LaconicNetwork/cosmos-sdk
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

fix(circuit): partial perms bug fix (backport #17165) (#17167)

Browse Source 
Co-authored-by: Marko <marbar3778@yahoo.com>
This commit is contained in:
mergify[bot] 2023-07-27 20:14:59 +00:00 committed by GitHub
parent bd61e84ef1
commit dcb628064a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 23 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
x/circuit/keeper/msg_server.go
View File

@ -115,15 +115,19 @@ func (srv msgServer) TripCircuitBreaker(ctx context.Context, msg *types.MsgTripC
if !isAllowed {
return nil, fmt.Errorf("message %s is already disabled", msgTypeURL)
}
permExists := false
for _, msgurl := range perms.LimitTypeUrls {
if msgTypeURL == msgurl {
if err = srv.DisableList.Set(ctx, msgTypeURL); err != nil {
return nil, err
}
} else {
return nil, errorsmod.Wrapf(sdkerrors.ErrUnauthorized, "account does not have permission to trip circuit breaker for message %s", msgTypeURL)
permExists = true
}
}
if !permExists {
return nil, errorsmod.Wrapf(sdkerrors.ErrUnauthorized, "account does not have permission to trip circuit breaker for message %s", msgTypeURL)
}
if err = srv.DisableList.Set(ctx, msgTypeURL); err != nil {
return nil, err
}
}
default:
return nil, errorsmod.Wrap(sdkerrors.ErrUnauthorized, "account does not have permission to trip circuit breaker")

16
x/circuit/keeper/msg_server_test.go
View File

@ -138,15 +138,27 @@ func TestTripCircuitBreaker(t *testing.T) {
require.NoError(t, err)
require.False(t, allowed, "circuit breaker should be tripped")
// user with enough permissions tries to trip circuit breaker for two messages
url, url2 := "cosmos.gov.v1beta1.MsgDeposit", "cosmos.gov.v1beta1.MsgVote"
twomsgs := &types.Permissions{Level: types.Permissions_LEVEL_SOME_MSGS, LimitTypeUrls: []string{url, url2}}
msg := &types.MsgAuthorizeCircuitBreaker{Granter: authority, Grantee: addresses[3], Permissions: twomsgs}
_, err = srv.AuthorizeCircuitBreaker(ft.ctx, msg)
require.NoError(t, err)
// try to trip two messages with enough permissions
twoMsgTrip := &types.MsgTripCircuitBreaker{Authority: addresses[3], MsgTypeUrls: []string{url, url2}}
_, err = srv.TripCircuitBreaker(ft.ctx, twoMsgTrip)
require.NoError(t, err)
// user with all messages trips circuit breaker
// add a super user
allmsgs := &types.Permissions{Level: types.Permissions_LEVEL_ALL_MSGS, LimitTypeUrls: []string{""}}
msg := &types.MsgAuthorizeCircuitBreaker{Granter: authority, Grantee: addresses[1], Permissions: allmsgs}
msg = &types.MsgAuthorizeCircuitBreaker{Granter: authority, Grantee: addresses[1], Permissions: allmsgs}
_, err = srv.AuthorizeCircuitBreaker(ft.ctx, msg)
require.NoError(t, err)
// try to trip the circuit breaker
url2 := "cosmos.staking.v1beta1.MsgDelegate"
url2 = "cosmos.staking.v1beta1.MsgDelegate"
superTrip := &types.MsgTripCircuitBreaker{Authority: addresses[1], MsgTypeUrls: []string{url2}}
_, err = srv.TripCircuitBreaker(ft.ctx, superTrip)
require.NoError(t, err)