zoe_app_primitives/group/events/
permissions.rs

1use forward_compatible_enum::U32Discriminants;
2use serde::{Deserialize, Serialize};
3
4use super::roles::GroupRole;
5
6/// Actions that can be performed in a group
7#[derive(Debug, Clone, PartialEq, Eq)]
8pub enum GroupAction {
9    /// Update group settings and metadata
10    UpdateGroup,
11    /// Assign roles to members
12    AssignRoles,
13    /// Post activities in the group
14    PostActivities,
15    /// Update encryption settings
16    UpdateEncryption,
17}
18
19/// Permissions for group actions in encrypted groups
20///
21/// Defines who can perform various actions within the group based on their role.
22#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
23pub struct GroupPermissions {
24    /// Who can update group settings
25    pub update_group: Permission,
26    /// Who can assign roles to other members
27    pub assign_roles: Permission,
28    /// Who can post activities (typically all key holders)
29    pub post_activities: Permission,
30    /// Who can update group encryption settings
31    pub update_encryption: Permission,
32}
33
34/// Permission levels for group actions
35///
36/// Defines the minimum role level required to perform certain actions.
37#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq, U32Discriminants)]
38#[u32_discriminants(fallback = "AllMembers")]
39pub enum Permission {
40    /// Only group owners
41    #[discriminant(9)]
42    OwnerOnly,
43    /// Owners and admins
44    #[discriminant(5)]
45    AdminOrAbove,
46    /// Owners, admins, and moderators
47    #[discriminant(3)]
48    ModeratorOrAbove,
49    /// Any group member
50    #[discriminant(0)]
51    AllMembers,
52}
53
54impl Default for GroupPermissions {
55    fn default() -> Self {
56        Self {
57            update_group: Permission::AdminOrAbove,
58            assign_roles: Permission::OwnerOnly,
59            post_activities: Permission::AllMembers,
60            update_encryption: Permission::OwnerOnly,
61        }
62    }
63}
64
65impl GroupPermissions {
66    /// Create a new GroupPermissions with custom settings
67    pub fn new() -> Self {
68        Self::default()
69    }
70
71    /// Set permission for updating group settings
72    pub fn update_group(mut self, permission: Permission) -> Self {
73        self.update_group = permission;
74        self
75    }
76
77    /// Set permission for assigning roles
78    pub fn assign_roles(mut self, permission: Permission) -> Self {
79        self.assign_roles = permission;
80        self
81    }
82
83    /// Set permission for posting activities
84    pub fn post_activities(mut self, permission: Permission) -> Self {
85        self.post_activities = permission;
86        self
87    }
88
89    /// Set permission for updating encryption settings
90    pub fn update_encryption(mut self, permission: Permission) -> Self {
91        self.update_encryption = permission;
92        self
93    }
94
95    /// Check if a role can perform a specific action
96    pub fn can_perform_action(&self, role: &GroupRole, action: GroupAction) -> bool {
97        let required_permission = match action {
98            GroupAction::UpdateGroup => &self.update_group,
99            GroupAction::AssignRoles => &self.assign_roles,
100            GroupAction::PostActivities => &self.post_activities,
101            GroupAction::UpdateEncryption => &self.update_encryption,
102        };
103
104        role.has_permission(required_permission)
105    }
106}