@metamask-previews/permission-controller 12.3.0-preview-7e80c49 → 12.3.0-preview-4c0846313
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +2 -10
- package/dist/PermissionController-method-action-types.cjs.map +1 -1
- package/dist/PermissionController-method-action-types.d.cts +25 -44
- package/dist/PermissionController-method-action-types.d.cts.map +1 -1
- package/dist/PermissionController-method-action-types.d.mts +25 -44
- package/dist/PermissionController-method-action-types.d.mts.map +1 -1
- package/dist/PermissionController-method-action-types.mjs.map +1 -1
- package/dist/PermissionController.cjs +65 -23
- package/dist/PermissionController.cjs.map +1 -1
- package/dist/PermissionController.d.cts +36 -12
- package/dist/PermissionController.d.cts.map +1 -1
- package/dist/PermissionController.d.mts +36 -12
- package/dist/PermissionController.d.mts.map +1 -1
- package/dist/PermissionController.mjs +65 -23
- package/dist/PermissionController.mjs.map +1 -1
- package/dist/index.cjs +1 -4
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +1 -2
- package/dist/index.d.cts.map +1 -1
- package/dist/index.d.mts +1 -2
- package/dist/index.d.mts.map +1 -1
- package/dist/index.mjs +0 -1
- package/dist/index.mjs.map +1 -1
- package/package.json +1 -1
- package/dist/permission-middleware.cjs +0 -59
- package/dist/permission-middleware.cjs.map +0 -1
- package/dist/permission-middleware.d.cts +0 -49
- package/dist/permission-middleware.d.cts.map +0 -1
- package/dist/permission-middleware.d.mts +0 -49
- package/dist/permission-middleware.d.mts.map +0 -1
- package/dist/permission-middleware.mjs +0 -54
- package/dist/permission-middleware.mjs.map +0 -1
package/CHANGELOG.md
CHANGED
|
@@ -9,22 +9,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|
|
9
9
|
|
|
10
10
|
### Added
|
|
11
11
|
|
|
12
|
-
-
|
|
12
|
+
- Expose `createPermissionMiddleware` through the messenger ([#8502](https://github.com/MetaMask/core/pull/8502))
|
|
13
13
|
|
|
14
14
|
### Changed
|
|
15
15
|
|
|
16
|
-
- **BREAKING:** Decouple the permission middleware from `PermissionController` and expose it as a standalone function ([#8532](https://github.com/MetaMask/core/pull/8532))
|
|
17
|
-
- The standalone `createPermissionMiddleware` replaces the former `PermissionController.createPermissionMiddleware`; it is imported from `@metamask/permission-controller` and called with a messenger and subject metadata, and targets the legacy `JsonRpcEngine`.
|
|
18
|
-
- New integrations should prefer `createPermissionMiddlewareV2`, which targets `JsonRpcEngineV2`.
|
|
19
|
-
- `PermissionController.getRestrictedMethod` no longer serves a purpose, and is removed. Restricted methods should be invoked via the `:executeRestrictedMethod` action instead.
|
|
20
16
|
- Bump `@metamask/controller-utils` from `^11.19.0` to `^11.20.0` ([#8344](https://github.com/MetaMask/core/pull/8344))
|
|
21
17
|
- Bump `@metamask/messenger` from `^1.0.0` to `^1.1.1` ([#8364](https://github.com/MetaMask/core/pull/8364), [#8373](https://github.com/MetaMask/core/pull/8373))
|
|
22
18
|
- Bump `@metamask/base-controller` from `^9.0.1` to `^9.1.0` ([#8457](https://github.com/MetaMask/core/pull/8457))
|
|
23
19
|
|
|
24
|
-
### Deprecated
|
|
25
|
-
|
|
26
|
-
- Deprecate `createPermissionMiddleware` in favor of `createPermissionMiddlewareV2`, which targets `JsonRpcEngineV2` ([#8532](https://github.com/MetaMask/core/pull/8532))
|
|
27
|
-
|
|
28
20
|
## [12.3.0]
|
|
29
21
|
|
|
30
22
|
### Added
|
|
@@ -194,7 +186,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|
|
194
186
|
["Are the Types Wrong?"](https://arethetypeswrong.github.io/) tool as
|
|
195
187
|
["masquerading as CJS"](https://github.com/arethetypeswrong/arethetypeswrong.github.io/blob/main/docs/problems/FalseCJS.md).
|
|
196
188
|
All of the ATTW checks now pass.
|
|
197
|
-
- Remove chunk files ([#4648](https://github.com/MetaMask/core/pull/4648))
|
|
189
|
+
- Remove chunk files ([#4648](https://github.com/MetaMask/core/pull/4648)).
|
|
198
190
|
- Previously, the build tool we used to generate JavaScript files extracted
|
|
199
191
|
common code to "chunk" files. While this was intended to make this package
|
|
200
192
|
more tree-shakeable, it also made debugging more difficult for our
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"PermissionController-method-action-types.cjs","sourceRoot":"","sources":["../src/PermissionController-method-action-types.ts"],"names":[],"mappings":";AAAA;;;GAGG","sourcesContent":["/**\n * This file is auto generated.\n * Do not edit manually.\n */\n\nimport type { PermissionController } from './PermissionController';\n\n/**\n * Checks whether the given method was declared as unrestricted at\n * construction time. Methods unknown to the controller return `false` and\n * would be treated as restricted by callers such as the permission\n * middleware.\n *\n * @param method - The name of the method to check.\n * @returns Whether the method is unrestricted.\n */\nexport type PermissionControllerHasUnrestrictedMethodAction = {\n type: `PermissionController:hasUnrestrictedMethod`;\n handler: PermissionController['hasUnrestrictedMethod'];\n};\n\n/**\n * Clears the state of the controller.\n */\nexport type PermissionControllerClearStateAction = {\n type: `PermissionController:clearState`;\n handler: PermissionController['clearState'];\n};\n\n/**\n * Gets a list of all origins of subjects.\n *\n * @returns The origins (i.e. IDs) of all subjects.\n */\nexport type PermissionControllerGetSubjectNamesAction = {\n type: `PermissionController:getSubjectNames`;\n handler: PermissionController['getSubjectNames'];\n};\n\n/**\n * Gets all permissions for the specified subject, if any.\n *\n * @param origin - The origin of the subject.\n * @returns The permissions of the subject, if any.\n */\nexport type PermissionControllerGetPermissionsAction = {\n type: `PermissionController:getPermissions`;\n handler: PermissionController['getPermissions'];\n};\n\n/**\n * Checks whether the subject with the specified origin has the specified\n * permission.\n *\n * @param origin - The origin of the subject.\n * @param target - The target name of the permission.\n * @returns Whether the subject has the permission.\n */\nexport type PermissionControllerHasPermissionAction = {\n type: `PermissionController:hasPermission`;\n handler: PermissionController['hasPermission'];\n};\n\n/**\n * Checks whether the subject with the specified origin has any permissions.\n * Use this if you want to know if a subject \"exists\".\n *\n * @param origin - The origin of the subject to check.\n * @returns Whether the subject has any permissions.\n */\nexport type PermissionControllerHasPermissionsAction = {\n type: `PermissionController:hasPermissions`;\n handler: PermissionController['hasPermissions'];\n};\n\n/**\n * Revokes all permissions from the specified origin.\n *\n * Throws an error if the origin has no permissions.\n *\n * @param origin - The origin whose permissions to revoke.\n */\nexport type PermissionControllerRevokeAllPermissionsAction = {\n type: `PermissionController:revokeAllPermissions`;\n handler: PermissionController['revokeAllPermissions'];\n};\n\n/**\n * Revokes the specified permissions from the specified subjects.\n *\n * Throws an error if any of the subjects or permissions do not exist.\n *\n * @param subjectsAndPermissions - An object mapping subject origins\n * to arrays of permission target names to revoke.\n */\nexport type PermissionControllerRevokePermissionsAction = {\n type: `PermissionController:revokePermissions`;\n handler: PermissionController['revokePermissions'];\n};\n\n/**\n * Revokes all permissions corresponding to the specified target for all subjects.\n * Does nothing if no subjects or no such permission exists.\n *\n * @param target - The name of the target to revoke all permissions for.\n */\nexport type PermissionControllerRevokePermissionForAllSubjectsAction = {\n type: `PermissionController:revokePermissionForAllSubjects`;\n handler: PermissionController['revokePermissionForAllSubjects'];\n};\n\n/**\n * Gets the caveat of the specified type, if any, for the permission of\n * the subject corresponding to the given origin.\n *\n * Throws an error if the subject does not have a permission with the\n * specified target name.\n *\n * @template TargetName - The permission target name. Should be inferred.\n * @template CaveatType - The valid caveat types for the permission. Should\n * be inferred.\n * @param origin - The origin of the subject.\n * @param target - The target name of the permission.\n * @param caveatType - The type of the caveat to get.\n * @returns The caveat, or `undefined` if no such caveat exists.\n */\nexport type PermissionControllerGetCaveatAction = {\n type: `PermissionController:getCaveat`;\n handler: PermissionController['getCaveat'];\n};\n\n/**\n * Updates the value of the caveat of the specified type belonging to the\n * permission corresponding to the given subject origin and permission\n * target.\n *\n * For adding new caveats, use\n * {@link PermissionController.addCaveat}.\n *\n * Throws an error if no such permission or caveat exists.\n *\n * @template TargetName - The permission target name. Should be inferred.\n * @template CaveatType - The valid caveat types for the permission. Should\n * be inferred.\n * @param origin - The origin of the subject.\n * @param target - The target name of the permission.\n * @param caveatType - The type of the caveat to update.\n * @param caveatValue - The new value of the caveat.\n */\nexport type PermissionControllerUpdateCaveatAction = {\n type: `PermissionController:updateCaveat`;\n handler: PermissionController['updateCaveat'];\n};\n\n/**\n * Grants _approved_ permissions to the specified subject. Every permission and\n * caveat is stringently validated—including by calling their specification\n * validators—and an error is thrown if validation fails.\n *\n * ATTN: This method does **not** prompt the user for approval. User consent must\n * first be obtained through some other means.\n *\n * @see {@link PermissionController.requestPermissions} For initiating a\n * permissions request requiring user approval.\n * @param options - Options bag.\n * @param options.approvedPermissions - The requested permissions approved by\n * the user.\n * @param options.requestData - Permission request data. Passed to permission\n * factory functions.\n * @param options.preserveExistingPermissions - Whether to preserve the\n * subject's existing permissions.\n * @param options.subject - The subject to grant permissions to.\n * @returns The subject's new permission state. It may or may not have changed.\n */\nexport type PermissionControllerGrantPermissionsAction = {\n type: `PermissionController:grantPermissions`;\n handler: PermissionController['grantPermissions'];\n};\n\n/**\n * Incrementally grants _approved_ permissions to the specified subject. Every\n * permission and caveat is stringently validated—including by calling their\n * specification validators—and an error is thrown if validation fails.\n *\n * ATTN: This method does **not** prompt the user for approval. User consent must\n * first be obtained through some other means.\n *\n * @see {@link PermissionController.requestPermissionsIncremental} For initiating\n * an incremental permissions request requiring user approval.\n * @param options - Options bag.\n * @param options.approvedPermissions - The requested permissions approved by\n * the user.\n * @param options.requestData - Permission request data. Passed to permission\n * factory functions.\n * @param options.subject - The subject to grant permissions to.\n * @returns The subject's new permission state. It may or may not have changed.\n */\nexport type PermissionControllerGrantPermissionsIncrementalAction = {\n type: `PermissionController:grantPermissionsIncremental`;\n handler: PermissionController['grantPermissionsIncremental'];\n};\n\n/**\n * Initiates a permission request that requires user approval.