Skip to content
145 changes: 119 additions & 26 deletions runtimes/peregrine/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -753,11 +753,19 @@ impl pallet_randomness_collective_flip::Config for Runtime {}
Copy, Clone, Eq, PartialEq, Ord, PartialOrd, Encode, Decode, RuntimeDebug, MaxEncodedLen, scale_info::TypeInfo,
)]
pub enum ProxyType {
/// Allow for any call.
Any,
/// Allow for calls that do not move tokens out of the caller's account.
NonTransfer,
/// Allow for governance-related calls.
Governance,
/// Allow for staking-related calls.
ParachainStaking,
/// Allow for calls that cancel proxy information.
CancelProxy,
/// Allow for calls that do not result in a deposit being claimed (e.g., for
/// attestations, delegations, or DIDs).
NonDepositClaiming,
}

impl Default for ProxyType {
Expand All @@ -772,47 +780,132 @@ impl InstanceFilter<Call> for ProxyType {
ProxyType::Any => true,
ProxyType::NonTransfer => matches!(
c,
Call::System(..) |
Comment thread
ntn-x2 marked this conversation as resolved.
Call::Scheduler(..) |
Call::Timestamp(..) |
Call::Indices(pallet_indices::Call::claim{..}) |
Call::Indices(pallet_indices::Call::free{..}) |
Call::Indices(pallet_indices::Call::freeze{..}) |
// Specifically omitting Indices `transfer`, `force_transfer`
// Specifically omitting the entire Balances pallet
Call::Authorship(..) |
Call::Session(..) |
Call::Democracy(..) |
Call::Council(..) |
Call::TechnicalCommittee(..) |
Call::TechnicalMembership(..) |
Call::Treasury(..) |
Call::Vesting(pallet_vesting::Call::vest{..}) |
Call::Vesting(pallet_vesting::Call::vest_other{..}) |
// Specifically omitting Vesting `vested_transfer`, and `force_vested_transfer`
Call::Utility(..) |
Call::ParachainStaking(..)
Call::Attestation(..)
| Call::Authorship(..)
// Excludes `Balances`
| Call::Council(..) | Call::Ctype(..)
| Call::Delegation(..)
| Call::Democracy(..)
| Call::Did(..)
| Call::DidLookup(..)
| Call::Indices(
// Excludes `force_transfer`, and `transfer`
pallet_indices::Call::claim { .. }
| pallet_indices::Call::free { .. }
| pallet_indices::Call::freeze { .. }
)
// Excludes `KiltLaunch`
| Call::ParachainStaking(..)
// Excludes `ParachainSystem`
| Call::Preimage(..)
| Call::Proxy(..)
| Call::Scheduler(..)
| Call::Session(..)
// Excludes `Sudo`
| Call::System(..)
| Call::TechnicalCommittee(..)
| Call::TechnicalMembership(..)
| Call::Timestamp(..)
| Call::Treasury(..)
| Call::Utility(..)
| Call::Vesting(
// Excludes `force_vested_transfer`, `merge_schedules`, and `vested_transfer`
pallet_vesting::Call::vest { .. }
| pallet_vesting::Call::vest_other { .. }
)
| Call::Web3Names(..),
),
ProxyType::NonDepositClaiming => matches!(
c,
Call::Attestation(
// Excludes `reclaim_deposit`
attestation::Call::add { .. }
| attestation::Call::remove { .. }
| attestation::Call::revoke { .. }
)
| Call::Authorship(..)
// Excludes `Balances`

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we really want to exclude Balances here?

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is true that most calls require sudo origin, but technically by calling the balances pallet you could interact with deposits, no? Should we allow some balance calls in this proxy? Or the whole thing? What do you think?

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would say we should not exclude balance transfers here. All calls should be allowed.

