search

MetaMask / rpc-cap

A module for adding an object-capabilities system to any JSON-RPC API as middleware for json-rpc-engine
ISC License
31 stars 32 forks source link

Key permissions by method name rather than storing them in an array #68

Closed rekmarks closed 2 years ago

rekmarks commented 4 years ago

Permissions are currently stored as arrays under the key permissions in domain objects. Whenever we want to identify a specific permission, we have to iterate over this array. Permissions will always be unique by parentCapability, and we should simply key their storage thereby for more ergonomic permission retrieval.

Note: domain is ocap lingo and equivalent to origin as used in the context of permissions in the extension.

Current structure:

{
  [domain1]: {
    permissions: Array<IOcapLdCapability>,
    // ...
  },
  [domain2]: {
    permissions: Array<IOcapLdCapability>,
    // ...
  },
  // ...
}

Proposed structure:

{
  [domain1]: {
    permissions: {
      [permission1]: IOcapLdCapability,
      [permission2]: IOcapLdCapability,
      // ...
    },
    // ...
  },
  [domain2]: {
    permissions: {
      [permission1]: IOcapLdCapability,
      [permission2]: IOcapLdCapability,
      // ...
    },
    // ...
  },
  // ...
}
danfinlay commented 4 years ago

I'm basically fine with this. The reason we used arrays was when we were baking delegations into the permissions table, and so you could have multiple permissions for a single method from multiple delegators, but we took that out, so it's now just a side effect of an un-pursued feature.

rekmarks commented 2 years ago

Closed by https://github.com/MetaMask/snaps-skunkworks/pull/132