mirrors/bonfire-app
1
0
Fork 0
mirror of https://github.com/bonfire-networks/bonfire-app.git synced 2024-05-01 16:58:44 +00:00
Code Issues Projects Releases Wiki Activity
bonfire-app/flavours/classic/config/bonfire_boundaries.exs
Mayel de Borniol 8935ecb3ed Requests
2022-03-12 21:32:42 +13:00

168 lines
9.9 KiB
Elixir
Executable file
Raw Blame History

import Config
config :bonfire_boundaries,
disabled: false # you wouldn't want to do that.
### Verbs are like permissions. Each represents some activity or operation that may or may not be able to perform.
verbs = %{
see: %{id: "0BSERV1NG11ST1NGSEX1STENCE", verb: "See"}, # appear in lists of things or feeds.
read: %{id: "0EAD1NGSVTTER1YFVNDAMENTA1", verb: "Read"}, # read it (if you can find it)/
create: %{id: "4REATE0RP0STBRANDNEW0BJECT", verb: "Create"}, # create a post or other object.
edit: %{id: "4HANG1NGVA1VES0FPR0PERT1ES", verb: "Edit"}, # change the fields of an object.
delete: %{id: "4AKESTVFFG0AWAYPERMANENT1Y", verb: "Delete"}, # delete the object.
follow: %{id: "20SVBSCR1BET0THE0VTPVT0F1T", verb: "Follow"}, # follow a user or thread or whatever.
like: %{id: "11KES1ND1CATEAM11DAPPR0VA1", verb: "Like"}, # like an object.
boost: %{id: "300ST0R0RANN0VCEANACT1V1TY", verb: "Boost"}, # boost an object.
flag: %{id: "71AGSPAM0RVNACCEPTAB1E1TEM", verb: "Flag"}, # flag an object for an administrator to review.
reply: %{id: "71TCREAT1NGA11NKEDRESP0NSE", verb: "Reply"}, # reply to a user's object.
mention: %{id: "0EFERENC1NGTH1NGSE1SEWHERE", verb: "Mention"}, # mention a user or object.
tag: %{id: "4ATEG0R1S1NGNGR0VP1NGSTVFF", verb: "Tag"}, # tag a user or object in an object.
message: %{id: "40NTACTW1THAPR1VATEMESSAGE", verb: "Message"}, # send a direct message to the user.
request: %{id: "1NEEDPERM1SS10NT0D0TH1SN0W", verb: "Request"}, # request to do another verb (eg. request to follow)
}
all_verb_names = Enum.map(verbs, &elem(&1, 0))
verbs_negative = fn verbs -> Enum.reduce(verbs, %{}, &Map.put(&2, &1, false)) end
config :bonfire,
verbs: verbs,
create_verbs: [
# block: Bonfire.Data.Social.Block,
boost: Bonfire.Data.Social.Boost,
follow: Bonfire.Data.Social.Follow,
flag: Bonfire.Data.Social.Flag,
like: Bonfire.Data.Social.Like,
]
### Now follows quite a lot of fixtures that must be inserted into the database.
config :bonfire,
### Users are placed into one or more circles, either by users or by the system. Circles referenced in ACLs have the
### effect of applying to all users in those circles.
circles: %{
### Public circles used to categorise broadly how much of a friend/do the user is.
guest: %{id: "0AND0MSTRANGERS0FF1NTERNET", name: "Guests"},
local: %{id: "3SERSFR0MY0VR10CA11NSTANCE", name: "Local Users"},
activity_pub: %{id: "7EDERATEDW1THANACT1V1TYPVB", name: "ActivityPub Peers"},
### Stereotypes - placeholders for special per-user circles the system will manage.
followers: %{id: "7DAPE0P1E1PERM1TT0F0110WME", name: "My Followers"},
ghost_them: %{id: "7N010NGERC0NSENTT0Y0VN0WTY", name: "Others I ghosted"},
silence_them: %{id: "7N010NGERWANTT011STENT0Y0V", name: "Others I silenced"},
silence_me: %{id: "0KF1NEY0VD0N0TWANTT0HEARME", name: "Others who silenced me"},
},
### ACLs (Access Control Lists) are reusable lists of permissions assigned to users and circles. Objects in bonfire
### have one or more ACLs attached and we combine the results of all of them to determine whether a user is permitted
### to perform a particular operation.
acls: %{
### Public ACLs that allow basic control over visibility and interactions.
guests_may_see_read: %{id: "7W1DE1YAVA11AB1ET0SEENREAD", name: "Publicly discoverable and readable"},
guests_may_see: %{id: "50VCANF1NDMEBVTCAN0T0PENME", name: "Publicly discoverable, but contents may be hidden"},
guests_may_read: %{id: "50VCANREAD1FY0VHAVETHE11NK", name: "Publicly readable, but not necessarily discoverable"},
locals_may_read: %{id: "10CA1SMAYSEEANDREAD0N1YN0W", name: "Visible to local users"},
locals_may_interact: %{id: "710CA1SMY1NTERACTN0TREP1YY", name: "Local users may read and interact"},
locals_may_reply: %{id: "710CA1SMY1NTERACTANDREP1YY", name: "Local users may read, interact and reply"},
