feat: disallow controller being set with anonymous principal

Signed-off-by: David Dal Busco <[email protected]>
junobuild · Nov 14, 2023 · 8531574 · 8531574
1 parent cb343aa
commit 8531574
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 19 deletions.
diff --git a/src/satellite/src/rules/assert_stores.rs b/src/satellite/src/rules/assert_stores.rs
@@ -15,10 +15,8 @@ pub fn assert_permission(
     match permission {
         Permission::Public => true,
         Permission::Private => assert_caller(caller, owner),
-        Permission::Managed => {
-            assert_caller(caller, owner) || assert_controller(caller, controllers)
-        }
-        Permission::Controllers => assert_controller(caller, controllers),
+        Permission::Managed => assert_caller(caller, owner) || is_controller(caller, controllers),
+        Permission::Controllers => is_controller(caller, controllers),
     }
 }
 
@@ -33,18 +31,14 @@ pub fn assert_create_permission(
         Permission::Public => true,
         Permission::Private => assert_not_anonymous(caller),
         Permission::Managed => assert_not_anonymous(caller),
-        Permission::Controllers => assert_controller(caller, controllers),
+        Permission::Controllers => is_controller(caller, controllers),
     }
 }
 
 fn assert_caller(caller: Principal, owner: Principal) -> bool {
     assert_not_anonymous(caller) && principal_equal(owner, caller)
 }
 
-fn assert_controller(caller: Principal, controllers: &Controllers) -> bool {
-    assert_not_anonymous(caller) && is_controller(caller, controllers)
-}
-
 fn assert_not_anonymous(caller: Principal) -> bool {
     principal_not_anonymous(caller)
 }

diff --git a/src/shared/src/controllers.rs b/src/shared/src/controllers.rs
@@ -1,7 +1,7 @@
 use crate::env::{CONSOLE, OBSERVATORY};
 use crate::types::interface::SetController;
 use crate::types::state::{Controller, ControllerId, ControllerScope, Controllers, UserId};
-use crate::utils::principal_equal;
+use crate::utils::{principal_equal, principal_not_anonymous};
 use candid::Principal;
 use ic_cdk::api::time;
 use std::collections::HashMap;
@@ -56,18 +56,20 @@ pub fn delete_controllers(remove_controllers: &[UserId], controllers: &mut Contr
 }
 
 pub fn is_controller(caller: UserId, controllers: &Controllers) -> bool {
-    controllers
-        .iter()
-        .any(|(&controller_id, _)| principal_equal(controller_id, caller))
+    principal_not_anonymous(caller)
+        && controllers
+            .iter()
+            .any(|(&controller_id, _)| principal_equal(controller_id, caller))
 }
 
 pub fn is_admin_controller(caller: UserId, controllers: &Controllers) -> bool {
-    controllers
-        .iter()
-        .any(|(&controller_id, controller)| match controller.scope {
-            ControllerScope::Write => false,
-            ControllerScope::Admin => principal_equal(controller_id, caller),
-        })
+    principal_not_anonymous(caller)
+        && controllers
+            .iter()
+            .any(|(&controller_id, controller)| match controller.scope {
+                ControllerScope::Write => false,
+                ControllerScope::Admin => principal_equal(controller_id, caller),
+            })
 }
 
 pub fn into_controller_ids(controllers: &Controllers) -> Vec<ControllerId> {