Setting Access Rules

A single, unified system is responsible for controlling what authority is required to access a method call or a specific resource action. In both cases, you create an AccessRule which specifies a boolean condition based on the presence of all visible Proofs.

Here is a list of the available rules:

Rule Description

require(single resource)

TRUE if the specified resource is present

require_any_of(list of resources)

TRUE if any resource in the list is present

require_all_of(list of resources)

TRUE if every resource in the list is present

require_n_of(n, list_of_resources)

TRUE if at least n resources in the list are present

require_amount(quantity, single resource)

TRUE if the specified resource is present in at least the given quantity

allow_all

TRUE always

deny_all

FALSE always

The resources (or resource lists) may either be specified statically (giving exact resource addresses) or may be references to variables in the component.

Multiple rules may be combined with logical operators && and ||, and nested within (). There is no logical "not" operator.

Examples

Here is an examples for defining complex rules. We are setting access rules for accessing methods on a component. To be able to call the ban_member method, the caller must present a proof that they either own an admin badge or a moderator badge. To call the destroy method the caller must present a proof of the admin badge AND of two moderator badges.

pub fn instantiate() -> (ComponentAddress, Bucket, Bucket) {
    // Create the access badges
    let admin_badge: Bucket = ResourceBuilder::new_fungible()
        .initial_supply(1);
    let moderator_badges: Bucket = ResourceBuilder::new_fungible()
        .initial_supply(4);

    let admin_badge_address = admin_badge.resource_address();
    let moderator_badge_address = moderator_badges.resource_address();

    // Instantiate the component
    let mut component = Self {}.instantiate();

    // Define the access rules
    let access_rules = AccessRules::new()
        .method("ban_member", rule!(require_any_of(vec![admin_badge_address, moderator_badge_address])))
        .method("destroy", rule!(require(admin_badge_address) && require_amount(dec!(2), moderator_badge_address)))
        .default(rule!(allow_all));

    // Attach the access rules to the component
    component.add_access_check(access_rules);

    (component.globalize(), admin_badge, moderator_badges)
}

You can find more specific examples for setting rules on the methods rules or resource action rules pages.