feat: Remove caller restrictions get_changes_since endpoint (#2257)

pietrodimarco-dfinity · web-flow · commit b579d94bef5d · 2024-10-30T09:19:22.000Z
diff --git a/rs/nns/integration_tests/src/registry_get_changes_since.rs b/rs/nns/integration_tests/src/registry_get_changes_since.rs
@@ -5,13 +5,11 @@ use ic_nns_test_utils::{
         registry_get_changes_since, setup_nns_canisters, state_machine_builder_for_nns_tests,
     },
 };
-use ic_registry_transport::pb::v1::{
-    registry_error, RegistryError, RegistryGetChangesSinceResponse,
-};
+use ic_registry_transport::pb::v1::RegistryGetChangesSinceResponse;
 use std::str::FromStr;
 
 #[test]
-fn test_disallow_opaque_caller() {
+fn test_allow_opaque_caller() {
     // Step 1: Prepare the world.
     let state_machine = state_machine_builder_for_nns_tests().build();
 
@@ -36,27 +34,11 @@ fn test_disallow_opaque_caller() {
         deltas,
     } = response;
 
-    assert_eq!(version, 0);
-    assert_eq!(deltas, vec![]);
-
-    let error = error.unwrap();
-    let RegistryError { code, reason, key } = error;
-
-    assert_eq!(key, Vec::<u8>::new());
-
-    assert_eq!(
-        registry_error::Code::try_from(code),
-        Ok(registry_error::Code::Authorization)
-    );
-    let reason = reason.to_lowercase();
-    for key_word in ["caller", "self-authenticating", "anonymous", "opaque"] {
-        assert!(
-            reason.contains(key_word),
-            "{} not in {:?}",
-            key_word,
-            reason
-        );
-    }
+    assert_eq!(error, None);
+    // The important thing is that deltas is not empty. The exact number of
+    // elements is not so important.
+    assert_eq!(deltas.len(), 13);
+    assert_eq!(version, 1);
 }
 
 #[test]
diff --git a/rs/registry/canister/canister/canister.rs b/rs/registry/canister/canister/canister.rs
@@ -1,10 +1,10 @@
 use candid::{candid_method, Decode};
 use dfn_candid::{candid, candid_one};
 use dfn_core::{
-    api::{arg_data, caller, data_certificate, reply, trap_with},
+    api::{arg_data, data_certificate, reply, trap_with},
     over, over_async, stable,
 };
-use ic_base_types::{NodeId, PrincipalId, PrincipalIdClass};
+use ic_base_types::{NodeId, PrincipalId};
 use ic_certified_map::{AsHashTree, HashTree};
 use ic_nervous_system_string::clamp_debug_len;
 use ic_nns_constants::{GOVERNANCE_CANISTER_ID, ROOT_CANISTER_ID};
@@ -188,22 +188,6 @@ ic_nervous_system_common_build_metadata::define_get_build_metadata_candid_method
 #[export_name = "canister_query get_changes_since"]
 fn get_changes_since() {
     fn main() -> Result<RegistryGetChangesSinceResponse, (Code, String)> {
-        // Authorize: Only self-authenticating and anonymous principals are allowed to call us.
-        const ALLOWED_CALLER_CLASSES: [Result<PrincipalIdClass, String>; 2] = [
-            Ok(PrincipalIdClass::SelfAuthenticating),
-            Ok(PrincipalIdClass::Anonymous),
-        ];
-        let class = caller().class();
-        if !ALLOWED_CALLER_CLASSES.contains(&class) {
-            return Err((
-                Code::Authorization,
-                format!(
-                    "Caller must be self-authenticating, or anonymous (but was {:?}).",
-                    class,
-                ),
-            ));
-        }
-
         // Parse request.
         let request = deserialize_get_changes_since_request(arg_data())
             .map_err(|err| (Code::MalformedMessage, err.to_string()))?;
