadKeys,omitempty"` + Identity []byte `protobuf:"bytes,1,opt,name=identity,proto3" json:"identity,omitempty"` + RequestRecordId string `protobuf:"bytes,2,opt,name=requestRecordId,proto3" json:"requestRecordId,omitempty"` + EncryptedReadKeys []byte `protobuf:"bytes,3,opt,name=encryptedReadKeys,proto3" json:"encryptedReadKeys,omitempty"` + Permissions AclUserPermissions `protobuf:"varint,4,opt,name=permissions,proto3,enum=aclrecord.AclUserPermissions" json:"permissions,omitempty"` } func (m *AclAccountRequestAccept) Reset() { *m = AclAccountRequestAccept{} } @@ -508,6 +509,13 @@ func (m *AclAccountRequestAccept) GetEncryptedReadKeys() []byte { return nil } +func (m *AclAccountRequestAccept) GetPermissions() AclUserPermissions { + if m != nil { + return m.Permissions + } + return AclUserPermissions_None +} + // AclAccountRequestDecline contains the reference to join record type AclAccountRequestDecline struct { RequestRecordId string `protobuf:"bytes,1,opt,name=requestRecordId,proto3" json:"requestRecordId,omitempty"` @@ -600,7 +608,7 @@ func (m *AclAccountInviteRevoke) GetInviteRecordId() string { // AclReadKeys are all read keys in Acl type AclReadKeys struct { - ReadKey [][]byte `protobuf:"bytes,1,rep,name=readKey,proto3" json:"readKey,omitempty"` + ReadKeys map[string][]byte `protobuf:"bytes,1,rep,name=readKeys,proto3" json:"readKeys,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` } func (m *AclReadKeys) Reset() { *m = AclReadKeys{} } @@ -636,31 +644,31 @@ func (m *AclReadKeys) XXX_DiscardUnknown() { var xxx_messageInfo_AclReadKeys proto.InternalMessageInfo -func (m *AclReadKeys) GetReadKey() [][]byte { +func (m *AclReadKeys) GetReadKeys() map[string][]byte { if m != nil { - return m.ReadKey + return m.ReadKeys } return nil } -// AclEncryptedReadKeys are all keys for specific identity -type AclEncryptedReadKeys struct { - Identity []byte `protobuf:"bytes,1,opt,name=identity,proto3" json:"identity,omitempty"` - EncryptedReadKeys []byte `protobuf:"bytes,2,opt,name=encryptedReadKeys,proto3" json:"encryptedReadKeys,omitempty"` +// AclEncryptedReadKeys are new key for specific identity +type AclEncryptedReadKey struct { + Identity []byte `protobuf:"bytes,1,opt,name=identity,proto3" json:"identity,omitempty"` + EncryptedReadKey []byte `protobuf:"bytes,2,opt,name=encryptedReadKey,proto3" json:"encryptedReadKey,omitempty"` } -func (m *AclEncryptedReadKeys) Reset() { *m = AclEncryptedReadKeys{} } -func (m *AclEncryptedReadKeys) String() string { return proto.CompactTextString(m) } -func (*AclEncryptedReadKeys) ProtoMessage() {} -func (*AclEncryptedReadKeys) Descriptor() ([]byte, []int) { +func (m *AclEncryptedReadKey) Reset() { *m = AclEncryptedReadKey{} } +func (m *AclEncryptedReadKey) String() string { return proto.CompactTextString(m) } +func (*AclEncryptedReadKey) ProtoMessage() {} +func (*AclEncryptedReadKey) Descriptor() ([]byte, []int) { return fileDescriptor_c8e9f754f34e929b, []int{10} } -func (m *AclEncryptedReadKeys) XXX_Unmarshal(b []byte) error { +func (m *AclEncryptedReadKey) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) } -func (m *AclEncryptedReadKeys) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { +func (m *AclEncryptedReadKey) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { if deterministic { - return xxx_messageInfo_AclEncryptedReadKeys.Marshal(b, m, deterministic) + return xxx_messageInfo_AclEncryptedReadKey.Marshal(b, m, deterministic) } else { b = b[:cap(b)] n, err := m.MarshalToSizedBuffer(b) @@ -670,28 +678,28 @@ func (m *AclEncryptedReadKeys) XXX_Marshal(b []byte, deterministic bool) ([]byte return b[:n], nil } } -func (m *AclEncryptedReadKeys) XXX_Merge(src proto.Message) { - xxx_messageInfo_AclEncryptedReadKeys.Merge(m, src) +func (m *AclEncryptedReadKey) XXX_Merge(src proto.Message) { + xxx_messageInfo_AclEncryptedReadKey.Merge(m, src) } -func (m *AclEncryptedReadKeys) XXX_Size() int { +func (m *AclEncryptedReadKey) XXX_Size() int { return m.Size() } -func (m *AclEncryptedReadKeys) XXX_DiscardUnknown() { - xxx_messageInfo_AclEncryptedReadKeys.DiscardUnknown(m) +func (m *AclEncryptedReadKey) XXX_DiscardUnknown() { + xxx_messageInfo_AclEncryptedReadKey.DiscardUnknown(m) } -var xxx_messageInfo_AclEncryptedReadKeys proto.InternalMessageInfo +var xxx_messageInfo_AclEncryptedReadKey proto.InternalMessageInfo -func (m *AclEncryptedReadKeys) GetIdentity() []byte { +func (m *AclEncryptedReadKey) GetIdentity() []byte { if m != nil { return m.Identity } return nil } -func (m *AclEncryptedReadKeys) GetEncryptedReadKeys() []byte { +func (m *AclEncryptedReadKey) GetEncryptedReadKey() []byte { if m != nil { - return m.EncryptedReadKeys + return m.EncryptedReadKey } return nil } @@ -751,7 +759,7 @@ func (m *AclAccountPermissionChange) GetPermissions() AclUserPermissions { // AclReadKeyChange changes the key for a space type AclReadKeyChange struct { - AccountKeys []*AclEncryptedReadKeys `protobuf:"bytes,1,rep,name=accountKeys,proto3" json:"accountKeys,omitempty"` + AccountKeys []*AclEncryptedReadKey `protobuf:"bytes,1,rep,name=accountKeys,proto3" json:"accountKeys,omitempty"` } func (m *AclReadKeyChange) Reset() { *m = AclReadKeyChange{} } @@ -787,7 +795,7 @@ func (m *AclReadKeyChange) XXX_DiscardUnknown() { var xxx_messageInfo_AclReadKeyChange proto.InternalMessageInfo -func (m *AclReadKeyChange) GetAccountKeys() []*AclEncryptedReadKeys { +func (m *AclReadKeyChange) GetAccountKeys() []*AclEncryptedReadKey { if m != nil { return m.AccountKeys } @@ -796,8 +804,8 @@ func (m *AclReadKeyChange) GetAccountKeys() []*AclEncryptedReadKeys { // AclAccountRemove removes an account and changes read key for space type AclAccountRemove struct { - Identity []byte `protobuf:"bytes,1,opt,name=identity,proto3" json:"identity,omitempty"` - AccountKeys []*AclEncryptedReadKeys `protobuf:"bytes,2,rep,name=accountKeys,proto3" json:"accountKeys,omitempty"` + Identity []byte `protobuf:"bytes,1,opt,name=identity,proto3" json:"identity,omitempty"` + AccountKeys []*AclEncryptedReadKey `protobuf:"bytes,2,rep,name=accountKeys,proto3" json:"accountKeys,omitempty"` } func (m *AclAccountRemove) Reset() { *m = AclAccountRemove{} } @@ -840,7 +848,7 @@ func (m *AclAccountRemove) GetIdentity() []byte { return nil } -func (m *AclAccountRemove) GetAccountKeys() []*AclEncryptedReadKeys { +func (m *AclAccountRemove) GetAccountKeys() []*AclEncryptedReadKey { if m != nil { return m.AccountKeys } @@ -1231,7 +1239,8 @@ func init() { proto.RegisterType((*AclAccountRequestDecline)(nil), "aclrecord.AclAccountRequestDecline") proto.RegisterType((*AclAccountInviteRevoke)(nil), "aclrecord.AclAccountInviteRevoke") proto.RegisterType((*AclReadKeys)(nil), "aclrecord.AclReadKeys") - proto.RegisterType((*AclEncryptedReadKeys)(nil), "aclrecord.AclEncryptedReadKeys") + proto.RegisterMapType((map[string][]byte)(nil), "aclrecord.AclReadKeys.ReadKeysEntry") + proto.RegisterType((*AclEncryptedReadKey)(nil), "aclrecord.AclEncryptedReadKey") proto.RegisterType((*AclAccountPermissionChange)(nil), "aclrecord.AclAccountPermissionChange") proto.RegisterType((*AclReadKeyChange)(nil), "aclrecord.AclReadKeyChange") proto.RegisterType((*AclAccountRemove)(nil), "aclrecord.AclAccountRemove") @@ -1247,67 +1256,70 @@ func init() { } var fileDescriptor_c8e9f754f34e929b = []byte{ - // 958 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x9c, 0x56, 0xdd, 0x6e, 0x1b, 0x45, - 0x14, 0xde, 0x75, 0x1c, 0x3b, 0x3e, 0x9b, 0xb8, 0x66, 0x80, 0xd6, 0x0a, 0xc5, 0x84, 0x45, 0x85, - 0xaa, 0x42, 0x0d, 0x32, 0x42, 0x54, 0x08, 0x51, 0xb6, 0x49, 0x85, 0x1d, 0x28, 0xa0, 0x89, 0x4a, - 0xa5, 0x5e, 0x31, 0x9d, 0x1d, 0xa5, 0x0b, 0xbb, 0x3b, 0x9b, 0xd9, 0xb1, 0x2b, 0x3f, 0x04, 0x12, - 0x8f, 0xc0, 0x8b, 0x70, 0xcf, 0x65, 0x6e, 0x90, 0x10, 0x57, 0x28, 0x79, 0x11, 0x34, 0x33, 0xbb, - 0xde, 0xdf, 0x58, 0x88, 0x8b, 0xc4, 0x33, 0x67, 0xce, 0xf9, 0xce, 0x77, 0x7e, 0x6d, 0xf8, 0x9c, - 0xf2, 0x28, 0xe2, 0x71, 0x9a, 0x10, 0xca, 0x0e, 0xf9, 0x8b, 0x9f, 0x18, 0x95, 0x87, 0x84, 0x86, - 0xea, 0x4f, 0x30, 0xca, 0x85, 0x9f, 0x08, 0x2e, 0xf9, 0xa1, 0xfe, 0x9f, 0x16, 0xd2, 0xfb, 0x5a, - 0x80, 0x06, 0x6b, 0x81, 0xfb, 0x9b, 0x0d, 0xbb, 0x98, 0xbc, 0xf2, 0x68, 0x88, 0xb5, 0x00, 0x8d, - 0xa1, 0x9f, 0x90, 0x55, 0xc8, 0x89, 0x3f, 0xb6, 0x0f, 0xec, 0xbb, 0xbb, 0x38, 0xbf, 0xa2, 0xdb, - 0x30, 0x48, 0x83, 0xb3, 0x98, 0xc8, 0x85, 0x60, 0xe3, 0x8e, 0x7e, 0x2b, 0x04, 0xe8, 0x1e, 0x8c, - 0x08, 0xa5, 0x2c, 0x91, 0x5c, 0xcc, 0x7d, 0x16, 0xcb, 0x40, 0xae, 0xc6, 0x5b, 0x5a, 0xa9, 0x21, - 0x47, 0x1f, 0xc2, 0x6b, 0xb9, 0xec, 0x74, 0x8d, 0xd8, 0xd5, 0xca, 0xcd, 0x07, 0xf7, 0x0b, 0x40, - 0x65, 0x86, 0xcf, 0x02, 0xf9, 0x72, 0xbe, 0x89, 0xe7, 0x10, 0x3a, 0x81, 0xaf, 0x09, 0x0e, 0x70, - 0x27, 0xf0, 0xdd, 0x73, 0x18, 0x14, 0xe1, 0xdd, 0x84, 0x5e, 0x22, 0xd8, 0x72, 0x6e, 0xac, 0x06, - 0x38, 0xbb, 0xa1, 0x7d, 0xd8, 0x09, 0x72, 0xda, 0x26, 0xb6, 0xf5, 0x1d, 0x21, 0xe8, 0xfa, 0x44, - 0x92, 0x2c, 0x1c, 0x7d, 0x56, 0xc9, 0x90, 0x41, 0xc4, 0x52, 0x49, 0xa2, 0x44, 0x53, 0xdf, 0xc2, - 0x85, 0xc0, 0xfd, 0xd3, 0x86, 0xbe, 0xf2, 0xc9, 0xb9, 0xac, 0x20, 0xdb, 0x35, 0xe4, 0xdb, 0x30, - 0x88, 0x48, 0x2a, 0x99, 0xf8, 0x9a, 0xe5, 0x6e, 0x0b, 0x81, 0x0a, 0x51, 0x17, 0x78, 0xee, 0x6b, - 0xd7, 0x03, 0x9c, 0x5f, 0x55, 0xb2, 0x59, 0x4c, 0xc5, 0x2a, 0x91, 0xcc, 0xc7, 0x8c, 0xf8, 0xca, - 0xdc, 0xe4, 0xaf, 0x21, 0xaf, 0x32, 0xdd, 0xae, 0x31, 0x55, 0xa5, 0xc8, 0xd9, 0x14, 0xa5, 0xe8, - 0x99, 0x52, 0x34, 0x1e, 0xdc, 0x8f, 0x60, 0xe4, 0xd1, 0xd0, 0xa3, 0x94, 0x2f, 0x62, 0x39, 0x8f, - 0x97, 0x81, 0x64, 0x0a, 0x3f, 0xd0, 0x27, 0x45, 0xc2, 0x04, 0x58, 0x08, 0xdc, 0xdf, 0x6d, 0x78, - 0xb3, 0x30, 0xc1, 0xec, 0x7c, 0xc1, 0x52, 0x79, 0xc2, 0x83, 0x18, 0xbd, 0x0f, 0x43, 0xa3, 0x36, - 0xaf, 0x66, 0xa7, 0x26, 0x2d, 0xf4, 0x4c, 0x05, 0xe7, 0x79, 0x69, 0x6b, 0x52, 0xf4, 0x00, 0x6e, - 0x55, 0x2d, 0x8b, 0x78, 0x4c, 0xe1, 0xae, 0x7b, 0x56, 0x15, 0x8a, 0x98, 0x24, 0xba, 0xc6, 0x26, - 0x8b, 0xeb, 0xbb, 0xfb, 0x8b, 0x0d, 0xb7, 0x1a, 0xfc, 0x3d, 0xdd, 0xa3, 0x1b, 0x2b, 0x7b, 0x17, - 0x6e, 0x08, 0xa3, 0x5c, 0xa3, 0x5d, 0x17, 0xab, 0x0a, 0xd4, 0x6b, 0x96, 0x66, 0x8c, 0x9b, 0x0f, - 0xee, 0x31, 0x8c, 0x1b, 0x74, 0x8e, 0x19, 0x0d, 0x83, 0x98, 0xb5, 0xf9, 0xb4, 0x5b, 0x7d, 0xba, - 0x5f, 0xc2, 0xcd, 0x7a, 0x1d, 0x31, 0x5b, 0xf2, 0x9f, 0x59, 0x4b, 0xb6, 0xed, 0xb6, 0x6c, 0xbb, - 0x1f, 0x80, 0xa3, 0x87, 0xca, 0xd0, 0x52, 0xad, 0x2a, 0xb2, 0x3e, 0xb4, 0x0f, 0xb6, 0xd4, 0x34, - 0x66, 0x57, 0xf7, 0x47, 0x78, 0xc3, 0xa3, 0xe1, 0xe3, 0x7a, 0x20, 0x1b, 0x93, 0xd7, 0x9a, 0x92, - 0xce, 0x75, 0x29, 0x59, 0xc1, 0x7e, 0x11, 0xcc, 0xf7, 0x4c, 0x44, 0x41, 0x9a, 0x06, 0x3c, 0x3e, - 0x7a, 0x49, 0xe2, 0x33, 0xb6, 0xd1, 0xcf, 0x43, 0x70, 0x92, 0xb5, 0xbe, 0xf1, 0x30, 