Skip to main content
Version: Next

Capabilities

Cadence supports capability-based security through the object-capability model.

A capability in Cadence is a value that represents the right to access an object and perform certain operations on it. A capability specifies what can be accessed, and how it can be accessed.

Capabilities are unforgeable, transferable, and revocable.

Capabilities can be storage capabilities or account capabilities:

Capabilities can be borrowed to get a reference to the stored object or the account it refers to.

Capabilities have the type Capability<T: &Any>. The type parameter specifies the kind of reference that can be obtained when borrowing the capability. The type specifies the associated set of access rights through entitlements: the reference type of the capability can be authorized, which grants the owner of the capability the ability to access the fields and functions of the target which require the given entitlements.

For example, a capability which has type Capability<auth(SaveValue) &Account> grants access to an account, and allows saving a value into the account.

Each capability has an ID. The ID is unique per account/address.

Capabilities are created and managed through capability controllers.

Capability


_30
access(all)
_30
struct Capability<T: &Any> {
_30
/// The address of the account which the capability targets.
_30
access(all)
_30
let address: Address
_30
_30
/// The ID of the capability.
_30
access(all)
_30
let id: UInt64
_30
_30
/// Returns a reference to the targeted object.
_30
///
_30
/// If the capability is revoked, the function returns nil.
_30
///
_30
/// If the capability targets an object in account storage,
_30
/// and and no object is stored at the target storage path,
_30
/// the function returns nil.
_30
///
_30
/// If the targeted object cannot be borrowed using the given type,
_30
/// the function panics.
_30
///
_30
access(all)
_30
view fun borrow(): T?
_30
_30
/// Returns true if the capability currently targets an object
_30
/// that satisfies the given type, i.e. could be borrowed using the given type.
_30
///
_30
access(all)
_30
view fun check(): Bool
_30
}