diff --git a/client/benches/tps/utils.rs b/client/benches/tps/utils.rs index 96b4b7ad1f4..94a4e5a95de 100644 --- a/client/benches/tps/utils.rs +++ b/client/benches/tps/utils.rs @@ -44,7 +44,7 @@ impl Config { pub fn measure(self) -> Result { // READY - let (_rt, network, client) = Network::start_test_with_runtime( + let (_rt, network, _client) = Network::start_test_with_runtime( NetworkOptions::with_n_peers(self.peers) .with_max_txs_in_block(self.max_txs_per_block.try_into().unwrap()), ); diff --git a/client/src/client.rs b/client/src/client.rs index 1e698bfbf6b..4840144e195 100644 --- a/client/src/client.rs +++ b/client/src/client.rs @@ -1517,10 +1517,10 @@ pub mod permission { //! Module with queries for permission tokens use super::*; - /// Construct a query to get all [`PermissionToken`] granted + /// Construct a query to get all [`Permission`] granted /// to account with given [`Id`][AccountId] - pub fn by_account_id(account_id: AccountId) -> FindPermissionTokensByAccountId { - FindPermissionTokensByAccountId::new(account_id) + pub fn by_account_id(account_id: AccountId) -> FindPermissionsByAccountId { + FindPermissionsByAccountId::new(account_id) } } diff --git a/client/tests/integration/asset.rs b/client/tests/integration/asset.rs index b6ca37c691e..b5912ddf528 100644 --- a/client/tests/integration/asset.rs +++ b/client/tests/integration/asset.rs @@ -296,7 +296,7 @@ fn find_rate_and_make_exchange_isi_should_succeed() { let alice_id = ALICE_ID.clone(); let alice_can_transfer_asset = |asset_id: AssetId, owner_key_pair: KeyPair| { let instruction = Grant::permission( - PermissionToken::new( + Permission::new( "CanTransferUserAsset".parse().unwrap(), &json!({ "asset_id": asset_id }), ), diff --git a/client/tests/integration/domain_owner_permissions.rs b/client/tests/integration/domain_owner_permissions.rs index 0e64d8667c0..4d78db1fd79 100644 --- a/client/tests/integration/domain_owner_permissions.rs +++ b/client/tests/integration/domain_owner_permissions.rs @@ -46,7 +46,7 @@ fn domain_owner_domain_permissions() -> Result<()> { test_client.submit_blocking(Unregister::asset_definition(coin_id))?; // Granting a respective token also allows "bob@kingdom" to do so - let token = PermissionToken::new( + let token = Permission::new( "CanRegisterAssetDefinitionInDomain".parse().unwrap(), &json!({ "domain_id": kingdom_id }), ); @@ -64,7 +64,7 @@ fn domain_owner_domain_permissions() -> Result<()> { test_client.submit_blocking(RemoveKeyValue::domain(kingdom_id.clone(), key))?; // check that "alice@wonderland" as owner of domain can grant and revoke domain related permission tokens - let token = PermissionToken::new( + let token = Permission::new( "CanUnregisterDomain".parse().unwrap(), &json!({ "domain_id": kingdom_id }), ); @@ -104,7 +104,7 @@ fn domain_owner_account_permissions() -> Result<()> { // check that "alice@wonderland" as owner of domain can grant and revoke account related permission tokens in her domain let bob_id = BOB_ID.clone(); - let token = PermissionToken::new( + let token = Permission::new( "CanUnregisterAccount".parse().unwrap(), &json!({ "account_id": mad_hatter_id }), ); @@ -139,7 +139,7 @@ fn domain_owner_asset_definition_permissions() -> Result<()> { test_client.submit_blocking(Register::account(rabbit))?; // Grant permission to register asset definitions to "bob@kingdom" - let token = PermissionToken::new( + let token = Permission::new( "CanRegisterAssetDefinitionInDomain".parse().unwrap(), &json!({ "domain_id": kingdom_id }), ); @@ -170,7 +170,7 @@ fn domain_owner_asset_definition_permissions() -> Result<()> { test_client.submit_blocking(RemoveKeyValue::asset_definition(coin_id.clone(), key))?; // check that "alice@wonderland" as owner of domain can grant and revoke asset definition related permission tokens in her domain - let token = PermissionToken::new( + let token = Permission::new( "CanUnregisterAssetDefinition".parse().unwrap(), &json!({ "asset_definition_id": coin_id }), ); @@ -204,7 +204,7 @@ fn domain_owner_asset_permissions() -> Result<()> { test_client.submit_blocking(Register::account(bob))?; // Grant permission to register asset definitions to "bob@kingdom" - let token = PermissionToken::new( + let token = Permission::new( "CanRegisterAssetDefinitionInDomain".parse().unwrap(), &json!({ "domain_id": kingdom_id }), ); @@ -240,7 +240,7 @@ fn domain_owner_asset_permissions() -> Result<()> { test_client.submit_blocking(RemoveKeyValue::asset(bob_store_id.clone(), key))?; // check that "alice@wonderland" as owner of domain can grant and revoke asset related permission tokens in her domain - let token = PermissionToken::new( + let token = Permission::new( "CanUnregisterUserAsset".parse().unwrap(), &json!({ "asset_id": bob_store_id }), ); @@ -291,7 +291,7 @@ fn domain_owner_trigger_permissions() -> Result<()> { let _result = test_client.submit_blocking(execute_trigger)?; // check that "alice@wonderland" as owner of domain can grant and revoke trigger related permission tokens in her domain - let token = PermissionToken::new( + let token = Permission::new( "CanUnregisterUserTrigger".parse().unwrap(), &json!({ "trigger_id": trigger_id }), ); diff --git a/client/tests/integration/events/data.rs b/client/tests/integration/events/data.rs index 1c6fdcfe0b8..7dcbe278d2c 100644 --- a/client/tests/integration/events/data.rs +++ b/client/tests/integration/events/data.rs @@ -199,11 +199,11 @@ fn produce_multiple_events() -> Result<()> { // Registering role let alice_id = ALICE_ID.clone(); let role_id = RoleId::from_str("TEST_ROLE")?; - let token_1 = PermissionToken::new( + let token_1 = Permission::new( "CanRemoveKeyValueInAccount".parse()?, &json!({ "account_id": alice_id }), ); - let token_2 = PermissionToken::new( + let token_2 = Permission::new( "CanSetKeyValueInAccount".parse()?, &json!({ "account_id": alice_id }), ); @@ -240,13 +240,13 @@ fn produce_multiple_events() -> Result<()> { DataEvent::Domain(DomainEvent::Account(AccountEvent::PermissionAdded( AccountPermissionChanged { account_id: bob_id.clone(), - permission_id: token_1.definition_id.clone(), + permission_id: token_1.id.clone(), }, ))), DataEvent::Domain(DomainEvent::Account(AccountEvent::PermissionAdded( AccountPermissionChanged { account_id: bob_id.clone(), - permission_id: token_2.definition_id.clone(), + permission_id: token_2.id.clone(), }, ))), DataEvent::Domain(DomainEvent::Account(AccountEvent::RoleGranted( @@ -258,13 +258,13 @@ fn produce_multiple_events() -> Result<()> { DataEvent::Domain(DomainEvent::Account(AccountEvent::PermissionRemoved( AccountPermissionChanged { account_id: bob_id.clone(), - permission_id: token_1.definition_id, + permission_id: token_1.id, }, ))), DataEvent::Domain(DomainEvent::Account(AccountEvent::PermissionRemoved( AccountPermissionChanged { account_id: bob_id.clone(), - permission_id: token_2.definition_id, + permission_id: token_2.id, }, ))), DataEvent::Domain(DomainEvent::Account(AccountEvent::RoleRevoked( diff --git a/client/tests/integration/parameters.rs b/client/tests/integration/parameters.rs index da08cf6b2b2..290babbb2b9 100644 --- a/client/tests/integration/parameters.rs +++ b/client/tests/integration/parameters.rs @@ -1,4 +1,4 @@ -use std::{collections::BTreeSet, str::FromStr}; +use std::collections::BTreeSet; use eyre::Result; use iroha_client::{client, data_model::prelude::*}; @@ -13,11 +13,16 @@ fn playing_with_custom_parameter() -> Result<()> { assert!( client .request(client::executor::data_model())? - .parameter_ids() + .parameters() .is_empty(), "existing parameters should be empty" ); + // Registering some domain while there is no prefix requirement + client + .submit_blocking(Register::domain(Domain::new("axolotl".parse().unwrap()))) + .expect("should be fine"); + let _err = client .submit_blocking(SetParameter::new(Parameter::new( "Whatever".parse().unwrap(), @@ -25,30 +30,23 @@ fn playing_with_custom_parameter() -> Result<()> { ))) .expect_err("should not allow setting unknown parameters"); - // Registering some domain while there is no prefix requirement - client - .submit_blocking(Register::domain(Domain::new("axolotl".parse().unwrap()))) - .expect("should be fine"); - super::upgrade::upgrade_executor( &client, "tests/integration/smartcontracts/executor_with_custom_parameter", )?; assert_eq!( - *client - .request(client::executor::data_model())? - .parameter_ids(), + *client.request(client::executor::data_model())?.parameters(), ["EnforceDomainPrefix"] .into_iter() .map(|x| ParameterId::new(x.parse().unwrap())) .collect::>(), - "data model should have these parameters after upgrade" + "data model should have this set of parameters after upgrade" ); let parameter = Parameter::new( "EnforceDomainPrefix".parse().unwrap(), - json!({ "prefix": "disnay_" }), + json!({ "prefix": "disney_" }), ); client @@ -73,11 +71,11 @@ fn playing_with_custom_parameter() -> Result<()> { let _err = client .submit_blocking(Register::domain(Domain::new("land".parse().unwrap()))) - .expect_err("should fail since `land` is not prefixed with `disnay_`"); + .expect_err("should fail since `land` is not prefixed with `disney_`"); client .submit_blocking(Register::domain(Domain::new( - "disnay_land".parse().unwrap(), + "disney_land".parse().unwrap(), ))) .expect("should be fine, since we used prefix according to the parameter"); diff --git a/client/tests/integration/permissions.rs b/client/tests/integration/permissions.rs index 3287d6d4d6c..7aebf8f5e35 100644 --- a/client/tests/integration/permissions.rs +++ b/client/tests/integration/permissions.rs @@ -7,7 +7,7 @@ use iroha_client::{ data_model::prelude::*, }; use iroha_data_model::{ - permission::PermissionToken, role::RoleId, transaction::error::TransactionRejectionReason, + permission::Permission, role::RoleId, transaction::error::TransactionRejectionReason, }; use iroha_genesis::GenesisNetwork; use serde_json::json; @@ -22,7 +22,7 @@ fn genesis_transactions_are_validated() { // Setting up genesis let genesis = GenesisNetwork::test_with_instructions([Grant::permission( - PermissionToken::new("InvalidToken".parse().unwrap(), &json!(null)), + Permission::new("InvalidToken".parse().unwrap(), &json!(null)), ALICE_ID.clone(), ) .into()]); @@ -230,7 +230,7 @@ fn permissions_differ_not_only_by_names() { // Granting permission to Alice to modify metadata in Mouse's hats let mouse_hat_id = AssetId::new(hat_definition_id, mouse_id.clone()); let allow_alice_to_set_key_value_in_hats = Grant::permission( - PermissionToken::new( + Permission::new( "CanSetKeyValueInUserAsset".parse().unwrap(), &json!({ "asset_id": mouse_hat_id }), ), @@ -266,7 +266,7 @@ fn permissions_differ_not_only_by_names() { // Granting permission to Alice to modify metadata in Mouse's shoes let allow_alice_to_set_key_value_in_shoes = Grant::permission( - PermissionToken::new( + Permission::new( "CanSetKeyValueInUserAsset".parse().unwrap(), &json!({ "asset_id": mouse_shoes_id }), ), @@ -315,7 +315,7 @@ fn stored_vs_granted_token_payload() -> Result<()> { // Allow alice to mint mouse asset and mint initial value let mouse_asset = AssetId::new(asset_definition_id, mouse_id.clone()); let allow_alice_to_set_key_value_in_mouse_asset = Grant::permission( - PermissionToken::new( + Permission::new( "CanSetKeyValueInUserAsset".parse().unwrap(), json!({ "asset_id": format!("xor#wonderland#{mouse_id}") }), ), @@ -340,7 +340,7 @@ fn stored_vs_granted_token_payload() -> Result<()> { #[test] #[allow(deprecated)] -fn permission_tokens_are_unified() { +fn permissions_are_unified() { let (_rt, _peer, iroha_client) = ::new().with_port(11_230).start_with_runtime(); wait_for_genesis_committed(&[iroha_client.clone()], 0); @@ -348,7 +348,7 @@ fn permission_tokens_are_unified() { let alice_id = ALICE_ID.clone(); let allow_alice_to_transfer_rose_1 = Grant::permission( - PermissionToken::new( + Permission::new( "CanTransferUserAsset".parse().unwrap(), json!({ "asset_id": format!("rose#wonderland#{alice_id}") }), ), @@ -356,7 +356,7 @@ fn permission_tokens_are_unified() { ); let allow_alice_to_transfer_rose_2 = Grant::permission( - PermissionToken::new( + Permission::new( "CanTransferUserAsset".parse().unwrap(), // different content, but same meaning json!({ "asset_id": format!("rose##{alice_id}") }), @@ -374,7 +374,7 @@ fn permission_tokens_are_unified() { } #[test] -fn associated_permission_tokens_removed_on_unregister() { +fn associated_permissions_removed_on_unregister() { let (_rt, _peer, iroha_client) = ::new().with_port(11_240).start_with_runtime(); wait_for_genesis_committed(&[iroha_client.clone()], 0); @@ -384,7 +384,7 @@ fn associated_permission_tokens_removed_on_unregister() { // register kingdom and give bob permissions in this domain let register_domain = Register::domain(kingdom); - let bob_to_set_kv_in_domain_token = PermissionToken::new( + let bob_to_set_kv_in_domain_token = Permission::new( "CanSetKeyValueInDomain".parse().unwrap(), &json!({ "domain_id": kingdom_id }), ); @@ -401,7 +401,7 @@ fn associated_permission_tokens_removed_on_unregister() { // check that bob indeed have granted permission assert!(iroha_client .request(client::permission::by_account_id(bob_id.clone())) - .and_then(std::iter::Iterator::collect::>>) + .and_then(std::iter::Iterator::collect::>>) .expect("failed to get permissions for bob") .into_iter() .any(|token| { token == bob_to_set_kv_in_domain_token })); @@ -414,14 +414,14 @@ fn associated_permission_tokens_removed_on_unregister() { // check that permission is removed from bob assert!(iroha_client .request(client::permission::by_account_id(bob_id)) - .and_then(std::iter::Iterator::collect::>>) + .and_then(std::iter::Iterator::collect::>>) .expect("failed to get permissions for bob") .into_iter() .all(|token| { token != bob_to_set_kv_in_domain_token })); } #[test] -fn associated_permission_tokens_removed_from_role_on_unregister() { +fn associated_permissions_removed_from_role_on_unregister() { let (_rt, _peer, iroha_client) = ::new().with_port(11_255).start_with_runtime(); wait_for_genesis_committed(&[iroha_client.clone()], 0); @@ -431,7 +431,7 @@ fn associated_permission_tokens_removed_from_role_on_unregister() { // register kingdom and give bob permissions in this domain let register_domain = Register::domain(kingdom); - let set_kv_in_domain_token = PermissionToken::new( + let set_kv_in_domain_token = Permission::new( "CanSetKeyValueInDomain".parse().unwrap(), &json!({ "domain_id": kingdom_id }), ); diff --git a/client/tests/integration/queries/role.rs b/client/tests/integration/queries/role.rs index 76de3ef1681..80391bbf673 100644 --- a/client/tests/integration/queries/role.rs +++ b/client/tests/integration/queries/role.rs @@ -131,7 +131,7 @@ fn find_roles_by_account_id() -> Result<()> { .iter() .cloned() .map(|role_id| { - Register::role(Role::new(role_id).add_permission(PermissionToken::new( + Register::role(Role::new(role_id).add_permission(Permission::new( "CanSetKeyValueInAccount".parse().unwrap(), &json!({ "account_id": alice_id }), ))) diff --git a/client/tests/integration/roles.rs b/client/tests/integration/roles.rs index 59115e89269..a27875fff2a 100644 --- a/client/tests/integration/roles.rs +++ b/client/tests/integration/roles.rs @@ -28,7 +28,7 @@ fn register_role_with_empty_token_params() -> Result<()> { wait_for_genesis_committed(&vec![test_client.clone()], 0); let role_id = "root".parse().expect("Valid"); - let token = PermissionToken::new("token".parse()?, &json!(null)); + let token = Permission::new("token".parse()?, &json!(null)); let role = Role::new(role_id).add_permission(token); test_client.submit(Register::role(role))?; @@ -62,11 +62,11 @@ fn register_and_grant_role_for_metadata_access() -> Result<()> { // Registering role let role_id = RoleId::from_str("ACCESS_TO_MOUSE_METADATA")?; let role = Role::new(role_id.clone()) - .add_permission(PermissionToken::new( + .add_permission(Permission::new( "CanSetKeyValueInAccount".parse()?, &json!({ "account_id": mouse_id }), )) - .add_permission(PermissionToken::new( + .add_permission(Permission::new( "CanRemoveKeyValueInAccount".parse()?, &json!({ "account_id": mouse_id }), )); @@ -111,12 +111,10 @@ fn unregistered_role_removed_from_account() -> Result<()> { test_client.submit_blocking(register_mouse)?; // Register root role - let register_role = Register::role(Role::new(role_id.clone()).add_permission( - PermissionToken::new( - "CanSetKeyValueInAccount".parse()?, - &json!({ "account_id": alice_id }), - ), - )); + let register_role = Register::role(Role::new(role_id.clone()).add_permission(Permission::new( + "CanSetKeyValueInAccount".parse()?, + &json!({ "account_id": alice_id }), + ))); test_client.submit_blocking(register_role)?; // Grant root role to Mouse @@ -151,7 +149,7 @@ fn role_with_invalid_permissions_is_not_accepted() -> Result<()> { let rose_asset_id: AssetId = format!