Access restrictions
Access step is used to add a required precondition to transitions.
Restriction types
Type | Description |
---|---|
Open | Open for anyone to call. |
Owner | Only the owner of the workflow can call. The deployer of the workflow is the first owner. |
Restrict or set | Functional check - see below. If the variable has not yet been set, the caller itself assumes the role. |
Has any role | Multiple check to see if caller is within certain roles. |
Other flow | Only specific other workflow is able to call |
Internal | Assign for private methods only! Used when another workflow transition is calling this transition. |
'Restrict or set' access restriction
A functional access check or assign. As an example setting up access restriction to Client
will accomplish three things:
- When the step is executed it checks if the executor (caller) is the correct one. More precisely, Toolblox will check if the Client of the current item is equal to the callers wallet address. If it is, it lets the transition processing to continue, if not then it fails with an exception.
- In case a value for the Client attribute has not yet been set for an item it sets it to be the caller and lets the transition to proceed. This means that if any subsequent transitions for that item which also require Client restriction would fail for other callers.
- In case the Client variable is defined as Restricted user (not just User) an additional check will be done: the caller needs to be pre-registered (whitelisted) as a Client of the Workflow.