Building User-Level Permissions

User-level permissions allow individual users to control their ability to update their own approvals. Note that these are almost always never needed unless in advanced situations. Typically, you just leave these soft-enabled (empty arrays) for all. These are only really needed in advanced situations where you want to lock down a user's ability to update their own approvals, such as escrow accounts.

The canUpdateOutgoingApprovals and canUpdateIncomingApprovals work similarly to canUpdateCollectionApprovals with key restrictions. - fromListId is locked to the user's address for outgoing approvals - toListId is locked to the user's address for incoming approvals

User Permission Structure

const userPermissions = {
    canUpdateOutgoingApprovals: [
        {
            // fromListId: 'user-address', // Locked to user's address
            toListId: 'All', // Can specify recipients
            initiatedByListId: 'All',
            transferTimes: FullTimeRanges,
            badgeIds: FullTimeRanges,
            ownershipTimes: FullTimeRanges,
            approvalId: 'All',
            permanentlyPermittedTimes: [],
            permanentlyForbiddenTimes: FullTimeRanges, // Lock forever
        },
    ],
    canUpdateIncomingApprovals: [
        {
            fromListId: 'All', // Can specify senders
            //  toListId: 'user-address', // Locked to user's address
            initiatedByListId: 'All',
            transferTimes: FullTimeRanges,
            badgeIds: FullTimeRanges,
            ownershipTimes: FullTimeRanges,
            approvalId: 'All',
            permanentlyPermittedTimes: [],
            permanentlyForbiddenTimes: FullTimeRanges, // Lock forever
        },
    ],
    canUpdateAutoApproveSelfInitiatedOutgoingTransfers: [
        {
            permanentlyPermittedTimes: [],
            permanentlyForbiddenTimes: FullTimeRanges,
        },
    ],
    canUpdateAutoApproveSelfInitiatedIncomingTransfers: [
        {
            permanentlyPermittedTimes: [],
            permanentlyForbiddenTimes: FullTimeRanges,
    canUpdateAutoApproveAllIncomingTransfers: [
        {
            permanentlyPermittedTimes: [],
            permanentlyForbiddenTimes: FullTimeRanges,
        },
    ],
};

Implementation

Users update their permissions via MsgUpdateUserApprovals:

const updateUserApprovals = {
    creator: 'bb1...', // User's address
    collectionId: '1',
    updateUserPermissions: true,
    userPermissions,
    // ... other approval updates
};

For permission patterns, see:

Freezing Mint Transferability - Collection permission example
Locking Specific Approval ID - Approval ID targeting
Locking Specific Badge IDs - Badge ID targeting
Building Collection Permissions - Collection-level patterns

For user approval configuration, see:

Building User Approvals - User approval setup

Permissions System - Permission mechanics
Update Approval Permission - Approval-specific controls
Default Balances - User permission structure

PreviousBuilding User-Level Approvals NextCosmos Coin Wrapper Tutorial

Last updated 19 hours ago

User Permission Structure

Implementation

Related Examples

Related Concepts