("rose##{}", ALICE_ID.clone()) .parse() .expect("should be valid"); - let role = Role::new(role_id).add_permission(PermissionToken::new( + let role = Role::new(role_id).add_permission(Permission::new( "CanSetKeyValueInAccount".parse()?, &json!({ "account_id": rose_asset_id }), )); @@ -178,13 +176,13 @@ fn role_permissions_are_deduplicated() { let (_rt, _peer, test_client) = ::new().with_port(11_235).start_with_runtime(); wait_for_genesis_committed(&vec![test_client.clone()], 0); - let allow_alice_to_transfer_rose_1 = PermissionToken::new( + let allow_alice_to_transfer_rose_1 = Permission::new( "CanTransferUserAsset".parse().unwrap(), json!({ "asset_id": "rose#wonderland#ed0120CE7FA46C9DCE7EA4B125E2E36BDB63EA33073E7590AC92816AE1E861B7048B03@wonderland" }), ); // Different content, but same meaning - let allow_alice_to_transfer_rose_2 = PermissionToken::new( + let allow_alice_to_transfer_rose_2 = Permission::new( "CanTransferUserAsset".parse().unwrap(), json!({ "asset_id": "rose##ed0120CE7FA46C9DCE7EA4B125E2E36BDB63EA33073E7590AC92816AE1E861B7048B03@wonderland" }), ); @@ -247,7 +245,7 @@ fn grant_revoke_role_permissions() -> Result<()> { Name::from_str("key").expect("Valid"), "value".to_owned(), ); - let permission = PermissionToken::new( + let permission = Permission::new( "CanSetKeyValueInAccount".parse()?, &json!({ "account_id": mouse_id }), ); @@ -256,7 +254,7 @@ fn grant_revoke_role_permissions() -> Result<()> { // Alice can't modify Mouse's metadata without proper permission token let found_permissions = test_client - .request(FindPermissionTokensByAccountId::new(alice_id.clone()))? + .request(FindPermissionsByAccountId::new(alice_id.clone()))? .collect::>>()?; assert!(!found_permissions.contains(&permission)); let _ = test_client @@ -269,7 +267,7 @@ fn grant_revoke_role_permissions() -> Result<()> { .sign(&mouse_keypair); test_client.submit_transaction_blocking(&grant_role_permission_tx)?; let found_permissions = test_client - .request(FindPermissionTokensByAccountId::new(alice_id.clone()))? + .request(FindPermissionsByAccountId::new(alice_id.clone()))? .collect::>>()?; assert!(found_permissions.contains(&permission)); test_client.submit_blocking(set_key_value.clone())?; @@ -280,7 +278,7 @@ fn grant_revoke_role_permissions() -> Result<()> { .sign(&mouse_keypair); test_client.submit_transaction_blocking(&revoke_role_permission_tx)?; let found_permissions = test_client - .request(FindPermissionTokensByAccountId::new(alice_id.clone()))? + .request(FindPermissionsByAccountId::new(alice_id.clone()))? .collect::>>()?; assert!(!found_permissions.contains(&permission)); let _ = test_client diff --git a/client/tests/integration/smartcontracts/Cargo.toml b/client/tests/integration/smartcontracts/Cargo.toml index c854b42fe45..a9433d0a026 100644 --- a/client/tests/integration/smartcontracts/Cargo.toml +++ b/client/tests/integration/smartcontracts/Cargo.toml @@ -13,8 +13,8 @@ members = [ "mint_rose_trigger", "executor_with_admin", "executor_with_custom_parameter", - "executor_with_custom_token", - "executor_remove_token", + "executor_with_custom_permission", + "executor_remove_permission", "executor_with_migration_fail", "query_assets_and_save_cursor", "smart_contract_can_filter_queries", diff --git a/client/tests/integration/smartcontracts/executor_remove_token/Cargo.toml b/client/tests/integration/smartcontracts/executor_remove_permission/Cargo.toml similarity index 92% rename from client/tests/integration/smartcontracts/executor_remove_token/Cargo.toml rename to client/tests/integration/smartcontracts/executor_remove_permission/Cargo.toml index ce62e8c1150..d398a628f36 100644 --- a/client/tests/integration/smartcontracts/executor_remove_token/Cargo.toml +++ b/client/tests/integration/smartcontracts/executor_remove_permission/Cargo.toml @@ -1,5 +1,5 @@ [package] -name = "executor_remove_token" +name = "executor_remove_permission" edition.workspace = true version.workspace = true diff --git a/client/tests/integration/smartcontracts/executor_remove_token/src/lib.rs b/client/tests/integration/smartcontracts/executor_remove_permission/src/lib.rs similarity index 80% rename from client/tests/integration/smartcontracts/executor_remove_token/src/lib.rs rename to client/tests/integration/smartcontracts/executor_remove_permission/src/lib.rs index ee75694744d..0ce2750ae74 100644 --- a/client/tests/integration/smartcontracts/executor_remove_token/src/lib.rs +++ b/client/tests/integration/smartcontracts/executor_remove_permission/src/lib.rs @@ -7,7 +7,9 @@ extern crate alloc; #[cfg(not(test))] extern crate panic_halt; -use iroha_executor::{default::tokens::domain::CanUnregisterDomain, prelude::*, DataModelBuilder}; +use iroha_executor::{ + default::permissions::domain::CanUnregisterDomain, prelude::*, DataModelBuilder, +}; use lol_alloc::{FreeListAllocator, LockedAllocator}; #[global_allocator] @@ -26,8 +28,8 @@ pub fn migrate(_block_height: u64) -> MigrationResult { // Note that actually migration will reset token schema to default (minus `CanUnregisterDomain`) // So any added custom permission tokens will be also removed let mut data_model = DataModelBuilder::new(); - data_model.extend_with_default_permission_tokens(); - data_model.remove_permission_token::(); + data_model.extend_with_default_permissions(); + data_model.remove_permission::(); iroha_executor::set_data_model(&data_model.serialize()); diff --git a/client/tests/integration/smartcontracts/executor_with_custom_parameter/src/lib.rs b/client/tests/integration/smartcontracts/executor_with_custom_parameter/src/lib.rs index d0c7a66ed43..be80ef5c22c 100644 --- a/client/tests/integration/smartcontracts/executor_with_custom_parameter/src/lib.rs +++ b/client/tests/integration/smartcontracts/executor_with_custom_parameter/src/lib.rs @@ -57,12 +57,10 @@ struct EnforceDomainPrefix { prefix: String, } -impl iroha_executor::parameter::Parameter for EnforceDomainPrefix {} +impl Parameter for EnforceDomainPrefix {} #[entrypoint] pub fn migrate(_block_height: u64) -> MigrationResult { - // Note that actually migration will reset token schema to default (minus `CanUnregisterDomain`) - // So any added custom permission tokens will be also removed let mut data_model = DataModelBuilder::new(); data_model.add_parameter::(); iroha_executor::set_data_model(&data_model.serialize()); diff --git a/client/tests/integration/smartcontracts/executor_with_custom_token/Cargo.toml b/client/tests/integration/smartcontracts/executor_with_custom_permission/Cargo.toml similarity index 91% rename from client/tests/integration/smartcontracts/executor_with_custom_token/Cargo.toml rename to client/tests/integration/smartcontracts/executor_with_custom_permission/Cargo.toml index 8d84b43f5f5..debb74dae44 100644 --- a/client/tests/integration/smartcontracts/executor_with_custom_token/Cargo.toml +++ b/client/tests/integration/smartcontracts/executor_with_custom_permission/Cargo.toml @@ -1,5 +1,5 @@ [package] -name = "executor_with_custom_token" +name = "executor_with_custom_permission" edition.workspace = true version.workspace = true diff --git a/client/tests/integration/smartcontracts/executor_with_custom_token/src/lib.rs b/client/tests/integration/smartcontracts/executor_with_custom_permission/src/lib.rs similarity index 85% rename from client/tests/integration/smartcontracts/executor_with_custom_token/src/lib.rs rename to client/tests/integration/smartcontracts/executor_with_custom_permission/src/lib.rs index d314ff778fb..1a68f8abdab 100644 --- a/client/tests/integration/smartcontracts/executor_with_custom_token/src/lib.rs +++ b/client/tests/integration/smartcontracts/executor_with_custom_permission/src/lib.rs @@ -3,9 +3,9 @@ //! //! This executor should be applied on top of the blockchain with default validation. //! -//! It also doesn't have [`iroha_executor::default::tokens::domain::CanUnregisterDomain`]. +//! It also doesn't have [`iroha_executor::default::permissions::domain::CanUnregisterDomain`]. //! -//! In migration it replaces [`iroha_executor::default::tokens::domain::CanUnregisterDomain`] +//! In migration it replaces [`iroha_executor::default::permissions::domain::CanUnregisterDomain`] //! with [`token::CanControlDomainLives`] for all accounts. //! So it doesn't matter which domain user was able to unregister before migration, they will //! get access to control all domains. Remember that this is just a test example. @@ -19,7 +19,7 @@ extern crate panic_halt; use alloc::string::String; use anyhow::anyhow; -use iroha_executor::{permission::Token as _, prelude::*, DataModelBuilder}; +use iroha_executor::{permission::Permission as _, prelude::*, DataModelBuilder}; use iroha_schema::IntoSchema; use lol_alloc::{FreeListAllocator, LockedAllocator}; use parity_scale_codec::{Decode, Encode}; @@ -74,7 +74,7 @@ impl Executor { let account = account.map_err(|error| { format!("{:?}", anyhow!(error).context("Failed to get account")) })?; - let permission_tokens = FindPermissionTokensByAccountId::new(account.id().clone()) + let permissions = FindPermissionsByAccountId::new(account.id().clone()) .execute() .map_err(|error| { format!( @@ -86,7 +86,7 @@ impl Executor { ) })?; - for token in permission_tokens { + for token in permissions { let token = token.map_err(|error| { format!( "{:?}", @@ -95,7 +95,7 @@ impl Executor { })?; if let Ok(can_unregister_domain_token) = - iroha_executor::default::tokens::domain::CanUnregisterDomain::try_from_object( + iroha_executor::default::permissions::domain::CanUnregisterDomain::try_from_object( &token, ) { @@ -110,7 +110,7 @@ impl Executor { fn replace_token(accounts: &[(Account, DomainId)]) -> MigrationResult { let can_unregister_domain_definition_id = - iroha_executor::default::tokens::domain::CanUnregisterDomain::definition_id(); + iroha_executor::default::permissions::domain::CanUnregisterDomain::definition_id(); let can_control_domain_lives_definition_id = token::CanControlDomainLives::definition_id(); @@ -118,7 +118,7 @@ impl Executor { .iter() .try_for_each(|(account, domain_id)| { Revoke::permission( - PermissionToken::new( + Permission::new( can_unregister_domain_definition_id.clone(), &json!({ "domain_id": domain_id }), ), @@ -137,10 +137,7 @@ impl Executor { })?; Grant::permission( - PermissionToken::new( - can_control_domain_lives_definition_id.clone(), - &json!(null), - ), + Permission::new(can_control_domain_lives_definition_id.clone(), &json!(null)), account.id().clone(), ) .execute() @@ -202,10 +199,10 @@ pub fn migrate(_block_height: u64) -> MigrationResult { let accounts = Executor::get_all_accounts_with_can_unregister_domain_permission()?; let mut data_model = DataModelBuilder::new(); - data_model.extend_with_default_permission_tokens(); + data_model.extend_with_default_permissions(); data_model - .remove_permission_token::(); - data_model.add_permission_token::(); + .remove_permission::(); + data_model.add_permission::(); iroha_executor::set_data_model(&data_model.serialize()); diff --git a/client/tests/integration/upgrade.rs b/client/tests/integration/upgrade.rs index 2bb2e5d28f4..e335e2afce5 100644 --- a/client/tests/integration/upgrade.rs +++ b/client/tests/integration/upgrade.rs @@ -78,46 +78,46 @@ fn executor_upgrade_should_run_migration() -> Result<()> { // Check that `CanUnregisterDomain` exists let definitions = client.request(FindExecutorDataModel)?; assert!(definitions - .permission_token_ids() + .permissions() .iter() .any(|id| id == &can_unregister_domain_token_id)); // Check that Alice has permission to unregister Wonderland let alice_id = ALICE_ID.clone(); let alice_tokens = client - .request(FindPermissionTokensByAccountId::new(alice_id.clone()))? + .request(FindPermissionsByAccountId::new(alice_id.clone()))? .collect::>>() .expect("Valid"); - assert!(alice_tokens.contains(&PermissionToken::new( + assert!(alice_tokens.contains(&Permission::new( can_unregister_domain_token_id.clone(), &json!({ "domain_id": DomainId::from_str("wonderland").unwrap() }), ))); upgrade_executor( &client, - "tests/integration/smartcontracts/executor_with_custom_token", + "tests/integration/smartcontracts/executor_with_custom_permission", )?; // Check that `CanUnregisterDomain` doesn't exist let data_model = client.request(FindExecutorDataModel)?; assert!(!data_model - .permission_token_ids() + .permissions() .iter() .any(|id| id == &can_unregister_domain_token_id)); let can_control_domain_lives_token_id = "CanControlDomainLives".parse().unwrap(); assert!(data_model - .permission_token_ids() + .permissions() .iter() .any(|id| id == &can_control_domain_lives_token_id)); // Check that Alice has `can_control_domain_lives` permission let alice_tokens = client - .request(FindPermissionTokensByAccountId::new(alice_id))? + .request(FindPermissionsByAccountId::new(alice_id))? .collect::>>() .expect("Valid"); - assert!(alice_tokens.contains(&PermissionToken::new( + assert!(alice_tokens.contains(&Permission::new( can_control_domain_lives_token_id, &json!(null), ))); @@ -131,7 +131,7 @@ fn executor_upgrade_should_revoke_removed_permissions() -> Result<()> { wait_for_genesis_committed(&vec![client.clone()], 0); // Permission which will be removed by executor - let can_unregister_domain_token = PermissionToken::new( + let can_unregister_domain_token = Permission::new( "CanUnregisterDomain".parse()?, &json!({ "domain_id": DomainId::from_str("wonderland")? }), ); @@ -145,8 +145,8 @@ fn executor_upgrade_should_revoke_removed_permissions() -> Result<()> { // Check that permission exists assert!(client .request(FindExecutorDataModel)? - .permission_token_ids() - .contains(&can_unregister_domain_token.definition_id)); + .permissions() + .contains(&can_unregister_domain_token.id)); // Check that `TEST_ROLE` has permission assert!(client @@ -161,20 +161,20 @@ fn executor_upgrade_should_revoke_removed_permissions() -> Result<()> { // Check that Alice has permission let alice_id = ALICE_ID.clone(); assert!(client - .request(FindPermissionTokensByAccountId::new(alice_id.clone()))? + .request(FindPermissionsByAccountId::new(alice_id.clone()))? .collect::>>()? .contains(&can_unregister_domain_token)); upgrade_executor( &client, - "tests/integration/smartcontracts/executor_remove_token", + "tests/integration/smartcontracts/executor_remove_permission", )?; // Check that permission doesn't exist assert!(!client .request(FindExecutorDataModel)? - .permission_token_ids() - .contains(&can_unregister_domain_token.definition_id)); + .permissions() + .contains(&can_unregister_domain_token.id)); // Check that `TEST_ROLE` doesn't have permission assert!(!client @@ -188,7 +188,7 @@ fn executor_upgrade_should_revoke_removed_permissions() -> Result<()> { // Check that Alice doesn't have permission assert!(!client - .request(FindPermissionTokensByAccountId::new(alice_id.clone()))? + .request(FindPermissionsByAccountId::new(alice_id.clone()))? .collect::>>()? .contains(&can_unregister_domain_token)); @@ -251,7 +251,7 @@ fn migration_should_cause_upgrade_event() { upgrade_executor( &client, - "tests/integration/smartcontracts/executor_with_custom_token", + "tests/integration/smartcontracts/executor_with_custom_permission", ) .unwrap(); @@ -259,8 +259,8 @@ fn migration_should_cause_upgrade_event() { .recv_timeout(Duration::from_secs(5)) .expect("should receive upgraded event immediately after upgrade"); - assert_eq!(data_model.permission_token_ids.len(), 40); - assert_eq!(data_model.parameter_ids.len(), 0); + assert_eq!(data_model.permissions.len(), 40); + assert_eq!(data_model.parameters.len(), 0); } pub fn upgrade_executor(client: &Client, executor: impl AsRef) -> Result<()> { diff --git a/client_cli/src/main.rs b/client_cli/src/main.rs index 90836ebc07f..992b3601ed0 100644 --- a/client_cli/src/main.rs +++ b/client_cli/src/main.rs @@ -522,7 +522,7 @@ mod account { use iroha_client::client::{self}; - use super::*; + use super::{Permission as PermissionObject, *}; /// subcommands for account subcommand #[derive(clap::Subcommand, Debug)] @@ -608,9 +608,9 @@ mod account { pub metadata: MetadataArgs, } - /// [`PermissionToken`] wrapper implementing [`FromStr`] + /// [`Permission`] wrapper implementing [`FromStr`] #[derive(Debug, Clone)] - pub struct Permission(PermissionToken); + pub struct Permission(PermissionObject); impl FromStr for Permission { type Err = Error; @@ -618,10 +618,11 @@ mod account { fn from_str(s: &str) -> Result { let content = fs::read_to_string(s) .wrap_err(format!("Failed to read the permission token file {}", &s))?; - let permission_token: PermissionToken = json5::from_str(&content).wrap_err(format!