Capabilities
Accounts have capabilities associated with them.
An account exposes its capabilities through the capabilities
field,
which has the type Account.Capabilities
.
Account.Capabilities
_43access(all)_43struct Capabilities {_43_43 /// The storage capabilities of the account._43 access(mapping CapabilitiesMapping)_43 let storage: Account.StorageCapabilities_43_43 /// The account capabilities of the account._43 access(mapping CapabilitiesMapping)_43 let account: Account.AccountCapabilities_43_43 /// Returns the capability at the given public path._43 /// Returns nil if the capability does not exist,_43 /// or if the given type is not a supertype of the capability's borrow type._43 access(all)_43 view fun get<T: &Any>(_ path: PublicPath): Capability<T>?_43_43 /// Borrows the capability at the given public path._43 /// Returns nil if the capability does not exist, or cannot be borrowed using the given type._43 /// The function is equivalent to `get(path)?.borrow()`._43 access(all)_43 view fun borrow<T: &Any>(_ path: PublicPath): T?_43_43 /// Publish the capability at the given public path._43 ///_43 /// If there is already a capability published under the given path, the program aborts._43 ///_43 /// The path must be a public path, i.e., only the domain `public` is allowed._43 access(Capabilities | PublishCapability)_43 fun publish(_ capability: Capability, at: PublicPath)_43_43 /// Unpublish the capability published at the given path._43 ///_43 /// Returns the capability if one was published at the path._43 /// Returns nil if no capability was published at the path._43 access(Capabilities | UnpublishCapability)_43 fun unpublish(_ path: PublicPath): Capability?_43}_43_43entitlement Capabilities_43_43entitlement PublishCapability_43entitlement UnpublishCapability
Getting public capabilities
The function capabilities.get
obtains a public capability
that was published before.
_10access(all)_10view fun get<T: &Any>(_ path: PublicPath): Capability<T>?
If the account has a capability with the given type published under the given path, the function returns it as an optional.
If the account has no capability published under the given path,
or the requested type, via the type parameter T
, does not match the published capability,
the function returns nil
.
The convenience function capabilities.borrow
obtains and borrows a public capability
that was published before, in one step.
_10access(all)_10view fun borrow<T: &Any>(_ path: PublicPath): T?
If the account has a capability with the given type published under the given path, the function borrows the capability and returns the resulting reference as an optional.
If the account has no capability published under the given path,
or the requested type, via the type parameter T
, does not match the published capability,
the function returns nil
.
Managing capabilities
Capabilities can be storage capabilities or account capabilities:
-
Storage capabilities grant access to objects in account storage, via paths. An account allows the management of storage capabilities through the
capabilities.storage
field, which has the typeAccount.StorageCapabilities
. -
Account capabilities grant access to accounts. An account allows the management of account capabilities through the
capabilities.account
field, which has the typeAccount.AccountCapabilities
.
A capability, and all its copies, is managed by a capability controller.
-
Storage capabilities are controlled by storage capability controllers. Storage capability controllers have the type
StorageCapabilityController
. -
Account capabilities are controlled by account capability controllers. Account capability controllers have the type
AccountCapabilityController
.
Account.StorageCapabilities
and Account.AccountCapabilities
_82access(all)_82struct StorageCapabilities {_82_82 /// Issue/create a new storage capability._82 access(Capabilities | StorageCapabilities | IssueStorageCapabilityController)_82 fun issue<T: &Any>(_ path: StoragePath): Capability<T>_82_82 /// Get the storage capability controller for the capability with the specified ID._82 ///_82 /// Returns nil if the ID does not reference an existing storage capability._82 access(Capabilities | StorageCapabilities | GetStorageCapabilityController)_82 view fun getController(byCapabilityID: UInt64): &StorageCapabilityController?_82_82 /// Get all storage capability controllers for capabilities that target this storage path_82 access(Capabilities | StorageCapabilities | GetStorageCapabilityController)_82 view fun getControllers(forPath: StoragePath): [&StorageCapabilityController]_82_82 /// Iterate over all storage capability controllers for capabilities that target this storage path,_82 /// passing a reference to each controller to the provided callback function._82 ///_82 /// Iteration is stopped early if the callback function returns `false`._82 ///_82 /// If a new storage capability controller is issued for the path,_82 /// an existing storage capability controller for the path is deleted,_82 /// or a storage capability controller is retargeted from or to the path,_82 /// then the callback must stop iteration by returning false._82 /// Otherwise, iteration aborts._82 access(Capabilities | StorageCapabilities | GetStorageCapabilityController)_82 fun forEachController(_82 forPath: StoragePath,_82 _ function: fun(&StorageCapabilityController): Bool_82 )_82}_82_82access(all)_82struct AccountCapabilities {_82_82 /// Issue/create a new account capability._82 access(Capabilities | AccountCapabilities | IssueAccountCapabilityController)_82 fun issue<T: &Account>(): Capability<T>_82_82 /// Get capability controller for capability with the specified ID._82 ///_82 /// Returns nil if the ID does not reference an existing account capability._82 access(Capabilities | AccountCapabilities | GetAccountCapabilityController)_82 view fun getController(byCapabilityID: UInt64): &AccountCapabilityController?