\n *\n * Either this or {@link PermissionController.requestPermissionsIncremental}\n * should always be used to grant additional permissions to a subject,\n * unless user approval has been obtained through some other means.\n *\n * Permissions are validated at every step of the approval process, and this\n * method will reject if validation fails.\n *\n * @see {@link ApprovalController} For the user approval logic.\n * @see {@link PermissionController.acceptPermissionsRequest} For the method\n * that _accepts_ the request and resolves the user approval promise.\n * @see {@link PermissionController.rejectPermissionsRequest} For the method\n * that _rejects_ the request and the user approval promise.\n * @param subject - The grantee subject.\n * @param requestedPermissions - The requested permissions.\n * @param options - Additional options.\n * @param options.id - The id of the permissions request. Defaults to a unique\n * id.\n * @param options.preserveExistingPermissions - Whether to preserve the\n * subject's existing permissions. Defaults to `true`.\n * @param options.metadata - Additional metadata about the permission request.\n * @returns The granted permissions and request metadata.\n */\nexport type PermissionControllerRequestPermissionsAction = {\n type: `PermissionController:requestPermissions`;\n handler: PermissionController['requestPermissions'];\n};\n\n/**\n * Initiates an incremental permission request that prompts for user approval.\n * Incremental permission requests allow the caller to replace existing and/or\n * add brand new permissions and caveats for the specified subject.\n *\n * Incremental permission request are merged with the subject's existing permissions\n * through a right-biased union, where the incremental permission are the right-hand\n * side of the merger. If both sides of the merger specify the same caveats for a\n * given permission, the caveats are merged using their specification's caveat value\n * merger property.\n *\n * Either this or {@link PermissionController.requestPermissions} should\n * always be used to grant additional permissions to a subject, unless user\n * approval has been obtained through some other means.\n *\n * Permissions are validated at every step of the approval process, and this\n * method will reject if validation fails.\n *\n * @see {@link ApprovalController} For the user approval logic.\n * @see {@link PermissionController.acceptPermissionsRequest} For the method\n * that _accepts_ the request and resolves the user approval promise.\n * @see {@link PermissionController.rejectPermissionsRequest} For the method\n * that _rejects_ the request and the user approval promise.\n * @param subject - The grantee subject.\n * @param requestedPermissions - The requested permissions.\n * @param options - Additional options.\n * @param options.id - The id of the permissions request. Defaults to a unique\n * id.\n * @param options.metadata - Additional metadata about the permission request.\n * @returns The granted permissions and request metadata.\n */\nexport type PermissionControllerRequestPermissionsIncrementalAction = {\n type: `PermissionController:requestPermissionsIncremental`;\n handler: PermissionController['requestPermissionsIncremental'];\n};\n\n/**\n * Gets the subject's endowments per the specified endowment permission.\n * Throws if the subject does not have the required permission or if the\n * permission is not an endowment permission.\n *\n * @param origin - The origin of the subject whose endowments to retrieve.\n * @param targetName - The name of the endowment permission. This must be a\n * valid permission target name.\n * @param requestData - Additional data associated with the request, if any.\n * Forwarded to the endowment getter function for the permission.\n * @returns The endowments, if any.\n */\nexport type PermissionControllerGetEndowmentsAction = {\n type: `PermissionController:getEndowments`;\n handler: PermissionController['getEndowments'];\n};\n\n/**\n * Executes a restricted method as the subject with the given origin.\n * The specified params, if any, will be passed to the method implementation.\n *\n * ATTN: Great caution should be exercised in the use of this method.\n * Methods that cause side effects or affect application state should\n * be avoided.\n *\n * This method will first attempt to retrieve the requested restricted method\n * implementation, throwing if it does not exist. The method will then be\n * invoked as though the subject with the specified origin had invoked it with\n * the specified parameters. This means that any existing caveats will be\n * applied to the restricted method, and this method will throw if the\n * restricted method or its caveat decorators throw.\n *\n * In addition, this method will throw if the subject does not have a\n * permission for the specified restricted method.\n *\n * @param origin - The origin of the subject to execute the method on behalf\n * of.\n * @param targetName - The name of the method to execute. This must be a valid\n * permission target name.\n * @param params - The parameters to pass to the method implementation.\n * @returns The result of the executed method.\n */\nexport type PermissionControllerExecuteRestrictedMethodAction = {\n type: `PermissionController:executeRestrictedMethod`;\n handler: PermissionController['executeRestrictedMethod'];\n};\n\n/**\n * Union of all PermissionController action types.\n */\nexport type PermissionControllerMethodActions =\n | PermissionControllerHasUnrestrictedMethodAction\n | PermissionControllerClearStateAction\n | PermissionControllerGetSubjectNamesAction\n | PermissionControllerGetPermissionsAction\n | PermissionControllerHasPermissionAction\n | PermissionControllerHasPermissionsAction\n | PermissionControllerRevokeAllPermissionsAction\n | PermissionControllerRevokePermissionsAction\n | PermissionControllerRevokePermissionForAllSubjectsAction\n | PermissionControllerGetCaveatAction\n | PermissionControllerUpdateCaveatAction\n | PermissionControllerGrantPermissionsAction\n | PermissionControllerGrantPermissionsIncrementalAction\n | PermissionControllerRequestPermissionsAction\n | PermissionControllerRequestPermissionsIncrementalAction\n | PermissionControllerGetEndowmentsAction\n | PermissionControllerExecuteRestrictedMethodAction;\n"]}
|
|
1
|
+
{"version":3,"file":"PermissionController-method-action-types.cjs","sourceRoot":"","sources":["../src/PermissionController-method-action-types.ts"],"names":[],"mappings":";AAAA;;;GAGG","sourcesContent":["/**\n * This file is auto generated.\n * Do not edit manually.\n */\n\nimport type { PermissionController } from './PermissionController';\n\n/**\n * Clears the state of the controller.\n */\nexport type PermissionControllerClearStateAction = {\n type: `PermissionController:clearState`;\n handler: PermissionController['clearState'];\n};\n\n/**\n * Creates a permission middleware function. Like any {@link JsonRpcEngine}\n * middleware, each middleware will only receive requests from a particular\n * subject / origin.\n *\n * The middlewares returned will pass through requests for\n * unrestricted methods, and attempt to execute restricted methods. If a method\n * is neither restricted nor unrestricted, a \"method not found\" error will be\n * returned.\n * If a method is restricted, the middleware will first attempt to retrieve the\n * subject's permission for that method. If the permission is found, the method\n * will be executed. Otherwise, an \"unauthorized\" error will be returned.\n *\n * The middleware **must** be added in the correct place in the middleware\n * stack in order for it to work. See the README for an example.\n *\n * @param subject The permission subject.\n * @returns A `json-rpc-engine` middleware.\n */\nexport type PermissionControllerCreatePermissionMiddlewareAction = {\n type: `PermissionController:createPermissionMiddleware`;\n handler: PermissionController['createPermissionMiddleware'];\n};\n\n/**\n * Gets a list of all origins of subjects.\n *\n * @returns The origins (i.e. IDs) of all subjects.\n */\nexport type PermissionControllerGetSubjectNamesAction = {\n type: `PermissionController:getSubjectNames`;\n handler: PermissionController['getSubjectNames'];\n};\n\n/**\n * Gets all permissions for the specified subject, if any.\n *\n * @param origin - The origin of the subject.\n * @returns The permissions of the subject, if any.\n */\nexport type PermissionControllerGetPermissionsAction = {\n type: `PermissionController:getPermissions`;\n handler: PermissionController['getPermissions'];\n};\n\n/**\n * Checks whether the subject with the specified origin has the specified\n * permission.\n *\n * @param origin - The origin of the subject.\n * @param target - The target name of the permission.\n * @returns Whether the subject has the permission.\n */\nexport type PermissionControllerHasPermissionAction = {\n type: `PermissionController:hasPermission`;\n handler: PermissionController['hasPermission'];\n};\n\n/**\n * Checks whether the subject with the specified origin has any permissions.\n * Use this if you want to know if a subject \"exists\".\n *\n * @param origin - The origin of the subject to check.\n * @returns Whether the subject has any permissions.\n */\nexport type PermissionControllerHasPermissionsAction = {\n type: `PermissionController:hasPermissions`;\n handler: PermissionController['hasPermissions'];\n};\n\n/**\n * Revokes all permissions from the specified origin.\n *\n * Throws an error of the origin has no permissions.\n *\n * @param origin - The origin whose permissions to revoke.\n */\nexport type PermissionControllerRevokeAllPermissionsAction = {\n type: `PermissionController:revokeAllPermissions`;\n handler: PermissionController['revokeAllPermissions'];\n};\n\n/**\n * Revokes the specified permissions from the specified subjects.\n *\n * Throws an error if any of the subjects or permissions do not exist.\n *\n * @param subjectsAndPermissions - An object mapping subject origins\n * to arrays of permission target names to revoke.\n */\nexport type PermissionControllerRevokePermissionsAction = {\n type: `PermissionController:revokePermissions`;\n handler: PermissionController['revokePermissions'];\n};\n\n/**\n * Revokes all permissions corresponding to the specified target for all subjects.\n * Does nothing if no subjects or no such permission exists.\n *\n * @param target - The name of the target to revoke all permissions for.\n */\nexport type PermissionControllerRevokePermissionForAllSubjectsAction = {\n type: `PermissionController:revokePermissionForAllSubjects`;\n handler: PermissionController['revokePermissionForAllSubjects'];\n};\n\n/**\n * Gets the caveat of the specified type, if any, for the permission of\n * the subject corresponding to the given origin.\n *\n * Throws an error if the subject does not have a permission with the\n * specified target name.\n *\n * @template TargetName - The permission target name. Should be inferred.\n * @template CaveatType - The valid caveat types for the permission. Should\n * be inferred.\n * @param origin - The origin of the subject.\n * @param target - The target name of the permission.\n * @param caveatType - The type of the caveat to get.\n * @returns The caveat, or `undefined` if no such caveat exists.\n */\nexport type PermissionControllerGetCaveatAction = {\n type: `PermissionController:getCaveat`;\n handler: PermissionController['getCaveat'];\n};\n\n/**\n * Updates the value of the caveat of the specified type belonging to the\n * permission corresponding to the given subject origin and permission\n * target.\n *\n * For adding new caveats, use\n * {@link PermissionController.addCaveat}.\n *\n * Throws an error if no such permission or caveat exists.