Skip to content

Commit

Permalink
Review fixes
Browse files Browse the repository at this point in the history 
Signed-off-by: Dmitry Murzin <[email protected]>
  • Loading branch information
@dima74 @mversic
dima74 authored and mversic committed Nov 19, 2024
1 parent 776023c commit e71898c
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 27 deletions.
24 changes: 12 additions & 12 deletions crates/iroha_executor/src/default/mod.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -202,11 +202,11 @@ pub mod domain {
.is_owned_by(&executor.context().authority, executor.host())
}
{
revoke_permissions(executor, |permission| {
let err = revoke_permissions(executor, |permission| {
is_permission_domain_associated(permission, domain_id)
});
if executor.verdict().is_err() {
return;
if let Err(err) = err {
deny!(executor, err);
}

execute!(executor, isi);
Expand Down Expand Up @@ -424,11 +424,11 @@ pub mod account {
.is_owned_by(&executor.context().authority, executor.host())
}
{
revoke_permissions(executor, |permission| {
let err = revoke_permissions(executor, |permission| {
is_permission_account_associated(permission, account_id)
});
if executor.verdict().is_err() {
return;
if let Err(err) = err {
deny!(executor, err);
}

execute!(executor, isi);
Expand Down Expand Up @@ -603,11 +603,11 @@ pub mod asset_definition {
.is_owned_by(&executor.context().authority, executor.host())
}
{
revoke_permissions(executor, |permission| {
let err = revoke_permissions(executor, |permission| {
is_permission_asset_definition_associated(permission, asset_definition_id)
});
if executor.verdict().is_err() {
return;
if let Err(err) = err {
deny!(executor, err);
}

execute!(executor, isi);
Expand Down Expand Up @@ -1368,11 +1368,11 @@ pub mod trigger {
.is_owned_by(&executor.context().authority, executor.host())
}
{
revoke_permissions(executor, |permission| {
let err = revoke_permissions(executor, |permission| {
is_permission_trigger_associated(permission, trigger_id)
});
if executor.verdict().is_err() {
return;
if let Err(err) = err {
deny!(executor, err);
}

execute!(executor, isi);
Expand Down
21 changes: 6 additions & 15 deletions crates/iroha_executor/src/permission.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,6 @@ use alloc::{borrow::ToOwned as _, vec::Vec};
use iroha_executor_data_model::permission::Permission;

use crate::{
deny,
prelude::Context,
smart_contract::{
data_model::{executor::Result, permission::Permission as PermissionObject, prelude::*},
Expand Down Expand Up @@ -1089,34 +1088,26 @@ pub(crate) fn roles_permissions(host: &Iroha) -> impl Iterator<Item = (RoleId, P

/// Revoked all permissions satisfied given [condition].
///
/// Note: you must manually check after this function:
/// `if executor.verdict().is_err() { return; }`
/// Note: you must manually call `deny!` if this function returns error.
pub(crate) fn revoke_permissions<V: Execute + ?Sized>(
executor: &mut V,
condition: impl Fn(&PermissionObject) -> bool,
) {
let mut err = None;
) -> Result<(), ValidationFail> {
for (owner_id, permission) in accounts_permissions(executor.host()) {
if condition(&permission) {
let isi = Revoke::account_permission(permission, owner_id.clone());

if let Err(error) = executor.host().submit(&isi) {
err = Some(error);
break;
}
executor.host().submit(&isi)?;
}
}
if let Some(err) = err {
deny!(executor, err);
}

for (role_id, permission) in roles_permissions(executor.host()) {
if condition(&permission) {
let isi = Revoke::role_permission(permission, role_id.clone());

if let Err(err) = executor.host().submit(&isi) {
deny!(executor, err);
}
executor.host().submit(&isi)?;
}
}

Ok(())
}

0 comments on commit e71898c

Please sign in to comment.