_82_82 /// Get all capability controllers for all account capabilities._82 access(Capabilities | AccountCapabilities | GetAccountCapabilityController)_82 view fun getControllers(): [&AccountCapabilityController]_82_82 /// Iterate over all account capability controllers for all account capabilities,_82 /// passing a reference to each controller to the provided callback function._82 ///_82 /// Iteration is stopped early if the callback function returns `false`._82 ///_82 /// If a new account capability controller is issued for the account,_82 /// or an existing account capability controller for the account is deleted,_82 /// then the callback must stop iteration by returning false._82 /// Otherwise, iteration aborts._82 access(Capabilities | AccountCapabilities | GetAccountCapabilityController)_82 fun forEachController(_ function: fun(&AccountCapabilityController): Bool)_82}_82_82entitlement StorageCapabilities_82entitlement AccountCapabilities_82_82entitlement GetStorageCapabilityController_82entitlement IssueStorageCapabilityController_82_82entitlement GetAccountCapabilityController_82entitlement IssueAccountCapabilityController_82_82entitlement mapping CapabilitiesMapping {_82 include Identity_82_82 StorageCapabilities -> GetStorageCapabilityController_82 StorageCapabilities -> IssueStorageCapabilityController_82_82 AccountCapabilities -> GetAccountCapabilityController_82 AccountCapabilities -> IssueAccountCapabilityController_82}
AccountCapabilityController
and StorageCapabilityController
_40access(all)_40struct AccountCapabilityController {_40_40 /// The capability that is controlled by this controller._40 access(all)_40 let capability: Capability_40_40 /// An arbitrary "tag" for the controller._40 /// For example, it could be used to describe the purpose of the capability._40 /// Empty by default._40 access(all)_40 var tag: String_40_40 /// Updates this controller's tag to the provided string_40 access(all)_40 fun setTag(_ tag: String)_40_40 /// The type of the controlled capability, i.e. the T in `Capability<T>`._40 access(all)_40 let borrowType: Type_40_40 /// The identifier of the controlled capability._40 /// All copies of a capability have the same ID._40 access(all)_40 let capabilityID: UInt64_40_40 /// Delete this capability controller,_40 /// and disable the controlled capability and its copies._40 ///_40 /// The controller will be deleted from storage,_40 /// but the controlled capability and its copies remain._40 ///_40 /// Once this function returns, the controller is no longer usable,_40 /// all further operations on the controller will panic._40 ///_40 /// Borrowing from the controlled capability or its copies will return nil._40 ///_40 access(all)_40 fun delete()_40}
_49access(all)_49struct StorageCapabilityController {_49_49 /// The capability that is controlled by this controller._49 access(all)_49 let capability: Capability_49_49 /// An arbitrary "tag" for the controller._49 /// For example, it could be used to describe the purpose of the capability._49 /// Empty by default._49 access(all)_49 var tag: String_49_49 /// Updates this controller's tag to the provided string_49 access(all)_49 fun setTag(_ tag: String)_49_49 /// The type of the controlled capability, i.e. the T in `Capability<T>`._49 access(all)_49 let borrowType: Type_49_49 /// The identifier of the controlled capability._49 /// All copies of a capability have the same ID._49 access(all)_49 let capabilityID: UInt64_49_49 /// Delete this capability controller,_49 /// and disable the controlled capability and its copies._49 ///_49 /// The controller will be deleted from storage,_49 /// but the controlled capability and its copies remain._49 ///_49 /// Once this function returns, the controller is no longer usable,_49 /// all further operations on the controller will panic._49 ///_49 /// Borrowing from the controlled capability or its copies will return nil._49 ///_49 access(all)_49 fun delete()_49_49 /// Returns the targeted storage path of the controlled capability._49 access(all)_49 fun target(): StoragePath_49_49 /// Retarget the controlled capability to the given storage path._49 /// The path may be different or the same as the current path._49 access(all)_49 fun retarget(_ target: StoragePath)_49}
Issuing capabilities
Capabilities are created by issuing them in the target account.
Issuing storage capabilities
The capabilities.storage.issue
function issues a new storage capability
that targets the given storage path and can be borrowed with the given type.