\n *\n * @template TargetName - The permission target name. Should be inferred.\n * @template CaveatType - The valid caveat types for the permission. Should\n * be inferred.\n * @param origin - The origin of the subject.\n * @param target - The target name of the permission.\n * @param caveatType - The type of the caveat to update.\n * @param caveatValue - The new value of the caveat.\n */\nexport type PermissionControllerUpdateCaveatAction = {\n type: `PermissionController:updateCaveat`;\n handler: PermissionController['updateCaveat'];\n};\n\n/**\n * Grants _approved_ permissions to the specified subject. Every permission and\n * caveat is stringently validated—including by calling their specification\n * validators—and an error is thrown if validation fails.\n *\n * ATTN: This method does **not** prompt the user for approval. User consent must\n * first be obtained through some other means.\n *\n * @see {@link PermissionController.requestPermissions} For initiating a\n * permissions request requiring user approval.\n * @param options - Options bag.\n * @param options.approvedPermissions - The requested permissions approved by\n * the user.\n * @param options.requestData - Permission request data. Passed to permission\n * factory functions.\n * @param options.preserveExistingPermissions - Whether to preserve the\n * subject's existing permissions.\n * @param options.subject - The subject to grant permissions to.\n * @returns The subject's new permission state. It may or may not have changed.\n */\nexport type PermissionControllerGrantPermissionsAction = {\n type: `PermissionController:grantPermissions`;\n handler: PermissionController['grantPermissions'];\n};\n\n/**\n * Incrementally grants _approved_ permissions to the specified subject. Every\n * permission and caveat is stringently validated—including by calling their\n * specification validators—and an error is thrown if validation fails.\n *\n * ATTN: This method does **not** prompt the user for approval. User consent must\n * first be obtained through some other means.\n *\n * @see {@link PermissionController.requestPermissionsIncremental} For initiating\n * an incremental permissions request requiring user approval.\n * @param options - Options bag.\n * @param options.approvedPermissions - The requested permissions approved by\n * the user.\n * @param options.requestData - Permission request data. Passed to permission\n * factory functions.\n * @param options.subject - The subject to grant permissions to.\n * @returns The subject's new permission state. It may or may not have changed.\n */\nexport type PermissionControllerGrantPermissionsIncrementalAction = {\n type: `PermissionController:grantPermissionsIncremental`;\n handler: PermissionController['grantPermissionsIncremental'];\n};\n\n/**\n * Initiates a permission request that requires user approval.\n *\n * Either this or {@link PermissionController.requestPermissionsIncremental}\n * should always be used to grant additional permissions to a subject,\n * unless user approval has been obtained through some other means.\n *\n * Permissions are validated at every step of the approval process, and this\n * method will reject if validation fails.\n *\n * @see {@link ApprovalController} For the user approval logic.\n * @see {@link PermissionController.acceptPermissionsRequest} For the method\n * that _accepts_ the request and resolves the user approval promise.\n * @see {@link PermissionController.rejectPermissionsRequest} For the method\n * that _rejects_ the request and the user approval promise.\n * @param subject - The grantee subject.\n * @param requestedPermissions - The requested permissions.\n * @param options - Additional options.\n * @param options.id - The id of the permissions request. Defaults to a unique\n * id.\n * @param options.preserveExistingPermissions - Whether to preserve the\n * subject's existing permissions. Defaults to `true`.\n * @param options.metadata - Additional metadata about the permission request.\n * @returns The granted permissions and request metadata.\n */\nexport type PermissionControllerRequestPermissionsAction = {\n type: `PermissionController:requestPermissions`;\n handler: PermissionController['requestPermissions'];\n};\n\n/**\n * Initiates an incremental permission request that prompts for user approval.\n * Incremental permission requests allow the caller to replace existing and/or\n * add brand new permissions and caveats for the specified subject.\n *\n * Incremental permission request are merged with the subject's existing permissions\n * through a right-biased union, where the incremental permission are the right-hand\n * side of the merger. If both sides of the merger specify the same caveats for a\n * given permission, the caveats are merged using their specification's caveat value\n * merger property.\n *\n * Either this or {@link PermissionController.requestPermissions} should\n * always be used to grant additional permissions to a subject, unless user\n * approval has been obtained through some other means.\n *\n * Permissions are validated at every step of the approval process, and this\n * method will reject if validation fails.\n *\n * @see {@link ApprovalController} For the user approval logic.\n * @see {@link PermissionController.acceptPermissionsRequest} For the method\n * that _accepts_ the request and resolves the user approval promise.\n * @see {@link PermissionController.rejectPermissionsRequest} For the method\n * that _rejects_ the request and the user approval promise.\n * @param subject - The grantee subject.\n * @param requestedPermissions - The requested permissions.\n * @param options - Additional options.\n * @param options.id - The id of the permissions request. Defaults to a unique\n * id.\n * @param options.metadata - Additional metadata about the permission request.\n * @returns The granted permissions and request metadata.\n */\nexport type PermissionControllerRequestPermissionsIncrementalAction = {\n type: `PermissionController:requestPermissionsIncremental`;\n handler: PermissionController['requestPermissionsIncremental'];\n};\n\n/**\n * Gets the subject's endowments per the specified endowment permission.\n * Throws if the subject does not have the required permission or if the\n * permission is not an endowment permission.\n *\n * @param origin - The origin of the subject whose endowments to retrieve.\n * @param targetName - The name of the endowment permission. This must be a\n * valid permission target name.\n * @param requestData - Additional data associated with the request, if any.\n * Forwarded to the endowment getter function for the permission.\n * @returns The endowments, if any.\n */\nexport type PermissionControllerGetEndowmentsAction = {\n type: `PermissionController:getEndowments`;\n handler: PermissionController['getEndowments'];\n};\n\n/**\n * Union of all PermissionController action types.\n */\nexport type PermissionControllerMethodActions =\n | PermissionControllerClearStateAction\n | PermissionControllerCreatePermissionMiddlewareAction\n | PermissionControllerGetSubjectNamesAction\n | PermissionControllerGetPermissionsAction\n | PermissionControllerHasPermissionAction\n | PermissionControllerHasPermissionsAction\n | PermissionControllerRevokeAllPermissionsAction\n | PermissionControllerRevokePermissionsAction\n | PermissionControllerRevokePermissionForAllSubjectsAction\n | PermissionControllerGetCaveatAction\n | PermissionControllerUpdateCaveatAction\n | PermissionControllerGrantPermissionsAction\n | PermissionControllerGrantPermissionsIncrementalAction\n | PermissionControllerRequestPermissionsAction\n | PermissionControllerRequestPermissionsIncrementalAction\n | PermissionControllerGetEndowmentsAction;\n"]}
|
|
@@ -3,19 +3,6 @@
|
|
|
3
3
|
* Do not edit manually.
|
|
4
4
|
*/
|
|
5
5
|
import type { PermissionController } from "./PermissionController.cjs";
|
|
6
|
-
/**
|
|
7
|
-
* Checks whether the given method was declared as unrestricted at
|
|
8
|
-
* construction time. Methods unknown to the controller return `false` and
|
|
9
|
-
* would be treated as restricted by callers such as the permission
|
|
10
|
-
* middleware.
|
|
11
|
-
*
|
|
12
|
-
* @param method - The name of the method to check.
|
|
13
|
-
* @returns Whether the method is unrestricted.
|
|
14
|
-
*/
|
|
15
|
-
export type PermissionControllerHasUnrestrictedMethodAction = {
|
|
16
|
-
type: `PermissionController:hasUnrestrictedMethod`;
|
|
17
|
-
handler: PermissionController['hasUnrestrictedMethod'];
|
|
18
|
-
};
|
|
19
6
|
/**
|
|
20
7
|
* Clears the state of the controller.
|
|
21
8
|
*/
|
|
@@ -23,6 +10,29 @@ export type PermissionControllerClearStateAction = {
|
|
|
23
10
|
type: `PermissionController:clearState`;
|
|
24
11
|
handler: PermissionController['clearState'];
|
|
25
12
|
};
|
|
13
|
+
/**
|
|
14
|
+
* Creates a permission middleware function. Like any {@link JsonRpcEngine}
|
|
15
|
+
* middleware, each middleware will only receive requests from a particular
|
|
16
|
+
* subject / origin.
|
|
17
|
+
*
|
|
18
|
+
* The middlewares returned will pass through requests for
|
|
19
|
+
* unrestricted methods, and attempt to execute restricted methods. If a method
|
|
20
|
+
* is neither restricted nor unrestricted, a "method not found" error will be
|
|
21
|
+
* returned.
|
|
22
|
+
* If a method is restricted, the middleware will first attempt to retrieve the
|
|
23
|
+
* subject's permission for that method. If the permission is found, the method
|
|
24
|
+
* will be executed. Otherwise, an "unauthorized" error will be returned.
|
|
25
|
+
*
|
|
26
|
+
* The middleware **must** be added in the correct place in the middleware
|
|
27
|
+
* stack in order for it to work. See the README for an example.
|
|
28
|
+
*
|
|
29
|
+
* @param subject The permission subject.
|
|
30
|
+
* @returns A `json-rpc-engine` middleware.
|
|
31
|
+
*/
|
|
32
|
+
export type PermissionControllerCreatePermissionMiddlewareAction = {
|
|
33
|
+
type: `PermissionController:createPermissionMiddleware`;
|
|
34
|
+
handler: PermissionController['createPermissionMiddleware'];
|
|
35
|
+
};
|
|
26
36
|
/**
|
|
27
37
|
* Gets a list of all origins of subjects.
|
|
28
38
|
*
|
|
@@ -68,7 +78,7 @@ export type PermissionControllerHasPermissionsAction = {
|
|
|
68
78
|
/**
|
|
69
79
|
* Revokes all permissions from the specified origin.
|
|
70
80
|
*
|
|
71
|
-
* Throws an error
|
|
81
|
+
* Throws an error of the origin has no permissions.
|
|
72
82
|
*
|
|
73
83
|
* @param origin - The origin whose permissions to revoke.
|
|
74
84
|
*/
|
|
@@ -265,37 +275,8 @@ export type PermissionControllerGetEndowmentsAction = {
|
|
|
265
275
|
type: `PermissionController:getEndowments`;
|
|
266
276
|
handler: PermissionController['getEndowments'];
|
|
267
277
|
};
|
|
268
|
-
/**
|
|
269
|
-
* Executes a restricted method as the subject with the given origin.
|
|
270
|
-
* The specified params, if any, will be passed to the method implementation.
|
|
271
|
-
*
|
|
272
|
-
* ATTN: Great caution should be exercised in the use of this method.
|
|
273
|
-
* Methods that cause side effects or affect application state should
|
|
274
|
-
* be avoided.
|
|
275
|
-
*
|
|
276
|
-
* This method will first attempt to retrieve the requested restricted method
|
|
277
|
-
* implementation, throwing if it does not exist. The method will then be
|
|
278
|
-
* invoked as though the subject with the specified origin had invoked it with
|
|
279
|
-
* the specified parameters. This means that any existing caveats will be
|
|
280
|
-
* applied to the restricted method, and this method will throw if the
|
|
281
|
-
* restricted method or its caveat decorators throw.
|
|
282
|
-
*
|
|
283
|
-
* In addition, this method will throw if the subject does not have a
|
|
284
|
-
* permission for the specified restricted method.
