-
Notifications
You must be signed in to change notification settings - Fork 57
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adding PermissionsApi
to agent and permissions()
api to Web5.dwn
with the ability to select delegate grants for Web5.dwn
#824
Conversation
🦋 Changeset detectedLatest commit: 9ab0463 The changes in this PR will be included in the next version bump. This PR includes changesets to release 5 packages
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
8a1f7bd
to
da23b82
Compare
ded4c68
to
7f68c27
Compare
TBDocs Report ✅ No errors or warnings @web5/api
@web5/crypto
@web5/crypto-aws-kms
@web5/dids
@web5/credentials
TBDocs Report Updated at 2024-08-14T22:45:41Z |
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #824 +/- ##
==========================================
+ Coverage 93.05% 93.30% +0.24%
==========================================
Files 112 115 +3
Lines 31323 32555 +1232
Branches 2437 2560 +123
==========================================
+ Hits 29148 30374 +1226
- Misses 2137 2143 +6
Partials 38 38
|
fd5fe7f
to
43b51dd
Compare
@@ -106,19 +106,21 @@ describe('DwnPermissionsUtil', () => { | |||
|
|||
const protocol = 'http://example.com/protocol'; | |||
|
|||
await GrantsUtil.createRecordsGrants({ | |||
const deviceXRecordGrants = await GrantsUtil.createRecordsGrants({ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Remove the reliance on fetchGrants
from this test, as it's out of scope for the util.
DwnApi
DwnApi
for @web5/api
with a WalletConnect flow
0cd1698
to
e93f109
Compare
This refactors a lot of what's in #824 with regards to creating/fetching grants. Satisfies: #827 #### `PermissionsApi` Introduces a `PermissionsApi` interface and an `AgentPermissionsApi` concrete implementation. The interface implements the following methods `fetchGrants`, `fetchRequests`, `isGrantRevoked`, `createGrant`, `createRequest`, `createRevocation` as convenience methods for dealing with the built-in permission protocol records. The `AgentPermissionsApi` implements an additional static method `matchGrantFromArray` which was moved from a `PermissionsUtil` class, which is used to find the appropriate grant to use when authoring a message. #### `dwn.connected` A Private API usedin a connected state to find and cache the correct grants to use for the request. #### `dwn.permissions` A Permissions API which implements `request`, `grant`, `queryRequests`, and `queryGrants` that a user can utilize The `Web5` permissions api introduces 3 helper classes to represent permissions: #### `PermissionRequest` Class to represent a permission request record. It implements convenience methods similar to the `Record` class where you can `store()`, `import()` or `send()` the underlying request record. Additionally a `grant()` method will create a `PermissionGrant` object. #### `PermissionGrant` Class to represent a grant record. It implements convenience methods similar to the `Record` class where you can `store()`, `import()` or `send()` the underlying grant record. Additionally a `revoke()` method will create a `GrantRevocation` object, and `isRevoked()` will check if the underlying grant has been revoked. #### `GrantRevocation` Class to represent a permission grant revocation record. It implements convenience methods similar to the `Record` class where you can `store()` or `send()` the underlying revocation record.
This refactors a lot of what's in #824 with regards to creating/fetching grants. Satisfies: #827 #### `PermissionsApi` Introduces a `PermissionsApi` interface and an `AgentPermissionsApi` concrete implementation. The interface implements the following methods `fetchGrants`, `fetchRequests`, `isGrantRevoked`, `createGrant`, `createRequest`, `createRevocation` as convenience methods for dealing with the built-in permission protocol records. The `AgentPermissionsApi` implements an additional static method `matchGrantFromArray` which was moved from a `PermissionsUtil` class, which is used to find the appropriate grant to use when authoring a message. #### `dwn.connected` A Private API usedin a connected state to find and cache the correct grants to use for the request. #### `dwn.permissions` A Permissions API which implements `request`, `grant`, `queryRequests`, and `queryGrants` that a user can utilize The `Web5` permissions api introduces 3 helper classes to represent permissions: #### `PermissionRequest` Class to represent a permission request record. It implements convenience methods similar to the `Record` class where you can `store()`, `import()` or `send()` the underlying request record. Additionally a `grant()` method will create a `PermissionGrant` object. #### `PermissionGrant` Class to represent a grant record. It implements convenience methods similar to the `Record` class where you can `store()`, `import()` or `send()` the underlying grant record. Additionally a `revoke()` method will create a `GrantRevocation` object, and `isRevoked()` will check if the underlying grant has been revoked. #### `GrantRevocation` Class to represent a permission grant revocation record. It implements convenience methods similar to the `Record` class where you can `store()` or `send()` the underlying revocation record.
