hyperledger · mversic · Sep 27, 2024 · Sep 13, 2024
@@ -12,7 +12,7 @@ use iroha::{
     },
 };
 use iroha_config::parameters::actual::Root as Config;
-use iroha_executor_data_model::permission::asset::CanTransferUserAsset;
+use iroha_executor_data_model::permission::asset::CanTransferAsset;
 use iroha_test_network::*;
 use iroha_test_samples::{gen_account_in, ALICE_ID, BOB_ID};
 
@@ -328,7 +328,7 @@ fn find_rate_and_make_exchange_isi_should_succeed() {
 
     let alice_id = ALICE_ID.clone();
     let alice_can_transfer_asset = |asset_id: AssetId, owner_key_pair: KeyPair| {
-        let permission = CanTransferUserAsset {
+        let permission = CanTransferAsset {
             asset: asset_id.clone(),
         };
         let instruction = Grant::account_permission(permission, alice_id.clone());

@@ -2,8 +2,8 @@ use std::{fmt::Write as _, sync::mpsc, thread};
 
 use eyre::Result;
 use iroha::data_model::{prelude::*, transaction::WasmSmartContract};
-use iroha_executor_data_model::permission::account::{
-    CanRemoveKeyValueInAccount, CanSetKeyValueInAccount,
+use iroha_executor_data_model::permission::{
+    account::CanModifyAccountMetadata, domain::CanModifyDomainMetadata,
 };
 use iroha_test_network::*;
 use iroha_test_samples::{ALICE_ID, BOB_ID};
@@ -176,7 +176,6 @@ fn transaction_execution_should_produce_events(
 }
 
 #[test]
-#[allow(clippy::too_many_lines)]
 fn produce_multiple_events() -> Result<()> {
     let (_rt, _peer, client) = <PeerBuilder>::new().with_port(10_645).start_with_runtime();
     wait_for_genesis_committed(&[client.clone()], 0);
@@ -201,19 +200,21 @@ fn produce_multiple_events() -> Result<()> {
     // Registering role
     let alice_id = ALICE_ID.clone();
     let role_id = "TEST_ROLE".parse::<RoleId>()?;
-    let permission_1 = CanRemoveKeyValueInAccount {
+    let permission_1 = CanModifyAccountMetadata {
         account: alice_id.clone(),
     };
-    let permission_2 = CanSetKeyValueInAccount { account: alice_id };
-    let role = iroha::data_model::role::Role::new(role_id.clone())
+    let permission_2 = CanModifyDomainMetadata {
+        domain: alice_id.domain().clone(),
+    };
+    let role = iroha::data_model::role::Role::new(role_id.clone(), alice_id.clone())
         .add_permission(permission_1.clone())
         .add_permission(permission_2.clone());
     let instructions = [Register::role(role.clone())];
     client.submit_all_blocking(instructions)?;
 
     // Grants role to Bob
     let bob_id = BOB_ID.clone();
-    let grant_role = Grant::role(role_id.clone(), bob_id.clone());
+    let grant_role = Grant::account_role(role_id.clone(), bob_id.clone());
     client.submit_blocking(grant_role)?;
 
     // Unregister role
@@ -236,63 +237,37 @@ fn produce_multiple_events() -> Result<()> {
         }
     }
 
-    if let DataEvent::Domain(DomainEvent::Account(AccountEvent::PermissionAdded(event))) =
-        event_receiver.recv()??.try_into()?
-    {
-        assert_eq!(*event.account(), bob_id);
-        assert_eq!(
-            CanRemoveKeyValueInAccount::try_from(event.permission()).unwrap(),
-            permission_1
-        );
-    } else {
-        panic!("Expected event is not an AccountEvent::PermissionAdded")
-    }
-    if let DataEvent::Domain(DomainEvent::Account(AccountEvent::PermissionAdded(event))) =
-        event_receiver.recv()??.try_into()?
-    {
-        assert_eq!(*event.account(), bob_id);
-        assert_eq!(
-            CanSetKeyValueInAccount::try_from(event.permission()).unwrap(),
-            permission_2
-        );
-    } else {
-        panic!("Expected event is not an AccountEvent::PermissionAdded")
-    }
     if let DataEvent::Domain(DomainEvent::Account(AccountEvent::RoleGranted(event))) =
         event_receiver.recv()??.try_into()?
     {
-        assert_eq!(*event.account(), bob_id);
+        assert_eq!(*event.account(), alice_id);
         assert_eq!(*event.role(), role_id);
     } else {
         panic!("Expected event is not an AccountEvent::RoleGranted")
     }
 
