From c1badb39e9432cc7dfa5eb35db12d933d5f4c449 Mon Sep 17 00:00:00 2001 From: Guillaume Roux Date: Mon, 4 May 2026 15:21:38 +0200 Subject: [PATCH 1/2] expose missing `PermissionController` methods through the messenger --- ...ermissionController-method-action-types.ts | 83 +++++++++++++++++++ .../src/PermissionController.ts | 5 ++ packages/permission-controller/src/index.ts | 5 ++ 3 files changed, 93 insertions(+) diff --git a/packages/permission-controller/src/PermissionController-method-action-types.ts b/packages/permission-controller/src/PermissionController-method-action-types.ts index 76312a01d3..75305e05ab 100644 --- a/packages/permission-controller/src/PermissionController-method-action-types.ts +++ b/packages/permission-controller/src/PermissionController-method-action-types.ts @@ -37,6 +37,20 @@ export type PermissionControllerGetSubjectNamesAction = { handler: PermissionController['getSubjectNames']; }; +/** + * Gets the permission for the specified target of the subject corresponding + * to the specified origin. + * + * @param origin - The origin of the subject. + * @param targetName - The method name as invoked by a third party (i.e., not + * a method key). + * @returns The permission if it exists, or undefined otherwise. + */ +export type PermissionControllerGetPermissionAction = { + type: `PermissionController:getPermission`; + handler: PermissionController['getPermission']; +}; + /** * Gets all permissions for the specified subject, if any. * @@ -85,6 +99,20 @@ export type PermissionControllerRevokeAllPermissionsAction = { handler: PermissionController['revokeAllPermissions']; }; +/** + * Revokes the specified permission from the subject with the specified + * origin. + * + * Throws an error if the subject or the permission does not exist. + * + * @param origin - The origin of the subject whose permission to revoke. + * @param target - The target name of the permission to revoke. + */ +export type PermissionControllerRevokePermissionAction = { + type: `PermissionController:revokePermission`; + handler: PermissionController['revokePermission']; +}; + /** * Revokes the specified permissions from the specified subjects. * @@ -152,6 +180,34 @@ export type PermissionControllerUpdateCaveatAction = { handler: PermissionController['updateCaveat']; }; +/** + * Updates all caveats with the specified type for all subjects and + * permissions by applying the specified mutator function to them. + * + * ATTN: Permissions can be revoked entirely by the action of this method, + * read on for details. + * + * Caveat mutators are functions that receive a caveat value and return a + * tuple consisting of a {@link CaveatMutatorOperation} and, optionally, a new + * value to update the existing caveat with. + * + * For each caveat, depending on the mutator result, this method will: + * - Do nothing ({@link CaveatMutatorOperation.Noop}) + * - Update the value of the caveat ({@link CaveatMutatorOperation.UpdateValue}). The caveat specification validator, if any, will be called after updating the value. + * - Delete the caveat ({@link CaveatMutatorOperation.DeleteCaveat}). The permission specification validator, if any, will be called after deleting the caveat. + * - Revoke the parent permission ({@link CaveatMutatorOperation.RevokePermission}) + * + * This method throws if the validation of any caveat or permission fails. + * + * @param targetCaveatType - The type of the caveats to update. + * @param mutator - The mutator function which will be applied to all caveat + * values. + */ +export type PermissionControllerUpdatePermissionsByCaveatAction = { + type: `PermissionController:updatePermissionsByCaveat`; + handler: PermissionController['updatePermissionsByCaveat']; +}; + /** * Grants _approved_ permissions to the specified subject. Every permission and * caveat is stringently validated—including by calling their specification @@ -266,6 +322,28 @@ export type PermissionControllerRequestPermissionsIncrementalAction = { handler: PermissionController['requestPermissionsIncremental']; }; +/** + * Accepts a permissions request created by + * {@link PermissionController.requestPermissions}. + * + * @param request - The permissions request. + */ +export type PermissionControllerAcceptPermissionsRequestAction = { + type: `PermissionController:acceptPermissionsRequest`; + handler: PermissionController['acceptPermissionsRequest']; +}; + +/** + * Rejects a permissions request created by + * {@link PermissionController.requestPermissions}. + * + * @param id - The id of the request to be rejected. + */ +export type PermissionControllerRejectPermissionsRequestAction = { + type: `PermissionController:rejectPermissionsRequest`; + handler: PermissionController['rejectPermissionsRequest']; +}; + /** * Gets the subject's endowments per the specified endowment permission. * Throws if the subject does not have the required permission or if the @@ -320,17 +398,22 @@ export type PermissionControllerMethodActions = | PermissionControllerHasUnrestrictedMethodAction | PermissionControllerClearStateAction | PermissionControllerGetSubjectNamesAction + | PermissionControllerGetPermissionAction | PermissionControllerGetPermissionsAction | PermissionControllerHasPermissionAction | PermissionControllerHasPermissionsAction | PermissionControllerRevokeAllPermissionsAction + | PermissionControllerRevokePermissionAction | PermissionControllerRevokePermissionsAction | PermissionControllerRevokePermissionForAllSubjectsAction | PermissionControllerGetCaveatAction | PermissionControllerUpdateCaveatAction + | PermissionControllerUpdatePermissionsByCaveatAction | PermissionControllerGrantPermissionsAction | PermissionControllerGrantPermissionsIncrementalAction | PermissionControllerRequestPermissionsAction | PermissionControllerRequestPermissionsIncrementalAction + | PermissionControllerAcceptPermissionsRequestAction + | PermissionControllerRejectPermissionsRequestAction | PermissionControllerGetEndowmentsAction | PermissionControllerExecuteRestrictedMethodAction; diff --git a/packages/permission-controller/src/PermissionController.ts b/packages/permission-controller/src/PermissionController.ts index 44d1729478..70fe65b636 100644 --- a/packages/permission-controller/src/PermissionController.ts +++ b/packages/permission-controller/src/PermissionController.ts @@ -191,6 +191,11 @@ const MESSENGER_EXPOSED_METHODS = [ 'revokePermissions', 'updateCaveat', 'getCaveat', + 'acceptPermissionsRequest', + 'rejectPermissionsRequest', + 'revokePermission', + 'updatePermissionsByCaveat', + 'getPermission', ] as const; /** diff --git a/packages/permission-controller/src/index.ts b/packages/permission-controller/src/index.ts index ae79f7cacd..962b7921ad 100644 --- a/packages/permission-controller/src/index.ts +++ b/packages/permission-controller/src/index.ts @@ -21,6 +21,11 @@ export type { PermissionControllerRevokePermissionForAllSubjectsAction, PermissionControllerRevokePermissionsAction, PermissionControllerUpdateCaveatAction, + PermissionControllerGetPermissionAction, + PermissionControllerRevokePermissionAction, + PermissionControllerUpdatePermissionsByCaveatAction, + PermissionControllerAcceptPermissionsRequestAction, + PermissionControllerRejectPermissionsRequestAction, } from './PermissionController-method-action-types'; export { createPermissionMiddleware, From 092f6a5d680cc743c11bfc43b7dabda08c6bb4ae Mon Sep 17 00:00:00 2001 From: Guillaume Roux Date: Mon, 4 May 2026 15:25:17 +0200 Subject: [PATCH 2/2] update CHANGELOG --- packages/permission-controller/CHANGELOG.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/packages/permission-controller/CHANGELOG.md b/packages/permission-controller/CHANGELOG.md index 468828e98b..138d44564d 100644 --- a/packages/permission-controller/CHANGELOG.md +++ b/packages/permission-controller/CHANGELOG.md @@ -7,6 +7,17 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +### Added + +- Expose missing public `PermissionController` methods through its messenger ([#8675](https://github.com/MetaMask/core/pull/8675)) + - The following actions are now available: + - `PermissionController:acceptPermissionsRequest`, + - `PermissionController:rejectPermissionsRequest`, + - `PermissionController:revokePermission`, + - `PermissionController:updatePermissionsByCaveat`, + - `PermissionController:getPermission` + - Corresponding action types are available as well. + ## [13.0.0] ### Added