diff options
author | Thien-Thi Nguyen <ttn@gnuvola.org> | 2022-02-21 21:49:04 -0500 |
---|---|---|
committer | Thien-Thi Nguyen <ttn@gnuvola.org> | 2022-02-21 21:49:04 -0500 |
commit | b52db4750ce0e6e19fcdaa6ad121e6feaa278b2e (patch) | |
tree | f030018ba3b0b8d9ec90bab1ebd720a9bb4f590a /manpages | |
parent | 050864edb87baf1a84553c0fdd313fcf2df82792 (diff) | |
download | docs-b52db4750ce0e6e19fcdaa6ad121e6feaa278b2e.tar.gz docs-b52db4750ce0e6e19fcdaa6ad121e6feaa278b2e.tar.bz2 docs-b52db4750ce0e6e19fcdaa6ad121e6feaa278b2e.zip |
document ‘libeufin-cli permissions’ commands
specifically:
- permissions
- permissions list
- permissions grant
- permissions revoke
Diffstat (limited to 'manpages')
-rw-r--r-- | manpages/libeufin-cli.1.rst | 79 |
1 files changed, 71 insertions, 8 deletions
diff --git a/manpages/libeufin-cli.1.rst b/manpages/libeufin-cli.1.rst index 4458a5bc..b6a175f8 100644 --- a/manpages/libeufin-cli.1.rst +++ b/manpages/libeufin-cli.1.rst @@ -640,22 +640,85 @@ For example: permissions ----------- -WRITEME - -permissions revoke -^^^^^^^^^^^^^^^^^^ - -WRITEME +The ``libeufin-cli permissions`` command manages permissions +for operations on Nexus. +It has three subcommands: list, grant, revoke. +All three commands can only be issued by the superuser. permissions list ^^^^^^^^^^^^^^^^ -WRITEME +The ``permissions list`` command lists the granted permissions. +At the beginning of a session, there are none: + +.. code-block:: console + + $ libeufin-cli permissions list + { + "permissions" : [ ] + } + permissions grant ^^^^^^^^^^^^^^^^^ -WRITEME +The ``permissions grant`` command adds a permission to the list +of granted permissions. +It takes five arguments: ``SUBJECT_TYPE``, ``SUBJECT_ID``, +``RESOURCE_TYPE``, ``RESOURCE_ID``, ``PERMISSION_NAME``. + +FIXME: The subject type and id, resource type and id, are ... + +The ``PERMISSION_NAME`` is one of the following: + +- ``facade.talerwiregateway.history`` +- ``facade.talerwiregateway.transfer`` +- ``facade.anastasis.history`` + +For example: + +.. code-block:: console + + $ libeufin-cli permissions grant \ + some-subject-type some-subject-id \ + some-resource-type some-resource-id \ + facade.anastasis.history + { } + $ libeufin-cli permissions list + { + "permissions" : [ { + "subjectType" : "some-subject-type", + "subjectId" : "some-subject-id", + "resourceType" : "some-resource-type", + "resourceId" : "some-resource-id", + "permissionName" : "facade.anastasis.history" + } ] + } + +permissions revoke +^^^^^^^^^^^^^^^^^^ + +The ``permissions revoke`` command does the opposite of the +``permissions grant`` command. +It takes the same arguments as the ``permissions grant`` command: +``SUBJECT_TYPE``, ``SUBJECT_ID``, ``RESOURCE_TYPE``, ``RESOURCE_ID``, +``PERMISSION_NAME``. + +For example: + +.. code-block:: console + + $ libeufin-cli permissions revoke \ + some-subject-type some-subject-id \ + some-resource-type some-resource-id \ + facade.anastasis.history + { } + $ libeufin-cli permissions list + { + "permissions" : [ ] + } + +This example undoes the effect of the previous (``permissions grant``) example. accounts |