/
msg_server_provider.go
103 lines (86 loc) · 3.47 KB
/
msg_server_provider.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
package keeper
import (
"context"
"fmt"
sdk "github.com/cosmos/cosmos-sdk/types"
sdkerrors "github.com/cosmos/cosmos-sdk/types/errors"
"github.com/gitopia/gitopia/v2/x/gitopia/types"
)
var GitServerTypeUrls = [4]string{
sdk.MsgTypeURL(&types.MsgForkRepository{}),
sdk.MsgTypeURL(&types.MsgForkRepositorySuccess{}),
sdk.MsgTypeURL(&types.MsgSetPullRequestState{}),
sdk.MsgTypeURL(&types.MsgUpdateTask{}),
}
var StorageTypeUrls = [2]string{
sdk.MsgTypeURL(&types.MsgAddRepositoryBackupRef{}),
sdk.MsgTypeURL(&types.MsgUpdateRepositoryBackupRef{}),
}
func (k msgServer) AuthorizeProvider(goCtx context.Context, msg *types.MsgAuthorizeProvider) (*types.MsgAuthorizeProviderResponse, error) {
ctx := sdk.UnwrapSDKContext(goCtx)
_, found := k.GetUser(ctx, msg.Creator)
if !found {
return nil, sdkerrors.Wrap(sdkerrors.ErrKeyNotFound, fmt.Sprintf("user (%v) doesn't exist", msg.Creator))
}
if msg.Creator != msg.Granter { // DAO address
_, found := k.GetDao(ctx, msg.Granter)
if !found {
return nil, sdkerrors.Wrap(sdkerrors.ErrKeyNotFound, fmt.Sprintf("dao (%v) doesn't exist", msg.Granter))
}
if m, found := k.GetDaoMember(ctx, msg.Granter, msg.Creator); found {
if m.Role != types.MemberRole_OWNER {
return nil, sdkerrors.Wrap(sdkerrors.ErrUnauthorized, fmt.Sprintf("user (%v) does not have required permission", msg.Creator))
}
} else {
return nil, sdkerrors.Wrap(sdkerrors.ErrUnauthorized, fmt.Sprintf("user (%v) is not a member of dao", msg.Creator))
}
}
now := ctx.BlockTime()
expiration := now.AddDate(1, 0, 0)
err := k.Keeper.AuthorizeProvider(ctx, msg.Provider, msg.Granter, &expiration, msg.Permission)
if err != nil {
return nil, err
}
return &types.MsgAuthorizeProviderResponse{}, nil
}
func (k msgServer) RevokeProviderPermission(goCtx context.Context, msg *types.MsgRevokeProviderPermission) (*types.MsgRevokeProviderPermissionResponse, error) {
ctx := sdk.UnwrapSDKContext(goCtx)
_, found := k.GetUser(ctx, msg.Creator)
if !found {
return nil, sdkerrors.Wrap(sdkerrors.ErrKeyNotFound, fmt.Sprintf("user (%v) doesn't exist", msg.Creator))
}
grantee, _ := sdk.AccAddressFromBech32(msg.Provider)
granter, _ := sdk.AccAddressFromBech32(msg.Granter)
if msg.Creator != msg.Granter { // DAO address
_, found := k.GetDao(ctx, msg.Granter)
if !found {
return nil, sdkerrors.Wrap(sdkerrors.ErrKeyNotFound, fmt.Sprintf("dao (%v) doesn't exist", msg.Granter))
}
if m, found := k.GetDaoMember(ctx, msg.Granter, msg.Creator); found {
if m.Role != types.MemberRole_OWNER {
return nil, sdkerrors.Wrap(sdkerrors.ErrUnauthorized, fmt.Sprintf("user (%v) does not have required permission", msg.Creator))
}
} else {
return nil, sdkerrors.Wrap(sdkerrors.ErrUnauthorized, fmt.Sprintf("user (%v) is not a member of dao", msg.Creator))
}
}
switch msg.Permission {
case types.ProviderPermission_GIT_SERVER:
for _, t := range GitServerTypeUrls {
authorization, _ := k.authzKeeper.GetAuthorization(ctx, grantee, granter, t)
if authorization != nil {
k.authzKeeper.DeleteGrant(ctx, grantee, granter, t)
}
}
case types.ProviderPermission_STORAGE:
for _, t := range StorageTypeUrls {
authorization, _ := k.authzKeeper.GetAuthorization(ctx, grantee, granter, t)
if authorization != nil {
k.authzKeeper.DeleteGrant(ctx, grantee, granter, t)
}
}
default:
return nil, sdkerrors.Wrap(sdkerrors.ErrInvalidRequest, fmt.Sprintf("invalid permission (%v)", msg.Permission))
}
return &types.MsgRevokeProviderPermissionResponse{}, nil
}