chore: rename access to permission

crate/cli/src/actions/permissions.rs

@@ -1,21 +1,21 @@
 use clap::Parser;
-use cosmian_rest_client::RestClient;
+use cosmian_rest_client::{Permission, RestClient};
 
 use crate::{
     actions::console,
     error::result::{CliResult, CliResultHelper},
 };
 
-/// Manage the users' access rights to the indexes
+/// Manage the users permissions to the indexes
 #[derive(Parser, Debug)]
-pub enum AccessAction {
-    Create(CreateAccess),
-    Grant(GrantAccess),
-    Revoke(RevokeAccess),
+pub enum PermissionsAction {
+    Create(CreateIndex),
+    Grant(GrantPermission),
+    Revoke(RevokePermission),
 }
 
-impl AccessAction {
-    /// Processes the access action.
+impl PermissionsAction {
+    /// Processes the permissions action.
     ///
     /// # Arguments
     ///
@@ -35,11 +35,13 @@ impl AccessAction {
     }
 }
 
-/// Create a new access right.
+/// Create a new index. It results on an `admin` permission on a new index.
+///
+/// Users can have 1 permission on multiple indexes
 #[derive(Parser, Debug)]
-pub struct CreateAccess;
+pub struct CreateIndex;
 
-impl CreateAccess {
+impl CreateIndex {
     /// Create a new Index with a default `admin` permission.
     ///
     /// Generates an unique index ID which is returned to the owner.
@@ -57,25 +59,25 @@ impl CreateAccess {
     /// Returns an error if the query execution on the Findex server fails.
     pub async fn run(&self, rest_client: RestClient) -> CliResult<String> {
         let response = rest_client
-            .create_access()
+            .create_index_id()
             .await
-            .with_context(|| "Can't execute the create access query on the findex server")?;
+            .with_context(|| "Can't execute the create index id query on the findex server")?;
         // should replace the user configuration file
         console::Stdout::new(&response.success).write()?;
 
         Ok(response.success)
     }
 }
 
-/// Grant access.
+/// Grant permission on a index.
 ///
 /// This command can only be called by the owner of the index. It allows to
 /// grant:
-/// * `reader` access: the user can only read the index
-/// * `writer` access: the user can read and write the index
-/// * `admin` access: the user can read, write and grant access to the index
+/// * `read` permission: the user can only read the index
+/// * `write` permission: the user can read and write the index
+/// * `admin` permission: the user can read, write and grant permission to the index
 #[derive(Parser, Debug)]
-pub struct GrantAccess {
+pub struct GrantPermission {
     /// The user identifier to allow
     #[clap(long, required = true)]
     pub user: String,
@@ -84,13 +86,12 @@ pub struct GrantAccess {
     #[clap(long, required = true)]
     pub index_id: String,
 
-    /// The permission to grant (`reader`, `writer`, `admin`)
     #[clap(long, required = true)]
-    pub permission: String,
+    pub permission: Permission,
 }
 
-impl GrantAccess {
-    /// Runs the `GrantAccess` action.
+impl GrantPermission {
+    /// Runs the `GrantPermission` action.
     ///
     /// # Arguments
     ///
@@ -102,21 +103,21 @@ impl GrantAccess {
     /// Returns an error if the query execution on the Findex server fails.
     pub async fn run(&self, rest_client: RestClient) -> CliResult<String> {
         let response = rest_client
-            .grant_access(&self.user, &self.permission, &self.index_id)
+            .grant_permission(&self.user, &self.permission, &self.index_id)
             .await
-            .with_context(|| "Can't execute the grant access query on the findex server")?;
+            .with_context(|| "Can't execute the grant permission query on the findex server")?;
 
         console::Stdout::new(&response.success).write()?;
 
         Ok(response.success)
     }
 }
 
-/// Revoke user access.
+/// Revoke user permission.
 ///
 /// This command can only be called by the owner of the index.
 #[derive(Parser, Debug)]
-pub struct RevokeAccess {
+pub struct RevokePermission {
     /// The user identifier to revoke
     #[clap(long, required = true)]
     pub user: String,
@@ -126,8 +127,8 @@ pub struct RevokeAccess {
     pub index_id: String,
 }
 
-impl RevokeAccess {
-    /// Runs the `RevokeAccess` action.
+impl RevokePermission {
+    /// Runs the `RevokePermission` action.
     ///
     /// # Arguments
     ///
@@ -139,9 +140,9 @@ impl RevokeAccess {
     /// Returns an error if the query execution on the Findex server fails.
     pub async fn run(&self, rest_client: RestClient) -> CliResult<String> {
         let response = rest_client
-            .revoke_access(&self.user, &self.index_id)
+            .revoke_permission(&self.user, &self.index_id)
             .await
-            .with_context(|| "Can't execute the revoke access query on the findex server")?;
+            .with_context(|| "Can't execute the revoke permission query on the findex server")?;
 
         console::Stdout::new(&response.success).write()?;
 

crate/cli/src/error/mod.rs

@@ -41,7 +41,7 @@ pub enum CliError {
     ServerError(String),
 
     // Any actions of the user which is not allowed
-    #[error("Access denied: {0}")]
+    #[error("Permission denied: {0}")]
     Unauthorized(String),
 
