From 6c6285344b4a83ae0aded4cece9cf808aae2e89e Mon Sep 17 00:00:00 2001 From: Olaoluwa Osuntokun Date: Tue, 20 Mar 2018 16:40:14 -0700 Subject: [PATCH] rpc: add new invoicePermissions bakery.Op slice for an invoice only macaroon In this commit, we add a new invoicePermissions slice. This contains all the permission that a holder of an invoice.macaroon is able to access, and no others. We also include read and write access to addresses as this may be useful from the PoV of a merchant or exchange. --- rpcserver.go | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/rpcserver.go b/rpcserver.go index 282af192..afc68789 100644 --- a/rpcserver.go +++ b/rpcserver.go @@ -98,6 +98,26 @@ var ( Entity: "info", Action: "write", }, + // invoicePermissions is a slice of all the entities that allows a user + // to only access calls that are related to invoices, so: streaming + // RPC's, generating, and listening invoices. + invoicePermissions = []bakery.Op{ + { + Entity: "invoices", + Action: "read", + }, + { + Entity: "invoices", + Action: "write", + }, + { + Entity: "address", + Action: "read", + }, + { + Entity: "address", + Action: "write", + }, } // permissions maps RPC calls to the permissions they require.