From 8b92b982e0a52a46b4cc8d088eee6c91da990b40 Mon Sep 17 00:00:00 2001 From: runtianz Date: Mon, 9 Sep 2024 10:01:44 -0700 Subject: [PATCH] create permissioned signer example --- .../framework/aptos-framework/doc/overview.md | 1 + .../doc/permissioned_signer.md | 706 ++++++++++++++++++ .../sources/permissioned_signer.move | 232 ++++++ .../tests/permissioned_signer_tests.move | 118 +++ 4 files changed, 1057 insertions(+) create mode 100644 aptos-move/framework/aptos-framework/doc/permissioned_signer.md create mode 100644 aptos-move/framework/aptos-framework/sources/permissioned_signer.move create mode 100644 aptos-move/framework/aptos-framework/tests/permissioned_signer_tests.move diff --git a/aptos-move/framework/aptos-framework/doc/overview.md b/aptos-move/framework/aptos-framework/doc/overview.md index 314baa3612ba96..7ad32f3ea8ec0d 100644 --- a/aptos-move/framework/aptos-framework/doc/overview.md +++ b/aptos-move/framework/aptos-framework/doc/overview.md @@ -46,6 +46,7 @@ This is the reference documentation of the Aptos framework. - [`0x1::object`](object.md#0x1_object) - [`0x1::object_code_deployment`](object_code_deployment.md#0x1_object_code_deployment) - [`0x1::optional_aggregator`](optional_aggregator.md#0x1_optional_aggregator) +- [`0x1::permissioned_signer`](permissioned_signer.md#0x1_permissioned_signer) - [`0x1::primary_fungible_store`](primary_fungible_store.md#0x1_primary_fungible_store) - [`0x1::randomness`](randomness.md#0x1_randomness) - [`0x1::randomness_api_v0_config`](randomness_api_v0_config.md#0x1_randomness_api_v0_config) diff --git a/aptos-move/framework/aptos-framework/doc/permissioned_signer.md b/aptos-move/framework/aptos-framework/doc/permissioned_signer.md new file mode 100644 index 00000000000000..e1e2898a0a84ec --- /dev/null +++ b/aptos-move/framework/aptos-framework/doc/permissioned_signer.md @@ -0,0 +1,706 @@ + + + +# Module `0x1::permissioned_signer` + +A _permissioned signer_ consists of a pair of the original signer and a generated +signer which is used store information about associated permissions. + +A permissioned signer behaves compatible with the original signer as it comes to move_to, address_of, and +existing basic signer functionality. However, the permissions can be queried to assert additional +restrictions on the use of the signer. + +A client which is interested in restricting access granted via a signer can create a permissioned signer +and pass on to other existing code without changes to existing APIs. Core functions in the framework, for +example account functions, can then assert availability of permissions, effectively restricting +existing code in a compatible way. + +After introducing the core functionality, examples are provided for withdraw limit on accounts, and +for blind signing. + + +- [Struct `PermissionedHandle`](#0x1_permissioned_signer_PermissionedHandle) +- [Resource `PermStorage`](#0x1_permissioned_signer_PermStorage) +- [Struct `Permission`](#0x1_permissioned_signer_Permission) +- [Constants](#@Constants_0) +- [Function `create_permissioned_handle`](#0x1_permissioned_signer_create_permissioned_handle) +- [Function `create_permissioned_handle_with_expiration`](#0x1_permissioned_signer_create_permissioned_handle_with_expiration) +- [Function `destroy_permissioned_handle`](#0x1_permissioned_signer_destroy_permissioned_handle) +- [Function `signer_from_permissioned`](#0x1_permissioned_signer_signer_from_permissioned) +- [Function `assert_master_signer`](#0x1_permissioned_signer_assert_master_signer) +- [Function `authorize`](#0x1_permissioned_signer_authorize) +- [Function `check_permission`](#0x1_permissioned_signer_check_permission) +- [Function `capacity`](#0x1_permissioned_signer_capacity) +- [Function `revoke_permission`](#0x1_permissioned_signer_revoke_permission) +- [Function `extract_permission`](#0x1_permissioned_signer_extract_permission) +- [Function `get_key`](#0x1_permissioned_signer_get_key) +- [Function `consume_permission`](#0x1_permissioned_signer_consume_permission) +- [Function `store_permission`](#0x1_permissioned_signer_store_permission) +- [Function `is_permissioned_signer`](#0x1_permissioned_signer_is_permissioned_signer) +- [Function `permission_signer`](#0x1_permissioned_signer_permission_signer) +- [Function `signer_from_permissioned_impl`](#0x1_permissioned_signer_signer_from_permissioned_impl) + + +
use 0x1::copyable_any;
+use 0x1::error;
+use 0x1::option;
+use 0x1::signer;
+use 0x1::smart_table;
+use 0x1::timestamp;
+use 0x1::transaction_context;
+
+ + + + + +## Struct `PermissionedHandle` + + + +
struct PermissionedHandle has store
+
+ + + +
+Fields + + +
+
+master_addr: address +
+
+ +
+
+permission_addr: address +
+
+ +
+
+expiration_time: u64 +
+
+ +
+
+ + +
+ + + +## Resource `PermStorage` + + + +
struct PermStorage has key
+
+ + + +
+Fields + + +
+
+perms: smart_table::SmartTable<copyable_any::Any, u256> +
+
+ +
+
+ + +
+ + + +## Struct `Permission` + + + +
struct Permission<K>
+
+ + + +
+Fields + + +
+
+key: K +
+
+ +
+
+capacity: u256 +
+
+ +
+
+ + +
+ + + +## Constants + + + + +Cannot authorize a permission. + + +
const ECANNOT_AUTHORIZE: u64 = 2;
+
+ + + + + +signer doesn't have enough capacity to extract permission. + + +
const ECANNOT_EXTRACT_PERMISSION: u64 = 4;
+
+ + + + + +Trying to grant permission using master signer. + + +
const ENOT_MASTER_SIGNER: u64 = 1;
+
+ + + + + +Access permission information from a master signer. + + +
const ENOT_PERMISSIONED_SIGNER: u64 = 3;
+
+ + + + + +permission handle has expired. + + +
const E_PERMISSION_EXPIRED: u64 = 5;
+
+ + + + + +## Function `create_permissioned_handle` + + + +
public fun create_permissioned_handle(master: &signer): permissioned_signer::PermissionedHandle
+
+ + + +
+Implementation + + +
public fun create_permissioned_handle(master: &signer): PermissionedHandle {
+    create_permissioned_handle_with_expiration(master, 60)
+}
+
+ + + +
+ + + +## Function `create_permissioned_handle_with_expiration` + + + +
public fun create_permissioned_handle_with_expiration(master: &signer, expiration_time: u64): permissioned_signer::PermissionedHandle
+
+ + + +
+Implementation + + +
public fun create_permissioned_handle_with_expiration(master: &signer, expiration_time: u64): PermissionedHandle {
+    assert!(!is_permissioned_signer(master), error::permission_denied(ENOT_MASTER_SIGNER));
+    // Do we need to move sth similar to ObjectCore to register this address as permission address?
+    PermissionedHandle {
+        master_addr: address_of(master),
+        permission_addr: generate_auid_address(),
+        expiration_time: expiration_time + timestamp::now_seconds(),
+    }
+}
+
+ + + +
+ + + +## Function `destroy_permissioned_handle` + + + +
public fun destroy_permissioned_handle(p: permissioned_signer::PermissionedHandle)
+
+ + + +
+Implementation + + +
public fun destroy_permissioned_handle(p: PermissionedHandle) acquires PermStorage {
+    let PermissionedHandle { master_addr: _, permission_addr, expiration_time: _ } = p;
+    let PermStorage { perms } = move_from<PermStorage>(permission_addr);
+    smart_table::destroy(perms);
+}
+
+ + + +
+ + + +## Function `signer_from_permissioned` + + + +
public fun signer_from_permissioned(p: &permissioned_signer::PermissionedHandle): signer
+
+ + + +
+Implementation + + +
public fun signer_from_permissioned(p: &PermissionedHandle): signer {
+    assert!(timestamp::now_seconds() < p.expiration_time, error::permission_denied(E_PERMISSION_EXPIRED));
+    signer_from_permissioned_impl(p)
+}
+
+ + + +
+ + + +## Function `assert_master_signer` + + + +
public fun assert_master_signer(s: &signer)
+
+ + + +
+Implementation + + +
public fun assert_master_signer(s: &signer) {
+    assert!(!is_permissioned_signer(s), error::permission_denied(ENOT_MASTER_SIGNER));
+}
+
+ + + +
+ + + +## Function `authorize` + +===================================================================================================== +Permission Management + +Authorizes permissioned with the given permission. This requires to have access to the master +signer. + + +
public fun authorize<PermKey: copy, drop, store>(master: &signer, permissioned: &signer, capacity: u256, perm: PermKey)
+
+ + + +
+Implementation + + +
public fun authorize<PermKey: copy + drop + store>(
+    master: &signer,
+    permissioned: &signer,
+    capacity: u256,
+    perm: PermKey
+) acquires PermStorage {
+    assert!(
+        is_permissioned_signer(permissioned) &&
+        !is_permissioned_signer(master) &&
+        address_of(master) == address_of(permissioned),
+        error::permission_denied(ECANNOT_AUTHORIZE)
+    );
+    let permission_signer = permission_signer(permissioned);
+    let permission_signer_addr = address_of(&permission_signer);
+    if(!exists<PermStorage>(permission_signer_addr)) {
+        move_to(&permission_signer, PermStorage { perms: smart_table::new()});
+    };
+    let perms = &mut borrow_global_mut<PermStorage>(permission_signer_addr).perms;
+    smart_table::add(perms, copyable_any::pack(perm), capacity);
+}
+
+ + + +
+ + + +## Function `check_permission` + +Asserts that the given signer has permission PermKey, and the capacity +to handle weight, which will be subtracted from capacity. + + +
public fun check_permission<PermKey: copy, drop, store>(s: &signer, weight: u256, perm: PermKey): bool
+
+ + + +
+Implementation + + +
public fun check_permission<PermKey: copy + drop + store>(
+    s: &signer,
+    weight: u256,
+    perm: PermKey
+): bool acquires PermStorage {
+    if (!is_permissioned_signer(s)) {
+        // master signer has all permissions
+        return true
+    };
+    let addr = address_of(&permission_signer(s));
+    if(!exists<PermStorage>(addr)) {
+        return false
+    };
+    let perm = smart_table::borrow_mut(&mut borrow_global_mut<PermStorage>(addr).perms, copyable_any::pack(perm));
+    if(*perm < weight) {
+        return false
+    };
+    *perm = *perm - weight;
+    return true
+}
+
+ + + +
+ + + +## Function `capacity` + + + +
public fun capacity<PermKey: copy, drop, store>(s: &signer, perm: PermKey): option::Option<u256>
+
+ + + +
+Implementation + + +
public fun capacity<PermKey: copy + drop + store>(s: &signer, perm: PermKey): Option<u256> acquires PermStorage {
+    assert!(is_permissioned_signer(s), error::permission_denied(ENOT_PERMISSIONED_SIGNER));
+    let addr = address_of(&permission_signer(s));
+    if(!exists<PermStorage>(addr)) {
+        return option::none()
+    };
+    let perm_storage = &borrow_global<PermStorage>(addr).perms;
+    let key = copyable_any::pack(perm);
+    if(smart_table::contains(perm_storage, key)) {
+        option::some(*smart_table::borrow(&borrow_global<PermStorage>(addr).perms, key))
+    } else {
+        option::none()
+    }
+}
+
+ + + +
+ + + +## Function `revoke_permission` + + + +
public fun revoke_permission<PermKey: copy, drop, store>(permissioned: &signer, perm: PermKey)
+
+ + + +
+Implementation + + +
public fun revoke_permission<PermKey: copy + drop + store>(permissioned: &signer, perm: PermKey) acquires PermStorage {
+    if(!is_permissioned_signer(permissioned)) {
+        // Master signer has no permissions associated with it.
