drone/types/enum/grant.go

// Copyright 2022 Harness Inc. All rights reserved.
// Use of this source code is governed by the Polyform Free Trial License
// that can be found in the LICENSE.md file for this repository.

package enum

// AccessGrant represents the access grants a token or sshkey can have.
// Keep as int64 to allow for simpler+faster lookup of grants for a given token
// as we don't have to store an array field or need to do a join / 2nd db call.
// Multiple grants can be combined using the bit-wise or operation.
// ASSUMPTION: we don't need more than 63 grants!
//
// NOTE: A grant is always restricted by the principal permissions
//
// TODO: Beter name, access grant and permission might be to close in terminology?
type AccessGrant int64

const (
	// no grants - useless token.
	AccessGrantNone AccessGrant = 0

	// privacy related grants.
	AccessGrantPublic  AccessGrant = 1 << 0 // 1
	AccessGrantPrivate AccessGrant = 1 << 1 // 2

	// api related grants (spaces / repos, ...).
	AccessGrantAPICreate AccessGrant = 1 << 10 // 1024
	AccessGrantAPIView   AccessGrant = 1 << 11 // 2048
	AccessGrantAPIEdit   AccessGrant = 1 << 12 // 4096
	AccessGrantAPIDelete AccessGrant = 1 << 13 // 8192

	// code related grants.
	AccessGrantCodeRead  AccessGrant = 1 << 20 // 1048576
	AccessGrantCodeWrite AccessGrant = 1 << 21 // 2097152

	// grants everything - for user sessions.
	AccessGrantAll AccessGrant = 1<<63 - 1
)

// DoesGrantContain checks whether the grants contain all grants in the provided grant.
func (g AccessGrant) Contains(grants AccessGrant) bool {
	return g&grants == grants
}

// CombineGrants combines all grants into a single grant.
// Note: duplicates are ignored.
func CombineGrants(grants ...AccessGrant) AccessGrant {
	res := AccessGrantNone

	for _, grant := range grants {
		res |= grant
	}

	return res
}