feat(billboard): add tests for ownership

thematters · Nov 15, 2023 · da0d73f · da0d73f
1 parent d7c1b89
commit da0d73f
Show file tree

Hide file tree

Showing 3 changed files with 113 additions and 154 deletions.
diff --git a/src/Billboard/BillboardRegistry.sol b/src/Billboard/BillboardRegistry.sol
@@ -244,17 +244,6 @@ contract BillboardRegistry is IBillboardRegistry, ERC721 {
  return boards[tokenId_].contentURI;
  }
 
- /**
- * @notice See {IERC721-isApprovedForAll}.
- */
- function isApprovedForAll(address owner_, address operator_) public view override(ERC721, IERC721) returns (bool) {
- if (operator_ == operator) {
- return true;
- }
-
- return super.isApprovedForAll(owner_, operator_);
- }
-
  /**
  * @notice See {IERC721-transferFrom}.
  */

diff --git a/src/test/Billboard/BillboardTest.t.sol b/src/test/Billboard/BillboardTest.t.sol
@@ -42,7 +42,7 @@ contract BillboardTest is BillboardTestBase {
  assertEq(operator.isOpened(), false);
  }
 
- function testSetIsOpenedByAttacker() public {
+ function testCannotSetIsOpenedByAttacker() public {
  vm.startPrank(ATTACKER);
 
  vm.expectRevert(abi.encodeWithSignature("Unauthorized(string)", "admin"));
@@ -57,7 +57,7 @@ contract BillboardTest is BillboardTestBase {
  assertEq(operator.whitelist(USER_B), false);
  }
 
- function testAddToWhitelistByAttacker() public {
+ function testCannotAddToWhitelistByAttacker() public {
  vm.startPrank(ATTACKER);
 
  vm.expectRevert(abi.encodeWithSignature("Unauthorized(string)", "admin"));
@@ -74,7 +74,7 @@ contract BillboardTest is BillboardTestBase {
  assertEq(operator.whitelist(USER_A), false);
  }
 
- function testRemoveToWhitelistByAttacker() public {
+ function testCannotRemoveToWhitelistByAttacker() public {
  vm.startPrank(ATTACKER);
 
  vm.expectRevert(abi.encodeWithSignature("Unauthorized(string)", "admin"));
@@ -121,15 +121,15 @@ contract BillboardTest is BillboardTestBase {
  assertEq(registry.balanceOf(USER_A), 1);
  }
 
- function testMintBoardByAttacker() public {
+ function testCannotMintBoardByAttacker() public {
  vm.startPrank(ATTACKER);
 
  vm.expectRevert(abi.encodeWithSignature("Unauthorized(string)", "whitelist"));
  operator.mintBoard(ATTACKER);
  }
 
  function testSetBoardProperties() public {
- uint256 _tokenId = _mintBoard(ADMIN);
+ uint256 _tokenId = _mintBoard();
 
  vm.startPrank(ADMIN);
 
@@ -147,8 +147,8 @@ contract BillboardTest is BillboardTestBase {
  assertEq(board.redirectURI, "redirect URI");
  }
 
- function testSetBoardProprtiesByAttacker() public {
- uint256 _tokenId = _mintBoard(ADMIN);
+ function testCannotSetBoardProprtiesByAttacker() public {
+ uint256 _tokenId = _mintBoard();
 
  vm.startPrank(ATTACKER);
 
@@ -169,187 +169,157 @@ contract BillboardTest is BillboardTestBase {
  }
 
  function testGetTokenURI() public {
- uint256 _tokenId = _mintBoard(ADMIN);
+ uint256 _tokenId = _mintBoard();
 
  vm.startPrank(ADMIN);
 
  operator.setBoardContentURI(_tokenId, "new uri");
  assertEq(registry.tokenURI(_tokenId), "new uri");
  }
 
