Rudimentary ACL System Procedure

Question

Rudimentary ACL System Procedure

Latrasis opened this issue 6 years ago · 5 comments

We need a rudimentary Access Control List as a System Procedure for establishing simple user groups. The interface must include:

#getAccountGroup(address _account): Get GroupId from Account Address
#setAccountGroup(address _account, uint8 _groupId): Set an Account to associate to a group
#setGroupProcedure(uint8 _groupId, bytes24 _procId, cap[] caplist): Create Group
#getGroupProcedure(uint8 _groupId): Get Group Procedure Id
~~#fallback: Which makes a call to the group procedure based on msg.sender's groupId.~~

On construction, should be an interface:

#init(admin_group _groupId, address _account): Set Admin Group Id and Initial Admin

Also to implement:

Proxy different accounts to their appropriate group procedures.
Separate the Entry Procedure from the ACL management.

Edit(Jake): Made some updates to the checklist here, rather than throughout the comments.

Answer 1 · 2019-06-28T05:48:13.000Z

Looks like further modifications will have to be made to pwasm-abi-derive as it does not support fallback functions.

Answer 2 · 2019-07-01T02:05:54.000Z

I implemented a proxy(payload) function instead. Using fallback is ergonomically nice, but not critical may not even be the system people want to use.

Answer 3 · 2019-07-02T04:15:04.000Z

Entry is now separated, so only one group has access to the ACL management API.

Answer 4 · 2019-07-04T05:24:55.000Z

Remove panics (they are usually opaque anyway).
Make from functions fallible.

Answer 5 · 2019-07-17T13:36:37.000Z

The ACL was implemented in #185.