gnolang · kazai777 · Jun 3, 2024 · Jun 5, 2024 · Jun 5, 2024 · Jun 6, 2024
diff --git a/examples/gno.land/p/demo/accesscontrol/accesscontrol.gno b/examples/gno.land/p/demo/accesscontrol/accesscontrol.gno
@@ -0,0 +1,185 @@
+package accesscontrol
+
+import (
+	"std"
+
+	"gno.land/p/demo/avl"
+	"gno.land/p/demo/ownable"
+)
+
+const (
+	RoleName     = "roleName"
+	Sender       = "sender"
+	Account      = "account"
+	NewAdminRole = "newAdminRole"
+)
+
+// Role struct to store role information
+type Role struct {
+	Name    string
+	Holders *avl.Tree // std.Address -> struct{}
+	Ownable *ownable.Ownable
+}
+
+// Roles struct to store all Roles information
+type Roles struct {
+	AllRoles []*Role
+	Ownable  *ownable.Ownable
+}
+
+func validRoleName(name string) error {
+	if len(name) > 30 || name == "" {
+		return ErrNameRole
+	}
+
+	return nil
+}
+
+// NewRole creates a new instance of Role
+func NewRole(name string, admin std.Address) (*Role, error) {
+	if err := validRoleName(name); err != nil {
+		return nil, err
+	}
+
+	return &Role{
+		Name:    name,
+		Holders: avl.NewTree(),
+		Ownable: ownable.NewWithAddress(admin),
+	}, nil
+}
+
+// CreateRole create a new role within the realm
+func (rs *Roles) CreateRole(name string) (*Role, error) {
+	if err := validRoleName(name); err != nil {
+		return nil, ErrNameRole
+	}
+
+	if err := rs.Ownable.CallerIsOwner(); err != nil {
+		return nil, err
+	}
+
+	for _, role := range rs.AllRoles {
+		if role.Name == name {
+			return nil, ErrRoleSameName
+		}
+	}
+
+	role, err := NewRole(name, rs.Ownable.Owner())
+	if err != nil {
+		return nil, err
+	}
+
+	rs.AllRoles = append(rs.AllRoles, role)
+
+	std.Emit(
+		"RoleCreated",
+		RoleName, name,
+		Sender, rs.Ownable.Owner().String(),
+	)
+
+	return role, nil
+}
+
+// HasRole check if an account has a specific role
+func (r *Role) HasRole(account std.Address) bool {
+	return r.Holders.Has(account.String())
+}
+
+// FindRole searches for a role by its name
+func (rs *Roles) FindRole(name string) (*Role, error) {
+	for _, role := range rs.AllRoles {
+		if role.Name == name {
+			return role, nil
+		}
+	}
+
+	return nil, ErrRoleNotFound
+}
+
+// GrantRole grants a role to an account
+func (rs *Roles) GrantRole(name string, account std.Address) error {
+	r, err := rs.FindRole(name)
+	if err != nil {
+		return ErrRoleNotFound
+	}
+
+	err = r.Ownable.CallerIsOwner()
+	if err != nil {
+		return err
+	}
+
+	r.Holders.Set(account.String(), struct{}{})
+
+	std.Emit(
+		"RoleGranted",
+		RoleName, r.Name,
+		Account, account.String(),
+		Sender, std.PrevRealm().Addr().String(),
+	)
+
+	return nil
+}
+
+// RevokeRole revokes a role from an account
+func (rs *Roles) RevokeRole(name string, account std.Address) error {
+	r, err := rs.FindRole(name)
+	if err != nil {
+		return ErrRoleNotFound
+	}
+
+	err = r.Ownable.CallerIsOwner()
+	if err != nil {
+		return err
+	}
+
+	r.Holders.Remove(account.String())
+
+	std.Emit(
+		"RoleRevoked",
+		RoleName, r.Name,
+		Account, account.String(),
