Skip to content

Commit

Permalink
update entitlements
Browse files Browse the repository at this point in the history
  • Loading branch information
austinkline committed Apr 12, 2024
1 parent da10712 commit 419deea
Show file tree
Hide file tree
Showing 15 changed files with 36 additions and 39 deletions.
16 changes: 8 additions & 8 deletions contracts/CapabilityDelegator.cdc
Original file line number Diff line number Diff line change
Expand Up @@ -12,8 +12,9 @@ access(all) contract CapabilityDelegator {
/* --- Canonical Paths --- */
//
access(all) let StoragePath: StoragePath
access(all) let PrivatePath: PrivatePath
access(all) let PublicPath: PublicPath

access(all) entitlement Get

/* --- Events --- */
//
Expand All @@ -23,13 +24,13 @@ access(all) contract CapabilityDelegator {
/// Private interface for Capability retrieval
///
access(all) resource interface GetterPrivate {
access(Capabilities) view fun getPrivateCapability(_ type: Type): Capability? {
access(Get) view fun getPrivateCapability(_ type: Type): Capability? {
post {
result == nil || type.isSubtype(of: result.getType()): "incorrect returned capability type"
}
}
access(all) view fun findFirstPrivateType(_ type: Type): Type?
access(Capabilities) fun getAllPrivate(): [Capability]
access(Get) fun getAllPrivate(): [Capability]
}

/// Exposes public Capability retrieval
Expand Down Expand Up @@ -66,7 +67,7 @@ access(all) contract CapabilityDelegator {
/// @param type: Type of the Capability to retrieve
/// @return Capability of the given Type if it exists, nil otherwise
///
access(Capabilities) view fun getPrivateCapability(_ type: Type): Capability? {
access(Get) view fun getPrivateCapability(_ type: Type): Capability? {
return self.privateCapabilities[type]
}

Expand All @@ -82,7 +83,7 @@ access(all) contract CapabilityDelegator {
///
/// @return List of all private Capabilities
///
access(Capabilities) fun getAllPrivate(): [Capability] {
access(Get) fun getAllPrivate(): [Capability] {
return self.privateCapabilities.values
}

Expand Down Expand Up @@ -122,7 +123,7 @@ access(all) contract CapabilityDelegator {
/// @param cap: Capability to add
/// @param isPublic: Whether the Capability should be public or private
///
access(Mutate) fun addCapability(cap: Capability, isPublic: Bool) {
access(Mutate | Insert) fun addCapability(cap: Capability, isPublic: Bool) {
pre {
cap.check<&AnyResource>(): "Invalid Capability provided"
}
Expand All @@ -138,7 +139,7 @@ access(all) contract CapabilityDelegator {
///
/// @param cap: Capability to remove
///
access(Mutate) fun removeCapability(cap: Capability) {
access(Mutate | Remove) fun removeCapability(cap: Capability) {
if let removedPublic = self.publicCapabilities.remove(key: cap.getType()) {
emit DelegatorUpdated(id: self.uuid, capabilityType: cap.getType(), isPublic: true, active: false)
}
Expand Down Expand Up @@ -167,7 +168,6 @@ access(all) contract CapabilityDelegator {
init() {
let identifier = "CapabilityDelegator_".concat(self.account.address.toString())
self.StoragePath = StoragePath(identifier: identifier)!
self.PrivatePath = PrivatePath(identifier: identifier)!
self.PublicPath = PublicPath(identifier: identifier)!
}
}
Expand Down
10 changes: 4 additions & 6 deletions contracts/CapabilityFactory.cdc
Original file line number Diff line number Diff line change
Expand Up @@ -16,13 +16,12 @@
access(all) contract CapabilityFactory {

access(all) let StoragePath: StoragePath
access(all) let PrivatePath: PrivatePath
access(all) let PublicPath: PublicPath

/// Factory structures a common interface for Capability retrieval from a given account at a specified path
///
access(all) struct interface Factory {
access(Capabilities) view fun getCapability(acct: auth(Capabilities) &Account, controllerID: UInt64): Capability?
access(all) view fun getCapability(acct: auth(Capabilities) &Account, controllerID: UInt64): Capability?
access(all) view fun getPublicCapability(acct: auth(Capabilities) &Account, path: PublicPath): Capability?
}

