junobuild_collections/assert/
stores.rs

1use crate::types::rules::Permission;
2use candid::Principal;
3use junobuild_shared::controllers::is_controller;
4use junobuild_shared::types::state::Controllers;
5use junobuild_shared::utils::{principal_not_anonymous, principal_not_anonymous_and_equal};
6
7pub fn assert_permission(
8    permission: &Permission,
9    owner: Principal,
10    caller: Principal,
11    controllers: &Controllers,
12) -> bool {
13    match permission {
14        Permission::Public => true,
15        Permission::Private => assert_caller(caller, owner),
16        Permission::Managed => assert_caller(caller, owner) || is_controller(caller, controllers),
17        Permission::Controllers => is_controller(caller, controllers),
18    }
19}
20
21/// If a document or asset is about to be created for the first time, it can be initialized without further rules unless the collection is set as controller and the caller is not a controller.
22/// This can be useful e.g. when a collection read permission is set to public but only the administrator can add content.
23pub fn assert_create_permission(
24    permission: &Permission,
25    caller: Principal,
26    controllers: &Controllers,
27) -> bool {
28    match permission {
29        Permission::Public => true,
30        Permission::Private => assert_not_anonymous(caller),
31        Permission::Managed => assert_not_anonymous(caller),
32        Permission::Controllers => is_controller(caller, controllers),
33    }
34}
35
36fn assert_caller(caller: Principal, owner: Principal) -> bool {
37    principal_not_anonymous_and_equal(caller, owner)
38}
39
40fn assert_not_anonymous(caller: Principal) -> bool {
41    principal_not_anonymous(caller)
42}
43
44pub fn public_permission(permission: &Permission) -> bool {
45    matches!(permission, Permission::Public)
46}