[fix] #3843: Fix genesis validation (#3844)

Signed-off-by: Marin Veršić <[email protected]>
hyperledger-iroha · Aug 29, 2023 · c08c887 · c08c887
1 parent bbc1632
commit c08c887
Showing 1 changed file with 36 additions and 24 deletions.
diff --git a/wasm/validator/src/permission.rs b/wasm/validator/src/permission.rs
@@ -82,14 +82,17 @@ pub mod asset {
     }
 
     impl PassCondition for Owner<'_> {
-        fn validate(&self, authority: &AccountId, _block_height: u64) -> Result {
-            if self.asset_id.account_id() != authority {
-                return Err(ValidationFail::NotPermitted(
-                    "Can't access asset owned by another account".to_owned(),
-                ));
+        fn validate(&self, authority: &AccountId, block_height: u64) -> Result {
+            if block_height == 0 {
+                return Ok(());
+            }
+            if self.asset_id.account_id() == authority {
+                return Ok(());
             }
 
-            Ok(())
+            Err(ValidationFail::NotPermitted(
+                "Can't access asset owned by another account".to_owned(),
+            ))
         }
     }
 }
@@ -113,14 +116,17 @@ pub mod asset_definition {
     }
 
     impl PassCondition for Owner<'_> {
-        fn validate(&self, authority: &AccountId, _block_height: u64) -> Result {
-            if !is_asset_definition_owner(self.asset_definition_id, authority)? {
-                return Err(ValidationFail::NotPermitted(
-                    "Can't access asset definition owned by another account".to_owned(),
-                ));
+        fn validate(&self, authority: &AccountId, block_height: u64) -> Result {
+            if block_height == 0 {
+                return Ok(());
+            }
+            if is_asset_definition_owner(self.asset_definition_id, authority)? {
+                return Ok(());
             }
 
-            Ok(())
+            Err(ValidationFail::NotPermitted(
+                "Can't access asset definition owned by another account".to_owned(),
+            ))
         }
     }
 }
@@ -137,14 +143,17 @@ pub mod account {
     }
 
     impl PassCondition for Owner<'_> {
-        fn validate(&self, authority: &AccountId, _block_height: u64) -> Result {
-            if self.account_id != authority {
-                return Err(ValidationFail::NotPermitted(
-                    "Can't access another account".to_owned(),
-                ));
+        fn validate(&self, authority: &AccountId, block_height: u64) -> Result {
+            if block_height == 0 {
+                return Ok(());
+            }
+            if self.account_id == authority {
+                return Ok(());
             }
 
-            Ok(())
+            Err(ValidationFail::NotPermitted(
+                "Can't access another account".to_owned(),
+            ))
         }
     }
 }
@@ -173,14 +182,17 @@ pub mod trigger {
     }
 
     impl PassCondition for Owner<'_> {
-        fn validate(&self, authority: &AccountId, _block_height: u64) -> Result {
-            if !is_trigger_owner(self.trigger_id.clone(), authority)? {
-                return Err(ValidationFail::NotPermitted(
-                    "Can't give permission to access trigger owned by another account".to_owned(),
-                ));
+        fn validate(&self, authority: &AccountId, block_height: u64) -> Result {
+            if block_height == 0 {
+                return Ok(());
+            }
+            if is_trigger_owner(self.trigger_id.clone(), authority)? {
+                return Ok(());
             }
 
-            Ok(())
+            Err(ValidationFail::NotPermitted(
+                "Can't give permission to access trigger owned by another account".to_owned(),
+            ))
         }
     }
 }