Expand Down Expand Up @@ -61,7 +60,7 @@ access(all) contract CapabilityFactory {
/// @param t: Type of Capability the Factory retrieves
/// @param f: Factory to add
///
access(Mutate) fun addFactory(_ t: Type, _ f: {CapabilityFactory.Factory}) {
access(Mutate | Insert) fun addFactory(_ t: Type, _ f: {CapabilityFactory.Factory}) {
pre {
!self.factories.containsKey(t): "Factory of given type already exists"
}
Expand All @@ -73,15 +72,15 @@ access(all) contract CapabilityFactory {
/// @param t: Type of Capability the Factory retrieves
/// @param f: Factory to replace existing Factory
///
access(Mutate) fun updateFactory(_ t: Type, _ f: {CapabilityFactory.Factory}) {
access(Mutate | Insert) fun updateFactory(_ t: Type, _ f: {CapabilityFactory.Factory}) {
self.factories[t] = f
}

/// Removes a Factory from the Manager, returning it or nil if it didn't exist
///
/// @param t: Type the Factory is indexed on
///
access(Mutate) fun removeFactory(_ t: Type): {CapabilityFactory.Factory}? {
access(Mutate | Remove) fun removeFactory(_ t: Type): {CapabilityFactory.Factory}? {
return self.factories.remove(key: t)
}

Expand All @@ -100,7 +99,6 @@ access(all) contract CapabilityFactory {
init() {
let identifier = "CapabilityFactory_".concat(self.account.address.toString())
self.StoragePath = StoragePath(identifier: identifier)!
self.PrivatePath = PrivatePath(identifier: identifier)!
self.PublicPath = PublicPath(identifier: identifier)!
}
}
12 changes: 6 additions & 6 deletions contracts/CapabilityFilter.cdc
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ access(all) contract CapabilityFilter {
///
/// @param type: The type to add to the denied types mapping
///
access(Mutate) fun addType(_ type: Type) {
access(Mutate | Insert) fun addType(_ type: Type) {
self.deniedTypes.insert(key: type, true)
emit FilterUpdated(id: self.uuid, filterType: self.getType(), type: type, active: true)
}
Expand All @@ -48,15 +48,15 @@ access(all) contract CapabilityFilter {
///
/// @param type: The type to remove from the denied types mapping
///
access(Mutate) fun removeType(_ type: Type) {
access(Mutate | Remove) fun removeType(_ type: Type) {
if let removed = self.deniedTypes.remove(key: type) {
emit FilterUpdated(id: self.uuid, filterType: self.getType(), type: type, active: false)
}
}

/// Removes all types from the mapping of denied types
///
access(Mutate) fun removeAllTypes() {
access(Mutate | Remove) fun removeAllTypes() {
for type in self.deniedTypes.keys {
self.removeType(type)
}
Expand Down Expand Up @@ -106,7 +106,7 @@ access(all) contract CapabilityFilter {
///
/// @param type: The type to add to the allowed types mapping
///
access(Mutate) fun addType(_ type: Type) {
access(Mutate | Insert) fun addType(_ type: Type) {
self.allowedTypes.insert(key: type, true)
emit FilterUpdated(id: self.uuid, filterType: self.getType(), type: type, active: true)
}
Expand All @@ -115,15 +115,15 @@ access(all) contract CapabilityFilter {
///
/// @param type: The type to remove from the denied types mapping
///
access(Mutate) fun removeType(_ type: Type) {
access(Mutate | Remove) fun removeType(_ type: Type) {
if let removed = self.allowedTypes.remove(key: type) {
emit FilterUpdated(id: self.uuid, filterType: self.getType(), type: type, active: false)
}
}

/// Removes all types from the mapping of denied types
///
access(Mutate) fun removeAllTypes() {
access(Mutate | Remove) fun removeAllTypes() {
for type in self.allowedTypes.keys {
self.removeType(type)
}
Expand Down
15 changes: 7 additions & 8 deletions contracts/HybridCustody.cdc
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,6 @@ import "CapabilityFilter"
access(all) contract HybridCustody {
access(all) entitlement Owner
access(all) entitlement Child
access(all) entitlement Publish
access(all) entitlement Manage

/* --- Canonical Paths --- */
Expand Down Expand Up @@ -114,7 +113,7 @@ access(all) contract HybridCustody {
/// supplied factory and filter to manage what can be obtained from the child account, and a new
/// CapabilityDelegator resource is created for the sharing of one-off capabilities. Each of these pieces of
/// access control are managed through the child account.
access(Publish | Owner) fun publishToParent(
access(Owner) fun publishToParent(
parentAddress: Address,
factory: Capability<&{CapabilityFactory.Getter}>,
filter: Capability<&{CapabilityFilter.Filter}>
Expand Down Expand Up @@ -542,7 +541,7 @@ access(all) contract HybridCustody {
/// certain type. When using the CapabilityDelegator, you do not have the ability to specify which path a
/// capability came from. For instance, Dapper Wallet might choose to expose a Capability to their Full TopShot
/// collection, but only to the path that the collection exists in.
access(self) let delegator: Capability<auth(Capabilities) &{CapabilityDelegator.GetterPublic, CapabilityDelegator.GetterPrivate}>
access(self) let delegator: Capability<auth(CapabilityDelegator.Get) &{CapabilityDelegator.GetterPublic, CapabilityDelegator.GetterPrivate}>

/// managerCapabilityFilter is a component optionally given to a child account when a manager redeems it. If
/// this filter is not nil, any Capability returned through the `getCapability` function checks that the
Expand Down Expand Up @@ -673,9 +672,9 @@ access(all) contract HybridCustody {

/// Returns a reference to the stored delegator, generally used for arbitrary Capability retrieval
///
access(Owner) fun borrowCapabilityDelegator(): auth(Capabilities) &CapabilityDelegator.Delegator? {
access(Owner) fun borrowCapabilityDelegator(): auth(CapabilityDelegator.Get) &CapabilityDelegator.Delegator? {
let path = HybridCustody.getCapabilityDelegatorIdentifier(self.parent)
return self.childCap.borrow()!._borrowAccount().storage.borrow<auth(Capabilities) &CapabilityDelegator.Delegator>(
return self.childCap.borrow()!._borrowAccount().storage.borrow<auth(CapabilityDelegator.Get) &CapabilityDelegator.Delegator>(
from: StoragePath(identifier: path)!
)
}
Expand Down Expand Up @@ -733,7 +732,7 @@ access(all) contract HybridCustody {
_ childCap: Capability<&{BorrowableAccount, OwnedAccountPublic, ViewResolver.Resolver}>,
_ factory: Capability<&{CapabilityFactory.Getter}>,
_ filter: Capability<&{CapabilityFilter.Filter}>,
_ delegator: Capability<auth(Capabilities) &{CapabilityDelegator.GetterPublic, CapabilityDelegator.GetterPrivate}>,
_ delegator: Capability<auth(CapabilityDelegator.Get) &{CapabilityDelegator.GetterPublic, CapabilityDelegator.GetterPrivate}>,
_ parent: Address
) {
pre {
Expand Down Expand Up @@ -852,7 +851,7 @@ access(all) contract HybridCustody {
/// 4. Publish the newly made private link to the designated parent's inbox for them to claim on their @Manager
/// resource.
///
access(Publish | Owner) fun publishToParent(
access(Owner) fun publishToParent(
parentAddress: Address,
factory: Capability<&{CapabilityFactory.Getter}>,
filter: Capability<&{CapabilityFilter.Filter}>
Expand Down Expand Up @@ -881,7 +880,7 @@ access(all) contract HybridCustody {
let pubCap = acct.capabilities.storage.issue<&{CapabilityDelegator.GetterPublic}>(capDelegatorStorage)
acct.capabilities.publish(pubCap, at: capDelegatorPublic)

let delegator = acct.capabilities.storage.issue<auth(Capabilities) &{CapabilityDelegator.GetterPublic, CapabilityDelegator.GetterPrivate}>(capDelegatorStorage)
let delegator = acct.capabilities.storage.issue<auth(CapabilityDelegator.Get) &{CapabilityDelegator.GetterPublic, CapabilityDelegator.GetterPrivate}>(capDelegatorStorage)
assert(delegator.check(), message: "failed to setup capability delegator for parent address")

