From 2bddab8b0c1ac8e577dff5e1b493428fd15c51b7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20Mur=C3=A9?= Date: Wed, 29 Jan 2025 14:07:49 +0100 Subject: [PATCH] delegation: add predicates to check if a delegation is a root or powerline --- token/delegation/delegation.go | 12 ++++++- token/delegation/delegation_test.go | 52 +++++++++++------------------ 2 files changed, 30 insertions(+), 34 deletions(-) diff --git a/token/delegation/delegation.go b/token/delegation/delegation.go index 6bafe49..5e2007e 100644 --- a/token/delegation/delegation.go +++ b/token/delegation/delegation.go @@ -83,7 +83,7 @@ func New(iss did.DID, aud did.DID, cmd command.Command, pol policy.Policy, sub d } // Root creates a validated UCAN delegation Token from the provided parameters and options. -// This is typically used to create and give a power to an agent. +// This is typically used to create and give power to an agent. // // You can read it as "(issuer) allows (audience) to perform (cmd+pol) on itself". func Root(iss did.DID, aud did.DID, cmd command.Command, pol policy.Policy, opts ...Option) (*Token, error) { @@ -154,6 +154,16 @@ func (t *Token) Expiration() *time.Time { return t.expiration } +// IsRoot tells if the token is a root delegation. +func (t *Token) IsRoot() bool { + return t.issuer == t.subject +} + +// IsPowerline tells if the token is a powerline delegation. +func (t *Token) IsPowerline() bool { + return t.subject == did.Undef +} + // IsValidNow verifies that the token can be used at the current time, based on expiration or "not before" fields. // This does NOT do any other kind of verifications. func (t *Token) IsValidNow() bool { diff --git a/token/delegation/delegation_test.go b/token/delegation/delegation_test.go index 7ce3497..e5c388e 100644 --- a/token/delegation/delegation_test.go +++ b/token/delegation/delegation_test.go @@ -20,39 +20,16 @@ const ( subJectCmd = "/foo/bar" subjectPol = ` [ - [ - "==", - ".status", - "draft" - ], - [ - "all", - ".reviewer", - [ - "like", - ".email", - "*@example.com" - ] - ], - [ - "any", - ".tags", - [ - "or", - [ - [ - "==", - ".", - "news" - ], - [ - "==", - ".", - "press" - ] - ] - ] - ] + ["==", ".status", "draft"], + ["all", ".reviewer", + ["like", ".email", "*@example.com"] + ], + ["any", ".tags", + ["or", [ + ["==", ".", "news"], + ["==", ".", "press"] + ]] + ] ] ` @@ -80,6 +57,9 @@ func TestConstructors(t *testing.T) { ) require.NoError(t, err) + require.False(t, tkn.IsRoot()) + require.False(t, tkn.IsPowerline()) + data, err := tkn.ToDagJson(didtest.PersonaAlice.PrivKey()) require.NoError(t, err) @@ -97,6 +77,9 @@ func TestConstructors(t *testing.T) { ) require.NoError(t, err) + require.True(t, tkn.IsRoot()) + require.False(t, tkn.IsPowerline()) + data, err := tkn.ToDagJson(didtest.PersonaAlice.PrivKey()) require.NoError(t, err) @@ -114,6 +97,9 @@ func TestConstructors(t *testing.T) { ) require.NoError(t, err) + require.False(t, tkn.IsRoot()) + require.True(t, tkn.IsPowerline()) + data, err := tkn.ToDagJson(didtest.PersonaAlice.PrivKey()) require.NoError(t, err)