From 3f965b4220317d7993123adf0145aae99619a87a Mon Sep 17 00:00:00 2001 From: Brandon Weng Date: Wed, 12 Oct 2022 15:40:39 -0700 Subject: [PATCH 1/3] Add msg send dynamic access ops --- aclmapping/bank/mappings.go | 81 ++++++++++++++++++++++++ aclmapping/dependency_generator.go | 2 + aclmapping/utils/identifier_templates.go | 13 ++++ 3 files changed, 96 insertions(+) create mode 100644 aclmapping/bank/mappings.go create mode 100644 aclmapping/utils/identifier_templates.go diff --git a/aclmapping/bank/mappings.go b/aclmapping/bank/mappings.go new file mode 100644 index 0000000000..7e459e130f --- /dev/null +++ b/aclmapping/bank/mappings.go @@ -0,0 +1,81 @@ +package aclbankmapping + +import ( + "fmt" + + sdk "github.com/cosmos/cosmos-sdk/types" + sdkacltypes "github.com/cosmos/cosmos-sdk/types/accesscontrol" + aclkeeper "github.com/cosmos/cosmos-sdk/x/accesscontrol/keeper" + acltypes "github.com/cosmos/cosmos-sdk/x/accesscontrol/types" + banktypes "github.com/cosmos/cosmos-sdk/x/bank/types" + utils "github.com/sei-protocol/sei-chain/aclmapping/utils" +) + +var ErrorInvalidMsgType = fmt.Errorf("invalid message received for bank module") + +func GetBankDepedencyGenerator() aclkeeper.DependencyGeneratorMap { + dependencyGeneratorMap := make(aclkeeper.DependencyGeneratorMap) + + // dex place orders + placeOrdersKey := acltypes.GenerateMessageKey(&banktypes.MsgSend{}) + dependencyGeneratorMap[placeOrdersKey] = MsgSendDependencyGenerator + + return dependencyGeneratorMap +} + +func MsgSendDependencyGenerator(keeper aclkeeper.Keeper, ctx sdk.Context, msg sdk.Msg) ([]sdkacltypes.AccessOperation, error) { + msgSend, ok := msg.(*banktypes.MsgSend) + if !ok { + return []sdkacltypes.AccessOperation{}, ErrorInvalidMsgType + } + + accessOperations := []sdkacltypes.AccessOperation{ + // MsgSend also checks if the coin denom is enabled, but the information is from the params. + // Changing the param would require a gov proposal, which is synchrounos by default + + // Checks balance of sender + { + AccessType: sdkacltypes.AccessType_READ, + ResourceType: sdkacltypes.ResourceType_KV, + IdentifierTemplate: utils.GetIdentifierTemplatePerModule(utils.BANK, msgSend.FromAddress), + }, + // Reduce the amount from the sender's balance + { + AccessType: sdkacltypes.AccessType_WRITE, + ResourceType: sdkacltypes.ResourceType_KV, + IdentifierTemplate: utils.GetIdentifierTemplatePerModule(utils.BANK, msgSend.FromAddress), + }, + + // Checks balance for receiver + { + AccessType: sdkacltypes.AccessType_READ, + ResourceType: sdkacltypes.ResourceType_KV, + IdentifierTemplate: utils.GetIdentifierTemplatePerModule(utils.BANK, msgSend.ToAddress), + }, + { + AccessType: sdkacltypes.AccessType_WRITE, + ResourceType: sdkacltypes.ResourceType_KV, + IdentifierTemplate: utils.GetIdentifierTemplatePerModule(utils.BANK, msgSend.ToAddress), + }, + + // Tries to create the reciever's account if it doesn't exist + { + AccessType: sdkacltypes.AccessType_READ, + ResourceType: sdkacltypes.ResourceType_KV, + IdentifierTemplate: utils.GetIdentifierTemplatePerModule(utils.AUTH, msgSend.ToAddress), + }, + { + AccessType: sdkacltypes.AccessType_WRITE, + ResourceType: sdkacltypes.ResourceType_KV, + IdentifierTemplate: utils.GetIdentifierTemplatePerModule(utils.AUTH, msgSend.ToAddress), + }, + + // Last Operation should always be a commit + { + ResourceType: sdkacltypes.ResourceType_ANY, + AccessType: sdkacltypes.AccessType_COMMIT, + IdentifierTemplate: utils.DefaultIDTemplate, + }, + } + return accessOperations, nil +} diff --git a/aclmapping/dependency_generator.go