From 8f0262810593cd8d3bda5998684f30b1ce566414 Mon Sep 17 00:00:00 2001 From: mejango Date: Mon, 6 Jan 2025 11:05:03 -0300 Subject: [PATCH 1/3] cantina/109 --- src/JBPermissions.sol | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/src/JBPermissions.sol b/src/JBPermissions.sol index 46f02fd0..e7f1fe6b 100644 --- a/src/JBPermissions.sol +++ b/src/JBPermissions.sol @@ -13,6 +13,7 @@ contract JBPermissions is IJBPermissions { // --------------------------- custom errors ------------------------- // //*********************************************************************// + error JBPermissions_CantSetRootPermissionForWildcardProject(); error JBPermissions_PermissionIdOutOfBounds(uint256 permissionId); error JBPermissions_Unauthorized(); @@ -225,7 +226,17 @@ contract JBPermissions is IJBPermissions { includeWildcardProjectId: true }) ) - ) revert JBPermissions_Unauthorized(); + ) { + revert JBPermissions_Unauthorized(); + } + + // ROOT permission cannot be set for a wildcard project ID. + if ( + permissionsData.projectId == WILDCARD_PROJECT_ID + && _includesPermission({permissions: packed, permissionId: JBPermissionIds.ROOT}) + ) { + revert JBPermissions_CantSetRootPermissionForWildcardProject(); + } // Store the new value. permissionsOf[permissionsData.operator][account][permissionsData.projectId] = packed; From 374dc8e09ff7d3fcd95408021fb3a64a01de830c Mon Sep 17 00:00:00 2001 From: mejango Date: Mon, 6 Jan 2025 11:05:41 -0300 Subject: [PATCH 2/3] spacing --- src/JBPermissions.sol | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/src/JBPermissions.sol b/src/JBPermissions.sol index e7f1fe6b..1a30b68a 100644 --- a/src/JBPermissions.sol +++ b/src/JBPermissions.sol @@ -226,17 +226,13 @@ contract JBPermissions is IJBPermissions { includeWildcardProjectId: true }) ) - ) { - revert JBPermissions_Unauthorized(); - } + ) revert JBPermissions_Unauthorized(); // ROOT permission cannot be set for a wildcard project ID. if ( permissionsData.projectId == WILDCARD_PROJECT_ID && _includesPermission({permissions: packed, permissionId: JBPermissionIds.ROOT}) - ) { - revert JBPermissions_CantSetRootPermissionForWildcardProject(); - } + ) revert JBPermissions_CantSetRootPermissionForWildcardProject(); // Store the new value. permissionsOf[permissionsData.operator][account][permissionsData.projectId] = packed; From 13f5ac0dd2b73518beba60c29f2235547191551c Mon Sep 17 00:00:00 2001 From: simplemachine92 Date: Tue, 7 Jan 2025 17:36:57 -0600 Subject: [PATCH 3/3] wildcard tests --- test/TestPermissions.sol | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/test/TestPermissions.sol b/test/TestPermissions.sol index 1033bd85..4987059a 100644 --- a/test/TestPermissions.sol +++ b/test/TestPermissions.sol @@ -158,12 +158,17 @@ contract TestPermissions_Local is TestBaseWorkflow, JBTest { // Check if all the items in `check_permissions` also exist in `set_permissions`. bool _shouldHavePermissions = true; + bool _containsRoot; for (uint256 _i; _i < _u8_check_permissions.length; _i++) { bool _exists; _check_permissions[_i] = _u8_check_permissions[_i]; for (uint256 _j; _j < _u8_set_permissions.length; _j++) { // We update this lots of times unnecesarily but no need to optimize this. _set_permissions[_j] = _u8_set_permissions[_j % 256]; + + // Update if we find root value. + if (_u8_set_permissions[_j] == 1) _containsRoot = true; + // If we find this item we break and mark the flag. if (_u8_check_permissions[_i] == _u8_set_permissions[_j]) { _exists = true; @@ -178,6 +183,10 @@ contract TestPermissions_Local is TestBaseWorkflow, JBTest { } } + if (_containsRoot && _projectId == 0) { + vm.expectRevert(JBPermissions.JBPermissions_CantSetRootPermissionForWildcardProject.selector); + } + // Set the permissions. vm.prank(_account); _permissions.setPermissionsFor( @@ -190,6 +199,20 @@ contract TestPermissions_Local is TestBaseWorkflow, JBTest { ); } + function testSetRootWildcardProjectId(address _account, address _operator) public { + uint8[] memory _set_permissions = new uint8[](1); + _set_permissions[0] = JBPermissionIds.ROOT; + + // Set the permissions. + vm.prank(_account); + + vm.expectRevert(JBPermissions.JBPermissions_CantSetRootPermissionForWildcardProject.selector); + _permissions.setPermissionsFor( + _account, + JBPermissionsData({operator: _operator, projectId: 0, /* wildcard */ permissionIds: _set_permissions}) + ); + } + function testBasicAccessSetup() public { address zeroOwner = makeAddr("zeroOwner"); address token = address(usdcToken());