- // function testTransfer() public {
- // _mintBoard();
-
- // vm.stopPrank();
- // vm.startPrank(ADMIN);
- // assertEq(ADMIN, registry.ownerOf(1));
-
- // // transfer board from admin to zero address
- // vm.expectRevert(abi.encodeWithSignature("InvalidAddress()"));
- // registry.transferFrom(ADMIN, ZERO_ADDRESS, 1);
-
- // // transfer board from admin to user_a
- // registry.transferFrom(ADMIN, USER_A, 1);
- // IBillboardRegistry.Board memory board = operator.getBoard(1);
- // assertEq(ADMIN, board.creator);
- // assertEq(USER_A, board.tenant);
- // assertEq(USER_A, registry.ownerOf(1));
-
- // vm.stopPrank();
- // vm.startPrank(USER_A);
-
- // vm.expectRevert(abi.encodeWithSignature("Unauthorized(string)", "creator"));
- // operator.setBoardName(1, "name by a");
-
- // vm.expectRevert(abi.encodeWithSignature("Unauthorized(string)", "creator"));
- // operator.setBoardDescription(1, "description by a");
-
- // vm.expectRevert(abi.encodeWithSignature("Unauthorized(string)", "creator"));
- // operator.setBoardLocation(1, "location by a");
-
- // operator.setBoardContentURI(1, "uri by a");
- // operator.setBoardRedirectURI(1, "redirect URI by a");
+ function testTransfer() public {
+ // mint
+ uint256 _tokenId = _mintBoard();
 
- // board = operator.getBoard(1);
- // assertEq("", board.name);
- // assertEq("", board.description);
- // assertEq("", board.location);
- // assertEq("uri by a", board.contentURI);
- // assertEq("redirect URI by a", board.redirectURI);
+ // transfer
+ vm.startPrank(ADMIN);
+ registry.transferFrom(ADMIN, USER_A, _tokenId);
 
- // // transfer board from user_a to user_b
- // registry.safeTransferFrom(USER_A, USER_B, 1);
- // board = operator.getBoard(1);
- // assertEq(ADMIN, board.creator);
- // assertEq(USER_B, board.tenant);
- // assertEq(USER_B, registry.ownerOf(1));
+ IBillboardRegistry.Board memory board = operator.getBoard(_tokenId);
+ assertEq(board.creator, ADMIN);
+ assertEq(registry.balanceOf(ADMIN), 0);
+ assertEq(registry.ownerOf(_tokenId), USER_A);
 
- // vm.stopPrank();
- // vm.startPrank(USER_B);
+ // set board properties
+ vm.stopPrank();
+ vm.startPrank(USER_A);
 
- //  vm.expectRevert(abi.encodeWithSignature("Unauthorized(string)", "creator"));
- //  operator.setBoardName(1, "name by b");
+ vm.expectRevert(abi.encodeWithSignature("Unauthorized(string)", "creator"));
+ operator.setBoardName(_tokenId, "name by a");
 
- //  vm.expectRevert(abi.encodeWithSignature("Unauthorized(string)", "creator"));
- //  operator.setBoardDescription(1, "description by b");
+ vm.expectRevert(abi.encodeWithSignature("Unauthorized(string)", "creator"));
+ operator.setBoardDescription(_tokenId, "description by a");
 
- //  vm.expectRevert(abi.encodeWithSignature("Unauthorized(string)", "creator"));
- //  operator.setBoardLocation(1, "location by b");
+ vm.expectRevert(abi.encodeWithSignature("Unauthorized(string)", "creator"));
+ operator.setBoardLocation(_tokenId, "location by a");
 
- //  operator.setBoardContentURI(1, "uri by b");
- //  operator.setBoardRedirectURI(1, "redirect URI by b");
+ operator.setBoardContentURI(_tokenId, "uri by a");
+ operator.setBoardRedirectURI(_tokenId, "redirect URI by a");
 
- //  board = operator.getBoard(1);
- //  assertEq("", board.name);
- //  assertEq("", board.description);
- //  assertEq("", board.location);
- //  assertEq("uri by b", board.contentURI);
- //  assertEq("redirect URI by b", board.redirectURI);
+ board = operator.getBoard(_tokenId);
+ assertEq(board.name, "");
+ assertEq(board.description, "");
+ assertEq(board.location, "");
+ assertEq(board.contentURI, "uri by a");
+ assertEq(board.redirectURI, "redirect URI by a");
 
