From 6435559166f9cf065147508add69b7d20aee3a6b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bastian=20M=C3=BCller?= <bastian@turbolent.com>
Date: Tue, 24 Sep 2024 16:43:30 -0700
Subject: [PATCH 1/2] add section for revocation of capability

---
 docs/design-patterns.md | 35 +++++++++++++++++++++++++++++++++++
 1 file changed, 35 insertions(+)

diff --git a/docs/design-patterns.md b/docs/design-patterns.md
index 5b1a373..2b1b556 100644
--- a/docs/design-patterns.md
+++ b/docs/design-patterns.md
@@ -474,3 +474,38 @@ transaction {
     }
 }
 ```
+
+## Capability Revocation
+
+### Problem
+
+A capability provided by one account to a second account must able to be revoked
+by the first account without the co-operation of the second.
+
+### Solution
+
+If the capability is a storage capability:
+
+```cadence
+transaction(capabilityID: UInt64) {
+    prepare(signer: auth(StorageCapabilities) &Account) {
+        let controller = signer.capabilities.storage
+            .getController(byCapabilityID: capabilityID)
+            ?? panic("missing controller")
+        controller.delete()
+    }
+}
+```
+
+If the capability is an account capability:
+
+```cadence
+transaction(capabilityID: UInt64) {
+    prepare(signer: auth(AccountCapabilities) &Account) {
+        let controller = signer.capabilities.account
+            .getController(byCapabilityID: capabilityID)
+            ?? panic("missing controller")
+        controller.delete()
+    }
+}
+```
\ No newline at end of file

From f733d997b51d5069eb573c73fe19d93dfdc638d5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bastian=20M=C3=BCller?= <bastian@turbolent.com>
Date: Wed, 25 Sep 2024 10:02:35 -0700
Subject: [PATCH 2/2] Apply suggestions from code review

Co-authored-by: Joshua Hannan <hannanjoshua19@gmail.com>
---
 docs/design-patterns.md | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/docs/design-patterns.md b/docs/design-patterns.md
index 2b1b556..340330c 100644
--- a/docs/design-patterns.md
+++ b/docs/design-patterns.md
@@ -491,7 +491,9 @@ transaction(capabilityID: UInt64) {
     prepare(signer: auth(StorageCapabilities) &Account) {
         let controller = signer.capabilities.storage
             .getController(byCapabilityID: capabilityID)
-            ?? panic("missing controller")
+            ?? panic("Cannot get the storage capability controller with ID "
+                    .concat(capabilityID.toString())
+                    .concat(" from the signer's account! Make sure the ID belongs to a capability that the owner controls and that it is a storage capability.")
         controller.delete()
     }
 }
@@ -504,7 +506,9 @@ transaction(capabilityID: UInt64) {
     prepare(signer: auth(AccountCapabilities) &Account) {
         let controller = signer.capabilities.account
             .getController(byCapabilityID: capabilityID)
-            ?? panic("missing controller")
+            ?? panic("Cannot get the account capability controller with ID "
+                    .concat(capabilityID.toString())
+                    .concat(" from the signer's account! Make sure the ID belongs to a capability that the owner controls and that it is an account capability.")
         controller.delete()
     }
 }