-    if let DataEvent::Domain(DomainEvent::Account(AccountEvent::PermissionRemoved(event))) =
+    if let DataEvent::Domain(DomainEvent::Account(AccountEvent::RoleGranted(event))) =
         event_receiver.recv()??.try_into()?
     {
         assert_eq!(*event.account(), bob_id);
-        assert_eq!(
-            CanRemoveKeyValueInAccount::try_from(event.permission()).unwrap(),
-            permission_1
-        );
+        assert_eq!(*event.role(), role_id);
     } else {
-        panic!("Expected event is not an AccountEvent::PermissionRemoved")
+        panic!("Expected event is not an AccountEvent::RoleGranted")
     }
-    if let DataEvent::Domain(DomainEvent::Account(AccountEvent::PermissionRemoved(event))) =
+
+    if let DataEvent::Domain(DomainEvent::Account(AccountEvent::RoleRevoked(event))) =
         event_receiver.recv()??.try_into()?
     {
         assert_eq!(*event.account(), bob_id);
-        assert_eq!(
-            CanSetKeyValueInAccount::try_from(event.permission()).unwrap(),
-            permission_2
-        );
+        assert_eq!(*event.role(), role_id);
     } else {
-        panic!("Expected event is not an AccountEvent::PermissionRemoved")
+        panic!("Expected event is not an AccountEvent::RoleRevoked")
     }
+
     if let DataEvent::Domain(DomainEvent::Account(AccountEvent::RoleRevoked(event))) =
         event_receiver.recv()??.try_into()?
     {
-        assert_eq!(*event.account(), bob_id);
+        assert_eq!(*event.account(), alice_id);
         assert_eq!(*event.role(), role_id);
     } else {
         panic!("Expected event is not an AccountEvent::RoleRevoked")

@@ -12,11 +12,14 @@ use iroha::{
         transaction::{TransactionBuilder, WasmSmartContract},
     },
 };
+use iroha_data_model::asset::{AssetDefinition, AssetDefinitionId};
+use iroha_executor_data_model::permission::asset_definition::CanRegisterAssetDefinition;
 use iroha_test_network::*;
 use iroha_test_samples::{gen_account_in, ALICE_ID};
 use nonzero_ext::nonzero;
 
 #[test]
+#[expect(clippy::too_many_lines)]
 fn mutlisig() -> Result<()> {
     let (_rt, _peer, test_client) = <PeerBuilder>::new().with_port(11_400).start_with_runtime();
     wait_for_genesis_committed(&vec![test_client.clone()], 0);
@@ -85,14 +88,15 @@ fn mutlisig() -> Result<()> {
     test_client.submit_blocking(call_trigger)?;
 
     // Check that multisig account exist
-    let account = test_client
-        .query(client::account::all())
-        .filter_with(|account| account.id.eq(multisig_account_id.clone()))
-        .execute_single()
+    test_client
+        .submit_blocking(Grant::account_permission(
+            CanRegisterAssetDefinition {
+                domain: "wonderland".parse().unwrap(),
+            },
+            multisig_account_id.clone(),
+        ))
         .expect("multisig account should be created after the call to register multisig trigger");
 
