Merge pull request #2030 from nspcc-dev/fix-manifest

Fix bugs in manifest permissions
2021-06-30 11:12:02 +03:00 · 2021-06-30 11:12:02 +03:00 · cf12d00b24
commit cf12d00b24
parent 3646270af0 c9e6350915
2 changed files with 23 additions and 7 deletions
--- a/pkg/smartcontract/manifest/manifest_test.go
+++ b/pkg/smartcontract/manifest/manifest_test.go
@ -5,6 +5,7 @@ import (
 	"math/big"
 	"testing"

+	"github.com/nspcc-dev/neo-go/internal/random"
 	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
 	"github.com/nspcc-dev/neo-go/pkg/smartcontract"
 	"github.com/nspcc-dev/neo-go/pkg/util"
@ -69,8 +70,16 @@ func TestPermission_IsAllowed(t *testing.T) {
 	manifest := DefaultManifest("Test")

 	t.Run("wildcard", func(t *testing.T) {
+		h := random.Uint160()
+
 		perm := NewPermission(PermissionWildcard)
-		require.True(t, perm.IsAllowed(util.Uint160{}, manifest, "AAA"))
+		require.True(t, perm.IsAllowed(h, manifest, "AAA"))
+
+		perm.Methods.Restrict()
+		require.False(t, perm.IsAllowed(h, manifest, "AAA"))
+
+		perm.Methods.Add("AAA")
+		require.True(t, perm.IsAllowed(h, manifest, "AAA"))
 	})

 	t.Run("hash", func(t *testing.T) {
@ -97,13 +106,16 @@ func TestPermission_IsAllowed(t *testing.T) {
 	t.Run("group", func(t *testing.T) {
 		perm := NewPermission(PermissionGroup, priv.PublicKey())
 		require.True(t, perm.IsAllowed(util.Uint160{}, manifest, "AAA"))
-	})

-	t.Run("invalid group", func(t *testing.T) {
 		priv2, err := keys.NewPrivateKey()
 		require.NoError(t, err)
-		perm := NewPermission(PermissionGroup, priv2.PublicKey())
+
+		perm = NewPermission(PermissionGroup, priv2.PublicKey())
 		require.False(t, perm.IsAllowed(util.Uint160{}, manifest, "AAA"))
+
+		manifest.Groups = append(manifest.Groups, Group{PublicKey: priv2.PublicKey()})
+		perm = NewPermission(PermissionGroup, priv2.PublicKey())
+		require.True(t, perm.IsAllowed(util.Uint160{}, manifest, "AAA"))
 	})
 }

--- a/pkg/smartcontract/manifest/permission.go
+++ b/pkg/smartcontract/manifest/permission.go
@ -162,18 +162,22 @@ func (ps Permissions) AreValid() error {
 func (p *Permission) IsAllowed(hash util.Uint160, m *Manifest, method string) bool {
 	switch p.Contract.Type {
 	case PermissionWildcard:
-		return true
 	case PermissionHash:
 		if !p.Contract.Hash().Equals(hash) {
 			return false
 		}
 	case PermissionGroup:
+		has := false
 		g := p.Contract.Group()
 		for i := range m.Groups {
-			if !g.Equal(m.Groups[i].PublicKey) {
-				return false
+			if g.Equal(m.Groups[i].PublicKey) {
+				has = true
+				break
 			}
 		}
+		if !has {
+			return false
+		}
 	default:
 		panic(fmt.Sprintf("unexpected permission: %d", p.Contract.Type))
 	}