Skip to content

Commit

Permalink
Allow finalized marker manager to modify grants (#549)
Browse files Browse the repository at this point in the history
* Allow manager to adjust grants on finalized marker

* changelog
  • Loading branch information
iramiller authored Nov 18, 2021
1 parent 635cf92 commit 1b06702
Show file tree
Hide file tree
Showing 3 changed files with 17 additions and 10 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,7 @@ Ref: https://keepachangelog.com/en/1.0.0/
### Bug Fixes

* When deleting a scope, require the same permissions as when updating it [#473](https://github.com/provenance-io/provenance/issues/473)
* Allow manager to adjust grants on finalized markers [#545](https://github.com/provenance-io/provenance/issues/545)

## [v1.7.5](https://github.com/provenance-io/provenance/releases/tag/v1.7.5) - 2021-10-22

Expand Down
14 changes: 8 additions & 6 deletions x/marker/keeper/keeper_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -228,13 +228,15 @@ func TestAccountKeeperManageAccess(t *testing.T) {
_, err = app.MarkerKeeper.GetMarker(ctx, addr)
require.NoError(t, err)

// Grant access and check (fails on a Finalized marker without Admin grant)
require.Error(t, app.MarkerKeeper.AddAccess(ctx, user1, "testcoin",
types.NewAccessGrant(user2, []types.Access{types.Access_Mint})))
// Remove access fails for Finalized Marker without Admin grant
require.Error(t, app.MarkerKeeper.RemoveAccess(ctx, user1, "testcoin", user2))
// Manager can make changes to grants for finalized markers
require.NoError(t, app.MarkerKeeper.RemoveAccess(ctx, user1, "testcoin", user1))
require.NoError(t, app.MarkerKeeper.AddAccess(ctx, user1, "testcoin",
types.NewAccessGrant(user1, []types.Access{types.Access_Burn})))

// Admin can make changes to grants for active markers
// Unauthorized user can not manipulate finalized marker grants
require.Error(t, app.MarkerKeeper.RemoveAccess(ctx, user2, "testcoin", user1))

// Admin can make changes to grants for finalized markers
require.NoError(t, app.MarkerKeeper.AddAccess(ctx, admin, "testcoin",
types.NewAccessGrant(user2, []types.Access{types.Access_Mint, types.Access_Delete})))
_, err = app.MarkerKeeper.GetMarker(ctx, addr)
Expand Down
12 changes: 8 additions & 4 deletions x/marker/keeper/marker.go
Original file line number Diff line number Diff line change
Expand Up @@ -108,8 +108,10 @@ func (k Keeper) AddAccess(
switch m.GetStatus() {
// marker is fixed/active, assert permission to make changes by checking for Grant Permission
case types.StatusFinalized, types.StatusActive:
if !m.AddressHasAccess(caller, types.Access_Admin) && !k.accountControlsAllSupply(ctx, caller, m) {
return fmt.Errorf("%s is not authorized to make access list changes against active %s marker",
if !(caller.Equals(m.GetManager()) && m.GetStatus() == types.StatusFinalized) &&
!m.AddressHasAccess(caller, types.Access_Admin) &&
!k.accountControlsAllSupply(ctx, caller, m) {
return fmt.Errorf("%s is not authorized to make access list changes against finalized/active %s marker",
caller, m.GetDenom())
}
fallthrough
Expand Down Expand Up @@ -151,8 +153,10 @@ func (k Keeper) RemoveAccess(ctx sdk.Context, caller sdk.AccAddress, denom strin
switch m.GetStatus() {
// marker is fixed/active, assert permission to make changes by checking for Grant Permission
case types.StatusFinalized, types.StatusActive:
if !m.AddressHasAccess(caller, types.Access_Admin) && !k.accountControlsAllSupply(ctx, caller, m) {
return fmt.Errorf("%s is not authorized to make access list changes against active %s marker",
if !(caller.Equals(m.GetManager()) && m.GetStatus() == types.StatusFinalized) &&
!m.AddressHasAccess(caller, types.Access_Admin) &&
!k.accountControlsAllSupply(ctx, caller, m) {
return fmt.Errorf("%s is not authorized to make access list changes against finalized/active %s marker",
caller, m.GetDenom())
}
fallthrough
Expand Down

0 comments on commit 1b06702

Please sign in to comment.