0x9c, 0xbe, - 0x7d, 0xbf, 0x58, 0x97, 0x1e, 0x0d, 0x9f, 0xa6, 0x4c, 0x14, 0xa0, 0x29, 0x2e, 0x5b, 0xb8, 0x4f, - 0xf5, 0x3c, 0x64, 0x4c, 0x32, 0x87, 0x1e, 0x38, 0xc4, 0x70, 0xd1, 0xb4, 0x55, 0x3a, 0x9c, 0xe9, - 0x3b, 0x55, 0xd0, 0x46, 0x3a, 0x70, 0xd9, 0xc6, 0x3d, 0x2f, 0x8f, 0x19, 0x66, 0x11, 0x5f, 0x6e, - 0x8e, 0xa3, 0xe6, 0xb2, 0xf3, 0x3f, 0x5c, 0xfe, 0xdd, 0x85, 0x1b, 0x1e, 0x0d, 0x8f, 0x78, 0x2c, - 0x59, 0x2c, 0x7f, 0x20, 0xe1, 0x82, 0xa1, 0x4f, 0xa0, 0x67, 0xaa, 0xae, 0x1d, 0x3a, 0xd3, 0xb7, - 0xaa, 0x88, 0x95, 0xf6, 0x99, 0x59, 0x38, 0x53, 0x46, 0x5f, 0xc1, 0x6e, 0x50, 0x6a, 0x29, 0x9d, - 0x56, 0x67, 0xfa, 0xee, 0x06, 0x63, 0xa3, 0x38, 0xb3, 0x70, 0xc5, 0x10, 0x1d, 0x83, 0x23, 0x8a, - 0x85, 0xa1, 0x67, 0xc2, 0x99, 0x1e, 0xb4, 0xe2, 0x94, 0x16, 0xcb, 0xcc, 0xc2, 0x65, 0x33, 0x74, - 0x02, 0x7b, 0xa2, 0x3c, 0xb6, 0x7a, 0xc4, 0x9d, 0xa9, 0xbb, 0x09, 0xc7, 0x68, 0xce, 0x2c, 0x5c, - 0x35, 0x45, 0xa7, 0x30, 0x4a, 0x6a, 0x0d, 0xa6, 0x57, 0xaa, 0x33, 0xbd, 0xd3, 0x0a, 0x57, 0xef, - 0xc6, 0x99, 0x85, 0x1b, 0x00, 0xe8, 0x08, 0xf6, 0x48, 0xb9, 0xd4, 0x7a, 0xfd, 0x5e, 0x97, 0x6d, - 0xa3, 0xa2, 0x98, 0x55, 0x6c, 0x14, 0x88, 0x28, 0xb7, 0xe1, 0xb8, 0xdf, 0x06, 0x52, 0xe9, 0x54, - 0x13, 0x5e, 0xb9, 0x75, 0x9f, 0xc0, 0x50, 0x54, 0x56, 0xca, 0x78, 0x47, 0xa3, 0xbc, 0xb7, 0x29, - 0x57, 0x99, 0xea, 0xcc, 0xc2, 0x35, 0xe3, 0x47, 0x7d, 0xd8, 0x5e, 0xaa, 0x46, 0x72, 0x1f, 0xeb, - 0x6f, 0xc3, 0x63, 0xf5, 0xbd, 0xf9, 0x19, 0x00, 0x59, 0xb7, 0x59, 0x36, 0x1c, 0xfb, 0x55, 0xf8, - 0x72, 0x0f, 0xe2, 0x92, 0xb6, 0x7b, 0x02, 0x43, 0x8f, 0x86, 0xa7, 0xab, 0x98, 0x3e, 0x61, 0x69, - 0x4a, 0xce, 0x18, 0x7a, 0x00, 0x7d, 0xba, 0x86, 0x52, 0x4c, 0x27, 0x55, 0x28, 0xa5, 0x5b, 0x81, - 0xcb, 0xd5, 0xdd, 0xe7, 0xf0, 0x7a, 0xcb, 0xbb, 0xa6, 0xe7, 0xfb, 0x66, 0xcb, 0xa5, 0x19, 0xe6, - 0xb8, 0x16, 0xfd, 0xfa, 0x7d, 0x66, 0xe1, 0x92, 0x76, 0x11, 0xee, 0x0c, 0xf6, 0x2a, 0x7a, 0xe8, - 0x53, 0xb5, 0x1d, 0x73, 0x48, 0x15, 0x71, 0x79, 0xc7, 0x34, 0x7f, 0xdb, 0xe0, 0x5c, 0xfb, 0xde, - 0x37, 0x80, 0x9a, 0x2b, 0x08, 0xed, 0x40, 0xf7, 0x5b, 0x1e, 0xb3, 0x91, 0x85, 0x06, 0xb0, 0xfd, - 0xdd, 0xab, 0x98, 0x89, 0x91, 0xad, 0x8e, 0x9e, 0x1f, 0x05, 0xf1, 0xa8, 0x83, 0x00, 0x7a, 0xcf, - 0x44, 0x20, 0x99, 0x18, 0x6d, 0xa9, 0xb3, 0x2a, 0x3a, 0x13, 0xa3, 0xee, 0xa3, 0x87, 0x7f, 0x5c, - 0x4e, 0xec, 0x8b, 0xcb, 0x89, 0xfd, 0xcf, 0xe5, 0xc4, 0xfe, 0xf5, 0x6a, 0x62, 0x5d, 0x5c, 0x4d, - 0xac, 0xbf, 0xae, 0x26, 0xd6, 0xf3, 0x3b, 0xff, 0xe9, 0xe7, 0xe4, 0x8b, 0x9e, 0xfe, 0xf8, 0xf8, - 0xdf, 0x00, 0x00, 0x00, 0xff, 0xff, 0x7b, 0xb3, 0x39, 0x6c, 0x7e, 0x0a, 0x00, 0x00, + // 1005 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x94, 0x56, 0xdf, 0x6e, 0x1b, 0xc5, + 0x17, 0xde, 0xb5, 0x1d, 0x3b, 0x3e, 0x9b, 0xb8, 0xfe, 0xcd, 0x0f, 0x5a, 0x2b, 0x14, 0x2b, 0x2c, + 0x14, 0x45, 0x15, 0x4a, 0x90, 0x11, 0x22, 0x2a, 0x88, 0x66, 0x9b, 0x44, 0xd8, 0x81, 0x02, 0x9a, + 0x00, 0x95, 0x2a, 0x71, 0x31, 0x9d, 0x1d, 0xa5, 0x4b, 0xf7, 0x5f, 0x67, 0x27, 0xae, 0xfc, 0x0e, + 0x5c, 0xf0, 0x08, 0xbc, 0x08, 0xf7, 0x5c, 0xa1, 0xde, 0x20, 0x21, 0xae, 0x50, 0xf2, 0x22, 0x68, + 0x66, 0xf6, 0xff, 0x6e, 0x2d, 0x7a, 0xd1, 0x66, 0xe6, 0xcc, 0x39, 0xdf, 0x7c, 0xe7, 0x7c, 0x67, + 0xce, 0x1a, 0x3e, 0xa3, 0x51, 0x10, 0x44, 0x61, 0x12, 0x13, 0xca, 0x0e, 0xa2, 0x27, 0x3f, 0x31, + 0x2a, 0x0e, 0x08, 0xf5, 0xe5, 0x3f, 0xce, 0x68, 0xc4, 0xdd, 0x98, 0x47, 0x22, 0x3a, 0x50, 0xff, + 0x27, 0x85, 0x75, 0x5f, 0x19, 0xd0, 0x30, 0x37, 0xd8, 0xbf, 0x9a, 0xb0, 0x85, 0xc9, 0x0b, 0x87, + 0xfa, 0x58, 0x19, 0xd0, 0x04, 0x06, 0x31, 0x59, 0xf9, 0x11, 0x71, 0x27, 0xe6, 0xae, 0xb9, 0xb7, + 0x85, 0xb3, 0x2d, 0xba, 0x0d, 0xc3, 0xc4, 0xbb, 0x08, 0x89, 0xb8, 0xe4, 0x6c, 0xd2, 0x51, 0x67, + 0x85, 0x01, 0xdd, 0x85, 0x31, 0xa1, 0x94, 0xc5, 0x22, 0xe2, 0x0b, 0x97, 0x85, 0xc2, 0x13, 0xab, + 0x49, 0x57, 0x39, 0x35, 0xec, 0xe8, 0x03, 0xf8, 0x5f, 0x66, 0x3b, 0xcf, 0x11, 0x7b, 0xca, 0xb9, + 0x79, 0x60, 0x7f, 0x0e, 0xa8, 0xcc, 0xf0, 0x91, 0x27, 0x9e, 0x2e, 0xd6, 0xf1, 0x1c, 0x41, 0xc7, + 0x73, 0x15, 0xc1, 0x21, 0xee, 0x78, 0xae, 0xfd, 0x1c, 0x86, 0x45, 0x7a, 0x37, 0xa1, 0x1f, 0x73, + 0xb6, 0x5c, 0xe8, 0xa8, 0x21, 0x4e, 0x77, 0x68, 0x07, 0x36, 0xbd, 0x8c, 0xb6, 0xce, 0x2d, 0xdf, + 0x23, 0x04, 0x3d, 0x97, 0x08, 0x92, 0xa6, 0xa3, 0xd6, 0xb2, 0x18, 0xc2, 0x0b, 0x58, 0x22, 0x48, + 0x10, 0x2b, 0xea, 0x5d, 0x5c, 0x18, 0xec, 0x3f, 0x4d, 0x18, 0xc8, 0x3b, 0xa3, 0x48, 0x54, 0x90, + 0xcd, 0x1a, 0xf2, 0x6d, 0x18, 0x06, 0x24, 0x11, 0x8c, 0x7f, 0xc9, 0xb2, 0x6b, 0x0b, 0x83, 0x4c, + 0x51, 0x09, 0xbc, 0x70, 0xd5, 0xd5, 0x43, 0x9c, 0x6d, 0x65, 0xb1, 0x59, 0x48, 0xf9, 0x2a, 0x16, + 0xcc, 0xc5, 0x8c, 0xb8, 0x32, 0x5c, 0xd7, 0xaf, 0x61, 0xaf, 0x32, 0xdd, 0xa8, 0x31, 0x95, 0x52, + 0x64, 0x6c, 0x0a, 0x29, 0xfa, 0x5a, 0x8a, 0xc6, 0x81, 0xfd, 0x21, 0x8c, 0x1d, 0xea, 0x3b, 0x94, + 0x46, 0x97, 0xa1, 0x58, 0x84, 0x4b, 0x4f, 0x30, 0x89, 0xef, 0xa9, 0x95, 0x24, 0xa1, 0x13, 0x2c, + 0x0c, 0xf6, 0x6f, 0x26, 0xbc, 0x59, 0x84, 0x60, 0xf6, 0xfc, 0x92, 0x25, 0xe2, 0x2c, 0xf2, 0x42, + 0xf4, 0x3e, 0x8c, 0xb4, 0xdb, 0xa2, 0x5a, 0x9d, 0x9a, 0xb5, 0xf0, 0xd3, 0x0a, 0x2e, 0x32, 0x69, + 0x6b, 0x56, 0x74, 0x08, 0xb7, 0xaa, 0x91, 0x45, 0x3e, 0x5a, 0xb8, 0x57, 0x1d, 0x4b, 0x85, 0x02, + 0x26, 0x88, 0xd2, 0x58, 0x57, 0x31, 0xdf, 0xdb, 0x7f, 0x98, 0x70, 0xab, 0xc1, 0xdf, 0x51, 0x3d, + 0xba, 0x56, 0xd9, 0x3d, 0xb8, 0xc1, 0xb5, 0x73, 0x8d, 0x76, 0xdd, 0x2c, 0x15, 0xa8, 0x6b, 0x96, + 0xa4, 