go/ucan
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #103 from ucan-wg/dlg-is

Browse Source 
delegation: add predicates to check if a delegation is a root or powe…
This commit is contained in:
Michael Muré
2025-01-29 14:11:29 +01:00
committed by GitHub
parent 45ead12131 2bddab8b0c
commit 126177b9e5
2 changed files with 30 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
token/delegation/delegation.go
View File

@@ -83,7 +83,7 @@ func New(iss did.DID, aud did.DID, cmd command.Command, pol policy.Policy, sub d
} }
// Root creates a validated UCAN delegation Token from the provided parameters and options. // Root creates a validated UCAN delegation Token from the provided parameters and options.
// This is typically used to create and give a power to an agent. // This is typically used to create and give power to an agent.
// //
// You can read it as "(issuer) allows (audience) to perform (cmd+pol) on itself". // You can read it as "(issuer) allows (audience) to perform (cmd+pol) on itself".
func Root(iss did.DID, aud did.DID, cmd command.Command, pol policy.Policy, opts ...Option) (*Token, error) { func Root(iss did.DID, aud did.DID, cmd command.Command, pol policy.Policy, opts ...Option) (*Token, error) {
@@ -154,6 +154,16 @@ func (t *Token) Expiration() *time.Time {
return t.expiration return t.expiration
} }
// IsRoot tells if the token is a root delegation.
func (t *Token) IsRoot() bool {
return t.issuer == t.subject
}
// IsPowerline tells if the token is a powerline delegation.
func (t *Token) IsPowerline() bool {
return t.subject == did.Undef
}
// IsValidNow verifies that the token can be used at the current time, based on expiration or "not before" fields. // IsValidNow verifies that the token can be used at the current time, based on expiration or "not before" fields.
// This does NOT do any other kind of verifications. // This does NOT do any other kind of verifications.
func (t *Token) IsValidNow() bool { func (t *Token) IsValidNow() bool {

48
token/delegation/delegation_test.go
View File

@@ -20,38 +20,15 @@ const (
subJectCmd = "/foo/bar" subJectCmd = "/foo/bar"
subjectPol = ` subjectPol = `
[ [
[ ["==", ".status", "draft"],
"==", ["all", ".reviewer",
".status", ["like", ".email", "*@example.com"]
"draft"
], ],
[ ["any", ".tags",
"all", ["or", [
".reviewer", ["==", ".", "news"],
[ ["==", ".", "press"]
"like", ]]
".email",
"*@example.com"
]
],
[
"any",
".tags",
[
"or",
[
[
"==",
".",
"news"
],
[
"==",
".",
"press"
]
]
]
] ]
] ]
` `
@@ -80,6 +57,9 @@ func TestConstructors(t *testing.T) {
) )
require.NoError(t, err) require.NoError(t, err)
require.False(t, tkn.IsRoot())
require.False(t, tkn.IsPowerline())
data, err := tkn.ToDagJson(didtest.PersonaAlice.PrivKey()) data, err := tkn.ToDagJson(didtest.PersonaAlice.PrivKey())
require.NoError(t, err) require.NoError(t, err)
@@ -97,6 +77,9 @@ func TestConstructors(t *testing.T) {
) )
require.NoError(t, err) require.NoError(t, err)
require.True(t, tkn.IsRoot())
require.False(t, tkn.IsPowerline())
data, err := tkn.ToDagJson(didtest.PersonaAlice.PrivKey()) data, err := tkn.ToDagJson(didtest.PersonaAlice.PrivKey())
require.NoError(t, err) require.NoError(t, err)
@@ -114,6 +97,9 @@ func TestConstructors(t *testing.T) {
) )
require.NoError(t, err) require.NoError(t, err)
require.False(t, tkn.IsRoot())
require.True(t, tkn.IsPowerline())
data, err := tkn.ToDagJson(didtest.PersonaAlice.PrivKey()) data, err := tkn.ToDagJson(didtest.PersonaAlice.PrivKey())
require.NoError(t, err) require.NoError(t, err)