     // A cryptographic error

crate/cli/src/main.rs

@@ -7,7 +7,7 @@ use cosmian_findex_cli::{
         login::LoginAction,
         logout::LogoutAction,
         markdown::MarkdownAction,
-        permissions::AccessAction,
+        permissions::PermissionsAction,
         version::ServerVersionAction,
     },
     error::result::CliResult,
@@ -51,7 +51,7 @@ enum CliCommands {
     Login(LoginAction),
     Logout(LogoutAction),
     #[command(subcommand)]
-    AccessRights(AccessAction),
+    Permissions(PermissionsAction),
 
     /// Action to auto-generate doc in Markdown format
     /// Run `cargo run --bin findex -- markdown
@@ -95,7 +95,7 @@ async fn main_() -> CliResult<()> {
                 CliCommands::Delete(action) => action.delete(rest_client).await?,
                 CliCommands::Search(action) => action.process(rest_client).await?,
                 CliCommands::ServerVersion(action) => action.process(rest_client).await?,
-                CliCommands::AccessRights(action) => action.process(rest_client).await?,
+                CliCommands::Permissions(action) => action.process(rest_client).await?,
                 _ => {
                     tracing::error!("unexpected command");
                 }

crate/cli/src/tests/findex/mod.rs

@@ -1,5 +1,6 @@
 use add_or_delete::add_or_delete_cmd;
 use cosmian_logger::log_utils::log_init;
+use cosmian_rest_client::Permission;
 use search::search_cmd;
 use test_findex_server::{
     start_default_test_findex_server, start_default_test_findex_server_with_cert_auth,
@@ -10,10 +11,10 @@ use uuid::Uuid;
 use crate::{
     actions::{
         findex::{add_or_delete::AddOrDeleteAction, search::SearchAction, FindexParameters},
-        permissions::{GrantAccess, RevokeAccess},
+        permissions::{GrantPermission, RevokePermission},
     },
     error::result::CliResult,
-    tests::permissions::{create_access_cmd, grant_access_cmd, revoke_access_cmd},
+    tests::permissions::{create_index_id_cmd, grant_permission_cmd, revoke_permission_cmd},
 };
 
 pub(crate) mod add_or_delete;
@@ -100,7 +101,7 @@ pub(crate) async fn test_findex_cert_auth() -> CliResult<()> {
     log_init(None);
     let ctx = start_default_test_findex_server_with_cert_auth().await;
 
-    let index_id = create_access_cmd(&ctx.owner_client_conf_path)?;
+    let index_id = create_index_id_cmd(&ctx.owner_client_conf_path)?;
     trace!("index_id: {index_id}");
 
     add_search_delete(&ctx.owner_client_conf_path, &index_id)?;
@@ -109,23 +110,22 @@ pub(crate) async fn test_findex_cert_auth() -> CliResult<()> {
 
 #[allow(clippy::panic_in_result_fn, clippy::unwrap_used)]
 #[tokio::test]
-pub(crate) async fn test_findex_grant_read_access() -> CliResult<()> {
+pub(crate) async fn test_findex_grant_read_permission() -> CliResult<()> {
     log_init(None);
     let ctx = start_default_test_findex_server_with_cert_auth().await;
 
-    let index_id = create_access_cmd(&ctx.owner_client_conf_path)?;
+    let index_id = create_index_id_cmd(&ctx.owner_client_conf_path)?;
     trace!("index_id: {index_id}");
 
     add(&ctx.owner_client_conf_path, &index_id)?;
 
-    // Grant read access to the client
-    grant_access_cmd(
+    // Grant read permission to the client
+    grant_permission_cmd(
         &ctx.owner_client_conf_path,
-        GrantAccess {
+        GrantPermission {
             user: "[email protected]".to_owned(),
             index_id: index_id.clone(),
-            permission: "reader".to_owned(), /* todo(manu): use a mutual struct between server and
-                                              * client */
+            permission: Permission::Read,
         },
     )?;
 
@@ -137,13 +137,13 @@ pub(crate) async fn test_findex_grant_read_access() -> CliResult<()> {
     // ... but not write
     assert!(add(&ctx.user_client_conf_path, &index_id).is_err());
 
-    // Grant write access
-    grant_access_cmd(
+    // Grant write permission
+    grant_permission_cmd(
         &ctx.owner_client_conf_path,
-        GrantAccess {
+        GrantPermission {
             user: "[email protected]".to_owned(),
             index_id: index_id.clone(),
-            permission: "writer".to_owned(),
+            permission: Permission::Write,
         },
     )?;
 
@@ -155,20 +155,20 @@ pub(crate) async fn test_findex_grant_read_access() -> CliResult<()> {
     // ... and write
     add(&ctx.user_client_conf_path, &index_id)?;
 
-    // Try to escalade privileges from `reader` to `admin`
-    grant_access_cmd(
+    // Try to escalade privileges from `read` to `admin`
+    grant_permission_cmd(
         &ctx.user_client_conf_path,
-        GrantAccess {
+        GrantPermission {
             user: "[email protected]".to_owned(),
             index_id: index_id.clone(),
-            permission: "admin".to_owned(),
+            permission: Permission::Admin,
         },
     )
     .unwrap_err();
 
