set resource tag permission implementation

bnb-chain · Jan 12, 2024 · 684e051 · 684e051
1 parent 65430fa
commit 684e051
Show file tree

Hide file tree

Showing 7 changed files with 211 additions and 65 deletions.
diff --git a/e2e/tests/permission_test.go b/e2e/tests/permission_test.go
@@ -2033,3 +2033,107 @@ func (s *StorageTestSuite) TestExpiredGroupPolicyGCAndRePut() {
 	s.Require().Equal(queryPolicyForGroupResp.Policy.ResourceType, resource.RESOURCE_TYPE_BUCKET)
 	s.Require().Equal(types.EFFECT_ALLOW, queryPolicyForGroupResp.Policy.Statements[0].Effect)
 }
+
+func (s *StorageTestSuite) TestSetResourceTagWithPermission() {
+	var err error
+	owner := s.GenAndChargeAccounts(1, 1000000)[0]
+	user := s.GenAndChargeAccounts(1, 1000000)[0]
+
+	// CreateBucket
+	sp := s.BaseSuite.PickStorageProvider()
+	gvg, found := sp.GetFirstGlobalVirtualGroup()
+	s.Require().True(found)
+
+	bucketName := storageutil.GenRandomBucketName()
+	msgCreateBucket := storagetypes.NewMsgCreateBucket(
+		owner.GetAddr(), bucketName, storagetypes.VISIBILITY_TYPE_PUBLIC_READ, sp.OperatorKey.GetAddr(),
+		nil, math.MaxUint, nil, 0)
+	msgCreateBucket.PrimarySpApproval.GlobalVirtualGroupFamilyId = gvg.FamilyId
+	msgCreateBucket.PrimarySpApproval.Sig, err = sp.ApprovalKey.Sign(msgCreateBucket.GetApprovalBytes())
+	s.Require().NoError(err)
+
+	// Put bucket policy, grant the user updateBucket permission
+	userPrincipal := types.NewPrincipalWithAccount(user.GetAddr())
+	bucketStatement := &types.Statement{
+		Actions: []types.ActionType{types.ACTION_UPDATE_BUCKET_INFO},
+		Effect:  types.EFFECT_ALLOW,
+	}
+	bucketGRN := types2.NewBucketGRN(bucketName).String()
+	msgPutBucketPolicy := storagetypes.NewMsgPutPolicy(owner.GetAddr(), bucketGRN,
+		userPrincipal, []*types.Statement{bucketStatement}, nil)
+	s.SendTxBlock(owner, msgCreateBucket, msgPutBucketPolicy)
+
+	// set bucket tag by user
+	var tags storagetypes.ResourceTags
+	tags.Tags = append(tags.Tags, storagetypes.ResourceTags_Tag{Key: "key1", Value: "value1"})
+	msgSetTag := storagetypes.NewMsgSetTag(user.GetAddr(), bucketGRN, &tags)
+	s.SendTxBlock(user, msgSetTag)
+
+	req := storagetypes.QueryHeadBucketRequest{
+		BucketName: bucketName,
+	}
+	resp, err := s.Client.HeadBucket(context.Background(), &req)
+	s.Require().NoError(err)
+	s.Require().Equal(tags, *resp.BucketInfo.Tags)
+
+	// Create object by owner
+	objectName := storageutil.GenRandomObjectName()
+	// create test buffer
+	var buffer bytes.Buffer
+	// Create 1MiB content where each line contains 1024 characters.
+	for i := 0; i < 1024; i++ {
+		buffer.WriteString(fmt.Sprintf("[%05d] %s\n", i, line))
+	}
+	payloadSize := buffer.Len()
+	checksum := sdk.Keccak256(buffer.Bytes())
