Limit operation types per linkage #208
Description
Is your feature request related to a problem? Please describe.
A linked application has the ability to send me a prompt for all operation types.
Describe the solution you'd like
A linked application can declare its minimum required operations during linking process, revealing its permission scope to the user.
A linked application cannot submit operation prompts outwith its declared operation scope.
If the 3rd party app updates, then they either need to relink with a new op permission prompt acknowledgement step, or they'd need to instruct the user to remove the link & then link from scratch.
Ideally in beet-js the link attempt would simply include {operations: [0,1,2,3...]} for specific ops, or {operations: []} for all operations.
This permission data would need to be included in the linked accounts section of the settings.
Describe alternatives you've considered
Implementation of BSIP-040 - Custom active permissions in core BTS code to limit Bitshares operations in Beet by limiting the scope of the account added to Beet. Ideally both could be explored.
Additional context
If I'm interacting with a trading app I don't want to allow the possibility of being prompted with an out of scope operation, I only want to allow prompts relating to the trading functions it advertises itself as offering.
IRL comparison of android/ios alerting you to the permissions requested by apps, even allowing the user to optionally disable permissions to the detriment of the app's functionality.
3rd party apps being targeted with XSS could be forced to attempt operation prompts; by limiting the scope of operations a malicious actor would be forced to operate within the confines of permitted operations rather than escalate to a more destructive operation.