From 65f3933da4ce7b332bef1c451d2b21b34f8a0529 Mon Sep 17 00:00:00 2001
From: IvanaH8 <iva.huskova83@gmail.com>
Date: Thu, 20 May 2021 14:36:21 +0200
Subject: [PATCH] Create scope dictionary

---
 docs/source/rbac/scopedict.py | 97 +++++++++++++++++++++++++++++++++++
 1 file changed, 97 insertions(+)
 create mode 100644 docs/source/rbac/scopedict.py

diff --git a/docs/source/rbac/scopedict.py b/docs/source/rbac/scopedict.py
new file mode 100644
index 00000000..25c3eec9
--- /dev/null
+++ b/docs/source/rbac/scopedict.py
@@ -0,0 +1,97 @@
+"""Scope definitions"""
+
+
+def get_scope_dict():
+    """Returns a nested dictionary of all available scopes:
+
+    {scopename: {'description': description,
+                 'subscopes': [immediate subscopes]},
+    }
+
+    without 'subscopes' key if the scope has no subscopes.
+    """
+    scope_dict = {
+        '(no_scope)': {'description': 'Allows for only identifying the owning entity.'},
+        'self': {
+            'description': 'Metascope, grants access to user’s own resources only; resolves to (no_scope) for services.'
+        },
+        'all': {
+            'description': 'Metascope, valid for tokens only. Grants access to everything that the token’s owning entity can access.'
+        },
+        'admin:users': {
+            'description': 'Grants read, write, create and delete access to users and their authentication state but not their servers or tokens.',
+            'subscopes': ['admin:users:auth_state', 'users'],
+        },
+        'admin:users:auth_state': {
+            'description': 'Grants access to users’ authentication state only.'
+        },
+        'users': {
+            'description': 'Grants read and write permissions to users’ models apart from servers, tokens and authentication state.',
+            'subscopes': ['read:users', 'users:activity'],
+        },
+        'read:users': {
+            'description': 'Read-only access to users’ models apart from servers, tokens and authentication state.',
+            'subscopes': [
+                'read:users:name',
+                'read:users:groups',
+                'read:users:activity',
+                'read:users:roles',
+            ],
+        },
+        'read:users:name': {'description': 'Read-only access to users’ names.'},
+        'read:users:groups': {'description': 'Read-only access to users’ group names.'},
+        'read:users:roles': {'description': 'Read-only access to users’ role names.'},
+        'read:users:activity': {
+            'description': 'Read-only access to users’ last activity.'
+        },
+        'users:activity': {
+            'description': 'Grants access to read and post users’ last activity only.',
+            'subscopes': ['read:users:activity'],
+        },
+        'admin:users:servers': {
+            'description': 'Grants read, start/stop, create and delete permissions to users’ servers and their state.',
+            'subscopes': ['admin:users:server_state', 'users:servers'],
+        },
+        'admin:users:server_state': {
+            'description': 'Grants access to servers’ state only.'
+        },
+        'users:servers': {
+            'description': 'Allows for starting/stopping users’ servers in addition to read access to their models. Does not include the server state.',
+            'subscopes': ['read:users:servers'],
+        },
+        'read:users:servers': {
+            'description': 'Read-only access to users’ names and their server models. Does not include the server state.',
+            'subscopes': ['read:users:name'],
+        },
+        'users:tokens': {
+            'description': 'Grants read, write, create and delete permissions to users’ tokens.',
+            'subscopes': ['read:users:tokens'],
+        },
+        'read:users:tokens': {'description': 'Read-only access to users’ tokens.'},
+        'admin:groups': {
+            'description': 'Grants read, write, create and delete access to groups.',
+            'subscopes': ['groups'],
+        },
+        'groups': {
+            'description': 'Grants read and write permissions to groups, including adding/removing users to/from groups.',
+            'subscopes': ['read:groups'],
+        },
+        'read:groups': {'description': 'Read-only access to groups’ models.'},
+        'read:services': {
+            'description': 'Read-only access to service models.',
+            'subscopes': ['read:services:name', 'read:services:roles'],
+        },
+        'read:services:name': {'description': 'Read-only access to service names.'},
+        'read:services:roles': {
+            'description': 'Read-only access to service role names.'
+        },
+        'read:hub': {
+            'description': 'Read-only access to detailed information about the Hub.'
+        },
+        'proxy': {
+            'description': 'Allows for obtaining information about the proxy’s routing table, for syncing the Hub with proxy and notifying the Hub about a new proxy.'
+        },
+        'shutdown': {'description': 'Grants access to shutdown the hub.'},
+    }
+
+    return scope_dict