{% if action == 'list' or not action %}

Igor Capabilities

{% if not igor.internal.accessControl('hasCapabilitySupport') %}

This Igor runs without capability support. It is unlikely you see anything interesting here.

{% endif %} {% if igor.app.getSessionItem('user', None) %}

You are logged in as {{igor.app.getSessionItem('user')}}. {% if cid == None %} Here is the list of all capabilities assigned to your user identity. {% else %} Here is the information on capability {{cid}}. {% endif %}

{% else %}

You are not logged in. {% if cid == None %} Here is the set of default capabilities you have access to. {% else %} Here is the information on capability {{cid}}. {% endif %}

{% endif %} {% set capList = igor.internal.accessControl(subcommand='getTokenDescription', token=token, tokenId=cid) %} {% for cap in capList %} {% set cid = cap.pop('cid', '') %} {% set comment = cap.pop('comment', '') %} {% set childIDs = cap.pop('child', []) %} {% set childIDs = [childIDs] if type(childIDs) != type([]) else childIDs %} {% endfor %}
ID Object GET
PUT
POST
DELETE
Parent Children OP ...
{{cid}} {% if comment %}
({{comment}}) {% endif %}
{{cap.pop('obj', '')}} {{cap.pop('get', '-')}}
{{cap.pop('put', '-')}}
{{cap.pop('post', '-')}}
{{cap.pop('delete', '-')}}
{{cap.pop('parent', '')}} {% for c in childIDs %} {{c}} (revoke)
{% endfor %}
{% if cap.pop('owner', '') %} transfer {% endif %} {% set delegate = cap.pop('delegate', '') %} {% if delegate %}
delegate {% if delegate == 'external' %} (ext) {% endif %}
export {% endif %} {% if 'iss' in cap and 'aud' in cap %}
external repr {% endif %}
{% for k,v in cap.items() %} {{k}}={{v}}
{% endfor %}

View shared key listing

{% elif action == "delegate" %}

Delegate capability {{cid}}

{% set cap = igor.internal.accessControl(subcommand='getTokenDescription', token=token, tokenId=cid)[0] %}
{% for right in ['get', 'put', 'post', 'delete'] %} {% set disabled = '' if cap.get(right, None) else ' disabled' %} {% endfor %}
Field New Old
Owner ...
Path {{cap.get('obj','')}}
Can Delegate {% if cap.get('delegate') %} {% endif %} {{'yes' if cap.get('delegate') else 'no'}}
{{right}} {{cap.get(right, 'no access')}}
Comment {{cap.get('comment', '')}}

{% elif action == "create" %}

Cannot do yet. Should create {{repr(kwargs)}}.

{% if 'aud' in kwargs %} {% endif %} {% for right in ['get', 'put', 'post', 'delete'] %} {% set rightValue = kwargs.get(right, '') %} {% endfor %}
Field Value
Delegate from
New owner
Path
Audience
Can Delegate {% if kwargs.get('delegate') %} {% endif %}
{{right}}
Comment

{% elif action == "transfer" %}

Delegate capability {{cid}}

{% set cap = igor.internal.accessControl(subcommand='getTokenDescription', token=token, tokenId=cid)[0] %}
{% for right in ['get', 'put', 'post', 'delete'] %} {% endfor %}
Field New Old
Owner ...
Path {{cap['obj']}} {{cap['obj']}}
{{right}} {{cap.get(right, 'no access')}} {{cap.get(right, 'no access')}}
Comment {{cap.get('comment', '')}} {{cap.get('comment', '')}}

{% elif action == "export" %}

Export capability {{cid}}

{% set cap = igor.internal.accessControl(subcommand='getTokenDescription', token=token, tokenId=cid)[0] %} {% set _ = cap.pop('owner', None) %} {% set _ = cap.pop('parent', None) %} {% set _ = cap.pop('delegate', None) %}
{% for right in ['get', 'put', 'post', 'delete'] %} {% set rvalue = cap.pop(right, None) %} {% set disabled = '' if rvalue else ' disabled' %} {% endfor %} {% for k,v in cap.items() %} {% endfor %}
Field Value
Audience
Object {{cap.pop('obj')}}
{{right}}
Subject {% set subjectList = igor.internal.accessControl(subcommand='getSubjectList') %} {% if subjectList %} {% else %} {% endif %}
Lifetime (seconds)
{{k}}
Comment

{% elif action == "revoke" %}

Revoke capability {{childCid}}

{% set cap = igor.internal.accessControl(subcommand='getTokenDescription', token=token, tokenId=childCid)[0] %}
{% for right in ['get', 'put', 'post', 'delete'] %} {% endfor %} {% for k, v in cap.items() %} {% endfor %}
Field Value
ID {{childCid}}
Parent {{cid}}
{{right}} {{cap.pop(right, 'no access')}}
Comment {{cap.pop('comment', '')}}
Children {% set childIDs = cap.pop('child', []) %} {% set childIDs = [childIDs] if type(childIDs) != [] else childIDs %} {% for gcid in childIDs %} {{gcid}}
{% endfor %}
{{k}} {{v}}

{% elif action == "listKeys" %}

Shared secret keys issued by this Igor

{% set keys = igor.internal.accessControl(subcommand='getKeyList', token=token) %} {% for key in keys %} {% set iss = key.pop('iss') %} {% set sub = key.pop('sub', '') %} {% set aud = key.pop('aud', '') %} {% endfor %}
Issuer Subject Audience ... Action:
{{iss}} {{sub}} {{aud}} {% for k, v in key.items() %} {{k}}={{v}} {% endfor %} delete

Add a new secret key

Return to secret key listing

{% elif action == "addKey" %}

Issue new shared key

Createing a secret key here will return the verbatim secret key, this will be done only once, after that the secret key is, well, secret... Copy the key to your subject or audience device and clear your browser history.

Audience (agent trusting the key, empty for Igor):
Subject (agent carrying the key, empty for Igor):

Return to secret key listing

{% elif action == "deleteKey" %}

Delete old shared key

{% for k, v in kwargs.items() %} {% endfor %}
Item Value
{{k}} {{v}}

Return to secret key listing

{% endif %} {% if action != 'list' or cid != None %}

Return to capability listing

{% endif %}

Return to Igor homepage

{% if 'returnTo' in kwargs %}

Return to {{kwargs['returnTo']}}.

{% endif %}