let borrowableCap = self.borrowAccount().capabilities.storage.issue<&{BorrowableAccount, OwnedAccountPublic, ViewResolver.Resolver}>(
Expand Down
2 changes: 1 addition & 1 deletion contracts/factories/FTAllFactory.cdc
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ import "FungibleToken"

access(all) contract FTAllFactory {
access(all) struct Factory: CapabilityFactory.Factory {
access(Capabilities) view fun getCapability(acct: auth(Capabilities) &Account, controllerID: UInt64): Capability? {
access(all) view fun getCapability(acct: auth(Capabilities) &Account, controllerID: UInt64): Capability? {
if let con = acct.capabilities.storage.getController(byCapabilityID: controllerID) {
if !con.capability.check<auth(FungibleToken.Withdraw) &{FungibleToken.Provider, FungibleToken.Balance, FungibleToken.Receiver}>() {
return nil
Expand Down
2 changes: 1 addition & 1 deletion contracts/factories/FTBalanceFactory.cdc
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ import "FungibleToken"

access(all) contract FTBalanceFactory {
access(all) struct Factory: CapabilityFactory.Factory {
access(Capabilities) view fun getCapability(acct: auth(Capabilities) &Account, controllerID: UInt64): Capability? {
access(all) view fun getCapability(acct: auth(Capabilities) &Account, controllerID: UInt64): Capability? {
if let con = acct.capabilities.storage.getController(byCapabilityID: controllerID) {
if !con.capability.check<&{FungibleToken.Balance}>() {
return nil
Expand Down
2 changes: 1 addition & 1 deletion contracts/factories/FTProviderFactory.cdc
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ import "FungibleToken"

access(all) contract FTProviderFactory {
access(all) struct Factory: CapabilityFactory.Factory {
access(Capabilities) view fun getCapability(acct: auth(Capabilities) &Account, controllerID: UInt64): Capability? {
access(all) view fun getCapability(acct: auth(Capabilities) &Account, controllerID: UInt64): Capability? {
if let con = acct.capabilities.storage.getController(byCapabilityID: controllerID) {
if !con.capability.check<auth(FungibleToken.Withdraw) &{FungibleToken.Provider}>() {
return nil
Expand Down
2 changes: 1 addition & 1 deletion contracts/factories/FTReceiverBalanceFactory.cdc
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ import "FungibleToken"

access(all) contract FTReceiverBalanceFactory {
access(all) struct Factory: CapabilityFactory.Factory {
access(Capabilities) view fun getCapability(acct: auth(Capabilities) &Account, controllerID: UInt64): Capability? {
access(all) view fun getCapability(acct: auth(Capabilities) &Account, controllerID: UInt64): Capability? {
if let con = acct.capabilities.storage.getController(byCapabilityID: controllerID) {
if !con.capability.check<&{FungibleToken.Receiver, FungibleToken.Balance}>() {
return nil
Expand Down
2 changes: 1 addition & 1 deletion contracts/factories/FTReceiverFactory.cdc
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ import "FungibleToken"

access(all) contract FTReceiverFactory {
access(all) struct Factory: CapabilityFactory.Factory {
access(Capabilities) view fun getCapability(acct: auth(Capabilities) &Account, controllerID: UInt64): Capability? {
access(all) view fun getCapability(acct: auth(Capabilities) &Account, controllerID: UInt64): Capability? {
if let con = acct.capabilities.storage.getController(byCapabilityID: controllerID) {
if !con.capability.check<&{FungibleToken.Receiver}>() {
return nil
Expand Down
2 changes: 1 addition & 1 deletion contracts/factories/NFTCollectionPublicFactory.cdc
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ import "NonFungibleToken"