+        return
+    };
+    let addr = address_of(&permission_signer(permissioned));
+    if(!exists<PermStorage>(addr)) {
+        return
+    };
+    smart_table::remove(&mut borrow_global_mut<PermStorage>(addr).perms, copyable_any::pack(perm));
+}
+
+ + + +
+ + + +## Function `extract_permission` + +Another flavor of api to extract and store permissions + + +
public fun extract_permission<PermKey: copy, drop, store>(s: &signer, weight: u256, perm: PermKey): permissioned_signer::Permission<PermKey>
+
+ + + +
+Implementation + + +
public fun extract_permission<PermKey: copy + drop + store>(
+    s: &signer,
+    weight: u256,
+    perm: PermKey
+): Permission<PermKey> acquires PermStorage {
+    assert!(check_permission(s, weight, perm), error::permission_denied(ECANNOT_EXTRACT_PERMISSION));
+    Permission {
+        key: perm,
+        capacity: weight,
+    }
+}
+
+ + + +
+ + + +## Function `get_key` + + + +
public fun get_key<PermKey>(perm: &permissioned_signer::Permission<PermKey>): &PermKey
+
+ + + +
+Implementation + + +
public fun get_key<PermKey>(perm: &Permission<PermKey>): &PermKey {
+    &perm.key
+}
+
+ + + +
+ + + +## Function `consume_permission` + + + +
public fun consume_permission<PermKey: copy, drop, store>(perm: &mut permissioned_signer::Permission<PermKey>, weight: u256, perm_key: PermKey): bool
+
+ + + +
+Implementation + + +
public fun consume_permission<PermKey: copy + drop + store>(
+    perm: &mut Permission<PermKey>,
+    weight: u256,
+    perm_key: PermKey
+): bool {
+    if(perm.key != perm_key) {
+        return false
+    };
+    if(perm.capacity >= weight) {
+        perm.capacity = perm.capacity - weight;
+        return true
+    } else {
+        return false
+    }
+}
+
+ + + +
+ + + +## Function `store_permission` + + + +
public fun store_permission<PermKey: copy, drop, store>(s: &signer, perm: permissioned_signer::Permission<PermKey>)
+
+ + + +
+Implementation + + +
public fun store_permission<PermKey: copy + drop + store>(
+    s: &signer,
+    perm: Permission<PermKey>
+) acquires PermStorage {
+    assert!(is_permissioned_signer(s), error::permission_denied(ENOT_PERMISSIONED_SIGNER));
+    let Permission { key, capacity } = perm;
+
+    let permission_signer = permission_signer(s);
+    let permission_signer_addr = address_of(&permission_signer);
+    if(!exists<PermStorage>(permission_signer_addr)) {
+        move_to(&permission_signer, PermStorage { perms: smart_table::new()});
+    };
+    let perms = &mut borrow_global_mut<PermStorage>(permission_signer_addr).perms;
+    let key = copyable_any::pack(key);
+    if(smart_table::contains(perms, key)) {
+        let entry = smart_table::borrow_mut(perms, key);
+        *entry = *entry + capacity;
+    } else {
+        smart_table::add(perms, key, capacity)
+    }
+}
+
+ + + +
+ + + +## Function `is_permissioned_signer` + +Creates a permissioned signer from an existing universal signer. The function aborts if the +given signer is already a permissioned signer. + +The implementation of this function requires to extend the value representation for signers in the VM. + +Check whether this is a permissioned signer. + + +
public fun is_permissioned_signer(s: &signer): bool
+
+ + + +
+Implementation + + +
public native fun is_permissioned_signer(s: &signer): bool;
+
+ + + +
+ + + +## Function `permission_signer` + +Return the signer used for storing permissions. Aborts if not a permissioned signer. + + +
fun permission_signer(permissioned: &signer): signer
+
+ + + +
+Implementation + + +
native fun permission_signer(permissioned: &signer): signer;
+
+ + + +
+ + + +## Function `signer_from_permissioned_impl` + + +invariants: +address_of(master) == address_of(signer_from_permissioned(create_permissioned_handle(master))), + + +
fun signer_from_permissioned_impl(p: &permissioned_signer::PermissionedHandle): signer
+
+ + + +
+Implementation + + +
native fun signer_from_permissioned_impl(p: &PermissionedHandle): signer;
+
+ + + +
