canic_core/ops/
mod.rs

1//! Business-logic helpers that sit between endpoint handlers and the state
2//! layer.
3//!
4//! The ops layer orchestrates multi-step workflows such as provisioning new
5//! canisters,  running scaling/sharding policies, and
6//! synchronizing topology snapshots. Endpoint macros call into these modules so
7//! the public surface remains thin while policy, logging, and validation live
8//! here.
9
10pub mod config;
11pub mod http;
12pub mod icrc;
13pub mod metrics;
14pub mod mgmt;
15pub mod model;
16pub mod orchestration;
17pub mod perf;
18pub mod request;
19pub mod root;
20pub mod runtime;
21pub mod service;
22pub mod signature;
23pub mod sync;
24pub mod timer;
25pub mod types;
26pub mod wasm;
27
28pub use types::*;
29
30/// Common imports for ops submodules and consumers.
31pub mod prelude {
32    pub use crate::{
33        cdk::{
34            api::{canister_self, msg_caller},
35            candid::CandidType,
36        },
37        ids::CanisterRole,
38        interface::{
39            InterfaceError,
40            ic::{call::Call, call_and_decode},
41        },
42        log,
43        log::Level,
44        ops::OpsError,
45        types::{Cycles, Int, Nat, Principal, Subaccount},
46    };
47    pub use serde::{Deserialize, Serialize};
48}
49
50use crate::{ThisError, ops::model::memory::EnvOps};
51
52///
53/// OpsError
54/// Error envelope shared across operations submodules
55///
56
57#[derive(Debug, ThisError)]
58pub enum OpsError {
59    /// Raised when a function requires root context, but was called from a child.
60    #[error("operation must be called from the root canister")]
61    NotRoot,
62
63    /// Raised when a function must not be called from root.
64    #[error("operation cannot be called from the root canister")]
65    IsRoot,
66
67    #[error(transparent)]
68    ConfigOpsError(#[from] config::ConfigOpsError),
69
70    #[error(transparent)]
71    ModelOpsError(#[from] model::ModelOpsError),
72
73    #[error(transparent)]
74    RequestOpsError(#[from] request::RequestOpsError),
75
76    #[error(transparent)]
77    SignatureOpsError(#[from] signature::SignatureOpsError),
78
79    #[error(transparent)]
80    SyncOpsError(#[from] sync::SyncOpsError),
81}
82
83impl OpsError {
84    /// Ensure the caller is the root canister.
85    pub fn require_root() -> Result<(), Self> {
86        if EnvOps::is_root() {
87            Ok(())
88        } else {
89            Err(Self::NotRoot)
90        }
91    }
92
93    /// Ensure the caller is not the root canister.
94    pub fn deny_root() -> Result<(), Self> {
95        if EnvOps::is_root() {
96            Err(Self::IsRoot)
97        } else {
98            Ok(())
99        }
100    }
101}