permissions_validators.gno
3.41 Kb ยท 146 lines
1package boards2
2
3import (
4 "errors"
5
6 "gno.land/p/gnoland/boards"
7
8 "gno.land/r/sys/users"
9)
10
11// validateBoardCreate validates PermissionBoardCreate.
12//
13// Expected `args` values:
14// 1. Caller address
15// 2. Board name
16// 3. Board ID
17// 4. Is board listed
18func validateBoardCreate(_ boards.Permissions, args boards.Args) error {
19 caller, ok := args[0].(address)
20 if !ok {
21 return errors.New("expected a valid caller address")
22 }
23
24 name, ok := args[1].(string)
25 if !ok {
26 return errors.New("expected board name to be a string")
27 }
28
29 if err := checkBoardNameIsNotAddress(name); err != nil {
30 return err
31 }
32
33 if err := checkBoardNameBelongsToAddress(caller, name); err != nil {
34 return err
35 }
36 return nil
37}
38
39// validateBoardRename validates PermissionBoardRename.
40//
41// Expected `args` values:
42// 1. Caller address
43// 2. Board ID
44// 3. Current board name
45// 4. New board name
46func validateBoardRename(_ boards.Permissions, args boards.Args) error {
47 caller, ok := args[0].(address)
48 if !ok {
49 return errors.New("expected a valid caller address")
50 }
51
52 newName, ok := args[3].(string)
53 if !ok {
54 return errors.New("expected new board name to be a string")
55 }
56
57 if err := checkBoardNameIsNotAddress(newName); err != nil {
58 return err
59 }
60
61 if err := checkBoardNameBelongsToAddress(caller, newName); err != nil {
62 return err
63 }
64 return nil
65}
66
67// validateMemberInvite validates PermissionMemberInvite.
68//
69// Expected `args` values:
70// 1. Caller address
71// 2. Board ID
72// 3. Invites
73func validateMemberInvite(perms boards.Permissions, args boards.Args) error {
74 caller, ok := args[0].(address)
75 if !ok {
76 return errors.New("expected a valid caller address")
77 }
78
79 invites, ok := args[2].([]Invite)
80 if !ok {
81 return errors.New("expected valid user invites")
82 }
83
84 // Make sure that only owners invite other owners
85 callerIsOwner := perms.HasRole(caller, RoleOwner)
86 for _, v := range invites {
87 if v.Role == RoleOwner && !callerIsOwner {
88 return errors.New("only owners are allowed to invite other owners")
89 }
90 }
91 return nil
92}
93
94// validateRoleChange validates PermissionRoleChange.
95//
96// Expected `args` values:
97// 1. Caller address
98// 2. Board ID
99// 3. Member address
100// 4. Role
101func validateRoleChange(perms boards.Permissions, args boards.Args) error {
102 caller, ok := args[0].(address)
103 if !ok {
104 return errors.New("expected a valid caller address")
105 }
106
107 // Owners and Admins can change roles.
108 // Admins should not be able to assign or remove the Owner role from members.
109 if perms.HasRole(caller, RoleAdmin) {
110 role, ok := args[3].(boards.Role)
111 if !ok {
112 return errors.New("expected a valid member role")
113 }
114
115 if role == RoleOwner {
116 return errors.New("admins are not allowed to promote members to Owner")
117 } else {
118 member, ok := args[2].(address)
119 if !ok {
120 return errors.New("expected a valid member address")
121 }
122
123 if perms.HasRole(member, RoleOwner) {
124 return errors.New("admins are not allowed to remove the Owner role")
125 }
126 }
127 }
128 return nil
129}
130
131func checkBoardNameIsNotAddress(s string) error {
132 if address(s).IsValid() {
133 return errors.New("addresses are not allowed as board name")
134 }
135 return nil
136}
137
138func checkBoardNameBelongsToAddress(owner address, name string) error {
139 // When the board name is the name of a registered user
140 // check that caller is the owner of the name.
141 user, _ := users.ResolveName(name)
142 if user != nil && user.Addr() != owner {
143 return errors.New("board name is a user name registered to a different user")
144 }
145 return nil
146}
