forked from hyperledger-iroha/iroha
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[feature] hyperledger-iroha#3200: Add
asset/set_key_value validator
Signed-off-by: Daniil Polyakov <arjentix@gmail.com>
- Loading branch information
Showing
3 changed files
with
70 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
13 changes: 13 additions & 0 deletions
13
permission_validators/runtime/asset/set_key_value/Cargo.toml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,13 @@ | ||
| [package] | ||
| name = "iroha_asset_set_key_value_validator" | ||
| version.workspace = true | ||
| authors.workspace = true | ||
| edition.workspace = true | ||
|
|
||
| # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html | ||
|
|
||
| [lib] | ||
| crate-type = ['rlib'] | ||
|
|
||
| [dependencies] | ||
| iroha_wasm.workspace = true |
56 changes: 56 additions & 0 deletions
56
permission_validators/runtime/asset/set_key_value/src/lib.rs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,56 @@ | ||
| //! Validator that checks [`SetKeyValue`] instruction | ||
| //! related to assets and respective [`Grant`] and [`Revoke`] instructions. | ||
|
|
||
| #![no_std] | ||
| #![no_main] | ||
|
|
||
| extern crate alloc; | ||
|
|
||
| use iroha_wasm::validator::{pass_conditions, prelude::*}; | ||
|
|
||
| /// Strongly-typed representation of `can_set_key_value_in_user_asset` permission token. | ||
| #[derive(Token, Validate, pass_conditions::derive_conversions::asset::Owner)] | ||
| #[validate(pass_conditions::asset::Owner)] | ||
| pub struct CanSetKeyValueInUserAsset { | ||
| asset_id: <Asset as Identifiable>::Id, | ||
| } | ||
|
|
||
| /// Validate [`SetKeyValue`] instruction as well as [`Grant`] and [`Revoke`] instructions for | ||
| /// [`can_set_key_value_in_user_asset`] permission tokens. | ||
| /// | ||
| /// # [`SetKeyValue`] | ||
| /// | ||
| /// ## Pass | ||
| /// | ||
| /// - [`SetKeyValue`] `object_id` is not an [`AssetId`]; | ||
| /// - `authority` is an asset owner; | ||
| /// - `authority` has a corresponding [`can_set_key_value_in_user_asset`] permission token. | ||
| /// | ||
| /// ## Deny | ||
| /// | ||
| /// If none of the `Pass` conditions are met. | ||
| /// | ||
| /// # [`Grant`] and [`Revoke`] | ||
| /// | ||
| /// For more details about [`Grant`] and [`Revoke`] instructions validation, | ||
| /// see [`can_set_key_value_in_user_asset`]. | ||
| /// | ||
| /// [`can_set_key_value_in_user_asset`]: CanSetKeyValueInUserAsset | ||
| pub fn validate(authority: <Account as Identifiable>::Id, instruction: Instruction) -> Verdict { | ||
| validate_grant_revoke!(<CanSetKeyValueInUserAsset>, (authority, instruction)); | ||
|
|
||
| let Instruction::SetKeyValue(set_key_value) = instruction else { | ||
| pass!(); | ||
| }; | ||
|
|
||
| let IdBox::AssetId(asset_id) = set_key_value.object_id | ||
| .evaluate_on_host() | ||
| .dbg_expect("Failed to evaluate `SetKeyValue` object id") else { | ||
| pass!(); | ||
| }; | ||
|
|
||
| pass_if!(asset_id.account_id == authority); | ||
| pass_if!(CanSetKeyValueInUserAsset { asset_id }.is_owned_by(&authority)); | ||
|
|
||
| deny!("Can't set value to the asset metadata of another account") | ||
| } |