mirror of
https://github.com/bonfire-networks/bonfire-app.git
synced 2024-05-02 17:28:44 +00:00
168 lines
9.9 KiB
Elixir
Executable file
168 lines
9.9 KiB
Elixir
Executable file
import Config
|
|
|
|
config :bonfire_boundaries,
|
|
disabled: false # you wouldn't want to do that.
|
|
|
|
### Verbs are like permissions. Each represents some activity or operation that may or may not be able to perform.
|
|
verbs = %{
|
|
see: %{id: "0BSERV1NG11ST1NGSEX1STENCE", verb: "See"}, # appear in lists of things or feeds.
|
|
read: %{id: "0EAD1NGSVTTER1YFVNDAMENTA1", verb: "Read"}, # read it (if you can find it)/
|
|
create: %{id: "4REATE0RP0STBRANDNEW0BJECT", verb: "Create"}, # create a post or other object.
|
|
edit: %{id: "4HANG1NGVA1VES0FPR0PERT1ES", verb: "Edit"}, # change the fields of an object.
|
|
delete: %{id: "4AKESTVFFG0AWAYPERMANENT1Y", verb: "Delete"}, # delete the object.
|
|
follow: %{id: "20SVBSCR1BET0THE0VTPVT0F1T", verb: "Follow"}, # follow a user or thread or whatever.
|
|
like: %{id: "11KES1ND1CATEAM11DAPPR0VA1", verb: "Like"}, # like an object.
|
|
boost: %{id: "300ST0R0RANN0VCEANACT1V1TY", verb: "Boost"}, # boost an object.
|
|
flag: %{id: "71AGSPAM0RVNACCEPTAB1E1TEM", verb: "Flag"}, # flag an object for an administrator to review.
|
|
reply: %{id: "71TCREAT1NGA11NKEDRESP0NSE", verb: "Reply"}, # reply to a user's object.
|
|
mention: %{id: "0EFERENC1NGTH1NGSE1SEWHERE", verb: "Mention"}, # mention a user or object.
|
|
tag: %{id: "4ATEG0R1S1NGNGR0VP1NGSTVFF", verb: "Tag"}, # tag a user or object in an object.
|
|
message: %{id: "40NTACTW1THAPR1VATEMESSAGE", verb: "Message"}, # send a direct message to the user.
|
|
request: %{id: "1NEEDPERM1SS10NT0D0TH1SN0W", verb: "Request"}, # request to do another verb (eg. request to follow)
|
|
}
|
|
|
|
all_verb_names = Enum.map(verbs, &elem(&1, 0))
|
|
verbs_negative = fn verbs -> Enum.reduce(verbs, %{}, &Map.put(&2, &1, false)) end
|
|
|
|
config :bonfire,
|
|
verbs: verbs,
|
|
create_verbs: [
|
|
# block: Bonfire.Data.Social.Block,
|
|
boost: Bonfire.Data.Social.Boost,
|
|
follow: Bonfire.Data.Social.Follow,
|
|
flag: Bonfire.Data.Social.Flag,
|
|
like: Bonfire.Data.Social.Like,
|
|
]
