Last active
January 8, 2024 17:14
-
-
Save thomashoneyman/a7c0fa9c802296665013e5f357c6efa6 to your computer and use it in GitHub Desktop.
guard by module
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
(begin-tx) | |
(env-data { "admin": [ "admin-key" ] }) | |
(module guards GOV | |
(defcap GOV () true) | |
(defconst GUARD_SUCCESS (create-user-guard (success))) | |
(defun success () true)) | |
(define-namespace "free" guards.GUARD_SUCCESS guards.GUARD_SUCCESS) | |
(namespace "free") | |
(define-keyset "free.admin-keyset" (read-keyset "admin")) | |
(env-data {}) | |
(commit-tx) | |
(begin-tx) | |
(interface i-guard | |
(defcap INTERNAL:bool ())) | |
(module my-module GOVERNANCE | |
(defcap GOVERNANCE () | |
(enforce-guard (keyset-ref-guard "free.admin-keyset"))) | |
(defschema ref | |
parent-a:module{i-guard} | |
parent-b:module{i-guard}) | |
(deftable ref-table:{ref}) | |
(defun init | |
( parent-a:module{i-guard} | |
parent-b:module{i-guard} | |
) | |
(insert ref-table "ref" | |
{ "parent-a": parent-a | |
, "parent-b": parent-b | |
})) | |
(defun require-one () | |
(with-read ref-table "ref" { "parent-a" := parent-a:module{i-guard}, "parent-b" := parent-b:module{i-guard} } | |
(enforce-one "not granted" | |
[ (require-capability (parent-a::INTERNAL)) | |
(require-capability (parent-b::INTERNAL)) | |
]))) | |
(defun guarded-fn () | |
(require-one) | |
true) | |
) | |
(module parent-a GOVERNANCE | |
(defcap GOVERNANCE () | |
(enforce-guard (keyset-ref-guard "free.admin-keyset"))) | |
(defcap INTERNAL:bool () true) | |
(implements i-guard) | |
(defun call-guarded () | |
(with-capability (INTERNAL) | |
(my-module.guarded-fn))) | |
) | |
(module parent-b GOVERNANCE | |
(defcap GOVERNANCE () | |
(enforce-guard (keyset-ref-guard "free.admin-keyset"))) | |
(defcap INTERNAL:bool () true) | |
(implements i-guard) | |
(defun call-guarded () | |
(with-capability (INTERNAL) | |
(my-module.guarded-fn))) | |
) | |
(create-table ref-table) | |
(my-module.init parent-a parent-b) | |
(commit-tx) | |
(begin-tx) | |
(module bad GOVERNANCE | |
(defcap GOVERNANCE () true) | |
(defun call-guarded () | |
(with-capability (parent-a.INTERNAL) | |
(my-module.guarded-fn))) | |
) | |
(commit-tx) | |
(expect-failure "cannot call guarded-fn directly" (my-module.guarded-fn)) | |
(expect "parent-a can call guarded-fn" true (parent-a.call-guarded)) | |
(expect "parent-b can call guarded-fn" true (parent-b.call-guarded)) | |
(expect-failure "cannot call guarded-fn from other modules" (bad.call-guarded)) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment