1
// Copyright 2016 Canonical Ltd.
2
// Licensed under the AGPLv3, see LICENCE file for details.
7
"github.com/juju/errors"
8
"github.com/juju/schema"
11
// Access represents a level of access.
15
// UndefinedAccess is not a valid access type. It is the value
16
// used when access is not defined at all.
17
UndefinedAccess Access = ""
21
// ReadAccess allows a user to read information about a permission subject,
22
// without being able to make any changes.
23
ReadAccess Access = "read"
25
// WriteAccess allows a user to make changes to a permission subject.
26
WriteAccess Access = "write"
28
// AdminAccess allows a user full control over the subject.
29
AdminAccess Access = "admin"
31
// Controller permissions
33
// LoginAccess allows a user to log-ing into the subject.
34
LoginAccess Access = "login"
36
// AddModelAccess allows user to add new models in subjects supporting it.
37
AddModelAccess Access = "addmodel"
39
// SuperuserAccess allows user unrestricted permissions in the subject.
40
SuperuserAccess Access = "superuser"
43
// Validate returns error if the current is not a valid access level.
44
func (a Access) Validate() error {
46
case UndefinedAccess, AdminAccess, ReadAccess, WriteAccess,
47
LoginAccess, AddModelAccess, SuperuserAccess:
50
return errors.NotValidf("access level %s", a)
53
// ValidateModelAccess returns error if the passed access is not a valid
54
// model access level.
55
func ValidateModelAccess(access Access) error {
57
case ReadAccess, WriteAccess, AdminAccess:
60
return errors.NotValidf("%q model access", access)
63
//ValidateControllerAccess returns error if the passed access is not a valid
64
// controller access level.
65
func ValidateControllerAccess(access Access) error {
67
case LoginAccess, AddModelAccess, SuperuserAccess:
70
return errors.NotValidf("%q controller access", access)
73
// EqualOrGreaterModelAccessThan returns true if the provided access is equal or
74
// less than the current.
75
func (a Access) EqualOrGreaterModelAccessThan(access Access) bool {
83
return access == UndefinedAccess
85
return access == ReadAccess ||
86
access == UndefinedAccess
87
case AdminAccess, SuperuserAccess:
88
return access == ReadAccess ||
94
// EqualOrGreaterControllerAccessThan returns true if the provided access is equal or
95
// less than the current.
96
func (a Access) EqualOrGreaterControllerAccessThan(access Access) bool {
101
case UndefinedAccess:
104
return access == UndefinedAccess
106
return access == UndefinedAccess ||
107
access == LoginAccess
108
case SuperuserAccess:
109
return access == UndefinedAccess ||
110
access == LoginAccess ||
111
access == AddModelAccess
116
// accessField returns a Checker that accepts a string value only
117
// and returns a valid Access or an error.
118
func accessField() schema.Checker {
122
type accessC struct{}
124
func (c accessC) Coerce(v interface{}, path []string) (interface{}, error) {
126
in, err := s.Coerce(v, path)
130
access := Access(in.(string))
131
if err := access.Validate(); err != nil {
132
return nil, errors.Trace(err)