|
|
|
|
### Now follows quite a lot of fixtures that must be inserted into the database.
|
|
|
|
config :bonfire,
|
|
### Users are placed into one or more circles, either by users or by the system. Circles referenced in ACLs have the
|
|
### effect of applying to all users in those circles.
|
|
circles: %{
|
|
### Public circles used to categorise broadly how much of a friend/do the user is.
|
|
guest: %{id: "0AND0MSTRANGERS0FF1NTERNET", name: "Guests"},
|
|
local: %{id: "3SERSFR0MY0VR10CA11NSTANCE", name: "Local Users"},
|
|
activity_pub: %{id: "7EDERATEDW1THANACT1V1TYPVB", name: "ActivityPub Peers"},
|
|
|
|
### Stereotypes - placeholders for special per-user circles the system will manage.
|
|
followers: %{id: "7DAPE0P1E1PERM1TT0F0110WME", name: "My Followers"},
|
|
ghost_them: %{id: "7N010NGERC0NSENTT0Y0VN0WTY", name: "Others I ghosted"},
|
|
silence_them: %{id: "7N010NGERWANTT011STENT0Y0V", name: "Others I silenced"},
|
|
silence_me: %{id: "0KF1NEY0VD0N0TWANTT0HEARME", name: "Others who silenced me"},
|
|
},
|
|
### ACLs (Access Control Lists) are reusable lists of permissions assigned to users and circles. Objects in bonfire
|
|
### have one or more ACLs attached and we combine the results of all of them to determine whether a user is permitted
|
|
### to perform a particular operation.
|
|
acls: %{
|
|
### Public ACLs that allow basic control over visibility and interactions.
|
|
guests_may_see_read: %{id: "7W1DE1YAVA11AB1ET0SEENREAD", name: "Publicly discoverable and readable"},
|
|
guests_may_see: %{id: "50VCANF1NDMEBVTCAN0T0PENME", name: "Publicly discoverable, but contents may be hidden"},
|
|
guests_may_read: %{id: "50VCANREAD1FY0VHAVETHE11NK", name: "Publicly readable, but not necessarily discoverable"},
|
|
locals_may_read: %{id: "10CA1SMAYSEEANDREAD0N1YN0W", name: "Visible to local users"},
|
|
locals_may_interact: %{id: "710CA1SMY1NTERACTN0TREP1YY", name: "Local users may read and interact"},
|
|
locals_may_reply: %{id: "710CA1SMY1NTERACTANDREP1YY", name: "Local users may read, interact and reply"},
|
|
|
|
### Stereotypes - placeholders for special per-user ACLs the system will manage.
|
|
|
|
## ACLs that confer my personal permissions on things i have created
|
|
# i_may_read: %{id: "71MAYSEEANDREADMY0WNSTVFFS", name: "I may read"}, # not currently used
|
|
# i_may_interact: %{id: "71MAY1NTERACTW1MY0WNSTVFFS", name: "I may read and interact"}, # not currently used
|
|
i_may_administer: %{id: "71MAYADM1N1STERMY0WNSTVFFS", name: "I may administer"},
|
|
|
|
## ACLs that confer permissions for people i mention (or reply to, which causes a mention)
|
|
mentions_may_read: %{id: "7MENT10NSCANREADTH1STH1NGS", name: "Mentions may read"},
|
|
mentions_may_interact: %{id: "7MENT10NSCAN1NTERACTW1TH1T", name: "Mentions may read and interact"},
|
|
mentions_may_reply: %{id: "7MENT10NSCANEVENREP1YT01TS", name: "Mentions may read, interact and reply"},
|
|
|
|
## "Negative" ACLs that apply overrides for ghosting and silencing purposes.
|
|
# TODO: are we going to use these for instance-wide blocks?
|
|
nobody_can_anything: %{id: "0H0STEDCANTSEE0RD0ANYTH1NG", name: "People I ghosted"},
|
|
nobody_can_reach: %{id: "1S11ENCEDTHEMS0CAN0TP1NGME", name: "People I silenced aren't discoverable by me"},
|
|
nobody_can_see: %{id: "2HEYS11ENCEDMES0CAN0TSEEME", name: "People who silenced me cannot discover me"},
|
|
},
|
|
### Grants are the entries of an ACL and define the permissions a user or circle has for content using this ACL.
|
|
###
|
|
### Data structure:
|
|
### * The outer keys are ACL names declared above.
|
|
### * The inner keys are circles declared above.
|
|
### * The inner values declare the verbs the user is permitted to see. Either a map of verb to boolean or a list
|
|
### (where values are assumed to be true).
|
|
grants: %{
|
|
### Public ACLs need their permissions filling out
|
|
guests_may_see_read: %{guest: [:read, :see, :request]},
|
|
guests_may_see: %{guest: [:read, :request]},
|
|
guests_may_read: %{guest: [:read, :request]},
|
|
locals_may_interact: %{local: [:read, :see, :mention, :tag, :boost, :like, :follow, :request]}, # interact but not reply
|
|
locals_may_reply: %{local: [:read, :see, :mention, :tag, :boost, :like, :follow, :reply, :request]}, # interact and reply
