feat: assume role validation #453
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ftupas
commented
Jun 9, 2023
| executor_dispatcher::write(IExecutorDispatcher { | ||
| contract_address: executor | ||
| }); | ||
| executor_dispatcher::write(IExecutorDispatcher { contract_address: executor }); |
crates/dojo-core/src/world.cairo
Outdated
Comment on lines
278
to
286
| // Validate authorization if role is not set | ||
| // Otherwise, proceed with the write | ||
| if role.into() == 0 { | ||
| // Validate the calling system has permission to write to the component | ||
| assert( | ||
| is_authorized(context.caller_system, component, AuthRole { id: role }), | ||
| 'system not authorized' | ||
| ); | ||
| }; |
There was a problem hiding this comment.
Authorization flow when role is not set, default resource-scoped role is checked
There was a problem hiding this comment.
We should make this behavior more explicit in the refactor
There was a problem hiding this comment.
Got it, will add it to the refactor issue 👍
| #[test] | ||
| #[available_gas(9000000)] | ||
| #[should_panic] | ||
| #[ignore] // TODO:: Remove once set_caller_address is working properly |
There was a problem hiding this comment.
starknet::testing::set_caller_address doesn't seem to work properly so I marked this as ignored for now
tarrencev
approved these changes
Jun 9, 2023
crates/dojo-core/src/world.cairo
Outdated
Comment on lines
278
to
286
| // Validate authorization if role is not set | ||
| // Otherwise, proceed with the write | ||
| if role.into() == 0 { | ||
| // Validate the calling system has permission to write to the component | ||
| assert( | ||
| is_authorized(context.caller_system, component, AuthRole { id: role }), | ||
| 'system not authorized' | ||
| ); | ||
| }; |
There was a problem hiding this comment.
We should make this behavior more explicit in the refactor
ftupas
commented
Jun 12, 2023
crates/dojo-core/src/world.cairo
Outdated
Comment on lines
278
to
286
| // Validate authorization if role is not set | ||
| // Otherwise, proceed with the write | ||
| if role.into() == 0 { | ||
| // Validate the calling system has permission to write to the component | ||
| assert( | ||
| is_authorized(context.caller_system, component, AuthRole { id: role }), | ||
| 'system not authorized' | ||
| ); | ||
| }; |
There was a problem hiding this comment.
Got it, will add it to the refactor issue 👍
ftupas
force-pushed
the
feat/assume-role-validation
branch
from
e542453 to
5326332
Compare
ftupas
force-pushed
the
feat/assume-role-validation
branch
from
5326332 to
750b708
Compare
tarrencev
approved these changes
Jun 12, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This pr does the following:
assume_role)assume_roleusesdependenciesto check which systems access to write componentsclear_roleand checking if executed systems are part of the checking during role assumptionsudoassume_role#452