Skip to content

Commit

Permalink
feat: add support of group name in policy (#301)
Browse files Browse the repository at this point in the history
  • Loading branch information
unclezoro committed Jun 28, 2023
1 parent 3b0a931 commit c383768
Show file tree
Hide file tree
Showing 4 changed files with 35 additions and 12 deletions.
4 changes: 2 additions & 2 deletions e2e/tests/permission_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -675,7 +675,7 @@ func (s *StorageTestSuite) TestGrantsPermissionToGroup() {
Actions: []types.ActionType{types.ACTION_UPDATE_BUCKET_INFO, types.ACTION_DELETE_BUCKET},
Effect: types.EFFECT_ALLOW,
}
principal := types.NewPrincipalWithGroup(headGroupResponse.GroupInfo.Id)
principal := types.NewPrincipalWithGroupInfo(user[0].GetAddr(), headGroupResponse.GroupInfo.GroupName)
msgPutPolicy := storagetypes.NewMsgPutPolicy(user[0].GetAddr(), types2.NewBucketGRN(bucketName).String(),
principal, []*types.Statement{statement}, nil)
s.SendTxBlock(user[0], msgPutPolicy)
Expand Down Expand Up @@ -1103,7 +1103,7 @@ func (s *StorageTestSuite) TestStalePermissionForGroupGC() {
s.Require().True(owner.GetAddr().Equals(sdk.MustAccAddressFromHex(headGroupResponse.GroupInfo.Owner)))
s.T().Logf("GroupInfo: %s", headGroupResponse.GetGroupInfo().String())

principal := types.NewPrincipalWithGroup(headGroupResponse.GroupInfo.Id)
principal := types.NewPrincipalWithGroupId(headGroupResponse.GroupInfo.Id)
// Put bucket policy for group
bucketStatement := &types.Statement{
Actions: []types.ActionType{types.ACTION_DELETE_BUCKET},
Expand Down
19 changes: 11 additions & 8 deletions x/permission/types/common.go
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
package types

import (
"github.com/bnb-chain/greenfield/types"

sdkmath "cosmossdk.io/math"
sdk "github.com/cosmos/cosmos-sdk/types"
)
Expand All @@ -12,13 +14,20 @@ func NewPrincipalWithAccount(addr sdk.AccAddress) *Principal {
}
}

func NewPrincipalWithGroup(groupID sdkmath.Uint) *Principal {
func NewPrincipalWithGroupId(groupID sdkmath.Uint) *Principal {
return &Principal{
Type: PRINCIPAL_TYPE_GNFD_GROUP,
Value: groupID.String(),
}
}

func NewPrincipalWithGroupInfo(groupOwner sdk.AccAddress, groupName string) *Principal {
return &Principal{
Type: PRINCIPAL_TYPE_GNFD_GROUP,
Value: types.NewGroupGRN(groupOwner, groupName).String(),
}
}

func (p *Principal) ValidateBasic() error {
switch p.Type {
case PRINCIPAL_TYPE_UNSPECIFIED:
Expand All @@ -29,13 +38,7 @@ func (p *Principal) ValidateBasic() error {
return ErrInvalidPrincipal.Wrapf("Invalid account, principal: %s, err: %s", p.String(), err)
}
case PRINCIPAL_TYPE_GNFD_GROUP:
groupID, err := sdkmath.ParseUint(p.Value)
if err != nil {
return ErrInvalidPrincipal.Wrapf("Invalid groupID, principal: %s, err: %s", p.String(), err)
}
if groupID.Equal(sdkmath.ZeroUint()) {
return ErrInvalidPrincipal.Wrapf("Zero groupID, principal %s", p.String())
}
return nil
default:
return ErrInvalidPrincipal.Wrapf("Unknown principal type.")
}
Expand Down
22 changes: 21 additions & 1 deletion x/storage/keeper/permission.go
Original file line number Diff line number Diff line change
Expand Up @@ -236,7 +236,7 @@ func (k Keeper) PutPolicy(ctx sdk.Context, operator sdk.AccAddress, grn types2.G
"Only resource owner can put bucket policy, operator (%s), owner(%s)",
operator.String(), resOwner.String())
}

k.normalizePrincipal(ctx, policy.Principal)
err := k.validatePrincipal(ctx, resOwner, policy.Principal)
if err != nil {
return math.ZeroUint(), err
Expand Down Expand Up @@ -297,6 +297,26 @@ func (k Keeper) DeletePolicy(ctx sdk.Context, operator sdk.AccAddress, principal
return k.permKeeper.DeletePolicy(ctx, principal, grn.ResourceType(), resID)
}

func (k Keeper) normalizePrincipal(ctx sdk.Context, principal *permtypes.Principal) {
if principal.Type == permtypes.PRINCIPAL_TYPE_GNFD_GROUP {
if _, err := math.ParseUint(principal.Value); err == nil {
return
}
var grn types2.GRN
if err := grn.ParseFromString(principal.Value, false); err != nil {
return
}
groupOwner, groupName, err := grn.GetGroupOwnerAndAccount()
if err != nil {
return
}

if groupInfo, found := k.GetGroupInfo(ctx, groupOwner, groupName); found {
principal.Value = groupInfo.Id.String()
}
}
}

func (k Keeper) validatePrincipal(ctx sdk.Context, resOwner sdk.AccAddress, principal *permtypes.Principal) error {
if principal.Type == permtypes.PRINCIPAL_TYPE_GNFD_ACCOUNT {
principalAccAddress, err := principal.GetAccountAddress()
Expand Down
2 changes: 1 addition & 1 deletion x/storage/keeper/query.go
Original file line number Diff line number Diff line change
Expand Up @@ -285,7 +285,7 @@ func (k Keeper) QueryPolicyForGroup(goCtx context.Context, req *types.QueryPolic
}

policy, err := k.GetPolicy(
ctx, &grn, permtypes.NewPrincipalWithGroup(id),
ctx, &grn, permtypes.NewPrincipalWithGroupId(id),
)
if err != nil {
return nil, err
Expand Down

0 comments on commit c383768

Please sign in to comment.