-
Notifications
You must be signed in to change notification settings - Fork 48
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: do not allow setting permissions for self #802
Conversation
Signed-off-by: Riccardo Montagnin <riccardo.montagnin@gmail.com>
Signed-off-by: Riccardo Montagnin <riccardo.montagnin@gmail.com>
Codecov Report
@@ Coverage Diff @@
## master #802 +/- ##
==========================================
+ Coverage 81.35% 81.41% +0.06%
==========================================
Files 78 78
Lines 6681 6688 +7
==========================================
+ Hits 5435 5445 +10
+ Misses 995 993 -2
+ Partials 251 250 -1
Continue to review full report at Codecov.
|
…rmissions Signed-off-by: Riccardo Montagnin <riccardo.montagnin@gmail.com>
…fix-permission-messages � Conflicts: � x/subspaces/keeper/msg_server.go � x/subspaces/keeper/msg_server_test.go
@RiccardoM I think that there are other problems. Case 1A user have the Case 2
Case 3
In all cases I don't see any checks that makes sure that only the subspace owner can give the |
@manu0466 Let me answer you case by case
This is the indented behavior. A subspace owner, which is the only initial user that can set permissions, should be very careful about giving out
Unfortunately there is nothing we can do here. We should respect the choice of the subspace owner in this case and just allow them to do whatever they want. They can always decide to be the only one to give out permissions if they prefer. We just give options: it's up to them to use this feature or not.
This is actually a bug. I think it's better to open an issue about this and make sure during the handling of
Actually, in order to add a user to a group you are required to have |
#805) ## Description This PR adds the check for `PermissionSetPermissions` when creating a new user group, as per #802 (comment). Special review required by @manu0466 to make sure we fixed the bug. --- ### Author Checklist *All items are required. Please add a note to the item if the item is not applicable and please add links to any relevant follow up issues.* I have... - [x] included the correct [type prefix](https://github.com/commitizen/conventional-commit-types/blob/v3.0.0/index.json) in the PR title - [ ] added `!` to the type prefix if API or client breaking change - [x] targeted the correct branch (see [PR Targeting](https://github.com/desmos-labs/desmos/blob/master/CONTRIBUTING.md#pr-targeting)) - [ ] provided a link to the relevant issue or specification - [ ] followed the guidelines for [building modules](https://docs.cosmos.network/v0.44/building-modules/intro.html) - [x] included the necessary unit and integration [tests](https://github.com/desmos-labs/desmos/blob/master/CONTRIBUTING.md#testing) - [x] added a changelog entry to `CHANGELOG.md` - [ ] included comments for [documenting Go code](https://blog.golang.org/godoc) - [ ] updated the relevant documentation or specification - [x] reviewed "Files changed" and left comments if necessary - [x] confirmed all CI checks have passed ### Reviewers Checklist *All items are required. Please add a note if the item is not applicable and please add your handle next to the items reviewed if you only reviewed selected items.* I have... - [ ] confirmed the correct [type prefix](https://github.com/commitizen/conventional-commit-types/blob/v3.0.0/index.json) in the PR title - [ ] confirmed `!` in the type prefix if API or client breaking change - [ ] confirmed all author checklist items have been addressed - [ ] reviewed state machine logic - [ ] reviewed API design and naming - [ ] reviewed documentation is accurate - [ ] reviewed tests and test coverage - [ ] manually tested (if applicable)
Description
This PR changes how
MsgSetUserPermissions
is validated and howMsgSetUserGroupPermissions
is handled to make sure a user cannot set their own permissions or the permissions of a group they are part of.Author Checklist
All items are required. Please add a note to the item if the item is not applicable and
please add links to any relevant follow up issues.
I have...
!
to the type prefix if API or client breaking changeCHANGELOG.md
Reviewers Checklist
All items are required. Please add a note if the item is not applicable and please add
your handle next to the items reviewed if you only reviewed selected items.
I have...
!
in the type prefix if API or client breaking change