|
|
285
|
-
*
|
|
286
|
-
* @param origin - The origin of the subject to execute the method on behalf
|
|
287
|
-
* of.
|
|
288
|
-
* @param targetName - The name of the method to execute. This must be a valid
|
|
289
|
-
* permission target name.
|
|
290
|
-
* @param params - The parameters to pass to the method implementation.
|
|
291
|
-
* @returns The result of the executed method.
|
|
292
|
-
*/
|
|
293
|
-
export type PermissionControllerExecuteRestrictedMethodAction = {
|
|
294
|
-
type: `PermissionController:executeRestrictedMethod`;
|
|
295
|
-
handler: PermissionController['executeRestrictedMethod'];
|
|
296
|
-
};
|
|
297
278
|
/**
|
|
298
279
|
* Union of all PermissionController action types.
|
|
299
280
|
*/
|
|
300
|
-
export type PermissionControllerMethodActions =
|
|
281
|
+
export type PermissionControllerMethodActions = PermissionControllerClearStateAction | PermissionControllerCreatePermissionMiddlewareAction | PermissionControllerGetSubjectNamesAction | PermissionControllerGetPermissionsAction | PermissionControllerHasPermissionAction | PermissionControllerHasPermissionsAction | PermissionControllerRevokeAllPermissionsAction | PermissionControllerRevokePermissionsAction | PermissionControllerRevokePermissionForAllSubjectsAction | PermissionControllerGetCaveatAction | PermissionControllerUpdateCaveatAction | PermissionControllerGrantPermissionsAction | PermissionControllerGrantPermissionsIncrementalAction | PermissionControllerRequestPermissionsAction | PermissionControllerRequestPermissionsIncrementalAction | PermissionControllerGetEndowmentsAction;
|
|
301
282
|
//# sourceMappingURL=PermissionController-method-action-types.d.cts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"PermissionController-method-action-types.d.cts","sourceRoot":"","sources":["../src/PermissionController-method-action-types.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,oBAAoB,EAAE,mCAA+B;AAEnE
|
|
1
|
+
{"version":3,"file":"PermissionController-method-action-types.d.cts","sourceRoot":"","sources":["../src/PermissionController-method-action-types.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,oBAAoB,EAAE,mCAA+B;AAEnE;;GAEG;AACH,MAAM,MAAM,oCAAoC,GAAG;IACjD,IAAI,EAAE,iCAAiC,CAAC;IACxC,OAAO,EAAE,oBAAoB,CAAC,YAAY,CAAC,CAAC;CAC7C,CAAC;AAEF;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,MAAM,oDAAoD,GAAG;IACjE,IAAI,EAAE,iDAAiD,CAAC;IACxD,OAAO,EAAE,oBAAoB,CAAC,4BAA4B,CAAC,CAAC;CAC7D,CAAC;AAEF;;;;GAIG;AACH,MAAM,MAAM,yCAAyC,GAAG;IACtD,IAAI,EAAE,sCAAsC,CAAC;IAC7C,OAAO,EAAE,oBAAoB,CAAC,iBAAiB,CAAC,CAAC;CAClD,CAAC;AAEF;;;;;GAKG;AACH,MAAM,MAAM,wCAAwC,GAAG;IACrD,IAAI,EAAE,qCAAqC,CAAC;IAC5C,OAAO,EAAE,oBAAoB,CAAC,gBAAgB,CAAC,CAAC;CACjD,CAAC;AAEF;;;;;;;GAOG;AACH,MAAM,MAAM,uCAAuC,GAAG;IACpD,IAAI,EAAE,oCAAoC,CAAC;IAC3C,OAAO,EAAE,oBAAoB,CAAC,eAAe,CAAC,CAAC;CAChD,CAAC;AAEF;;;;;;GAMG;AACH,MAAM,MAAM,wCAAwC,GAAG;IACrD,IAAI,EAAE,qCAAqC,CAAC;IAC5C,OAAO,EAAE,oBAAoB,CAAC,gBAAgB,CAAC,CAAC;CACjD,CAAC;AAEF;;;;;;GAMG;AACH,MAAM,MAAM,8CAA8C,GAAG;IAC3D,IAAI,EAAE,2CAA2C,CAAC;IAClD,OAAO,EAAE,oBAAoB,CAAC,sBAAsB,CAAC,CAAC;CACvD,CAAC;AAEF;;;;;;;GAOG;AACH,MAAM,MAAM,2CAA2C,GAAG;IACxD,IAAI,EAAE,wCAAwC,CAAC;IAC/C,OAAO,EAAE,oBAAoB,CAAC,mBAAmB,CAAC,CAAC;CACpD,CAAC;AAEF;;;;;GAKG;AACH,MAAM,MAAM,wDAAwD,GAAG;IACrE,IAAI,EAAE,qDAAqD,CAAC;IAC5D,OAAO,EAAE,oBAAoB,CAAC,gCAAgC,CAAC,CAAC;CACjE,CAAC;AAEF;;;;;;;;;;;;;;GAcG;AACH,MAAM,MAAM,mCAAmC,GAAG;IAChD,IAAI,EAAE,gCAAgC,CAAC;IACvC,OAAO,EAAE,oBAAoB,CAAC,WAAW,CAAC,CAAC;CAC5C,CAAC;AAEF;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAM,MAAM,sCAAsC,GAAG;IACnD,IAAI,EAAE,mCAAmC,CAAC;IAC1C,OAAO,EAAE,oBAAoB,CAAC,cAAc,CAAC,CAAC;CAC/C,CAAC;AAEF;;;;;;;;;;;;;;;;;;;GAmBG;AACH,MAAM,MAAM,0CAA0C,GAAG;IACvD,IAAI,EAAE,uCAAuC,CAAC;IAC9C,OAAO,EAAE,oBAAoB,CAAC,kBAAkB,CAAC,CAAC;CACnD,CAAC;AAEF;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAM,MAAM,qDAAqD,GAAG;IAClE,IAAI,EAAE,kDAAkD,CAAC;IACzD,OAAO,EAAE,oBAAoB,CAAC,6BAA6B,CAAC,CAAC;CAC9D,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,MAAM,MAAM,4CAA4C,GAAG;IACzD,IAAI,EAAE,yCAAyC,CAAC;IAChD,OAAO,EAAE,oBAAoB,CAAC,oBAAoB,CAAC,CAAC;CACrD,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA8BG;AACH,MAAM,MAAM,uDAAuD,GAAG;IACpE,IAAI,EAAE,oDAAoD,CAAC;IAC3D,OAAO,EAAE,oBAAoB,CAAC,+BAA+B,CAAC,CAAC;CAChE,CAAC;AAEF;;;;;;;;;;;GAWG;AACH,MAAM,MAAM,uCAAuC,GAAG;IACpD,IAAI,EAAE,oCAAoC,CAAC;IAC3C,OAAO,EAAE,oBAAoB,CAAC,eAAe,CAAC,CAAC;CAChD,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,iCAAiC,GACzC,oCAAoC,GACpC,oDAAoD,GACpD,yCAAyC,GACzC,wCAAwC,GACxC,uCAAuC,GACvC,wCAAwC,GACxC,8CAA8C,GAC9C,2CAA2C,GAC3C,wDAAwD,GACxD,mCAAmC,GACnC,sCAAsC,GACtC,0CAA0C,GAC1C,qDAAqD,GACrD,4CAA4C,GAC5C,uDAAuD,GACvD,uCAAuC,CAAC"}
|
|
@@ -3,19 +3,6 @@
|
|
|
3
3
|
* Do not edit manually.
|
|
4
4
|
*/
|
|
5
5
|
import type { PermissionController } from "./PermissionController.mjs";
|
|
6
|
-
/**
|
|
7
|
-
* Checks whether the given method was declared as unrestricted at
|
|
8
|
-
* construction time. Methods unknown to the controller return `false` and
|
|
9
|
-
* would be treated as restricted by callers such as the permission
|
|
10
|
-
* middleware.
|
|
11
|
-
*
|
|
12
|
-
* @param method - The name of the method to check.
|
|
13
|
-
* @returns Whether the method is unrestricted.
|
|
14
|
-
*/
|
|
15
|
-
export type PermissionControllerHasUnrestrictedMethodAction = {
|
|
16
|
-
type: `PermissionController:hasUnrestrictedMethod`;
|
|
17
|
-
handler: PermissionController['hasUnrestrictedMethod'];
|
|
18
|
-
};
|
|
19
6
|
/**
|
|
20
7
|
* Clears the state of the controller.
|
|
21
8
|
*/
|
|
@@ -23,6 +10,29 @@ export type PermissionControllerClearStateAction = {
|
|
|
23
10
|
type: `PermissionController:clearState`;
|
|
24
11
|
handler: PermissionController['clearState'];
|
|
25
12
|
};
|
|
13
|
+
/**
|
|
14
|
+
* Creates a permission middleware function. Like any {@link JsonRpcEngine}
|
|
15
|
+
* middleware, each middleware will only receive requests from a particular
|
|
16
|
+
* subject / origin.
|
|
17
|
+
*
|
|
18
|
+
* The middlewares returned will pass through requests for
|
|
19
|
+
* unrestricted methods, and attempt to execute restricted methods. If a method
|
|
20
|
+
* is neither restricted nor unrestricted, a "method not found" error will be
|
|
21
|
+
* returned.
|
|
22
|
+
* If a method is restricted, the middleware will first attempt to retrieve the
|
|
23
|
+
* subject's permission for that method. If the permission is found, the method
|
|
24
|
+
* will be executed. Otherwise, an "unauthorized" error will be returned.
|
|
25
|
+
*
|
|
26
|
+
* The middleware **must** be added in the correct place in the middleware
|
|
27
|
+
* stack in order for it to work. See the README for an example.
|
|
28
|
+
*
|
|
29
|
+
* @param subject The permission subject.
|
|
30
|
+
* @returns A `json-rpc-engine` middleware.
|
|
31
|
+
*/
|
|
32
|
+
export type PermissionControllerCreatePermissionMiddlewareAction = {
|
|
33
|
+
type: `PermissionController:createPermissionMiddleware`;
|
|
34
|
+
handler: PermissionController['createPermissionMiddleware'];
|
|
35
|
+
};
|
|
26
36
|
/**
|
|
27
37
|
* Gets a list of all origins of subjects.
|
|
28
38
|
*
|
|
@@ -68,7 +78,7 @@ export type PermissionControllerHasPermissionsAction = {
|
|
|
68
78
|
/**
|
|
69
79
|
* Revokes all permissions from the specified origin.
|
|
70
80
|
*
|
|
71
|
-
* Throws an error
|
|
81
|
+
* Throws an error of the origin has no permissions.
|
|
72
82
|
*
|
|
73
83
|
* @param origin - The origin whose permissions to revoke.
|
|
74
84
|
*/
|
|
@@ -265,37 +275,8 @@ export type PermissionControllerGetEndowmentsAction = {
|
|
|
265
275
|
type: `PermissionController:getEndowments`;
|
|
266
276
|
handler: PermissionController['getEndowments'];
|
|
267
277
|
};
|
|
268
|
-
/**
|
|
269
|
-
* Executes a restricted method as the subject with the given origin.
