assert.gno
4.20 Kb · 143 lines
1package access
2
3import (
4 "chain"
5
6 prbac "gno.land/p/gnoswap/rbac"
7 ufmt "gno.land/p/nt/ufmt/v0"
8)
9
10// rbacPackagePath is the package path of the RBAC contract
11// Used to verify that role management functions are called only by RBAC
12const rbacPackagePath = "gno.land/r/gnoswap/rbac"
13
14// AssertIsAdminOrGovernance panics if the caller is not admin or governance.
15// Used for functions that require elevated privileges.
16func AssertIsAdminOrGovernance(caller address) {
17 if IsAuthorized(prbac.ROLE_ADMIN.String(), caller) || IsAuthorized(prbac.ROLE_GOVERNANCE.String(), caller) {
18 return
19 }
20
21 panic(ufmt.Errorf(errUnauthorizedAdminOrGov, caller))
22}
23
24// AssertIsAdmin panics if the caller is not admin.
25// Used for admin-only functions.
26func AssertIsAdmin(caller address) {
27 AssertIsAuthorized(prbac.ROLE_ADMIN.String(), caller)
28}
29
30// AssertIsGovernance panics if the caller is not governance.
31// Used for governance-only functions.
32func AssertIsGovernance(caller address) {
33 AssertIsAuthorized(prbac.ROLE_GOVERNANCE.String(), caller)
34}
35
36// AssertIsGovStaker panics if the caller is not governance staker.
37// Used for governance staking functions.
38func AssertIsGovStaker(caller address) {
39 AssertIsAuthorized(prbac.ROLE_GOV_STAKER.String(), caller)
40}
41
42// AssertIsRouter panics if the caller is not router.
43// Used for router-only functions.
44func AssertIsRouter(caller address) {
45 AssertIsAuthorized(prbac.ROLE_ROUTER.String(), caller)
46}
47
48// AssertIsPool panics if the caller is not pool.
49// Used for pool-only functions.
50func AssertIsPool(caller address) {
51 AssertIsAuthorized(prbac.ROLE_POOL.String(), caller)
52}
53
54// AssertIsPosition panics if the caller is not position.
55// Used for position-only functions.
56func AssertIsPosition(caller address) {
57 AssertIsAuthorized(prbac.ROLE_POSITION.String(), caller)
58}
59
60// AssertIsStaker panics if the caller is not staker.
61// Used for staker-only functions.
62func AssertIsStaker(caller address) {
63 AssertIsAuthorized(prbac.ROLE_STAKER.String(), caller)
64}
65
66// AssertIsLaunchpad panics if the caller is not launchpad.
67// Used for launchpad-only functions.
68func AssertIsLaunchpad(caller address) {
69 AssertIsAuthorized(prbac.ROLE_LAUNCHPAD.String(), caller)
70}
71
72// AssertIsEmission panics if the caller is not emission.
73// Used for emission-only functions.
74func AssertIsEmission(caller address) {
75 AssertIsAuthorized(prbac.ROLE_EMISSION.String(), caller)
76}
77
78// AssertIsProtocolFee panics if the caller is not protocol fee.
79// Used for protocol fee management functions.
80func AssertIsProtocolFee(caller address) {
81 AssertIsAuthorized(prbac.ROLE_PROTOCOL_FEE.String(), caller)
82}
83
84// AssertIsGovXGNS panics if the caller is not xGNS governance.
85// Used for xGNS governance functions.
86func AssertIsGovXGNS(caller address) {
87 AssertIsAuthorized(prbac.ROLE_XGNS.String(), caller)
88}
89
90// AssertIsAuthorized panics if the caller does not have the specified role.
91// Also panics if the role does not exist.
92func AssertIsAuthorized(roleName string, caller address) {
93 addr, ok := GetAddress(roleName)
94 if !ok {
95 panic(ufmt.Errorf(errRoleNotFound, roleName))
96 }
97
98 if caller != addr {
99 panic(ufmt.Errorf(errUnauthorized, caller, roleName))
100 }
101}
102
103// AssertHasAnyRole panics if the caller does not have any of the specified roles.
104// Also panics if any of the roles do not exist.
105func AssertHasAnyRole(caller address, roleNames ...string) {
106 for _, roleName := range roleNames {
107 addr, ok := GetAddress(roleName)
108 if !ok {
109 panic(ufmt.Errorf(errRoleNotFound, roleName))
110 }
111
112 if caller == addr {
113 return
114 }
115 }
116
117 panic(ufmt.Errorf(errUnauthorizedAnyRole, caller, roleNames))
118}
119
120// AssertIsValidAddress panics if the provided address is invalid.
121func AssertIsValidAddress(addr address) {
122 if !addr.IsValid() {
123 panic(ufmt.Errorf(errInvalidAddressShort, addr))
124 }
125}
126
127// AssertIsUser panics if the caller is not a user realm.
128// Used to ensure calls come from user accounts, not other contracts.
129func AssertIsUser(_ int, rlm realm) {
130 if !rlm.IsUser() {
131 panic(errCallerNotUser)
132 }
133}
134
135// assertIsRBAC panics if the caller is not the RBAC contract.
136// Used internally to protect role management functions.
137func assertIsRBAC(caller address) {
138 rbacAddress := chain.PackageAddress(rbacPackagePath)
139
140 if caller != rbacAddress {
141 panic(ufmt.Errorf(errUnauthorizedRBAC, caller))
142 }
143}