0x8c, 0x9b, 0x07, 0xe8, 0x3e, 0x58, 0x31, 0xe3, 0x81, 0x97, 0x24, 0x5e, 0x14, 0x26, 0x8a, + 0xee, 0x68, 0xf6, 0xf6, 0x7e, 0xf1, 0xc2, 0x1d, 0xea, 0x7f, 0x9f, 0x30, 0xfe, 0x6d, 0xe1, 0x84, + 0xcb, 0x11, 0xf6, 0x09, 0x4c, 0x1a, 0xf9, 0x9c, 0x30, 0xea, 0x7b, 0x21, 0x6b, 0x23, 0x6d, 0xb6, + 0x92, 0xb6, 0x8f, 0xe0, 0x66, 0xbd, 0x11, 0x30, 0x5b, 0x46, 0xcf, 0x58, 0x8b, 0x5c, 0x66, 0x9b, + 0x5c, 0xf6, 0xcf, 0x26, 0x58, 0xea, 0x59, 0xa6, 0x89, 0x1d, 0xc1, 0x26, 0xcf, 0xb2, 0x37, 0x77, + 0xbb, 0x7b, 0xd6, 0xec, 0xbd, 0x6a, 0x56, 0x99, 0xe7, 0x7e, 0xb6, 0x38, 0x0d, 0x05, 0x5f, 0xe1, + 0x3c, 0x6a, 0xe7, 0x53, 0xd8, 0xae, 0x1c, 0xa1, 0x31, 0x74, 0x9f, 0xa5, 0x3d, 0x39, 0xc4, 0x72, + 0x89, 0xde, 0x80, 0x8d, 0x25, 0xf1, 0x2f, 0xb3, 0xf1, 0xa5, 0x37, 0xf7, 0x3a, 0x87, 0xa6, 0xfd, + 0x23, 0xfc, 0xdf, 0xa1, 0xfe, 0x69, 0xfd, 0xf1, 0xac, 0x93, 0xb8, 0xed, 0x11, 0x76, 0xda, 0x1f, + 0xa1, 0xbd, 0x82, 0x9d, 0xa2, 0x5e, 0x85, 0x36, 0xc7, 0x4f, 0x49, 0x78, 0xc1, 0xd6, 0xde, 0x52, + 0x13, 0xbc, 0xf3, 0xda, 0x82, 0x7f, 0xa7, 0xde, 0x6c, 0x4a, 0x24, 0xbd, 0xf0, 0x08, 0x2c, 0xa2, + 0xb9, 0x94, 0xea, 0x3d, 0xad, 0x82, 0xd6, 0x6b, 0x81, 0xcb, 0x21, 0x76, 0x5c, 0x9e, 0x04, 0x98, + 0x05, 0xd1, 0x72, 0x7d, 0x1a, 0xb5, 0x1b, 0x3b, 0xaf, 0x7f, 0xe3, 0xdf, 0x3d, 0xb8, 0xe1, 0x50, + 0xff, 0x38, 0x0a, 0x05, 0x0b, 0xc5, 0x0f, 0x52, 0x39, 0xf4, 0x31, 0xf4, 0x75, 0x5b, 0xa9, 0xfb, + 0xac, 0xd9, 0x5b, 0x55, 0xc0, 0x4a, 0x7f, 0xce, 0x0d, 0x9c, 0x3a, 0xa3, 0x2f, 0x60, 0xcb, 0x2b, + 0xf5, 0xac, 0x2a, 0xaa, 0x35, 0x7b, 0x67, 0x4d, 0xb0, 0x76, 0x9c, 0x1b, 0xb8, 0x12, 0x88, 0x4e, + 0xc0, 0xe2, 0xc5, 0x48, 0x53, 0xaf, 0xd6, 0x9a, 0xed, 0xb6, 0xe2, 0x94, 0x46, 0xdf, 0xdc, 0xc0, + 0xe5, 0x30, 0x74, 0x06, 0xdb, 0xbc, 0x3c, 0x58, 0xd4, 0xab, 0xb6, 0x66, 0xf6, 0x3a, 0x1c, 0xed, + 0x39, 0x37, 0x70, 0x35, 0x14, 0x9d, 0xc3, 0x38, 0xae, 0xb5, 0x97, 0x1a, 0xfa, 0xd6, 0xec, 0x4e, + 0x2b, 0x5c, 0xbd, 0x17, 0xe7, 0x06, 0x6e, 0x00, 0xa0, 0x63, 0xd8, 0x26, 0x65, 0xa5, 0xd5, 0x07, + 0xe2, 0x55, 0xd5, 0xd6, 0x2e, 0x92, 0x59, 0x25, 0x46, 0x82, 0xf0, 0x72, 0x13, 0x4e, 0x06, 0x6d, + 0x20, 0x95, 0x3e, 0xd5, 0xe9, 0x95, 0x1b, 0xf7, 0x21, 0x8c, 0x78, 0x65, 0x66, 0x4d, 0x36, 0x15, + 0xca, 0xbb, 0xeb, 0x6a, 0x95, 0xba, 0xce, 0x0d, 0x5c, 0x0b, 0x7e, 0x30, 0x48, 0xe7, 0x81, 0x7d, + 0xaa, 0xbe, 0xd7, 0x27, 0xf2, 0xcb, 0x7e, 0x0f, 0x80, 0xe4, 0x6d, 0x96, 0x3e, 0x8d, 0x9d, 0x2a, + 0x7c, 0xb9, 0x07, 0x71, 0xc9, 0xdb, 0x3e, 0x83, 0x91, 0x43, 0xfd, 0xf3, 0x55, 0x48, 0x1f, 0xb2, + 0x24, 0x21, 0x17, 0x0c, 0x1d, 0xc2, 0x80, 0xe6, 0x50, 0x66, 0xb3, 0xe7, 0xa5, 0x6f, 0x05, 0x2e, + 0x73, 0xb7, 0x1f, 0xab, 0x89, 0x54, 0x3f, 0x57, 0xf4, 0x5c, 0x57, 0x8f, 0xd1, 0x24, 0xc5, 0x9c, + 0xd4, 0xb2, 0xcf, 0xcf, 0xe7, 0x06, 0x2e, 0x79, 0x17, 0xe9, 0xce, 0x61, 0xbb, 0xe2, 0x87, 0x3e, + 0x81, 0x01, 0xcf, 0x21, 0x65, 0xc6, 0xe5, 0x09, 0xd3, 0xfc, 0xf5, 0x85, 0x33, 0xef, 0xbb, 0x5f, + 0x01, 0x6a, 0x0e, 0x20, 0xb4, 0x09, 0xbd, 0xaf, 0xa3, 0x90, 0x8d, 0x0d, 0x34, 0x84, 0x8d, 0x6f, + 0x5e, 0x84, 0x8c, 0x8f, 0x4d, 0xb9, 0x74, 0xdc, 0xc0, 0x0b, 0xc7, 0x1d, 0x04, 0xd0, 0x7f, 0xc4, + 0x3d, 0xc1, 0xf8, 0xb8, 0x2b, 0xd7, 0x52, 0x74, 0xc6, 0xc7, 0xbd, 0x07, 0xf7, 0x7f, 0xbf, 0x9a, + 0x9a, 0x2f, 0xaf, 0xa6, 0xe6, 0x3f, 0x57, 0x53, 0xf3, 0x97, 0xeb, 0xa9, 0xf1, 0xf2, 0x7a, 0x6a, + 0xfc, 0x75, 0x3d, 0x35, 0x1e, 0xdf, 0xf9, 0x4f, 0x3f, 0x78, 0x9f, 0xf4, 0xd5, 0x9f, 0x8f, 0xfe, + 0x0d, 0x00, 0x00, 0xff, 0xff, 0xf9, 0x8e, 0x57, 0x42, 0x20, 0x0b, 0x00, 0x00, } func (m *RawAclRecord) Marshal() (dAtA []byte, err error) { @@ -1611,6 +1623,11 @@ func (m *AclAccountRequestAccept) MarshalToSizedBuffer(dAtA []byte) (int, error) _ = i var l int _ = l + if m.Permissions != 0 { + i = encodeVarintAclrecord(dAtA, i, uint64(m.Permissions)) + i-- + dAtA[i] = 0x20 + } if len(m.EncryptedReadKeys) > 0 { i -= len(m.EncryptedReadKeys) copy(dAtA[i:], m.EncryptedReadKeys) @@ -1715,11 +1732,23 @@ func (m *AclReadKeys) MarshalToSizedBuffer(dAtA []byte) (int, error) { _ = i var l int _ = l - if len(m.ReadKey) > 0 { - for iNdEx := len(m.ReadKey) - 1; iNdEx >= 0; iNdEx-- { - i -= len(m.ReadKey[iNdEx]) - copy(dAtA[i:], m.ReadKey[iNdEx]) - i = encodeVarintAclrecord(dAtA, i, uint64(len(m.ReadKey[iNdEx]))) + if len(m.ReadKeys) > 0 { + for k := range m.ReadKeys { + v := m.ReadKeys[k] + baseI := i + if len(v) > 0 { + i -= len(v) + copy(dAtA[i:], v) + i = encodeVarintAclrecord(dAtA, i, uint64(len(v))) + i-- + dAtA[i] = 0x12 + } + i -= len(k) + copy(dAtA[i:], k) + i = encodeVarintAclrecord(dAtA, i, uint64(len(k))) + i-- + dAtA[i] = 0xa + i = encodeVarintAclrecord(dAtA, i, uint64(baseI-i)) i-- dAtA[i] = 0xa } @@ -1727,7 +1756,7 @@ func (m *AclReadKeys) MarshalToSizedBuffer(dAtA []byte) (int, error) { return len(dAtA) - i, nil } -func (m *AclEncryptedReadKeys) Marshal() (dAtA []byte, err error) { +func (m *AclEncryptedReadKey) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -1737,20 +1766,20 @@ func (m *AclEncryptedReadKeys) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *AclEncryptedReadKeys) MarshalTo(dAtA []byte) (int, error) { +func (m *AclEncryptedReadKey) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *AclEncryptedReadKeys) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *AclEncryptedReadKey) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int _ = l - if len(m.EncryptedReadKeys) > 0 { - i -= len(m.EncryptedReadKeys) - copy(dAtA[i:], m.EncryptedReadKeys) - i = encodeVarintAclrecord(dAtA, i, uint64(len(m.EncryptedReadKeys))) + if len(m.EncryptedReadKey) > 0 { + i -= len(m.EncryptedReadKey) + copy(dAtA[i:], m.EncryptedReadKey) + i = encodeVarintAclrecord(dAtA, i, uint64(len(m.EncryptedReadKey))) i-- dAtA[i] = 0x12 } @@ -2407,6 +2436,9 @@ func (m *AclAccountRequestAccept) Size() (n int) { if l > 0 { n += 1 + l + sovAclrecord(uint64(l)) } + if m.Permissions != 0 { + n += 1 + sovAclrecord(uint64(m.Permissions)) + } return n } @@ -2442,16 +2474,22 @@ func (m *AclReadKeys) Size() (n int) { } var l int _ = l - if len(m.ReadKey) > 0 { - for _, b := range m.ReadKey { - l = len(b) - n += 1 + l + sovAclrecord(uint64(l)) + if len(m.ReadKeys) > 0 { + for k, v := range m.ReadKeys { + _ = k + _ = v + l = 0 + if len(v) > 0 { + l = 1 + len(v) + sovAclrecord(uint64(len(v))) + } + mapEntrySize := 1 + len(k) + sovAclrecord(uint64(len(k))) + l + n += mapEntrySize + 1 + sovAclrecord(uint64(mapEntrySize)) } } return n } -func (m *AclEncryptedReadKeys) Size() (n int) { +func (m *AclEncryptedReadKey) Size() (n int) { if m == nil { return 0 } @@ -2461,7 +2499,7 @@ func (m *AclEncryptedReadKeys) Size() (n int) { if l > 0 { n += 1 + l + sovAclrecord(uint64(l)) } - l = len(m.EncryptedReadKeys) + l = len(m.EncryptedReadKey) if l > 0 { n += 1 + l + sovAclrecord(uint64(l)) } @@ -3804,6 +3842,25 @@ func (m *AclAccountRequestAccept) Unmarshal(dAtA []byte) error { m.EncryptedReadKeys = []byte{} } iNdEx = postIndex + case 4: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field Permissions", wireType) + } + m.Permissions = 0 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAclrecord + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + m.Permissions |= AclUserPermissions(b&0x7F) << shift + if b < 0x80 { + break + } + } default: iNdEx = preIndex skippy, err := skipAclrecord(dAtA[iNdEx:]) @@ -4020,9 +4077,9 @@ func (m *AclReadKeys) Unmarshal(dAtA []byte) error { switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ReadKey", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field ReadKeys", wireType) } - var byteLen int + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAclrecord @@ -4032,23 +4089,119 @@ func (m *AclReadKeys) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - byteLen |= int(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - if byteLen < 0 { + if msglen < 0 { return ErrInvalidLengthAclrecord } - postIndex := iNdEx + byteLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthAclrecord } if postIndex > l { return io.ErrUnexpectedEOF } - m.ReadKey = append(m.ReadKey, make([]byte, postIndex-iNdEx)) - copy(m.ReadKey[len(m.ReadKey)-1], dAtA[iNdEx:postIndex]) + if m.ReadKeys == nil { + m.ReadKeys = make(map[string][]byte) + } + var mapkey string + mapvalue := []byte{} + for iNdEx < postIndex { + entryPreIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAclrecord + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + if fieldNum == 1 { + var stringLenmapkey uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAclrecord + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLenmapkey |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLenmapkey := int(stringLenmapkey) + if intStringLenmapkey < 0 { + return ErrInvalidLengthAclrecord + } + postStringIndexmapkey := iNdEx + intStringLenmapkey + if postStringIndexmapkey < 0 { + return ErrInvalidLengthAclrecord + } + if postStringIndexmapkey > l { + return io.ErrUnexpectedEOF + } + mapkey = string(dAtA[iNdEx:postStringIndexmapkey]) + iNdEx = postStringIndexmapkey + } else if fieldNum == 2 { + var mapbyteLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAclrecord + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + mapbyteLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intMapbyteLen := int(mapbyteLen) + if intMapbyteLen < 0 { + return ErrInvalidLengthAclrecord + } + postbytesIndex := iNdEx + intMapbyteLen + if postbytesIndex < 0 { + return ErrInvalidLengthAclrecord + } + if postbytesIndex > l { + return io.ErrUnexpectedEOF + } + mapvalue = make([]byte, mapbyteLen) + copy(mapvalue, dAtA[iNdEx:postbytesIndex]) + iNdEx = postbytesIndex + } else { + iNdEx = entryPreIndex + skippy, err := skipAclrecord(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthAclrecord + } + if (iNdEx + skippy) > postIndex { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + m.ReadKeys[mapkey] = mapvalue iNdEx = postIndex default: iNdEx = preIndex @@ -4071,7 +4224,7 @@ func (m *AclReadKeys) Unmarshal(dAtA []byte) error { } return nil } -func (m *AclEncryptedReadKeys) Unmarshal(dAtA []byte) error { +func (m *AclEncryptedReadKey) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -4094,10 +4247,10 @@ func (m *AclEncryptedReadKeys) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: AclEncryptedReadKeys: wiretype end group for non-group") + return fmt.Errorf("proto: AclEncryptedReadKey: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: AclEncryptedReadKeys: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: AclEncryptedReadKey: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: @@ -4136,7 +4289,7 @@ func (m *AclEncryptedReadKeys) Unmarshal(dAtA []byte) error { iNdEx = postIndex case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field