From b86cfdf42d9ebe74371d655b99b4665739e0a91f Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Sat, 6 Jul 2019 10:07:24 +0100
Subject: [PATCH] Initial capabilities stuff

---
 README.md       |  2 ++
 capabilities.py | 48 +++++++++++++++++++++++++++++++++++++++++++-----
 2 files changed, 45 insertions(+), 5 deletions(-)

diff --git a/README.md b/README.md
index 7fb5f259..f984cf4f 100644
--- a/README.md
+++ b/README.md
@@ -18,6 +18,8 @@ This project is currently *pre alpha* and not recommended for any real world use
  * Implemented in a common language (Python 3)
  * Opt-in federation. Federate with a well-defined list of instances.
  * Keyword filtering.
+ * Being able to define roles and skills, similar to the Pursuance project.
+ * Sharings collection, similar to the gnusocial sharings plugin
  * Resistant to flooding, hellthreads, etc.
  * Support content warnings, reporting and blocking.
  * http signatures and basic auth.
diff --git a/capabilities.py b/capabilities.py
index 4cd52615..cd3b17d7 100644
--- a/capabilities.py
+++ b/capabilities.py
@@ -6,15 +6,53 @@ __maintainer__ = "Bob Mottram"
 __email__ = "bob@freedombone.net"
 __status__ = "Production"
 
+import os
 from auth import createPassword
 
-def sendCapabilitiesRequest(baseDir: str,httpPrefix: str,domain: str) -> None:
-
+def sendCapabilitiesRequest(baseDir: str,httpPrefix: str,requestedDomain: str,nickname=None) -> None:
+    # This is sent to the capabilities endpoint /caps/new
+    # which could be instance wide or for a particular person
     capId=createPassword(32)
     capRequest = {
-        "id": httpPrefix+"://"+domain+"/caps/request/"+capId,
+        "id": httpPrefix+"://"+requestedDomain+"/caps/request/"+capId,
         "type": "Request",
-        "capability": ["inbox:write", "objects:read"],
+        "capability": {
+            "inbox": "write",
+            "objects": "read"
+        },
+        "actor": httpPrefix+"://"+requestedDomain
+    }
+    # requesting for a particular person
+    if nickname:
+        # does the account exist for this person?
+        if os.path.isdir(baseDir+'/accounts/'+nickname+'@'+requestedDomain):
+            capRequest['scope']=httpPrefix+"://"+requestedDomain+'/users/'+nickname
+    #TODO
+
+def sendCapabilitiesAccept(baseDir: str,httpPrefix: str,domain: str,acceptedDomain: str,nickname=None) -> None:
+    # This gets returned to capabilities requester
+    capId=createPassword(32)
+    capAccept = {
+        "id": httpPrefix+"://"+domain+"/caps/"+capId,
+        "type": "Capability",
+        "capability": {
+            "inbox": "write",
+            "objects": "read"
+        },
+        "scope": httpPrefix+"://"+acceptedDomain,
         "actor": httpPrefix+"://"+domain
     }
-        
+
+    # accepting for a particular person
+    if nickname:
+        # does the account exist for this person?
+        if os.path.isdir(baseDir+'/accounts/'+nickname+'@'+acceptedDomain):
+            capAccept['scope']=httpPrefix+"://"+acceptedDomain+'/users/'+nickname
+    #TODO
+
+def isCapable(actor: str,capsJson: []) -> bool:
+    # is the given actor capable of using the current resource?
+    for cap in capsJson:
+        if cap['scope'] in actor:
+            return True
+    return False