package model import ( "github.com/tech/sendico/pkg/db/storable" "github.com/tech/sendico/pkg/mservice" "go.mongodb.org/mongo-driver/bson/primitive" ) // Action represents a permissible action on a resource. type Action string // Common actions for resources. const ( ActionCreate Action = "create" // Create a resource ActionRead Action = "read" // Read or view a resource ActionUpdate Action = "update" // Update or modify a resource ActionDelete Action = "delete" // Delete a resource ) // Effect determines whether an action is allowed or denied. type Effect string const ( EffectAllow Effect = "allow" // Permit the action EffectDeny Effect = "deny" // Deny the action ) // RoleDescription provides metadata about a role. type RoleDescription struct { storable.Base `bson:",inline" json:",inline"` // Base fields for MongoDB documents Describable `bson:",inline" json:",inline"` // Name and description fields OrganizationRef primitive.ObjectID `bson:"organizationRef" json:"organizationRef"` // Organization associated with the role } // Collection specifies the MongoDB collection for RoleDescription. func (*RoleDescription) Collection() string { return mservice.Roles } // Role represents a role assignment for an account within an organization. type Role struct { AccountRef primitive.ObjectID `bson:"accountRef" json:"accountRef"` // Account assigned to the role DescriptionRef primitive.ObjectID `bson:"descriptionRef" json:"descriptionRef"` // Reference to the role's description OrganizationRef primitive.ObjectID `bson:"organizationRef" json:"organizationRef"` // Organization where the role is applicable } // ActionEffect represents a combination of an action and its effect (allow/deny). type ActionEffect struct { Action Action `bson:"action" json:"action"` // The action to perform (e.g., read, write) Effect Effect `bson:"effect" json:"effect"` // Whether the action is allowed or denied } // Policy defines access control rules for a role within an organization. type Policy struct { OrganizationRef primitive.ObjectID `bson:"organizationRef" json:"organizationRef"` // Organization associated with the policy DescriptionRef primitive.ObjectID `bson:"descriptionRef" json:"descriptionRef"` // Reference to the policy's metadata ObjectRef *primitive.ObjectID `bson:"objectRef,omitempty" json:"objectRef,omitempty"` // Target object (NilObjectID for all objects) Effect ActionEffect `bson:"effect" json:"effect"` // Action and effect for the policy } // RolePolicy defines access control rules for a role within an organization. type RolePolicy struct { Policy `bson:",inline" json:",inline"` RoleDescriptionRef primitive.ObjectID `bson:"roleDescriptionRef" json:"roleDescriptionRef"` // Reference to the associated role } // PolicyDescription provides metadata for policies. type PolicyDescription struct { storable.Base `bson:",inline" json:",inline"` // Base fields for MongoDB documents Describable `bson:",inline" json:",inline"` // Name and description fields ResourceTypes *[]mservice.Type `bson:"resourceTypes,omitempty" json:"resourceTypes,omitempty"` // nil for custom policies, non-nil for built-in permissisons OrganizationRef *primitive.ObjectID `bson:"organizationRef,omitempty" json:"organizationRef,omitempty"` // nil for built-in policies, non-nil for custom } // Collection specifies the MongoDB collection for PolicyDescription. func (*PolicyDescription) Collection() string { return mservice.Policies } // Permission ties a policy to a specific account. type Permission struct { RolePolicy `bson:",inline" json:",inline"` // Embedded policy definition AccountRef primitive.ObjectID `bson:"accountRef" json:"accountRef"` // Account assigned the permission }