2b9391c
to
22d86bd
Compare
DwnApi
for @web5/api
with a WalletConnect flowPermissionsApi
to agent and permissions()
api to Web5.dwn
with the ability to select delegate grants for Web5.dwn
This refactors a lot of what's in #824 with regards to creating/fetching grants. Satisfies: #827 #### `PermissionsApi` Introduces a `PermissionsApi` interface and an `AgentPermissionsApi` concrete implementation. The interface implements the following methods `fetchGrants`, `fetchRequests`, `isGrantRevoked`, `createGrant`, `createRequest`, `createRevocation` as convenience methods for dealing with the built-in permission protocol records. The `AgentPermissionsApi` implements an additional static method `matchGrantFromArray` which was moved from a `PermissionsUtil` class, which is used to find the appropriate grant to use when authoring a message. #### `dwn.connected` A Private API usedin a connected state to find and cache the correct grants to use for the request. #### `dwn.permissions` A Permissions API which implements `request`, `grant`, `queryRequests`, and `queryGrants` that a user can utilize The `Web5` permissions api introduces 3 helper classes to represent permissions: #### `PermissionRequest` Class to represent a permission request record. It implements convenience methods similar to the `Record` class where you can `store()`, `import()` or `send()` the underlying request record. Additionally a `grant()` method will create a `PermissionGrant` object. #### `PermissionGrant` Class to represent a grant record. It implements convenience methods similar to the `Record` class where you can `store()`, `import()` or `send()` the underlying grant record. Additionally a `revoke()` method will create a `GrantRevocation` object, and `isRevoked()` will check if the underlying grant has been revoked. #### `GrantRevocation` Class to represent a permission grant revocation record. It implements convenience methods similar to the `Record` class where you can `store()` or `send()` the underlying revocation record.
2f086dc
to
9ab0463
Compare
This refactors a lot of what's in #824 with regards to creating/fetching grants. Satisfies: #827 Introduces a `PermissionsApi` interface and an `AgentPermissionsApi` concrete implementation. The interface implements the following methods `fetchGrants`, `fetchRequests`, `isGrantRevoked`, `createGrant`, `createRequest`, `createRevocation` as convenience methods for dealing with the built-in permission protocol records. The `AgentPermissionsApi` implements an additional static method `matchGrantFromArray` which was moved from a `PermissionsUtil` class, which is used to find the appropriate grant to use when authoring a message. A Private API usedin a connected state to find and cache the correct grants to use for the request. A Permissions API which implements `request`, `grant`, `queryRequests`, and `queryGrants` that a user can utilize The `Web5` permissions api introduces 3 helper classes to represent permissions: Class to represent a permission request record. It implements convenience methods similar to the `Record` class where you can `store()`, `import()` or `send()` the underlying request record. Additionally a `grant()` method will create a `PermissionGrant` object. Class to represent a grant record. It implements convenience methods similar to the `Record` class where you can `store()`, `import()` or `send()` the underlying grant record. Additionally a `revoke()` method will create a `GrantRevocation` object, and `isRevoked()` will check if the underlying grant has been revoked. Class to represent a permission grant revocation record. It implements convenience methods similar to the `Record` class where you can `store()` or `send()` the underlying revocation record.
This refactors a lot of what's in #824 with regards to creating/fetching grants. Satisfies: #827 Introduces a `PermissionsApi` interface and an `AgentPermissionsApi` concrete implementation. The interface implements the following methods `fetchGrants`, `fetchRequests`, `isGrantRevoked`, `createGrant`, `createRequest`, `createRevocation` as convenience methods for dealing with the built-in permission protocol records. The `AgentPermissionsApi` implements an additional static method `matchGrantFromArray` which was moved from a `PermissionsUtil` class, which is used to find the appropriate grant to use when authoring a message. A Private API usedin a connected state to find and cache the correct grants to use for the request. A Permissions API which implements `request`, `grant`, `queryRequests`, and `queryGrants` that a user can utilize The `Web5` permissions api introduces 3 helper classes to represent permissions: Class to represent a permission request record. It implements convenience methods similar to the `Record` class where you can `store()`, `import()` or `send()` the underlying request record. Additionally a `grant()` method will create a `PermissionGrant` object. Class to represent a grant record. It implements convenience methods similar to the `Record` class where you can `store()`, `import()` or `send()` the underlying grant record. Additionally a `revoke()` method will create a `GrantRevocation` object, and `isRevoked()` will check if the underlying grant has been revoked. Class to represent a permission grant revocation record. It implements convenience methods similar to the `Record` class where you can `store()` or `send()` the underlying revocation record.
This refactors a lot of what's in #824 with regards to creating/fetching grants. Satisfies: #827 Introduces a `PermissionsApi` interface and an `AgentPermissionsApi` concrete implementation. The interface implements the following methods `fetchGrants`, `fetchRequests`, `isGrantRevoked`, `createGrant`, `createRequest`, `createRevocation` as convenience methods for dealing with the built-in permission protocol records. The `AgentPermissionsApi` implements an additional static method `matchGrantFromArray` which was moved from a `PermissionsUtil` class, which is used to find the appropriate grant to use when authoring a message. A Private API usedin a connected state to find and cache the correct grants to use for the request. A Permissions API which implements `request`, `grant`, `queryRequests`, and `queryGrants` that a user can utilize The `Web5` permissions api introduces 3 helper classes to represent permissions: Class to represent a permission request record. It implements convenience methods similar to the `Record` class where you can `store()`, `import()` or `send()` the underlying request record. Additionally a `grant()` method will create a `PermissionGrant` object. Class to represent a grant record. It implements convenience methods similar to the `Record` class where you can `store()`, `import()` or `send()` the underlying grant record. Additionally a `revoke()` method will create a `GrantRevocation` object, and `isRevoked()` will check if the underlying grant has been revoked. Class to represent a permission grant revocation record. It implements convenience methods similar to the `Record` class where you can `store()` or `send()` the underlying revocation record.
