fix(#136): check memberships for issuer and receiver of a cert

e4023024 · Cédric Moreau · 62e56e70 · e4023024
Commit e4023024 authored 1 year ago by Cédric Moreau
--- a/pallets/duniter-wot/src/lib.rs
+++ b/pallets/duniter-wot/src/lib.rs
@@ -207,9 +207,8 @@ where
 // implement cert call checks
 impl<T: Config<I>, I: 'static> pallet_certification::traits::CheckCertAllowed<IdtyIndex>
    for Pallet<T, I>
-// TODO add the following where clause once checks can be done on pallet instance
-// where
-//     T: pallet_membership::Config<I>,
+where
+    T: pallet_membership::Config<I>,
 {
    // check the following:
    // - issuer has identity
@@ -218,19 +217,6 @@ impl<T: Config<I>, I: 'static> pallet_certification::traits::CheckCertAllowed<Id
    // - receiver identity is confirmed or validated
    // - receiver has membership
    //
-    // /!\ do not check the following:
-    // - receiver has membership
-    // - issuer has membership
-    // this has the following consequences:
-    // - receiver can receive smith certification without having requested membership
-    // - issuer can issue cert even if he lost his membership
-    //   (not renewed or passed below cert threshold and above again without claiming membership)
-    // this is counterintuitive behavior but not a big problem
-    //
-    // TODO to fix this strange behavior, we will have to make the tests
-    // (CheckCertAllowed and CheckMembershipCallAllowed) run on the relevant instance
-    // i.e. Cert for Wot, SmithCert for SmithWot...
-    // → see issue #136
    fn check_cert_allowed(issuer: IdtyIndex, receiver: IdtyIndex) -> Result<(), DispatchError> {
        // issuer checks
        // ensure issuer has validated identity
@@ -242,12 +228,11 @@ impl<T: Config<I>, I: 'static> pallet_certification::traits::CheckCertAllowed<Id
        } else {
            return Err(Error::<T, I>::IdtyNotFound.into());
        }
-        // issue #136 this has to be done on the correct instance of membership pallet
-        // // ensure issuer has membership
-        // if pallet_membership::Pallet::<T, I>::membership(issuer).is_none() {
-        //     // improvement: give reason why issuer can not emit cert (not member)
-        //     return Err(Error::<T, I>::IssuerCanNotEmitCert.into());
-        // }
+        // ensure issuer has membership
+        if pallet_membership::Pallet::<T, I>::membership(issuer).is_none() {
+            // improvement: give reason why issuer can not emit cert (not member)
+            return Err(Error::<T, I>::IssuerCanNotEmitCert.into());
+        }

        // receiver checks
        // ensure receiver has confirmed or validated identity
@@ -260,12 +245,12 @@ impl<T: Config<I>, I: 'static> pallet_certification::traits::CheckCertAllowed<Id
            return Err(Error::<T, I>::IdtyNotFound.into());
        }
        // issue #136 this has to be done on the correct instance of membership pallet
-        // // ensure receiver has a membership or a pending membership
-        // if pallet_membership::Pallet::<T, I>::pending_membership(issuer).is_none()
-        //     && pallet_membership::Pallet::<T, I>::membership(issuer).is_none()
-        // {
-        //     return Err(Error::<T, I>::CertToUndefined.into());
-        // }
+        // ensure receiver has a membership or a pending membership
+        if pallet_membership::Pallet::<T, I>::pending_membership(issuer).is_none()
+            || pallet_membership::Pallet::<T, I>::membership(issuer).is_none()
+        {
+            return Err(Error::<T, I>::CertToUndefined.into());
+        }
        Ok(())
    }
 }