Module holochain_zome_types::capability [−][src]
Capability Grants and Claims
This module provides a custom system for defining application-specific capabilities, and allowing others to access those capabilities in a fine-grained manner. The Grantor of a capability can receive requests from a Claimant, and if the claim provides the right criteria, the Grantor will perform the task specified by the capability and respond to the Claimant.
Capabilities come with three possible degrees of access control:
- Unrestricted: anybody can exercise this capability
- Transferable: a secret must be provided, but anybody with the secret may exercise the capability
- Assigned: Like Transferable, but there is a list of approved AgentPubKeys, and requests from any other agents are ignored.
Capabilities are declared by a Grantor via a CapGrant. CapGrants
are not directly committed to a source chain, but can be constructed from
certain source chain entries. They define a certain bit of functionality,
as well as the access controls which determine who may exercise the granted
functionality.
Capabilites are exercised by other agents via a CapClaim which they
commit to their source chain as a private entry. This struct contains the
information needed to refer to the capability as well as the secret needed
to send to the Grantor.
Structs
| CapClaim | System entry to hold a capability token claim for use as a caller. Stored by a claimant so they can remember what’s necessary to exercise this capability by sending the secret to the grantor. |
| CapSecret | A CapSecret is used by a caller to prove to a callee access to a committed CapGrant. |
| CurryPayloads | @todo Ability to forcibly curry payloads into functions that are called with a claim. |
| ZomeCallCapGrant | The entry for the ZomeCall capability grant. This data is committed to the callee’s source chain as a private entry. The remote calling agent must provide a secret and we source their pubkey from the active network connection. This must match the strictness of the CapAccess. |
Enums
| CapAccess | Represents access requirements for capability grants. |
| CapGrant | Represents a potentially valid access grant to a zome call. Zome call response will be Unauthorized without a valid grant. |
Constants
| CAP_SECRET_BITS | The number of bits we want for a comfy secret. |
| CAP_SECRET_BYTES | The number of bytes we want for a comfy secret. |
Type Definitions
| CapSecretBytes | A fixed size array of bytes that a secret must be. |
| GrantedFunction | a single zome/function pair |
| GrantedFunctions | A collection of zome/function pairs |