Merge pull request #155 from onflow/bastian/22-capability-revocation

Add section for revocation of capability
onflow · Sep 25, 2024 · 48d921c · 48d921c
2 parents 2ffe6d6 + f733d99
commit 48d921c
Showing 1 changed file with 39 additions and 0 deletions.
diff --git a/docs/design-patterns.md b/docs/design-patterns.md
@@ -474,3 +474,42 @@ transaction {
     }
 }
 ```
+
+## Capability Revocation
+
+### Problem
+
+A capability provided by one account to a second account must able to be revoked
+by the first account without the co-operation of the second.
+
+### Solution
+
+If the capability is a storage capability:
+
+```cadence
+transaction(capabilityID: UInt64) {
+    prepare(signer: auth(StorageCapabilities) &Account) {
+        let controller = signer.capabilities.storage
+            .getController(byCapabilityID: capabilityID)
+            ?? panic("Cannot get the storage capability controller with ID "
+                    .concat(capabilityID.toString())
+                    .concat(" from the signer's account! Make sure the ID belongs to a capability that the owner controls and that it is a storage capability.")
+        controller.delete()
+    }
+}
+```
+
+If the capability is an account capability:
+
+```cadence
+transaction(capabilityID: UInt64) {
+    prepare(signer: auth(AccountCapabilities) &Account) {
+        let controller = signer.capabilities.account
+            .getController(byCapabilityID: capabilityID)
+            ?? panic("Cannot get the account capability controller with ID "
+                    .concat(capabilityID.toString())
+                    .concat(" from the signer's account! Make sure the ID belongs to a capability that the owner controls and that it is an account capability.")
+        controller.delete()
+    }
+}
+```