holochain_zome_types/
capability.rs

1//! Capability Grants and Claims
2//!
3//! This module provides a custom system for defining application-specific
4//! capabilities, and allowing others to access those capabilities in a
5//! fine-grained manner. The Grantor of a capability can receive requests from
6//! a Claimant, and if the claim provides the right criteria, the Grantor will
7//! perform the task specified by the capability and respond to the Claimant.
8//!
9//! Capabilities come with three possible degrees of access control:
10//! - Unrestricted: anybody can exercise this capability
11//! - Transferable: a secret must be provided, but anybody with the secret may
12//!   exercise the capability
13//! - Assigned: Like Transferable, but there is a list of approved AgentPubKeys,
14//!   and requests from any other agents are ignored.
15//!
16//! Capabilities are declared by a Grantor via a **`CapGrant`**. `CapGrant`s
17//! are not directly committed to a source chain, but can be constructed from
18//! certain source chain entries. They define a certain bit of functionality,
19//! as well as the access controls which determine who may exercise the granted
20//! functionality.
21//!
22//! Capabilites are exercised by other agents via a **`CapClaim`** which they
23//! commit to their source chain as a private entry. This struct contains the
24//! information needed to refer to the capability as well as the secret needed
25//! to send to the Grantor.
26
27use crate::prelude::*;
28use serde::{Deserialize, Serialize};
29
30mod grant;
31pub use grant::*;
32pub use holochain_integrity_types::capability::*;
33
34/// Parameters for granting a zome call capability.
35#[derive(Debug, Deserialize, Serialize)]
36pub struct GrantZomeCallCapabilityPayload {
37    /// Cell for which to authorize the capability.
38    pub cell_id: CellId,
39    /// Specifies the capability, consisting of zomes and functions to allow
40    /// signing for as well as access level, secret and assignees.
41    pub cap_grant: ZomeCallCapGrant,
42}
43
44/// A list which map a cell ID to their capability grant information.
45///
46/// NOTE: while a map would have been more appropriate, we use a vector here
47/// because it is problematic with msgpack encoding.
48#[derive(Debug, Deserialize, Serialize, Clone)]
49pub struct AppCapGrantInfo(pub Vec<(CellId, Vec<CapGrantInfo>)>);
50
51/// Information about a capability grant.
52#[derive(Debug, Deserialize, Serialize, Clone)]
53pub struct CapGrantInfo {
54    /// Specifies the capability, consisting of zomes and functions to allow
55    /// signing for as well as access level, secret and assignees.
56    pub cap_grant: DesensitizedZomeCallCapGrant,
57    /// The action hash of the grant.
58    pub action_hash: ActionHash,
59    /// Time the capability grant was created.
60    pub created_at: Timestamp,
61    /// Timestamp of capability revocation if revoked.
62    pub revoked_at: Option<Timestamp>,
63}