diff --git a/e2e/tests/permission_test.go b/e2e/tests/permission_test.go index 73d922596..ef62c1f62 100644 --- a/e2e/tests/permission_test.go +++ b/e2e/tests/permission_test.go @@ -675,7 +675,7 @@ func (s *StorageTestSuite) TestGrantsPermissionToGroup() { Actions: []types.ActionType{types.ACTION_UPDATE_BUCKET_INFO, types.ACTION_DELETE_BUCKET}, Effect: types.EFFECT_ALLOW, } - principal := types.NewPrincipalWithGroup(headGroupResponse.GroupInfo.Id) + principal := types.NewPrincipalWithGroupInfo(user[0].GetAddr(), headGroupResponse.GroupInfo.GroupName) msgPutPolicy := storagetypes.NewMsgPutPolicy(user[0].GetAddr(), types2.NewBucketGRN(bucketName).String(), principal, []*types.Statement{statement}, nil) s.SendTxBlock(user[0], msgPutPolicy) @@ -1103,7 +1103,7 @@ func (s *StorageTestSuite) TestStalePermissionForGroupGC() { s.Require().True(owner.GetAddr().Equals(sdk.MustAccAddressFromHex(headGroupResponse.GroupInfo.Owner))) s.T().Logf("GroupInfo: %s", headGroupResponse.GetGroupInfo().String()) - principal := types.NewPrincipalWithGroup(headGroupResponse.GroupInfo.Id) + principal := types.NewPrincipalWithGroupId(headGroupResponse.GroupInfo.Id) // Put bucket policy for group bucketStatement := &types.Statement{ Actions: []types.ActionType{types.ACTION_DELETE_BUCKET}, diff --git a/x/permission/types/common.go b/x/permission/types/common.go index 858bff40d..0d578e256 100644 --- a/x/permission/types/common.go +++ b/x/permission/types/common.go @@ -1,6 +1,8 @@ package types import ( + "github.com/bnb-chain/greenfield/types" + sdkmath "cosmossdk.io/math" sdk "github.com/cosmos/cosmos-sdk/types" ) @@ -12,13 +14,20 @@ func NewPrincipalWithAccount(addr sdk.AccAddress) *Principal { } } -func NewPrincipalWithGroup(groupID sdkmath.Uint) *Principal { +func NewPrincipalWithGroupId(groupID sdkmath.Uint) *Principal { return &Principal{ Type: PRINCIPAL_TYPE_GNFD_GROUP, Value: groupID.String(), } } +func NewPrincipalWithGroupInfo(groupOwner sdk.AccAddress, groupName string) *Principal { + return &Principal{ + Type: PRINCIPAL_TYPE_GNFD_GROUP, + Value: types.NewGroupGRN(groupOwner, groupName).String(), + } +} + func (p *Principal) ValidateBasic() error { switch p.Type { case PRINCIPAL_TYPE_UNSPECIFIED: @@ -29,13 +38,7 @@ func (p *Principal) ValidateBasic() error { return ErrInvalidPrincipal.Wrapf("Invalid account, principal: %s, err: %s", p.String(), err) } case PRINCIPAL_TYPE_GNFD_GROUP: - groupID, err := sdkmath.ParseUint(p.Value) - if err != nil { - return ErrInvalidPrincipal.Wrapf("Invalid groupID, principal: %s, err: %s", p.String(), err) - } - if groupID.Equal(sdkmath.ZeroUint()) { - return ErrInvalidPrincipal.Wrapf("Zero groupID, principal %s", p.String()) - } + return nil default: return ErrInvalidPrincipal.Wrapf("Unknown principal type.") } diff --git a/x/storage/keeper/permission.go b/x/storage/keeper/permission.go index a5fb02f4e..2ff0c2271 100644 --- a/x/storage/keeper/permission.go +++ b/x/storage/keeper/permission.go @@ -236,7 +236,7 @@ func (k Keeper) PutPolicy(ctx sdk.Context, operator sdk.AccAddress, grn types2.G "Only resource owner can put bucket policy, operator (%s), owner(%s)", operator.String(), resOwner.String()) } - + k.normalizePrincipal(ctx, policy.Principal) err := k.validatePrincipal(ctx, resOwner, policy.Principal) if err != nil { return math.ZeroUint(), err @@ -297,6 +297,26 @@ func (k Keeper) DeletePolicy(ctx sdk.Context, operator sdk.AccAddress, principal return k.permKeeper.DeletePolicy(ctx, principal, grn.ResourceType(), resID) } +func (k Keeper) normalizePrincipal(ctx sdk.Context, principal *permtypes.Principal) { + if principal.Type == permtypes.PRINCIPAL_TYPE_GNFD_GROUP { + if _, err := math.ParseUint(principal.Value); err == nil { + return + } + var grn types2.GRN + if err := grn.ParseFromString(principal.Value, false); err != nil { + return + } + groupOwner, groupName, err := grn.GetGroupOwnerAndAccount() + if err != nil { + return + } + + if groupInfo, found := k.GetGroupInfo(ctx, groupOwner, groupName); found { + principal.Value = groupInfo.Id.String() + } + } +} + func (k Keeper) validatePrincipal(ctx sdk.Context, resOwner sdk.AccAddress, principal *permtypes.Principal) error { if principal.Type == permtypes.PRINCIPAL_TYPE_GNFD_ACCOUNT { principalAccAddress, err := principal.GetAccountAddress() diff --git a/x/storage/keeper/query.go b/x/storage/keeper/query.go index 7d55434f9..caa142279 100644 --- a/x/storage/keeper/query.go +++ b/x/storage/keeper/query.go @@ -285,7 +285,7 @@ func (k Keeper) QueryPolicyForGroup(goCtx context.Context, req *types.QueryPolic } policy, err := k.GetPolicy( - ctx, &grn, permtypes.NewPrincipalWithGroup(id), + ctx, &grn, permtypes.NewPrincipalWithGroupId(id), ) if err != nil { return nil, err