( - "Failed to deserialize the permission token from file {}", - &s - ))?; + let permission_token: PermissionObject = + json5::from_str(&content).wrap_err(format!( + "Failed to deserialize the permission token from file {}", + &s + ))?; Ok(Self(permission_token)) } } @@ -650,7 +651,7 @@ mod account { impl RunArgs for ListPermissions { fn run(self, context: &mut dyn RunContext) -> Result<()> { let client = context.client_from_config(); - let find_all_permissions = FindPermissionTokensByAccountId::new(self.id); + let find_all_permissions = FindPermissionsByAccountId::new(self.id); let permissions = client .request(find_all_permissions) .wrap_err("Failed to get all account permissions")?; diff --git a/configs/swarm/executor.wasm b/configs/swarm/executor.wasm index 2a7c432282e..e9cf5ff8342 100644 Binary files a/configs/swarm/executor.wasm and b/configs/swarm/executor.wasm differ diff --git a/configs/swarm/genesis.json b/configs/swarm/genesis.json index 4ff481f626d..b1d6e12d309 100644 --- a/configs/swarm/genesis.json +++ b/configs/swarm/genesis.json @@ -113,9 +113,9 @@ }, { "Grant": { - "PermissionToken": { + "Permission": { "object": { - "definition_id": "CanSetParameters", + "id": "CanSetParameters", "payload": null }, "destination_id": "ed0120CE7FA46C9DCE7EA4B125E2E36BDB63EA33073E7590AC92816AE1E861B7048B03@wonderland" @@ -128,13 +128,13 @@ "id": "ALICE_METADATA_ACCESS", "permissions": [ { - "definition_id": "CanRemoveKeyValueInAccount", + "id": "CanRemoveKeyValueInAccount", "payload": { "account_id": "ed0120CE7FA46C9DCE7EA4B125E2E36BDB63EA33073E7590AC92816AE1E861B7048B03@wonderland" } }, { - "definition_id": "CanSetKeyValueInAccount", + "id": "CanSetKeyValueInAccount", "payload": { "account_id": "ed0120CE7FA46C9DCE7EA4B125E2E36BDB63EA33073E7590AC92816AE1E861B7048B03@wonderland" } diff --git a/core/benches/blocks/common.rs b/core/benches/blocks/common.rs index 996a40f29de..f2017fa3471 100644 --- a/core/benches/blocks/common.rs +++ b/core/benches/blocks/common.rs @@ -67,7 +67,7 @@ pub fn populate_state( let domain = Domain::new(domain_id.clone()); instructions.push(Register::domain(domain).into()); let can_unregister_domain = Grant::permission( - PermissionToken::new( + Permission::new( "CanUnregisterDomain".parse().unwrap(), &json!({ "domain_id": domain_id.clone() }), ), @@ -79,7 +79,7 @@ pub fn populate_state( let account = Account::new(account_id.clone()); instructions.push(Register::account(account).into()); let can_unregister_account = Grant::permission( - PermissionToken::new( + Permission::new( "CanUnregisterAccount".parse().unwrap(), &json!({ "account_id": account_id.clone() }), ), @@ -92,7 +92,7 @@ pub fn populate_state( let asset_definition = AssetDefinition::numeric(asset_definition_id.clone()); instructions.push(Register::asset_definition(asset_definition).into()); let can_unregister_asset_definition = Grant::permission( - PermissionToken::new( + Permission::new( "CanUnregisterAssetDefinition".parse().unwrap(), &json!({ "asset_definition_id": asset_definition_id }), ), diff --git a/core/src/smartcontracts/isi/account.rs b/core/src/smartcontracts/isi/account.rs index 933e9e15ba8..2d2667c259f 100644 --- a/core/src/smartcontracts/isi/account.rs +++ b/core/src/smartcontracts/isi/account.rs @@ -236,7 +236,7 @@ pub mod isi { } } - impl Execute for Grant { + impl Execute for Grant { #[metrics(+"grant_account_permission")] fn execute( self, @@ -245,7 +245,7 @@ pub mod isi { ) -> Result<(), Error> { let account_id = self.destination_id; let permission = self.object; - let permission_id = permission.definition_id.clone(); + let permission_id = permission.id.clone(); // Check if account exists state_transaction.world.account_mut(&account_id)?; @@ -253,10 +253,10 @@ pub mod isi { if !state_transaction .world .executor_data_model - .permission_token_ids + .permissions .contains(&permission_id) { - return Err(FindError::PermissionToken(permission_id).into()); + return Err(FindError::Permission(permission_id).into()); } if state_transaction @@ -287,7 +287,7 @@ pub mod isi { } } - impl Execute for Revoke { + impl Execute for Revoke { #[metrics(+"revoke_account_permission")] fn execute( self, @@ -304,7 +304,7 @@ pub mod isi { .world .remove_account_permission(&account_id, &permission) { - return Err(FindError::PermissionToken(permission.definition_id).into()); + return Err(FindError::Permission(permission.id).into()); } state_transaction @@ -312,7 +312,7 @@ pub mod isi { .emit_events(Some(AccountEvent::PermissionRemoved( AccountPermissionChanged { account_id, - permission_id: permission.definition_id, + permission_id: permission.id, }, ))); @@ -338,7 +338,7 @@ pub mod isi { .clone() .permissions .into_iter() - .map(|token| token.definition_id); + .map(|token| token.id); state_transaction.world.account(&account_id)?; @@ -397,7 +397,7 @@ pub mod isi { .clone() .permissions .into_iter() - .map(|token| token.definition_id); + .map(|token| token.id); if state_transaction .world @@ -505,7 +505,7 @@ pub mod query { use eyre::Result; use iroha_data_model::{ - account::Account, metadata::MetadataValueBox, permission::PermissionToken, + account::Account, metadata::MetadataValueBox, permission::Permission, query::error::QueryExecutionFail as Error, }; @@ -526,17 +526,17 @@ pub mod query { } } - impl ValidQuery for FindPermissionTokensByAccountId { - #[metrics(+"find_permission_tokens_by_account_id")] + impl ValidQuery for FindPermissionsByAccountId { + #[metrics(+"find_permissions_by_account_id")] fn execute<'state>( &self, state_ro: &'state impl StateReadOnly, - ) -> Result + 'state>, Error> { + ) -> Result + 'state>, Error> { let account_id = &self.id; Ok(Box::new( state_ro .world() - .account_permission_tokens_iter(account_id)? + .account_permissions_iter(account_id)? .cloned(), )) } diff --git a/core/src/smartcontracts/isi/mod.rs b/core/src/smartcontracts/isi/mod.rs index 0a3f496f2b4..e1c2bf27848 100644 --- a/core/src/smartcontracts/isi/mod.rs +++ b/core/src/smartcontracts/isi/mod.rs @@ -207,9 +207,9 @@ impl Execute for GrantBox { state_transaction: &mut StateTransaction<'_, '_>, ) -> Result<(), Error> { match self { - Self::PermissionToken(sub_isi) => sub_isi.execute(authority, state_transaction), + Self::Permission(sub_isi) => sub_isi.execute(authority, state_transaction), Self::Role(sub_isi) => sub_isi.execute(authority, state_transaction), - Self::RolePermissionToken(sub_isi) => sub_isi.execute(authority, state_transaction), + Self::RolePermission(sub_isi) => sub_isi.execute(authority, state_transaction), } } } @@ -222,9 +222,9 @@ impl Execute for RevokeBox { state_transaction: &mut StateTransaction<'_, '_>, ) -> Result<(), Error> { match self { - Self::PermissionToken(sub_isi) => sub_isi.execute(authority, state_transaction), + Self::Permission(sub_isi) => sub_isi.execute(authority, state_transaction), Self::Role(sub_isi) => sub_isi.execute(authority, state_transaction), - Self::RolePermissionToken(sub_isi) => sub_isi.execute(authority, state_transaction), + Self::RolePermission(sub_isi) => sub_isi.execute(authority, state_transaction), } } } diff --git a/core/src/smartcontracts/isi/query.rs b/core/src/smartcontracts/isi/query.rs index 3863c53fb2a..2de8aec3d7b 100644 --- a/core/src/smartcontracts/isi/query.rs +++ b/core/src/smartcontracts/isi/query.rs @@ -278,7 +278,7 @@ impl ValidQuery for QueryBox { FindAllBlockHeaders, FindAllTransactions, FindTransactionsByAccountId, - FindPermissionTokensByAccountId, + FindPermissionsByAccountId, FindAllActiveTriggerIds, FindTriggersByDomainId, FindAllRoles, diff --git a/core/src/smartcontracts/isi/world.rs b/core/src/smartcontracts/isi/world.rs index 2387ffa1b42..145c329e57d 100644 --- a/core/src/smartcontracts/isi/world.rs +++ b/core/src/smartcontracts/isi/world.rs @@ -164,10 +164,10 @@ pub mod isi { if !state_transaction .world .executor_data_model - .permission_token_ids - .contains(&permission.definition_id) + .permissions + .contains(&permission.id) { - return Err(FindError::PermissionToken(permission.definition_id.clone()).into()); + return Err(FindError::Permission(permission.id.clone()).into()); } } @@ -219,7 +219,7 @@ pub mod isi { } } - impl Execute for Grant { + impl Execute for Grant { #[metrics(+"grant_role_permission")] fn execute( self, @@ -232,10 +232,10 @@ pub mod isi { if !state_transaction .world .executor_data_model - .permission_token_ids - .contains(&permission.definition_id) + .permissions + .contains(&permission.id) { - return Err(FindError::PermissionToken(permission.definition_id).into()); + return Err(FindError::Permission(permission.id).into()); } let Some(role) = state_transaction.world.roles.get_mut(&role_id) else { @@ -245,7 +245,7 @@ pub mod isi { if !role.permissions.insert(permission.clone()) { return Err(RepetitionError { instruction_type: InstructionType::Grant, - id: permission.definition_id.into(), + id: permission.id.into(), } .into()); } @@ -254,14 +254,14 @@ pub mod isi { .world .emit_events(Some(RoleEvent::PermissionAdded(RolePermissionChanged { role_id, - permission_token_id: permission.definition_id, + permission_id: permission.id, }))); Ok(()) } } - impl Execute for Revoke { + impl Execute for Revoke { #[metrics(+"grant_role_permission")] fn execute( self, @@ -276,14 +276,14 @@ pub mod isi { }; if !role.permissions.remove(&permission) { - return Err(FindError::PermissionToken(permission.definition_id).into()); + return Err(FindError::Permission(permission.id).into()); } state_transaction .world .emit_events(Some(RoleEvent::PermissionRemoved(RolePermissionChanged { role_id, - permission_token_id: permission.definition_id, + permission_id: permission.id, }))); Ok(()) @@ -300,12 +300,8 @@ pub mod isi { let parameter = self.parameter; let world = &mut state_transaction.world; - if !world - .executor_data_model - .parameter_ids - .contains(¶meter.definition_id) - { - return Err(FindError::Parameter(parameter.definition_id).into()); + if !world.executor_data_model.parameters.contains(¶meter.id) { + return Err(FindError::Parameter(parameter.id).into()); } let _maybe_previous = world.parameters.replace(parameter.clone()); @@ -327,7 +323,7 @@ pub mod isi { let permissions_before = state_transaction .world .executor_data_model - .permission_token_ids + .permissions .clone(); // Cloning executor to avoid multiple mutable borrows of `state_transaction`. @@ -360,10 +356,10 @@ pub mod isi { fn revoke_removed_permissions( authority: &AccountId, state_transaction: &mut StateTransaction, - permissions_before: BTreeSet, + permissions_before: BTreeSet, ) -> Result<(), Error> { let world = state_transaction.world(); - let permissions_after = &world.executor_data_model().permission_token_ids; + let permissions_after = &world.executor_data_model().permissions; let permissions_removed = permissions_before .into_iter() .filter(|permission| !permissions_after.contains(permission)) @@ -395,22 +391,22 @@ pub mod isi { state_transaction .world .executor_data_model - .parameter_ids - .contains(¶meter.definition_id) + .parameters + .contains(¶meter.id) }); } fn find_related_accounts( world: &impl WorldReadOnly, - permissions: &BTreeSet, - ) -> Vec<(AccountId, PermissionToken)> { + permissions: &BTreeSet, + ) -> Vec<(AccountId, Permission)> { world - .account_permission_tokens() + .account_permissions() .iter() .flat_map(|(account_id, account_permissions)| { account_permissions .iter() - .filter(|permission| permissions.contains(&permission.definition_id)) + .filter(|permission| permissions.contains(&permission.id)) .map(|permission| (account_id.clone(), permission.clone())) }) .collect() @@ -418,15 +414,15 @@ pub mod isi { fn find_related_roles( world: &impl WorldReadOnly, - permissions: &BTreeSet, - ) -> Vec<(RoleId, PermissionToken)> { + permissions: &BTreeSet, + ) -> Vec<(RoleId, Permission)> { world .roles() .iter() .flat_map(|(role_id, role)| { role.permissions .iter() - .filter(|permission| permissions.contains(&permission.definition_id)) + .filter(|permission| permissions.contains(&permission.id)) .map(|permission| (role_id.clone(), permission.clone())) }) .collect() diff --git a/core/src/smartcontracts/wasm.rs b/core/src/smartcontracts/wasm.rs index 43c0acb847c..5460da3f2d9 100644 --- a/core/src/smartcontracts/wasm.rs +++ b/core/src/smartcontracts/wasm.rs @@ -1075,7 +1075,7 @@ where } } -/// Marker trait to auto-implement [`import_traits::SetPermissionTokenSchema`] for a concrete [`Runtime`]. +/// Marker trait to auto-implement [`import_traits::SetExecutorDataModel`] for a concrete [`Runtime`]. /// /// Useful because *Executor* exposes more entrypoints than just `migrate()` which is the /// only entrypoint allowed to execute operations on permission tokens. @@ -1091,7 +1091,7 @@ where #[codec::wrap] fn set_data_model(_model: ExecutorDataModel, _state: &mut S) { panic!( - "Executor `{}()` entrypoint should not set permission token schema", + "Executor `{}()` entrypoint should not set data model", Self::ENTRYPOINT_FN_NAME ) } @@ -1662,6 +1662,7 @@ impl<'wrld, S: StateReadOnly> RuntimeBuilder RuntimeBuilder> { + // FIXME: is this accurate doc? /// Builds the [`Runtime`] to execute `permission_tokens()` entrypoint of *Executor* /// /// # Errors diff --git a/core/src/state.rs b/core/src/state.rs index 849de10c573..236edcdd176 100644 --- a/core/src/state.rs +++ b/core/src/state.rs @@ -58,28 +58,6 @@ use crate::{ Parameters, PeersIds, }; -// macro_rules! map_world_fields { -// ($callback:ident) => { -// $callback!( -// cell => ( -// parameters: Parameters, -// trusted_peers_ids: PeersIds, -// ) -// ) -// parameters: Parameters, -// trusted_peers_ids: Cell, -// domains: Storage, -// roles: Storage, -// account_permission_tokens: Storage, -// account_roles: Storage, -// permission_token_schema: Cell, -// parameter_schema: Cell, -// triggers: Cell, -// executor: Cell, -// } -// }; -// } - /// The global entity consisting of `domains`, `triggers` and etc. /// For example registration of domain, will have this as an ISI target. #[derive(Default, Serialize)] @@ -93,7 +71,7 @@ pub struct World { /// Roles. [`Role`] pairs. pub(crate) roles: Storage, /// Permission tokens of an account. - pub(crate) account_permission_tokens: Storage, + pub(crate) account_permissions: Storage, /// Roles of an account. pub(crate) account_roles: Storage, /// Triggers @@ -115,7 +93,7 @@ pub struct WorldBlock<'world> { /// Roles. [`Role`] pairs. pub(crate) roles: StorageBlock<'world, RoleId, Role>, /// Permission tokens of an account. - pub(crate) account_permission_tokens: StorageBlock<'world, AccountId, Permissions>, + pub(crate) account_permissions: StorageBlock<'world, AccountId, Permissions>, /// Roles of an account. pub(crate) account_roles: StorageBlock<'world, RoleIdWithOwner, ()>, /// Triggers @@ -139,8 +117,7 @@ pub struct WorldTransaction<'block, 'world> { /// Roles. [`Role`] pairs. pub(crate) roles: StorageTransaction<'block, 'world, RoleId, Role>, /// Permission tokens of an account. - pub(crate) account_permission_tokens: - StorageTransaction<'block, 'world, AccountId, Permissions>, + pub(crate) account_permissions: StorageTransaction<'block, 'world, AccountId, Permissions>, /// Roles of an account. pub(crate) account_roles: StorageTransaction<'block, 'world, RoleIdWithOwner, ()>, /// Triggers @@ -172,7 +149,7 @@ pub struct WorldView<'world> { /// Roles. [`Role`] pairs. pub(crate) roles: StorageView<'world, RoleId, Role>, /// Permission tokens of an account. - pub(crate) account_permission_tokens: StorageView<'world, AccountId, Permissions>, + pub(crate) account_permissions: StorageView<'world, AccountId, Permissions>, /// Roles of an account. pub(crate) account_roles: StorageView<'world, RoleIdWithOwner, ()>, /// Triggers @@ -306,7 +283,7 @@ impl World { trusted_peers_ids: self.trusted_peers_ids.block(), domains: self.domains.block(), roles: self.roles.block(), - account_permission_tokens: self.account_permission_tokens.block(), + account_permissions: self.account_permissions.block(), account_roles: self.account_roles.block(), triggers: self.triggers.block(), executor: self.executor.block(), @@ -322,7 +299,7 @@ impl World { trusted_peers_ids: self.trusted_peers_ids.block_and_revert(), domains: self.domains.block_and_revert(), roles: self.roles.block_and_revert(), - account_permission_tokens: self.account_permission_tokens.block_and_revert(), + account_permissions: self.account_permissions.block_and_revert(), account_roles: self.account_roles.block_and_revert(), triggers: self.triggers.block_and_revert(), executor: self.executor.block_and_revert(), @@ -338,7 +315,7 @@ impl World { trusted_peers_ids: self.trusted_peers_ids.view(), domains: self.domains.view(), roles: self.roles.view(), - account_permission_tokens: self.account_permission_tokens.view(), + account_permissions: