[fix] #3210: Fix authority validation

Signed-off-by: Daniil Polyakov <arjentix@gmail.com>

cli/src/torii/routing.rs

@@ -67,7 +67,11 @@ impl VerifiedQueryRequest {
             )));
         }
         wsv.validators_view()
-            .validate(wsv, self.payload.query.clone())
+            .validate(
+                wsv,
+                self.payload.account_id.clone(),
+                self.payload.query.clone(),
+            )
             .map_err(|err| QueryError::Permission(err.to_string()))?;
         Ok((
             ValidQueryRequest::new(self.payload.query),

core/src/smartcontracts/isi/permissions.rs

@@ -74,26 +74,26 @@ fn check_permission_recursively(
 ///
 /// If given query is not permitted to execute
 pub fn check_query_permissions(
-    _account_id: &AccountId,
+    account_id: &AccountId,
     query: &QueryBox,
     wsv: &WorldStateView,
 ) -> std::result::Result<(), TransactionRejectionReason> {
     wsv.validators_view()
-        .validate(wsv, query.clone())
+        .validate(wsv, account_id.clone(), query.clone())
         .map_err(|error| NotPermittedFail {
             reason: error.to_string(),
         })
         .map_err(TransactionRejectionReason::NotPermitted)
 }
 
 fn check_permissions_directly(
-    _account_id: &AccountId,
+    account_id: &AccountId,
     instructions: &[Instruction],
     wsv: &WorldStateView,
 ) -> std::result::Result<(), TransactionRejectionReason> {
     for isi in instructions {
         wsv.validators_view()
-            .validate(wsv, isi.clone())
+            .validate(wsv, account_id.clone(), isi.clone())
             .map_err(|error| NotPermittedFail {
                 reason: error.to_string(),
             })

core/src/tx.rs

@@ -157,10 +157,11 @@ impl TransactionValidator {
             signatures,
         };
 
+        let account_id = signed_tx.payload.account_id.clone();
         debug!(?signed_tx, "Validating transaction");
         // Validating the transaction it-self
         wsv.validators_view()
-            .validate(wsv, signed_tx.clone())
+            .validate(wsv, account_id.clone(), signed_tx.clone())
             .map_err(|err| {
                 TransactionRejectionReason::NotPermitted(NotPermittedFail {
                     reason: err.to_string(),
@@ -171,11 +172,13 @@ impl TransactionValidator {
         // Validating the transaction instructions
         if let Executable::Instructions(instructions) = signed_tx.payload.instructions {
             for isi in instructions {
-                wsv.validators_view().validate(wsv, isi).map_err(|err| {
-                    TransactionRejectionReason::NotPermitted(NotPermittedFail {
-                        reason: err.to_string(),
-                    })
-                })?;
+                wsv.validators_view()
+                    .validate(wsv, account_id.clone(), isi)
+                    .map_err(|err| {
+                        TransactionRejectionReason::NotPermitted(NotPermittedFail {
+                            reason: err.to_string(),
+                        })
+                    })?;
             }
         }
 

core/src/validator.rs

@@ -7,6 +7,7 @@ use iroha_data_model::{
     permission::validator::{
         DenialReason, Id, NeedsPermission as _, NeedsPermissionBox, Type, Validator,
     },
+    prelude::Account,
     Identifiable,
 };
 use iroha_logger::trace;
@@ -174,6 +175,7 @@ impl Chain {
     pub fn validate(
         &self,
         wsv: &WorldStateView,
+        authority: <Account as Identifiable>::Id,
         operation: impl Into<NeedsPermissionBox>,
     ) -> Result<()> {
         let operation = operation.into();
@@ -195,8 +197,13 @@ impl Chain {
                 "Validator chain internal collections inconsistency error \
                  when validating an operation. This is a bug",
             );
-            let res =
-                Self::execute_validator(&runtime, loaded_validator.value(), wsv, operation.clone());
+            let res = Self::execute_validator(
+                &runtime,
+                loaded_validator.value(),
+                wsv,
+                authority.clone(),
+                operation.clone(),
+            );
             trace!(%validator_id, "Validator Executed");
             res?;
         }
@@ -213,13 +220,14 @@ impl Chain {
         runtime: &wasm::Runtime,
         loaded_validator: &LoadedValidator,
         wsv: &WorldStateView,
+        authority: <Account as Identifiable>::Id,
         operation: NeedsPermissionBox,
     ) -> Result<()> {
         let validator_id = &loaded_validator.id;
 
         let verdict = runtime.execute_permission_validator_module(
             wsv,
-            validator_id.account_id.clone(),
+            authority,
             &loaded_validator.module,
             operation.clone(),
         )?;
@@ -247,8 +255,9 @@ impl ChainView<'_> {
     pub fn validate(
         self,
         wsv: &WorldStateView,
+        authority: <Account as Identifiable>::Id,
         operation: impl Into<NeedsPermissionBox>,
     ) -> Result<()> {
-        self.chain.validate(wsv, operation)
+        self.chain.validate(wsv, authority, operation)
     }
 }