<aside> 😵‍💫

Currently in sketchpad state of thoughts

</aside>

The permission system has a fixed set of flags for use across all objects, but some flags may not be relevant to all object types.

The permission system in Structs is a hierarchical system that manages access control at two main levels:

1. Address Level Permissions:
   • Each blockchain address can have its own set of permissions
   • Address permissions are stored using a special ID format: {ObjectType_address}-{address}@0
   • Address permissions are used to control what actions an address can perform on the blockchain
   • An address can only modify permissions for addresses that belong to the same player account
   • When modifying address permissions, the calling address must have at least the same level of permissions it's trying to grant
2. Object Level Permissions:
   • Objects (like guilds, planets, structures, etc.) can have permissions assigned to specific players
   • Object permissions are stored using the format: {objectId}@{playerId}
   • Object permissions control what actions a player can perform on that specific object
   • The owner of an object automatically has all permissions
   • To grant permissions on an object, the caller must:
   • Have the Permissions permission on their address
   • Have the same permissions they're trying to grant on the target object

Key Operations:

1. Granting Permissions:
   • PermissionGrantOnObject: Adds permissions to a player's existing permissions on an object
   • PermissionGrantOnAddress: Adds permissions to an address's existing permissions
2. Revoking Permissions:
   • PermissionRevokeOnObject: Removes specific permissions from a player on an object
   • PermissionRevokeOnAddress: Removes specific permissions from an address
3. Setting Permissions:
   • PermissionSetOnObject: Replaces all permissions for a player on an object
   • PermissionSetOnAddress: Replaces all permissions for an address

Permission Checking:

• The system uses PermissionHasOneOf to check if an address/player has at least one of the required permissions
• The system uses PermissionHasAll to check if an address/player has all of the required permissions
• Permission checks are performed at both the address and object level
• For objects, if the player is the owner, they automatically pass permission checks

Example Flow:

1. When a player wants to perform an action on an object:
   • First, their address's permissions are checked
   • Then, if they have a player account, their player's permissions on the object are checked
   • If they are the owner of the object, they automatically have permission
   • If they are not the owner, they must have the specific permission on the object
2. When granting permissions:
   • The caller's address must have the Permissions permission
   • For object permissions, the caller must have the same permissions they're trying to grant
   • For address permissions, the caller can only modify permissions for addresses belonging to their player account

This system allows for fine-grained access control while maintaining security through hierarchical checks and owner privileges.

Examples