feat: add is_member API

Cargo.toml

@@ -15,7 +15,7 @@ strip = true
 opt-level = 's'
 
 [workspace.package]
-version = "0.6.6"
+version = "0.6.7"
 edition = "2021"
 repository = "https://github.com/ldclabs/ic-cose"
 keywords = ["config", "cbor", "canister", "icp", "encryption"]

src/ic_cose/src/client.rs

@@ -428,6 +428,21 @@ pub trait CoseSDK: CanisterCaller + Sized {
             .map_err(format_error)?
     }
 
+    async fn namespace_is_member(
+        &self,
+        namespace: &str,
+        kind: &str,
+        user: &Principal,
+    ) -> Result<bool, String> {
+        self.canister_query(
+            self.canister(),
+            "namespace_is_member",
+            (namespace, kind, user),
+        )
+        .await
+        .map_err(format_error)?
+    }
+
     async fn namespace_top_up(&self, namespace: &str, cycles: u128) -> Result<u128, String> {
         self.canister_update(self.canister(), "namespace_top_up", (namespace, cycles))
             .await

src/ic_cose_canister/ic_cose_canister.did

@@ -63,21 +63,22 @@ type PublicKeyInput = record { ns : text; derivation_path : vec blob };
 type PublicKeyOutput = record { public_key : blob; chain_code : blob };
 type Result = variant { Ok; Err : text };
 type Result_1 = variant { Ok : NamespaceInfo; Err : text };
-type Result_10 = variant { Ok : SignDelegationOutput; Err : text };
-type Result_11 = variant { Ok : nat; Err : text };
-type Result_12 = variant { Ok : CreateSettingOutput; Err : text };
-type Result_13 = variant { Ok : SettingInfo; Err : text };
-type Result_14 = variant { Ok : SettingArchivedPayload; Err : text };
-type Result_15 = variant { Ok : StateInfo; Err : text };
-type Result_16 = variant { Ok : text; Err : text };
+type Result_10 = variant { Ok : vec record { principal; blob }; Err : text };
+type Result_11 = variant { Ok : SignDelegationOutput; Err : text };
+type Result_12 = variant { Ok : nat; Err : text };
+type Result_13 = variant { Ok : CreateSettingOutput; Err : text };
+type Result_14 = variant { Ok : SettingInfo; Err : text };
+type Result_15 = variant { Ok : SettingArchivedPayload; Err : text };
+type Result_16 = variant { Ok : StateInfo; Err : text };
+type Result_17 = variant { Ok : text; Err : text };
 type Result_2 = variant { Ok : vec NamespaceInfo; Err : text };
 type Result_3 = variant { Ok : ECDHOutput; Err : text };
 type Result_4 = variant { Ok : PublicKeyOutput; Err : text };
 type Result_5 = variant { Ok : blob; Err : text };
 type Result_6 = variant { Ok : SignedDelegation; Err : text };
 type Result_7 = variant { Ok : vec principal; Err : text };
 type Result_8 = variant { Ok : principal; Err : text };
-type Result_9 = variant { Ok : vec record { principal; blob }; Err : text };
+type Result_9 = variant { Ok : bool; Err : text };
 type SchnorrAlgorithm = variant { ed25519; bip340secp256k1 };
 type SettingArchivedPayload = record {
   dek : opt blob;
@@ -186,37 +187,40 @@ service : (opt InstallArgs) -> {
   namespace_get_delegators : (text, text) -> (Result_7) query;
   namespace_get_fixed_identity : (text, text) -> (Result_8) query;
   namespace_get_info : (text) -> (Result_1) query;
-  namespace_list_setting_keys : (text, bool, opt principal) -> (Result_9) query;
+  namespace_is_member : (text, text, principal) -> (Result_9) query;
+  namespace_list_setting_keys : (text, bool, opt principal) -> (
+      Result_10,
+    ) query;
   namespace_remove_auditors : (text, vec principal) -> (Result);
   namespace_remove_delegator : (NamespaceDelegatorsInput) -> (Result);