+		Sender, std.PrevRealm().Addr().String(),
+	)
+
+	return nil
+}
+
+// RenounceRole allows an account to renounce a role it holds
+func (rs *Roles) RenounceRole(name string) error {
+	r, err := rs.FindRole(name)
+	if err != nil {
+		return ErrRoleNotFound
+	}
+
+	caller := std.PrevRealm().Addr()
+
+	if !r.HasRole(caller) {
+		return ErrAccountNotRole
+	}
+
+	r.Holders.Remove(caller.String())
+
+	std.Emit(
+		"RoleRenounced",
+		RoleName, r.Name,
+		Account, caller.String(),
+		Sender, caller.String(),
+	)
+
+	return nil
+}
+
+// SetRoleAdmin transfers the ownership of the role to a new administrator
+func (r *Role) SetRoleAdmin(admin std.Address) error {
+	if err := r.Ownable.TransferOwnership(admin); err != nil {
+		return err
+	}
+
+	std.Emit(
+		"RoleSet",
+		RoleName, r.Name,
+		NewAdminRole, r.Ownable.Owner().String(),
+	)
+
+	return nil
+}
diff --git a/examples/gno.land/p/demo/accesscontrol/accesscontrol_test.gno b/examples/gno.land/p/demo/accesscontrol/accesscontrol_test.gno
@@ -0,0 +1,192 @@
+package accesscontrol
+
+import (
+	"std"
+	"testing"
+
+	"gno.land/p/demo/ownable"
+	"gno.land/p/demo/testutils"
+	"gno.land/p/demo/uassert"
+)
+
+var (
+	admin    = testutils.TestAddress("admin1")
+	newAdmin = testutils.TestAddress("admin2")
+	user1    = testutils.TestAddress("user1")
+	user2    = testutils.TestAddress("user2")
+
+	roleName = "TestRole"
+)
+
+func initSetup(admin std.Address) *Roles {
+	return &Roles{
+		AllRoles: []*Role{},
+		Ownable:  ownable.NewWithAddress(admin),
+	}
+}
+
+func TestCreateRole(t *testing.T) {
+	roles := initSetup(admin)
+
+	std.TestSetOrigCaller(admin)
+
+	role, err := roles.CreateRole(roleName)
+	uassert.NoError(t, err)
+	uassert.True(t, role != nil, "role should not be nil")
+	uassert.Equal(t, role.Name, roleName)
+
+	_, err = roles.CreateRole(roleName)
+	uassert.Error(t, err, "should fail on duplicate role creation")
+}
+
+func TestGrantRole(t *testing.T) {
+	roles := initSetup(admin)
+
+	_, err := roles.CreateRole(roleName)
+	uassert.NoError(t, err)
+
+	err = roles.GrantRole(roleName, user1)
+	uassert.NoError(t, err)
+
+	role, err := roles.FindRole(roleName)
+	uassert.NoError(t, err)
+	uassert.True(t, role.HasRole(user1), "user1 should have the TestRole")
+}
+
+func TestGrantRoleByNonOwner(t *testing.T) {
+	roles := initSetup(admin)
+
+	_, err := roles.CreateRole(roleName)
+	uassert.NoError(t, err)
+
+	std.TestSetOrigCaller(user2)
+	roles.Ownable.TransferOwnership(user2)
+	err = roles.GrantRole(roleName, user1)
+	uassert.Error(t, err, "non-owner should not be able to grant roles")
+
+	roles.Ownable.TransferOwnership(admin)
+}
+
+func TestRevokeRole(t *testing.T) {
+	roles := initSetup(admin)
+
+	std.TestSetOrigCaller(admin)
+
+	_, err := roles.CreateRole(roleName)
+	uassert.NoError(t, err)
+	err = roles.GrantRole(roleName, user1)
+	uassert.NoError(t, err)
+
+	err = roles.RevokeRole(roleName, user1)
+	uassert.NoError(t, err)
+
+	role, err := roles.FindRole(roleName)
+	uassert.NoError(t, err)