|
|
270
|
-
* The specified params, if any, will be passed to the method implementation.
|
|
271
|
-
*
|
|
272
|
-
* ATTN: Great caution should be exercised in the use of this method.
|
|
273
|
-
* Methods that cause side effects or affect application state should
|
|
274
|
-
* be avoided.
|
|
275
|
-
*
|
|
276
|
-
* This method will first attempt to retrieve the requested restricted method
|
|
277
|
-
* implementation, throwing if it does not exist. The method will then be
|
|
278
|
-
* invoked as though the subject with the specified origin had invoked it with
|
|
279
|
-
* the specified parameters. This means that any existing caveats will be
|
|
280
|
-
* applied to the restricted method, and this method will throw if the
|
|
281
|
-
* restricted method or its caveat decorators throw.
|
|
282
|
-
*
|
|
283
|
-
* In addition, this method will throw if the subject does not have a
|
|
284
|
-
* permission for the specified restricted method.
|
|
285
|
-
*
|
|
286
|
-
* @param origin - The origin of the subject to execute the method on behalf
|
|
287
|
-
* of.
|
|
288
|
-
* @param targetName - The name of the method to execute. This must be a valid
|
|
289
|
-
* permission target name.
|
|
290
|
-
* @param params - The parameters to pass to the method implementation.
|
|
291
|
-
* @returns The result of the executed method.
|
|
292
|
-
*/
|
|
293
|
-
export type PermissionControllerExecuteRestrictedMethodAction = {
|
|
294
|
-
type: `PermissionController:executeRestrictedMethod`;
|
|
295
|
-
handler: PermissionController['executeRestrictedMethod'];
|
|
296
|
-
};
|
|
297
278
|
/**
|
|
298
279
|
* Union of all PermissionController action types.
|
|
299
280
|
*/
|
|
300
|
-
export type PermissionControllerMethodActions =
|
|
281
|
+
export type PermissionControllerMethodActions = PermissionControllerClearStateAction | PermissionControllerCreatePermissionMiddlewareAction | PermissionControllerGetSubjectNamesAction | PermissionControllerGetPermissionsAction | PermissionControllerHasPermissionAction | PermissionControllerHasPermissionsAction | PermissionControllerRevokeAllPermissionsAction | PermissionControllerRevokePermissionsAction | PermissionControllerRevokePermissionForAllSubjectsAction | PermissionControllerGetCaveatAction | PermissionControllerUpdateCaveatAction | PermissionControllerGrantPermissionsAction | PermissionControllerGrantPermissionsIncrementalAction | PermissionControllerRequestPermissionsAction | PermissionControllerRequestPermissionsIncrementalAction | PermissionControllerGetEndowmentsAction;
|
|
301
282
|
//# sourceMappingURL=PermissionController-method-action-types.d.mts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"PermissionController-method-action-types.d.mts","sourceRoot":"","sources":["../src/PermissionController-method-action-types.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,oBAAoB,EAAE,mCAA+B;AAEnE
|
|
1
|
+
{"version":3,"file":"PermissionController-method-action-types.d.mts","sourceRoot":"","sources":["../src/PermissionController-method-action-types.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,oBAAoB,EAAE,mCAA+B;AAEnE;;GAEG;AACH,MAAM,MAAM,oCAAoC,GAAG;IACjD,IAAI,EAAE,iCAAiC,CAAC;IACxC,OAAO,EAAE,oBAAoB,CAAC,YAAY,CAAC,CAAC;CAC7C,CAAC;AAEF;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,MAAM,oDAAoD,GAAG;IACjE,IAAI,EAAE,iDAAiD,CAAC;IACxD,OAAO,EAAE,oBAAoB,CAAC,4BAA4B,CAAC,CAAC;CAC7D,CAAC;AAEF;;;;GAIG;AACH,MAAM,MAAM,yCAAyC,GAAG;IACtD,IAAI,EAAE,sCAAsC,CAAC;IAC7C,OAAO,EAAE,oBAAoB,CAAC,iBAAiB,CAAC,CAAC;CAClD,CAAC;AAEF;;;;;GAKG;AACH,MAAM,MAAM,wCAAwC,GAAG;IACrD,IAAI,EAAE,qCAAqC,CAAC;IAC5C,OAAO,EAAE,oBAAoB,CAAC,gBAAgB,CAAC,CAAC;CACjD,CAAC;AAEF;;;;;;;GAOG;AACH,MAAM,MAAM,uCAAuC,GAAG;IACpD,IAAI,EAAE,oCAAoC,CAAC;IAC3C,OAAO,EAAE,oBAAoB,CAAC,eAAe,CAAC,CAAC;CAChD,CAAC;AAEF;;;;;;GAMG;AACH,MAAM,MAAM,wCAAwC,GAAG;IACrD,IAAI,EAAE,qCAAqC,CAAC;IAC5C,OAAO,EAAE,oBAAoB,CAAC,gBAAgB,CAAC,CAAC;CACjD,CAAC;AAEF;;;;;;GAMG;AACH,MAAM,MAAM,8CAA8C,GAAG;IAC3D,IAAI,EAAE,2CAA2C,CAAC;IAClD,OAAO,EAAE,oBAAoB,CAAC,sBAAsB,CAAC,CAAC;CACvD,CAAC;AAEF;;;;;;;GAOG;AACH,MAAM,MAAM,2CAA2C,GAAG;IACxD,IAAI,EAAE,wCAAwC,CAAC;IAC/C,OAAO,EAAE,oBAAoB,CAAC,mBAAmB,CAAC,CAAC;CACpD,CAAC;AAEF;;;;;GAKG;AACH,MAAM,MAAM,wDAAwD,GAAG;IACrE,IAAI,EAAE,qDAAqD,CAAC;IAC5D,OAAO,EAAE,oBAAoB,CAAC,gCAAgC,CAAC,CAAC;CACjE,CAAC;AAEF;;;;;;;;;;;;;;GAcG;AACH,MAAM,MAAM,mCAAmC,GAAG;IAChD,IAAI,EAAE,gCAAgC,CAAC;IACvC,OAAO,EAAE,oBAAoB,CAAC,WAAW,CAAC,CAAC;CAC5C,CAAC;AAEF;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAM,MAAM,sCAAsC,GAAG;IACnD,IAAI,EAAE,mCAAmC,CAAC;IAC1C,OAAO,EAAE,oBAAoB,CAAC,cAAc,CAAC,CAAC;CAC/C,CAAC;AAEF;;;;;;;;;;;;;;;;;;;GAmBG;AACH,MAAM,MAAM,0CAA0C,GAAG;IACvD,IAAI,EAAE,uCAAuC,CAAC;IAC9C,OAAO,EAAE,oBAAoB,CAAC,kBAAkB,CAAC,CAAC;CACnD,CAAC;AAEF;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAM,MAAM,qDAAqD,GAAG;IAClE,IAAI,EAAE,kDAAkD,CAAC;IACzD,OAAO,EAAE,oBAAoB,CAAC,6BAA6B,CAAC,CAAC;CAC9D,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,MAAM,MAAM,4CAA4C,GAAG;IACzD,IAAI,EAAE,yCAAyC,CAAC;IAChD,OAAO,EAAE,oBAAoB,CAAC,oBAAoB,CAAC,CAAC;CACrD,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA8BG;AACH,MAAM,MAAM,uDAAuD,GAAG;IACpE,IAAI,EAAE,oDAAoD,CAAC;IAC3D,OAAO,EAAE,oBAAoB,CAAC,+BAA+B,CAAC,CAAC;CAChE,CAAC;AAEF;;;;;;;;;;;GAWG;AACH,MAAM,MAAM,uCAAuC,GAAG;IACpD,IAAI,EAAE,oCAAoC,CAAC;IAC3C,OAAO,EAAE,oBAAoB,CAAC,eAAe,CAAC,CAAC;CAChD,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,iCAAiC,GACzC,oCAAoC,GACpC,oDAAoD,GACpD,yCAAyC,GACzC,wCAAwC,GACxC,uCAAuC,GACvC,wCAAwC,GACxC,8CAA8C,GAC9C,2CAA2C,GAC3C,wDAAwD,GACxD,mCAAmC,GACnC,sCAAsC,GACtC,0CAA0C,GAC1C,qDAAqD,GACrD,4CAA4C,GAC5C,uDAAuD,GACvD,uCAAuC,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"PermissionController-method-action-types.mjs","sourceRoot":"","sources":["../src/PermissionController-method-action-types.ts"],"names":[],"mappings":"AAAA;;;GAGG","sourcesContent":["/**\n * This file is auto generated.\n * Do not edit manually.\n */\n\nimport type { PermissionController } from './PermissionController';\n\n/**\n * Checks whether the given method was declared as unrestricted at\n * construction time. Methods unknown to the controller return `false` and\n * would be treated as restricted by callers such as the permission\n * middleware.\n *\n * @param method - The name of the method to check.\n * @returns Whether the method is unrestricted.\n */\nexport type PermissionControllerHasUnrestrictedMethodAction = {\n type: `PermissionController:hasUnrestrictedMethod`;\n handler: PermissionController['hasUnrestrictedMethod'];\n};\n\n/**\n * Clears the state of the controller.\n */\nexport type PermissionControllerClearStateAction = {\n type: `PermissionController:clearState`;\n handler: PermissionController['clearState'];\n};\n\n/**\n * Gets a list of all origins of subjects.\n *\n * @returns The origins (i.e. IDs) of all subjects.\n */\nexport type PermissionControllerGetSubjectNamesAction = {\n type: `PermissionController:getSubjectNames`;\n handler: PermissionController['getSubjectNames'];\n};\n\n/**\n * Gets all permissions for the specified subject, if any.\n *\n * @param origin - The origin of the subject.\n * @returns The permissions of the subject, if any.\n */\nexport type PermissionControllerGetPermissionsAction = {\n type: `PermissionController:getPermissions`;\n handler: PermissionController['getPermissions'];\n};\n\n/**\n * Checks whether the subject with the specified origin has the specified\n * permission.\n *\n * @param origin - The origin of the subject.\n * @param target - The target name of the permission.\n * @returns Whether the subject has the permission.\n */\nexport type PermissionControllerHasPermissionAction = {\n type: `PermissionController:hasPermission`;\n handler: PermissionController['hasPermission'];\n};\n\n/**\n * Checks whether the subject with the specified origin has any permissions.\n * Use this if you want to know if a subject \"exists\".\n *\n * @param origin - The origin of the subject to check.\n * @returns Whether the subject has any permissions.\n */\nexport type PermissionControllerHasPermissionsAction = {\n type: `PermissionController:hasPermissions`;\n handler: PermissionController['hasPermissions'];\n};\n\n/**\n * Revokes all permissions from the specified origin.\n *\n * Throws an error if the origin has no permissions.\n *\n * @param origin - The origin whose permissions to revoke.\n */\nexport type PermissionControllerRevokeAllPermissionsAction = {\n type: `PermissionController:revokeAllPermissions`;\n handler: PermissionController['revokeAllPermissions'];\n};\n\n/**\n * Revokes the specified permissions from the specified subjects.\n *\n * Throws an error if any of the subjects or permissions do not exist.\n *\n * @param subjectsAndPermissions - An object mapping subject origins\n * to arrays of permission target names to revoke.\n */\nexport type PermissionControllerRevokePermissionsAction = {\n type: `PermissionController:revokePermissions`;\n handler: PermissionController['revokePermissions'];\n};\n\n/**\n * Revokes all permissions corresponding to the specified target for all subjects.\n * Does nothing if no subjects or no such permission exists.\n *\n * @param target - The name of the target to revoke all permissions for.\n */\nexport type PermissionControllerRevokePermissionForAllSubjectsAction = {\n type: `PermissionController:revokePermissionForAllSubjects`;\n handler: PermissionController['revokePermissionForAllSubjects'];\n};\n\n/**\n * Gets the caveat of the specified type, if any, for the permission of\n * the subject corresponding to the given origin.\n *\n * Throws an error if the subject does not have a permission with the\n * specified target name.\n *\n * @template TargetName - The permission target name. Should be inferred.\n * @template CaveatType - The valid caveat types for the permission. Should\n * be inferred.\n * @param origin - The origin of the subject.\n * @param target - The target name of the permission.\n * @param caveatType - The type of the caveat to get.\n * @returns The caveat, or `undefined` if no such caveat exists.\n */\nexport type PermissionControllerGetCaveatAction = {\n type: `PermissionController:getCaveat`;\n handler: PermissionController['getCaveat'];\n};\n\n/**\n * Updates the value of the caveat of the specified type belonging to the\n * permission corresponding to the given subject origin and permission\n * target.\n *\n * For adding new caveats, use\n * {@link PermissionController.addCaveat}.\n *\n * Throws an error if no such permission or caveat exists.\n *\n * @template TargetName - The permission target name. Should be inferred.\n * @template CaveatType - The valid caveat types for the permission. Should\n * be inferred.\n * @param origin - The origin of the subject.\n * @param target - The target name of the permission.\n * @param caveatType - The type of the caveat to update.\n * @param caveatValue - The new value of the caveat.\n */\nexport type PermissionControllerUpdateCaveatAction = {\n type: `PermissionController:updateCaveat`;\n handler: PermissionController['updateCaveat'];\n};\n\n/**\n * Grants _approved_ permissions to the specified subject. Every permission and\n * caveat is stringently validated—including by calling their specification\n * validators—and an error is thrown if validation fails.\n *\n * ATTN: This method does **not** prompt the user for approval. User consent must\n * first be obtained through some other means.\n *\n * @see {@link PermissionController.requestPermissions} For initiating a\n * permissions request requiring user approval.\n * @param options - Options bag.\n * @param options.approvedPermissions - The requested permissions approved by\n * the user.\n * @param options.requestData - Permission request data. Passed to permission\n * factory functions.\n * @param options.preserveExistingPermissions - Whether to preserve the\n * subject's existing permissions.\n * @param options.subject - The subject to grant permissions to.\n * @returns The subject's new permission state. It may or may not have changed.