add protection to delete and modify son object only if owner
This commit is contained in:
Alfredo Garcia
parent
3a4445b20c
commit
17dfc6af64
2 changed files with 86 additions and 1 deletions
|
|
@ -31,6 +31,7 @@ object_id_type create_son_evaluator::do_apply(const son_create_operation& op)
|
||||||
void_result update_son_evaluator::do_evaluate(const son_update_operation& op)
|
void_result update_son_evaluator::do_evaluate(const son_update_operation& op)
|
||||||
{ try {
|
{ try {
|
||||||
FC_ASSERT(db().head_block_time() >= HARDFORK_SON_TIME, "Not allowed until SON HARDFORK"); // can be removed after HF date pass
|
FC_ASSERT(db().head_block_time() >= HARDFORK_SON_TIME, "Not allowed until SON HARDFORK"); // can be removed after HF date pass
|
||||||
|
FC_ASSERT(db().get(op.son_id).son_member_account == op.owner_account);
|
||||||
const auto& idx = db().get_index_type<son_member_index>().indices().get<by_id>();
|
const auto& idx = db().get_index_type<son_member_index>().indices().get<by_id>();
|
||||||
FC_ASSERT( idx.find(op.son_id) != idx.end() );
|
FC_ASSERT( idx.find(op.son_id) != idx.end() );
|
||||||
return void_result();
|
return void_result();
|
||||||
|
|
@ -52,6 +53,7 @@ object_id_type update_son_evaluator::do_apply(const son_update_operation& op)
|
||||||
void_result delete_son_evaluator::do_evaluate(const son_delete_operation& op)
|
void_result delete_son_evaluator::do_evaluate(const son_delete_operation& op)
|
||||||
{ try {
|
{ try {
|
||||||
FC_ASSERT(db().head_block_time() >= HARDFORK_SON_TIME, "Not allowed until SON_HARDFORK"); // can be removed after HF date pass
|
FC_ASSERT(db().head_block_time() >= HARDFORK_SON_TIME, "Not allowed until SON_HARDFORK"); // can be removed after HF date pass
|
||||||
|
FC_ASSERT(db().get(op.son_id).son_member_account == op.owner_account);
|
||||||
const auto& idx = db().get_index_type<son_member_index>().indices().get<by_id>();
|
const auto& idx = db().get_index_type<son_member_index>().indices().get<by_id>();
|
||||||
FC_ASSERT( idx.find(op.son_id) != idx.end() );
|
FC_ASSERT( idx.find(op.son_id) != idx.end() );
|
||||||
return void_result();
|
return void_result();
|
||||||
|
|
|
||||||
|
|
@ -85,7 +85,7 @@ BOOST_AUTO_TEST_CASE( update_son_test ){
|
||||||
BOOST_CHECK( id == obj->id );
|
BOOST_CHECK( id == obj->id );
|
||||||
}
|
}
|
||||||
|
|
||||||
BOOST_AUTO_TEST_CASE( delete_son_test ){
|
BOOST_AUTO_TEST_CASE( delete_son_test ) {
|
||||||
INVOKE(create_son_test);
|
INVOKE(create_son_test);
|
||||||
test_delete_son_member_evaluator test_eval( db );
|
test_delete_son_member_evaluator test_eval( db );
|
||||||
|
|
||||||
|
|
@ -100,4 +100,87 @@ BOOST_AUTO_TEST_CASE( delete_son_test ){
|
||||||
BOOST_REQUIRE( idx.empty() );
|
BOOST_REQUIRE( idx.empty() );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
BOOST_AUTO_TEST_CASE( update_delete_not_own ) { // fee payer needs to be the son object owner
|
||||||
|
try {
|
||||||
|
generate_blocks(HARDFORK_SON_TIME);
|
||||||
|
while (db.head_block_time() <= HARDFORK_SON_TIME) {
|
||||||
|
generate_block();
|
||||||
|
}
|
||||||
|
generate_block();
|
||||||
|
set_expiration(db, trx);
|
||||||
|
|
||||||
|
ACTORS((alice)(bob));
|
||||||
|
|
||||||
|
upgrade_to_lifetime_member(alice);
|
||||||
|
upgrade_to_lifetime_member(bob);
|
||||||
|
|
||||||
|
set_expiration(db, trx);
|
||||||
|
std::string test_url = "https://create_son_test";
|
||||||
|
|
||||||
|
// alice became son
|
||||||
|
{
|
||||||
|
son_create_operation op;
|
||||||
|
op.owner_account = alice_id;
|
||||||
|
op.url = test_url;
|
||||||
|
trx.operations.push_back(op);
|
||||||
|
sign(trx, alice_private_key);
|
||||||
|
PUSH_TX(db, trx, ~0);
|
||||||
|
}
|
||||||
|
generate_block();
|
||||||
|
|
||||||
|
set_expiration(db, trx);
|
||||||
|
trx.clear();
|
||||||
|
|
||||||
|
const auto& idx = db.get_index_type<son_member_index>().indices().get<by_account>();
|
||||||
|
BOOST_REQUIRE( idx.size() == 1 );
|
||||||
|
auto obj = idx.find( alice_id );
|
||||||
|
BOOST_REQUIRE( obj != idx.end() );
|
||||||
|
BOOST_CHECK( obj->url == test_url );
|
||||||
|
|
||||||
|
// bob tries to update a son object he dont own
|
||||||
|
{
|
||||||
|
son_update_operation op;
|
||||||
|
op.owner_account = bob_id;
|
||||||
|
op.new_url = "whatever";
|
||||||
|
op.son_id = son_id_type(0);
|
||||||
|
|
||||||
|
trx.operations.push_back(op);
|
||||||
|
sign(trx, bob_private_key);
|
||||||
|
GRAPHENE_REQUIRE_THROW(PUSH_TX( db, trx ), fc::exception);
|
||||||
|
}
|
||||||
|
generate_block();
|
||||||
|
|
||||||
|
set_expiration(db, trx);
|
||||||
|
trx.clear();
|
||||||
|
|
||||||
|
obj = idx.find( alice_id );
|
||||||
|
BOOST_REQUIRE( obj != idx.end() );
|
||||||
|
// not changing
|
||||||
|
BOOST_CHECK( obj->url == "https://create_son_test" );
|
||||||
|
|
||||||
|
// bob tries to delete a son object he dont own
|
||||||
|
{
|
||||||
|
son_delete_operation op;
|
||||||
|
op.owner_account = bob_id;
|
||||||
|
op.son_id = son_id_type(0);
|
||||||
|
|
||||||
|
trx.operations.push_back(op);
|
||||||
|
sign(trx, bob_private_key);
|
||||||
|
GRAPHENE_REQUIRE_THROW(PUSH_TX( db, trx ), fc::exception);
|
||||||
|
|
||||||
|
}
|
||||||
|
generate_block();
|
||||||
|
|
||||||
|
obj = idx.find( alice_id );
|
||||||
|
// not deleting
|
||||||
|
BOOST_REQUIRE( obj != idx.end() );
|
||||||
|
BOOST_CHECK( obj->son_member_account.instance == alice_id.instance);
|
||||||
|
|
||||||
|
}
|
||||||
|
catch (fc::exception &e) {
|
||||||
|
edump((e.to_detail_string()));
|
||||||
|
throw;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
BOOST_AUTO_TEST_SUITE_END()
|
BOOST_AUTO_TEST_SUITE_END()
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue