Users and permissionsΒΆ
Pyledger supports basic key-based authentication for clients, and the contracts may be aware if the user was previously created by the administrator of the ledger. When you run the server for the first time, the ledger server outputs an admin authentication key, that is stored within the ledger itself:
$> python examples/authentication/server.py --sync
Warning: Syncing database at sqlite://
Warning: Admin key is a1ee413e-0505-49a6-9902-748e87741225
If you start a client with this key, it will have admin privileges.
One of the important aspects of admin privileges is the key creation, which is equivalent of creating a user, since each user is identified by a random key:
$> pyledger-shell --user a1ee413e-0505-49a6-9902-748e87741225
PyLedger simple client
(http://localhost:8888)> key NewUser
Created user Guillem: 79ab6f2d-5fe6-4bf8-9ebd-ee359d9dfa94
(http://localhost:8888)> exit
This key can be used to authenticate the user, and we can make the contract aware of the authentication of a client.
def hello():
def say_hello(attrs):
if attrs.user:
return attrs, 'Hello {}, your key is {}'.format(attrs.user.name,
attrs.user.key)
else:
raise Exception('Not authenticated')
contract = Builder('Hello')
contract.add_method(say_hello)
return contract
The attrs object contains a copy of the data stored about the user, like its
name or the user key. If the user was not authenticated, attrs.user
is
set as None
.
We can now start the client with the new user key:
$> pyledger-shell --user 79ab6f2d-5fe6-4bf8-9ebd-ee359d9dfa94
(http://localhost:8888)> api Hello
say_hello ( )
(http://localhost:8888)> call Hello say_hello
Hello Guillem, your key is 79ab6f2d-5fe6-4bf8-9ebd-ee359d9dfa94
(http://localhost:8888)> exit
Important
There is only one user called admin
, that is assigned the key that is
printed when the ledger is started for the first time with the --sync
option. This means that, if attrs.user.name == 'admin'
checks if the
current user is in fact the owner of the ledger.