canic-core 0.37.1

Canic — a canister orchestration and management toolkit for the Internet Computer
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39

//! App mode gating for endpoints.
//!
//! The app bucket only inspects the application mode and does not
//! evaluate caller identity or environment predicates.

use crate::{access::AccessError, ops::storage::state::app::AppStateOps};

/// Validate access for query calls.
///
/// Behavior:
/// - Enabled and Readonly modes permit queries.
/// - Disabled mode rejects queries.
pub fn guard_app_query() -> Result<(), AccessError> {
    if AppStateOps::is_query_allowed() {
        Ok(())
    } else {
        Err(AccessError::Denied("application is disabled".to_string()))
    }
}

/// Validate access for update calls.
///
/// Behavior:
/// - Enabled mode permits updates.
/// - Readonly rejects updates.
/// - Disabled rejects updates.
pub fn guard_app_update() -> Result<(), AccessError> {
    if AppStateOps::is_update_allowed() {
        return Ok(());
    }

    if AppStateOps::is_readonly() {
        Err(AccessError::Denied(
            "application is in readonly mode".to_string(),
        ))
    } else {
        Err(AccessError::Denied("application is disabled".to_string()))
    }
}