self.account_permissions.view(), account_roles: self.account_roles.view(), triggers: self.triggers.view(), executor: self.executor.view(), @@ -354,7 +331,7 @@ pub trait WorldReadOnly { fn trusted_peers_ids(&self) -> &PeersIds; fn domains(&self) -> &impl StorageReadOnly; fn roles(&self) -> &impl StorageReadOnly; - fn account_permission_tokens(&self) -> &impl StorageReadOnly; + fn account_permissions(&self) -> &impl StorageReadOnly; fn account_roles(&self) -> &impl StorageReadOnly; fn triggers(&self) -> &impl TriggerSetReadOnly; fn executor(&self) -> &Executor; @@ -457,14 +434,14 @@ pub trait WorldReadOnly { /// # Errors /// /// - if `account_id` is not found in `self` - fn account_permission_tokens_iter<'slf>( + fn account_permissions_iter<'slf>( &'slf self, account_id: &AccountId, - ) -> Result, FindError> { + ) -> Result, FindError> { self.account(account_id)?; let mut tokens = self - .account_inherent_permission_tokens(account_id) + .account_inherent_permissions(account_id) .collect::>(); for role_id in self.account_roles_iter(account_id) { @@ -481,11 +458,11 @@ pub trait WorldReadOnly { /// # Errors /// /// - `account_id` is not found in `self.world`. - fn account_inherent_permission_tokens<'slf>( + fn account_inherent_permissions<'slf>( &'slf self, account_id: &AccountId, - ) -> std::collections::btree_set::Iter<'slf, PermissionToken> { - self.account_permission_tokens() + ) -> std::collections::btree_set::Iter<'slf, Permission> { + self.account_permissions() .get(account_id) .map_or_else(Default::default, std::collections::BTreeSet::iter) } @@ -495,9 +472,9 @@ pub trait WorldReadOnly { fn account_contains_inherent_permission( &self, account: &AccountId, - token: &PermissionToken, + token: &Permission, ) -> bool { - self.account_permission_tokens() + self.account_permissions() .get(account) .map_or(false, |permissions| permissions.contains(token)) } @@ -596,8 +573,8 @@ macro_rules! impl_world_ro { fn roles(&self) -> &impl StorageReadOnly { &self.roles } - fn account_permission_tokens(&self) -> &impl StorageReadOnly { - &self.account_permission_tokens + fn account_permissions(&self) -> &impl StorageReadOnly { + &self.account_permissions } fn account_roles(&self) -> &impl StorageReadOnly { &self.account_roles @@ -627,7 +604,7 @@ impl<'world> WorldBlock<'world> { trusted_peers_ids: self.trusted_peers_ids.transaction(), domains: self.domains.transaction(), roles: self.roles.transaction(), - account_permission_tokens: self.account_permission_tokens.transaction(), + account_permissions: self.account_permissions.transaction(), account_roles: self.account_roles.transaction(), triggers: self.triggers.transaction(), executor: self.executor.transaction(), @@ -646,7 +623,7 @@ impl<'world> WorldBlock<'world> { self.executor_data_model.commit(); self.triggers.commit(); self.account_roles.commit(); - self.account_permission_tokens.commit(); + self.account_permissions.commit(); self.roles.commit(); self.domains.commit(); self.trusted_peers_ids.commit(); @@ -661,7 +638,7 @@ impl WorldTransaction<'_, '_> { self.executor_data_model.apply(); self.triggers.apply(); self.account_roles.apply(); - self.account_permission_tokens.apply(); + self.account_permissions.apply(); self.roles.apply(); self.domains.apply(); self.trusted_peers_ids.apply(); @@ -694,14 +671,14 @@ impl WorldTransaction<'_, '_> { }) } - /// Add [`permission`](PermissionToken) to the [`Account`] if the account does not have this permission yet. + /// Add [`permission`](Permission) to the [`Account`] if the account does not have this permission yet. /// /// Return a Boolean value indicating whether or not the [`Account`] already had this permission. - pub fn add_account_permission(&mut self, account: &AccountId, token: PermissionToken) -> bool { + pub fn add_account_permission(&mut self, account: &AccountId, token: Permission) -> bool { // `match` here instead of `map_or_else` to avoid cloning token into each closure - match self.account_permission_tokens.get_mut(account) { + match self.account_permissions.get_mut(account) { None => { - self.account_permission_tokens + self.account_permissions .insert(account.clone(), BTreeSet::from([token])); true } @@ -715,14 +692,10 @@ impl WorldTransaction<'_, '_> { } } - /// Remove a [`permission`](PermissionToken) from the [`Account`] if the account has this permission. + /// Remove a [`permission`](Permission) from the [`Account`] if the account has this permission. /// Return a Boolean value indicating whether the [`Account`] had this permission. - pub fn remove_account_permission( - &mut self, - account: &AccountId, - token: &PermissionToken, - ) -> bool { - self.account_permission_tokens + pub fn remove_account_permission(&mut self, account: &AccountId, token: &Permission) -> bool { + self.account_permissions .get_mut(account) .map_or(false, |permissions| permissions.remove(token)) } @@ -1581,7 +1554,7 @@ pub(crate) mod deserialize { let mut trusted_peers_ids = None; let mut domains = None; let mut roles = None; - let mut account_permission_tokens = None; + let mut account_permissions = None; let mut account_roles = None; let mut triggers = None; let mut executor = None; @@ -1601,8 +1574,8 @@ pub(crate) mod deserialize { "roles" => { roles = Some(map.next_value()?); } - "account_permission_tokens" => { - account_permission_tokens = Some(map.next_value()?); + "account_permissions" => { + account_permissions = Some(map.next_value()?); } "account_roles" => { account_roles = Some(map.next_value()?); @@ -1632,8 +1605,8 @@ pub(crate) mod deserialize { domains: domains .ok_or_else(|| serde::de::Error::missing_field("domains"))?, roles: roles.ok_or_else(|| serde::de::Error::missing_field("roles"))?, - account_permission_tokens: account_permission_tokens.ok_or_else(|| { - serde::de::Error::missing_field("account_permission_tokens") + account_permissions: account_permissions.ok_or_else(|| { + serde::de::Error::missing_field("account_permissions") })?, account_roles: account_roles .ok_or_else(|| serde::de::Error::missing_field("account_roles"))?, @@ -1655,7 +1628,7 @@ pub(crate) mod deserialize { "trusted_peers_ids", "domains", "roles", - "account_permission_tokens", + "account_permissions", "account_roles", "triggers", "executor", diff --git a/core/test_network/src/lib.rs b/core/test_network/src/lib.rs index b3986b38418..34f18e43822 100644 --- a/core/test_network/src/lib.rs +++ b/core/test_network/src/lib.rs @@ -91,24 +91,24 @@ impl TestGenesis for GenesisNetwork { let rose_definition_id = AssetDefinitionId::from_str("rose#wonderland").expect("valid names"); - let mint_rose_permission = PermissionToken::new( + let mint_rose_permission = Permission::new( "CanMintAssetWithDefinition".parse().unwrap(), json!({ "asset_definition_id": rose_definition_id }), ); - let burn_rose_permission = PermissionToken::new( + let burn_rose_permission = Permission::new( "CanBurnAssetWithDefinition".parse().unwrap(), json!({ "asset_definition_id": rose_definition_id }), ); let unregister_any_peer_permission = - PermissionToken::new("CanUnregisterAnyPeer".parse().unwrap(), json!(null)); + Permission::new("CanUnregisterAnyPeer".parse().unwrap(), json!(null)); let unregister_any_role_permission = - PermissionToken::new("CanUnregisterAnyRole".parse().unwrap(), json!(null)); - let unregister_wonderland_domain = PermissionToken::new( + Permission::new("CanUnregisterAnyRole".parse().unwrap(), json!(null)); + let unregister_wonderland_domain = Permission::new( "CanUnregisterDomain".parse().unwrap(), json!({ "domain_id": DomainId::from_str("wonderland").unwrap() } ), ); let upgrade_executor_permission = - PermissionToken::new("CanUpgradeExecutor".parse().unwrap(), json!(null)); + Permission::new("CanUpgradeExecutor".parse().unwrap(), json!(null)); let first_transaction = genesis .first_transaction_mut() diff --git a/data_model/src/events/data/events.rs b/data_model/src/events/data/events.rs index 053f39971a4..4b4a930ad38 100644 --- a/data_model/src/events/data/events.rs +++ b/data_model/src/events/data/events.rs @@ -244,11 +244,11 @@ mod role { #[has_origin(role => role.id())] Created(Role), Deleted(RoleId), - /// [`PermissionToken`]s with particular [`Id`](crate::permission::token::PermissionTokenId) + /// [`Permission`]s with particular [`Id`](crate::permission::token::PermissionId) /// were removed from the role. #[has_origin(permission_removed => &permission_removed.role_id)] PermissionRemoved(RolePermissionChanged), - /// [`PermissionToken`]s with particular [`Id`](crate::permission::token::PermissionTokenId) + /// [`Permission`]s with particular [`Id`](crate::permission::token::PermissionId) /// were removed added to the role. #[has_origin(permission_added => &permission_added.role_id)] PermissionAdded(RolePermissionChanged), @@ -280,7 +280,7 @@ mod role { pub role_id: RoleId, // TODO: Skipped temporarily because of FFI #[getset(skip)] - pub permission_token_id: PermissionTokenId, + pub permission_id: PermissionId, } } } @@ -345,7 +345,7 @@ mod account { pub account_id: AccountId, // TODO: Skipped temporarily because of FFI #[getset(skip)] - pub permission_id: PermissionTokenId, + pub permission_id: PermissionId, } /// Depending on the wrapping event, [`AccountRoleChanged`] represents the granted or revoked role @@ -373,7 +373,7 @@ mod account { impl AccountPermissionChanged { /// Get permission id - pub fn permission_id(&self) -> &PermissionTokenId { + pub fn permission_id(&self) -> &PermissionId { &self.permission_id } } @@ -494,7 +494,7 @@ mod config { data_event! { #[has_origin(origin = Parameter)] pub enum ConfigurationEvent { - #[has_origin(parameter => ¶meter.definition_id)] + #[has_origin(parameter => ¶meter.id)] Changed(Parameter), } } diff --git a/data_model/src/executor.rs b/data_model/src/executor.rs index 8acdb161862..c929f79853c 100644 --- a/data_model/src/executor.rs +++ b/data_model/src/executor.rs @@ -14,8 +14,7 @@ use serde::{Deserialize, Serialize}; pub use self::model::*; use crate::{ - parameter::ParameterId, permission::PermissionTokenId, transaction::WasmSmartContract, - JsonString, + parameter::ParameterId, permission::PermissionId, transaction::WasmSmartContract, JsonString, }; #[model] @@ -59,7 +58,7 @@ mod model { /// /// Executor can define: /// - /// - Permission tokens (see [`crate::permission::PermissionToken`]) + /// - Permission tokens (see [`crate::permission::Permission`]) /// - Configuration parameters (see [`crate::parameter::Parameter`]) #[derive( Default, @@ -80,16 +79,16 @@ mod model { #[ffi_type] #[display(fmt = "{self:?}")] pub struct ExecutorDataModel { - /// Data model JSON schema, typically produced by [`IntoSchema`]. - pub schema: JsonString, /// Permission tokens supported by the executor. /// /// These IDs refer to the types in the schema. - pub permission_token_ids: BTreeSet, + pub permissions: BTreeSet, /// Configuration parameters supported by the executor. /// /// These IDs refer to the types in the schema. - pub parameter_ids: BTreeSet, + pub parameters: BTreeSet, + /// Data model JSON schema, typically produced by [`IntoSchema`]. + pub schema: JsonString, } // TODO: Client doesn't need structures defined inside this macro. When dynamic linking is @@ -103,36 +102,16 @@ impl ExecutorDataModel { } /// Getter - pub fn permission_token_ids(&self) -> &BTreeSet { - &self.permission_token_ids + pub fn permissions(&self) -> &BTreeSet { + &self.permissions } /// Getter - pub fn parameter_ids(&self) -> &BTreeSet { - &self.parameter_ids + pub fn parameters(&self) -> &BTreeSet { + &self.parameters } } -/// Defines an object that is part of the [`ExecutorDataModel`]. -/// -/// An object consists of id and payload. -/// ID is a unique type identifier in the executor's data model. -/// Payload is JSON-serialized type structure, according to the type schema. -// TODO: support both JSON and SCALE for payload. -pub trait ExecutorDataModelObject: Sized { - /// Generic identification - type DefinitionId: PartialEq + Clone + Into; - - /// Constructor - fn new(definition_id: Self::DefinitionId, payload: JsonString) -> Self; - - /// Getter for the object id - fn object_definition_id(&self) -> &Self::DefinitionId; - - /// Getter for the object payload - fn object_payload(&self) -> &JsonString; -} - /// Result type that every executor should return. pub type Result = core::result::Result; diff --git a/data_model/src/isi.rs b/data_model/src/isi.rs index 66b39a1a9cf..d59343129b2 100644 --- a/data_model/src/isi.rs +++ b/data_model/src/isi.rs @@ -163,12 +163,12 @@ impl_instruction! { Transfer, Transfer, Transfer, - Grant, + Grant, Grant, - Grant, - Revoke, + Grant, + Revoke, Revoke, - Revoke, + Revoke, SetParameter, Upgrade, ExecuteTrigger, @@ -834,9 +834,9 @@ mod transparent { } } - impl Grant { - /// Constructs a new [`Grant`] for a [`PermissionToken`]. - pub fn permission(permission_token: PermissionToken, to: AccountId) -> Self { + impl Grant { + /// Constructs a new [`Grant`] for a [`Permission`]. + pub fn permission(permission_token: Permission, to: AccountId) -> Self { Self { object: permission_token, destination_id: to, @@ -854,9 +854,9 @@ mod transparent { } } - impl Grant { - /// Constructs a new [`Grant`] for giving a [`PermissionToken`] to [`Role`]. - pub fn role_permission(permission_token: PermissionToken, to: RoleId) -> Self { + impl Grant { + /// Constructs a new [`Grant`] for giving a [`Permission`] to [`Role`]. + pub fn role_permission(permission_token: Permission, to: RoleId) -> Self { Self { object: permission_token, destination_id: to, @@ -877,9 +877,9 @@ mod transparent { } impl_into_box! { - Grant | + Grant | Grant | - Grant + Grant => GrantBox => InstructionBox[Grant], => GrantBoxRef<'a> => InstructionBoxRef<'a>[Grant] } @@ -895,9 +895,9 @@ mod transparent { } } - impl Revoke { - /// Constructs a new [`Revoke`] for a [`PermissionToken`]. - pub fn permission(permission_token: PermissionToken, from: AccountId) -> Self { + impl Revoke { + /// Constructs a new [`Revoke`] for a [`Permission`]. + pub fn permission(permission_token: Permission, from: AccountId) -> Self { Self { object: permission_token, destination_id: from, @@ -915,9 +915,9 @@ mod transparent { } } - impl Revoke { - /// Constructs a new [`Revoke`] for removing a [`PermissionToken`] from [`Role`]. - pub fn role_permission(permission_token: PermissionToken, from: RoleId) -> Self { + impl Revoke { + /// Constructs a new [`Revoke`] for removing a [`Permission`] from [`Role`]. + pub fn role_permission(permission_token: Permission, from: RoleId) -> Self { Self { object: permission_token, destination_id: from, @@ -938,9 +938,9 @@ mod transparent { } impl_into_box! { - Revoke | + Revoke | Revoke | - Revoke + Revoke => RevokeBox => InstructionBox[Revoke], => RevokeBoxRef<'a> => InstructionBoxRef<'a>[Revoke] } @@ -1172,12 +1172,12 @@ isi_box! { )] /// Enum with all supported [`Grant`] instructions. pub enum GrantBox { - /// Grant [`PermissionToken`] to [`Account`]. - PermissionToken(Grant), + /// Grant [`Permission`] to [`Account`]. + Permission(Grant), /// Grant [`Role`] to [`Account`]. Role(Grant), - /// Grant [`PermissionToken`] to [`Role`]. - RolePermissionToken(Grant), + /// Grant [`Permission`] to [`Role`]. + RolePermission(Grant), } } @@ -1189,12 +1189,12 @@ isi_box! { )] /// Enum with all supported [`Revoke`] instructions. pub enum RevokeBox { - /// Revoke [`PermissionToken`] from [`Account`]. - PermissionToken(Revoke), + /// Revoke [`Permission`] from [`Account`]. + Permission(Revoke), /// Revoke [`Role`] from [`Account`]. Role(Revoke), - /// Revoke [`PermissionToken`] from [`Role`]. - RolePermissionToken(Revoke), + /// Revoke [`Permission`] from [`Role`]. + RolePermission(Revoke), } } diff --git a/data_model/src/lib.rs b/data_model/src/lib.rs index e56136af8fc..6b5090151b6 100644 --- a/data_model/src/lib.rs +++ b/data_model/src/lib.rs @@ -108,13 +108,13 @@ mod seal { Transfer, Transfer, - Grant, + Grant, Grant, - Grant, + Grant, - Revoke, + Revoke, Revoke, - Revoke, + Revoke, SetParameter, Upgrade, @@ -152,7 +152,7 @@ mod seal { FindAllTransactions, FindTransactionsByAccountId, FindTransactionByHash, - FindPermissionTokensByAccountId, + FindPermissionsByAccountId, FindAllActiveTriggerIds, FindTriggerById, FindTriggerKeyValueByIdAndKey, @@ -219,7 +219,6 @@ pub mod parameter { pub use self::model::*; use super::*; - use crate::executor::ExecutorDataModelObject; #[model] mod model { @@ -259,12 +258,12 @@ pub mod parameter { #[derive( Debug, Display, Clone, IdEqOrdHash, Decode, Encode, Deserialize, Serialize, IntoSchema, )] - #[display(fmt = "PARAMETER `{definition_id}`")] + #[display(fmt = "PARAMETER `{id}`")] #[ffi_type] pub struct Parameter { /// Refers to a type defined in [`crate::executor::ExecutorDataModel`]. #[id] - pub definition_id: ParameterId, + pub id: ParameterId, /// Payload containing actual value. /// /// It is JSON-encoded, and its structure must correspond to the structure of @@ -275,9 +274,9 @@ pub mod parameter { impl Parameter { /// Constructor - pub fn new(definition_id: ParameterId, payload: impl IntoJsonString) -> Self { + pub fn new(id: ParameterId, payload: impl IntoJsonString) -> Self { Self { - definition_id, + id, payload: payload.into_json_string(), } } @@ -291,7 +290,7 @@ pub mod parameter { impl Borrow for Parameter { fn borrow(&self) -> &str { - self.definition_id.borrow() + self.id.borrow() } } @@ -307,18 +306,14 @@ pub mod parameter { } } - impl ExecutorDataModelObject for Parameter { - type DefinitionId = ParameterId; - - fn new(id: Self::DefinitionId, payload: JsonString) -> Self { - Parameter::new(id, payload) - } - - fn object_definition_id(&self) -> &Self::DefinitionId { - &self.definition_id + impl Parameter { + /// Getter + pub fn id(&self) -> &ParameterId { + &self.id } - fn object_payload(&self) -> &JsonString { + /// Getter + pub fn payload(&self) -> &JsonString { &self.payload } } @@ -391,8 +386,8 @@ mod model { TriggerId(trigger::TriggerId), /// [`RoleId`](`role::RoleId`) variant. RoleId(role::RoleId), - /// [`PermissionToken`](`permission::PermissionToken`) variant. - PermissionTokenId(permission::PermissionTokenId), + /// [`PermissionId`](`permission::PermissionId`) variant. + PermissionId(permission::PermissionId), /// [`ParameterId`](`parameter::ParameterId`) variant. ParameterId(parameter::ParameterId), } @@ -722,7 +717,7 @@ impl_encode_as_id_box! { asset::AssetDefinitionId, asset::AssetId, trigger::TriggerId, - permission::PermissionTokenId, + permission::PermissionId, role::RoleId, parameter::ParameterId, } @@ -867,7 +862,7 @@ mod ffi { asset::Asset, domain::Domain, metadata::Metadata, - permission::PermissionToken, + permission::Permission, role::Role, } @@ -875,10 +870,10 @@ mod ffi { iroha_ffi::decl_ffi_fns! { link_prefix="iroha_data_model" Drop, Clone, Eq, Ord } #[cfg(all(feature = "ffi_export", not(feature = "ffi_import")))] iroha_ffi::def_ffi_fns! { link_prefix="iroha_data_model" - Drop: { account::Account, asset::Asset, domain::Domain, metadata::Metadata, permission::PermissionToken, role::Role }, - Clone: { account::Account, asset::Asset, domain::Domain, metadata::Metadata, permission::PermissionToken, role::Role }, - Eq: { account::Account, asset::Asset, domain::Domain, metadata::Metadata, permission::PermissionToken, role::Role }, - Ord: { account::Account, asset::Asset, domain::Domain, metadata::Metadata, permission::PermissionToken, role::Role }, + Drop: { account::Account, asset::Asset, domain::Domain, metadata::Metadata, permission::Permission, role::Role }, + Clone: { account::Account, asset::Asset, domain::Domain, metadata::Metadata, permission::Permission, role::Role }, + Eq: { account::Account, asset::Asset, domain::Domain, metadata::Metadata, permission::Permission, role::Role }, + Ord: { account::Account, asset::Asset, domain::Domain, metadata::Metadata, permission::Permission, role::Role }, } // NOTE: Makes sure that only one `dealloc` is exported per generated dynamic library diff --git a/data_model/src/permission.rs b/data_model/src/permission.rs index f54798fefa7..c32e65e3f05 100644 --- a/data_model/src/permission.rs +++ b/data_model/src/permission.rs @@ -11,10 +11,10 @@ use parity_scale_codec::{Decode, Encode}; use serde::{Deserialize, Serialize}; pub use self::model::*; -use crate::{executor::ExecutorDataModelObject, name::Name}; +use crate::name::Name; /// Collection of [`Token`]s -pub type Permissions = BTreeSet; +pub type Permissions = BTreeSet; use super::*; @@ -22,7 +22,7 @@ use super::*; mod model { use super::*; - /// Identification of [`PermissionToken`]. + /// Identification of [`Permission`]. #[derive( Debug, Display, @@ -45,7 +45,7 @@ mod model { #[serde(transparent)] #[repr(transparent)] #[ffi_type(opaque)] - pub struct PermissionTokenId { + pub struct PermissionId { /// Should be unique. pub name: Name, } @@ -55,11 +55,11 @@ mod model { Debug, Clone, IdEqOrdHash, Decode, Encode, Deserialize, Serialize, IntoSchema, Display, )] #[ffi_type] - #[display(fmt = "PERMISSION TOKEN `{definition_id}`")] - pub struct PermissionToken { + #[display(fmt = "PERMISSION `{id}`")] + pub struct Permission { /// Refers to a type defined in [`crate::executor::ExecutorDataModel`]. #[id] - pub definition_id: PermissionTokenId, + pub id: PermissionId, /// Payload containing actual value. /// /// It is JSON-encoded, and its structure must correspond to the structure of @@ -68,57 +68,53 @@ mod model { } } -impl PermissionToken { +impl Permission { /// Constructor - pub fn new(definition_id: PermissionTokenId, payload: impl IntoJsonString) -> Self { + pub fn new(id: PermissionId, payload: impl IntoJsonString) -> Self { Self { - definition_id, + id, payload: payload.into_json_string(), } } } -impl Borrow for PermissionTokenId { +impl Borrow for PermissionId { fn borrow(&self) -> &str { self.name.borrow() } } -impl Borrow for PermissionToken { +impl Borrow for Permission { fn borrow(&self) -> &str { - self.definition_id.borrow() + self.id.borrow() } } -impl From for PermissionTokenId { +impl From for PermissionId { fn from(name: Name) -> Self { Self { name } } } -impl From for Name { - fn from(value: PermissionTokenId) -> Self { +impl From for Name { + fn from(value: PermissionId) -> Self { value.name } } -impl ExecutorDataModelObject for PermissionToken { - type DefinitionId = PermissionTokenId; - - fn new(id: Self::DefinitionId, payload: JsonString) -> Self { - PermissionToken::new(id, payload) - } - - fn object_definition_id(&self) -> &Self::DefinitionId { - &self.definition_id +impl Permission { + /// Getter + pub fn id(&self) -> &PermissionId { + &self.id } - fn object_payload(&self) -> &JsonString { + /// Getter + pub fn payload(&self) -> &JsonString { &self.payload } } pub mod prelude { //! The prelude re-exports most commonly used traits, structs and macros from this crate. - pub use super::{PermissionToken, PermissionTokenId}; + pub use super::{Permission, PermissionId}; } diff --git a/data_model/src/query/mod.rs b/data_model/src/query/mod.rs index 2128b9ca42f..ca450c6b9c4 100644 --- a/data_model/src/query/mod.rs +++ b/data_model/src/query/mod.rs @@ -128,7 +128,7 @@ mod model { use strum::EnumDiscriminants; use super::*; - use crate::{block::SignedBlock, permission::PermissionTokenId}; + use crate::{block::SignedBlock, permission::PermissionId}; /// Sized container for all possible Queries. #[allow(clippy::enum_variant_names)] @@ -187,7 +187,7 @@ mod model { FindAllTransactions(FindAllTransactions), FindTransactionsByAccountId(FindTransactionsByAccountId), FindTransactionByHash(FindTransactionByHash), - FindPermissionTokensByAccountId(FindPermissionTokensByAccountId), + FindPermissionsByAccountId(FindPermissionsByAccountId), FindAllActiveTriggerIds(FindAllActiveTriggerIds), FindTriggerById(FindTriggerById), FindTriggerKeyValueByIdAndKey(FindTriggerKeyValueByIdAndKey), @@ -220,7 +220,7 @@ mod model { Id(IdBox), Identifiable(IdentifiableBox), Transaction(TransactionQueryOutput), - PermissionToken(crate::permission::PermissionToken), + Permission(crate::permission::Permission), LimitedMetadata(MetadataValueBox), Numeric(Numeric), BlockHeader(BlockHeader), @@ -359,7 +359,7 @@ impl_query! { FindAllRoleIds => Vec, FindRolesByAccountId => Vec, FindRoleByRoleId => crate::role::Role, - FindPermissionTokensByAccountId => Vec, + FindPermissionsByAccountId => Vec, FindAllAccounts => Vec, FindAccountById => crate::account::Account, FindAccountKeyValueByIdAndKey => MetadataValueBox, @@ -411,7 +411,7 @@ impl core::fmt::Display for QueryOutputBox { QueryOutputBox::Id(v) => core::fmt::Display::fmt(&v, f), QueryOutputBox::Identifiable(v) => core::fmt::Display::fmt(&v, f), QueryOutputBox::Transaction(_) => write!(f, "TransactionQueryOutput"), - QueryOutputBox::PermissionToken(v) => core::fmt::Display::fmt(&v, f), + QueryOutputBox::Permission(v) => core::fmt::Display::fmt(&v, f), QueryOutputBox::Block(v) => core::fmt::Display::fmt(&v, f), QueryOutputBox::BlockHeader(v) => core::fmt::Display::fmt(&v, f), QueryOutputBox::Numeric(v) => core::fmt::Display::fmt(&v, f), @@ -612,7 +612,7 @@ pub mod role { } pub mod permission { - //! Queries related to [`PermissionToken`]. + //! Queries related to [`Permission`]. #[cfg(not(feature = "std"))] use alloc::{format, string::String, vec::Vec}; @@ -624,14 +624,14 @@ pub mod permission { use crate::prelude::*; queries! { - /// [`FindPermissionTokensByAccountId`] Iroha Query finds all [`PermissionToken`]s + /// [`FindPermissionsByAccountId`] Iroha Query finds all [`Permission`]s /// for a specified account. #[derive(Display)] #[display(fmt = "Find permission tokens specified for `{id}` account")] #[repr(transparent)] - // SAFETY: `FindPermissionTokensByAccountId` has no trap representation in `EvaluatesTo` + // SAFETY: `FindPermissionsByAccountId` has no trap representation in `EvaluatesTo` #[ffi_type(unsafe {robust})] - pub struct FindPermissionTokensByAccountId { + pub struct FindPermissionsByAccountId { /// `Id` of an account to find. pub id: AccountId, } @@ -639,7 +639,7 @@ pub mod permission { /// The prelude re-exports most commonly used traits, structs and macros from this module. pub mod prelude { - pub use super::FindPermissionTokensByAccountId; + pub use super::FindPermissionsByAccountId; } } @@ -1491,8 +1491,8 @@ pub mod error { Trigger(TriggerId), /// Role with id `{0}` not found Role(RoleId), - /// Failed to find [`PermissionToken`] by id. - PermissionToken(PermissionTokenId), + /// Failed to find [`Permission`] by id. + Permission(PermissionId), /// Parameter with id `{0}` not found Parameter(ParameterId), /// Failed to find public key: `{0}` diff --git a/data_model/src/query/predicate.rs b/data_model/src/query/predicate.rs index 4b9e5bba77e..57dfab02558 100644 --- a/data_model/src/query/predicate.rs +++ b/data_model/src/query/predicate.rs @@ -601,7 +601,7 @@ pub mod string { IdBox::PeerId(id) => self.applies(&id.to_string()), IdBox::TriggerId(id) => self.applies(&id.to_string()), IdBox::RoleId(id) => self.applies(&id.to_string()), - IdBox::PermissionTokenId(id) => self.applies(&id.to_string()), + IdBox::PermissionId(id) => self.applies(&id.to_string()), IdBox::ParameterId(id) => self.applies(&id.to_string()), } } diff --git a/data_model/src/role.rs b/data_model/src/role.rs index 0fabd2042f8..d7479db5959 100644 --- a/data_model/src/role.rs +++ b/data_model/src/role.rs @@ -12,7 +12,7 @@ use serde::{Deserialize, Serialize}; pub use self::model::*; use crate::{ - permission::{PermissionToken, Permissions}, + permission::{Permission, Permissions}, Identifiable, Name, Registered, }; @@ -92,9 +92,9 @@ impl Role { NewRole::new(id) } - /// Get an iterator over [`permissions`](PermissionToken) of the `Role` + /// Get an iterator over [`permissions`](Permission) of the `Role` #[inline] - pub fn permissions(&self) -> impl ExactSizeIterator { + pub fn permissions(&self) -> impl ExactSizeIterator { self.permissions.iter() } } @@ -115,7 +115,7 @@ impl NewRole { /// Add permission to the [`Role`] #[must_use] #[inline] - pub fn add_permission(mut self, perm: impl Into) -> Self { + pub fn add_permission(mut self, perm: impl Into) -> Self { self.inner.permissions.insert(perm.into()); self } diff --git a/data_model/src/visit.rs b/data_model/src/visit.rs index 4d8eaf46a3b..4d5be970008 100644 --- a/data_model/src/visit.rs +++ b/data_model/src/visit.rs @@ -73,7 +73,7 @@ pub trait Visit { visit_find_block_header_by_hash(&FindBlockHeaderByHash), visit_find_domain_by_id(&FindDomainById), visit_find_domain_key_value_by_id_and_key(&FindDomainKeyValueByIdAndKey), - visit_find_permission_tokens_by_account_id(&FindPermissionTokensByAccountId), + visit_find_permissions_by_account_id(&FindPermissionsByAccountId), visit_find_role_by_role_id(&FindRoleByRoleId), visit_find_roles_by_account_id(&FindRolesByAccountId), visit_find_total_asset_quantity_by_asset_definition_id(&FindTotalAssetQuantityByAssetDefinitionId), @@ -132,14 +132,14 @@ pub trait Visit { visit_remove_trigger_key_value(&RemoveKeyValue), // Visit GrantBox - visit_grant_account_permission(&Grant), + visit_grant_account_permission(&Grant), visit_grant_account_role(&Grant), - visit_grant_role_permission(&Grant), + visit_grant_role_permission(&Grant), // Visit RevokeBox - visit_revoke_account_permission(&Revoke), + visit_revoke_account_permission(&Revoke), visit_revoke_account_role(&Revoke), - visit_revoke_role_permission(&Revoke), + visit_revoke_role_permission(&Revoke), } } @@ -198,7 +198,7 @@ pub fn visit_query(visitor: &mut V, authority: &AccountId, qu visit_find_block_header_by_hash(FindBlockHeaderByHash), visit_find_domain_by_id(FindDomainById), visit_find_domain_key_value_by_id_and_key(FindDomainKeyValueByIdAndKey), - visit_find_permission_tokens_by_account_id(FindPermissionTokensByAccountId), + visit_find_permissions_by_account_id(FindPermissionsByAccountId), visit_find_role_by_role_id(FindRoleByRoleId), visit_find_roles_by_account_id(FindRolesByAccountId), visit_find_total_asset_quantity_by_asset_definition_id(FindTotalAssetQuantityByAssetDefinitionId), @@ -357,17 +357,17 @@ pub fn visit_remove_key_value( pub fn visit_grant(visitor: &mut V, authority: &AccountId, isi: &GrantBox) { match isi { - GrantBox::PermissionToken(obj) => visitor.visit_grant_account_permission(authority, obj), + GrantBox::Permission(obj) => visitor.visit_grant_account_permission(authority, obj), GrantBox::Role(obj) => visitor.visit_grant_account_role(authority, obj), - GrantBox::RolePermissionToken(obj) => visitor.visit_grant_role_permission(authority, obj), + GrantBox::RolePermission(obj) => visitor.visit_grant_role_permission(authority, obj), } } pub fn visit_revoke(visitor: &mut V, authority: &AccountId, isi: &RevokeBox) { match isi { - RevokeBox::PermissionToken(obj) => visitor.visit_revoke_account_permission(authority, obj), + RevokeBox::Permission(obj) => visitor.visit_revoke_account_permission(authority, obj), RevokeBox::Role(obj) => visitor.visit_revoke_account_role(authority, obj), - RevokeBox::RolePermissionToken(obj) => visitor.visit_revoke_role_permission(authority, obj), + RevokeBox::RolePermission(obj) => visitor.visit_revoke_role_permission(authority, obj), } } @@ -407,14 +407,14 @@ leaf_visitors! { visit_remove_domain_key_value(&RemoveKeyValue), visit_register_peer(&Register), visit_unregister_peer(&Unregister), - visit_grant_account_permission(&Grant), - visit_revoke_account_permission(&Revoke), + visit_grant_account_permission(&Grant), + visit_revoke_account_permission(&Revoke), visit_register_role(&Register), visit_unregister_role(&Unregister), visit_grant_account_role(&Grant), visit_revoke_account_role(&Revoke), - visit_grant_role_permission(&Grant), - visit_revoke_role_permission(&Revoke), + visit_grant_role_permission(&Grant), + visit_revoke_role_permission(&Revoke), visit_register_trigger(&Register), visit_unregister_trigger(&Unregister), visit_mint_trigger_repetitions(&Mint), @@ -455,7 +455,7 @@ leaf_visitors! { visit_find_block_header_by_hash(&FindBlockHeaderByHash), visit_find_domain_by_id(&FindDomainById), visit_find_domain_key_value_by_id_and_key(&FindDomainKeyValueByIdAndKey), - visit_find_permission_tokens_by_account_id(&FindPermissionTokensByAccountId), + visit_find_permissions_by_account_id(&FindPermissionsByAccountId), visit_find_role_by_role_id(&FindRoleByRoleId), visit_find_roles_by_account_id(&FindRolesByAccountId), visit_find_total_asset_quantity_by_asset_definition_id(&FindTotalAssetQuantityByAssetDefinitionId), diff --git a/default_executor/src/lib.rs b/default_executor/src/lib.rs index aff692e18cd..dfe74c496a9 100644 --- a/default_executor/src/lib.rs +++ b/default_executor/src/lib.rs @@ -53,7 +53,7 @@ pub fn migrate(block_height: u64) -> MigrationResult { Executor::ensure_genesis(block_height)?; let mut data_model = DataModelBuilder::new(); - data_model.extend_with_default_permission_tokens(); + data_model.extend_with_default_permissions(); iroha_executor::set_data_model(&data_model.serialize()); Ok(()) diff --git a/docs/source/references/schema.json b/docs/source/references/schema.json index 31875428d3c..7bba7aea6ed 100644 --- a/docs/source/references/schema.json +++ b/docs/source/references/schema.json @@ -157,7 +157,7 @@ }, { "name": "permission_id", - "type": "PermissionTokenId" + "type": "PermissionId" } ] }, @@ -1176,11 +1176,11 @@ "type": "JsonString" }, { - "name": "permission_token_ids", - "type": "SortedVec" + "name": "permissions", + "type": "SortedVec" }, { - "name": "parameter_ids", + "name": "parameters", "type": "SortedVec" } ] @@ -1458,9 +1458,9 @@ "type": "RoleId" }, { - "tag": "PermissionToken", + "tag": "Permission", "discriminant": 10, - "type": "PermissionTokenId" + "type": "PermissionId" }, { "tag": "Parameter", @@ -1475,7 +1475,7 @@ ] }, "FindExecutorDataModel": null, - "FindPermissionTokensByAccountId": { + "FindPermissionsByAccountId": { "Struct": [ { "name": "id", @@ -1587,11 +1587,11 @@ } ] }, - "Grant": { + "Grant": { "Struct": [ { "name": "object", - "type": "PermissionToken" + "type": "Permission" }, { "name": "destination_id", @@ -1599,11 +1599,11 @@ } ] }, - "Grant": { + "Grant": { "Struct": [ { "name": "object", - "type": "PermissionToken" + "type": "Permission" }, { "name": "destination_id", @@ -1626,9 +1626,9 @@ "GrantBox": { "Enum": [ { - "tag": "PermissionToken", + "tag": "Permission", "discriminant": 0, - "type": "Grant" + "type": "Grant" }, { "tag": "Role", @@ -1636,9 +1636,9 @@ "type": "Grant" }, { - "tag": "RolePermissionToken", + "tag": "RolePermission", "discriminant": 2, - "type": "Grant" + "type": "Grant" } ] }, @@ -1684,9 +1684,9 @@ "type": "RoleId" }, { - "tag": "PermissionTokenId", + "tag": "PermissionId", "discriminant": 7, - "type": "PermissionTokenId" + "type": "PermissionId" }, { "tag": "ParameterId", @@ -2481,7 +2481,7 @@ "Parameter": { "Struct": [ { - "name": "definition_id", + "name": "id", "type": "ParameterId" }, { @@ -2559,11 +2559,11 @@ } ] }, - "PermissionToken": { + "Permission": { "Struct": [ { - "name": "definition_id", - "type": "PermissionTokenId" + "name": "id", + "type": "PermissionId" }, { "name": "payload", @@ -2571,7 +2571,7 @@ } ] }, - "PermissionTokenId": { + "PermissionId": { "Struct": [ { "name": "name", @@ -2762,9 +2762,9 @@ "type": "FindTransactionByHash" }, { - "tag": "FindPermissionTokensByAccountId", + "tag": "FindPermissionsByAccountId", "discriminant": 28, - "type": "FindPermissionTokensByAccountId" + "type": "FindPermissionsByAccountId" }, { "tag": "FindAllActiveTriggerIds", @@ -2867,9 +2867,9 @@ "type": "TransactionQueryOutput" }, { - "tag": "PermissionToken", + "tag": "Permission", "discriminant": 3, - "type": "PermissionToken" + "type": "Permission" }, { "tag": "LimitedMetadata", @@ -3145,11 +3145,11 @@ } ] }, - "Revoke": { + "Revoke": { "Struct": [ { "name": "object", - "type": "PermissionToken" + "type": "Permission" }, { "name": "destination_id", @@ -3157,11 +3157,11 @@ } ] }, - "Revoke": { + "Revoke": { "Struct": [ { "name": "object", - "type": "PermissionToken" + "type": "Permission" }, { "name": "destination_id", @@ -3184,9 +3184,9 @@ "RevokeBox": { "Enum": [ { - "tag": "PermissionToken", + "tag": "Permission", "discriminant": 0, - "type": "Revoke" + "type": "Revoke" }, { "tag": "Role", @@ -3194,9 +3194,9 @@ "type": "Revoke" }, { - "tag": "RolePermissionToken", + "tag": "RolePermission", "discriminant": 2, - "type": "Revoke" + "type": "Revoke" } ] }, @@ -3208,7 +3208,7 @@ }, { "name": "permissions", - "type": "SortedVec" + "type": "SortedVec" } ] }, @@ -3286,8 +3286,8 @@ "type": "RoleId" }, { - "name": "permission_token_id", - "type": "PermissionTokenId" + "name": "permission_id", + "type": "PermissionId" } ] }, @@ -3639,11 +3639,11 @@ "SortedVec": { "Vec": "ParameterId" }, - "SortedVec": { - "Vec": "PermissionToken" + "SortedVec": { + "Vec": "Permission" }, - "SortedVec": { - "Vec": "PermissionTokenId" + "SortedVec": { + "Vec": "PermissionId" }, "SortedVec>": { "Vec": "SignatureOf" diff --git a/schema/gen/src/lib.rs b/schema/gen/src/lib.rs index 94f486cdfe6..f75cdc1cda9 100644 --- a/schema/gen/src/lib.rs +++ b/schema/gen/src/lib.rs @@ -89,7 +89,7 @@ types!( BTreeMap, BTreeMap, BTreeMap, - BTreeSet, + BTreeSet, BTreeSet>, BatchedResponse, BatchedResponseV1, @@ -172,7 +172,7 @@ types!( FindDomainById, FindDomainKeyValueByIdAndKey, FindError, - FindPermissionTokensByAccountId, + FindPermissionsByAccountId, FindRoleByRoleId, FindRolesByAccountId, FindTotalAssetQuantityByAssetDefinitionId, @@ -182,8 +182,8 @@ types!( FindTriggerKeyValueByIdAndKey, FindTriggersByDomainId, ForwardCursor, - Grant, - Grant, + Grant, + Grant, Grant, GrantBox, Hash, @@ -264,7 +264,7 @@ types!( PeerEventSet, PeerId, RolePermissionChanged, - PermissionToken, + Permission, PipelineEventBox, PipelineEventFilterBox, PredicateBox, @@ -289,8 +289,8 @@ types!( RemoveKeyValueBox, Repeats, RepetitionError, - Revoke, - Revoke, + Revoke, + Revoke, Revoke, RevokeBox, Role, diff --git a/smart_contract/executor/derive/src/default.rs b/smart_contract/executor/derive/src/default.rs index a03c50fa989..9cd6fc480a0 100644 --- a/smart_contract/executor/derive/src/default.rs +++ b/smart_contract/executor/derive/src/default.rs @@ -142,14 +142,14 @@ pub fn impl_derive_visit(emitter: &mut Emitter, input: &syn::DeriveInput) -> Tok "fn visit_transfer_asset_definition(operation: &Transfer)", "fn visit_set_asset_definition_key_value(operation: &SetKeyValue)", "fn visit_remove_asset_definition_key_value(operation: &RemoveKeyValue)", - "fn visit_grant_account_permission(operation: &Grant)", - "fn visit_revoke_account_permission(operation: &Revoke)", + "fn visit_grant_account_permission(operation: &Grant)", + "fn visit_revoke_account_permission(operation: &Revoke)", "fn visit_register_role(operation: &Register)", "fn visit_unregister_role(operation: &Unregister)", "fn visit_grant_account_role(operation: &Grant)", "fn visit_revoke_account_role(operation: &Revoke)", - "fn visit_grant_role_permission(operation: &Grant)", - "fn visit_revoke_role_permission(operation: &Revoke)", + "fn visit_grant_role_permission(operation: &Grant)", + "fn visit_revoke_role_permission(operation: &Revoke)", "fn visit_register_trigger(operation: &Register)", "fn visit_unregister_trigger(operation: &Unregister)", "fn visit_mint_trigger_repetitions(operation: &Mint)", diff --git a/smart_contract/executor/derive/src/entrypoint.rs b/smart_contract/executor/derive/src/entrypoint.rs index 222a37639b1..3f115743045 100644 --- a/smart_contract/executor/derive/src/entrypoint.rs +++ b/smart_contract/executor/derive/src/entrypoint.rs @@ -144,6 +144,7 @@ fn impl_migrate_entrypoint(fn_item: syn::ItemFn) -> TokenStream { let migrate_fn_name = syn::Ident::new(export::EXECUTOR_MIGRATE, proc_macro2::Span::call_site()); + // FIXME: is doc accurate? quote! { /// Executor `permission_token_schema` entrypoint /// diff --git a/smart_contract/executor/derive/src/lib.rs b/smart_contract/executor/derive/src/lib.rs index 7e605a9adb0..8009a980afa 100644 --- a/smart_contract/executor/derive/src/lib.rs +++ b/smart_contract/executor/derive/src/lib.rs @@ -7,7 +7,7 @@ use proc_macro2::TokenStream; mod conversion; mod default; mod entrypoint; -mod token; +mod permission; mod validate; /// Annotate the user-defined function that starts the execution of a executor. @@ -64,14 +64,14 @@ pub fn entrypoint(attr: TokenStream, item: TokenStream) -> TokenStream { emitter.finish_token_stream_with(result) } -/// Derive macro for `Token` trait. +/// Derive macro for `Permission` trait. /// /// # Example /// /// ```ignore /// use iroha_executor::{permission, prelude::*}; /// -/// #[derive(Token, ValidateGrantRevoke, permission::derive_conversions::asset::Owner)] +/// #[derive(Permission, ValidateGrantRevoke, permission::derive_conversions::asset::Owner)] /// #[validate(permission::asset::Owner)] /// struct CanDoSomethingWithAsset { /// some_data: String, @@ -93,11 +93,11 @@ pub fn entrypoint(attr: TokenStream, item: TokenStream) -> TokenStream { /// } /// ``` #[manyhow] -#[proc_macro_derive(Token)] -pub fn derive_token(input: TokenStream) -> Result { +#[proc_macro_derive(Permission)] +pub fn derive_permission(input: TokenStream) -> Result { let input = syn::parse2(input)?; - Ok(token::impl_derive_token(&input)) + Ok(permission::impl_derive_permission(&input)) } /// Derive macro for `ValidateGrantRevoke` trait. @@ -149,13 +149,13 @@ pub fn derive_token(input: TokenStream) -> Result { /// /// # Example /// -/// See [`Token`] derive macro example. +/// See [`Permission`] derive macro example. // // TODO: Add combinators (#3255). // Example: // // ``` -// #[derive(Token, ValidateGrantRevoke)] +// #[derive(Permission, ValidateGrantRevoke)] // #[validate(Creator || Admin)] // pub struct CanDoSomethingWithAsset { // ... diff --git a/smart_contract/executor/derive/src/token.rs b/smart_contract/executor/derive/src/permission.rs similarity index 71% rename from smart_contract/executor/derive/src/token.rs rename to smart_contract/executor/derive/src/permission.rs index a92a17384fc..bf1d6bd151d 100644 --- a/smart_contract/executor/derive/src/token.rs +++ b/smart_contract/executor/derive/src/permission.rs @@ -1,24 +1,24 @@ -//! Module with [`derive_token`](crate::derive_token) macro implementation +//! Module with [`derive_permission`](crate::derive_permission) macro implementation use proc_macro2::TokenStream; use quote::quote; -/// [`derive_token`](crate::derive_token()) macro implementation -pub fn impl_derive_token(input: &syn::DeriveInput) -> TokenStream { +/// [`derive_permission`](crate::derive_permission()) macro implementation +pub fn impl_derive_permission(input: &syn::DeriveInput) -> TokenStream { let generics = &input.generics; let ident = &input.ident; let (impl_generics, ty_generics, where_clause) = generics.split_for_impl(); quote! { - impl #impl_generics ::iroha_executor::permission::Token for #ident #ty_generics #where_clause { + impl #impl_generics ::iroha_executor::permission::Permission for #ident #ty_generics #where_clause { fn is_owned_by(&self, account_id: &::iroha_executor::data_model::account::AccountId) -> bool { let account_tokens_cursor = ::iroha_executor::smart_contract::debug::DebugExpectExt::dbg_expect( ::iroha_executor::smart_contract::ExecuteQueryOnHost::execute( - &::iroha_executor::data_model::query::permission::FindPermissionTokensByAccountId::new( + &::iroha_executor::data_model::query::permission::FindPermissionsByAccountId::new( account_id.clone(), ) ), - "Failed to execute `FindPermissionTokensByAccountId` query" + "Failed to execute `FindPermissionsByAccountId` query" ); account_tokens_cursor diff --git a/smart_contract/executor/src/default.rs b/smart_contract/executor/src/default.rs index 6ede7b3bbdb..d34feb8f4fd 100644 --- a/smart_contract/executor/src/default.rs +++ b/smart_contract/executor/src/default.rs @@ -1,7 +1,7 @@ //! Definition of Iroha default executor and accompanying validation functions #![allow(missing_docs, clippy::missing_errors_doc)] -pub mod tokens; +pub mod permissions; use alloc::format; @@ -40,7 +40,7 @@ pub use trigger::{ visit_unregister_trigger, }; -use crate::{permission, permission::Token as _, prelude::*}; +use crate::{permission, permission::Permission as _, prelude::*}; // NOTE: If any new `visit_..` functions are introduced in this module, one should // not forget to update the default executor boilerplate too, specifically the @@ -146,7 +146,7 @@ pub mod peer { if is_genesis(executor) { execute!(executor, isi); } - if tokens::peer::CanUnregisterAnyPeer.is_owned_by(authority) { + if permissions::peer::CanUnregisterAnyPeer.is_owned_by(authority) { execute!(executor, isi); } @@ -155,12 +155,11 @@ pub mod peer { } pub mod domain { - use iroha_smart_contract::data_model::{domain::DomainId, permission::PermissionToken}; + use iroha_smart_contract::data_model::{domain::DomainId, permission::Permission}; use permission::{ - account::is_account_owner, accounts_permission_tokens, domain::is_domain_owner, - roles_permission_tokens, + account::is_account_owner, accounts_permissions, domain::is_domain_owner, roles_permissions, }; - use tokens::AnyPermissionToken; + use permissions::AnyPermissionToken; use super::*; @@ -185,13 +184,13 @@ pub mod domain { Ok(is_domain_owner) => is_domain_owner, } || { - let can_unregister_domain_token = tokens::domain::CanUnregisterDomain { + let can_unregister_domain_token = permissions::domain::CanUnregisterDomain { domain_id: domain_id.clone(), }; can_unregister_domain_token.is_owned_by(authority) } { - for (owner_id, permission) in accounts_permission_tokens() { + for (owner_id, permission) in accounts_permissions() { if is_token_domain_associated(&permission, domain_id) { let isi = Revoke::permission(permission, owner_id.clone()); if let Err(_err) = isi.execute() { @@ -199,7 +198,7 @@ pub mod domain { } } } - for (role_id, permission) in roles_permission_tokens() { + for (role_id, permission) in roles_permissions() { if is_token_domain_associated(&permission, domain_id) { let isi = Revoke::role_permission(permission, role_id.clone()); if let Err(_err) = isi.execute() { @@ -252,7 +251,7 @@ pub mod domain { Ok(true) => execute!(executor, isi), Ok(false) => {} } - let can_set_key_value_in_domain_token = tokens::domain::CanSetKeyValueInDomain { + let can_set_key_value_in_domain_token = permissions::domain::CanSetKeyValueInDomain { domain_id: domain_id.clone(), }; if can_set_key_value_in_domain_token.is_owned_by(authority) { @@ -277,7 +276,7 @@ pub mod domain { Ok(true) => execute!(executor, isi), Ok(false) => {} } - let can_remove_key_value_in_domain_token = tokens::domain::CanRemoveKeyValueInDomain { + let can_remove_key_value_in_domain_token = permissions::domain::CanRemoveKeyValueInDomain { domain_id: domain_id.clone(), }; if can_remove_key_value_in_domain_token.is_owned_by(authority) { @@ -288,7 +287,7 @@ pub mod domain { } #[allow(clippy::too_many_lines)] - fn is_token_domain_associated(permission: &PermissionToken, domain_id: &DomainId) -> bool { + fn is_token_domain_associated(permission: &Permission, domain_id: &DomainId) -> bool { let Ok(permission) = AnyPermissionToken::try_from(permission) else { return false; }; @@ -406,11 +405,9 @@ pub mod domain { } pub mod account { - use iroha_smart_contract::data_model::permission::PermissionToken; - use permission::{ - account::is_account_owner, accounts_permission_tokens, roles_permission_tokens, - }; - use tokens::AnyPermissionToken; + use iroha_smart_contract::data_model::permission::Permission; + use permission::{account::is_account_owner, accounts_permissions, roles_permissions}; + use permissions::AnyPermissionToken; use super::*; @@ -427,7 +424,7 @@ pub mod account { Ok(false) => {} } - let can_register_account_in_domain = tokens::domain::CanRegisterAccountInDomain { + let can_register_account_in_domain = permissions::domain::CanRegisterAccountInDomain { domain_id: domain_id.clone(), }; if can_register_account_in_domain.is_owned_by(authority) { @@ -453,13 +450,13 @@ pub mod account { Ok(is_account_owner) => is_account_owner, } || { - let can_unregister_user_account = tokens::account::CanUnregisterAccount { + let can_unregister_user_account = permissions::account::CanUnregisterAccount { account_id: account_id.clone(), }; can_unregister_user_account.is_owned_by(authority) } { - for (owner_id, permission) in accounts_permission_tokens() { + for (owner_id, permission) in accounts_permissions() { if is_token_account_associated(&permission, account_id) { let isi = Revoke::permission(permission, owner_id.clone()); if let Err(_err) = isi.execute() { @@ -467,7 +464,7 @@ pub mod account { } } } - for (role_id, permission) in roles_permission_tokens() { + for (role_id, permission) in roles_permissions() { if is_token_account_associated(&permission, account_id) { let isi = Revoke::role_permission(permission, role_id.clone()); if let Err(_err) = isi.execute() { @@ -495,9 +492,10 @@ pub mod account { Ok(true) => execute!(executor, isi), Ok(false) => {} } - let can_set_key_value_in_user_account_token = tokens::account::CanSetKeyValueInAccount { - account_id: account_id.clone(), - }; + let can_set_key_value_in_user_account_token = + permissions::account::CanSetKeyValueInAccount { + account_id: account_id.clone(), + }; if can_set_key_value_in_user_account_token.is_owned_by(authority) { execute!