goplt/api/proto/authz.proto

syntax = "proto3";

package authz.v1;

option go_package = "git.dcentral.systems/toolz/goplt/api/proto/generated/authz/v1;authzv1";

// AuthzService provides authorization operations.
service AuthzService {
  // Authorize checks if a user has a specific permission and returns an error if not.
  rpc Authorize(AuthorizeRequest) returns (AuthorizeResponse);
  
  // HasPermission checks if a user has a specific permission.
  rpc HasPermission(HasPermissionRequest) returns (HasPermissionResponse);
  
  // GetUserPermissions returns all permissions for a user.
  rpc GetUserPermissions(GetUserPermissionsRequest) returns (GetUserPermissionsResponse);
  
  // GetUserRoles returns all roles for a user.
  rpc GetUserRoles(GetUserRolesRequest) returns (GetUserRolesResponse);
}

// Permission represents a permission in the system.
message Permission {
  string id = 1;
  string code = 2;
  string name = 3;
  string description = 4;
}

// Role represents a role in the system.
message Role {
  string id = 1;
  string name = 2;
  string description = 3;
  repeated string permissions = 4; // Permission codes
}

// AuthorizeRequest contains user ID and permission to check.
message AuthorizeRequest {
  string user_id = 1;
  string permission = 2;
}

// AuthorizeResponse indicates authorization result.
message AuthorizeResponse {
  bool authorized = 1;
  string message = 2;
}

// HasPermissionRequest contains user ID and permission to check.
message HasPermissionRequest {
  string user_id = 1;
  string permission = 2;
}

// HasPermissionResponse indicates if the user has the permission.
message HasPermissionResponse {
  bool has_permission = 1;
}

// GetUserPermissionsRequest contains a user ID.
message GetUserPermissionsRequest {
  string user_id = 1;
}

// GetUserPermissionsResponse contains all permissions for the user.
message GetUserPermissionsResponse {
  repeated Permission permissions = 1;
}

// GetUserRolesRequest contains a user ID.
message GetUserRolesRequest {
  string user_id = 1;
}

// GetUserRolesResponse contains all roles for the user.
message GetUserRolesResponse {
  repeated Role roles = 1;
}