+	uassert.False(t, role.HasRole(user1), "user1 should no longer have the TestRole")
+}
+
+func TestRenounceRole(t *testing.T) {
+	roles := initSetup(admin)
+
+	std.TestSetOrigCaller(admin)
+
+	_, err := roles.CreateRole(roleName)
+	uassert.NoError(t, err)
+	err = roles.GrantRole(roleName, user1)
+	uassert.NoError(t, err)
+
+	roles.Ownable.TransferOwnership(user1)
+	std.TestSetOrigCaller(user1)
+	err = roles.RenounceRole(roleName)
+	uassert.NoError(t, err)
+
+	role, err := roles.FindRole(roleName)
+	uassert.NoError(t, err)
+	uassert.False(t, role.HasRole(user1), "user1 should have renounced the TestRole")
+}
+
+func TestSetRoleAdmin(t *testing.T) {
+	roles := initSetup(admin)
+
+	std.TestSetOrigCaller(admin)
+
+	role, err := roles.CreateRole(roleName)
+	uassert.NoError(t, err)
+
+	err = role.SetRoleAdmin(newAdmin)
+	uassert.NoError(t, err, "admin change should succeed")
+
+	std.TestSetOrigCaller(newAdmin)
+	uassert.Equal(t, role.Ownable.Owner(), newAdmin, "the new admin should be newAdmin")
+
+	std.TestSetOrigCaller(admin)
+	uassert.NotEqual(t, role.Ownable.Owner(), admin, "the old admin should no longer be the owner")
+}
+
+func TestCreateRoleInvalidName(t *testing.T) {
+	roles := initSetup(admin)
+
+	std.TestSetOrigCaller(admin)
+
+	_, err := roles.CreateRole("")
+	uassert.Error(t, err, "should fail on empty role name")
+
+	longRoleName := "thisisaverylongrolenamethatexceedsthenormallimitfortestingpurposes"
+	_, err = roles.CreateRole(longRoleName)
+	uassert.Error(t, err, "should fail on very long role name")
+}
+
+func TestRevokeRoleByNonOwner(t *testing.T) {
+	roles := initSetup(admin)
+
+	std.TestSetOrigCaller(admin)
+
+	_, err := roles.CreateRole(roleName)
+	uassert.NoError(t, err)
+	err = roles.GrantRole(roleName, user1)
+	uassert.NoError(t, err)
+
+	std.TestSetOrigCaller(user2)
+	err = roles.RevokeRole(roleName, user1)
+	uassert.Error(t, err, "non-owner should not be able to revoke roles")
+}
+
+func TestGrantRoleToNonExistentRole(t *testing.T) {
+	roles := initSetup(admin)
+
+	std.TestSetOrigCaller(admin)
+
+	err := roles.GrantRole("NonExistentRole", user1)
+	uassert.Error(t, err, "should fail when granting non-existent role")
+}
+
+func TestRevokeRoleFromNonExistentRole(t *testing.T) {
+	roles := initSetup(admin)
+
+	std.TestSetOrigCaller(admin)
+
+	err := roles.RevokeRole("NonExistentRole", user1)
+	uassert.Error(t, err, "should fail when revoking non-existent role")
+}
+
+func TestRenounceNonExistentRole(t *testing.T) {
+	roles := initSetup(admin)
+
+	std.TestSetOrigCaller(user1)
+
+	err := roles.RenounceRole("NonExistentRole")
+	uassert.Error(t, err, "should fail when renouncing non-existent role")
+}
+
+func TestDeleteRole(t *testing.T) {
+	roles := initSetup(admin)
+
+	std.TestSetOrigCaller(admin)
+
+	role, err := roles.CreateRole(roleName)
+	uassert.NoError(t, err)
+
+	roles.AllRoles = []*Role{} // Clear roles for testing purpose
+	_, err = roles.FindRole(roleName)
+	uassert.Error(t, err, "should fail when trying to find deleted role")
+}