(executor, isi); } @@ -524,7 +522,7 @@ pub mod account { Ok(false) => {} } let can_remove_key_value_in_user_account_token = - tokens::account::CanRemoveKeyValueInAccount { + permissions::account::CanRemoveKeyValueInAccount { account_id: account_id.clone(), }; if can_remove_key_value_in_user_account_token.is_owned_by(authority) { @@ -537,7 +535,7 @@ pub mod account { ); } - fn is_token_account_associated(permission: &PermissionToken, account_id: &AccountId) -> bool { + fn is_token_account_associated(permission: &Permission, account_id: &AccountId) -> bool { let Ok(permission) = AnyPermissionToken::try_from(permission) else { return false; }; @@ -611,12 +609,12 @@ pub mod account { } pub mod asset_definition { - use iroha_smart_contract::data_model::{asset::AssetDefinitionId, permission::PermissionToken}; + use iroha_smart_contract::data_model::{asset::AssetDefinitionId, permission::Permission}; use permission::{ - account::is_account_owner, accounts_permission_tokens, - asset_definition::is_asset_definition_owner, roles_permission_tokens, + account::is_account_owner, accounts_permissions, + asset_definition::is_asset_definition_owner, roles_permissions, }; - use tokens::AnyPermissionToken; + use permissions::AnyPermissionToken; use super::*; @@ -634,7 +632,7 @@ pub mod asset_definition { } let can_register_asset_definition_in_domain_token = - tokens::domain::CanRegisterAssetDefinitionInDomain { + permissions::domain::CanRegisterAssetDefinitionInDomain { domain_id: domain_id.clone(), }; if can_register_asset_definition_in_domain_token.is_owned_by(authority) { @@ -661,13 +659,13 @@ pub mod asset_definition { } || { let can_unregister_asset_definition_token = - tokens::asset_definition::CanUnregisterAssetDefinition { + permissions::asset_definition::CanUnregisterAssetDefinition { asset_definition_id: asset_definition_id.clone(), }; can_unregister_asset_definition_token.is_owned_by(authority) } { - for (owner_id, permission) in accounts_permission_tokens() { + for (owner_id, permission) in accounts_permissions() { if is_token_asset_definition_associated(&permission, asset_definition_id) { let isi = Revoke::permission(permission, owner_id.clone()); if let Err(_err) = isi.execute() { @@ -675,7 +673,7 @@ pub mod asset_definition { } } } - for (role_id, permission) in roles_permission_tokens() { + for (role_id, permission) in roles_permissions() { if is_token_asset_definition_associated(&permission, asset_definition_id) { let isi = Revoke::role_permission(permission, role_id.clone()); if let Err(_err) = isi.execute() { @@ -735,7 +733,7 @@ pub mod asset_definition { Ok(false) => {} } let can_set_key_value_in_asset_definition_token = - tokens::asset_definition::CanSetKeyValueInAssetDefinition { + permissions::asset_definition::CanSetKeyValueInAssetDefinition { asset_definition_id: asset_definition_id.clone(), }; if can_set_key_value_in_asset_definition_token.is_owned_by(authority) { @@ -764,7 +762,7 @@ pub mod asset_definition { Ok(false) => {} } let can_remove_key_value_in_asset_definition_token = - tokens::asset_definition::CanRemoveKeyValueInAssetDefinition { + permissions::asset_definition::CanRemoveKeyValueInAssetDefinition { asset_definition_id: asset_definition_id.clone(), }; if can_remove_key_value_in_asset_definition_token.is_owned_by(authority) { @@ -778,7 +776,7 @@ pub mod asset_definition { } fn is_token_asset_definition_associated( - permission: &PermissionToken, + permission: &Permission, asset_definition_id: &AssetDefinitionId, ) -> bool { let Ok(permission) = AnyPermissionToken::try_from(permission) else { @@ -882,7 +880,7 @@ pub mod asset { Ok(false) => {} } let can_register_assets_with_definition_token = - tokens::asset::CanRegisterAssetWithDefinition { + permissions::asset::CanRegisterAssetWithDefinition { asset_definition_id: asset.id().definition_id().clone(), }; if can_register_assets_with_definition_token.is_owned_by(authority) { @@ -916,13 +914,13 @@ pub mod asset { Ok(false) => {} } let can_unregister_assets_with_definition_token = - tokens::asset::CanUnregisterAssetWithDefinition { + permissions::asset::CanUnregisterAssetWithDefinition { asset_definition_id: asset_id.definition_id().clone(), }; if can_unregister_assets_with_definition_token.is_owned_by(authority) { execute!(executor, isi); } - let can_unregister_user_asset_token = tokens::asset::CanUnregisterUserAsset { + let can_unregister_user_asset_token = permissions::asset::CanUnregisterUserAsset { asset_id: asset_id.clone(), }; if can_unregister_user_asset_token.is_owned_by(authority) { @@ -947,13 +945,14 @@ pub mod asset { Ok(true) => execute!(executor, isi), Ok(false) => {} } - let can_mint_assets_with_definition_token = tokens::asset::CanMintAssetWithDefinition { - asset_definition_id: asset_id.definition_id().clone(), - }; + let can_mint_assets_with_definition_token = + permissions::asset::CanMintAssetWithDefinition { + asset_definition_id: asset_id.definition_id().clone(), + }; if can_mint_assets_with_definition_token.is_owned_by(authority) { execute!(executor, isi); } - let can_mint_user_asset_token = tokens::asset::CanMintUserAsset { + let can_mint_user_asset_token = permissions::asset::CanMintUserAsset { asset_id: asset_id.clone(), }; if can_mint_user_asset_token.is_owned_by(authority) { @@ -994,13 +993,14 @@ pub mod asset { Ok(true) => execute!(executor, isi), Ok(false) => {} } - let can_burn_assets_with_definition_token = tokens::asset::CanBurnAssetWithDefinition { - asset_definition_id: asset_id.definition_id().clone(), - }; + let can_burn_assets_with_definition_token = + permissions::asset::CanBurnAssetWithDefinition { + asset_definition_id: asset_id.definition_id().clone(), + }; if can_burn_assets_with_definition_token.is_owned_by(authority) { execute!(executor, isi); } - let can_burn_user_asset_token = tokens::asset::CanBurnUserAsset { + let can_burn_user_asset_token = permissions::asset::CanBurnUserAsset { asset_id: asset_id.clone(), }; if can_burn_user_asset_token.is_owned_by(authority) { @@ -1042,13 +1042,13 @@ pub mod asset { Ok(false) => {} } let can_transfer_assets_with_definition_token = - tokens::asset::CanTransferAssetWithDefinition { + permissions::asset::CanTransferAssetWithDefinition { asset_definition_id: asset_id.definition_id().clone(), }; if can_transfer_assets_with_definition_token.is_owned_by(authority) { execute!(executor, isi); } - let can_transfer_user_asset_token = tokens::asset::CanTransferUserAsset { + let can_transfer_user_asset_token = permissions::asset::CanTransferUserAsset { asset_id: asset_id.clone(), }; if can_transfer_user_asset_token.is_owned_by(authority) { @@ -1090,7 +1090,7 @@ pub mod asset { Ok(false) => {} } - let can_set_key_value_in_user_asset_token = tokens::asset::CanSetKeyValueInUserAsset { + let can_set_key_value_in_user_asset_token = permissions::asset::CanSetKeyValueInUserAsset { asset_id: asset_id.clone(), }; if can_set_key_value_in_user_asset_token.is_owned_by(authority) { @@ -1119,7 +1119,7 @@ pub mod asset { Ok(false) => {} } let can_remove_key_value_in_user_asset_token = - tokens::asset::CanRemoveKeyValueInUserAsset { + permissions::asset::CanRemoveKeyValueInUserAsset { asset_id: asset_id.clone(), }; if can_remove_key_value_in_user_asset_token.is_owned_by(authority) { @@ -1145,7 +1145,7 @@ pub mod parameter { if is_genesis(executor) { execute!(executor, isi); } - if tokens::parameter::CanSetParameters.is_owned_by(authority) { + if permissions::parameter::CanSetParameters.is_owned_by(authority) { execute!(executor, isi); } @@ -1158,7 +1158,7 @@ pub mod parameter { pub mod role { use iroha_smart_contract::data_model::role::Role; - use role::tokens::AnyPermissionToken; + use role::permissions::AnyPermissionToken; use super::*; @@ -1206,7 +1206,7 @@ pub mod role { let token = $isi.object(); if let Ok(any_token) = AnyPermissionToken::try_from(token) { - let token = PermissionToken::from(any_token.clone()); + let token = Permission::from(any_token.clone()); let isi = <$isi_type>::role_permission(token, role_id); if is_genesis($executor) { execute!($executor, isi); @@ -1244,7 +1244,7 @@ pub mod role { iroha_smart_contract::debug!(&format!("Checking `{token:?}`")); if let Ok(any_token) = AnyPermissionToken::try_from(token) { - let token = PermissionToken::from(any_token); + let token = Permission::from(any_token); new_role = new_role.add_permission(token); continue; } @@ -1274,7 +1274,7 @@ pub mod role { if is_genesis(executor) { execute!(executor, isi); } - if tokens::role::CanUnregisterAnyRole.is_owned_by(authority) { + if permissions::role::CanUnregisterAnyRole.is_owned_by(authority) { execute!(executor, isi); } @@ -1300,26 +1300,24 @@ pub mod role { pub fn visit_grant_role_permission( executor: &mut V, authority: &AccountId, - isi: &Grant, + isi: &Grant, ) { - impl_validate_grant_revoke_role_permission!(executor, isi, authority, validate_grant, Grant); + impl_validate_grant_revoke_role_permission!(executor, isi, authority, validate_grant, Grant); } pub fn visit_revoke_role_permission( executor: &mut V, authority: &AccountId, - isi: &Revoke, + isi: &Revoke, ) { - impl_validate_grant_revoke_role_permission!(executor, isi, authority, validate_revoke, Revoke); + impl_validate_grant_revoke_role_permission!(executor, isi, authority, validate_revoke, Revoke); } } pub mod trigger { - use iroha_smart_contract::data_model::{permission::PermissionToken, trigger::Trigger}; - use permission::{ - accounts_permission_tokens, roles_permission_tokens, trigger::is_trigger_owner, - }; - use tokens::AnyPermissionToken; + use iroha_smart_contract::data_model::{permission::Permission, trigger::Trigger}; + use permission::{accounts_permissions, roles_permissions, trigger::is_trigger_owner}; + use permissions::AnyPermissionToken; use super::*; @@ -1344,13 +1342,14 @@ pub mod trigger { Ok(is_trigger_owner) => is_trigger_owner, } || { - let can_unregister_user_trigger_token = tokens::trigger::CanUnregisterUserTrigger { - trigger_id: trigger_id.clone(), - }; + let can_unregister_user_trigger_token = + permissions::trigger::CanUnregisterUserTrigger { + trigger_id: trigger_id.clone(), + }; can_unregister_user_trigger_token.is_owned_by(authority) } { - for (owner_id, permission) in accounts_permission_tokens() { + for (owner_id, permission) in accounts_permissions() { if is_token_trigger_associated(&permission, trigger_id) { let isi = Revoke::permission(permission, owner_id.clone()); if let Err(_err) = isi.execute() { @@ -1358,7 +1357,7 @@ pub mod trigger { } } } - for (role_id, permission) in roles_permission_tokens() { + for (role_id, permission) in roles_permissions() { if is_token_trigger_associated(&permission, trigger_id) { let isi = Revoke::role_permission(permission, role_id.clone()); if let Err(_err) = isi.execute() { @@ -1389,7 +1388,7 @@ pub mod trigger { Ok(true) => execute!(executor, isi), Ok(false) => {} } - let can_mint_user_trigger_token = tokens::trigger::CanMintUserTrigger { + let can_mint_user_trigger_token = permissions::trigger::CanMintUserTrigger { trigger_id: trigger_id.clone(), }; if can_mint_user_trigger_token.is_owned_by(authority) { @@ -1417,7 +1416,7 @@ pub mod trigger { Ok(true) => execute!(executor, isi), Ok(false) => {} } - let can_mint_user_trigger_token = tokens::trigger::CanBurnUserTrigger { + let can_mint_user_trigger_token = permissions::trigger::CanBurnUserTrigger { trigger_id: trigger_id.clone(), }; if can_mint_user_trigger_token.is_owned_by(authority) { @@ -1445,7 +1444,7 @@ pub mod trigger { Ok(true) => execute!(executor, isi), Ok(false) => {} } - let can_execute_trigger_token = tokens::trigger::CanExecuteUserTrigger { + let can_execute_trigger_token = permissions::trigger::CanExecuteUserTrigger { trigger_id: trigger_id.clone(), }; if can_execute_trigger_token.is_owned_by(authority) { @@ -1470,9 +1469,10 @@ pub mod trigger { Ok(true) => execute!(executor, isi), Ok(false) => {} } - let can_set_key_value_in_user_trigger_token = tokens::trigger::CanSetKeyValueInTrigger { - trigger_id: trigger_id.clone(), - }; + let can_set_key_value_in_user_trigger_token = + permissions::trigger::CanSetKeyValueInTrigger { + trigger_id: trigger_id.clone(), + }; if can_set_key_value_in_user_trigger_token.is_owned_by(authority) { execute!(executor, isi); } @@ -1498,9 +1498,10 @@ pub mod trigger { Ok(true) => execute!(executor, isi), Ok(false) => {} } - let can_remove_key_value_in_trigger_token = tokens::trigger::CanRemoveKeyValueInTrigger { - trigger_id: trigger_id.clone(), - }; + let can_remove_key_value_in_trigger_token = + permissions::trigger::CanRemoveKeyValueInTrigger { + trigger_id: trigger_id.clone(), + }; if can_remove_key_value_in_trigger_token.is_owned_by(authority) { execute!(executor, isi); } @@ -1511,7 +1512,7 @@ pub mod trigger { ); } - fn is_token_trigger_associated(permission: &PermissionToken, trigger_id: &TriggerId) -> bool { + fn is_token_trigger_associated(permission: &Permission, trigger_id: &TriggerId) -> bool { let Ok(permission) = AnyPermissionToken::try_from(permission) else { return false; }; @@ -1573,7 +1574,7 @@ pub mod trigger { } pub mod permission_token { - use tokens::AnyPermissionToken; + use permissions::AnyPermissionToken; use super::*; @@ -1583,7 +1584,7 @@ pub mod permission_token { let token = $isi.object(); if let Ok(any_token) = AnyPermissionToken::try_from(token) { - let token = PermissionToken::from(any_token.clone()); + let token = Permission::from(any_token.clone()); let isi = <$isi_type>::permission(token, account_id); if is_genesis($executor) { execute!($executor, isi); @@ -1609,28 +1610,28 @@ pub mod permission_token { pub fn visit_grant_account_permission( executor: &mut V, authority: &AccountId, - isi: &Grant, + isi: &Grant, ) { impl_validate!( executor, authority, isi, validate_grant, - Grant + Grant ); } pub fn visit_revoke_account_permission( executor: &mut V, authority: &AccountId, - isi: &Revoke, + isi: &Revoke, ) { impl_validate!( executor, authority, isi, validate_revoke, - Revoke + Revoke ); } } @@ -1647,7 +1648,7 @@ pub mod executor { if is_genesis(executor) { execute!(executor, isi); } - if tokens::executor::CanUpgradeExecutor.is_owned_by(authority) { + if permissions::executor::CanUpgradeExecutor.is_owned_by(authority) { execute!(executor, isi); } diff --git a/smart_contract/executor/src/default/tokens.rs b/smart_contract/executor/src/default/permissions.rs similarity index 83% rename from smart_contract/executor/src/default/tokens.rs rename to smart_contract/executor/src/default/permissions.rs index a8296d9ee1a..47c70d4db87 100644 --- a/smart_contract/executor/src/default/tokens.rs +++ b/smart_contract/executor/src/default/permissions.rs @@ -11,7 +11,7 @@ use alloc::{ use iroha_executor_derive::ValidateGrantRevoke; use iroha_smart_contract::data_model::{executor::Result, prelude::*}; -use crate::permission::{self, Token as _}; +use crate::permission::{self, Permission as _}; /// Declare token types of current module. Use it with a full path to the token. /// Used to iterate over tokens to validate `Grant` and `Revoke` instructions. @@ -47,10 +47,10 @@ macro_rules! declare_tokens { $token_ty($($token_path::)+$token_ty), )* } - impl TryFrom<&$crate::data_model::permission::PermissionToken> for AnyPermissionToken { + impl TryFrom<&$crate::data_model::permission::Permission> for AnyPermissionToken { type Error = $crate::ConvertDataModelObjectError; - fn try_from(token: &$crate::data_model::permission::PermissionToken) -> Result { + fn try_from(token: &$crate::data_model::permission::Permission) -> Result { match token.id().borrow() { $( stringify!