Are there any native access control libraries for Aptos? #71
Answered
by
gregnazario
gregnazario
asked this question in
Questions
-
|
From 0xchromatin on Discord: Are there any native access control libraries for Aptos? |
Beta Was this translation helpful? Give feedback.
Answered by
gregnazario
Mar 15, 2024
Replies: 1 comment
-
|
There are no specific libraries for access control, but you can take a look at a couple possible access control paths: Hardcoded and / or modifiable allow listmodule 0x1::mod {
const ALLOWED_ADDRESSES: vector<address> = [@0x1, @0x2, @0x3];
/// No allowlist found at address
const E_NO_ALLOWLIST: u64 = 1;
/// Address is not on allow list
const E_NOT_ALLOWED: u64 = 2;
/// A modifiable allowlist
struct AccessControlList has key {
allowed: vector<address>
}
/// Add addresses to ACL
entry fun add_addresses(caller: &signer, addresses: vector<address>) {
let caller_address = signer::address_of(caller);
// If the ACL doesn't exist, create one
if (!exists<AccessControlList>(caller_address)) {
move_to(caller, AccessControlList {
addresses: vector[]
});
}
let acl = borrow_global_mut<AccessControlList>(caller_address);
vector::append(&mut acl.addresses, addresses);
}
/// Remove addresses from ACL
entry fun remove_addresses(caller: &signer, addresses: vector<address>) {
let caller_address = signer::address_of(caller);
assert!(exists<AccessControlList>(caller_address), E_NO_ALLOWLIST);
let acl = borrow_global_mut<AccessControlList>(caller_address);
vector::for_each_ref(addresses, |address| {
vector::remove_value(&mut acl.addresses, address);
});
}
/// Check both the fixed and modified lists
/// Can be called in other module functions to check the allowlist
public fun check_both_lists(caller: &signer, allowlist_address: address) {
let caller_address = signer::address_of(caller);
// Check fixed list (can be modified by updating contract)
let is_in_fixed_list = vector::contains(&ALLOWED_ADDRESSES, caller_address);
// Check modifiable list (can be modified by making entry function calls)
assert!(exists<AccessControlList>(caller_address), E_NO_ALLOWLIST);
let acl = borrow_global<AccessControlList>(allowlist_address);
let is_in_modifiable_list = vector::contains(&acl.addresses, caller_address);
assert!(is_in_fixed_list || is_in_modifiable_list, E_NOT_ALLOWED);
}
}Capability / Token basedYou can provide a capability resource or object that must be used to verify your access Resource accounts do similarly https://github.com/aptos-labs/aptos-core/blob/main/aptos-move/framework/aptos-framework/sources/resource_account.move |
Beta Was this translation helpful? Give feedback.
0 replies
Answer selected by
gregnazario
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
There are no specific libraries for access control, but you can take a look at a couple possible access control paths:
Hardcoded and / or modifiable allow list