feat: collection option to allow or disallow anonymous (#305)

junobuild · Nov 14, 2023 · cb343aa · cb343aa
1 parent b645468
commit cb343aa
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 7 deletions.
diff --git a/src/satellite/src/rules/assert_stores.rs b/src/satellite/src/rules/assert_stores.rs
@@ -4,7 +4,7 @@ use crate::rules::types::rules::Permission;
 use candid::Principal;
 use shared::controllers::is_controller;
 use shared::types::state::Controllers;
-use shared::utils::principal_equal;
+use shared::utils::{principal_equal, principal_not_anonymous};
 
 pub fn assert_permission(
     permission: &Permission,
@@ -14,9 +14,11 @@ pub fn assert_permission(
 ) -> bool {
     match permission {
         Permission::Public => true,
-        Permission::Private => principal_equal(owner, caller),
-        Permission::Managed => principal_equal(owner, caller) || is_controller(caller, controllers),
-        Permission::Controllers => is_controller(caller, controllers),
+        Permission::Private => assert_caller(caller, owner),
+        Permission::Managed => {
+            assert_caller(caller, owner) || assert_controller(caller, controllers)
+        }
+        Permission::Controllers => assert_controller(caller, controllers),
     }
 }
 
@@ -29,12 +31,24 @@ pub fn assert_create_permission(
 ) -> bool {
     match permission {
         Permission::Public => true,
-        Permission::Private => true,
-        Permission::Managed => true,
-        Permission::Controllers => is_controller(caller, controllers),
+        Permission::Private => assert_not_anonymous(caller),
+        Permission::Managed => assert_not_anonymous(caller),
+        Permission::Controllers => assert_controller(caller, controllers),
     }
 }
 
+fn assert_caller(caller: Principal, owner: Principal) -> bool {
+    assert_not_anonymous(caller) && principal_equal(owner, caller)
+}
+
+fn assert_controller(caller: Principal, controllers: &Controllers) -> bool {
+    assert_not_anonymous(caller) && is_controller(caller, controllers)
+}
+
+fn assert_not_anonymous(caller: Principal) -> bool {
+    principal_not_anonymous(caller)
+}
+
 pub fn public_permission(permission: &Permission) -> bool {
     matches!(permission, Permission::Public)
 }

diff --git a/src/shared/src/utils.rs b/src/shared/src/utils.rs
@@ -9,6 +9,10 @@ pub fn principal_equal(x: Principal, y: Principal) -> bool {
     x == y
 }
 
+pub fn principal_not_anonymous(p: Principal) -> bool {
+    principal_not_equal(p, Principal::anonymous())
+}
+
 pub fn account_identifier_equal(x: AccountIdentifier, y: AccountIdentifier) -> bool {
     x == y
 }