syntax = "proto3";
package acl;
option go_package = "pkg/acl/aclchanges/aclpb";

// ACL protos

message RawACLRecord {
  bytes payload = 1;
  bytes signature = 2;
  string id = 3; // this field is only used on user side for convenience, it should be empty when saving to db
}

message ACLContentValue {
  oneof value {
    ACLUserAdd userAdd = 1;
    ACLUserRemove userRemove = 2;
    ACLUserPermissionChange userPermissionChange = 3;
    ACLUserInvite userInvite = 4;
    ACLUserJoin userJoin = 5;
    ACLUserConfirm userConfirm = 6;
  }
}

message ACLData {
  repeated ACLContentValue aclContent = 1;
}

message ACLState {
  repeated uint64 readKeyHashes = 1;
  repeated ACLUserState userStates = 2;
  map<string, ACLUserInvite> invites = 3; // TODO: later
  // repeated string unconfirmedUsers = 4; // TODO: later
}

message ACLUserState {
  bytes identity = 1;
  bytes encryptionKey = 2;
  repeated bytes encryptedReadKeys = 3; // all read keys that we know
  ACLUserPermissions permissions = 4;
  bool isConfirmed = 5;
}

// we already know identity and encryptionKey
message ACLUserAdd {
  bytes identity = 1; // public signing key
  bytes encryptionKey = 2; // public encryption key
  repeated bytes encryptedReadKeys = 3; // all read keys that we know for the user
  ACLUserPermissions permissions = 4;
}

// TODO: this is not used as of now
message ACLUserConfirm { // not needed for read permissions
  bytes identity = 1; // not needed
  string userAddId = 2;
}

message ACLUserInvite {
  bytes acceptPublicKey = 1;
  bytes encryptPublicKey = 2;
  repeated bytes encryptedReadKeys = 3; // all read keys that we know for the user
  ACLUserPermissions permissions = 4;
  string inviteId = 5;
}

message ACLUserJoin {
  bytes identity = 1;
  bytes encryptionKey = 2;
  bytes acceptSignature = 3; // sign acceptPublicKey
  string userInviteId = 4;
  repeated bytes encryptedReadKeys = 5; // the idea is that user should itself reencrypt the keys with the pub key
}

message ACLUserRemove {
  bytes identity = 1;
  repeated ACLReadKeyReplace readKeyReplaces = 3; // new read key encrypted for all users
}

message ACLReadKeyReplace {
  bytes identity = 1;
  bytes encryptionKey = 2;
  bytes encryptedReadKey = 3;
}

message ACLUserPermissionChange {
  bytes identity = 1;
  ACLUserPermissions permissions = 2;
}

enum ACLUserPermissions {
  Admin = 0;
  Writer = 1;
  Reader = 2;
  Removed = 3;
}

message ACLRecord {
  string prevId = 1;
  bytes identity = 2;
  bytes data = 3;
  uint64 currentReadKeyHash = 4;
  int64 timestamp = 5;
}

message ACLHeader {
  string firstId = 1;
  bytes identity = 2; // the identity of the creator
}

// Tree protos

message RawTreeChange {
  bytes payload = 1;
  bytes signature = 2;
}

message RawTreeChangeWithId {
  bytes rawChange = 1;
  string id = 2;
}

message TreeChange {
  repeated string treeHeadIds = 1;
  string aclHeadId = 2;
  string snapshotBaseId = 3;
  bytes changesData = 4;
  uint64 currentReadKeyHash = 5;
  int64 timestamp = 6;
  bytes identity = 7;
  bool isSnapshot = 8;
}

enum TreeHeaderType {
  Object = 0;
  Space = 1;
}

message TreeHeader {
  string firstId = 1;
  string aclId = 2;
  TreeHeaderType treeHeaderType = 3;
  bytes identity = 4;
  bytes data = 5; // this should be reserved for the client to add the data it needs
}