diff --git a/src/satellite/src/rules/assert_stores.rs b/src/satellite/src/rules/assert_stores.rs index f942b30c2..66f78d790 100644 --- a/src/satellite/src/rules/assert_stores.rs +++ b/src/satellite/src/rules/assert_stores.rs @@ -15,10 +15,8 @@ pub fn assert_permission( match permission { Permission::Public => true, Permission::Private => assert_caller(caller, owner), - Permission::Managed => { - assert_caller(caller, owner) || assert_controller(caller, controllers) - } - Permission::Controllers => assert_controller(caller, controllers), + Permission::Managed => assert_caller(caller, owner) || is_controller(caller, controllers), + Permission::Controllers => is_controller(caller, controllers), } } @@ -33,7 +31,7 @@ pub fn assert_create_permission( Permission::Public => true, Permission::Private => assert_not_anonymous(caller), Permission::Managed => assert_not_anonymous(caller), - Permission::Controllers => assert_controller(caller, controllers), + Permission::Controllers => is_controller(caller, controllers), } } @@ -41,10 +39,6 @@ fn assert_caller(caller: Principal, owner: Principal) -> bool { assert_not_anonymous(caller) && principal_equal(owner, caller) } -fn assert_controller(caller: Principal, controllers: &Controllers) -> bool { - assert_not_anonymous(caller) && is_controller(caller, controllers) -} - fn assert_not_anonymous(caller: Principal) -> bool { principal_not_anonymous(caller) } diff --git a/src/shared/src/controllers.rs b/src/shared/src/controllers.rs index e54782328..8e6c187cd 100644 --- a/src/shared/src/controllers.rs +++ b/src/shared/src/controllers.rs @@ -1,7 +1,7 @@ use crate::env::{CONSOLE, OBSERVATORY}; use crate::types::interface::SetController; use crate::types::state::{Controller, ControllerId, ControllerScope, Controllers, UserId}; -use crate::utils::principal_equal; +use crate::utils::{principal_equal, principal_not_anonymous}; use candid::Principal; use ic_cdk::api::time; use std::collections::HashMap; @@ -56,18 +56,20 @@ pub fn delete_controllers(remove_controllers: &[UserId], controllers: &mut Contr } pub fn is_controller(caller: UserId, controllers: &Controllers) -> bool { - controllers - .iter() - .any(|(&controller_id, _)| principal_equal(controller_id, caller)) + principal_not_anonymous(caller) + && controllers + .iter() + .any(|(&controller_id, _)| principal_equal(controller_id, caller)) } pub fn is_admin_controller(caller: UserId, controllers: &Controllers) -> bool { - controllers - .iter() - .any(|(&controller_id, controller)| match controller.scope { - ControllerScope::Write => false, - ControllerScope::Admin => principal_equal(controller_id, caller), - }) + principal_not_anonymous(caller) + && controllers + .iter() + .any(|(&controller_id, controller)| match controller.scope { + ControllerScope::Write => false, + ControllerScope::Admin => principal_equal(controller_id, caller), + }) } pub fn into_controller_ids(controllers: &Controllers) -> Vec {