| Call::Council(..) | Call::Ctype(..)
| Call::Delegation(
// Excludes `reclaim_deposit`
delegation::Call::add_delegation { .. }
| delegation::Call::create_hierarchy { .. }
| delegation::Call::remove_delegation { .. }
| delegation::Call::revoke_delegation { .. }
)
| Call::Democracy(..)
| Call::Did(
// Excludes `reclaim_deposit`
did::Call::add_key_agreement_key { .. }
| did::Call::add_service_endpoint { .. }
| did::Call::create { .. }
| did::Call::delete { .. }
| did::Call::remove_attestation_key { .. }
| did::Call::remove_delegation_key { .. }
| did::Call::remove_key_agreement_key { .. }
| did::Call::remove_service_endpoint { .. }
| did::Call::set_attestation_key { .. }
| did::Call::set_authentication_key { .. }
| did::Call::set_delegation_key { .. }
| did::Call::submit_did_call { .. }
)
| Call::DidLookup(
// Excludes `reclaim_deposit`
pallet_did_lookup::Call::associate_account { .. }
| pallet_did_lookup::Call::associate_sender { .. }
| pallet_did_lookup::Call::remove_account_association { .. }
| pallet_did_lookup::Call::remove_sender_association { .. }
)
| Call::Indices(..)
// Excludes `KiltLaunch`
| Call::ParachainStaking(..)
// Excludes `ParachainSystem`
| Call::Preimage(..)
| Call::Proxy(..)
| Call::Scheduler(..)
| Call::Session(..)
// Excludes `Sudo`
| Call::System(..)
| Call::TechnicalCommittee(..)
| Call::TechnicalMembership(..)
| Call::Timestamp(..)
| Call::Treasury(..)
| Call::Utility(..)
| Call::Vesting(..)
| Call::Web3Names(
// Excludes `ban`, and `reclaim_deposit`
pallet_web3_names::Call::claim { .. }
| pallet_web3_names::Call::release_by_owner { .. }
| pallet_web3_names::Call::unban { .. }
),
),
ProxyType::Governance => matches!(
c,
Call::Democracy(..)
| Call::Council(..) | Call::TechnicalCommittee(..)
| Call::Treasury(..) | Call::Utility(..)
Call::Council(..)
| Call::Democracy(..)
| Call::TechnicalCommittee(..)
| Call::TechnicalMembership(..)
| Call::Treasury(..) | Call::Utility(..)
),
ProxyType::ParachainStaking => {
matches!(c, Call::ParachainStaking(..) | Call::Session(..) | Call::Utility(..))
}
ProxyType::CancelProxy => {
matches!(c, Call::Proxy(pallet_proxy::Call::reject_announcement { .. }))
}
ProxyType::CancelProxy => matches!(c, Call::Proxy(pallet_proxy::Call::reject_announcement { .. })),
}
}
fn is_superset(&self, o: &Self) -> bool {
match (self, o) {
(x, y) if x == y => true,
// "anything" always contains any subset
(ProxyType::Any, _) => true,
(_, ProxyType::Any) => false,
// reclaiming deposits is part of NonTransfer but not in NonDepositClaiming
(ProxyType::NonDepositClaiming, ProxyType::NonTransfer) => false,
// everything except NonTransfer and Any is part of NonDepositClaiming
(ProxyType::NonDepositClaiming, _) => true,
// Transfers are part of NonDepositClaiming but not in NonTransfer
(ProxyType::NonTransfer, ProxyType::NonDepositClaiming) => false,
// everything except NonDepositClaiming and Any is part of NonTransfer
(ProxyType::NonTransfer, _) => true,
_ => false,
}
Expand Down
143 changes: 117 additions & 26 deletions runtimes/spiritnet/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -758,11 +758,19 @@ impl pallet_randomness_collective_flip::Config for Runtime {}
Copy, Clone, Eq, PartialEq, Ord, PartialOrd, Encode, Decode, RuntimeDebug, MaxEncodedLen, scale_info::TypeInfo,
)]
pub enum ProxyType {
/// Allow for any call.
Any,
/// Allow for calls that do not move tokens out of the caller's account.
NonTransfer,
/// Allow for governance-related calls.
Governance,
/// Allow for staking-related calls.
ParachainStaking,
/// Allow for calls that cancel proxy information.
CancelProxy,
/// Allow for calls that do not result in a deposit being claimed (e.g., for
/// attestations, delegations, or DIDs).
NonDepositClaiming,
}

