Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: do not allow setting permissions for self #802

Merged
merged 5 commits into from
Apr 5, 2022

Conversation

RiccardoM
Copy link
Contributor

@RiccardoM RiccardoM commented Apr 1, 2022

Description

This PR changes how MsgSetUserPermissions is validated and how MsgSetUserGroupPermissions is handled to make sure a user cannot set their own permissions or the permissions of a group they are part of.


Author Checklist

All items are required. Please add a note to the item if the item is not applicable and
please add links to any relevant follow up issues.

I have...

  • included the correct type prefix in the PR title
  • added ! to the type prefix if API or client breaking change
  • targeted the correct branch (see PR Targeting)
  • provided a link to the relevant issue or specification
  • followed the guidelines for building modules
  • included the necessary unit and integration tests
  • added a changelog entry to CHANGELOG.md
  • included comments for documenting Go code
  • updated the relevant documentation or specification
  • reviewed "Files changed" and left comments if necessary
  • confirmed all CI checks have passed

Reviewers Checklist

All items are required. Please add a note if the item is not applicable and please add
your handle next to the items reviewed if you only reviewed selected items.

I have...

  • confirmed the correct type prefix in the PR title
  • confirmed ! in the type prefix if API or client breaking change
  • confirmed all author checklist items have been addressed
  • reviewed state machine logic
  • reviewed API design and naming
  • reviewed documentation is accurate
  • reviewed tests and test coverage
  • manually tested (if applicable)

Signed-off-by: Riccardo Montagnin <riccardo.montagnin@gmail.com>
@RiccardoM RiccardoM requested review from manu0466 and leobragaz April 1, 2022 09:29
@github-actions github-actions bot added the x/subspaces Issue on the x/subspaces module label Apr 1, 2022
Signed-off-by: Riccardo Montagnin <riccardo.montagnin@gmail.com>
@RiccardoM RiccardoM requested a review from dadamu April 1, 2022 09:30
@codecov
Copy link

codecov bot commented Apr 1, 2022

Codecov Report

Merging #802 (52fcdc3) into master (3edee0a) will increase coverage by 0.06%.
The diff coverage is 100.00%.

@@            Coverage Diff             @@
##           master     #802      +/-   ##
==========================================
+ Coverage   81.35%   81.41%   +0.06%     
==========================================
  Files          78       78              
  Lines        6681     6688       +7     
==========================================
+ Hits         5435     5445      +10     
+ Misses        995      993       -2     
+ Partials      251      250       -1     
Impacted Files Coverage Δ
x/subspaces/keeper/msg_server.go 85.56% <100.00%> (+0.15%) ⬆️
x/subspaces/types/msgs.go 98.52% <100.00%> (+1.13%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 3edee0a...52fcdc3. Read the comment docs.

x/subspaces/keeper/msg_server.go Outdated Show resolved Hide resolved
…rmissions

Signed-off-by: Riccardo Montagnin <riccardo.montagnin@gmail.com>
@RiccardoM RiccardoM requested a review from manu0466 April 4, 2022 11:39
…fix-permission-messages

� Conflicts:
�	x/subspaces/keeper/msg_server.go
�	x/subspaces/keeper/msg_server_test.go
@manu0466
Copy link

manu0466 commented Apr 4, 2022

@RiccardoM I think that there are other problems.
From spec a user can't give to other users the PermissionSetPermissions, this can be baypassed in this 3 cases:

Case 1

A user have the PermissionSetPermissions the he can just call SetUserPermissions and give to another user the PermissionSetPermissions

Case 2

  • User UA have the PermissionManageGroups, then he create a new group with the defaultPermissions = PermissionSetPermissions
  • Then he can add himelf to the group inheriting the PermissionSetPermissions

Case 3

  • User UA sets default permissions of group GA to something that have PermissionSetPermissions, UA is not meber of the group.
  • Then let's assume that UA have also the permissions PermissionManageGroups then he can add other users to the group giving them the PermissionSetPermission since all the members inherit the group permissions.

In all cases I don't see any checks that makes sure that only the subspace owner can give the SetUserPermissions in SetUserPermissions, CreateUserGroup, EditUserGroup.

