WIP: start work on SVO

johnstcn · johnstcn · commit 00a7c3fa2eba · 2022-03-31T15:46:19.000+01:00
diff --git a/coderd/authz/object.go b/coderd/authz/object.go
@@ -0,0 +1,12 @@
+package authz
+
+// Object is the resource being accessed
+type Object struct {
+	ObjectID   string `json:"object_id"`
+	OwnerID    string `json:"owner_id"`
+	OrgOwnerID string `json:"org_owner_id"`
+
+	// ObjectType is "workspace", "project", "devurl", etc
+	ObjectType ResourceType `json:"object_type"`
+	// TODO: SharedUsers?
+}
diff --git a/coderd/authz/resources.go b/coderd/authz/resources.go
@@ -0,0 +1,9 @@
+package authz
+
+type ResourceType string
+
+const (
+	ResourceTypeWorkspace = "workspace"
+	ResourceTypeProject   = "project"
+	ResourceTypeDevURL    = "devurl"
+)
diff --git a/coderd/authz/subject.go b/coderd/authz/subject.go
@@ -0,0 +1,28 @@
+package authz
+
+//
+//// Subject is the actor that is performing the action on an object
+//type Subject struct {
+//	UserID string `json:"user_id"`
+//
+//		SiteRoles []Role `json:"site_roles"`
+//
+//	// Ops are mapped for the resource and the list of operations on the resource for the scope.
+//	SiteOps []Permission `json:"site_ops"`
+//	OrgOps  []Permission `json:"org_ops"`
+//	// UserOps only affect objects owned by the user
+//	UserOps []Permission `json:"user_ops"`
+//}
+//
+//func (s Subject) AllPermissions() []Permission{
+//	// Explosion of roles + scopes
+//	return []Permission{}
+//}
+//
+//// Authn
+//type S struct {
+//	SiteRoles()  ([]rbac.Roles, error)
+//	OrgRoles(ctx context.Context, orgID string) ([]rbac.Roles, error)
+//	UserRoles()  ([]rbac.Roles, error)
+//	Scopes()     ([]rbac.ResourcePermission, error)
+//}
