permissions_validators_basic.gno
3.80 Kb ยท 157 lines
1package boards2
2
3import (
4 "errors"
5
6 "gno.land/p/gnoland/boards"
7
8 "gno.land/r/gnoland/boards2/v1/permissions"
9 "gno.land/r/sys/users"
10)
11
12// validateBasicBoardCreate validates PermissionBoardCreate.
13//
14// Expected `args` values:
15// 1. Caller address
16// 2. Board name
17// 3. Board ID
18// 4. Is board listed
19// 5. Is board open
20func validateBasicBoardCreate(perms boards.Permissions, args boards.Args) error {
21 caller, ok := args[0].(address)
22 if !ok {
23 return errors.New("expected a valid caller address")
24 }
25
26 name, ok := args[1].(string)
27 if !ok {
28 return errors.New("expected board name to be a string")
29 }
30
31 open, ok := args[4].(bool)
32 if !ok {
33 return errors.New("expected board open flag to be a boolean")
34 }
35
36 if open && !perms.HasRole(caller, permissions.RoleOwner) {
37 return errors.New("only owners can create open boards")
38 }
39
40 if err := checkBoardNameIsNotAddress(name); err != nil {
41 return err
42 }
43
44 if err := checkBoardNameBelongsToAddress(caller, name); err != nil {
45 return err
46 }
47 return nil
48}
49
50// validateBasicBoardRename validates PermissionBoardRename.
51//
52// Expected `args` values:
53// 1. Caller address
54// 2. Board ID
55// 3. Current board name
56// 4. New board name
57func validateBasicBoardRename(_ boards.Permissions, args boards.Args) error {
58 caller, ok := args[0].(address)
59 if !ok {
60 return errors.New("expected a valid caller address")
61 }
62
63 newName, ok := args[3].(string)
64 if !ok {
65 return errors.New("expected new board name to be a string")
66 }
67
68 if err := checkBoardNameIsNotAddress(newName); err != nil {
69 return err
70 }
71
72 if err := checkBoardNameBelongsToAddress(caller, newName); err != nil {
73 return err
74 }
75 return nil
76}
77
78// validateBasicMemberInvite validates PermissionMemberInvite.
79//
80// Expected `args` values:
81// 1. Caller address
82// 2. Board ID
83// 3. Invites
84func validateBasicMemberInvite(perms boards.Permissions, args boards.Args) error {
85 caller, ok := args[0].(address)
86 if !ok {
87 return errors.New("expected a valid caller address")
88 }
89
90 invites, ok := args[2].([]Invite)
91 if !ok {
92 return errors.New("expected valid user invites")
93 }
94
95 // Make sure that only owners invite other owners
96 callerIsOwner := perms.HasRole(caller, permissions.RoleOwner)
97 for _, v := range invites {
98 if v.Role == permissions.RoleOwner && !callerIsOwner {
99 return errors.New("only owners are allowed to invite other owners")
100 }
101 }
102 return nil
103}
104
105// validateBasicRoleChange validates PermissionRoleChange.
106//
107// Expected `args` values:
108// 1. Caller address
109// 2. Board ID
110// 3. Member address
111// 4. Role
112func validateBasicRoleChange(perms boards.Permissions, args boards.Args) error {
113 caller, ok := args[0].(address)
114 if !ok {
115 return errors.New("expected a valid caller address")
116 }
117
118 // Owners and Admins can change roles.
119 // Admins should not be able to assign or remove the Owner role from members.
120 if perms.HasRole(caller, permissions.RoleAdmin) {
121 role, ok := args[3].(boards.Role)
122 if !ok {
123 return errors.New("expected a valid member role")
124 }
125
126 if role == permissions.RoleOwner {
127 return errors.New("admins are not allowed to promote members to Owner")
128 } else {
129 member, ok := args[2].(address)
130 if !ok {
131 return errors.New("expected a valid member address")
132 }
133
134 if perms.HasRole(member, permissions.RoleOwner) {
135 return errors.New("admins are not allowed to remove the Owner role")
136 }
137 }
138 }
139 return nil
140}
141
142func checkBoardNameIsNotAddress(s string) error {
143 if address(s).IsValid() {
144 return errors.New("addresses are not allowed as board name")
145 }
146 return nil
147}
148
149func checkBoardNameBelongsToAddress(owner address, name string) error {
150 // When the board name is the name of a registered user
151 // check that caller is the owner of the name.
152 user, _ := users.ResolveName(name)
153 if user != nil && user.Addr() != owner {
154 return errors.New("board name is a user name registered to a different user")
155 }
156 return nil
157}