\n */\nexport type PermissionControllerGrantPermissionsAction = {\n type: `PermissionController:grantPermissions`;\n handler: PermissionController['grantPermissions'];\n};\n\n/**\n * Incrementally grants _approved_ permissions to the specified subject. Every\n * permission and caveat is stringently validated—including by calling their\n * specification validators—and an error is thrown if validation fails.\n *\n * ATTN: This method does **not** prompt the user for approval. User consent must\n * first be obtained through some other means.\n *\n * @see {@link PermissionController.requestPermissionsIncremental} For initiating\n * an incremental permissions request requiring user approval.\n * @param options - Options bag.\n * @param options.approvedPermissions - The requested permissions approved by\n * the user.\n * @param options.requestData - Permission request data. Passed to permission\n * factory functions.\n * @param options.subject - The subject to grant permissions to.\n * @returns The subject's new permission state. It may or may not have changed.\n */\nexport type PermissionControllerGrantPermissionsIncrementalAction = {\n type: `PermissionController:grantPermissionsIncremental`;\n handler: PermissionController['grantPermissionsIncremental'];\n};\n\n/**\n * Initiates a permission request that requires user approval.\n *\n * Either this or {@link PermissionController.requestPermissionsIncremental}\n * should always be used to grant additional permissions to a subject,\n * unless user approval has been obtained through some other means.\n *\n * Permissions are validated at every step of the approval process, and this\n * method will reject if validation fails.\n *\n * @see {@link ApprovalController} For the user approval logic.\n * @see {@link PermissionController.acceptPermissionsRequest} For the method\n * that _accepts_ the request and resolves the user approval promise.\n * @see {@link PermissionController.rejectPermissionsRequest} For the method\n * that _rejects_ the request and the user approval promise.\n * @param subject - The grantee subject.\n * @param requestedPermissions - The requested permissions.\n * @param options - Additional options.\n * @param options.id - The id of the permissions request. Defaults to a unique\n * id.\n * @param options.preserveExistingPermissions - Whether to preserve the\n * subject's existing permissions. Defaults to `true`.\n * @param options.metadata - Additional metadata about the permission request.\n * @returns The granted permissions and request metadata.\n */\nexport type PermissionControllerRequestPermissionsAction = {\n type: `PermissionController:requestPermissions`;\n handler: PermissionController['requestPermissions'];\n};\n\n/**\n * Initiates an incremental permission request that prompts for user approval.\n * Incremental permission requests allow the caller to replace existing and/or\n * add brand new permissions and caveats for the specified subject.\n *\n * Incremental permission request are merged with the subject's existing permissions\n * through a right-biased union, where the incremental permission are the right-hand\n * side of the merger. If both sides of the merger specify the same caveats for a\n * given permission, the caveats are merged using their specification's caveat value\n * merger property.\n *\n * Either this or {@link PermissionController.requestPermissions} should\n * always be used to grant additional permissions to a subject, unless user\n * approval has been obtained through some other means.\n *\n * Permissions are validated at every step of the approval process, and this\n * method will reject if validation fails.\n *\n * @see {@link ApprovalController} For the user approval logic.\n * @see {@link PermissionController.acceptPermissionsRequest} For the method\n * that _accepts_ the request and resolves the user approval promise.\n * @see {@link PermissionController.rejectPermissionsRequest} For the method\n * that _rejects_ the request and the user approval promise.\n * @param subject - The grantee subject.\n * @param requestedPermissions - The requested permissions.\n * @param options - Additional options.\n * @param options.id - The id of the permissions request. Defaults to a unique\n * id.\n * @param options.metadata - Additional metadata about the permission request.\n * @returns The granted permissions and request metadata.\n */\nexport type PermissionControllerRequestPermissionsIncrementalAction = {\n type: `PermissionController:requestPermissionsIncremental`;\n handler: PermissionController['requestPermissionsIncremental'];\n};\n\n/**\n * Gets the subject's endowments per the specified endowment permission.\n * Throws if the subject does not have the required permission or if the\n * permission is not an endowment permission.\n *\n * @param origin - The origin of the subject whose endowments to retrieve.\n * @param targetName - The name of the endowment permission. This must be a\n * valid permission target name.\n * @param requestData - Additional data associated with the request, if any.\n * Forwarded to the endowment getter function for the permission.\n * @returns The endowments, if any.\n */\nexport type PermissionControllerGetEndowmentsAction = {\n type: `PermissionController:getEndowments`;\n handler: PermissionController['getEndowments'];\n};\n\n/**\n * Executes a restricted method as the subject with the given origin.\n * The specified params, if any, will be passed to the method implementation.\n *\n * ATTN: Great caution should be exercised in the use of this method.\n * Methods that cause side effects or affect application state should\n * be avoided.\n *\n * This method will first attempt to retrieve the requested restricted method\n * implementation, throwing if it does not exist. The method will then be\n * invoked as though the subject with the specified origin had invoked it with\n * the specified parameters. This means that any existing caveats will be\n * applied to the restricted method, and this method will throw if the\n * restricted method or its caveat decorators throw.\n *\n * In addition, this method will throw if the subject does not have a\n * permission for the specified restricted method.\n *\n * @param origin - The origin of the subject to execute the method on behalf\n * of.\n * @param targetName - The name of the method to execute. This must be a valid\n * permission target name.\n * @param params - The parameters to pass to the method implementation.\n * @returns The result of the executed method.\n */\nexport type PermissionControllerExecuteRestrictedMethodAction = {\n type: `PermissionController:executeRestrictedMethod`;\n handler: PermissionController['executeRestrictedMethod'];\n};\n\n/**\n * Union of all PermissionController action types.\n */\nexport type PermissionControllerMethodActions =\n | PermissionControllerHasUnrestrictedMethodAction\n | PermissionControllerClearStateAction\n | PermissionControllerGetSubjectNamesAction\n | PermissionControllerGetPermissionsAction\n | PermissionControllerHasPermissionAction\n | PermissionControllerHasPermissionsAction\n | PermissionControllerRevokeAllPermissionsAction\n | PermissionControllerRevokePermissionsAction\n | PermissionControllerRevokePermissionForAllSubjectsAction\n | PermissionControllerGetCaveatAction\n | PermissionControllerUpdateCaveatAction\n | PermissionControllerGrantPermissionsAction\n | PermissionControllerGrantPermissionsIncrementalAction\n | PermissionControllerRequestPermissionsAction\n | PermissionControllerRequestPermissionsIncrementalAction\n | PermissionControllerGetEndowmentsAction\n | PermissionControllerExecuteRestrictedMethodAction;\n"]}
|
|
1
|
+
{"version":3,"file":"PermissionController-method-action-types.mjs","sourceRoot":"","sources":["../src/PermissionController-method-action-types.ts"],"names":[],"mappings":"AAAA;;;GAGG","sourcesContent":["/**\n * This file is auto generated.\n * Do not edit manually.\n */\n\nimport type { PermissionController } from './PermissionController';\n\n/**\n * Clears the state of the controller.\n */\nexport type PermissionControllerClearStateAction = {\n type: `PermissionController:clearState`;\n handler: PermissionController['clearState'];\n};\n\n/**\n * Creates a permission middleware function. Like any {@link JsonRpcEngine}\n * middleware, each middleware will only receive requests from a particular\n * subject / origin.\n *\n * The middlewares returned will pass through requests for\n * unrestricted methods, and attempt to execute restricted methods. If a method\n * is neither restricted nor unrestricted, a \"method not found\" error will be\n * returned.\n * If a method is restricted, the middleware will first attempt to retrieve the\n * subject's permission for that method. If the permission is found, the method\n * will be executed. Otherwise, an \"unauthorized\" error will be returned.\n *\n * The middleware **must** be added in the correct place in the middleware\n * stack in order for it to work. See the README for an example.\n *\n * @param subject The permission subject.\n * @returns A `json-rpc-engine` middleware.\n */\nexport type PermissionControllerCreatePermissionMiddlewareAction = {\n type: `PermissionController:createPermissionMiddleware`;\n handler: PermissionController['createPermissionMiddleware'];\n};\n\n/**\n * Gets a list of all origins of subjects.\n *\n * @returns The origins (i.e. IDs) of all subjects.\n */\nexport type PermissionControllerGetSubjectNamesAction = {\n type: `PermissionController:getSubjectNames`;\n handler: PermissionController['getSubjectNames'];\n};\n\n/**\n * Gets all permissions for the specified subject, if any.\n *\n * @param origin - The origin of the subject.\n * @returns The permissions of the subject, if any.\n */\nexport type PermissionControllerGetPermissionsAction = {\n type: `PermissionController:getPermissions`;\n handler: PermissionController['getPermissions'];\n};\n\n/**\n * Checks whether the subject with the specified origin has the specified\n * permission.\n *\n * @param origin - The origin of the subject.\n * @param target - The target name of the permission.\n * @returns Whether the subject has the permission.\n */\nexport type PermissionControllerHasPermissionAction = {\n type: `PermissionController:hasPermission`;\n handler: PermissionController['hasPermission'];\n};\n\n/**\n * Checks whether the subject with the specified origin has any permissions.\n * Use this if you want to know if a subject \"exists\".\n *\n * @param origin - The origin of the subject to check.\n * @returns Whether the subject has any permissions.\n */\nexport type PermissionControllerHasPermissionsAction = {\n type: `PermissionController:hasPermissions`;\n handler: PermissionController['hasPermissions'];\n};\n\n/**\n * Revokes all permissions from the specified origin.\n *\n * Throws an error of the origin has no permissions.\n *\n * @param origin - The origin whose permissions to revoke.\n */\nexport type PermissionControllerRevokeAllPermissionsAction = {\n type: `PermissionController:revokeAllPermissions`;\n handler: PermissionController['revokeAllPermissions'];\n};\n\n/**\n * Revokes the specified permissions from the specified subjects.\n *\n * Throws an error if any of the subjects or permissions do not exist.\n *\n * @param subjectsAndPermissions - An object mapping subject origins\n * to arrays of permission target names to revoke.\n */\nexport type PermissionControllerRevokePermissionsAction = {\n type: `PermissionController:revokePermissions`;\n handler: PermissionController['revokePermissions'];\n};\n\n/**\n * Revokes all permissions corresponding to the specified target for all subjects.\n * Does nothing if no subjects or no such permission exists.\n *\n * @param target - The name of the target to revoke all permissions for.\n */\nexport type PermissionControllerRevokePermissionForAllSubjectsAction = {\n type: `PermissionController:revokePermissionForAllSubjects`;\n handler: PermissionController['revokePermissionForAllSubjects'];\n};\n\n/**\n * Gets the caveat of the specified type, if any, for the permission of\n * the subject corresponding to the given origin.\n *\n * Throws an error if the subject does not have a permission with the\n * specified target name.