Expand description
Account-level capabilities (entitlements) shared across services.
Distinct from API-key crate::permissions (per key) and roles (operational). A user is
granted a default set at registration; the platform admin can restrict/grant per user. The
effective set is computed in the identity service and propagated to every service as the
signed x-auth-capabilities header; enforcement is per-endpoint via
crate::UserContext::require_capability.
Constants§
- ACCOUNT_
READ - Read account data (balances / orders / history).
- ALL
- Every known capability, in canonical order.
- API_
ACCESS - Create / use API keys.
- DEFAULT_
ON - Capabilities granted to every user at registration (everything except fiat, which the admin enables explicitly).
- DEPOSIT_
CRYPTO - Crypto deposits.
- EARN_
STAKE - Earn / staking.
- FIAT_
DEPOSIT - Fiat deposits (off by default).
- FIAT_
WITHDRAW - Fiat withdrawals (off by default).
- SPOT_
TRADE - Place / cancel spot orders.
- TRANSFER_
INTERNAL - Internal transfers.
- WITHDRAW_
CRYPTO - Crypto withdrawals.
Functions§
- is_
default_ on - True when
capis on by default at registration. - is_
valid - True when
capis a recognized capability.