   namespace_remove_managers : (text, vec principal) -> (Result);
   namespace_remove_users : (text, vec principal) -> (Result);
-  namespace_sign_delegation : (SignDelegationInput) -> (Result_10);
-  namespace_top_up : (text, nat) -> (Result_11);
+  namespace_sign_delegation : (SignDelegationInput) -> (Result_11);
+  namespace_top_up : (text, nat) -> (Result_12);
   namespace_update_info : (UpdateNamespaceInput) -> (Result);
   schnorr_public_key : (SchnorrAlgorithm, opt PublicKeyInput) -> (
       Result_4,
     ) query;
   schnorr_sign : (SchnorrAlgorithm, SignInput) -> (Result_5);
   schnorr_sign_identity : (SchnorrAlgorithm, SignIdentityInput) -> (Result_5);
   setting_add_readers : (SettingPath, vec principal) -> (Result);
-  setting_create : (SettingPath, CreateSettingInput) -> (Result_12);
+  setting_create : (SettingPath, CreateSettingInput) -> (Result_13);
   setting_delete : (SettingPath) -> (Result);
-  setting_get : (SettingPath) -> (Result_13) query;
-  setting_get_archived_payload : (SettingPath) -> (Result_14) query;
-  setting_get_info : (SettingPath) -> (Result_13) query;
+  setting_get : (SettingPath) -> (Result_14) query;
+  setting_get_archived_payload : (SettingPath) -> (Result_15) query;
+  setting_get_info : (SettingPath) -> (Result_14) query;
   setting_remove_readers : (SettingPath, vec principal) -> (Result);
-  setting_update_info : (SettingPath, UpdateSettingInfoInput) -> (Result_12);
+  setting_update_info : (SettingPath, UpdateSettingInfoInput) -> (Result_13);
   setting_update_payload : (SettingPath, UpdateSettingPayloadInput) -> (
-      Result_12,
+      Result_13,
     );
-  state_get_info : () -> (Result_15) query;
-  validate2_admin_add_allowed_apis : (vec text) -> (Result_16);
-  validate2_admin_add_auditors : (vec principal) -> (Result_16);
-  validate2_admin_add_managers : (vec principal) -> (Result_16);
-  validate2_admin_remove_allowed_apis : (vec text) -> (Result_16);
-  validate2_admin_remove_auditors : (vec principal) -> (Result_16);
-  validate2_admin_remove_managers : (vec principal) -> (Result_16);
+  state_get_info : () -> (Result_16) query;
+  validate2_admin_add_allowed_apis : (vec text) -> (Result_17);
+  validate2_admin_add_auditors : (vec principal) -> (Result_17);
+  validate2_admin_add_managers : (vec principal) -> (Result_17);
+  validate2_admin_remove_allowed_apis : (vec text) -> (Result_17);
+  validate2_admin_remove_auditors : (vec principal) -> (Result_17);
+  validate2_admin_remove_managers : (vec principal) -> (Result_17);
   validate_admin_add_allowed_apis : (vec text) -> (Result);
   validate_admin_add_auditors : (vec principal) -> (Result);
   validate_admin_add_managers : (vec principal) -> (Result);

src/ic_cose_canister/src/api_namespace.rs

@@ -162,6 +162,26 @@ fn namespace_remove_users(namespace: String, args: BTreeSet<Principal>) -> Resul
     })
 }
 
+#[ic_cdk::query(guard = "is_authenticated")]
+fn namespace_is_member(
+    namespace: String,
+    member_kind: String,
+    user: Principal,
+) -> Result<bool, String> {
+    let caller = ic_cdk::caller();
+    store::ns::with(&namespace, |ns| {
+        if !ns.can_read_namespace(&caller) {
+            Err("no permission".to_string())?;
+        }
+        match member_kind.as_str() {
+            "manager" => Ok(ns.managers.contains(&user)),
+            "auditor" => Ok(ns.auditors.contains(&user)),
+            "user" => Ok(ns.users.contains(&user)),
+            _ => Err(format!("invalid member kind: {}", member_kind)),
+        }
+    })
+}
+
 const MIN_CYCLES: u128 = 1_000_000_000_000;
 
 #[ic_cdk::update(guard = "is_authenticated")]

src/ic_object_store/src/client.rs

@@ -123,6 +123,12 @@ pub trait ObjectStoreSDK: CanisterCaller + Sized {
             .map_err(format_error)?
     }
 
+    async fn is_member(&self, member_kind: &str, user: &Principal) -> Result<bool, String> {
+        self.canister_query(self.canister(), "is_member", (member_kind, user))
+            .await
+            .map_err(format_error)?
+    }
+
     /// Adds managers to the canister (requires controller privileges)
     async fn admin_add_managers(&self, args: &BTreeSet<Principal>) -> Result<(), String> {
         self.canister_update(self.canister(), "admin_add_managers", (args,))

src/ic_object_store_canister/ic_object_store_canister.did

@@ -71,17 +71,18 @@ type PutOptions = record {
 };
 type Result = variant { Ok; Err : Error };
 type Result_1 = variant { Ok; Err : text };
-type Result_10 = variant { Ok : ListResult; Err : Error };
-type Result_11 = variant { Ok : PartId; Err : Error };
-type Result_12 = variant { Ok : text; Err : text };
+type Result_10 = variant { Ok : vec ObjectMeta; Err : Error };
+type Result_11 = variant { Ok : ListResult; Err : Error };
+type Result_12 = variant { Ok : PartId; Err : Error };
+type Result_13 = variant { Ok : text; Err : text };
 type Result_2 = variant { Ok : UpdateVersion; Err : Error };
 type Result_3 = variant { Ok : text; Err : Error };
 type Result_4 = variant { Ok : GetResult; Err : Error };
 type Result_5 = variant { Ok : blob; Err : Error };
 type Result_6 = variant { Ok : vec blob; Err : Error };
 type Result_7 = variant { Ok : StateInfo; Err : text };
 type Result_8 = variant { Ok : ObjectMeta; Err : Error };
-type Result_9 = variant { Ok : vec ObjectMeta; Err : Error };
+type Result_9 = variant { Ok : bool; Err : text };
 type StateInfo = record {
   next_etag : nat64;
   managers : vec principal;
@@ -111,15 +112,16 @@ service : (opt InstallArgs) -> {
   get_ranges : (text, vec record { nat64; nat64 }) -> (Result_6) query;
   get_state : () -> (Result_7) query;
   head : (text) -> (Result_8) query;
-  list : (opt text) -> (Result_9) query;
-  list_with_delimiter : (opt text) -> (Result_10) query;
-  list_with_offset : (opt text, text) -> (Result_9) query;
+  is_member : (text, principal) -> (Result_9) query;
+  list : (opt text) -> (Result_10) query;
+  list_with_delimiter : (opt text) -> (Result_11) query;
+  list_with_offset : (opt text, text) -> (Result_10) query;
   put_opts : (text, blob, PutOptions) -> (Result_2);
-  put_part : (text, text, nat64, blob) -> (Result_11);
+  put_part : (text, text, nat64, blob) -> (Result_12);
   rename : (text, text) -> (Result);
   rename_if_not_exists : (text, text) -> (Result);
-  validate_admin_add_auditors : (vec principal) -> (Result_12);
-  validate_admin_add_managers : (vec principal) -> (Result_12);
-  validate_admin_remove_auditors : (vec principal) -> (Result_12);
-  validate_admin_remove_managers : (vec principal) -> (Result_12);
+  validate_admin_add_auditors : (vec principal) -> (Result_13);
+  validate_admin_add_managers : (vec principal) -> (Result_13);
+  validate_admin_remove_auditors : (vec principal) -> (Result_13);
+  validate_admin_remove_managers : (vec principal) -> (Result_13);
 }