From 6c6285344b4a83ae0aded4cece9cf808aae2e89e Mon Sep 17 00:00:00 2001
From: Olaoluwa Osuntokun <laolu32@gmail.com>
Date: Tue, 20 Mar 2018 16:40:14 -0700
Subject: [PATCH] rpc: add new invoicePermissions bakery.Op slice for an
 invoice only macaroon

In this commit, we add a new invoicePermissions slice. This contains
all the permission that a holder of an invoice.macaroon is able to
access, and no others. We also include read and write access to
addresses as this may be useful from the PoV of a merchant or exchange.
---
 rpcserver.go | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/rpcserver.go b/rpcserver.go
index 282af192..afc68789 100644
--- a/rpcserver.go
+++ b/rpcserver.go
@@ -98,6 +98,26 @@ var (
 			Entity: "info",
 			Action: "write",
 		},
+	// invoicePermissions is a slice of all the entities that allows a user
+	// to only access calls that are related to invoices, so: streaming
+	// RPC's, generating, and listening invoices.
+	invoicePermissions = []bakery.Op{
+		{
+			Entity: "invoices",
+			Action: "read",
+		},
+		{
+			Entity: "invoices",
+			Action: "write",
+		},
+		{
+			Entity: "address",
+			Action: "read",
+		},
+		{
+			Entity: "address",
+			Action: "write",
+		},
 	}
 
 	// permissions maps RPC calls to the permissions they require.