- // // transfer board from user_b to user_c by operator
- // vm.stopPrank();
- // vm.startPrank(address(operator));
+ // transfer board from user_a to user_b
+ registry.safeTransferFrom(USER_A, USER_B, 1);
+ board = operator.getBoard(_tokenId);
+ assertEq(board.creator, ADMIN);
+ assertEq(registry.ownerOf(1), USER_B);
 
- // registry.transferFrom(USER_B, USER_C, 1);
- // board = operator.getBoard(1);
- // assertEq(ADMIN, board.creator);
- // assertEq(USER_C, board.tenant);
- // assertEq(USER_C, registry.ownerOf(1));
+ vm.stopPrank();
+ vm.startPrank(USER_B);
 
- //  vm.stopPrank();
- //  vm.startPrank(USER_C);
+ vm.expectRevert(abi.encodeWithSignature("Unauthorized(string)", "creator"));
+ operator.setBoardName(_tokenId, "name by b");
 
- //  vm.expectRevert(abi.encodeWithSignature("Unauthorized(string)", "creator"));
- //  operator.setBoardName(1, "name by b");
+ vm.expectRevert(abi.encodeWithSignature("Unauthorized(string)", "creator"));
+ operator.setBoardDescription(_tokenId, "description by b");
 
- //  vm.expectRevert(abi.encodeWithSignature("Unauthorized(string)", "creator"));
- //  operator.setBoardDescription(1, "description by b");
+ vm.expectRevert(abi.encodeWithSignature("Unauthorized(string)", "creator"));
+ operator.setBoardLocation(_tokenId, "location by b");
 
- //  vm.expectRevert(abi.encodeWithSignature("Unauthorized(string)", "creator"));
- //  operator.setBoardLocation(1, "location by b");
+ operator.setBoardContentURI(_tokenId, "uri by b");
+ operator.setBoardRedirectURI(_tokenId, "redirect URI by b");
 
- // operator.setBoardContentURI(1, "uri by c");
- // operator.setBoardRedirectURI(1, "redirect URI by c");
+ board = operator.getBoard(_tokenId);
+ assertEq(board.name, "");
+ assertEq(board.description, "");
+ assertEq(board.location, "");
+ assertEq(board.contentURI, "uri by b");
+ assertEq(board.redirectURI, "redirect URI by b");
+ }
 
- // board = operator.getBoard(1);
- // assertEq("", board.name);
- // assertEq("", board.description);
- // assertEq("", board.location);
- // assertEq("uri by c", board.contentURI);
- // assertEq("redirect URI by c", board.redirectURI);
- // }
+ function testCannotTransferToZeroAddress() public {
+ uint256 _tokenId = _mintBoard();
 
- // function testTransferByAttacker() public {
- // _mintBoard();
+ vm.startPrank(ADMIN);
 
- // vm.stopPrank();
- // vm.startPrank(ATTACKER);
+ vm.expectRevert("ERC721: transfer to the zero address");
+ registry.transferFrom(ADMIN, ZERO_ADDRESS, _tokenId);
+ }
 
- // vm.expectRevert(abi.encodeWithSignature("Unauthorized(string)", "not owner nor approved"));
- //  registry.transferFrom(ADMIN, ATTACKER, 1);
+ function testCannotTransferByOperator() public {
+ uint256 _tokenId = _mintBoard();
 
- // vm.stopPrank();
- // vm.startPrank(ADMIN);
- // registry.transferFrom(ADMIN, USER_A, 1);
+ vm.startPrank(address(operator));
 
- // vm.stopPrank();
- // vm.startPrank(ATTACKER);
+ vm.expectRevert("ERC721: caller is not token owner or approved");
+ registry.transferFrom(USER_B, USER_C, _tokenId);
+ }
 
