canic-core 0.25.7

Canic — a canister orchestration and management toolkit for the Internet Computer
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41

//! App mode gating for endpoints.
//!
//! The app bucket only inspects the application mode and does not
//! evaluate caller identity or environment predicates.

use crate::{
    access::AccessError, ops::storage::state::app::AppStateOps,
    storage::stable::state::app::AppMode,
};

/// Validate access for query calls.
///
/// Behavior:
/// - Enabled and Readonly modes permit queries.
/// - Disabled mode rejects queries.
pub fn guard_app_query() -> Result<(), AccessError> {
    let mode = AppStateOps::get_mode();

    match mode {
        AppMode::Enabled | AppMode::Readonly => Ok(()),
        AppMode::Disabled => Err(AccessError::Denied("application is disabled".to_string())),
    }
}

/// Validate access for update calls.
///
/// Behavior:
/// - Enabled mode permits updates.
/// - Readonly rejects updates.
/// - Disabled rejects updates.
pub fn guard_app_update() -> Result<(), AccessError> {
    let mode = AppStateOps::get_mode();

    match mode {
        AppMode::Enabled => Ok(()),
        AppMode::Readonly => Err(AccessError::Denied(
            "application is in readonly mode".to_string(),
        )),
        AppMode::Disabled => Err(AccessError::Denied("application is disabled".to_string())),
    }
}