|
|
# TODO: are we doing this because of instance-wide blocking?
|
|
nobody_can_anything: %{ghost_them: verbs_negative.(all_verb_names)},
|
|
nobody_can_reach: %{silence_them: verbs_negative.([:mention, :message, :reply])},
|
|
nobody_can_see: %{silence_me: verbs_negative.([:see])},
|
|
}
|
|
# end of global boundaries
|
|
|
|
negative_grants = [
|
|
:nobody_can_anything, :nobody_can_reach, :nobody_can_see, # instance-wide negative permissions
|
|
:they_cannot_anything, :they_cannot_reach, :they_cannot_see, # per-user negative permissions
|
|
]
|
|
|
|
### Creating a user also entails inserting a default boundaries configuration for them.
|
|
###
|
|
### Notice that the predefined circles and ACLs here correspond to (some of) the stereotypes we declared above. The
|
|
### system uses this stereotype information to identify these special circles/ACLs in the database.
|
|
config :bonfire,
|
|
user_default_boundaries: %{
|
|
circles: %{
|
|
followers: %{stereotype: :followers}, # users who have followed you
|
|
ghost_them: %{stereotype: :ghost_them}, # users/instances you have ghosted
|
|
silence_them: %{stereotype: :silence_them}, # users/instances you have silenced
|
|
silence_me: %{stereotype: :silence_me}, # users who have silenced me
|
|
},
|
|
acls: %{
|
|
## ACLs that confer my personal permissions on things i have created
|
|
# i_may_read: %{stereotype: :i_may_read},
|
|
# i_may_reply: %{stereotype: :i_may_interact},
|
|
i_may_administer: %{stereotype: :i_may_administer},
|
|
## "Negative" ACLs that apply overrides for ghosting and silencing purposes.
|
|
they_cannot_anything: %{stereotype: :nobody_can_anything},
|
|
they_cannot_reach: %{stereotype: :nobody_can_reach},
|
|
they_cannot_see: %{stereotype: :nobody_can_see},
|
|
},
|
|
### Data structure:
|
|
### * The outer keys are ACL names declared above.
|
|
### * The inner keys are circles declared above.
|
|
### * The inner values declare the verbs the user is permitted to see. Either a map of verb to boolean or a list
|
|
### (where values are assumed to be true).
|
|
### * The special key `SELF` means the creating user.
|
|
grants: %{
|
|
## ACLs that confer my personal permissions on things i have created
|
|
# i_may_read: %{SELF: [:read, :see]},# not currently used
|
|
# i_may_reply: %{SELF: [:read, :see, :create, :mention, :tag, :boost, :flag, :like, :follow, :reply]}, # not currently used
|
|
i_may_administer: %{SELF: all_verb_names},
|
|
## "Negative" ACLs that apply overrides for ghosting and silencing purposes.
|
|
# People/instances I ghost can't see (or interact with or anything) me or my objects
|
|
they_cannot_anything: %{ghost_them: verbs_negative.(all_verb_names)},
|
|
# People/instances I silence can't ping me
|
|
they_cannot_reach: %{silence_them: verbs_negative.([:mention, :message])},
|
|
# People who silence me can't see me or my objects in feeds and such (but can still read them if they have a
|
|
# direct link or come across my objects in a thread structure or such).
|
|
they_cannot_see: %{silence_me: verbs_negative.([:see])},
|
|
},
|
|
### This lets us control access to the user themselves (e.g. to view their profile or mention them)
|
|
controlleds: %{
|
|
SELF: [
|
|
:guests_may_see_read, :locals_may_interact, :i_may_administer, # positive permissions
|
|
] ++ negative_grants
|
|
},
|
|
}
|
|
|
|
### Finally, we have a list of default acls to apply to newly created objects, which makes it possible for the user to
|
|
### administer their own stuff and enables ghosting and silencing to work.
|
|
config :bonfire,
|
|
object_default_boundaries: %{
|
|
acls: [
|
|
:i_may_administer, # positive permissions
|
|
] ++ negative_grants
|
|
}
|