#[requires]Expand description
Declares the capability requirements of a function.
When all parameters use impl Has<P> bounds, the compiler already enforces
the trait bounds and this macro emits only a #[doc] attribute.
When concrete parameter types are used (e.g., context structs), use on = param
to identify the capability parameter. The macro emits a compile-time assertion
that the parameter type implements Has<P> for each declared permission.
§Usage
ⓘ
// With impl bounds — no `on` needed
#[capsec::requires(fs::read, net::connect)]
fn sync_data(cap: &(impl Has<FsRead> + Has<NetConnect>)) -> Result<()> {
// ...
}
// With concrete context type — use `on = param`
#[capsec::requires(fs::read, net::connect, on = ctx)]
fn sync_data(config: &Config, ctx: &AppCtx) -> Result<()> {
// ...
}§Supported permission paths
Both shorthand and explicit forms are accepted:
| Shorthand | Explicit | Permission type |
|---|---|---|
fs::read | FsRead | capsec_core::permission::FsRead |
fs::write | FsWrite | capsec_core::permission::FsWrite |
net::connect | NetConnect | capsec_core::permission::NetConnect |
net::bind | NetBind | capsec_core::permission::NetBind |
env::read | EnvRead | capsec_core::permission::EnvRead |
env::write | EnvWrite | capsec_core::permission::EnvWrite |
spawn | Spawn | capsec_core::permission::Spawn |
all | Ambient | capsec_core::permission::Ambient |