* first pass at connect flow and grants api * PermissionsApi for Agent, `permissions` API for `Web5` (#833) This refactors a lot of what's in #824 with regards to creating/fetching grants. Satisfies: #827 Introduces a `PermissionsApi` interface and an `AgentPermissionsApi` concrete implementation. The interface implements the following methods `fetchGrants`, `fetchRequests`, `isGrantRevoked`, `createGrant`, `createRequest`, `createRevocation` as convenience methods for dealing with the built-in permission protocol records. The `AgentPermissionsApi` implements an additional static method `matchGrantFromArray` which was moved from a `PermissionsUtil` class, which is used to find the appropriate grant to use when authoring a message. A Private API used in a connected state to find and cache the correct grants to use for the request. A Permissions API which implements `request`, `grant`, `queryRequests`, and `queryGrants` that a user can utilize The `Web5` permissions api introduces 3 helper classes to represent permissions: Class to represent a permission request record. It implements convenience methods similar to the `Record` class where you can `store()`, `import()` or `send()` the underlying request record. Additionally a `grant()` method will create a `PermissionGrant` object. Class to represent a grant record. It implements convenience methods similar to the `Record` class where you can `store()`, `import()` or `send()` the underlying grant record. Additionally a `revoke()` method will create a `GrantRevocation` object, and `isRevoked()` will check if the underlying grant has been revoked. Class to represent a permission grant revocation record. It implements convenience methods similar to the `Record` class where you can `store()` or `send()` the underlying revocation record.
This PR makes use of a mocked
Web5Connect
flow to process/store, select and use the grants when necessary.I'm treating this as a first-pass, there will come more refactoring which will allow for connecting/exporting an existing Identity, selecting form multiple identities, requesting additional grants from a connected Did, etc.
If any of the provided
grants
during connect fail to process for whatever reason, all of the provided grants will be rolled back and the provided Identity will be cleaned up/deleted so that a subsequent Connect can be initiated.Additionally this PR puts a bandaid on the
multiple identities
issue. It will simply default to the first identity in the array if multiple are provided instead of failing.Unexpected error: Expected 1 but found 2 stored identities. When calling Web5.connect()
A
syncManager
implementation will come after this PR, some of the current tests manually shuffle/install permissions and protocol installations between logical DWNs. WhensyncManager
is updated a one-shot sync will take place after processing the grants in order to get up-to-date with the connected protocols.Implement Grants in SyncManger
This PR creates an experimentalgrant
API in@web5/api
, in a subsequent effort there will be a more well defined general purposePermissionsApi
that will likely live in theagent
, and a better definedgrant
API within@web5/api
that will allow creation ofrequests
,grants
andrevocations
as well as querying/selecting.Concise Grants APIs
When using the
dwn.records
API with grants, providing aprotocol
in the params is needed. In a subsequent PR this property will be required for allrecords
usage as we are moving away from "flat space" records without a protocol assigned. This will have a lot of breaking tests and docs so it is best to do it in it's own PR to avoid bloat/urgency.Require protocol for dwn.records API #825
There should also be a separate effort to think about how both
protocolPath
scoped, as well ascontext
scoped grants. More specifically the user would need to provide thecontextId
and/orprotocolPath
when issuing arecords.read()
orrecords.delete()
, which don't normally have these properties. Therecords.delete()
can be replaced with thedelete()
method now available on the logicalRecord
object, which would help this, butread
would still need to be provided a better way of selecting grants.Grants for a specific Context/Path
PermissionsApi
Introduces a PermissionsApi interface and an AgentPermissionsApi concrete implementation.
The interface implements the following methods fetchGrants, fetchRequests, isGrantRevoked, createGrant, createRequest, createRevocation as convenience methods for dealing with the built-in permission protocol records.
The AgentPermissionsApi implements an additional static method matchGrantFromArray which was moved from a PermissionsUtil class, which is used to find the appropriate grant to use when authoring a message.
dwn.connected
A Private API usedin a connected state to find and cache the correct grants to use for the request.
dwn.permissions
A Permissions API which implements request, grant, queryRequests, and queryGrants that a user can utilize
The Web5 permissions api introduces 3 helper classes to represent permissions:
PermissionRequest
Class to represent a permission request record. It implements convenience methods similar to the Record class where you can store(), import() or send() the underlying request record. Additionally a grant() method will create a PermissionGrant object.
PermissionGrant
Class to represent a grant record. It implements convenience methods similar to the Record class where you can store(), import() or send() the underlying grant record. Additionally a revoke() method will create a GrantRevocation object, and isRevoked() will check if the underlying grant has been revoked.
GrantRevocation
Class to represent a permission grant revocation record. It implements convenience methods similar to the Record class where you can store() or send() the underlying revocation record.