-    assert_eq!(account.id(), &multisig_account_id);
-
     // Check that multisig trigger exist
     let trigger = test_client
         .query(FindTriggers::new())
@@ -102,8 +106,14 @@ fn mutlisig() -> Result<()> {
 
     assert_eq!(trigger.id(), &multisig_trigger_id);
 
-    let domain_id: DomainId = "domain_controlled_by_multisig".parse().unwrap();
-    let isi = vec![Register::domain(Domain::new(domain_id.clone())).into()];
+    let asset_definition_id = "asset_definition_controlled_by_multisig#wonderland"
+        .parse::<AssetDefinitionId>()
+        .unwrap();
+    let isi =
+        vec![
+            Register::asset_definition(AssetDefinition::numeric(asset_definition_id.clone()))
+                .into(),
+        ];
     let isi_hash = HashOf::new(&isi);
 
     let mut signatories_iter = signatories.into_iter();
@@ -118,12 +128,12 @@ fn mutlisig() -> Result<()> {
         )?;
     }
 
-    // Check that domain isn't created yet
+    // Check that asset definition isn't created yet
     let err = test_client
-        .query(client::domain::all())
-        .filter_with(|domain| domain.id.eq(domain_id.clone()))
+        .query(client::asset::all_definitions())
+        .filter_with(|asset_definition| asset_definition.id.eq(asset_definition_id.clone()))
         .execute_single()
-        .expect_err("domain shouldn't be created before enough votes are collected");
+        .expect_err("asset definition shouldn't be created before enough votes are collected");
     assert!(matches!(err, SingleQueryError::ExpectedOneGotNone));
 
     for (signatory, key_pair) in signatories_iter {
@@ -136,14 +146,14 @@ fn mutlisig() -> Result<()> {
         )?;
     }
 
-    // Check that new domain was created and multisig account is owner
-    let domain = test_client
-        .query(client::domain::all())
-        .filter_with(|domain| domain.id.eq(domain_id.clone()))
+    // Check that new asset definition was created and multisig account is owner
+    let asset_definition = test_client
+        .query(client::asset::all_definitions())
+        .filter_with(|asset_definition| asset_definition.id.eq(asset_definition_id.clone()))
         .execute_single()
-        .expect("domain should be created after enough votes are collected");
+        .expect("asset definition should be created after enough votes are collected");
 
-    assert_eq!(domain.owned_by(), &multisig_account_id);
+    assert_eq!(asset_definition.owned_by(), &multisig_account_id);
 
     Ok(())
 }
@@ -10,8 +10,8 @@ use iroha::{
     },
 };
 use iroha_executor_data_model::permission::{
-    asset::{CanSetKeyValueInUserAsset, CanTransferUserAsset},
-    domain::CanSetKeyValueInDomain,
+    asset::{CanModifyAssetMetadata, CanTransferAsset},
+    domain::CanModifyDomainMetadata,
 };
 use iroha_genesis::GenesisBlock;
 use iroha_test_network::{PeerBuilder, *};
@@ -243,7 +243,7 @@ fn permissions_differ_not_only_by_names() {
 
     // Granting permission to Alice to modify metadata in Mouse's hats
     let mouse_hat_id = AssetId::new(hat_definition_id, mouse_id.clone());
-    let mouse_hat_permission = CanSetKeyValueInUserAsset {
+    let mouse_hat_permission = CanModifyAssetMetadata {
         asset: mouse_hat_id.clone(),
     };
     let allow_alice_to_set_key_value_in_hats =
@@ -276,7 +276,7 @@ fn permissions_differ_not_only_by_names() {
         .submit_blocking(set_shoes_color.clone())
         .expect_err("Expected Alice to fail to modify Mouse's shoes");
 
