Skip to main content

Authorization Check

Overview

This guide provides instructions how to perform authorization checks in a value contract.

Pre-requirements

  1. You have the sources of a inrcrud contract with a create action defined and implemented.
  2. The create action has defined tree input parameter id of type uint64, user of type inery::name and data of type string.

Procedure

The following steps show how to check authorization for user account for the create action. There are three ways to accomplish an authorization check in a value contract action implementation. You can use any of the methods provided below depending on your needs:

1. Use check auth

The following code example enforces the action create to be executed only by the account that is sent as parameter to the action, no matter what permission the account uses to sign the transaction (e.g. owner, active, code).

Error message is custom. Observe that in this case the yielded error message is a custom one and thus it can be used to provide a better experience for the user.

#include <capi/inery/action.h>

void create(uint64_t id, name user, string data ) {
   check(has_auth(user), "Missing authorisation for this action");
   ...
}

2. Use require_auth

The below code enforces the action create to be executed only by the account that is sent as parameter to the action, no matter what permission the account uses to sign the transaction (e.g. owner, active, code).

void create(uint64_t id, name user, string data ) {
   require_auth( user );
   ...
}

3. Use require_auth2

The below code is enforces the action create to be executed only by the account that is sent as parameter to the action and only if the permission used to sign the transaction is the 'active' one. In other words, if the same user uses the transaction with a different permission (e.g. code, owner) the execution of the action is halted.

#include <capi/inery/action.h>

void create( name user ) {
   require_auth2(user.value, "active"_n.value);
   ...
}
Last updated on