Reputation: 181
Can managed capabilities be installed with (install-capability) outside the module in which they are defined?
Is it possible to install a managed capability outside the module it was defined, without signing the capability in the transaction data?
For example, I would like to use the coin.transfer-create function within a function implemented in my module in order to transfer funds from a module-controlled account to a user account. This function is guarded by the coin.TRANSFER managed capability.
I can call my module function (which itself calls coin.transfer-create) if I sign the transaction with the coin.TRANSFER capability in the capabilities list. However, I want my module to allow arbitrary user accounts to ask for KDA from the module account, without having to provide the coin.TRANSFER capability in the capabilities list (after all, they don't know the module account's private key). (This contract is only intended for testnet.)
I'd like to do something like this:
(defun my-fn (user-account:string amount:decimal)
; install the capability, without relying on it being in the capabilities list
(install-capability (coin.TRANSFER "contract-account" user-account amount))
; grant the capability
(with-capability (coin.TRANSFER "contract-account" user-account amount)
<execute transfer>))
The code written above gives a keyset failure in the REPL. Is it possible to install a managed capability from outside the module in which it was defined?
Upvotes: 0
Views: 172
Answers (2)
Reputation: 748
According to the documentation, you cannot use with-capability outside of the module where the capability is defined. But since coin.TRANSFER is a managed capability, we've got install-capability available which might be enough.
As @georgep said, the "keyset failure" error is not indicative of a capability issue, there's a "missing capability" error for those.
Upvotes: 1
Reputation: 741
It should work, I have done this for a module-guard account. Not all keyset failures are equal. Having the full error message might shed more light. Such as missing signature for gas payer or so.
Upvotes: 0
Related Questions
- Is it possible to use (compose-capability) with the coin.TRANSFER capability?
- How do you call non-write functions from a module without needing to pay gas, using pact-lang-api?
- Is there a way to send modules through the message data?
- What is the scope of module governance in Pact?
- "Failure: require-capability: not granted" How do I grant a capability to my module?
- How do I grant a capability to an account after a module has been deployed?
- Can a powershell module call functions in its importer's scope?
- Installing Modules from within a python program
- Pre-Built Module bind
- Can I include a MODULE-COMPLIANCE in the INCLUDES clause in AGENT-CAPABILITIES?