Transact Permission
A transact permission record is stored on-chain, keyed by the account id of the grantor, and the account id of the grantee. It allows the grantee to call thetransact
extrinsic, which execute the underlying extrinsic on behalf of the grantor.
The record contains the following fields:
-
spender: The account that is pays for the extrinsic fees when
transact
is called. This is either theGRANTOR
or theGRANTEE
. -
spending_balance: When the spender is the
GRANTOR
, the grantor can specify a spending balance. This acts as a limit on the maximum amount of funds that the grantee can use to calltransact
on behalf of the grantor. This value is deducted by the extrinsic fee whentransact
is called. -
allowed_calls: A list of
CallId
that the grantee can use intransact
. This value must be specified for all of the extrinsics that the grantor wishes to permit. A call id is a tuple of the pallet name and the extrinsic name. Example:("nft", "transfer")
. Wildcard values can be used for both the pallet and extrinsic names, e.g.("*", "*")
will allow all extrinsics to be called. A set of pallets are blacklisted from being used intransact
. This includes the following pallets:Sudo
Proxy
Futurepass
SyloActionPermissions
(prevents grantee from modifying the permission record itself)
- expiry: An optional expiry block for the permission.
Payment
The extrinsics for managing the transact permissions (grant, revoke, update, accept) are paid using the SYLO token (asset id2148
). It is not possible to use the
fee proxy to modify the fee token for these extrinsics.
The transact
extrinsic itself is paid using the regular fee payment mechanism.
Calls
grantTransactPermission
Grant a transact permission to another account. NamespaceupdateTransactPermission
Update an existing transact permission record. This takes in a set of optional values, which will update the existing record if the value isSome
.
Namespace
revokeTransactPermission
Revoke a previously granted transact permission. NamespaceacceptTransactPermission
Accept a transact permission that has been granted to the caller. UnlikegrantTransactPermission
, this call is intended to be used by the grantee.
This call is primarily for the use case where the grantor has generated a
new account, but does not have the means to execute the grantTransactPermission
themselves. For example, not having any funds associated with the account.
The grantor can instead sign a token that includes the permission details, as
well as the grantee’s account id. The grantee can then supply the token and
token signature to this call to create the accompanying permission record.
Updating the on-chain permission record can be done by calling this extrinsic
again with the updated values and a new token signature.
Token Signature
The grantor must sign an encoded transact permission token. The token structure includes
the following fields:
PalletSyloActionPermissionsTransactPermissionToken
can
be used to encode the token.
Type
acceptTransactPermission(