+ + +[move-book]: https://aptos.dev/move/book/SUMMARY diff --git a/aptos-move/framework/aptos-framework/sources/permissioned_signer.move b/aptos-move/framework/aptos-framework/sources/permissioned_signer.move new file mode 100644 index 00000000000000..3e0608807bdd1f --- /dev/null +++ b/aptos-move/framework/aptos-framework/sources/permissioned_signer.move @@ -0,0 +1,232 @@ +/// A _permissioned signer_ consists of a pair of the original signer and a generated +/// signer which is used store information about associated permissions. +/// +/// A permissioned signer behaves compatible with the original signer as it comes to `move_to`, `address_of`, and +/// existing basic signer functionality. However, the permissions can be queried to assert additional +/// restrictions on the use of the signer. +/// +/// A client which is interested in restricting access granted via a signer can create a permissioned signer +/// and pass on to other existing code without changes to existing APIs. Core functions in the framework, for +/// example account functions, can then assert availability of permissions, effectively restricting +/// existing code in a compatible way. +/// +/// After introducing the core functionality, examples are provided for withdraw limit on accounts, and +/// for blind signing. +module aptos_framework::permissioned_signer { + use std::signer::address_of; + use std::error; + use std::option::{Option, Self}; + use aptos_std::copyable_any::{Self, Any}; + use aptos_std::smart_table::{Self, SmartTable}; + use aptos_framework::transaction_context::generate_auid_address; + use aptos_framework::timestamp; + + /// Trying to grant permission using master signer. + const ENOT_MASTER_SIGNER: u64 = 1; + + /// Cannot authorize a permission. + const ECANNOT_AUTHORIZE: u64 = 2; + + /// Access permission information from a master signer. + const ENOT_PERMISSIONED_SIGNER: u64 = 3; + + /// signer doesn't have enough capacity to extract permission. + const ECANNOT_EXTRACT_PERMISSION: u64 = 4; + + /// permission handle has expired. + const E_PERMISSION_EXPIRED: u64 = 5; + + struct PermissionedHandle has store { + master_addr: address, + permission_addr: address, + expiration_time: u64, + } + + struct PermStorage has key { + perms: SmartTable, + } + + struct Permission { + key: K, + capacity: u256, + } + + public fun create_permissioned_handle(master: &signer): PermissionedHandle { + create_permissioned_handle_with_expiration(master, 60) + } + + public fun create_permissioned_handle_with_expiration(master: &signer, expiration_time: u64): PermissionedHandle { + assert!(!is_permissioned_signer(master), error::permission_denied(ENOT_MASTER_SIGNER)); + // Do we need to move sth similar to ObjectCore to register this address as permission address? + PermissionedHandle { + master_addr: address_of(master), + permission_addr: generate_auid_address(), + expiration_time: expiration_time + timestamp::now_seconds(), + } + } + + public fun destroy_permissioned_handle(p: PermissionedHandle) acquires PermStorage { + let PermissionedHandle { master_addr: _, permission_addr, expiration_time: _ } = p; + let PermStorage { perms } = move_from(permission_addr); + smart_table::destroy(perms); + } + + + public fun signer_from_permissioned(p: &PermissionedHandle): signer { + assert!(timestamp::now_seconds() < p.expiration_time, error::permission_denied(E_PERMISSION_EXPIRED)); + signer_from_permissioned_impl(p) + } + + public fun assert_master_signer(s: &signer) { + assert!(!is_permissioned_signer(s), error::permission_denied(ENOT_MASTER_SIGNER)); + } + + /// ===================================================================================================== + /// Permission Management + /// + + /// Authorizes `permissioned` with the given permission. This requires to have access to the `master` + /// signer. + public fun authorize( + master: &signer, + permissioned: &signer, + capacity: u256, + perm: PermKey + ) acquires PermStorage { + assert!( + is_permissioned_signer(permissioned) && + !is_permissioned_signer(master) && + address_of(master) == address_of(permissioned), + error::permission_denied(ECANNOT_AUTHORIZE) + ); + let permission_signer = permission_signer(permissioned); + let permission_signer_addr = address_of(&permission_signer); + if(!exists(permission_signer_addr)) { + move_to(&permission_signer, PermStorage { perms: smart_table::new()}); + }; + let perms = &mut borrow_global_mut(permission_signer_addr).perms; + smart_table::add(perms, copyable_any::pack(perm), capacity); + } + /// Asserts that the given signer has permission `PermKey`, and the capacity + /// to handle `weight`, which will be subtracted from capacity. + public fun check_permission( + s: &signer, + weight: u256, + perm: PermKey + ): bool acquires PermStorage { + if (!is_permissioned_signer(s)) { + // master signer has all permissions + return true + }; + let addr = address_of(&permission_signer(s)); + if(!exists(addr)) { + return false + }; + let perm = smart_table::borrow_mut(&mut borrow_global_mut(addr).perms, copyable_any::pack(perm)); + if(*perm < weight) { + return false + }; + *perm = *perm - weight; + return true + } + + public fun capacity(s: &signer, perm: PermKey): Option acquires PermStorage { + assert!