manifest: fix group permission handling

We need to have at least one matching group in the manifest.

Signed-off-by: Evgeniy Stratonikov <evgeniy@nspcc.ru>

pkg/smartcontract/manifest/manifest_test.go

@@ -106,13 +106,16 @@ func TestPermission_IsAllowed(t *testing.T) {
 	t.Run("group", func(t *testing.T) {
 		perm := NewPermission(PermissionGroup, priv.PublicKey())
 		require.True(t, perm.IsAllowed(util.Uint160{}, manifest, "AAA"))
-	})
 
-	t.Run("invalid group", func(t *testing.T) {
 		priv2, err := keys.NewPrivateKey()
 		require.NoError(t, err)
-		perm := NewPermission(PermissionGroup, priv2.PublicKey())
+
+		perm = NewPermission(PermissionGroup, priv2.PublicKey())
 		require.False(t, perm.IsAllowed(util.Uint160{}, manifest, "AAA"))
+
+		manifest.Groups = append(manifest.Groups, Group{PublicKey: priv2.PublicKey()})
+		perm = NewPermission(PermissionGroup, priv2.PublicKey())
+		require.True(t, perm.IsAllowed(util.Uint160{}, manifest, "AAA"))
 	})
 }
 

pkg/smartcontract/manifest/permission.go

@@ -167,12 +167,17 @@ func (p *Permission) IsAllowed(hash util.Uint160, m *Manifest, method string) bo
 			return false
 		}
 	case PermissionGroup:
+		has := false
 		g := p.Contract.Group()
 		for i := range m.Groups {
-			if !g.Equal(m.Groups[i].PublicKey) {
+			if g.Equal(m.Groups[i].PublicKey) {
-				return false
+				has = true
+				break
 			}
 		}
+		if !has {
+			return false
+		}
 	default:
 		panic(fmt.Sprintf("unexpected permission: %d", p.Contract.Type))
 	}