-
Notifications
You must be signed in to change notification settings - Fork 90
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Onchain identity controller delegation (#1431)
* rebase commit * remove dead code
- Loading branch information
Showing
21 changed files
with
479 additions
and
154 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
144 changes: 144 additions & 0 deletions
144
identity_iota_core/packages/iota_identity/sources/controller.move
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,144 @@ | ||
| module iota_identity::controller { | ||
| use iota::transfer::Receiving; | ||
| use iota::borrow::{Self, Referent, Borrow}; | ||
| use iota_identity::permissions; | ||
|
|
||
| public use fun delete_controller_cap as ControllerCap.delete; | ||
| public use fun delete_delegation_token as DelegationToken.delete; | ||
|
|
||
| /// This `ControllerCap` cannot delegate access. | ||
| const ECannotDelegate: u64 = 0; | ||
| // The permission of the provided `DelegationToken` are not | ||
| // valid to perform this operation. | ||
| const EInvalidPermissions: u64 = 1; | ||
|
|
||
| /// Event that is created when a new `DelegationToken` is minted. | ||
| public struct NewDelegationTokenEvent has copy, drop { | ||
| controller: ID, | ||
| token: ID, | ||
| permissions: u32, | ||
| } | ||
|
|
||
| /// Capability that allows to access mutative APIs of a `Multicontroller`. | ||
| public struct ControllerCap has key { | ||
| id: UID, | ||
| can_delegate: bool, | ||
| access_token: Referent<DelegationToken>, | ||
| } | ||
|
|
||
| public fun id(self: &ControllerCap): &UID { | ||
| &self.id | ||
| } | ||
|
|
||
| /// Borrows this `ControllerCap`'s access token. | ||
| public fun borrow(self: &mut ControllerCap): (DelegationToken, Borrow) { | ||
| self.access_token.borrow() | ||
| } | ||
|
|
||
| /// Returns the borrowed access token together with the hot potato. | ||
| public fun put_back(self: &mut ControllerCap, token: DelegationToken, borrow: Borrow) { | ||
| self.access_token.put_back(token, borrow); | ||
| } | ||
|
|
||
| /// Creates a delegation token for this controller. The created `DelegationToken` | ||
| /// will have full permissions. Use `delegate_with_permissions` to set or unset | ||
| /// specific permissions. | ||
| public fun delegate(self: &ControllerCap, ctx: &mut TxContext): DelegationToken { | ||
| assert!(self.can_delegate, ECannotDelegate); | ||
| new_delegation_token(self.id.to_inner(), permissions::all(), ctx) | ||
| } | ||
|
|
||
| /// Creates a delegation token for this controller, specifying the delegate's permissions. | ||
| public fun delegate_with_permissions(self: &ControllerCap, permissions: u32, ctx: &mut TxContext): DelegationToken { | ||
| assert!(self.can_delegate, ECannotDelegate); | ||
| new_delegation_token(self.id.to_inner(), permissions, ctx) | ||
| } | ||
|
|
||
| /// A token that allows an entity to act in a Controller's stead. | ||
| public struct DelegationToken has key, store { | ||
| id: UID, | ||
| permissions: u32, | ||
| controller: ID, | ||
| } | ||
|
|
||
| /// Returns the controller's ID of this `DelegationToken`. | ||
| public fun controller(self: &DelegationToken): ID { | ||
| self.controller | ||
| } | ||
|
|
||
| /// Returns the permissions of this `DelegationToken`. | ||
| public fun permissions(self: &DelegationToken): u32 { | ||
| self.permissions | ||
| } | ||
|
|
||
| /// Returns true if this `DelegationToken` has permission `permission`. | ||
| public fun has_permission(self: &DelegationToken, permission: u32): bool { | ||
| self.permissions & permission != 0 | ||
| } | ||
|
|
||
| /// Aborts if this `DelegationToken` doesn't have permission `permission`. | ||
| public fun assert_has_permission(self: &DelegationToken, permission: u32) { | ||
| assert!(self.has_permission(permission), EInvalidPermissions) | ||
| } | ||
|
|
||
| /// Creates a new `ControllerCap`. | ||
| public(package) fun new(can_delegate: bool, ctx: &mut TxContext): ControllerCap { | ||
| let id = object::new(ctx); | ||
| let access_token = borrow::new(new_delegation_token(id.to_inner(), permissions::all(), ctx), ctx); | ||
|
|
||
| ControllerCap { | ||
| id, | ||
| access_token, | ||
| can_delegate, | ||
| } | ||
| } | ||
|
|
||
| /// Transfer a `ControllerCap`. | ||
| public(package) fun transfer(cap: ControllerCap, recipient: address) { | ||
| transfer::transfer(cap, recipient) | ||
| } | ||
|
|
||
| /// Receives a `ControllerCap`. | ||
| public(package) fun receive(owner: &mut UID, cap: Receiving<ControllerCap>): ControllerCap { | ||
| transfer::receive(owner, cap) | ||
| } | ||
|
|
||
| public(package) fun new_delegation_token( | ||
| controller: ID, | ||
| permissions: u32, | ||
| ctx: &mut TxContext | ||
| ): DelegationToken { | ||
| let id = object::new(ctx); | ||
|
|
||
| iota::event::emit(NewDelegationTokenEvent { | ||
| controller, | ||
| token: id.to_inner(), | ||
| permissions, | ||
| }); | ||
|
|
||
| DelegationToken { | ||
| id, | ||
| controller, | ||
| permissions, | ||
| } | ||
| } | ||
|
|
||
| public(package) fun delete_controller_cap(cap: ControllerCap) { | ||
| let ControllerCap { | ||
| access_token, | ||
| id, | ||
| .. | ||
| } = cap; | ||
|
|
||
| delete_delegation_token(access_token.destroy()); | ||
| object::delete(id); | ||
| } | ||
|
|
||
| public(package) fun delete_delegation_token(token: DelegationToken) { | ||
| let DelegationToken { | ||
| id, | ||
| .. | ||
| } = token; | ||
| object::delete(id); | ||
| } | ||
| } |
Oops, something went wrong.