(is_permissioned_signer(s), error::permission_denied(ENOT_PERMISSIONED_SIGNER)); + let addr = address_of(&permission_signer(s)); + if(!exists(addr)) { + return option::none() + }; + let perm_storage = &borrow_global(addr).perms; + let key = copyable_any::pack(perm); + if(smart_table::contains(perm_storage, key)) { + option::some(*smart_table::borrow(&borrow_global(addr).perms, key)) + } else { + option::none() + } + } + + public fun revoke_permission(permissioned: &signer, perm: PermKey) acquires PermStorage { + if(!is_permissioned_signer(permissioned)) { + // Master signer has no permissions associated with it. + return + }; + let addr = address_of(&permission_signer(permissioned)); + if(!exists(addr)) { + return + }; + smart_table::remove(&mut borrow_global_mut(addr).perms, copyable_any::pack(perm)); + } + + /// Another flavor of api to extract and store permissions + public fun extract_permission( + s: &signer, + weight: u256, + perm: PermKey + ): Permission acquires PermStorage { + assert!(check_permission(s, weight, perm), error::permission_denied(ECANNOT_EXTRACT_PERMISSION)); + Permission { + key: perm, + capacity: weight, + } + } + + public fun get_key(perm: &Permission): &PermKey { + &perm.key + } + + public fun consume_permission( + perm: &mut Permission, + weight: u256, + perm_key: PermKey + ): bool { + if(perm.key != perm_key) { + return false + }; + if(perm.capacity >= weight) { + perm.capacity = perm.capacity - weight; + return true + } else { + return false + } + } + + public fun store_permission( + s: &signer, + perm: Permission + ) acquires PermStorage { + assert!(is_permissioned_signer(s), error::permission_denied(ENOT_PERMISSIONED_SIGNER)); + let Permission { key, capacity } = perm; + + let permission_signer = permission_signer(s); + let permission_signer_addr = address_of(&permission_signer); + if(!exists(permission_signer_addr)) { + move_to(&permission_signer, PermStorage { perms: smart_table::new()}); + }; + let perms = &mut borrow_global_mut(permission_signer_addr).perms; + let key = copyable_any::pack(key); + if(smart_table::contains(perms, key)) { + let entry = smart_table::borrow_mut(perms, key); + *entry = *entry + capacity; + } else { + smart_table::add(perms, key, capacity) + } + } + + // ===================================================================================================== + // Native Functions + + /// Creates a permissioned signer from an existing universal signer. The function aborts if the + /// given signer is already a permissioned signer. + /// + /// The implementation of this function requires to extend the value representation for signers in the VM. + /// + /// Check whether this is a permissioned signer. + public native fun is_permissioned_signer(s: &signer): bool; + /// Return the signer used for storing permissions. Aborts if not a permissioned signer. + native fun permission_signer(permissioned: &signer): signer; + /// + /// invariants: + /// address_of(master) == address_of(signer_from_permissioned(create_permissioned_handle(master))), + /// + native fun signer_from_permissioned_impl(p: &PermissionedHandle): signer; +} diff --git a/aptos-move/framework/aptos-framework/tests/permissioned_signer_tests.move b/aptos-move/framework/aptos-framework/tests/permissioned_signer_tests.move new file mode 100644 index 00000000000000..1f1c7107daf38a --- /dev/null +++ b/aptos-move/framework/aptos-framework/tests/permissioned_signer_tests.move @@ -0,0 +1,118 @@ +#[test_only] +module aptos_framework::permissioned_signer_tests { + use aptos_framework::account::create_signer_for_test; + use aptos_framework::permissioned_signer; + use aptos_framework::timestamp; + use std::option; + use std::signer; + + struct OnePermission has copy, drop, store {} + + struct AddressPermission has copy, drop, store { + addr: address + } + + + #[test(creator = @0xcafe)] + fun test_permission_e2e( + creator: &signer, + ) { + let aptos_framework = create_signer_for_test(@0x1); + timestamp::set_time_has_started_for_testing(&aptos_framework); + + let perm_handle = permissioned_signer::create_permissioned_handle(creator); + let perm_signer = permissioned_signer::signer_from_permissioned(&perm_handle); + + assert!