diff --git a/CHANGELOG.md b/CHANGELOG.md index df5de3bcd3..7a29863ab7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ # UNRELEASED +### Frontend canister + +Allow setting permissions lists in init arguments just like in upgrade arguments. + +- Module hash: 2c24b5e1584890a7965011d5d1d827aca68c489c9a6308475730420fa53372e8 +- https://github.com/dfinity/sdk/pull/3965 + # 0.24.2 ### feat: Support canister log allowed viewer list diff --git a/docs/design/asset-canister-interface.md b/docs/design/asset-canister-interface.md index a761376823..ea23bbb94c 100644 --- a/docs/design/asset-canister-interface.md +++ b/docs/design/asset-canister-interface.md @@ -163,7 +163,13 @@ The size of any chunk cannot exceed the message ingress limit. ```candid service: (asset_canister_args: variant { - Init: record {}; + Init: record { + set_permissions: opt record { + prepare: vec principal; + commit: vec principal; + manage_permissions: vec principal; + }; + }; Upgrade: record { set_permissions: opt record { prepare: vec principal; @@ -179,7 +185,7 @@ The methods `init` and `post_upgrade` are called automatically by the system aft Both methods take the same argument type by definition. Therefore, to be able to have different arguments for the two cases, an enum is used to make the distinction. If `init` is called with the `Upgrade` variant or if `post_upgrade` is called with the `Init` variant the asset canister traps and thereby reverts the code changes. -In `Upgrade`, the field `set_permissions` can be used to (re)set the list of principals with the listed permissions. +In both variants, the field `set_permissions` can be used to (re)set the list of principals with the listed permissions. If `set_permissions` that is not `null`, then all permissions are set to the newly provided list of principals and the previous lists of principals are discarded. ### Method: `get` diff --git a/e2e/tests-dfx/assetscanister.bash b/e2e/tests-dfx/assetscanister.bash index 5de6817e58..d92f26758b 100644 --- a/e2e/tests-dfx/assetscanister.bash +++ b/e2e/tests-dfx/assetscanister.bash @@ -1988,6 +1988,38 @@ WARN: { assert_command dfx deploy } +@test "set permissions through init argument" { + dfx_start + dfx deploy + + dfx identity new alice --storage-mode plaintext + ALICE="$(dfx --identity alice identity get-principal)" + + dfx canister install e2e_project_frontend --mode reinstall --yes --argument "(opt variant { + Init = record { + set_permissions = opt record { + prepare = vec { + principal \"${ALICE}\"; + }; + commit = vec { + principal \"$(dfx identity get-principal)\"; + principal \"aaaaa-aa\"; + }; + manage_permissions = vec { + principal \"$(dfx identity get-principal)\"; + }; + } + } + })" + assert_command dfx canister call e2e_project_frontend list_permitted '(record { permission = variant { Prepare }; })' + assert_match "${ALICE}" + assert_command dfx canister call e2e_project_frontend list_permitted '(record { permission = variant { Commit }; })' + assert_match "$(dfx identity get-principal)" + assert_match '"aaaaa-aa"' + assert_command dfx canister call e2e_project_frontend list_permitted '(record { permission = variant { ManagePermissions }; })' + assert_match "$(dfx identity get-principal)" +} + @test "set permissions through upgrade argument" { dfx_start dfx deploy diff --git a/src/canisters/frontend/ic-certified-assets/assets.did b/src/canisters/frontend/ic-certified-assets/assets.did index ccf075ffc4..f94499065d 100644 --- a/src/canisters/frontend/ic-certified-assets/assets.did +++ b/src/canisters/frontend/ic-certified-assets/assets.did @@ -144,7 +144,9 @@ type AssetCanisterArgs = variant { Upgrade: UpgradeArgs; }; -type InitArgs = record {}; +type InitArgs = record { + set_permissions: opt SetPermissions; +}; type UpgradeArgs = record { set_permissions: opt SetPermissions; diff --git a/src/canisters/frontend/ic-certified-assets/src/lib.rs b/src/canisters/frontend/ic-certified-assets/src/lib.rs index 44847a1e1c..4b96ef1b44 100644 --- a/src/canisters/frontend/ic-certified-assets/src/lib.rs +++ b/src/canisters/frontend/ic-certified-assets/src/lib.rs @@ -423,16 +423,23 @@ fn is_controller() -> Result<(), String> { } pub fn init(args: Option) { - if let Some(upgrade_arg) = args { - let AssetCanisterArgs::Init(InitArgs {}) = upgrade_arg else { - ic_cdk::trap("Cannot initialize the canister with an Upgrade argument. Please provide an Init argument.") - }; - } STATE.with(|s| { let mut s = s.borrow_mut(); s.clear(); s.grant_permission(caller(), &Permission::Commit); }); + + if let Some(upgrade_arg) = args { + let AssetCanisterArgs::Init(init_args) = upgrade_arg else { + ic_cdk::trap("Cannot initialize the canister with an Upgrade argument. Please provide an Init argument.") + }; + STATE.with(|s| { + let mut state = s.borrow_mut(); + if let Some(set_permissions) = init_args.set_permissions { + state.set_permissions(set_permissions); + } + }); + } } pub fn pre_upgrade() -> StableState { diff --git a/src/canisters/frontend/ic-certified-assets/src/types.rs b/src/canisters/frontend/ic-certified-assets/src/types.rs index a164dc12c5..5274b9b06b 100644 --- a/src/canisters/frontend/ic-certified-assets/src/types.rs +++ b/src/canisters/frontend/ic-certified-assets/src/types.rs @@ -207,7 +207,9 @@ pub enum AssetCanisterArgs { } #[derive(Clone, Debug, CandidType, Deserialize)] -pub struct InitArgs {} +pub struct InitArgs { + pub set_permissions: Option, +} #[derive(Clone, Debug, CandidType, Deserialize)] pub struct UpgradeArgs { diff --git a/src/distributed/assetstorage.did b/src/distributed/assetstorage.did index ccf075ffc4..f94499065d 100644 --- a/src/distributed/assetstorage.did +++ b/src/distributed/assetstorage.did @@ -144,7 +144,9 @@ type AssetCanisterArgs = variant { Upgrade: UpgradeArgs; }; -type InitArgs = record {}; +type InitArgs = record { + set_permissions: opt SetPermissions; +}; type UpgradeArgs = record { set_permissions: opt SetPermissions; diff --git a/src/distributed/assetstorage.wasm.gz b/src/distributed/assetstorage.wasm.gz index 7f2c64e536..b0e0ec09f2 100755 Binary files a/src/distributed/assetstorage.wasm.gz and b/src/distributed/assetstorage.wasm.gz differ