+	expectChecksum := [][]byte{checksum, checksum, checksum, checksum, checksum, checksum, checksum}
+	contextType := "text/event-stream"
+	msgCreateObject := storagetypes.NewMsgCreateObject(owner.GetAddr(), bucketName, objectName, uint64(payloadSize), storagetypes.VISIBILITY_TYPE_PRIVATE, expectChecksum, contextType, storagetypes.REDUNDANCY_EC_TYPE, math.MaxUint, nil)
+	msgCreateObject.PrimarySpApproval.Sig, err = sp.ApprovalKey.Sign(msgCreateObject.GetApprovalBytes())
+	s.Require().NoError(err)
+
+	// Put object policy, grant the user updateBucket permission
+	objectStatement := &types.Statement{
+		Actions: []types.ActionType{types.ACTION_UPDATE_OBJECT_INFO},
+		Effect:  types.EFFECT_ALLOW,
+	}
+	objectGRN := types2.NewObjectGRN(bucketName, objectName).String()
+	msgPutObjectPolicy := storagetypes.NewMsgPutPolicy(owner.GetAddr(), objectGRN,
+		userPrincipal, []*types.Statement{objectStatement}, nil)
+	s.SendTxBlock(owner, msgCreateObject, msgPutObjectPolicy)
+
+	// set object tag by user
+	msgSetTag = storagetypes.NewMsgSetTag(user.GetAddr(), objectGRN, &tags)
+	s.SendTxBlock(user, msgSetTag)
+
+	// Head object, tag shown
+	objectResp, err := s.Client.HeadObject(context.Background(), &storagetypes.QueryHeadObjectRequest{
+		BucketName: bucketName,
+		ObjectName: objectName,
+	})
+	s.Require().NoError(err)
+	s.Require().Equal(tags, *objectResp.ObjectInfo.Tags)
+
+	// Create a group by owner
+	groupName := storageutil.GenRandomGroupName()
+	msgCreateGroup := storagetypes.NewMsgCreateGroup(owner.GetAddr(), groupName, "")
+	groupGRN := types2.NewGroupGRN(owner.GetAddr(), groupName).String()
+
+	// Put group policy by owner, grant the user updateGroupMeta permission
+	groupStatement := &types.Statement{
+		Actions: []types.ActionType{types.ACTION_UPDATE_GROUP_INFO},
+		Effect:  types.EFFECT_ALLOW,
+	}
+	msgPutGroupPolicy := storagetypes.NewMsgPutPolicy(owner.GetAddr(), types2.NewGroupGRN(owner.GetAddr(), groupName).String(),
+		types.NewPrincipalWithAccount(user.GetAddr()), []*types.Statement{groupStatement}, nil)
+	s.SendTxBlock(owner, msgCreateGroup, msgPutGroupPolicy)
+
+	// // set group tag by user
+	msgSetTag = storagetypes.NewMsgSetTag(user.GetAddr(), groupGRN, &tags)
+	s.SendTxBlock(user, msgSetTag)
+
+	// Head group, tag shown
+	headGroupResponse, err := s.Client.HeadGroup(context.Background(), &storagetypes.QueryHeadGroupRequest{GroupOwner: owner.GetAddr().String(), GroupName: groupName})
+	s.Require().NoError(err)
+	s.Require().Equal(tags, *headGroupResponse.GroupInfo.Tags)
+}
diff --git a/proto/greenfield/permission/common.proto b/proto/greenfield/permission/common.proto
@@ -29,6 +29,7 @@ enum ActionType {
   ACTION_UPDATE_OBJECT_INFO = 11;
 