\n *\n * @template TargetName - The permission target name. Should be inferred.\n * @template CaveatType - The valid caveat types for the permission. Should\n * be inferred.\n * @param origin - The origin of the subject.\n * @param target - The target name of the permission.\n * @param caveatType - The type of the caveat to get.\n * @returns The caveat, or `undefined` if no such caveat exists.\n */\nexport type PermissionControllerGetCaveatAction = {\n type: `PermissionController:getCaveat`;\n handler: PermissionController['getCaveat'];\n};\n\n/**\n * Updates the value of the caveat of the specified type belonging to the\n * permission corresponding to the given subject origin and permission\n * target.\n *\n * For adding new caveats, use\n * {@link PermissionController.addCaveat}.\n *\n * Throws an error if no such permission or caveat exists.\n *\n * @template TargetName - The permission target name. Should be inferred.\n * @template CaveatType - The valid caveat types for the permission. Should\n * be inferred.\n * @param origin - The origin of the subject.\n * @param target - The target name of the permission.\n * @param caveatType - The type of the caveat to update.\n * @param caveatValue - The new value of the caveat.\n */\nexport type PermissionControllerUpdateCaveatAction = {\n type: `PermissionController:updateCaveat`;\n handler: PermissionController['updateCaveat'];\n};\n\n/**\n * Grants _approved_ permissions to the specified subject. Every permission and\n * caveat is stringently validated—including by calling their specification\n * validators—and an error is thrown if validation fails.\n *\n * ATTN: This method does **not** prompt the user for approval. User consent must\n * first be obtained through some other means.\n *\n * @see {@link PermissionController.requestPermissions} For initiating a\n * permissions request requiring user approval.\n * @param options - Options bag.\n * @param options.approvedPermissions - The requested permissions approved by\n * the user.\n * @param options.requestData - Permission request data. Passed to permission\n * factory functions.\n * @param options.preserveExistingPermissions - Whether to preserve the\n * subject's existing permissions.\n * @param options.subject - The subject to grant permissions to.\n * @returns The subject's new permission state. It may or may not have changed.\n */\nexport type PermissionControllerGrantPermissionsAction = {\n type: `PermissionController:grantPermissions`;\n handler: PermissionController['grantPermissions'];\n};\n\n/**\n * Incrementally grants _approved_ permissions to the specified subject. Every\n * permission and caveat is stringently validated—including by calling their\n * specification validators—and an error is thrown if validation fails.\n *\n * ATTN: This method does **not** prompt the user for approval. User consent must\n * first be obtained through some other means.\n *\n * @see {@link PermissionController.requestPermissionsIncremental} For initiating\n * an incremental permissions request requiring user approval.\n * @param options - Options bag.\n * @param options.approvedPermissions - The requested permissions approved by\n * the user.\n * @param options.requestData - Permission request data. Passed to permission\n * factory functions.\n * @param options.subject - The subject to grant permissions to.\n * @returns The subject's new permission state. It may or may not have changed.\n */\nexport type PermissionControllerGrantPermissionsIncrementalAction = {\n type: `PermissionController:grantPermissionsIncremental`;\n handler: PermissionController['grantPermissionsIncremental'];\n};\n\n/**\n * Initiates a permission request that requires user approval.\n *\n * Either this or {@link PermissionController.requestPermissionsIncremental}\n * should always be used to grant additional permissions to a subject,\n * unless user approval has been obtained through some other means.\n *\n * Permissions are validated at every step of the approval process, and this\n * method will reject if validation fails.\n *\n * @see {@link ApprovalController} For the user approval logic.\n * @see {@link PermissionController.acceptPermissionsRequest} For the method\n * that _accepts_ the request and resolves the user approval promise.\n * @see {@link PermissionController.rejectPermissionsRequest} For the method\n * that _rejects_ the request and the user approval promise.\n * @param subject - The grantee subject.\n * @param requestedPermissions - The requested permissions.\n * @param options - Additional options.\n * @param options.id - The id of the permissions request. Defaults to a unique\n * id.\n * @param options.preserveExistingPermissions - Whether to preserve the\n * subject's existing permissions. Defaults to `true`.\n * @param options.metadata - Additional metadata about the permission request.\n * @returns The granted permissions and request metadata.\n */\nexport type PermissionControllerRequestPermissionsAction = {\n type: `PermissionController:requestPermissions`;\n handler: PermissionController['requestPermissions'];\n};\n\n/**\n * Initiates an incremental permission request that prompts for user approval.\n * Incremental permission requests allow the caller to replace existing and/or\n * add brand new permissions and caveats for the specified subject.\n *\n * Incremental permission request are merged with the subject's existing permissions\n * through a right-biased union, where the incremental permission are the right-hand\n * side of the merger. If both sides of the merger specify the same caveats for a\n * given permission, the caveats are merged using their specification's caveat value\n * merger property.\n *\n * Either this or {@link PermissionController.requestPermissions} should\n * always be used to grant additional permissions to a subject, unless user\n * approval has been obtained through some other means.\n *\n * Permissions are validated at every step of the approval process, and this\n * method will reject if validation fails.\n *\n * @see {@link ApprovalController} For the user approval logic.\n * @see {@link PermissionController.acceptPermissionsRequest} For the method\n * that _accepts_ the request and resolves the user approval promise.\n * @see {@link PermissionController.rejectPermissionsRequest} For the method\n * that _rejects_ the request and the user approval promise.\n * @param subject - The grantee subject.\n * @param requestedPermissions - The requested permissions.\n * @param options - Additional options.\n * @param options.id - The id of the permissions request. Defaults to a unique\n * id.\n * @param options.metadata - Additional metadata about the permission request.\n * @returns The granted permissions and request metadata.\n */\nexport type PermissionControllerRequestPermissionsIncrementalAction = {\n type: `PermissionController:requestPermissionsIncremental`;\n handler: PermissionController['requestPermissionsIncremental'];\n};\n\n/**\n * Gets the subject's endowments per the specified endowment permission.\n * Throws if the subject does not have the required permission or if the\n * permission is not an endowment permission.\n *\n * @param origin - The origin of the subject whose endowments to retrieve.\n * @param targetName - The name of the endowment permission. This must be a\n * valid permission target name.\n * @param requestData - Additional data associated with the request, if any.\n * Forwarded to the endowment getter function for the permission.\n * @returns The endowments, if any.\n */\nexport type PermissionControllerGetEndowmentsAction = {\n type: `PermissionController:getEndowments`;\n handler: PermissionController['getEndowments'];\n};\n\n/**\n * Union of all PermissionController action types.\n */\nexport type PermissionControllerMethodActions =\n | PermissionControllerClearStateAction\n | PermissionControllerCreatePermissionMiddlewareAction\n | PermissionControllerGetSubjectNamesAction\n | PermissionControllerGetPermissionsAction\n | PermissionControllerHasPermissionAction\n | PermissionControllerHasPermissionsAction\n | PermissionControllerRevokeAllPermissionsAction\n | PermissionControllerRevokePermissionsAction\n | PermissionControllerRevokePermissionForAllSubjectsAction\n | PermissionControllerGetCaveatAction\n | PermissionControllerUpdateCaveatAction\n | PermissionControllerGrantPermissionsAction\n | PermissionControllerGrantPermissionsIncrementalAction\n | PermissionControllerRequestPermissionsAction\n | PermissionControllerRequestPermissionsIncrementalAction\n | PermissionControllerGetEndowmentsAction;\n"]}
|
|
@@ -13,11 +13,12 @@ var __classPrivateFieldSet = (this && this.__classPrivateFieldSet) || function (
|
|
|
13
13
|
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
14
14
|
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
15
15
|
};
|
|
16
|
-
var _PermissionController_instances, _PermissionController_caveatSpecifications, _PermissionController_permissionSpecifications, _PermissionController_unrestrictedMethods, _PermissionController_getPermissionSpecification, _PermissionController_getCaveatSpecification, _PermissionController_expectGetCaveatMerger, _PermissionController_validatePermissionSpecifications, _PermissionController_getTypedPermissionSpecification,
|
|
16
|
+
var _PermissionController_instances, _PermissionController_caveatSpecifications, _PermissionController_permissionSpecifications, _PermissionController_unrestrictedMethods, _PermissionController_getPermissionSpecification, _PermissionController_getCaveatSpecification, _PermissionController_expectGetCaveatMerger, _PermissionController_validatePermissionSpecifications, _PermissionController_getTypedPermissionSpecification, _PermissionController_deletePermission, _PermissionController_setCaveat, _PermissionController_deleteCaveat, _PermissionController_validateModifiedPermission, _PermissionController_targetExists, _PermissionController_applyGrantedPermissions, _PermissionController_validatePermission, _PermissionController_setValidatedPermissions, _PermissionController_constructCaveats, _PermissionController_validateCaveat, _PermissionController_validateRequestedPermissions, _PermissionController_mergeIncrementalPermissions, _PermissionController_mergePermission, _PermissionController_mergeCaveat, _PermissionController_requestUserApproval, _PermissionController_handleApprovedPermissions, _PermissionController_getSideEffects, _PermissionController_executeSideEffects, _PermissionController_validateApprovedPermissions, _PermissionController_hasApprovalRequest, _PermissionController_rejectPermissionsRequest, _PermissionController_executeRestrictedMethod;
|
|
17
17
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
18
18
|
exports.PermissionController = exports.CaveatMutatorOperation = void 0;
|
|
19
19
|
const base_controller_1 = require("@metamask/base-controller");
|
|
20
20
|
const controller_utils_1 = require("@metamask/controller-utils");
|
|
21
|
+
const json_rpc_engine_1 = require("@metamask/json-rpc-engine");
|
|
21
22
|
const rpc_errors_1 = require("@metamask/rpc-errors");
|
|
22
23
|
const utils_1 = require("@metamask/utils");
|
|
23
24
|
const deep_freeze_strict_1 = __importDefault(require("deep-freeze-strict"));
|
|
@@ -33,13 +34,11 @@ const utils_2 = require("./utils.cjs");
|
|
|
33
34
|
const controllerName = 'PermissionController';
|
|
34
35
|
const MESSENGER_EXPOSED_METHODS = [
|
|
35
36
|
'clearState',
|
|
36
|
-
'executeRestrictedMethod',
|
|
37
37
|
'getEndowments',
|
|
38
38
|
'getSubjectNames',
|
|
39
39
|
'getPermissions',
|
|
40
40
|
'hasPermission',
|
|
41
41
|
'hasPermissions',
|
|
42
|
-
'hasUnrestrictedMethod',
|
|
43
42
|
'grantPermissions',
|
|
44
43
|
'grantPermissionsIncremental',
|
|
45
44
|
'requestPermissions',
|
|
@@ -49,6 +48,7 @@ const MESSENGER_EXPOSED_METHODS = [
|
|
|
49
48
|
'revokePermissions',
|
|
50
49
|
'updateCaveat',
|
|
51
50
|
'getCaveat',
|
|
51
|
+
'createPermissionMiddleware',
|
|
52
52
|
];
|
|
53
53
|
/**
|
|
54
54
|
* Get the state metadata of the {@link PermissionController}.
