content-directory: check valid worker when adding to curator group

runtime-modules/content/src/errors.rs

@@ -28,6 +28,9 @@ decl_error! {
         /// Curator group is not active
         CuratorGroupIsNotActive,
 
+        /// Curator id is not a worker id in content working group
+        CuratorIdInvalid,
+
         // Authentication Errors
         // ---------------------
 

runtime-modules/content/src/lib.rs

@@ -608,6 +608,9 @@ decl_module! {
             // Ensure curator group under provided curator_group_id already exist, retrieve corresponding one
             let curator_group = Self::ensure_curator_group_exists(&curator_group_id)?;
 
+            // Ensure that curator_id is infact a worker in content working group
+            ensure_is_valid_curator_id::<T>(&curator_id)?;
+
             // Ensure max number of curators per group limit not reached yet
             curator_group.ensure_max_number_of_curators_limit_not_reached()?;
 

runtime-modules/content/src/permissions/curator_group.rs

@@ -31,7 +31,7 @@ impl<T: Trait> Default for CuratorGroup<T> {
 
 impl<T: Trait> CuratorGroup<T> {
     /// Check if `CuratorGroup` contains curator under given `curator_id`
-    pub fn is_curator(&self, curator_id: &T::CuratorId) -> bool {
+    pub fn has_curator(&self, curator_id: &T::CuratorId) -> bool {
         self.curators.contains(curator_id)
     }
 
@@ -93,7 +93,7 @@ impl<T: Trait> CuratorGroup<T> {
         curator_id: &T::CuratorId,
     ) -> Result<(), Error<T>> {
         ensure!(
-            self.get_curators().contains(curator_id),
+            self.has_curator(curator_id),
             Error::<T>::CuratorIsNotAMemberOfGivenCuratorGroup
         );
         Ok(())
@@ -105,7 +105,7 @@ impl<T: Trait> CuratorGroup<T> {
         curator_id: &T::CuratorId,
     ) -> Result<(), Error<T>> {
         ensure!(
-            !self.get_curators().contains(curator_id),
+            !self.has_curator(curator_id),
             Error::<T>::CuratorIsAlreadyAMemberOfGivenCuratorGroup
         );
         Ok(())

runtime-modules/content/src/permissions/mod.rs

@@ -44,6 +44,9 @@ pub trait ContentActorAuthenticator: system::Trait + MembershipTypes {
     /// Authorize actor as lead
     fn is_lead(account_id: &Self::AccountId) -> bool;
 
+    /// Checks if Id represents a worker id in the working group
+    fn is_valid_curator_id(curator_id: &Self::CuratorId) -> bool;
+
     /// Authorize actor as curator
     fn is_curator(curator_id: &Self::CuratorId, account_id: &Self::AccountId) -> bool;
 
@@ -51,6 +54,14 @@ pub trait ContentActorAuthenticator: system::Trait + MembershipTypes {
     fn is_member(member_id: &Self::MemberId, account_id: &Self::AccountId) -> bool;
 }
 
+pub fn ensure_is_valid_curator_id<T: Trait>(curator_id: &T::CuratorId) -> Result<(), Error<T>> {
+    ensure!(
+        T::is_valid_curator_id(curator_id),
+        Error::<T>::CuratorIdInvalid
+    );
+    Ok(())
+}
+
 /// Ensure curator authorization performed succesfully
 pub fn ensure_curator_auth_success<T: Trait>(
     curator_id: &T::CuratorId,

runtime-modules/content/src/tests/mock.rs

@@ -157,6 +157,10 @@ impl ContentActorAuthenticator for Test {
         let unknown_member_account_id = ensure_signed(Origin::signed(UNKNOWN_ORIGIN)).unwrap();
         *member_id < MEMBERS_COUNT && unknown_member_account_id != *account_id
     }
+
+    fn is_valid_curator_id(curator_id: &Self::CuratorId) -> bool {
+        *curator_id == FIRST_CURATOR_ID || *curator_id == SECOND_CURATOR_ID
+    }
 }
 
 pub struct MockStorageSystem {}

runtime/src/integration/content_directory.rs

@@ -40,4 +40,8 @@ impl content::ContentActorAuthenticator for Runtime {
         )
         .is_ok()
     }
+
+    fn is_valid_curator_id(curator_id: &Self::CuratorId) -> bool {
+        ContentDirectoryWorkingGroup::<Runtime>::ensure_worker_exists(curator_id).is_ok()
+    }
 }