com um clique
extension-user-approval
Approval-based user management.
Instalar com Codex ou Claude Copie este prompt, cole no Codex, Claude ou outro assistente e deixe que ele revise a página da skill e instale para você.
Menu
Approval-based user management.
Instalar com Codex ou Claude Copie este prompt, cole no Codex, Claude ou outro assistente e deixe que ele revise a página da skill e instale para você.
Baseado na classificação ocupacional SOC
Quick reference for the Caffeine Data Intelligence agent to query an OQL-exposing canister (schema() + execute()) through the `icp` CLI against the project's `backend` canister: read the schema, form JSON queries (filter / order / paginate / aggregate / dotted-path edges), and parse the Candid result rows.
Make a canister's data queryable by the Caffeine Data Intelligence agent. Use whenever an app stores structured data (Maps/Lists/arrays of records) that should be answerable in natural language — "top customers", "revenue by region", "active projects". Adds a discoverable `schema()` and a JSON `execute()` query endpoint via the `caffeineai-oql` mops package's `Expose` mixin.
Core infrastructure providing backend connection configuration, storage client, and React app entry point.
General file/object storage, such as for images, videos, files, documents and other bulk data. Perfect fit for image galleries, video galleries, and other file or object management. Supports large files beyond IC limit, with browser-cached HTTP URL access.
Use the `googlemail-client` mops package whenever the user asks the canister to send email, compose a draft, list or read Gmail messages, or fetch the authenticated user's Gmail profile. The package wraps the Gmail REST API v1 at `https://gmail.googleapis.com` via outbound HTTPS calls.
HTTP outcalls performed by the backend canister (not in the frontend).
| name | extension-user-approval |
| description | Approval-based user management. |
| version | 0.1.5 |
| compatibility | {"mops":{"caffeineai-user-approval":"~0.1.1","caffeineai-authorization":"~0.1.1"}} |
| caffeineai-subscription | ["none"] |
User approval extension for Caffeine AI.
This skill adds approval-based user management. Users request access; admins approve or reject. Approved users gain access to protected features.
Approval-based user management:
Prerequisite: You must follow extension-authorization first, as this integration depends on it.
There is a prefabricated module mo:caffeineai-user-approval/approval that cannot be modified. It provides approval-based user management with role-based access control.
import AccessControl "mo:caffeineai-authorization/access-control";
module {
public type ApprovalStatus = {
#approved;
#rejected;
#pending;
};
public type UserApprovalState = { /* internal state */ };
public func initState(accessControlState: AccessControl.AccessControlState) : UserApprovalState;
public func isApproved(state : UserApprovalState, caller : Principal) : Bool;
public func setApproval(state : UserApprovalState, user : Principal, approval : ApprovalStatus);
public type UserApprovalInfo = {
principal : Principal;
status : ApprovalStatus;
};
public func listApprovals(state : UserApprovalState) : [UserApprovalInfo];
}
Usage (all the following functions are required to be added):
import AccessControl "mo:caffeineai-authorization/access-control";
import MixinAuthorization "mo:caffeineai-authorization/MixinAuthorization";
import UserApproval "mo:caffeineai-user-approval/approval";
import Principal "mo:core/Principal";
import Runtime "mo:core/Runtime";
actor {
// Include authorization
let accessControlState = AccessControl.initState();
include MixinAuthorization(accessControlState);
let approvalState = UserApproval.initState(accessControlState);
public query ({ caller }) func isCallerApproved() : async Bool {
AccessControl.hasPermission(accessControlState, caller, #admin) or UserApproval.isApproved(approvalState, caller);
};
public shared ({ caller }) func requestApproval() : async () {
UserApproval.requestApproval(approvalState, caller);
};
public shared ({ caller }) func setApproval(user : Principal, status : UserApproval.ApprovalStatus) : async () {
if (not (AccessControl.hasPermission(accessControlState, caller, #admin))) {
Runtime.trap("Unauthorized: Only admins can perform this action");
};
UserApproval.setApproval(approvalState, user, status);
};
public query ({ caller }) func listApprovals() : async [UserApproval.UserApprovalInfo] {
if (not (AccessControl.hasPermission(accessControlState, caller, #admin))) {
Runtime.trap("Unauthorized: Only admins can perform this action");
};
UserApproval.listApprovals(approvalState);
};
// In addition to access control guards, add an approval check where needed:
// Admins should have the permission do use all functionality
// * Approved users only:
// if (not (UserApproval.isApproved(approvalState, caller) or AccessControl.hasPermission(accessControlState, caller, #admin))) {
// Runtime.trap("Unauthorized: Only approved users can perform this action");
// };
};
On initState, existing admins are automatically approved. All other users are pending.
IMPORTANT: Apply the right authorization and/or approval check to each public function.
Approval-based user management:
isCallerApproved)requestApproval)For admin users, provide a dashboard to:
listApprovals)setApproval)getCallerUserRole and assignCallerUserRole)The backend already implements the following functionality. The full interface can be found in
// Check if current user is approved, admins are always approved isCallerApproved(): Promise;
// Submit approval request requestApproval(): Promise;
// Get all users and their approval status (admin only) listApprovals(): Promise<Array>;
// Approve or reject a user (admin only) setApproval(user: Principal, status: ApprovalStatus): Promise;
// Assign a role to a user (admin only) assignCallerUserRole(user: Principal, role: UserRole): Promise;
// Get current role for a specific user getCallerUserRole(): Promise;