(permissioned_signer::is_permissioned_signer(&perm_signer), 1); + assert!(!permissioned_signer::is_permissioned_signer(creator), 1); + assert!(signer::address_of(&perm_signer) == signer::address_of(creator), 1); + + permissioned_signer::authorize(creator, &perm_signer, 100, OnePermission {}); + assert!(permissioned_signer::capacity(&perm_signer, OnePermission {}) == option::some(100), 1); + + assert!(permissioned_signer::check_permission(&perm_signer, 10, OnePermission {}), 1); + assert!(permissioned_signer::capacity(&perm_signer, OnePermission {}) == option::some(90), 1); + + permissioned_signer::authorize(creator, &perm_signer, 5, AddressPermission { addr: @0x1 }); + + assert!(permissioned_signer::capacity(&perm_signer, AddressPermission { addr: @0x1 }) == option::some(5), 1); + assert!(permissioned_signer::capacity(&perm_signer, AddressPermission { addr: @0x2 }) == option::none(), 1); + + // Not enough capacity, check permission should return false + assert!(!permissioned_signer::check_permission(&perm_signer, 10, AddressPermission { addr: @0x1 }), 1); + + permissioned_signer::revoke_permission(&perm_signer, OnePermission {}); + assert!(permissioned_signer::capacity(&perm_signer, OnePermission {}) == option::none(), 1); + + permissioned_signer::destroy_permissioned_handle(perm_handle); + } + + // invalid authorization + // 1. master signer is a permissioned signer + // 2. permissioned signer is a master signer + // 3. permissioned and main signer address mismatch + #[test(creator = @0xcafe)] + #[expected_failure(abort_code = 0x50002, location = aptos_framework::permissioned_signer)] + fun test_auth_1( + creator: &signer, + ) { + let aptos_framework = create_signer_for_test(@0x1); + timestamp::set_time_has_started_for_testing(&aptos_framework); + + let perm_handle = permissioned_signer::create_permissioned_handle(creator); + let perm_signer = permissioned_signer::signer_from_permissioned(&perm_handle); + + permissioned_signer::authorize(&perm_signer, &perm_signer, 100, OnePermission {}); + permissioned_signer::destroy_permissioned_handle(perm_handle); + } + + #[test(creator = @0xcafe)] + #[expected_failure(abort_code = 0x50002, location = aptos_framework::permissioned_signer)] + fun test_auth_2( + creator: &signer, + ) { + permissioned_signer::authorize(creator, creator, 100, OnePermission {}); + } + + #[test(creator = @0xcafe, creator2 = @0xbeef)] + #[expected_failure(abort_code = 0x50002, location = aptos_framework::permissioned_signer)] + fun test_auth_3( + creator: &signer, + creator2: &signer, + ) { + let aptos_framework = create_signer_for_test(@0x1); + timestamp::set_time_has_started_for_testing(&aptos_framework); + + let perm_handle = permissioned_signer::create_permissioned_handle(creator); + let perm_signer = permissioned_signer::signer_from_permissioned(&perm_handle); + + permissioned_signer::authorize(creator2, &perm_signer, 100, OnePermission {}); + permissioned_signer::destroy_permissioned_handle(perm_handle); + } + + // Accessing capacity on a master signer + #[test(creator = @0xcafe)] + #[expected_failure(abort_code = 0x50003, location = aptos_framework::permissioned_signer)] + fun test_invalid_capacity( + creator: &signer, + ) { + permissioned_signer::capacity(creator, OnePermission {}); + } + + // creating permission using a permissioned signer + #[test(creator = @0xcafe)] + #[expected_failure(abort_code = 0x50001, location = aptos_framework::permissioned_signer)] + fun test_invalid_creation( + creator: &signer, + ) { + let aptos_framework = create_signer_for_test(@0x1); + timestamp::set_time_has_started_for_testing(&aptos_framework); + + let perm_handle = permissioned_signer::create_permissioned_handle(creator); + let perm_signer = permissioned_signer::signer_from_permissioned(&perm_handle); + + let perm_handle_2 = permissioned_signer::create_permissioned_handle(&perm_signer); + permissioned_signer::destroy_permissioned_handle(perm_handle); + permissioned_signer::destroy_permissioned_handle(perm_handle_2); + } +}