feat: add validations for user invite permission

This validation makes sure only owners can invite other owners.
gnolang · Nov 27, 2024 · 2986a17 · 2986a17
1 parent ec0cab0
commit 2986a17
Show file tree

Hide file tree

Showing 6 changed files with 105 additions and 6 deletions.
diff --git a/examples/gno.land/r/demo/boards2/permission.gno b/examples/gno.land/r/demo/boards2/permission.gno
@@ -31,6 +31,9 @@ type (
 
 	// Permissioner define an interface to for permissioned execution.
 	Permissioner interface {
+		// HasRole checks if a user has a specific role assigned.
+		HasRole(std.Address, Role) bool
+
 		// HasPermission checks if a user has a specific permission.
 		HasPermission(std.Address, Permission) bool
 

diff --git a/examples/gno.land/r/demo/boards2/permission_default.gno b/examples/gno.land/r/demo/boards2/permission_default.gno
@@ -12,7 +12,7 @@ type (
 	// PermissionsHandlerFunc defines a function to handle permission callbacks.
 	// Handlers are called by the `WithPermission()` method to execute callbacks
 	// when users have the permission assigned.
-	PermissionsHandlerFunc func(Args, *admindao.AdminDAO, func(Args))
+	PermissionsHandlerFunc func(Permissioner, Args, func(Args))
 
 	// DefaultPermissions manages users, roles and permissions.
 	DefaultPermissions struct {
@@ -132,7 +132,7 @@ func (dp *DefaultPermissions) HandleFunc(p Permission, fn PermissionsHandlerFunc
 // WithPermission calls a callback when a user has a specific permission.
 // It panics on error or when a handler panics.
 // Callbacks are by default called when there is no handle registered for the permission.
-func (dp DefaultPermissions) WithPermission(user std.Address, perm Permission, args Args, cb func(Args)) {
+func (dp *DefaultPermissions) WithPermission(user std.Address, perm Permission, args Args, cb func(Args)) {
 	if !dp.HasPermission(user, perm) || !dp.dao.IsMember(user) {
 		panic("unauthorized")
 	}
@@ -144,7 +144,7 @@ func (dp DefaultPermissions) WithPermission(user std.Address, perm Permission, a
 	}
 
 	fn := h.(PermissionsHandlerFunc)
-	fn(args, dp.dao, cb)
+	fn(dp, args, cb)
 }
 
 func createDefaultPermissions() *DefaultPermissions {
@@ -156,13 +156,14 @@ func createDefaultPermissions() *DefaultPermissions {
 	perms := NewDefaultPermissions(
 		dao,
 		WithSuperRole(RoleOwner),
-		WithRole(RoleAdmin, PermissionBoardCreate),
+		WithRole(RoleAdmin, PermissionBoardCreate, PermissionMemberInvite),
 		// TODO: Finish assigning all roles and permissions
 		// WithRole(RoleModerator, permissions...),
 		WithUser(owner, RoleOwner),
 	)
 
 	perms.HandleFunc(PermissionBoardCreate, handleBoardCreate)
+	perms.HandleFunc(PermissionMemberInvite, handleMemberInvite)
 
 	return perms
 }
diff --git a/examples/gno.land/r/demo/boards2/permission_handlers.gno b/examples/gno.land/r/demo/boards2/permission_handlers.gno
@@ -3,11 +3,10 @@ package boards2
 import (
 	"std"
 
-	"gno.land/p/demo/boards2/admindao"
 	"gno.land/r/demo/users"
 )
 
-func handleBoardCreate(args Args, _ *admindao.AdminDAO, cb func(Args)) {
+func handleBoardCreate(_ Permissioner, args Args, cb func(Args)) {
 	// TODO: This way of dealing with arguments is delicate, ideally types should be used
 	name := args[0].(string)
 	if std.Address(name).IsValid() {
@@ -24,3 +23,16 @@ func handleBoardCreate(args Args, _ *admindao.AdminDAO, cb func(Args)) {
 
 	cb(args)
 }
+
+func handleMemberInvite(p Permissioner, args Args, cb func(Args)) {
+	// Make sure that only owners invite other owners
+	role := args[1].(Role)
+	if role == RoleOwner {
+		caller := std.GetOrigCaller()
+		if !p.HasRole(caller, RoleOwner) {
+			panic("only owners are allowed to invite other owners")
+		}
+	}
+
+	cb(args)
+}
diff --git a/examples/gno.land/r/demo/boards2/z_1_a_filetest.gno b/examples/gno.land/r/demo/boards2/z_1_a_filetest.gno
@@ -0,0 +1,24 @@
+package main
+
+import (
+	"std"
+
+	"gno.land/r/demo/boards2"
+)
+
+const (
+	owner = std.Address("g1jg8mtutu9khhfwc4nxmuhcpftf0pajdhfvsqf5") // @test1
+	admin = std.Address("g1us8428u2a5satrlxzagqqa5m6vmuze025anjlj") // @test2
+)
+
+func init() {
+	std.TestSetOrigCaller(owner)
+}
+
+func main() {
+	boards2.InviteMember(admin, boards2.RoleAdmin)
+	println("ok")
+}
+
+// Output:
+// ok
diff --git a/examples/gno.land/r/demo/boards2/z_1_b_filetest.gno b/examples/gno.land/r/demo/boards2/z_1_b_filetest.gno
@@ -0,0 +1,29 @@
+package main
+
+import (
+	"std"
+
+	"gno.land/r/demo/boards2"
+)
+
+const (
+	owner = std.Address("g1jg8mtutu9khhfwc4nxmuhcpftf0pajdhfvsqf5") // @test1
+	admin = std.Address("g1us8428u2a5satrlxzagqqa5m6vmuze025anjlj") // @test2
+	user  = std.Address("g1w4ek2u33ta047h6lta047h6lta047h6ldvdwpn")
+)
+
+func init() {
+	// Add an admin user
+	std.TestSetOrigCaller(owner)
+	boards2.InviteMember(admin, boards2.RoleAdmin)
+
+	// Next call will be done by the admin user
+	std.TestSetOrigCaller(admin)
+}
+
+func main() {
+	boards2.InviteMember(user, boards2.RoleOwner)
+}
+
+// Error:
+// only owners are allowed to invite other owners
diff --git a/examples/gno.land/r/demo/boards2/z_1_c_filetest.gno b/examples/gno.land/r/demo/boards2/z_1_c_filetest.gno
@@ -0,0 +1,30 @@
+package main
+
+import (
+	"std"
+
+	"gno.land/r/demo/boards2"
+)
+
+const (
+	owner = std.Address("g1jg8mtutu9khhfwc4nxmuhcpftf0pajdhfvsqf5") // @test1
+	admin = std.Address("g1us8428u2a5satrlxzagqqa5m6vmuze025anjlj") // @test2
+	user  = std.Address("g1w4ek2u33ta047h6lta047h6lta047h6ldvdwpn")
+)
+
+func init() {
+	// Add an admin user
+	std.TestSetOrigCaller(owner)
+	boards2.InviteMember(admin, boards2.RoleAdmin)
+
+	// Next call will be done by the admin user
+	std.TestSetOrigCaller(admin)
+}
+
+func main() {
+	boards2.InviteMember(user, boards2.RoleAdmin)
+	println("ok")
+}
+
+// Output:
+// ok