access(all) contract NFTCollectionPublicFactory {
access(all) struct Factory: CapabilityFactory.Factory {
access(Capabilities) view fun getCapability(acct: auth(Capabilities) &Account, controllerID: UInt64): Capability? {
access(all) view fun getCapability(acct: auth(Capabilities) &Account, controllerID: UInt64): Capability? {
if let con = acct.capabilities.storage.getController(byCapabilityID: controllerID) {
if !con.capability.check<&{NonFungibleToken.CollectionPublic}>() {
return nil
Expand Down
2 changes: 1 addition & 1 deletion contracts/factories/NFTProviderAndCollectionFactory.cdc
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ import "NonFungibleToken"

access(all) contract NFTProviderAndCollectionFactory {
access(all) struct Factory: CapabilityFactory.Factory {
access(Capabilities) view fun getCapability(acct: auth(Capabilities) &Account, controllerID: UInt64): Capability? {
access(all) view fun getCapability(acct: auth(Capabilities) &Account, controllerID: UInt64): Capability? {
if let con = acct.capabilities.storage.getController(byCapabilityID: controllerID) {
if !con.capability.check<auth(NonFungibleToken.Withdraw) &{NonFungibleToken.Provider, NonFungibleToken.CollectionPublic}>() {
return nil
Expand Down
2 changes: 1 addition & 1 deletion contracts/factories/NFTProviderFactory.cdc
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ import "NonFungibleToken"

access(all) contract NFTProviderFactory {
access(all) struct Factory: CapabilityFactory.Factory {
access(Capabilities) view fun getCapability(acct: auth(Capabilities) &Account, controllerID: UInt64): Capability? {
access(all) view fun getCapability(acct: auth(Capabilities) &Account, controllerID: UInt64): Capability? {
if let con = acct.capabilities.storage.getController(byCapabilityID: controllerID) {
if !con.capability.check<auth(NonFungibleToken.Withdraw) &{NonFungibleToken.Provider}>() {
return nil
Expand Down
2 changes: 1 addition & 1 deletion scripts/delegator/find_nft_provider_cap.cdc
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ access(all) fun main(addr: Address): Bool {
let acct = getAuthAccount<auth(Capabilities) &Account>(addr)

let delegator =
acct.capabilities.storage.issue<auth(Capabilities) &{CapabilityDelegator.GetterPrivate}>(CapabilityDelegator.StoragePath).borrow()
acct.capabilities.storage.issue<auth(CapabilityDelegator.Get) &{CapabilityDelegator.GetterPrivate}>(CapabilityDelegator.StoragePath).borrow()
?? panic("could not borrow delegator")

let desiredType = Type<Capability<auth(NonFungibleToken.Withdraw) &{NonFungibleToken.Provider}>>()
Expand Down
2 changes: 1 addition & 1 deletion scripts/delegator/get_all_private_caps.cdc
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ import "NonFungibleToken"
import "ExampleNFT"

access(all) fun main(address: Address): Bool {
let privateCaps: [Capability] = getAuthAccount<auth(Capabilities) &Account>(address).capabilities.storage.issue<auth(Capabilities) &{CapabilityDelegator.GetterPrivate}>(CapabilityDelegator.StoragePath)
let privateCaps: [Capability] = getAuthAccount<auth(Capabilities) &Account>(address).capabilities.storage.issue<auth(CapabilityDelegator.Get) &{CapabilityDelegator.GetterPrivate}>(CapabilityDelegator.StoragePath)
.borrow()
?.getAllPrivate()
?? panic("could not borrow delegator")
Expand Down
2 changes: 1 addition & 1 deletion scripts/delegator/get_nft_provider.cdc
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ access(all) fun main(addr: Address): Bool {
let acct = getAuthAccount<auth(Capabilities) &Account>(addr)

let delegator =
acct.capabilities.storage.issue<auth(Capabilities) &{CapabilityDelegator.GetterPrivate}>(CapabilityDelegator.StoragePath).borrow()
acct.capabilities.storage.issue<auth(CapabilityDelegator.Get) &{CapabilityDelegator.GetterPrivate}>(CapabilityDelegator.StoragePath).borrow()
?? panic("could not borrow delegator")

let capType = Type<Capability<auth(NonFungibleToken.Withdraw) &{NonFungibleToken.Provider}>>()
Expand Down

0 comments on commit 419deea

Please sign in to comment.