b/aclmapping/dependency_generator.go index 5544aaf7bb..2d875e4022 100644 --- a/aclmapping/dependency_generator.go +++ b/aclmapping/dependency_generator.go @@ -3,6 +3,7 @@ package aclmapping import ( wasmkeeper "github.com/CosmWasm/wasmd/x/wasm/keeper" aclkeeper "github.com/cosmos/cosmos-sdk/x/accesscontrol/keeper" + aclbankmapping "github.com/sei-protocol/sei-chain/aclmapping/bank" acldexmapping "github.com/sei-protocol/sei-chain/aclmapping/dex" aclwasmmapping "github.com/sei-protocol/sei-chain/aclmapping/wasm" ) @@ -19,6 +20,7 @@ func (customDepGen CustomDependencyGenerator) GetCustomDependencyGenerators() ac dependencyGeneratorMap := make(aclkeeper.DependencyGeneratorMap) dependencyGeneratorMap.Merge(acldexmapping.GetDexDependencyGenerators()) + dependencyGeneratorMap.Merge(aclbankmapping.GetBankDepedencyGenerator()) wasmDependencyGenerators := aclwasmmapping.NewWasmDependencyGenerator(customDepGen.WasmKeeper) dependencyGeneratorMap.Merge(wasmDependencyGenerators.GetWasmDependencyGenerators()) diff --git a/aclmapping/utils/identifier_templates.go b/aclmapping/utils/identifier_templates.go new file mode 100644 index 0000000000..fc03b665e2 --- /dev/null +++ b/aclmapping/utils/identifier_templates.go @@ -0,0 +1,13 @@ +package util + +import "fmt" + +const ( + BANK = "bank" + AUTH = "auth" + DefaultIDTemplate = "*" +) + +func GetIdentifierTemplatePerModule(module string, identifier string) string { + return fmt.Sprintf("%s/%s", module, identifier) +} From 411edef9789507f259ac2f6c89f306f77f74376e Mon Sep 17 00:00:00 2001 From: Brandon Weng <18161326+BrandonWeng@users.noreply.github.com> Date: Wed, 12 Oct 2022 16:14:14 -0700 Subject: [PATCH 2/3] Create mappings.go --- aclmapping/bank/mappings.go | 1 + 1 file changed, 1 insertion(+) diff --git a/aclmapping/bank/mappings.go b/aclmapping/bank/mappings.go index 7e459e130f..aeee53666c 100644 --- a/aclmapping/bank/mappings.go +++ b/aclmapping/bank/mappings.go @@ -36,6 +36,7 @@ func MsgSendDependencyGenerator(keeper aclkeeper.Keeper, ctx sdk.Context, msg sd // Checks balance of sender { AccessType: sdkacltypes.AccessType_READ, + // TODO:: we can make resource types more granular (e.g KV_PARAM or KV_BANK_BALANCE) ResourceType: sdkacltypes.ResourceType_KV, IdentifierTemplate: utils.GetIdentifierTemplatePerModule(utils.BANK, msgSend.FromAddress), }, From 97875487c6acf88a09e9200754b675308e5cd86f Mon Sep 17 00:00:00 2001 From: Brandon Weng <18161326+BrandonWeng@users.noreply.github.com> Date: Wed, 12 Oct 2022 16:14:37 -0700 Subject: [PATCH 3/3] Update mappings.go --- aclmapping/bank/mappings.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aclmapping/bank/mappings.go b/aclmapping/bank/mappings.go index aeee53666c..3d65fa90ba 100644 --- a/aclmapping/bank/mappings.go +++ b/aclmapping/bank/mappings.go @@ -23,6 +23,7 @@ func GetBankDepedencyGenerator() aclkeeper.DependencyGeneratorMap { return dependencyGeneratorMap } +// TODO:: we can make resource types more granular (e.g KV_PARAM or KV_BANK_BALANCE) func MsgSendDependencyGenerator(keeper aclkeeper.Keeper, ctx sdk.Context, msg sdk.Msg) ([]sdkacltypes.AccessOperation, error) { msgSend, ok := msg.(*banktypes.MsgSend) if !ok { @@ -36,7 +37,6 @@ func MsgSendDependencyGenerator(keeper aclkeeper.Keeper, ctx sdk.Context, msg sd // Checks balance of sender { AccessType: sdkacltypes.AccessType_READ, - // TODO:: we can make resource types more granular (e.g KV_PARAM or KV_BANK_BALANCE) ResourceType: sdkacltypes.ResourceType_KV, IdentifierTemplate: utils.GetIdentifierTemplatePerModule(utils.BANK, msgSend.FromAddress), },