Use string_set in acl

src/web/web_common.ml

@@ -22,6 +22,7 @@
 open Lwt
 open Signatures
 open Common
+open Serializable_builtin_t
 open Serializable_builtin_j
 open Serializable_t
 open Web_serializable_t
@@ -159,8 +160,11 @@ let check_acl a u =
   | Some (`Many items) ->
     let rec loop = function
       | [] -> false
-      | `Domain x :: _ when x = u.user_domain -> true
-      | `User x :: _ when x = u -> true
+      | item :: _ when item.acl_domain = u.user_domain ->
+        (match item.acl_users with
+        | `Any -> true
+        | `Many users -> SSet.mem u.user_name users
+        )
       | _ :: xs -> loop xs
     in loop items
   | _ -> false

src/web/web_serializable.atd

@@ -25,6 +25,7 @@
 
 type uuid <ocaml predef from="Serializable_builtin"> = abstract
 type datetime <ocaml predef from="Serializable_builtin"> = abstract
+type string_set <ocaml predef from="Serializable_builtin"> = abstract
 
 (** {1 Web-specific types} *)
 
@@ -38,11 +39,16 @@ type user = {
   name : string;
 } <ocaml field_prefix="user_">
 
-type acl_item =
-  [ Domain of string
-  | User of user
+type names =
+  [ Any
+  | Many of string_set
   ]
 
+type acl_item = {
+  domain : string;
+  users : names;
+} <ocaml field_prefix="acl_">
+
 type acl =
   [ Any
   | Many of acl_item list