_10access(Capabilities | StorageCapabilities | IssueStorageCapabilityController)_10fun issue<T: &Any>(_ path: StoragePath): Capability<T>
Calling the issue
function requires access to an account via a reference which is authorized
with the coarse-grained Capabilities
or StorageCapabilities
entitlements
(auth(Capabilities) &Account
or auth(StorageCapabilities) &Account
),
or the fine-grained IssueStorageCapabilityController
entitlement
(auth(IssueStorageCapabilityController) &Account
).
The path must be a storage path, it must have the domain storage
.
For example, the following transaction issues a new storage capability,
which grants the ability to withdraw from the stored vault,
by authorizing the capability to be borrowed with the necessary Withdraw
entitlement.
_10transaction {_10 prepare(signer: auth(IssueStorageCapabilityController) &Account) {_10 let capability = signer.capabilities.storage.issue<auth(Withdraw) &Vault>(/storage/vault)_10 // ..._10 }_10}
Issuing account capabilities
The capabilities.account.issue
function issues a new account capability
that targets the account and can be borrowed with the given type.
_10access(Capabilities | AccountCapabilities | IssueAccountCapabilityController)_10fun issue<T: &Account>(): Capability<T>
Calling the issue
function requires access to an account via a reference which is authorized
with the coarse-grained Capabilities
or AccountCapabilities
entitlements
(auth(Capabilities) &Account
or auth(AccountCapabilities) &Account
),
or the fine-grained IssueAccountCapabilityController
entitlement
(auth(IssueAccountCapabilityController) &Account
).
For example, the following transaction issues a new account capability,
which grants the ability to save objects into the account,
by authorizing the capability to be borrowed with the necessary SaveValue
entitlement.
_10transaction {_10 prepare(signer: auth(IssueAccountCapabilityController) &Account) {_10 let capability = signer.capabilities.account.issue<auth(SaveValue) &Account>()_10 // ..._10 }_10}
Publishing capabilities
Capabilities can be made available publicly by publishing them.
The capabilities.publish
function publishes a capability under a given public path.
_10access(Capabilities | PublishCapability)_10fun publish(_ capability: Capability, at: PublicPath)
Calling the publish
function requires access to an account via a reference which is authorized
with the coarse-grained Capabilities
entitlement (auth(Capabilities) &Account
),
or the fine-grained PublishCapability
entitlement (auth(PublishCapability) &Account
).
For example, the following transaction issues a new storage capability,
and then publishes it under the path /public/vault
,
allowing anyone to access and borrow the capability and gain access to the stored vault.
Note that the reference type is unauthorized,
so when the capability is borrowed,
only publicly accessible (access(all)
) fields and functions of the object can be accessed.
_10transaction {_10 prepare(signer: auth(Capabilities) &Account) {_10 let capability = signer.capabilities.storage.issue<&Vault>(/storage/vault)_10 signer.capabilities.publish(capability, at: /public/vault)_10 }_10}
Unpublishing capabilities
The capabilities.unpublish
function unpublishes a capability from a given public path.
_10access(Capabilities | UnpublishCapability)_10fun unpublish(_ path: PublicPath): Capability?
Calling the unpublish
function requires access to an account via a reference which is authorized
with the coarse-grained Capabilities
entitlement (auth(Capabilities) &Account
),
or the fine-grained UnpublishCapability
entitlement (auth(UnpublishCapability) &Account
).
If there is a capability published under the path, the function removes it from the path and returns it.
If there is no capability published under the path, the function returns nil
.
For example, the following transaction unpublishes a capability
that was previously published under the path /public/vault
.
_10transaction {_10 prepare(signer: auth(Capabilities) &Account) {_10 signer.capabilities.unpublish(/public/vault)_10 }_10}
Tagging capabilities
Capabilities can be associated with a tag, an arbitrary string. The tag can be used for various purposes, such as recording the purpose of the capability. It is empty by default. The tag is stored in the capability controller.
Both storage capability controllers (StorageCapabilityController
)
and account capability controllers (AccountCapabilityController
)
have a tag
field and setTag
function, which can be used to get and set the tag.
_10access(all)_10var tag: String_10_10access(all)_10fun setTag(_ tag: String)
Retargeting storage capabilities
Storage capabilities (StorageCapabilityController
) can be retargeted
to another storage path after they have been issued.
The target
function returns the storage path of the controlled capability,
and the retarget
function sets a new storage path.
_10access(all)_10fun target(): StoragePath_10_10access(all)_10fun retarget(_ target: StoragePath)
Revoking capabilities
A capability and all its copies can be revoked by deleting the capability's controller.
The delete
function deletes a controller
(StorageCapabilityController
or AccountCapabilityController
):
_10access(all)_10fun delete()
Getting capability controllers
The capability management types StorageCapabilities
and AccountCapabilities
allow obtaining the controller for a capability,
as well as iterating over all existing controllers.