($token_ty) => { let token = <$($token_path::)+$token_ty>::try_from_object(token)?; @@ -61,7 +61,7 @@ macro_rules! declare_tokens { } } - impl From for $crate::data_model::permission::PermissionToken { + impl From for $crate::data_model::permission::Permission { fn from(token: AnyPermissionToken) -> Self { match token { $( AnyPermissionToken::$token_ty(token) => token.into_object(), )* @@ -90,7 +90,7 @@ macro_rules! declare_tokens { macro_rules! token { ($($meta:meta)* $item:item) => { #[derive(PartialEq, Eq, serde::Serialize, serde::Deserialize)] - #[derive(Clone, iroha_executor_derive::Token)] + #[derive(Clone, iroha_executor_derive::Permission)] #[derive(iroha_schema::IntoSchema)] $($meta)* $item @@ -98,54 +98,54 @@ macro_rules! token { } declare_tokens! { - crate::default::tokens::peer::{CanUnregisterAnyPeer}, - - crate::default::tokens::domain::{CanUnregisterDomain}, - crate::default::tokens::domain::{CanSetKeyValueInDomain}, - crate::default::tokens::domain::{CanRemoveKeyValueInDomain}, - crate::default::tokens::domain::{CanRegisterAccountInDomain}, - crate::default::tokens::domain::{CanRegisterAssetDefinitionInDomain}, - - crate::default::tokens::account::{CanUnregisterAccount}, - crate::default::tokens::account::{CanMintUserPublicKeys}, - crate::default::tokens::account::{CanBurnUserPublicKeys}, - crate::default::tokens::account::{CanMintUserSignatureCheckConditions}, - crate::default::tokens::account::{CanSetKeyValueInAccount}, - crate::default::tokens::account::{CanRemoveKeyValueInAccount}, - - crate::default::tokens::asset_definition::{CanUnregisterAssetDefinition}, - crate::default::tokens::asset_definition::{CanSetKeyValueInAssetDefinition}, - crate::default::tokens::asset_definition::{CanRemoveKeyValueInAssetDefinition}, - - crate::default::tokens::asset::{CanRegisterAssetWithDefinition}, - crate::default::tokens::asset::{CanUnregisterAssetWithDefinition}, - crate::default::tokens::asset::{CanUnregisterUserAsset}, - crate::default::tokens::asset::{CanBurnAssetWithDefinition}, - crate::default::tokens::asset::{CanMintAssetWithDefinition}, - crate::default::tokens::asset::{CanMintUserAsset}, - crate::default::tokens::asset::{CanBurnUserAsset}, - crate::default::tokens::asset::{CanTransferAssetWithDefinition}, - crate::default::tokens::asset::{CanTransferUserAsset}, - crate::default::tokens::asset::{CanSetKeyValueInUserAsset}, - crate::default::tokens::asset::{CanRemoveKeyValueInUserAsset}, - - crate::default::tokens::parameter::{CanGrantPermissionToCreateParameters}, - crate::default::tokens::parameter::{CanRevokePermissionToCreateParameters}, - crate::default::tokens::parameter::{CanCreateParameters}, - crate::default::tokens::parameter::{CanGrantPermissionToSetParameters}, - crate::default::tokens::parameter::{CanRevokePermissionToSetParameters}, - crate::default::tokens::parameter::{CanSetParameters}, - - crate::default::tokens::role::{CanUnregisterAnyRole}, - - crate::default::tokens::trigger::{CanExecuteUserTrigger}, - crate::default::tokens::trigger::{CanUnregisterUserTrigger}, - crate::default::tokens::trigger::{CanMintUserTrigger}, - crate::default::tokens::trigger::{CanBurnUserTrigger}, - crate::default::tokens::trigger::{CanSetKeyValueInTrigger}, - crate::default::tokens::trigger::{CanRemoveKeyValueInTrigger}, - - crate::default::tokens::executor::{CanUpgradeExecutor}, + crate::default::permissions::peer::{CanUnregisterAnyPeer}, + + crate::default::permissions::domain::{CanUnregisterDomain}, + crate::default::permissions::domain::{CanSetKeyValueInDomain}, + crate::default::permissions::domain::{CanRemoveKeyValueInDomain}, + crate::default::permissions::domain::{CanRegisterAccountInDomain}, + crate::default::permissions::domain::{CanRegisterAssetDefinitionInDomain}, + + crate::default::permissions::account::{CanUnregisterAccount}, + crate::default::permissions::account::{CanMintUserPublicKeys}, + crate::default::permissions::account::{CanBurnUserPublicKeys}, + crate::default::permissions::account::{CanMintUserSignatureCheckConditions}, + crate::default::permissions::account::{CanSetKeyValueInAccount}, + crate::default::permissions::account::{CanRemoveKeyValueInAccount}, + + crate::default::permissions::asset_definition::{CanUnregisterAssetDefinition}, + crate::default::permissions::asset_definition::{CanSetKeyValueInAssetDefinition}, + crate::default::permissions::asset_definition::{CanRemoveKeyValueInAssetDefinition}, + + crate::default::permissions::asset::{CanRegisterAssetWithDefinition}, + crate::default::permissions::asset::{CanUnregisterAssetWithDefinition}, + crate::default::permissions::asset::{CanUnregisterUserAsset}, + crate::default::permissions::asset::{CanBurnAssetWithDefinition}, + crate::default::permissions::asset::{CanMintAssetWithDefinition}, + crate::default::permissions::asset::{CanMintUserAsset}, + crate::default::permissions::asset::{CanBurnUserAsset}, + crate::default::permissions::asset::{CanTransferAssetWithDefinition}, + crate::default::permissions::asset::{CanTransferUserAsset}, + crate::default::permissions::asset::{CanSetKeyValueInUserAsset}, + crate::default::permissions::asset::{CanRemoveKeyValueInUserAsset}, + + crate::default::permissions::parameter::{CanGrantPermissionToCreateParameters}, + crate::default::permissions::parameter::{CanRevokePermissionToCreateParameters}, + crate::default::permissions::parameter::{CanCreateParameters}, + crate::default::permissions::parameter::{CanGrantPermissionToSetParameters}, + crate::default::permissions::parameter::{CanRevokePermissionToSetParameters}, + crate::default::permissions::parameter::{CanSetParameters}, + + crate::default::permissions::role::{CanUnregisterAnyRole}, + + crate::default::permissions::trigger::{CanExecuteUserTrigger}, + crate::default::permissions::trigger::{CanUnregisterUserTrigger}, + crate::default::permissions::trigger::{CanMintUserTrigger}, + crate::default::permissions::trigger::{CanBurnUserTrigger}, + crate::default::permissions::trigger::{CanSetKeyValueInTrigger}, + crate::default::permissions::trigger::{CanRemoveKeyValueInTrigger}, + + crate::default::permissions::executor::{CanUpgradeExecutor}, } pub mod peer { diff --git a/smart_contract/executor/src/lib.rs b/smart_contract/executor/src/lib.rs index f3de1aaf37b..ef7dcd8fc07 100644 --- a/smart_contract/executor/src/lib.rs +++ b/smart_contract/executor/src/lib.rs @@ -14,9 +14,9 @@ use data_model::{ }; #[cfg(not(test))] use data_model::{prelude::*, smart_contract::payloads}; -use iroha_executor::data_model::executor::ExecutorDataModelObject; pub use iroha_schema::MetaMap; pub use iroha_smart_contract as smart_contract; +use iroha_smart_contract::ExecutorDataModelObject; use iroha_smart_contract_utils::debug::DebugExpectExt; pub use iroha_smart_contract_utils::{debug, encode_with_length_prefix}; #[cfg(not(test))] @@ -188,30 +188,28 @@ pub trait ConvertDataModelObject: Serialize + DeserializeOwned { type Object: ExecutorDataModelObject; /// Implementor's type ID as specified in the data model schema. - fn definition_id() -> ::DefinitionId; + fn id() -> ::Id; /// Try to convert an object to the type /// # Errors /// - If object id doesn't match with type id /// - If fails to deserialize object payload into the type fn try_from_object(object: &Self::Object) -> Result { - let expected_id = Self::definition_id(); + let expected_id = Self::id(); - if *object.object_definition_id() != expected_id { - return Err(ConvertDataModelObjectError::Id( - object.object_definition_id().clone().into(), - )); + if *object.id() != expected_id { + return Err(ConvertDataModelObjectError::Id(object.id().clone().into())); } object - .object_payload() + .payload() .deserialize_to() .map_err(ConvertDataModelObjectError::Deserialize) } /// Convert the type into its object representation fn into_object(self) -> Self::Object { - let id = Self::definition_id(); + let id = Self::id(); let payload = DebugExpectExt::dbg_expect( serde_json::to_value(self), @@ -236,7 +234,7 @@ pub enum ConvertDataModelObjectError { #[derive(Debug, Clone, Default)] pub struct DataModelBuilder { schema: MetaMap, - permission_tokens: BTreeSet, + permissions: BTreeSet, parameters: BTreeSet, } @@ -247,26 +245,26 @@ impl DataModelBuilder { } /// Define a permission token in the data model - pub fn add_permission_token(&mut self) { + pub fn add_permission(&mut self) { ::update_schema_map(&mut self.schema); - self.permission_tokens.insert(T::definition_id()); + self.permissions.insert(T::definition_id()); } /// Remove a permission token from the builder - pub fn remove_permission_token(&mut self) { + pub fn remove_permission(&mut self) { ::remove_from_schema(&mut self.schema); - self.permission_tokens.remove(&T::definition_id()); + self.permissions.remove(&T::definition_id()); } - /// Adds all tokens defined in [`default::tokens`]. - pub fn extend_with_default_permission_tokens(&mut self) { + /// Adds all tokens defined in [`default::permissions`]. + pub fn extend_with_default_permissions(&mut self) { macro_rules! add_to_schema { ($token_ty:ty) => { - self.add_permission_token::<$token_ty>(); + self.add_permission::<$token_ty>(); }; } - default::tokens::map_token_type!(add_to_schema); + default::permissions::map_token_type!(add_to_schema); } /// Define a configuration parameter in the data model @@ -281,14 +279,14 @@ impl DataModelBuilder { /// If fails to serialize schema as JSON pub fn serialize(self) -> ExecutorDataModel { ExecutorDataModel::new( + self.permissions, + self.parameters, // FIXME: reduce extra conversion & allocation // current: MetaMap -> JsonValue (borrowed) -> JsonString(string) // fixed: MetaMap -> JsonString(string) JsonString::from( &serde_json::to_value(self.schema).expect("schema serialization must not fail"), ), - self.permission_tokens, - self.parameters, ) } } @@ -311,9 +309,12 @@ pub mod prelude { pub use alloc::vec::Vec; pub use iroha_executor_derive::{ - entrypoint, Constructor, Token, Validate, ValidateEntrypoints, ValidateGrantRevoke, Visit, + entrypoint, Constructor, Permission, Validate, ValidateEntrypoints, ValidateGrantRevoke, + Visit, + }; + pub use iroha_smart_contract::prelude::{ + Parameter as ParameterObject, Permission as PermissionObject, *, }; - pub use iroha_smart_contract::prelude::*; pub use super::{ data_model::{ @@ -321,6 +322,9 @@ pub mod prelude { visit::Visit, ValidationFail, }, - deny, execute, DataModelBuilder, Validate, + deny, execute, + parameter::Parameter, + permission::Permission, + DataModelBuilder, Validate, }; } diff --git a/smart_contract/executor/src/parameter.rs b/smart_contract/executor/src/parameter.rs index 4a976d2ad9b..65b3e75d87b 100644 --- a/smart_contract/executor/src/parameter.rs +++ b/smart_contract/executor/src/parameter.rs @@ -2,13 +2,11 @@ use iroha_executor::prelude::{Parameter as ParameterObject, ParameterId}; use iroha_schema::IntoSchema; +use iroha_smart_contract::ExecutorDataModelObject; use iroha_smart_contract_utils::debug::DebugExpectExt; use serde::{de::DeserializeOwned, Deserialize, Serialize}; -use crate::{ - data_model::executor::ExecutorDataModelObject, ConvertDataModelObject, - ConvertDataModelObjectError, -}; +use crate::{ConvertDataModelObject, ConvertDataModelObjectError}; /// Marker trait for parameters. /// @@ -26,8 +24,6 @@ use crate::{ /// /// impl Parameter for DomainPrefix {} /// ``` -/// -/// To convert to/from [`ParameterObject`], use [`ParameterConvertWrap`]. pub trait Parameter: Serialize + DeserializeOwned + IntoSchema { /// Parameter definition id, according to [`IntoSchema`]. fn definition_id() -> ParameterId { @@ -62,7 +58,7 @@ pub(crate) struct ParameterConvertWrap(pub T); impl ConvertDataModelObject for ParameterConvertWrap { type Object = ParameterObject; - fn definition_id() -> ::DefinitionId { + fn id() -> ::Id { T::definition_id() } } diff --git a/smart_contract/executor/src/permission.rs b/smart_contract/executor/src/permission.rs index 6cf5cb38b5c..4f86871a32e 100644 --- a/smart_contract/executor/src/permission.rs +++ b/smart_contract/executor/src/permission.rs @@ -3,60 +3,53 @@ use alloc::borrow::ToOwned as _; use iroha_schema::IntoSchema; -use iroha_smart_contract::QueryOutputCursor; +use iroha_smart_contract::{ExecutorDataModelObject, QueryOutputCursor}; use iroha_smart_contract_utils::debug::DebugExpectExt as _; use serde::{de::DeserializeOwned, Deserialize, Serialize}; use crate::{ - data_model::{ - executor::ExecutorDataModelObject, - prelude::{PermissionToken as PermissionTokenObject, *}, - }, + data_model::prelude::{Permission as PermissionObject, *}, prelude::*, ConvertDataModelObject, ConvertDataModelObjectError, }; /// Is used to check if the permission token is owned by the account. -/// -/// To convert to/from [`PermissionTokenObject`], use [`TokenConvertWrap`]. -pub trait Token: +pub trait Permission: Serialize + DeserializeOwned + IntoSchema + PartialEq + ValidateGrantRevoke { /// Check if the account owns this token fn is_owned_by(&self, account_id: &AccountId) -> bool; /// Token's id, according to [`IntoSchema`]. - fn definition_id() -> PermissionTokenId { - PermissionTokenId::new( + fn definition_id() -> PermissionId { + PermissionId::new( ::type_name() .parse() - .dbg_expect("Failed to parse permission token id as `Name`"), + .dbg_expect("Failed to parse permission id as `Name`"), ) } - /// Try to convert from [`PermissionTokenObject`] + /// Try to convert from [`PermissionObject`] /// # Errors /// See [`ConvertDataModelObject::try_from_object`] - fn try_from_object( - object: &PermissionTokenObject, - ) -> Result { + fn try_from_object(object: &PermissionObject) -> Result { TokenConvertWrap::try_from_object(object).map(|x| x.0) } - /// Convert into [`PermissionTokenObject`] - fn into_object(self) -> PermissionTokenObject { + /// Convert into [`PermissionObject`] + fn into_object(self) -> PermissionObject { TokenConvertWrap(self).into_object() } } -/// Utility to convert between `T`: [`Token`] and [`PermissionTokenObject`]. +/// Utility to convert between `T`: [`Permission`] and [`PermissionObject`]. #[derive(Serialize, Deserialize)] pub(crate) struct TokenConvertWrap(pub T); -impl ConvertDataModelObject for TokenConvertWrap { - type Object = PermissionTokenObject; +impl ConvertDataModelObject for TokenConvertWrap { + type Object = PermissionObject; - fn definition_id() -> ::DefinitionId { + fn id() -> ::Id { T::definition_id() } } @@ -329,7 +322,7 @@ impl PassCondition for AlwaysPass { } } -impl From<&T> for AlwaysPass { +impl From<&T> for AlwaysPass { fn from(_: &T) -> Self { Self } @@ -353,22 +346,21 @@ impl PassCondition for OnlyGenesis { } } -impl From<&T> for OnlyGenesis { +impl From<&T> for OnlyGenesis { fn from(_: &T) -> Self { Self } } /// Iterator over all accounts and theirs permission tokens -pub(crate) fn accounts_permission_tokens( -) -> impl Iterator { +pub(crate) fn accounts_permissions() -> impl Iterator { FindAllAccounts .execute() .dbg_expect("failed to query all accounts") .into_iter() .map(|account| account.dbg_expect("failed to retrieve account")) .flat_map(|account| { - FindPermissionTokensByAccountId::new(account.id().clone()) + FindPermissionsByAccountId::new(account.id().clone()) .execute() .dbg_expect("failed to query permssion token for account") .into_iter() @@ -378,7 +370,7 @@ pub(crate) fn accounts_permission_tokens( } /// Iterator over all roles and theirs permission tokens -pub(crate) fn roles_permission_tokens() -> impl Iterator { +pub(crate) fn roles_permissions() -> impl Iterator { FindAllRoles .execute() .dbg_expect("failed to query all accounts") @@ -403,13 +395,15 @@ mod tests { #[test] fn convert_token() { - #[derive(Serialize, Deserialize, IntoSchema, PartialEq, ValidateGrantRevoke, Token)] + #[derive( + Serialize, Deserialize, IntoSchema, PartialEq, ValidateGrantRevoke, Permission, + )] #[validate(AlwaysPass)] struct SampleToken { can_do_whatever: bool, } - let object = PermissionToken::new( + let object = PermissionObject::new( "SampleToken".parse().unwrap(), json!({ "can_do_whatever": false }), ); diff --git a/smart_contract/src/lib.rs b/smart_contract/src/lib.rs index c8f12896274..66ec02abe3f 100644 --- a/smart_contract/src/lib.rs +++ b/smart_contract/src/lib.rs @@ -15,7 +15,7 @@ use data_model::{ cursor::ForwardCursor, predicate::PredicateBox, sorting::Sorting, Pagination, Query, QueryOutputBox, }, - BatchedResponse, + BatchedResponse, JsonString, }; use derive_more::Display; pub use iroha_data_model as data_model; @@ -264,6 +264,58 @@ where } } +/// Defines an object that is part of the [`ExecutorDataModel`]. +/// +/// An object consists of id and payload. +/// ID is a unique type identifier in the executor's data model. +/// Payload is JSON-serialized type structure, according to the type schema. +// TODO: support both JSON and SCALE for payload. +pub trait ExecutorDataModelObject: Sized { + /// Generic identification + type Id: PartialEq + Clone + Into; + + /// Constructor + fn new(id: Self::Id, payload: JsonString) -> Self; + + /// Getter for the object id + fn id(&self) -> &Self::Id; + + /// Getter for the object payload + fn payload(&self) -> &JsonString; +} + +impl ExecutorDataModelObject for Parameter { + type Id = ParameterId; + + fn new(id: Self::Id, payload: JsonString) -> Self { + Parameter::new(id, payload) + } + + fn id(&self) -> &Self::Id { + Parameter::id(&self) + } + + fn payload(&self) -> &JsonString { + Parameter::payload(&self) + } +} + +impl ExecutorDataModelObject for Permission { + type Id = PermissionId; + + fn new(id: Self::Id, payload: JsonString) -> Self { + Permission::new(id, payload) + } + + fn id(&self) -> &Self::Id { + Permission::id(&self) + } + + fn payload(&self) -> &JsonString { + Permission::payload(&self) + } +} + impl SmartContractQuery<'_, Q> where Q: Query + Encode, diff --git a/tools/kagami/src/genesis.rs b/tools/kagami/src/genesis.rs index 8a85af2e4e2..da43396a715 100644 --- a/tools/kagami/src/genesis.rs +++ b/tools/kagami/src/genesis.rs @@ -114,7 +114,7 @@ pub fn generate_default( AssetId::new("cabbage#garden_of_live_flowers".parse()?, ALICE_ID.clone()), ); let grant_permission_to_set_parameters = Grant::permission( - PermissionToken::new("CanSetParameters".parse()?, &json!(null)), + Permission::new("CanSetParameters".parse()?, &json!(null)), ALICE_ID.clone(), ); let transfer_rose_ownership = Transfer::asset_definition( @@ -129,11 +129,11 @@ pub fn generate_default( ); let register_user_metadata_access = Register::role( Role::new("ALICE_METADATA_ACCESS".parse()?) - .add_permission(PermissionToken::new( + .add_permission(Permission::new( "CanSetKeyValueInAccount".parse()?, &json!({ "account_id": ALICE_ID.clone() }), )) - .add_permission(PermissionToken::new( + .add_permission(Permission::new( "CanRemoveKeyValueInAccount".parse()?, &json!({ "account_id": ALICE_ID.clone() }), )),