-
Notifications
You must be signed in to change notification settings - Fork 0
Permission
Permission enables the management of operational permissions for wowok objects by assigning permission indexes to an entity address. You can customize permissions (for example, adding a permission to modify a certain policy names in the Repository with an index of 10000); the index for custom permissions needs to be greater than or equal to 10000.
Definition
// Permission object
struct Permission has key {
id: UID,
description: String,
// Permission table; the key is the entity address, and the value is a key-value pair of <permission index, Option<Guard>>. If a Guard is set, the permission index must satisfy the guard condition.
table: LinkedTable<address, VecMap<u64, Option<address>>>,
// The ultimate manager, with all permissions, including managing admins
builder: address,
// Admins, with the permission to set the permission table and manage permission indexes of the object
admin: vector<address>,
}
// Maximum number of entity addresses in the permission table
const MAX_ENTITY_COUNT: u64 = 2000;
// Maximum number of permission indexes set for a single entity address
const MAX_PERMISSION_INDEX_COUNT: u64 = 128;
// Maximum number of admins
const MAX_ADMIN_COUNT: u64 = 64;
Operations
Create a new permission
new(description: String, ctx: &mut TxContext) : Permission
Launch permission (shared object)
create(permission: Permission) : address
Set description
description_set(permission: &mut Permission, description: String)
Set permission index and Guard for an entity address. Must have Builder permission. who: entity address; index: permission index; guard: wowok guard Object
guard_set(permission: &mut Permission, who: address, index: u64, guard: &Guard)
Remove the Guard requirement corresponding to the permission index for an entity address. Must have Builder permission.
guard_none(permission: &mut Permission, who: address, index: u64)
Add several permission indexes for an entity address. Must have Builder permission.
add_batch(permission: &mut Permission, who: address, index: vector<u64>)
Add or modify a single permission index and its Guard requirement for an entity address. Must have Builder permission.
add_or_modify(permission: &mut Permission, who: address, index: u64, guard: Option<address>, bModifyIfOldExist: bool)
Remove some permission indexes for an entity address. Must have Builder permission.
remove_index(permission: &mut Permission, who: address, index: vector<u64>)
Remove some entity addresses from the permission table; these entity addresses will no longer have any permissions for the managed wowok object. Must have Builder permission.
remove(permission: &mut Permission, who: vector<address>)
Launch a new permission. The creator becomes the builder of this permission and has the highest authority.
builder_permission(ctx: &mut TxContext) : address
Remove an admin. The operator must have Builder permission.
admin_remove(permission: &mut Permission, addr: address)
Remove all admins. The operator must have Builder permission.
admins_clear(permission: &mut Permission)
Add an admin. The operator must have Builder permission.
admin_add(permission: &mut Permission, addr: address)
Add several admins. The operator must have Builder permission.
admin_add_batch(permission: &mut Permission, addrs: vector<address>)
Remove several admins. The operator must have Builder permission.
admin_remove_batch(permission: &mut Permission, addrs: vector<address>)
Transfer the Builder permission to another person. The operator must have Builder permission.
builder_set(permission: &mut Permission, new_builder: address)
Queries
Check whether an entity address has a certain permission
has_rights_set(permission: &Permission, who: address, index: u64) : (bool, bool, bool)
Check whether an entity address has a certain permission without a Guard
has_rights(permission: &Permission, who: address, index: u64) : bool
Check whether an entity address has a certain permission (if a Guard is set, it also verifies whether it meets the requirements to pass the Guard)
has_right_with_passport(passport: &mut Passport, permission: &Permission, who: address, index: u64) : bool
Get the builder
public fun builder(permission: &Permission) : address
Get all admins
admins(permission: &Permission) : vector<address>
Check whether an entity address is an admin
is_admin(permission: &Permission, who: address) : bool
On-chain query for Guard
[Query: 1] Builder [address]; input: none
[Query: 2] Check whether it is an admin [bool]; input: entity address [address]
[Query: 3] Check whether the entity address has a certain permission (and has no Guard set) [bool]; input: entity address [address], permission index [u64]
[Query: 4] Check whether the entity address is in the permission table [bool]; input: none
[Query: 5] Check whether the entity address has a certain permission [bool]; input: entity address [address], permission index [u64]
[Query: 6] Check whether the entity address has a certain permission (and has a Guard) [bool]; input: entity address [address], permission index [u64]
[Query: 7] Guard id of the permission for the entity address [address]; must satisfy [query: 6]; input: entity address [address], permission index [u64]
[Query: 8] Number of entity addresses in the permission table [u64]; input: none
[Query: 9] Number of admin addresses [u64]; input: none
Errors
103006: Passport verification failed
103010: Custom Permission Index is invalid, must be greater than 10000
103012: The number of entity addresses has reached the maximum
103014: The number of index settings has reached the maximum
103016: Builder permission is required
103018: Admin permission is required
103020: The number of admins has reached the maximum
103032: Permission object does not match