Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(frontend-canister): add validation methods for SNS #2958

Merged
merged 4 commits into from
Feb 8, 2023
Merged

feat(frontend-canister): add validation methods for SNS #2958

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
3ef6e41
feat(frontend-canister): add validation methods for SNS
ericswanson-dfinity Feb 8, 2023
d78da6b
Merge remote-tracking branch 'origin/master' into validation
ericswanson-dfinity Feb 8, 2023
a8403ba
Merge remote-tracking branch 'origin/master' into validation
ericswanson-dfinity Feb 8, 2023
d7a3465
render more nicely
ericswanson-dfinity Feb 8, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 13 additions & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,19 @@

# UNRELEASED

## Asset Canister

Added validate_grant_permission() and validate_revoke_permission() methods per SNS requirements.

## Dependencies

### Frontend canister

- Module hash: 98863747bb8b1366ae5e3c5721bfe08ce6b7480fe4c3864d4fec3d9827255480
- https://github.com/dfinity/sdk/pull/2958

# 0.13.0

## DFX

### feat: Add dfx sns download
Expand Down
28 changes: 28 additions & 0 deletions e2e/tests-dfx/assetscanister.bash
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,34 @@ check_permission_failure() {
assert_contains "$expected"
fi
}

@test "validation methods" {
assert_command dfx identity new controller --storage-mode plaintext
assert_command dfx identity use controller
CONTROLLER_PRINCIPAL=$(dfx identity get-principal)

install_asset assetscanister
dfx_start
assert_command dfx deploy

assert_command dfx identity new prepare --storage-mode plaintext
PREPARE_PRINCIPAL=$(dfx identity get-principal --identity prepare)

assert_command dfx canister call e2e_project_frontend validate_grant_permission "(record { to_principal=principal \"$PREPARE_PRINCIPAL\"; permission = variant { Prepare }; })"
assert_contains 'Ok = "grant Prepare permission to principal '"$PREPARE_PRINCIPAL"'"'

assert_command dfx canister call e2e_project_frontend validate_grant_permission "(record { to_principal=principal \"$PREPARE_PRINCIPAL\"; permission = variant { Prepare }; })" --identity prepare
assert_contains 'Ok = "grant Prepare permission to principal '"$PREPARE_PRINCIPAL"'"'

assert_command dfx canister call e2e_project_frontend validate_revoke_permission "(record { of_principal=principal \"$PREPARE_PRINCIPAL\"; permission = variant { Commit }; })"
assert_contains 'Ok = "revoke Commit permission from principal '"$PREPARE_PRINCIPAL"'"'

FE_CANISTER_ID="$(dfx canister id e2e_project_frontend)"
rm .dfx/local/canister_ids.json
assert_command_fail dfx canister call "$FE_CANISTER_ID" validate_revoke_permission "(record { of_principal=principal \"$PREPARE_PRINCIPAL\"; permission = variant { FlyBeFree }; })"
assert_contains "trapped"
}

@test "access control - fine-grained" {
assert_command dfx identity new controller --storage-mode plaintext
assert_command dfx identity use controller
Expand Down
6 changes: 6 additions & 0 deletions src/canisters/frontend/ic-certified-assets/assets.did
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -102,6 +102,8 @@ type RevokePermission = record {
};
type ListPermitted = record { permission: Permission };

type ValidationResult = variant { Ok : text; Err : text };

service: {
get: (record {
key: Key;
Expand Down Expand Up @@ -173,10 +175,14 @@ service: {
grant_permission: (GrantPermission) -> ();
revoke_permission: (RevokePermission) -> ();
list_permitted: (ListPermitted) -> (vec principal) query;
take_ownership: () -> ();

get_asset_properties : (key: Key) -> (record {
max_age: opt nat64;
headers: opt vec HeaderField;
allow_raw_access: opt bool; } ) query;
set_asset_properties: (SetAssetPropertiesArguments) -> ();

validate_grant_permission: (GrantPermission) -> (ValidationResult);
validate_revoke_permission: (RevokePermission) -> (ValidationResult);
}
18 changes: 18 additions & 0 deletions src/canisters/frontend/ic-certified-assets/src/lib.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,15 @@ async fn grant_permission(arg: GrantPermissionArguments) {
}
}

#[update]
#[candid_method(update)]
async fn validate_grant_permission(arg: GrantPermissionArguments) -> Result<String, String> {
Ok(format!(
"grant {} permission to principal {}",
arg.permission, arg.to_principal
))
}

#[update]
#[candid_method(update)]
async fn deauthorize(other: Principal) {
Expand Down Expand Up @@ -83,6 +92,15 @@ async fn revoke_permission(arg: RevokePermissionArguments) {
}
}

#[update]
#[candid_method(update)]
async fn validate_revoke_permission(arg: RevokePermissionArguments) -> Result<String, String> {
Ok(format!(
"revoke {} permission from principal {}",
arg.permission, arg.of_principal
))
}

#[query(manual_reply = true)]
#[candid_method(query)]
fn list_authorized() -> ManualReply<Vec<Principal>> {
Expand Down
6 changes: 6 additions & 0 deletions src/distributed/assetstorage.did
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -102,6 +102,8 @@ type RevokePermission = record {
};
type ListPermitted = record { permission: Permission };

type ValidationResult = variant { Ok : text; Err : text };

service: {
get: (record {
key: Key;
Expand Down Expand Up @@ -173,10 +175,14 @@ service: {
grant_permission: (GrantPermission) -> ();
revoke_permission: (RevokePermission) -> ();
list_permitted: (ListPermitted) -> (vec principal) query;
take_ownership: () -> ();

get_asset_properties : (key: Key) -> (record {
max_age: opt nat64;
headers: opt vec HeaderField;
allow_raw_access: opt bool; } ) query;
set_asset_properties: (SetAssetPropertiesArguments) -> ();

validate_grant_permission: (GrantPermission) -> (ValidationResult);
validate_revoke_permission: (RevokePermission) -> (ValidationResult);
}
Binary file modified src/distributed/assetstorage.wasm.gz
View file
Open in desktop
Binary file not shown.