Define a set of default permission tokens

[mversic]

Let's see what should be the default set of permissions and what should their names be. Currently we have (as listed in smart_contract/executor/src/default/tokens.rs):

    CanUnregisterAnyPeer,

    CanUnregisterDomain,
    CanSetKeyValueInDomain,
    CanRemoveKeyValueInDomain,
    CanRegisterAccountInDomain,
    CanRegisterAssetDefinitionInDomain,

    CanUnregisterAccount,
    CanMintUserPublicKeys,
    CanBurnUserPublicKeys,
    CanMintUserSignatureCheckConditions,
    CanSetKeyValueInUserAccount,
    CanRemoveKeyValueInUserAccount,

    CanUnregisterAssetDefinition,
    CanSetKeyValueInAssetDefinition,
    CanRemoveKeyValueInAssetDefinition,

    CanRegisterAssetWithDefinition,
    CanUnregisterAssetWithDefinition,
    CanUnregisterUserAsset,
    CanBurnAssetWithDefinition,
    CanMintAssetWithDefinition,
    CanMintUserAsset,
    CanBurnUserAsset,
    CanTransferAssetWithDefinition,
    CanTransferUserAsset,
    CanSetKeyValueInUserAsset,
    CanRemoveKeyValueInUserAsset,

    CanGrantPermissionToCreateParameters,
    CanRevokePermissionToCreateParameters,
    CanCreateParameters,
    CanGrantPermissionToSetParameters,
    CanRevokePermissionToSetParameters,
    CanSetParameters,

    CanUnregisterAnyRole,

    CanExecuteUserTrigger,
    CanUnregisterUserTrigger,
    CanMintUserTrigger,
    CanBurnUserTrigger,

    CanUpgradeExecutor,

So let me start by asking about registering entities. Should the registration of the following entities be allowed by default for every account:

1. Peer
2. Domain
3. Role
4. Trigger

[Mingela]

I'd rather support an idea of nothing is allowed unless a permission is issued including querying of an entity

[Stukalov-A-M]

Summary after the meeting:

1. Agreed to keep the current tokens
2. Agreed to keep root permissions for the domain to the domain owner
3. @Stukalov-A-M should analyze current expressions and if some expression doesn't have a token, add it.

[Mingela]

so by default any user can create any entities?

[Stukalov-A-M]

so by default any user can create any entities?

Well, yes and no. Any user can register only those entities, that are defined in RegisterBox. For now these are:

    /// Register [`Peer`].
    Peer(Register<Peer>),
    /// Register [`Domain`].
    Domain(Register<Domain>),
    /// Register [`Account`].
    Account(Register<Account>),
    /// Register [`AssetDefinition`].
    AssetDefinition(Register<AssetDefinition>),
    /// Register [`Asset`].
    Asset(Register<Asset>),
    /// Register [`Role`].
    Role(Register<Role>),
    /// Register [`Trigger`].
    Trigger(Register<Trigger<TriggeringFilterBox>>)

But, after creation, the user becomes an owner of the created entity and its descendants and has all permissions to manipulate them.

[mversic]

    /// Register [`Peer`].
    Peer(Register<Peer>),
    /// Register [`Domain`].
    Domain(Register<Domain>),
    /// Register [`Account`].
    Account(Register<Account>),
    /// Register [`AssetDefinition`].
    AssetDefinition(Register<AssetDefinition>),
    /// Register [`Asset`].
    Asset(Register<Asset>),
    /// Register [`Role`].
    Role(Register<Role>),
    /// Register [`Trigger`].
    Trigger(Register<Trigger<TriggeringFilterBox>>)

what I see for now:

• we need both CanRegisterAnyPeer/CanUnregisterAnyPeer
  although, I don't think it makes sense to keep it split into 2 permissions. I would rather merge them into 1 permission. We could name it CanAlterNetwork or something like that
• we should introduce CanRegisterAnyDomain

[Mingela]

I don't think peer registration should be allowed, that seems a privileged action

[mversic]

I don't think peer registration should be allowed, that seems a privileged action

well yes. That's why need to introduce CanRegisterAnyPeer or CanAlterNetwork as I suggested