|
|
@@ -107,18 +107,6 @@ class PermissionController extends base_controller_1.BaseController {
|
|
|
107
107
|
get unrestrictedMethods() {
|
|
108
108
|
return __classPrivateFieldGet(this, _PermissionController_unrestrictedMethods, "f");
|
|
109
109
|
}
|
|
110
|
-
/**
|
|
111
|
-
* Checks whether the given method was declared as unrestricted at
|
|
112
|
-
* construction time. Methods unknown to the controller return `false` and
|
|
113
|
-
* would be treated as restricted by callers such as the permission
|
|
114
|
-
* middleware.
|
|
115
|
-
*
|
|
116
|
-
* @param method - The name of the method to check.
|
|
117
|
-
* @returns Whether the method is unrestricted.
|
|
118
|
-
*/
|
|
119
|
-
hasUnrestrictedMethod(method) {
|
|
120
|
-
return __classPrivateFieldGet(this, _PermissionController_unrestrictedMethods, "f").has(method);
|
|
121
|
-
}
|
|
122
110
|
/**
|
|
123
111
|
* Constructs the PermissionController.
|
|
124
112
|
*
|
|
@@ -169,6 +157,64 @@ class PermissionController extends base_controller_1.BaseController {
|
|
|
169
157
|
};
|
|
170
158
|
});
|
|
171
159
|
}
|
|
160
|
+
/**
|
|
161
|
+
* Creates a permission middleware function. Like any {@link JsonRpcEngine}
|
|
162
|
+
* middleware, each middleware will only receive requests from a particular
|
|
163
|
+
* subject / origin.
|
|
164
|
+
*
|
|
165
|
+
* The middlewares returned will pass through requests for
|
|
166
|
+
* unrestricted methods, and attempt to execute restricted methods. If a method
|
|
167
|
+
* is neither restricted nor unrestricted, a "method not found" error will be
|
|
168
|
+
* returned.
|
|
169
|
+
* If a method is restricted, the middleware will first attempt to retrieve the
|
|
170
|
+
* subject's permission for that method. If the permission is found, the method
|
|
171
|
+
* will be executed. Otherwise, an "unauthorized" error will be returned.
|
|
172
|
+
*
|
|
173
|
+
* The middleware **must** be added in the correct place in the middleware
|
|
174
|
+
* stack in order for it to work. See the README for an example.
|
|
175
|
+
*
|
|
176
|
+
* @param subject The permission subject.
|
|
177
|
+
* @returns A `json-rpc-engine` middleware.
|
|
178
|
+
*/
|
|
179
|
+
createPermissionMiddleware(subject) {
|
|
180
|
+
const { origin } = subject;
|
|
181
|
+
if (typeof origin !== 'string' || !origin) {
|
|
182
|
+
throw new Error('The subject "origin" must be a non-empty string.');
|
|
183
|
+
}
|
|
184
|
+
const permissionsMiddleware = async (req, res, next) => {
|
|
185
|
+
const { method, params } = req;
|
|
186
|
+
// Skip registered unrestricted methods.
|
|
187
|
+
if (__classPrivateFieldGet(this, _PermissionController_unrestrictedMethods, "f").has(method)) {
|
|
188
|
+
return next();
|
|
189
|
+
}
|
|
190
|
+
// This will throw if no restricted method implementation is found.
|
|
191
|
+
const methodImplementation = this.getRestrictedMethod(method, origin);
|
|
192
|
+
// This will throw if the permission does not exist.
|
|
193
|
+
const result = await __classPrivateFieldGet(this, _PermissionController_instances, "m", _PermissionController_executeRestrictedMethod).call(this, methodImplementation, subject, method, params);
|
|
194
|
+
if (result === undefined) {
|
|
195
|
+
res.error = (0, errors_1.internalError)(`Request for method "${req.method}" returned undefined result.`, { request: req });
|
|
196
|
+
return undefined;
|
|
197
|
+
}
|
|
198
|
+
res.result = result;
|
|
199
|
+
return undefined;
|
|
200
|
+
};
|
|
201
|
+
return (0, json_rpc_engine_1.createAsyncMiddleware)(permissionsMiddleware);
|
|
202
|
+
}
|
|
203
|
+
/**
|
|
204
|
+
* Gets the implementation of the specified restricted method.
|
|
205
|
+
*
|
|
206
|
+
* A JSON-RPC error is thrown if the method does not exist.
|
|
207
|
+
*
|
|
208
|
+
* @see {@link PermissionController.executeRestrictedMethod} and
|
|
209
|
+
* {@link PermissionController.createPermissionMiddleware} for internal usage.
|
|
210
|
+
* @param method - The name of the restricted method.
|
|
211
|
+
* @param origin - The origin associated with the request for the restricted
|
|
212
|
+
* method, if any.
|
|
213
|
+
* @returns The restricted method implementation.
|
|
214
|
+
*/
|
|
215
|
+
getRestrictedMethod(method, origin) {
|
|
216
|
+
return __classPrivateFieldGet(this, _PermissionController_instances, "m", _PermissionController_getTypedPermissionSpecification).call(this, Permission_1.PermissionType.RestrictedMethod, method, origin).methodImplementation;
|
|
217
|
+
}
|
|
172
218
|
/**
|
|
173
219
|
* Gets a list of all origins of subjects.
|
|
174
220
|
*
|
|
@@ -222,7 +268,7 @@ class PermissionController extends base_controller_1.BaseController {
|
|
|
222
268
|
/**
|
|
223
269
|
* Revokes all permissions from the specified origin.
|
|
224
270
|
*
|
|
225
|
-
* Throws an error
|
|
271
|
+
* Throws an error of the origin has no permissions.
|
|
226
272
|
*
|
|
227
273
|
* @param origin - The origin whose permissions to revoke.
|
|
228
274
|
*/
|
|
@@ -734,12 +780,10 @@ class PermissionController extends base_controller_1.BaseController {
|
|
|
734
780
|
*/
|
|
735
781
|
async executeRestrictedMethod(origin, targetName, params) {
|
|
736
782
|
// Throws if the method does not exist
|
|
737
|
-
const methodImplementation =
|
|
783
|
+
const methodImplementation = this.getRestrictedMethod(targetName, origin);
|
|
738
784
|
const result = await __classPrivateFieldGet(this, _PermissionController_instances, "m", _PermissionController_executeRestrictedMethod).call(this, methodImplementation, { origin }, targetName, params);
|
|
739
|
-
// This is impossible if the restricted method implementation is typed correctly,
|
|
740
|
-
// but we maintain it for backwards compatibility.
|
|
741
785
|
if (result === undefined) {
|
|
742
|
-
throw new Error(`
|
|
786
|
+
throw new Error(`Internal request for method "${targetName}" as origin "${origin}" returned no result.`);
|
|
743
787
|
}
|
|
744
788
|
return result;
|
|
745
789
|
}
|
|
@@ -784,7 +828,7 @@ _PermissionController_caveatSpecifications = new WeakMap(), _PermissionControlle
|
|
|
784
828
|
});
|
|
785
829
|
}, _PermissionController_getTypedPermissionSpecification = function _PermissionController_getTypedPermissionSpecification(permissionType, targetName, requestingOrigin) {
|
|
786
830
|
const failureError = permissionType === Permission_1.PermissionType.RestrictedMethod
|
|
787
|
-
? (0, errors_1.methodNotFound)(targetName, { origin: requestingOrigin })
|
|
831
|
+
? (0, errors_1.methodNotFound)(targetName, requestingOrigin ? { origin: requestingOrigin } : undefined)
|
|
788
832
|
: new errors_1.EndowmentPermissionDoesNotExistError(targetName, requestingOrigin);
|
|
789
833
|
if (!__classPrivateFieldGet(this, _PermissionController_instances, "m", _PermissionController_targetExists).call(this, targetName)) {
|
|
790
834
|
throw failureError;
|
|
@@ -794,8 +838,6 @@ _PermissionController_caveatSpecifications = new WeakMap(), _PermissionControlle
|
|
|
794
838
|
throw failureError;
|
|
795
839
|
}
|
|
796
840
|
return specification;
|
|
797
|
-
}, _PermissionController_getRestrictedMethod = function _PermissionController_getRestrictedMethod(method, origin) {
|
|
798
|
-
return __classPrivateFieldGet(this, _PermissionController_instances, "m", _PermissionController_getTypedPermissionSpecification).call(this, Permission_1.PermissionType.RestrictedMethod, method, origin).methodImplementation;
|
|
799
841
|
}, _PermissionController_deletePermission = function _PermissionController_deletePermission(subjects, origin, target) {
|
|
800
842
|
const { permissions } = subjects[origin];
|
|
801
843
|
if (Object.keys(permissions).length > 1) {
|