package permissions
import (
"chain/banker"
"errors"
"gno.land/p/gnoland/boards"
"gno.land/p/nt/ufmt/v0"
"gno.land/r/gnoland/boards2/v1"
"gno.land/r/sys/users"
)
// validateOpenBoardRename validates PermissionBoardRename.
//
// Expected `args` values:
// 1. Caller address
// 2. Board ID
// 3. Current board name
// 4. New board name
func validateOpenBoardRename(_ boards.Permissions, args boards.Args) error {
caller, ok := args[0].(address)
if !ok {
return errors.New("expected a valid caller address")
}
newName, ok := args[3].(string)
if !ok {
return errors.New("expected new board name to be a string")
}
if err := checkBoardNameIsNotAddress(newName); err != nil {
return err
}
if err := checkBoardNameBelongsToAddress(caller, newName); err != nil {
return err
}
return nil
}
// validateOpenMemberInvite validates PermissionMemberInvite.
//
// Expected `args` values:
// 1. Caller address
// 2. Board ID
// 3. Invites
func validateOpenMemberInvite(perms boards.Permissions, args boards.Args) error {
caller, ok := args[0].(address)
if !ok {
return errors.New("expected a valid caller address")
}
invites, ok := args[2].([]boards2.Invite)
if !ok {
return errors.New("expected valid user invites")
}
// Make sure that only owners invite other owners
callerIsOwner := perms.HasRole(caller, boards2.RoleOwner)
for _, v := range invites {
if v.Role == boards2.RoleOwner && !callerIsOwner {
return errors.New("only owners are allowed to invite other owners")
}
}
return nil
}
// validateOpenRoleChange validates PermissionRoleChange.
//
// Expected `args` values:
// 1. Caller address
// 2. Board ID
// 3. Member address
// 4. Role
func validateOpenRoleChange(perms boards.Permissions, args boards.Args) error {
caller, ok := args[0].(address)
if !ok {
return errors.New("expected a valid caller address")
}
// Owners and Admins can change roles.
// Admins should not be able to assign or remove the Owner role from members.
if perms.HasRole(caller, boards2.RoleAdmin) {
role, ok := args[3].(boards.Role)
if !ok {
return errors.New("expected a valid member role")
}
if role == boards2.RoleOwner {
return errors.New("admins are not allowed to promote members to Owner")
} else {
member, ok := args[2].(address)
if !ok {
return errors.New("expected a valid member address")
}
if perms.HasRole(member, boards2.RoleOwner) {
return errors.New("admins are not allowed to remove the Owner role")
}
}
}
return nil
}
// validateOpenThreadCreate validates PermissionThreadCreate.
//
// Expected `args` values:
// 1. Caller address
// 2. Board ID
// 3. Thread ID
// 4. Title
// 5. Body
func validateOpenThreadCreate(perms boards.Permissions, args boards.Args) error {
caller, ok := args[0].(address)
if !ok {
return errors.New("expected a valid caller address")
}
// All board members can create threads
if perms.HasUser(caller) {
return nil
}
// Require non members to have some GNOT in their accounts
if err := checkAccountHasAmount(caller, OpenAccountAmount); err != nil {
return ufmt.Errorf("caller is not allowed to create threads: %s", err)
}
return nil
}
// validateOpenReplyCreate validates PermissionReplyCreate.
//
// Expected `args` values:
// 1. Caller address
// 2. Board ID
// 3. Thread ID
// 4. Parent ID
// 5. Reply ID
// 6. Body
func validateOpenReplyCreate(perms boards.Permissions, args boards.Args) error {
caller, ok := args[0].(address)
if !ok {
return errors.New("expected a valid caller address")
}
// All board members can reply
if perms.HasUser(caller) {
return nil
}
// Require non members to have some GNOT in their accounts
if err := checkAccountHasAmount(caller, OpenAccountAmount); err != nil {
return ufmt.Errorf("caller is not allowed to comment: %s", err)
}
return nil
}
func checkAccountHasAmount(addr address, amount int64) error {
bnk := banker.NewBanker(banker.BankerTypeReadonly)
coins := bnk.GetCoins(addr)
if coins.AmountOf("ugnot") < OpenAccountAmount {
amount = amount / 1_000_000 // ugnot -> GNOT
return ufmt.Errorf("account amount is lower than %d GNOT", amount)
}
return nil
}
func checkBoardNameIsNotAddress(s string) error {
if address(s).IsValid() {
return errors.New("addresses are not allowed as board name")
}
return nil
}
func checkBoardNameBelongsToAddress(owner address, name string) error {
// When the board name is the name of a registered user
// check that caller is the owner of the name.
user, _ := users.ResolveName(name)
if user != nil && user.Addr() != owner {
return errors.New("board name is a user name registered to a different user")
}
return nil
}