func (r *memRoom) verifyManager(ctx scope.Context, actor proto.Account, actorKey *security.ManagedKey) ( *security.PublicKeyCapability, error) { // Verify that actorKey unlocks actor's keypair. In a real implementation, // we would take an additional step of verifying against a capability. kp := actor.KeyPair() if err := kp.Decrypt(actorKey); err != nil { return nil, err } // Verify actor is a manager. c, err := r.ManagerCapability(ctx, actor) if err != nil { if err == proto.ErrManagerNotFound { return nil, proto.ErrAccessDenied } return nil, err } return c.(*security.PublicKeyCapability), nil }