### Stereotypes - placeholders for special per-user ACLs the system will manage.
## ACLs that confer my personal permissions on things i have created
# i_may_read: %{id: "71MAYSEEANDREADMY0WNSTVFFS", name: "I may read"}, # not currently used
# i_may_interact: %{id: "71MAY1NTERACTW1MY0WNSTVFFS", name: "I may read and interact"}, # not currently used
i_may_administer: %{id: "71MAYADM1N1STERMY0WNSTVFFS", name: "I may administer"},
## ACLs that confer permissions for people i mention (or reply to, which causes a mention)
mentions_may_read: %{id: "7MENT10NSCANREADTH1STH1NGS", name: "Mentions may read"},
mentions_may_interact: %{id: "7MENT10NSCAN1NTERACTW1TH1T", name: "Mentions may read and interact"},
mentions_may_reply: %{id: "7MENT10NSCANEVENREP1YT01TS", name: "Mentions may read, interact and reply"},
## "Negative" ACLs that apply overrides for ghosting and silencing purposes.
# TODO: are we going to use these for instance-wide blocks?
nobody_can_anything: %{id: "0H0STEDCANTSEE0RD0ANYTH1NG", name: "People I ghosted"},
nobody_can_reach: %{id: "1S11ENCEDTHEMS0CAN0TP1NGME", name: "People I silenced aren't discoverable by me"},
nobody_can_see: %{id: "2HEYS11ENCEDMES0CAN0TSEEME", name: "People who silenced me cannot discover me"},
},
### Grants are the entries of an ACL and define the permissions a user or circle has for content using this ACL.
###
### Data structure:
### * The outer keys are ACL names declared above.
### * The inner keys are circles declared above.
### * The inner values declare the verbs the user is permitted to see. Either a map of verb to boolean or a list
### (where values are assumed to be true).
grants: %{
### Public ACLs need their permissions filling out
guests_may_see_read: %{guest: [:read, :see, :request]},
guests_may_see: %{guest: [:read, :request]},
guests_may_read: %{guest: [:read, :request]},
locals_may_interact: %{local: [:read, :see, :mention, :tag, :boost, :like, :follow, :request]}, # interact but not reply
locals_may_reply: %{local: [:read, :see, :mention, :tag, :boost, :like, :follow, :reply, :request]}, # interact and reply
# TODO: are we doing this because of instance-wide blocking?
nobody_can_anything: %{ghost_them: verbs_negative.(all_verb_names)},
nobody_can_reach: %{silence_them: verbs_negative.([:mention, :message, :reply])},
nobody_can_see: %{silence_me: verbs_negative.([:see])},
}
# end of global boundaries
negative_grants = [
:nobody_can_anything, :nobody_can_reach, :nobody_can_see, # instance-wide negative permissions
:they_cannot_anything, :they_cannot_reach, :they_cannot_see, # per-user negative permissions
]
### Creating a user also entails inserting a default boundaries configuration for them.
###
### Notice that the predefined circles and ACLs here correspond to (some of) the stereotypes we declared above. The
### system uses this stereotype information to identify these special circles/ACLs in the database.
config :bonfire,
user_default_boundaries: %{
circles: %{
followers: %{stereotype: :followers}, # users who have followed you
ghost_them: %{stereotype: :ghost_them}, # users/instances you have ghosted
silence_them: %{stereotype: :silence_them}, # users/instances you have silenced
silence_me: %{stereotype: :silence_me}, # users who have silenced me
},
acls: %{
## ACLs that confer my personal permissions on things i have created
# i_may_read: %{stereotype: :i_may_read},
# i_may_reply: %{stereotype: :i_may_interact},
i_may_administer: %{stereotype: :i_may_administer},
## "Negative" ACLs that apply overrides for ghosting and silencing purposes.
they_cannot_anything: %{stereotype: :nobody_can_anything},
they_cannot_reach: %{stereotype: :nobody_can_reach},
they_cannot_see: %{stereotype: :nobody_can_see},
},
### Data structure:
### * The outer keys are ACL names declared above.
### * The inner keys are circles declared above.
### * The inner values declare the verbs the user is permitted to see. Either a map of verb to boolean or a list
### (where values are assumed to be true).
### * The special key `SELF` means the creating user.
grants: %{
## ACLs that confer my personal permissions on things i have created
# i_may_read: %{SELF: [:read, :see]},# not currently used
# i_may_reply: %{SELF: [:read, :see, :create, :mention, :tag, :boost, :flag, :like, :follow, :reply]}, # not currently used
i_may_administer: %{SELF: all_verb_names},
## "Negative" ACLs that apply overrides for ghosting and silencing purposes.
# People/instances I ghost can't see (or interact with or anything) me or my objects
they_cannot_anything: %{ghost_them: verbs_negative.(all_verb_names)},
# People/instances I silence can't ping me
they_cannot_reach: %{silence_them: verbs_negative.([:mention, :message])},
# People who silence me can't see me or my objects in feeds and such (but can still read them if they have a
# direct link or come across my objects in a thread structure or such).
they_cannot_see: %{silence_me: verbs_negative.([:see])},
},
### This lets us control access to the user themselves (e.g. to view their profile or mention them)
controlleds: %{
SELF: [
:guests_may_see_read, :locals_may_interact, :i_may_administer, # positive permissions
] ++ negative_grants
},
}
### Finally, we have a list of default acls to apply to newly created objects, which makes it possible for the user to
### administer their own stuff and enables ghosting and silencing to work.
config :bonfire,
object_default_boundaries: %{
acls: [
:i_may_administer, # positive permissions
] ++ negative_grants
}
Reference in a new issue View git blame Copy permalink