Readonly
canconst read = capability({
can: "file/read",
with: URI({ protocol: "file:" }),
derives: (claimed, delegated) =>
claimed.with.pathname.startsWith(delegated.with.pathname)
? { ok: {} }
: { error: new Failure(`'${claimed.with.href}' is not contained in '${delegated.with.href}'`) }
})
const write = capability({
can: "file/write",
with: URI({ protocol: "file:" }),
derives: (claimed, delegated) =>
claimed.with.pathname.startsWith(delegated.with.pathname)
? { ok: {} }
: { error: new Failure(`'${claimed.with.href}' is not contained in '${delegated.with.href}'`) }
})
const readwrite = read.and(write).derive({
to: capability({
can: "file/read+write",
with: URI({ protocol: "file:" }),
derives: (claimed, delegated) =>
claimed.with.pathname.startsWith(delegated.with.pathname)
? { ok: {} }
: { error: new Failure(`'${claimed.with.href}' is not contained in '${delegated.with.href}'`) }
}),
derives: (claimed, [read, write]) => {
if (!claimed.with.pathname.startsWith(read.with.pathname)) {
return { error: new Failure(`'${claimed.with.href}' is not contained in '${read.with.href}'`) }
} else if (!claimed.with.pathname.startsWith(write.with.pathname)) {
return { error: new Failure(`'${claimed.with.href}' is not contained in '${write.with.href}'`) }
} else {
return { ok: {} }
}
}
})
Creates a delegation of this capability. Please note that all the
nb
fields are optional in delegation and only provided ones will
be validated.
Defined a derived capability which can be delegated from this
capability.
For example if you define "account/validate"
capability and derive
"account/register"
capability from it when validating claimed
"account/register"
capability it could be proved with either
"account/register" delegation or "account/validate" delegation.
// capability issued by account verification service on email validation
const verify = capability({
can: "account/verify",
with: URI({ protocol: "mailto:" })
derives: ({ with: url }, from) =>
url.href.startsWith(from.with.href) ||
new Failure(`${url.href} is not contained in ${from.with.href}`)
})
// derive registration capability from email verification
const register = validate.derive({
to: capability({
can: "account/register",
with: URI({ protocol: "mailto:" }),
derives: ({ with: url }, from) =>
url.href.startsWith(from.with.href) ||
new Failure(`${url.href} is not contained in ${from.with.href}`)
}),
derives: (registered, verified) =>
registered.with.href === verified.with.href ||
new Failure(`Registration email ${registered.pathname} does not match verified email ${verified.with.pathname}`)
})
Creates an invocation of this capability. Function throws exception if non-optional fields are omitted.
Defines capability that is either this
or the the given other
. This
allows you to compose multiple capabilities into one so that you could
validate any of one of them without having to maintain list of supported
capabilities. It is especially useful when dealing with derived
capability chains when you might derive capability from either one or the
other.
Generated using TypeDoc
Combines this capability and the other into a capability group. This allows you to define right amplifications e.g
file/read+write
could be derived fromfile/read
andfile/write
.