@RiccardoM
Copy link
Contributor Author

@manu0466 Let me answer you case by case

Case 1

A user have the PermissionSetPermissions the he can just call SetUserPermissions and give to another user the PermissionSetPermissions

This is the indented behavior. A subspace owner, which is the only initial user that can set permissions, should be very careful about giving out PermissionSetPermissions because the following might happen:

  1. Alice gives PermissionSetPermissions to Bob
  2. Bob created a new account, named Carl
  3. Bob gives PermissionSetPermissions to another user

Unfortunately there is nothing we can do here. We should respect the choice of the subspace owner in this case and just allow them to do whatever they want. They can always decide to be the only one to give out permissions if they prefer. We just give options: it's up to them to use this feature or not.

Case 2

  • User UA have the PermissionManageGroups, then he create a new group with the defaultPermissions = PermissionSetPermissions
  • Then he can add himelf to the group inheriting the PermissionSetPermissions

This is actually a bug. I think it's better to open an issue about this and make sure during the handling of MsgCreateUserGroup that if DefaultPermissions contains PermissionSetPermissions, then the group owner must also have PermissionSetPermissions to avoid any trouble.

Case 3

  • User UA sets default permissions of group GA to something that have PermissionSetPermissions, UA is not meber of the group.
  • Then let's assume that UA have also the permissions PermissionManageGroups then he can add other users to the group giving them the PermissionSetPermission since all the members inherit the group permissions.

Actually, in order to add a user to a group you are required to have PermissionSetPermissions, not PermissionManageGroups. The latter is only checked when creating a group or editing an existing group. Also, editing user groups does not allow to set a new permission for the group itself. Groups permissions are only handled though MsgSetUserGroupPermissions which require PermissionSetPermissions.

@RiccardoM RiccardoM added the automerge Automatically merge PR once all prerequisites pass label Apr 5, 2022
@mergify mergify bot merged commit 6fc41e0 into master Apr 5, 2022
@mergify mergify bot deleted the riccardo/fix-permission-messages branch April 5, 2022 10:46
mergify bot pushed a commit that referenced this pull request Apr 5, 2022
#805)

## Description
This PR adds the check for `PermissionSetPermissions` when creating a new user group, as per #802 (comment).

Special review required by @manu0466 to make sure we fixed the bug.

---

### Author Checklist

*All items are required. Please add a note to the item if the item is not applicable and
please add links to any relevant follow up issues.*

I have...

- [x] included the correct [type prefix](https://github.com/commitizen/conventional-commit-types/blob/v3.0.0/index.json) in the PR title
- [ ] added `!` to the type prefix if API or client breaking change
- [x] targeted the correct branch (see [PR Targeting](https://github.com/desmos-labs/desmos/blob/master/CONTRIBUTING.md#pr-targeting))
- [ ] provided a link to the relevant issue or specification
- [ ] followed the guidelines for [building modules](https://docs.cosmos.network/v0.44/building-modules/intro.html)
- [x] included the necessary unit and integration [tests](https://github.com/desmos-labs/desmos/blob/master/CONTRIBUTING.md#testing)
- [x] added a changelog entry to `CHANGELOG.md`
- [ ] included comments for [documenting Go code](https://blog.golang.org/godoc)
- [ ] updated the relevant documentation or specification
- [x] reviewed "Files changed" and left comments if necessary
- [x] confirmed all CI checks have passed

### Reviewers Checklist

*All items are required. Please add a note if the item is not applicable and please add
your handle next to the items reviewed if you only reviewed selected items.*

I have...

- [ ] confirmed the correct [type prefix](https://github.com/commitizen/conventional-commit-types/blob/v3.0.0/index.json) in the PR title
- [ ] confirmed `!` in the type prefix if API or client breaking change
- [ ] confirmed all author checklist items have been addressed
- [ ] reviewed state machine logic
- [ ] reviewed API design and naming
- [ ] reviewed documentation is accurate
- [ ] reviewed tests and test coverage
- [ ] manually tested (if applicable)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
automerge Automatically merge PR once all prerequisites pass x/subspaces Issue on the x/subspaces module
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants