canic_core/api/access/
auth.rs

1use crate::{
2    PublicError,
3    access::auth::{self, AuthRuleFn},
4    cdk::types::Principal,
5    ids::CanisterRole,
6};
7
8///
9/// AuthApi
10///
11
12pub struct AuthApi;
13
14impl AuthApi {
15    // --- Require --------------------------------------------------------
16
17    pub async fn require_all(rules: Vec<AuthRuleFn>) -> Result<(), PublicError> {
18        auth::require_all(rules).await.map_err(PublicError::from)
19    }
20
21    pub async fn require_any(rules: Vec<AuthRuleFn>) -> Result<(), PublicError> {
22        auth::require_any(rules).await.map_err(PublicError::from)
23    }
24
25    // --- Rules ----------------------------------------------------------
26
27    pub async fn is_app_directory_role(
28        caller: Principal,
29        role: CanisterRole,
30    ) -> Result<(), PublicError> {
31        auth::is_app_directory_role(caller, role)
32            .await
33            .map_err(PublicError::from)
34    }
35
36    pub async fn is_child(caller: Principal) -> Result<(), PublicError> {
37        auth::is_child(caller).await.map_err(PublicError::from)
38    }
39
40    pub async fn is_controller(caller: Principal) -> Result<(), PublicError> {
41        auth::is_controller(caller).await.map_err(PublicError::from)
42    }
43
44    pub async fn is_parent(caller: Principal) -> Result<(), PublicError> {
45        auth::is_parent(caller).await.map_err(PublicError::from)
46    }
47
48    pub async fn is_principal(caller: Principal, expected: Principal) -> Result<(), PublicError> {
49        auth::is_principal(caller, expected)
50            .await
51            .map_err(PublicError::from)
52    }
53
54    pub async fn is_registered_to_subnet(caller: Principal) -> Result<(), PublicError> {
55        auth::is_registered_to_subnet(caller)
56            .await
57            .map_err(PublicError::from)
58    }
59
60    pub async fn is_root(caller: Principal) -> Result<(), PublicError> {
61        auth::is_root(caller).await.map_err(PublicError::from)
62    }
63
64    pub async fn is_same_canister(caller: Principal) -> Result<(), PublicError> {
65        auth::is_same_canister(caller)
66            .await
67            .map_err(PublicError::from)
68    }
69
70    pub async fn is_subnet_directory_role(
71        caller: Principal,
72        role: CanisterRole,
73    ) -> Result<(), PublicError> {
74        auth::is_subnet_directory_role(caller, role)
75            .await
76            .map_err(PublicError::from)
77    }
78
79    pub async fn is_whitelisted(caller: Principal) -> Result<(), PublicError> {
80        auth::is_whitelisted(caller)
81            .await
82            .map_err(PublicError::from)
83    }
84}