How can I get HeaderHash of a CapGrant element?

robot5x · June 2, 2021, 10:03am

Hi all -

I am building a small proof of concept, which is heavily dependent on using capabilities for ‘access control’. All user data is currently set as ‘private’.
Right now I have a working zome which can make assigned grants, and lets grantees see the grantors source chain entries.

My next TODO is to let the grantors delete/revoke the cap grant. I am using the example delete_cap_grant function here, on line 49:


#[hdk_extern]
pub fn delete_cap_grant(header_hash: HeaderHash) -> ExternResult<HeaderHash> {
    hdk::prelude::delete_cap_grant(header_hash)
}

This seems pretty simple. But it requires HeaderHash of the CapGrant element as the input.

My question is - how do I obtain the CapGrant HeaderHash so the user can pass it to the delete_cap_grant function?

entry.rs says that

"Every host function that commits an entry returns the new HeaderHash"

and also -

" The header hash can be extracted from the Element as element.header_hashed().as_hash()"

So it sounds like it should be easy to access. Can someone please provide an example how to do it?

Thanks for your help, alex.

guillemcordoba · June 2, 2021, 12:42pm

So I think you have two options here:

let header_hash = create_cap_grant(...) returns the header hash that you want already.
Use query to get the list of elements from your source chain, and then use your element.header_hashed().as_hash() to get the hash for the element. Here is a real-world example to get only entries of one type.

Hope this helps

robot5x · June 3, 2021, 8:37am

hey thanks!

YES it worked!! I just used #1 and passed create_cap_grant into a new var and returned that. Thanks a lot Guillem.

I have a follow up question please - now that the grant can be revoked, I want to build a tryorama test to make sure that the grantee cannot call the function with delegation from the grantor. Can I write a test like:

t.notok(UseDeletedCapGrant);

or something like that??
I want the test to pass if the attempt to use the CapGrant fails.
Thanks.

guillemcordoba · June 3, 2021, 11:08am

yes… If you are doing the await alice.call('try_to_use_cap_grant_fn'), then you’ll need to wrap that in a try catch block in tryorama and do the t.ok(false) and t.ok(true) there wherever they make sense for your case.

robot5x · June 4, 2021, 4:56am

ah ok I get it.
thanks very much!