Writing programs for the MagicBlock TEE is similar to writing a standard Solana program, with the addition of a Permission Program used to manage privacy controls.
Create a Permission Group: Perform a CPI into the Permission Program to create a group. You can define any number of groups, each with distinct members and permissions.
Create Permissions: Add permissions to the created group. Currently, a permission implies read access, with potential future distinction between read/write.
Access: Clients authenticate their identity to access permissioned ER state. If successful, an access token is issued and used for queries.
Group-based abstractions allow modifying permissions for sets of users in a single transaction. The permissioning state is maintained on Solana L1.
Copy
Ask AI
use magicblock_permission_client::instructions::{ CreateGroupCpiBuilder, CreatePermissionCpiBuilder,};pub fn create_permission(ctx: Context<CreatePermission>, id: Pubkey) -> Result<()> { let CreatePermission { payer, permission, permission_program, group, deposit, user, system_program, } = ctx.accounts; // [1] Create a Permission Group CreateGroupCpiBuilder::new(&permission_program) .group(&group) .id(id) .members(vec![user.key()]) .payer(&payer) .system_program(system_program) .invoke()?; // [2] Create Permissions CreatePermissionCpiBuilder::new(&permission_program) .permission(&permission) .delegated_account(&deposit.to_account_info()) .group(&group) .payer(&payer) .system_program(system_program) .invoke_signed(&[&[ DEPOSIT_PDA_SEED, user.key().as_ref(), deposit.token_mint.as_ref(), &[ctx.bumps.deposit], ]] )?; Ok(())}#[derive(Accounts)]pub struct CreatePermission<'info> { #[account(mut)] pub payer: Signer<'info>, /// CHECK: Anyone can create the permission pub user: UncheckedAccount<'info>, #[account( seeds = [DEPOSIT_PDA_SEED, user.key().as_ref(), deposit.token_mint.as_ref()], bump )] pub deposit: Account<'info, Deposit>, /// CHECK: Checked by the permission program #[account(mut)] pub permission: UncheckedAccount<'info>, /// CHECK: Checked by the permission program #[account(mut)] pub group: UncheckedAccount<'info>, /// CHECK: Checked by the permission program pub permission_program: UncheckedAccount<'info>, pub system_program: Program<'info, System>,}