EncryptedReadKeys", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field EncryptedReadKey", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { @@ -4163,9 +4316,9 @@ func (m *AclEncryptedReadKeys) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.EncryptedReadKeys = append(m.EncryptedReadKeys[:0], dAtA[iNdEx:postIndex]...) - if m.EncryptedReadKeys == nil { - m.EncryptedReadKeys = []byte{} + m.EncryptedReadKey = append(m.EncryptedReadKey[:0], dAtA[iNdEx:postIndex]...) + if m.EncryptedReadKey == nil { + m.EncryptedReadKey = []byte{} } iNdEx = postIndex default: @@ -4350,7 +4503,7 @@ func (m *AclReadKeyChange) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.AccountKeys = append(m.AccountKeys, &AclEncryptedReadKeys{}) + m.AccountKeys = append(m.AccountKeys, &AclEncryptedReadKey{}) if err := m.AccountKeys[len(m.AccountKeys)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } @@ -4468,7 +4621,7 @@ func (m *AclAccountRemove) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.AccountKeys = append(m.AccountKeys, &AclEncryptedReadKeys{}) + m.AccountKeys = append(m.AccountKeys, &AclEncryptedReadKey{}) if err := m.AccountKeys[len(m.AccountKeys)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } diff --git a/commonspace/object/acl/aclrecordproto/protos/aclrecord.proto b/commonspace/object/acl/aclrecordproto/protos/aclrecord.proto index 7219aecd..1fa11e59 100644 --- a/commonspace/object/acl/aclrecordproto/protos/aclrecord.proto +++ b/commonspace/object/acl/aclrecordproto/protos/aclrecord.proto @@ -52,6 +52,7 @@ message AclAccountRequestAccept { bytes identity = 1; string requestRecordId = 2; bytes encryptedReadKeys = 3; + AclUserPermissions permissions = 4; } // AclAccountRequestDecline contains the reference to join record @@ -66,13 +67,13 @@ message AclAccountInviteRevoke { // AclReadKeys are all read keys in Acl message AclReadKeys { - repeated bytes readKey = 1; + map readKeys = 1; } -// AclEncryptedReadKeys are all keys for specific identity -message AclEncryptedReadKeys { +// AclEncryptedReadKeys are new key for specific identity +message AclEncryptedReadKey { bytes identity = 1; - bytes encryptedReadKeys = 2; + bytes encryptedReadKey = 2; } // AclAccountPermissionChange changes permissions of specific account @@ -83,13 +84,13 @@ message AclAccountPermissionChange { // AclReadKeyChange changes the key for a space message AclReadKeyChange { - repeated AclEncryptedReadKeys accountKeys = 1; + repeated AclEncryptedReadKey accountKeys = 1; } // AclAccountRemove removes an account and changes read key for space message AclAccountRemove { bytes identity = 1; - repeated AclEncryptedReadKeys accountKeys = 2; + repeated AclEncryptedReadKey accountKeys = 2; } // AclContentValue contains possible values for Acl diff --git a/commonspace/object/acl/list/aclrecordbuilder.go b/commonspace/object/acl/list/aclrecordbuilder.go index a1e89560..686ef3fa 100644 --- a/commonspace/object/acl/list/aclrecordbuilder.go +++ b/commonspace/object/acl/list/aclrecordbuilder.go @@ -1,11 +1,12 @@ package list import ( + "time" + "github.com/anyproto/any-sync/commonspace/object/acl/aclrecordproto" "github.com/anyproto/any-sync/util/cidutil" "github.com/anyproto/any-sync/util/crypto" "github.com/gogo/protobuf/proto" - "time" ) type RootContent struct { @@ -53,7 +54,6 @@ func (a *aclRecordBuilder) Unmarshall(rawIdRecord *aclrecordproto.RawAclRecordWi } rec = &AclRecord{ Id: rawIdRecord.Id, - ReadKeyId: rawIdRecord.Id, Timestamp: aclRoot.Timestamp, Signature: rawRec.Signature, Identity: pubKey, @@ -72,7 +72,6 @@ func (a *aclRecordBuilder) Unmarshall(rawIdRecord *aclrecordproto.RawAclRecordWi rec = &AclRecord{ Id: rawIdRecord.Id, PrevId: aclRecord.PrevId, - ReadKeyId: aclRecord.ReadKeyId, Timestamp: aclRecord.Timestamp, Data: aclRecord.Data, Signature: rawRec.Signature, diff --git a/commonspace/object/acl/list/aclstate.go b/commonspace/object/acl/list/aclstate.go index 496b865d..6f0c917b 100644 --- a/commonspace/object/acl/list/aclstate.go +++ b/commonspace/object/acl/list/aclstate.go @@ -2,7 +2,6 @@ package list import ( "errors" - "fmt" "github.com/anyproto/any-sync/app/logger" "github.com/anyproto/any-sync/commonspace/object/acl/aclrecordproto" @@ -15,12 +14,9 @@ var log = logger.NewNamedSugared("common.commonspace.acllist") var ( ErrNoSuchAccount = errors.New("no such account") - ErrIncorrectInviteKey = errors.New("incorrect invite key") + ErrUnexpectedContentType = errors.New("unexpected content type") ErrIncorrectIdentity = errors.New("incorrect identity") ErrFailedToDecrypt = errors.New("failed to decrypt key") - ErrUserRemoved = errors.New("user was removed from the document") - ErrDocumentForbidden = errors.New("your user was forbidden access to the document") - ErrUserAlreadyExists = errors.New("user already exists") ErrNoSuchRecord = errors.New("no such record") ErrNoSuchRequest = errors.New("no such request") ErrNoSuchInvite = errors.New("no such invite") @@ -50,13 +46,14 @@ type AclState struct { keyStore crypto.KeyStorage totalReadKeys int - lastRecordId string + lastRecordId string + contentValidator ContentValidator } func newAclStateWithKeys( id string, key crypto.PrivKey) (*AclState, error) { - return &AclState{ + st := &AclState{ id: id, key: key, pubKey: key.GetPublic(), @@ -65,18 +62,30 @@ func newAclStateWithKeys( statesAtRecord: make(map[string][]AclUserState), inviteKeys: make(map[string]crypto.PubKey), requestRecords: make(map[string]RequestRecord), - }, nil + keyStore: crypto.NewKeyStorage(), + } + st.contentValidator = &contentValidator{ + keyStore: st.keyStore, + aclState: st, + } + return st, nil } func newAclState(id string) *AclState { - return &AclState{ + st := &AclState{ id: id, userReadKeys: make(map[string]crypto.SymKey), userStates: make(map[string]AclUserState), statesAtRecord: make(map[string][]AclUserState), inviteKeys: make(map[string]crypto.PubKey), requestRecords: make(map[string]RequestRecord), + keyStore: crypto.NewKeyStorage(), } + st.contentValidator = &contentValidator{ + keyStore: st.keyStore, + aclState: st, + } + return st } func (st *AclState) CurrentReadKeyId() string { @@ -167,7 +176,7 @@ func (st *AclState) applyRoot(record *AclRecord) (err error) { PubKey: record.Identity, Permissions: AclPermissions(aclrecordproto.AclUserPermissions_Admin), } - st.currentReadKeyId = record.ReadKeyId + st.currentReadKeyId = record.Id st.userStates[mapKeyFromPubKey(record.Identity)] = userState st.totalReadKeys++ return @@ -196,76 +205,162 @@ func (st *AclState) saveReadKeyFromRoot(record *AclRecord) (err error) { func (st *AclState) applyChangeData(record *AclRecord) (err error) { model := record.Model.(*aclrecordproto.AclData) - if !st.isUserJoin(model) && !st.Permissions(record.Identity).CanManageAccounts() { - return ErrInsufficientPermissions - } for _, ch := range model.GetAclContent() { - if err = st.applyChangeContent(ch, record.Id); err != nil { + if err = st.applyChangeContent(ch, record.Id, record.Identity); err != nil { log.Info("error while applying changes: %v; ignore", zap.Error(err)) return err } } - if record.ReadKeyId != st.currentReadKeyId { - st.totalReadKeys++ - st.currentReadKeyId = record.ReadKeyId - } return nil } -func (st *AclState) applyChangeContent(ch *aclrecordproto.AclContentValue, recordId string) error { +func (st *AclState) applyChangeContent(ch *aclrecordproto.AclContentValue, recordId string, authorIdentity crypto.PubKey) error { switch { case ch.GetPermissionChange() != nil: - return st.applyPermissionChange(ch.GetPermissionChange(), recordId) + return st.applyPermissionChange(ch.GetPermissionChange(), recordId, authorIdentity) case ch.GetInvite() != nil: - return st.applyInvite(ch.GetInvite(), recordId) + return st.applyInvite(ch.GetInvite(), recordId, authorIdentity) case ch.GetInviteRevoke() != nil: - return st.applyUserRemove(ch.GetUserRemove(), recordId) - case ch.GetUserInvite() != nil: - return st.applyUserInvite(ch.GetUserInvite(), recordId) - case ch.GetUserJoin() != nil: - return st.applyUserJoin(ch.GetUserJoin(), recordId) + return st.applyInviteRevoke(ch.GetInviteRevoke(), recordId, authorIdentity) + case ch.GetRequestJoin() != nil: + return st.applyRequestJoin(ch.GetRequestJoin(), recordId, authorIdentity) + case ch.GetRequestAccept() != nil: + return st.applyRequestAccept(ch.GetRequestAccept(), recordId, authorIdentity) + case ch.GetRequestDecline() != nil: + return st.applyRequestDecline(ch.GetRequestDecline(), recordId, authorIdentity) + case ch.GetAccountRemove() != nil: + return st.applyAccountRemove(ch.GetAccountRemove(), recordId, authorIdentity) + case ch.GetReadKeyChange() != nil: + return st.applyReadKeyChange(ch.GetReadKeyChange(), recordId, authorIdentity) default: - return fmt.Errorf("unexpected change type: %v", ch) + return ErrUnexpectedContentType } } -func (st *AclState) applyPermissionChange(ch *aclrecordproto.AclAccountPermissionChange, recordId string) error { +func (st *AclState) applyPermissionChange(ch *aclrecordproto.AclAccountPermissionChange, recordId string, authorIdentity crypto.PubKey) error { chIdentity, err := st.keyStore.PubKeyFromProto(ch.Identity) if err != nil { return err } - state, exists := st.userStates[mapKeyFromPubKey(chIdentity)] - if !exists { - return ErrNoSuchAccount + err = st.contentValidator.ValidatePermissionChange(ch, recordId, authorIdentity) + if err != nil { + return err } + stringKey := mapKeyFromPubKey(chIdentity) + state, _ := st.userStates[stringKey] state.Permissions = AclPermissions(ch.Permissions) + st.userStates[stringKey] = state return nil } -func (st *AclState) applyInvite(ch *aclrecordproto.AclAccountInvite, recordId string) error { +func (st *AclState) applyInvite(ch *aclrecordproto.AclAccountInvite, recordId string, authorIdentity crypto.PubKey) error { inviteKey, err := st.keyStore.PubKeyFromProto(ch.InviteKey) if err != nil { return err } + err = st.contentValidator.ValidateInvite(ch, recordId, authorIdentity) + if err != nil { + return err + } st.inviteKeys[recordId] = inviteKey return nil } -func (st *AclState) applyInviteRevoke(ch *aclrecordproto.AclAccountInviteRevoke, recordId string) error { - +func (st *AclState) applyInviteRevoke(ch *aclrecordproto.AclAccountInviteRevoke, recordId string, authorIdentity crypto.PubKey) error { + err := st.contentValidator.ValidateInviteRevoke(ch, recordId, authorIdentity) + if err != nil { + return err + } delete(st.inviteKeys, ch.InviteRecordId) return nil } -func (st *AclState) applyUserJoin(ch *aclrecordproto.AclUserJoin, recordId string) error { +func (st *AclState) applyRequestJoin(ch *aclrecordproto.AclAccountRequestJoin, recordId