- // vm.expectRevert(abi.encodeWithSignature("Unauthorized(string)", "not owner nor approved"));
- // registry.safeTransferFrom(USER_A, ATTACKER, 1);
- // }
+ function testCannotTransferByAttacker() public {
+ uint256 _tokenId = _mintBoard();
 
- // function testApprove() public {
- // _mintBoard();
+ vm.startPrank(ATTACKER);
 
- // vm.stopPrank();
- // vm.startPrank(ADMIN);
+ vm.expectRevert("ERC721: caller is not token owner or approved");
+ registry.transferFrom(ADMIN, ATTACKER, _tokenId);
+ }
 
- // registry.approve(USER_A, 1);
- //  assertEq(USER_A, registry.getApproved(1));
+ function testApprove() public {
+ uint256 _tokenId = _mintBoard();
 
- //  vm.stopPrank();
- //  vm.startPrank(USER_A);
- //  registry.transferFrom(ADMIN, USER_A, 1);
+ vm.startPrank(ADMIN);
+ registry.approve(USER_A, _tokenId);
+ assertEq(USER_A, registry.getApproved(_tokenId));
 
- // IBillboardRegistry.Board memory board = operator.getBoard(1);
- // assertEq(ADMIN, board.creator);
- // assertEq(USER_A, board.tenant);
- // }
+ vm.stopPrank();
+ vm.startPrank(USER_A);
+ registry.transferFrom(ADMIN, USER_A, _tokenId);
 
- // function testApproveByAttacker() public {
- // _mintBoard();
+ IBillboardRegistry.Board memory board = operator.getBoard(_tokenId);
+ assertEq(ADMIN, board.creator);
+ }
 
- // vm.stopPrank();
- //  vm.startPrank(USER_A);
+ function testApproveByAttacker() public {
+ uint256 _tokenId = _mintBoard();
 
- // vm.expectRevert("ERC721: approve caller is not token owner or approved for all");
- // registry.approve(USER_A, 1);
- // }
+ vm.stopPrank();
+ vm.startPrank(ATTACKER);
+ vm.expectRevert("ERC721: approve caller is not token owner or approved for all");
+ registry.approve(USER_A, _tokenId);
+ }
 
  // //////////////////////////////
  // /// Auction
  // //////////////////////////////
 
- // function testSetTaxRate() public {
- // vm.startPrank(ADMIN);
-
- // operator.setTaxRate(2);
- // assertEq(2, operator.getTaxRate());
- // }
-
- // function testSetTaxRateByAttacker() public {
- // vm.startPrank(ATTACKER);
-
- // vm.expectRevert(abi.encodeWithSignature("Unauthorized(string)", "admin"));
- // operator.setTaxRate(2);
- // }
-
  // function testBid() public {}
 
  // function testClearAuction() public {}
 
  // function testBidByAttacker() public {}
 
  // function testClearAuctionByAttacker() public {}
+
+ //////////////////////////////
+ /// Tax & Withdraw
+ //////////////////////////////
+
+ function testSetTaxRate() public {
+ vm.startPrank(ADMIN);
+
+ operator.setTaxRate(2);
+ assertEq(operator.getTaxRate(), 2);
+ }
+
+ function testSetTaxRateByAttacker() public {
+ vm.startPrank(ATTACKER);
+
+ vm.expectRevert(abi.encodeWithSignature("Unauthorized(string)", "admin"));
+ operator.setTaxRate(2);
+ }
 }
diff --git a/src/test/Billboard/BillboardTestBase.t.sol b/src/test/Billboard/BillboardTestBase.t.sol
@@ -38,9 +38,9 @@ contract BillboardTestBase is Test {
  vm.stopPrank();
  }
 
- function _mintBoard(address to_) public returns (uint256 tokenId) {
+ function _mintBoard() public returns (uint256 tokenId) {
  vm.prank(ADMIN);
- tokenId = operator.mintBoard(to_);
+ tokenId = operator.mintBoard(ADMIN);
  assertEq(registry.balanceOf(ADMIN), 1);
  }
 }