Browse Source

support groups of principals in credential checker

Mokhtar Naamani 5 years ago
parent
commit
bcc748ea66
1 changed files with 52 additions and 2 deletions
  1. 52 2
      src/lib.rs

+ 52 - 2
src/lib.rs

@@ -407,7 +407,7 @@ pub use forum;
 use membership::members;
 
 mod content_working_group;
-use content_working_group::lib as content_wg;
+pub use content_working_group::lib as content_wg;
 mod migration;
 mod roles;
 mod service_discovery;
@@ -427,7 +427,7 @@ impl versioned_store::Trait for Runtime {
 
 impl versioned_store_permissions::Trait for Runtime {
     type Credential = u64;
-    type CredentialChecker = (ContentWorkingGroup, SudoKeyHasAllCredentials);
+    type CredentialChecker = (ContentWorkingGroupCredentials, SudoKeyHasAllCredentials);
     type CreateClassPermissionsChecker = ContentLeadOrSudoKeyCanCreateClasses;
 }
 
@@ -441,6 +441,56 @@ impl versioned_store_permissions::CredentialChecker<Runtime> for SudoKeyHasAllCr
         <sudo::Module<Runtime>>::key() == *account
     }
 }
+pub struct ContentWorkingGroupCredentials {}
+impl versioned_store_permissions::CredentialChecker<Runtime> for ContentWorkingGroupCredentials {
+    fn account_has_credential(
+        account: &AccountId,
+        credential: <Runtime as versioned_store_permissions::Trait>::Credential,
+    ) -> bool {
+        match credential {
+            // Credentials from 0..999 represents groups or more complex requirements
+            // Current Lead if set
+            0 => <content_wg::Module<Runtime>>::ensure_lead_is_set()
+                .map_or(false, |(_, lead)| lead.role_account == *account),
+            // Any Active Curator
+            1 => {
+                // Look for a Curator with a matching role account
+                for (_principal_id, principal) in <content_wg::PrincipalById<Runtime>>::enumerate()
+                {
+                    if let content_wg::Principal::Curator(curator_id) = principal {
+                        let curator = <content_wg::CuratorById<Runtime>>::get(curator_id);
+                        if curator.role_account == *account {
+                            return true;
+                        }
+                    }
+                }
+
+                return false;
+            }
+            // Any Active Channel Owner
+            2 => {
+                // Look for a ChannelOwner with a matching role account
+                for (_principal_id, principal) in <content_wg::PrincipalById<Runtime>>::enumerate()
+                {
+                    if let content_wg::Principal::ChannelOwner(channel_id) = principal {
+                        let channel = <content_wg::ChannelById<Runtime>>::get(channel_id);
+                        if channel.role_account == *account {
+                            return true; // should we also take publishing_status/curation_status into account ?
+                        }
+                    }
+                }
+
+                return false;
+            }
+            // Above 999 - shifted one-to-one mapping to workging group principal id
+            n if n >= 1000 => {
+                <content_wg::Module<Runtime>>::account_has_credential(account, n - 1000)
+            }
+            _ => false,
+        }
+    }
+}
+
 // Allow sudo key holder permission to create classes
 pub struct SudoKeyCanCreateClasses {}
 impl versioned_store_permissions::CreateClassPermissionsChecker<Runtime>