IObjectAuthorization
Handles fine-grained authorization for object relations.
Grants control who can initiate (from) or accept (to) object-to-object relations,
scoped by direction, relation ID, kind, and set.
Functions
grantFrom
Issues a grant to allow initiating relations from a tail object
function grantFrom(uint128 tail, RelationGrant memory grant) external;
Parameters
| Name | Type | Description |
|---|---|---|
tail | uint128 | Tail object ID |
grant | RelationGrant | Grant details |
revokeFrom
Revokes a previously issued from grant
function revokeFrom(uint128 tail, uint32 grantId) external;
Parameters
| Name | Type | Description |
|---|---|---|
tail | uint128 | Tail object ID |
grantId | uint32 | Grant ID to revoke |
grantTo
Issues a grant to allow accepting relations to a head object
function grantTo(uint128 head, RelationGrant memory grant) external;
Parameters
| Name | Type | Description |
|---|---|---|
head | uint128 | Head object ID |
grant | RelationGrant | Grant details |
revokeTo
Revokes a previously issued to grant
function revokeTo(uint128 head, uint32 grantId) external;
Parameters
| Name | Type | Description |
|---|---|---|
head | uint128 | Head object ID |
grantId | uint32 | Grant ID to revoke |
allowFrom
Checks whether a sender is authorized to initiate a relation from a tail object
function allowFrom(uint32 grantId, address sender, uint128 tail, uint64 rel, uint64 headKind, uint64 headSet)
external
view
returns (bool allowed);
Parameters
| Name | Type | Description |
|---|---|---|
grantId | uint32 | Grant ID to check |
sender | address | Address attempting the action |
tail | uint128 | Tail object ID |
rel | uint64 | Relation ID |
headKind | uint64 | Kind ID of the target (head) object |
headSet | uint64 | Set ID of the target (head) object |
Returns
| Name | Type | Description |
|---|---|---|
allowed | bool | True if authorized |
allowTo
Checks whether a sender is authorized to accept a relation to a head object
function allowTo(uint32 grantId, address sender, uint128 head, uint64 rel, uint64 tailKind, uint64 tailSet)
external
view
returns (bool allowed);
Parameters
| Name | Type | Description |
|---|---|---|
grantId | uint32 | Grant ID to check |
sender | address | Address attempting the action |
head | uint128 | Head object ID |
rel | uint64 | Relation ID |
tailKind | uint64 | Kind ID of the source (tail) object |
tailSet | uint64 | Set ID of the source (tail) object |
Returns
| Name | Type | Description |
|---|---|---|
allowed | bool | True if authorized |
Events
GrantFrom
Emitted when a grant is issued to authorize initiating a relation from a tail object
event GrantFrom(uint128 tail, RelationGrant grant);
Parameters
| Name | Type | Description |
|---|---|---|
tail | uint128 | Tail object ID (initiator) |
grant | RelationGrant | Grant definition |
RevokeFrom
Emitted when a grant from a tail object is revoked
event RevokeFrom(uint128 tail, uint32 grantId);
Parameters
| Name | Type | Description |
|---|---|---|
tail | uint128 | Tail object ID (initiator) |
grantId | uint32 | ID of the revoked grant |
GrantTo
Emitted when a grant is issued to authorize accepting a relation to a head object
event GrantTo(uint128 head, RelationGrant grant);
Parameters
| Name | Type | Description |
|---|---|---|
head | uint128 | Head object ID (receiver) |
grant | RelationGrant | Grant definition |
RevokeTo
Emitted when a grant to a head object is revoked
event RevokeTo(uint128 head, uint32 grantId);
Parameters
| Name | Type | Description |
|---|---|---|
head | uint128 | Head object ID (receiver) |
grantId | uint32 | ID of the revoked grant |