[New Permission 3/5] smartcontract: enforce Permission-based authorization in existing instructions#3206
[New Permission 3/5] smartcontract: enforce Permission-based authorization in existing instructions#3206juan-malbeclabs wants to merge 9 commits intomainfrom
Conversation
juan-malbeclabs
force-pushed
the
jo/permission-enforcement
branch
from
fcc211f to
cb87d98
Compare
juan-malbeclabs
changed the base branch from
jo/permission-crud
to
jo/permission-crud-sdk-cli
juan-malbeclabs
changed the title
juan-malbeclabs
force-pushed
the
jo/permission-crud-sdk-cli
branch
from
53175e4 to
7c2c64c
Compare
juan-malbeclabs
force-pushed
the
jo/permission-enforcement
branch
from
cb87d98 to
a6b59b4
Compare
juan-malbeclabs
force-pushed
the
jo/permission-crud-sdk-cli
branch
from
7c2c64c to
5bdc49e
Compare
juan-malbeclabs
force-pushed
the
jo/permission-enforcement
branch
from
a6b59b4 to
cdf8668
Compare
| /// and post-activation subscription changes (add/remove toggle). The caller is | ||
| /// responsible for setting `user.status = Updating` when | ||
| /// `publisher_list_transitioned` is true and the user is already activated. | ||
| pub fn subscribe_user_to_multicastgroup( |
There was a problem hiding this comment.
Why did you remove this shared code? It's used by both mutlicast subscribe and create subscribe, so the subscribe logic is deduplicated.
There was a problem hiding this comment.
Please take another look. I rebased it.
There was a problem hiding this comment.
This was fixed in the rebase. The subscribe_user_to_multicastgroup() helper is preserved, the branch no longer touches subscribe.rs at all, so the shared logic used by both MulticastGroupSubscribe and CreateSubscribeUser is intact.
juan-malbeclabs
force-pushed
the
jo/permission-crud-sdk-cli
branch
from
de2986e to
426ea94
Compare
juan-malbeclabs
force-pushed
the
jo/permission-enforcement
branch
from
cdf8668 to
e63b15f
Compare
juan-malbeclabs
force-pushed
the
jo/permission-enforcement
branch
from
e63b15f to
8bc4aee
Compare
- remove unused ResourceExtensionBorrowed import in closeaccount - add missing dz_prefix_count field to UserCreateSubscribeArgs initializers in sdk, instructions test, and integration tests
There was a problem hiding this comment.
This whole file should have probably not been touched. All that is changed here is that it got rid of the onchain allocation tests.
There was a problem hiding this comment.
Doesn't this break Steven's fix for failed transactions due to races causing activator noise?
There was a problem hiding this comment.
Doesn't this break Steven's fix for failed transactions due to races causing activator noise?
There was a problem hiding this comment.
Onchain allocation support was removed from this file.
- Add execute_authorized_transaction_quiet to DoubleZeroClient trait and DZClient impl, restoring quiet mode for ban and closeaccount commands that was lost when switching to execute_authorized_transaction - Restore onchain allocation support in CreateSubscribeUserCommand SDK command (feature-flag-gated ResourceExtension PDA logic removed in permission enforcement refactor) - Restore atomic path tests and fixture resource extension PDA fields in create_subscribe_user_test.rs
2 participants
Summary of Changes
authorize()into all existing instruction processors that require privileged access:accesspass/{close,set},multicastgroup/subscribe, anduser/{ban,closeaccount,create,create_subscribe,delete,requestban}— each processor now appends the caller's Permission PDA as an optional trailing accountprocessors/user/create_core.rs(328 lines) by absorbing its logic directly intocreate.rs, eliminating a layer of indirection that was only needed before the authorization refactorDZClient::build_and_send()helper in the Rust SDK that automatically checks for and appends the caller's Permission PDA as a trailing account when it exists on-chain, making permission account usage transparent to callersuser,tenant,accesspass,permission) to usebuild_and_send()so they automatically include the Permission accountDiff Breakdown
Net code reduction overall — the authorization refactor removed more duplication than it added.
Key files (click to expand)
smartcontract/programs/doublezero-serviceability/src/processors/user/create.rs— absorbscreate_core.rs, addsauthorize()call; now the single source of truth for user creationsmartcontract/programs/doublezero-serviceability/src/processors/user/create_subscribe.rs— refactored to callauthorize(), with account layout updated to accept optional trailing Permission PDAsmartcontract/sdk/rs/src/client.rs— newbuild_and_send()method: looks up caller's Permission PDA, appends it as a read-only trailing account if it exists, then signs and sends the transactionsmartcontract/programs/doublezero-serviceability/src/processors/multicastgroup/subscribe.rs— addsauthorize()forACCESS_PASS_ADMINcheck; old inline allowlist check replacedsmartcontract/programs/doublezero-serviceability/src/processors/user/create_core.rs— deleted (328 lines); logic consolidated intocreate.rssmartcontract/sdk/rs/src/commands/user/create_subscribe.rs— gutted (299 lines removed) as the user-creation logic it duplicated is now fully in the program processorsmartcontract/programs/doublezero-serviceability/src/processors/accesspass/close.rs— addsauthorize()forACCESS_PASS_ADMINsmartcontract/sdk/rs/src/doublezeroclient.rs— addsget_permission_pda_for_payer()convenience method used bybuild_and_send()Testing Verification
tests/create_subscribe_user_test.rsupdated to reflect the simplified processor — existing passing tests confirm the create_core consolidation is behavior-preservingtests/permission_test.rs(from PR 3) covers theauthorize()enforcement paths invoked by these processorsmake rust-testpasses with all affected processors and SDK commands