-    revoke_access_cmd(
+    revoke_permission_cmd(
         &ctx.owner_client_conf_path,
-        RevokeAccess {
+        RevokePermission {
             user: "[email protected]".to_owned(),
             index_id: index_id.clone(),
         },
@@ -181,7 +181,7 @@ pub(crate) async fn test_findex_grant_read_access() -> CliResult<()> {
 
 #[allow(clippy::panic_in_result_fn)]
 #[tokio::test]
-pub(crate) async fn test_findex_no_access() -> CliResult<()> {
+pub(crate) async fn test_findex_no_permission() -> CliResult<()> {
     log_init(None);
     let ctx = start_default_test_findex_server_with_cert_auth().await;
 

crate/cli/src/tests/permissions.rs

@@ -6,7 +6,7 @@ use regex::{Regex, RegexBuilder};
 use tracing::{debug, trace};
 
 use crate::{
-    actions::permissions::{GrantAccess, RevokeAccess},
+    actions::permissions::{GrantPermission, RevokePermission},
     error::{result::CliResult, CliError},
     tests::{utils::recover_cmd_logs, PROG_NAME},
 };
@@ -24,20 +24,20 @@ pub(crate) fn extract_uid<'a>(text: &'a str, pattern: &'a str) -> Option<&'a str
         .and_then(|cap| cap.name("uid").map(|uid| uid.as_str()))
 }
 
-pub(crate) fn create_access_cmd(cli_conf_path: &str) -> CliResult<String> {
+pub(crate) fn create_index_id_cmd(cli_conf_path: &str) -> CliResult<String> {
     let mut cmd = Command::cargo_bin(PROG_NAME)?;
     let args = vec!["create".to_owned()];
     cmd.env(FINDEX_CLI_CONF_ENV, cli_conf_path);
 
-    cmd.arg("access-rights").args(args);
+    cmd.arg("permissions").args(args);
     debug!("cmd: {:?}", cmd);
     let output = recover_cmd_logs(&mut cmd);
     if output.status.success() {
         let findex_output = std::str::from_utf8(&output.stdout)?;
         trace!("findex_output: {}", findex_output);
         let unique_identifier = extract_uid(
             findex_output,
-            "New admin access successfully created on index",
+            "New admin permission successfully created on index",
         )
         .ok_or_else(|| CliError::Default("failed extracting the unique identifier".to_owned()))?;
         return Ok(unique_identifier.to_owned());
@@ -48,7 +48,10 @@ pub(crate) fn create_access_cmd(cli_conf_path: &str) -> CliResult<String> {
 }
 
 #[allow(dead_code)]
-pub(crate) fn grant_access_cmd(cli_conf_path: &str, action: GrantAccess) -> CliResult<String> {
+pub(crate) fn grant_permission_cmd(
+    cli_conf_path: &str,
+    action: GrantPermission,
+) -> CliResult<String> {
     let mut cmd = Command::cargo_bin(PROG_NAME)?;
     let args = vec![
         "grant".to_owned(),
@@ -57,11 +60,11 @@ pub(crate) fn grant_access_cmd(cli_conf_path: &str, action: GrantAccess) -> CliR
         "--index-id".to_owned(),
         action.index_id,
         "--permission".to_owned(),
-        action.permission,
+        action.permission.to_string(),
     ];
     cmd.env(FINDEX_CLI_CONF_ENV, cli_conf_path);
 
-    cmd.arg("access-rights").args(args);
+    cmd.arg("permissions").args(args);
     debug!("cmd: {:?}", cmd);
     let output = recover_cmd_logs(&mut cmd);
     if output.status.success() {
@@ -74,7 +77,10 @@ pub(crate) fn grant_access_cmd(cli_conf_path: &str, action: GrantAccess) -> CliR
 }
 
 #[allow(dead_code)]
-pub(crate) fn revoke_access_cmd(cli_conf_path: &str, action: RevokeAccess) -> CliResult<String> {
+pub(crate) fn revoke_permission_cmd(
+    cli_conf_path: &str,
+    action: RevokePermission,
+) -> CliResult<String> {
     let mut cmd = Command::cargo_bin(PROG_NAME)?;
     let args = vec![
         "revoke".to_owned(),
@@ -85,7 +91,7 @@ pub(crate) fn revoke_access_cmd(cli_conf_path: &str, action: RevokeAccess) -> Cl
     ];
     cmd.env(FINDEX_CLI_CONF_ENV, cli_conf_path);
 
-    cmd.arg("access-rights").args(args);
+    cmd.arg("permissions").args(args);
     debug!("cmd: {:?}", cmd);
     let output = recover_cmd_logs(&mut cmd);
     if output.status.success() {

crate/client/Cargo.toml

@@ -16,6 +16,7 @@ doctest = false
 
 [dependencies]
 base64 = { workspace = true }
+clap = { workspace = true }
 der = { workspace = true }
 pem = { workspace = true }
 reqwest = { workspace = true, features = ["default", "json", "native-tls"] }