string, authorIdentity crypto.PubKey) error { + err := st.contentValidator.ValidateRequestJoin(ch, recordId, authorIdentity) + if err != nil { + return err + } + st.requestRecords[recordId] = RequestRecord{ + RequestIdentity: authorIdentity, + RequestMetadata: ch.Metadata, + } return nil } -func (st *AclState) applyUserAdd(ch *aclrecordproto.AclUserAdd, recordId string) error { +func (st *AclState) applyRequestAccept(ch *aclrecordproto.AclAccountRequestAccept, recordId string, authorIdentity crypto.PubKey) error { + err := st.contentValidator.ValidateRequestAccept(ch, recordId, authorIdentity) + if err != nil { + return err + } + acceptIdentity, err := st.keyStore.PubKeyFromProto(ch.Identity) + if err != nil { + return err + } + record, _ := st.requestRecords[ch.RequestRecordId] + st.userStates[mapKeyFromPubKey(acceptIdentity)] = AclUserState{ + PubKey: acceptIdentity, + Permissions: AclPermissions(ch.Permissions), + RequestMetadata: record.RequestMetadata, + } + if !st.pubKey.Equals(acceptIdentity) { + return nil + } + res, err := st.key.Decrypt(ch.EncryptedReadKeys) + if err != nil { + return err + } + keys := &aclrecordproto.AclReadKeys{} + err = proto.Unmarshal(res, keys) + if err != nil { + return err + } + for recordId, key := range keys.ReadKeys { + sym, err := crypto.UnmarshallAESKey(key) + if err != nil { + return err + } + st.userReadKeys[recordId] = sym + } return nil } -func (st *AclState) applyUserRemove(ch *aclrecordproto.AclUserRemove, recordId string) error { +func (st *AclState) applyRequestDecline(ch *aclrecordproto.AclAccountRequestDecline, recordId string, authorIdentity crypto.PubKey) error { + err := st.contentValidator.ValidateRequestDecline(ch, recordId, authorIdentity) + if err != nil { + return err + } + delete(st.requestRecords, ch.RequestRecordId) + return nil +} + +func (st *AclState) applyAccountRemove(ch *aclrecordproto.AclAccountRemove, recordId string, authorIdentity crypto.PubKey) error { + err := st.contentValidator.ValidateRemove(ch, recordId, authorIdentity) + if err != nil { + return err + } + return st.updateReadKey(ch.AccountKeys, recordId) +} + +func (st *AclState) applyReadKeyChange(ch *aclrecordproto.AclReadKeyChange, recordId string, authorIdentity crypto.PubKey) error { + err := st.contentValidator.ValidateReadKeyChange(ch, recordId, authorIdentity) + if err != nil { + return err + } + return st.updateReadKey(ch.AccountKeys, recordId) +} + +func (st *AclState) updateReadKey(keys []*aclrecordproto.AclEncryptedReadKey, recordId string) error { + for _, accKey := range keys { + identity, _ := st.keyStore.PubKeyFromProto(accKey.Identity) + if st.pubKey.Equals(identity) { + res, err := st.decryptReadKey(accKey.EncryptedReadKey) + if err != nil { + return err + } + st.userReadKeys[recordId] = res + } + } + st.currentReadKeyId = recordId return nil } @@ -274,7 +369,6 @@ func (st *AclState) decryptReadKey(msg []byte) (crypto.SymKey, error) { if err != nil { return nil, ErrFailedToDecrypt } - key, err := crypto.UnmarshallAESKey(decrypted) if err != nil { return nil, ErrFailedToDecrypt @@ -290,19 +384,10 @@ func (st *AclState) Permissions(identity crypto.PubKey) AclPermissions { return state.Permissions } -func (st *AclState) isUserJoin(data *aclrecordproto.AclData) bool { - // if we have a UserJoin, then it should always be the first one applied - return data.GetAclContent() != nil && data.GetAclContent()[0].GetUserJoin() != nil -} - func (st *AclState) UserStates() map[string]AclUserState { return st.userStates } -func (st *AclState) Invite(acceptPubKey []byte) (invite *aclrecordproto.AclUserInvite, err error) { - return -} - func (st *AclState) LastRecordId() string { return st.lastRecordId } diff --git a/commonspace/object/acl/list/models.go b/commonspace/object/acl/list/models.go index 6ec52b28..b0583a39 100644 --- a/commonspace/object/acl/list/models.go +++ b/commonspace/object/acl/list/models.go @@ -8,7 +8,6 @@ import ( type AclRecord struct { Id string PrevId string - ReadKeyId string Timestamp int64 Data []byte Identity crypto.PubKey @@ -22,8 +21,9 @@ type RequestRecord struct { } type AclUserState struct { - PubKey crypto.PubKey - Permissions AclPermissions + PubKey crypto.PubKey + Permissions AclPermissions + RequestMetadata []byte } type AclPermissions aclrecordproto.AclUserPermissions diff --git a/commonspace/object/acl/list/validator.go b/commonspace/object/acl/list/validator.go index 6fa8be20..51dfa575 100644 --- a/commonspace/object/acl/list/validator.go +++ b/commonspace/object/acl/list/validator.go @@ -96,6 +96,9 @@ func (c *contentValidator) ValidateRequestAccept(ch *aclrecordproto.AclAccountRe if !acceptIdentity.Equals(record.RequestIdentity) { return ErrIncorrectIdentity } + if ch.Permissions == aclrecordproto.AclUserPermissions_Owner { + return ErrInsufficientPermissions + } return } @@ -129,7 +132,7 @@ func (c *contentValidator) ValidateReadKeyChange(ch *aclrecordproto.AclReadKeyCh return c.validateAccountReadKeys(ch.AccountKeys) } -func (c *contentValidator) validateAccountReadKeys(accountKeys []*aclrecordproto.AclEncryptedReadKeys) (err error) { +func (c *contentValidator) validateAccountReadKeys(accountKeys []*aclrecordproto.AclEncryptedReadKey) (err error) { if len(accountKeys) != len(c.aclState.userStates) { return ErrIncorrectNumberOfAccounts }