permissions_validators.gno
3.32 Kb ยท 144 lines
1package boards2
2
3import (
4 "errors"
5
6 "gno.land/r/sys/users"
7)
8
9// validateBoardCreate validates PermissionBoardCreate.
10//
11// Expected `args` values:
12// 1. Caller address
13// 2. Board name
14// 3. Board ID
15// 4. Is board listed
16func validateBoardCreate(_ Permissions, args Args) error {
17 caller, ok := args[0].(address)
18 if !ok {
19 return errors.New("expected a valid caller address")
20 }
21
22 name, ok := args[1].(string)
23 if !ok {
24 return errors.New("expected board name to be a string")
25 }
26
27 if err := checkBoardNameIsNotAddress(name); err != nil {
28 return err
29 }
30
31 if err := checkBoardNameBelongsToAddress(caller, name); err != nil {
32 return err
33 }
34 return nil
35}
36
37// validateBoardRename validates PermissionBoardRename.
38//
39// Expected `args` values:
40// 1. Caller address
41// 2. Board ID
42// 3. Current board name
43// 4. New board name
44func validateBoardRename(_ Permissions, args Args) error {
45 caller, ok := args[0].(address)
46 if !ok {
47 return errors.New("expected a valid caller address")
48 }
49
50 newName, ok := args[3].(string)
51 if !ok {
52 return errors.New("expected new board name to be a string")
53 }
54
55 if err := checkBoardNameIsNotAddress(newName); err != nil {
56 return err
57 }
58
59 if err := checkBoardNameBelongsToAddress(caller, newName); err != nil {
60 return err
61 }
62 return nil
63}
64
65// validateMemberInvite validates PermissionMemberInvite.
66//
67// Expected `args` values:
68// 1. Caller address
69// 2. Board ID
70// 3. Invites
71func validateMemberInvite(perms Permissions, args Args) error {
72 caller, ok := args[0].(address)
73 if !ok {
74 return errors.New("expected a valid caller address")
75 }
76
77 invites, ok := args[2].([]Invite)
78 if !ok {
79 return errors.New("expected valid user invites")
80 }
81
82 // Make sure that only owners invite other owners
83 callerIsOwner := perms.HasRole(caller, RoleOwner)
84 for _, v := range invites {
85 if v.Role == RoleOwner && !callerIsOwner {
86 return errors.New("only owners are allowed to invite other owners")
87 }
88 }
89 return nil
90}
91
92// validateRoleChange validates PermissionRoleChange.
93//
94// Expected `args` values:
95// 1. Caller address
96// 2. Board ID
97// 3. Member address
98// 4. Role
99func validateRoleChange(perms Permissions, args Args) error {
100 caller, ok := args[0].(address)
101 if !ok {
102 return errors.New("expected a valid caller address")
103 }
104
105 // Owners and Admins can change roles.
106 // Admins should not be able to assign or remove the Owner role from members.
107 if perms.HasRole(caller, RoleAdmin) {
108 role, ok := args[3].(Role)
109 if !ok {
110 return errors.New("expected a valid member role")
111 }
112
113 if role == RoleOwner {
114 return errors.New("admins are not allowed to promote members to Owner")
115 } else {
116 member, ok := args[2].(address)
117 if !ok {
118 return errors.New("expected a valid member address")
119 }
120
121 if perms.HasRole(member, RoleOwner) {
122 return errors.New("admins are not allowed to remove the Owner role")
123 }
124 }
125 }
126 return nil
127}
128
129func checkBoardNameIsNotAddress(s string) error {
130 if address(s).IsValid() {
131 return errors.New("addresses are not allowed as board name")
132 }
133 return nil
134}
135
136func checkBoardNameBelongsToAddress(owner address, name string) error {
137 // When the board name is the name of a registered user
138 // check that caller is the owner of the name.
139 user, _ := users.ResolveName(name)
140 if user != nil && user.Addr() != owner {
141 return errors.New("board name is a user name registered to a different user")
142 }
143 return nil
144}