impl Default for ProxyType {
Expand All @@ -777,47 +785,130 @@ impl InstanceFilter<Call> for ProxyType {
ProxyType::Any => true,
ProxyType::NonTransfer => matches!(
c,
Call::System(..) |
Call::Scheduler(..) |
Call::Timestamp(..) |
Call::Indices(pallet_indices::Call::claim{..}) |
Call::Indices(pallet_indices::Call::free{..}) |
Call::Indices(pallet_indices::Call::freeze{..}) |
// Specifically omitting Indices `transfer`, `force_transfer`
// Specifically omitting the entire Balances pallet
Call::Authorship(..) |
Call::Session(..) |
Call::Democracy(..) |
Call::Council(..) |
Call::TechnicalCommittee(..) |
Call::TechnicalMembership(..) |
Call::Treasury(..) |
Call::Vesting(pallet_vesting::Call::vest{..}) |
Call::Vesting(pallet_vesting::Call::vest_other{..}) |
// Specifically omitting Vesting `vested_transfer`, and `force_vested_transfer`
Call::Utility(..) |
Call::ParachainStaking(..)
Call::Attestation(..)
| Call::Authorship(..)
// Excludes `Balances`
| Call::Council(..) | Call::Ctype(..)
| Call::Delegation(..)
| Call::Democracy(..)
| Call::Did(..)
| Call::DidLookup(..)
| Call::Indices(
// Excludes `force_transfer`, and `transfer`
pallet_indices::Call::claim { .. }
| pallet_indices::Call::free { .. }
| pallet_indices::Call::freeze { .. }
)
// Excludes `KiltLaunch`
| Call::ParachainStaking(..)
// Excludes `ParachainSystem`
| Call::Preimage(..)
| Call::Proxy(..)
| Call::Scheduler(..)
| Call::Session(..)
| Call::System(..)
| Call::TechnicalCommittee(..)
| Call::TechnicalMembership(..)
| Call::Timestamp(..)
| Call::Treasury(..)
| Call::Utility(..)
| Call::Vesting(
// Excludes `force_vested_transfer`, `merge_schedules`, and `vested_transfer`
pallet_vesting::Call::vest { .. }
| pallet_vesting::Call::vest_other { .. }
)
| Call::Web3Names(..),
),
ProxyType::NonDepositClaiming => matches!(
c,
Call::Attestation(
// Excludes `reclaim_deposit`
attestation::Call::add { .. }
| attestation::Call::remove { .. }
| attestation::Call::revoke { .. }
)
| Call::Authorship(..)
// Excludes `Balances`
| Call::Council(..) | Call::Ctype(..)
| Call::Delegation(
// Excludes `reclaim_deposit`
delegation::Call::add_delegation { .. }
| delegation::Call::create_hierarchy { .. }
| delegation::Call::remove_delegation { .. }
| delegation::Call::revoke_delegation { .. }
)
| Call::Democracy(..)
| Call::Did(
// Excludes `reclaim_deposit`
did::Call::add_key_agreement_key { .. }
| did::Call::add_service_endpoint { .. }
| did::Call::create { .. }
| did::Call::delete { .. }
| did::Call::remove_attestation_key { .. }
| did::Call::remove_delegation_key { .. }
| did::Call::remove_key_agreement_key { .. }
| did::Call::remove_service_endpoint { .. }
| did::Call::set_attestation_key { .. }
| did::Call::set_authentication_key { .. }
| did::Call::set_delegation_key { .. }
| did::Call::submit_did_call { .. }
)
| Call::DidLookup(
// Excludes `reclaim_deposit`
pallet_did_lookup::Call::associate_account { .. }
| pallet_did_lookup::Call::associate_sender { .. }
| pallet_did_lookup::Call::remove_account_association { .. }
| pallet_did_lookup::Call::remove_sender_association { .. }
)
| Call::Indices(..)
// Excludes `KiltLaunch`
| Call::ParachainStaking(..)
// Excludes `ParachainSystem`
| Call::Preimage(..)
| Call::Proxy(..)
| Call::Scheduler(..)
| Call::Session(..)
| Call::System(..)
| Call::TechnicalCommittee(..)
| Call::TechnicalMembership(..)
| Call::Timestamp(..)
| Call::Treasury(..)
| Call::Utility(..)
| Call::Vesting(..)
| Call::Web3Names(
// Excludes `ban`, and `reclaim_deposit`
pallet_web3_names::Call::claim { .. }
| pallet_web3_names::Call::release_by_owner { .. }
| pallet_web3_names::Call::unban { .. }
),
),
ProxyType::Governance => matches!(
c,
Call::Democracy(..)
| Call::Council(..) | Call::TechnicalCommittee(..)
| Call::Treasury(..) | Call::Utility(..)
Call::Council(..)
| Call::Democracy(..)
| Call::TechnicalCommittee(..)
| Call::TechnicalMembership(..)
| Call::Treasury(..) | Call::Utility(..)
),
ProxyType::ParachainStaking => {
matches!(c, Call::ParachainStaking(..) | Call::Session(..) | Call::Utility(..))
}
ProxyType::CancelProxy => {
matches!(c, Call::Proxy(pallet_proxy::Call::reject_announcement { .. }))
}
ProxyType::CancelProxy => matches!(c, Call::Proxy(pallet_proxy::Call::reject_announcement { .. })),
}
}
fn is_superset(&self, o: &Self) -> bool {
match (self, o) {
(x, y) if x == y => true,
// "anything" always contains any subset
(ProxyType::Any, _) => true,
(_, ProxyType::Any) => false,
// reclaiming deposits is part of NonTransfer but not in NonDepositClaiming
(ProxyType::NonDepositClaiming, ProxyType::NonTransfer) => false,
// everything except NonTransfer and Any is part of NonDepositClaiming
(ProxyType::NonDepositClaiming, _) => true,
// Transfers are part of NonDepositClaiming but not in NonTransfer
(ProxyType::NonTransfer, ProxyType::NonDepositClaiming) => false,
// everything except NonDepositClaiming and Any is part of NonTransfer
(ProxyType::NonTransfer, _) => true,
_ => false,
}
Expand Down