permissions_validators.gno
2.32 Kb ยท 102 lines
1package boards2
2
3import (
4 "chain/runtime"
5 "errors"
6)
7
8// validateBoardCreate validates PermissionBoardCreate.
9//
10// Expected `args` values:
11// 1. Board name
12// 2. Board ID
13// 3. Is board listed
14func validateBoardCreate(_ Permissions, args Args) error {
15 name, ok := args[0].(string)
16 if !ok {
17 return errors.New("expected board name to be a string")
18 }
19
20 if err := checkBoardNameIsNotAddress(name); err != nil {
21 return err
22 }
23
24 if err := checkBoardNameBelongsToCaller(name); err != nil {
25 return err
26 }
27 return nil
28}
29
30// validateBoardRename validates PermissionBoardRename.
31//
32// Expected `args` values:
33// 1. Board ID
34// 2. Current board name
35// 3. New board name
36func validateBoardRename(_ Permissions, args Args) error {
37 newName, ok := args[2].(string)
38 if !ok {
39 return errors.New("expected new board name to be a string")
40 }
41
42 if err := checkBoardNameIsNotAddress(newName); err != nil {
43 return err
44 }
45
46 if err := checkBoardNameBelongsToCaller(newName); err != nil {
47 return err
48 }
49 return nil
50}
51
52// validateMemberInvite validates PermissionMemberInvite.
53//
54// Expected `args` values:
55// 1. Board ID
56// 2. User address
57// 3. Role
58func validateMemberInvite(perms Permissions, args Args) error {
59 // Make sure that only owners invite other owners
60 role, ok := args[2].(Role)
61 if !ok {
62 return errors.New("expected a valid new member role")
63 }
64
65 if role == RoleOwner {
66 if !perms.HasRole(runtime.PreviousRealm().Address(), RoleOwner) {
67 return errors.New("only owners are allowed to invite other owners")
68 }
69 }
70 return nil
71}
72
73// validateRoleChange validates PermissionRoleChange.
74//
75// Expected `args` values:
76// 1. Board ID
77// 2. Member address
78// 3. Role
79func validateRoleChange(perms Permissions, args Args) error {
80 // Owners and Admins can change roles.
81 // Admins should not be able to assign or remove the Owner role from members.
82 if perms.HasRole(runtime.PreviousRealm().Address(), RoleAdmin) {
83 role, ok := args[2].(Role)
84 if !ok {
85 return errors.New("expected a valid member role")
86 }
87
88 if role == RoleOwner {
89 return errors.New("admins are not allowed to promote members to Owner")
90 } else {
91 member, ok := args[1].(address)
92 if !ok {
93 return errors.New("expected a valid member address")
94 }
95
96 if perms.HasRole(member, RoleOwner) {
97 return errors.New("admins are not allowed to remove the Owner role")
98 }
99 }
100 }
101 return nil
102}
