permissions_validators_basic.gno
3.69 Kb · 156 lines
1package boards2
2
3import (
4 "errors"
5
6 "gno.land/p/gnoland/boards"
7
8 "gno.land/r/sys/users"
9)
10
11// validateBasicBoardCreate validates PermissionBoardCreate.
12//
13// Expected `args` values:
14// 1. Caller address
15// 2. Board name
16// 3. Board ID
17// 4. Is board listed
18// 5. Is board open
19func validateBasicBoardCreate(perms boards.Permissions, args boards.Args) error {
20 caller, ok := args[0].(address)
21 if !ok {
22 return errors.New("expected a valid caller address")
23 }
24
25 name, ok := args[1].(string)
26 if !ok {
27 return errors.New("expected board name to be a string")
28 }
29
30 open, ok := args[4].(bool)
31 if !ok {
32 return errors.New("expected board open flag to be a boolean")
33 }
34
35 if open && !perms.HasRole(caller, RoleOwner) {
36 return errors.New("only owners can create open boards")
37 }
38
39 if err := checkBoardNameIsNotAddress(name); err != nil {
40 return err
41 }
42
43 if err := checkBoardNameBelongsToAddress(caller, name); err != nil {
44 return err
45 }
46 return nil
47}
48
49// validateBasicBoardRename validates PermissionBoardRename.
50//
51// Expected `args` values:
52// 1. Caller address
53// 2. Board ID
54// 3. Current board name
55// 4. New board name
56func validateBasicBoardRename(_ boards.Permissions, args boards.Args) error {
57 caller, ok := args[0].(address)
58 if !ok {
59 return errors.New("expected a valid caller address")
60 }
61
62 newName, ok := args[3].(string)
63 if !ok {
64 return errors.New("expected new board name to be a string")
65 }
66
67 if err := checkBoardNameIsNotAddress(newName); err != nil {
68 return err
69 }
70
71 if err := checkBoardNameBelongsToAddress(caller, newName); err != nil {
72 return err
73 }
74 return nil
75}
76
77// validateBasicMemberInvite validates PermissionMemberInvite.
78//
79// Expected `args` values:
80// 1. Caller address
81// 2. Board ID
82// 3. Invites
83func validateBasicMemberInvite(perms boards.Permissions, args boards.Args) error {
84 caller, ok := args[0].(address)
85 if !ok {
86 return errors.New("expected a valid caller address")
87 }
88
89 invites, ok := args[2].([]Invite)
90 if !ok {
91 return errors.New("expected valid user invites")
92 }
93
94 // Make sure that only owners invite other owners
95 callerIsOwner := perms.HasRole(caller, RoleOwner)
96 for _, v := range invites {
97 if v.Role == RoleOwner && !callerIsOwner {
98 return errors.New("only owners are allowed to invite other owners")
99 }
100 }
101 return nil
102}
103
104// validateBasicRoleChange validates PermissionRoleChange.
105//
106// Expected `args` values:
107// 1. Caller address
108// 2. Board ID
109// 3. Member address
110// 4. Role
111func validateBasicRoleChange(perms boards.Permissions, args boards.Args) error {
112 caller, ok := args[0].(address)
113 if !ok {
114 return errors.New("expected a valid caller address")
115 }
116
117 // Owners and Admins can change roles.
118 // Admins should not be able to assign or remove the Owner role from members.
119 if perms.HasRole(caller, RoleAdmin) {
120 role, ok := args[3].(boards.Role)
121 if !ok {
122 return errors.New("expected a valid member role")
123 }
124
125 if role == RoleOwner {
126 return errors.New("admins are not allowed to promote members to Owner")
127 } else {
128 member, ok := args[2].(address)
129 if !ok {
130 return errors.New("expected a valid member address")
131 }
132
133 if perms.HasRole(member, RoleOwner) {
134 return errors.New("admins are not allowed to remove the Owner role")
135 }
136 }
137 }
138 return nil
139}
140
141func checkBoardNameIsNotAddress(s string) error {
142 if address(s).IsValid() {
143 return errors.New("addresses are not allowed as board name")
144 }
145 return nil
146}
147
148func checkBoardNameBelongsToAddress(owner address, name string) error {
149 // When the board name is the name of a registered user
150 // check that caller is the owner of the name.
151 user, _ := users.ResolveName(name)
152 if user != nil && user.Addr() != owner {
153 return errors.New("board name is a user name registered to a different user")
154 }
155 return nil
156}
