Skip to content

Add functions to manage Acl roles #9

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
mfornet merged 2 commits into from
Oct 11, 2022
Merged

Add functions to manage Acl roles #9

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
57ab5f8
Add functions to manage roles
mooori Oct 5, 2022
73f8713
Remove unchecked methods and expose expected methods
Oct 11, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
28 changes: 8 additions & 20 deletions near-plugins-derive/src/access_controllable.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -433,11 +433,6 @@ pub fn access_controllable(attrs: TokenStream, item: TokenStream) -> TokenStream
self.#acl_field.is_super_admin(&account_id)
}

#[private]
fn acl_init_super_admin(&mut self, account_id: ::near_sdk::AccountId) -> bool {
self.#acl_field.init_super_admin(&account_id)
}

fn acl_add_admin(&mut self, role: String, account_id: ::near_sdk::AccountId) -> Option<bool> {
let role = <#role_type>::try_from(role.as_str()).expect(#ERR_PARSE_ROLE);
self.#acl_field.add_admin(role, &account_id)
Expand All @@ -458,32 +453,25 @@ pub fn access_controllable(attrs: TokenStream, item: TokenStream) -> TokenStream
self.#acl_field.renounce_admin(role)
}

#[private]
fn acl_revoke_admin_unchecked(&mut self, role: String, account_id: ::near_sdk::AccountId) -> bool {
fn acl_revoke_role(&mut self, role: String, account_id: ::near_sdk::AccountId) -> Option<bool> {
let role = <#role_type>::try_from(role.as_str()).expect(#ERR_PARSE_ROLE);
self.#acl_field.revoke_admin_unchecked(role, &account_id)
self.#acl_field.revoke_role(role, &account_id)
}

fn acl_grant_role(&mut self, role: String, account_id: ::near_sdk::AccountId) -> Option<bool> {
fn acl_renounce_role(&mut self, role: String) -> bool {
let role = <#role_type>::try_from(role.as_str()).expect(#ERR_PARSE_ROLE);
self.#acl_field.grant_role(role, &account_id)
self.#acl_field.renounce_role(role)
}

#[private]
fn acl_grant_role_unchecked(&mut self, role: String, account_id: ::near_sdk::AccountId) -> bool {
fn acl_grant_role(&mut self, role: String, account_id: ::near_sdk::AccountId) -> Option<bool> {
let role = <#role_type>::try_from(role.as_str()).expect(#ERR_PARSE_ROLE);
self.#acl_field.grant_role_unchecked(role, &account_id)
self.#acl_field.grant_role(role, &account_id)
}

fn acl_has_role(&self, role: String, account_id: ::near_sdk::AccountId) -> bool {
let role = <#role_type>::try_from(role.as_str()).expect(#ERR_PARSE_ROLE);
self.#acl_field.renounce_role(role)
}

#[private]
fn acl_revoke_role_unchecked(&mut self, role: String, account_id: ::near_sdk::AccountId) -> bool {
fn acl_has_role(&self, role: String, account_id: ::near_sdk::AccountId) -> bool {
let role = <#role_type>::try_from(role.as_str()).expect(#ERR_PARSE_ROLE);
self.#acl_field.revoke_role_unchecked(role, &account_id)
self.#acl_field.has_role(role, &account_id)
}

fn acl_has_any_role(&self, roles: Vec<String>, account_id: ::near_sdk::AccountId) -> bool {
Expand Down
33 changes: 0 additions & 33 deletions near-plugins/src/access_controllable.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,18 +19,6 @@ pub trait AccessControllable {
/// Returns the storage prefix for collections related to access control.
fn acl_storage_prefix() -> &'static [u8];

/// Adds `account_id` as super-admin __without__ checking any permissions in
/// case there are no super-admins. This function can be used to add a
/// super-admin during contract initialization. Moreover, it may provide a
/// recovery mechanism if (mistakenly) all super-admins have been removed.
///
/// The return value indicates whether `account_id` was added as
/// super-admin.
///
/// It is `#[private]` in the implementation provided by this trait, i.e.
/// only the contract itself may call this method.
fn acl_init_super_admin(&mut self, account_id: AccountId) -> bool;

/// Returns whether `account_id` is a super-admin.
fn acl_is_super_admin(&self, account_id: AccountId) -> bool;

Expand Down Expand Up @@ -61,13 +49,6 @@ pub trait AccessControllable {
/// whether the predecessor was an admin for `role`.
fn acl_renounce_admin(&mut self, role: String) -> bool;

/// Revokes admin permissions from `account_id` __without__ checking any
/// permissions. Returns whether `account_id` was an admin for `role`.
///
/// This method is `#[private]` in the implementation provided by this
/// crate.
fn acl_revoke_admin_unchecked(&mut self, role: String, account_id: AccountId) -> bool;

/// Grants `role` to `account_id` provided that the predecessor has
/// sufficient permissions, i.e. is an admin as defined by [`acl_is_admin`].
///
Expand All @@ -76,13 +57,6 @@ pub trait AccessControllable {
/// `None` is returned and internal state is not modified.
fn acl_grant_role(&mut self, role: String, account_id: AccountId) -> Option<bool>;

/// Grants `role` to `account_id` __without__ checking any permissions.
/// Returns whether `role` was newly granted to `account_id`.
///
/// This method is `#[private]` in the implementation provided by this
/// crate.
fn acl_grant_role_unchecked(&mut self, role: String, account_id: AccountId) -> bool;

/// Returns whether `account_id` has been granted `role`.
fn acl_has_role(&self, role: String, account_id: AccountId) -> bool;

Expand All @@ -98,13 +72,6 @@ pub trait AccessControllable {
/// of `role`.
fn acl_renounce_role(&mut self, role: String) -> bool;

/// Revokes `role` from `account_id` __without__ checking any permissions.
/// Returns whether `account_id` was a grantee of `role`.
///
/// This method is `#[private]` in the implementation provided by this
/// crate.
fn acl_revoke_role_unchecked(&mut self, role: String, account_id: AccountId) -> bool;

/// Returns whether `account_id` has been granted any of the `roles`.
fn acl_has_any_role(&self, roles: Vec<String>, account_id: AccountId) -> bool;

Expand Down
10 changes: 10 additions & 0 deletions near-plugins/tests/contracts/access_controllable/src/lib.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -75,6 +75,11 @@ impl StatusMessage {
/// Exposing internal methods to facilitate integration testing.
#[near_bindgen]
impl StatusMessage {
#[private]
pub fn acl_init_super_admin(&mut self, account_id: ::near_sdk::AccountId) -> bool {
self.__acl.init_super_admin(&account_id)
}

#[private]
pub fn acl_add_super_admin_unchecked(&mut self, account_id: AccountId) -> bool {
self.__acl.add_super_admin_unchecked(&account_id)
Expand All @@ -85,6 +90,11 @@ impl StatusMessage {
self.__acl.revoke_super_admin_unchecked(&account_id)
}

#[private]
pub fn acl_revoke_role_unchecked(&mut self, role: Role, account_id: AccountId) -> bool {
self.__acl.revoke_role_unchecked(role.into(), &account_id)
}

#[private]
pub fn acl_add_admin_unchecked(&mut self, role: Role, account_id: AccountId) -> bool {
self.__acl.add_admin_unchecked(role, &account_id)
Expand Down