add perimission checks to object

[runtian-zhou]

Description

Adds permissioned signer support for object transfers and token/collection mutations in the Aptos Framework. This change introduces new permission types and validation checks to ensure only authorized signers can perform transfers and mutations on objects, tokens and collections.

Type of Change

• New feature
• Aptos Framework

Which Components or Systems Does This Change Impact?

• Move/Aptos Virtual Machine
• Aptos Framework

How Has This Been Tested?

Added new test cases in object.move and aptos_token.move to verify permissioned signer functionality for transfers and mutations.

Key Areas to Review

• New permission types added: TransferPermission, TokenUpdatePermission, CollectionUpdatePermission
• Permission validation checks in transfer and mutation operations
• Integration with existing permissioned_signer module
• Authorization and revocation flows for token/collection mutations

Checklist

• I have read and followed the CONTRIBUTING doc
• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas
• I identified and added all stakeholders and component owners affected by this change as reviewers
• I tested both happy and unhappy path of the functionality
• I have made corresponding changes to the documentation

[trunk-io]

⏱️ 1h 41m total CI duration on this PR

Slowest 15 Jobs	Cumulative Duration	Recent Runs
rust-move-unit-coverage	18m	🟩
rust-move-unit-coverage	14m	🟩
rust-move-unit-coverage	14m	🟩
rust-move-tests	10m	🟥
rust-move-tests	9m	🟥
general-lints	7m	🟩 🟩 🟩 🟩
rust-cargo-deny	7m	🟩 🟩 🟩 🟩
rust-move-tests	5m	⬜
rust-move-unit-coverage	5m	⬜
check-dynamic-deps	4m	🟩 🟩 🟩 🟩 🟩 (+1 more)
rust-move-tests	3m	🟥
semgrep/ci	2m	🟩 🟩 🟩 🟩 🟩 (+1 more)
file_change_determinator	48s	🟩 🟩 🟩 🟩
file_change_determinator	43s	🟩 🟩 🟩 🟩
permission-check	16s	🟩 🟩 🟩 🟩 🟩

_{settings ⋅ feedback ⋅ docs ⋅ learn more about trunk.io}

[runtian-zhou]

Warning

This pull request is not mergeable via GitHub because a downstack PR is open. Once all requirements are satisfied, merge this PR as a stack on Graphite.
Learn more

• Add another flavor of permission api #15609
• Create object with permissioned signer #15707
• Feature gate permissioned signer #15622
• Create benchmark #14916
• permission for framework #14605
• add perimission checks to object #14582 👈 (View in Graphite)
• Add permission check to account #14535
• add permissions for fungible assets operation #14567
• create permissioned signer example #14469
• [feature] Add permissioned signer functionality #14521
• main

This stack of pull requests is managed by Graphite. Learn more about stacking.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 59.4%. Comparing base (0161bbf) to head (2431b7b).

Additional details and impacted files

@@                          Coverage Diff                           @@
##           09-04-add_permission_check_to_account   #14582   +/-   ##
======================================================================
  Coverage                                   59.4%    59.4%           
======================================================================
  Files                                        857      857           
  Lines                                     210762   210762           
======================================================================
  Hits                                      125197   125197           
  Misses                                     85565    85565           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[graphite-app]

The comment in the test refers to aaron_permission_signer but the actual variable name used is creator_permission_signer. The variable name in the comment should be updated to match the implementation for accuracy.

Spotted by Graphite Reviewer

Is this helpful? React 👍 or 👎 to let us know.