   ACTION_UPDATE_GROUP_EXTRA = 12;
+  ACTION_UPDATE_GROUP_INFO = 13;
 
   ACTION_TYPE_ALL = 99;
 }

diff --git a/swagger/static/swagger.yaml b/swagger/static/swagger.yaml
@@ -5008,6 +5008,7 @@ paths:
                               - ACTION_DELETE_GROUP
                               - ACTION_UPDATE_OBJECT_INFO
                               - ACTION_UPDATE_GROUP_EXTRA
+                              - ACTION_UPDATE_GROUP_INFO
                               - ACTION_TYPE_ALL
                             default: ACTION_UNSPECIFIED
                             title: >-
@@ -5202,6 +5203,7 @@ paths:
                               - ACTION_DELETE_GROUP
                               - ACTION_UPDATE_OBJECT_INFO
                               - ACTION_UPDATE_GROUP_EXTRA
+                              - ACTION_UPDATE_GROUP_INFO
                               - ACTION_TYPE_ALL
                             default: ACTION_UNSPECIFIED
                             title: >-
@@ -5400,6 +5402,7 @@ paths:
                               - ACTION_DELETE_GROUP
                               - ACTION_UPDATE_OBJECT_INFO
                               - ACTION_UPDATE_GROUP_EXTRA
+                              - ACTION_UPDATE_GROUP_INFO
                               - ACTION_TYPE_ALL
                             default: ACTION_UNSPECIFIED
                             title: >-
@@ -5612,6 +5615,7 @@ paths:
             - ACTION_DELETE_GROUP
             - ACTION_UPDATE_OBJECT_INFO
             - ACTION_UPDATE_GROUP_EXTRA
+            - ACTION_UPDATE_GROUP_INFO
             - ACTION_TYPE_ALL
         - name: object_name
           in: query
@@ -34230,6 +34234,7 @@ definitions:
       - ACTION_DELETE_GROUP
       - ACTION_UPDATE_OBJECT_INFO
       - ACTION_UPDATE_GROUP_EXTRA
+      - ACTION_UPDATE_GROUP_INFO
       - ACTION_TYPE_ALL
     default: ACTION_UNSPECIFIED
     title: >-
@@ -34342,6 +34347,7 @@ definitions:
                   - ACTION_DELETE_GROUP
                   - ACTION_UPDATE_OBJECT_INFO
                   - ACTION_UPDATE_GROUP_EXTRA
+                  - ACTION_UPDATE_GROUP_INFO
                   - ACTION_TYPE_ALL
                 default: ACTION_UNSPECIFIED
                 title: >-
@@ -34464,6 +34470,7 @@ definitions:
             - ACTION_DELETE_GROUP
             - ACTION_UPDATE_OBJECT_INFO
             - ACTION_UPDATE_GROUP_EXTRA
+            - ACTION_UPDATE_GROUP_INFO
             - ACTION_TYPE_ALL
           default: ACTION_UNSPECIFIED
           title: >-
@@ -36207,6 +36214,7 @@ definitions:
                       - ACTION_DELETE_GROUP
                       - ACTION_UPDATE_OBJECT_INFO
                       - ACTION_UPDATE_GROUP_EXTRA
+                      - ACTION_UPDATE_GROUP_INFO
                       - ACTION_TYPE_ALL
                     default: ACTION_UNSPECIFIED
                     title: >-
@@ -36359,6 +36367,7 @@ definitions:
                       - ACTION_DELETE_GROUP
                       - ACTION_UPDATE_OBJECT_INFO
                       - ACTION_UPDATE_GROUP_EXTRA
+                      - ACTION_UPDATE_GROUP_INFO
                       - ACTION_TYPE_ALL
                     default: ACTION_UNSPECIFIED
                     title: >-
@@ -36511,6 +36520,7 @@ definitions:
                       - ACTION_DELETE_GROUP
                       - ACTION_UPDATE_OBJECT_INFO
                       - ACTION_UPDATE_GROUP_EXTRA
+                      - ACTION_UPDATE_GROUP_INFO
                       - ACTION_TYPE_ALL
                     default: ACTION_UNSPECIFIED
                     title: >-

diff --git a/x/permission/types/common.pb.go b/x/permission/types/common.pb.go
diff --git a/x/permission/types/types.go b/x/permission/types/types.go
@@ -66,6 +66,7 @@ var (
 		ACTION_UPDATE_GROUP_MEMBER: true,
 		ACTION_UPDATE_GROUP_EXTRA:  true,
 		ACTION_DELETE_GROUP:        true,
+		ACTION_UPDATE_GROUP_INFO:   true,
 
 		ACTION_TYPE_ALL: true,
 	}