-    let mouse_shoes_permission = CanSetKeyValueInUserAsset {
+    let mouse_shoes_permission = CanModifyAssetMetadata {
         asset: mouse_shoes_id,
     };
     let allow_alice_to_set_key_value_in_shoes =
@@ -326,7 +326,7 @@ fn stored_vs_granted_permission_payload() -> Result<()> {
 
     let mouse_asset = AssetId::new(asset_definition_id, mouse_id.clone());
     let allow_alice_to_set_key_value_in_mouse_asset = Grant::account_permission(
-        Permission::new("CanSetKeyValueInUserAsset".parse().unwrap(), value_json),
+        Permission::new("CanModifyAssetMetadata".parse().unwrap(), value_json),
         alice_id,
     );
 
@@ -359,12 +359,12 @@ fn permissions_are_unified() {
     // Given
     let alice_id = ALICE_ID.clone();
 
-    let permission1 = CanTransferUserAsset {
+    let permission1 = CanTransferAsset {
         asset: format!("rose#wonderland#{alice_id}").parse().unwrap(),
     };
     let allow_alice_to_transfer_rose_1 = Grant::account_permission(permission1, alice_id.clone());
 
-    let permission2 = CanTransferUserAsset {
+    let permission2 = CanTransferAsset {
         asset: format!("rose##{alice_id}").parse().unwrap(),
     };
     let allow_alice_to_transfer_rose_2 = Grant::account_permission(permission2, alice_id);
@@ -389,7 +389,7 @@ fn associated_permissions_removed_on_unregister() {
 
     // register kingdom and give bob permissions in this domain
     let register_domain = Register::domain(kingdom);
-    let bob_to_set_kv_in_domain = CanSetKeyValueInDomain {
+    let bob_to_set_kv_in_domain = CanModifyDomainMetadata {
         domain: kingdom_id.clone(),
     };
     let allow_bob_to_set_kv_in_domain =
@@ -409,7 +409,7 @@ fn associated_permissions_removed_on_unregister() {
         .expect("failed to get permissions for bob")
         .into_iter()
         .any(|permission| {
-            CanSetKeyValueInDomain::try_from(&permission)
+            CanModifyDomainMetadata::try_from(&permission)
                 .is_ok_and(|permission| permission == bob_to_set_kv_in_domain)
         }));
 
@@ -425,7 +425,7 @@ fn associated_permissions_removed_on_unregister() {
         .expect("failed to get permissions for bob")
         .into_iter()
         .any(|permission| {
-            CanSetKeyValueInDomain::try_from(&permission)
+            CanModifyDomainMetadata::try_from(&permission)
                 .is_ok_and(|permission| permission == bob_to_set_kv_in_domain)
         }));
 }
@@ -441,11 +441,12 @@ fn associated_permissions_removed_from_role_on_unregister() {
 
     // register kingdom and give bob permissions in this domain
     let register_domain = Register::domain(kingdom);
-    let set_kv_in_domain = CanSetKeyValueInDomain {
+    let set_kv_in_domain = CanModifyDomainMetadata {
         domain: kingdom_id.clone(),
     };
-    let role = Role::new(role_id.clone()).add_permission(set_kv_in_domain.clone());
-    let register_role = Register::role(role);
+    let register_role = Register::role(
+        Role::new(role_id.clone(), ALICE_ID.clone()).add_permission(set_kv_in_domain.clone()),
+    );
 
     iroha
         .submit_all_blocking::<InstructionBox>([register_domain.into(), register_role.into()])
@@ -459,7 +460,7 @@ fn associated_permissions_removed_from_role_on_unregister() {
         .expect("failed to get role")
         .permissions()
         .any(|permission| {
-            CanSetKeyValueInDomain::try_from(permission)
+            CanModifyDomainMetadata::try_from(permission)
                 .is_ok_and(|permission| permission == set_kv_in_domain)
         }));
 
@@ -476,7 +477,7 @@ fn associated_permissions_removed_from_role_on_unregister() {
         .expect("failed to get role")
         .permissions()
         .any(|permission| {
-            CanSetKeyValueInDomain::try_from(permission)
+            CanModifyDomainMetadata::try_from(permission)
                 .is_ok_and(|permission| permission == set_kv_in_domain)
         }));
 }