From 6ada6bf4102d8b8763e17baf62671403901f0496 Mon Sep 17 00:00:00 2001 From: Abner Tudtud Date: Wed, 3 Jul 2024 07:51:14 +0800 Subject: [PATCH 1/2] Add account owner validation --- src/Rules/IsCollectionOwner.php | 3 +-- src/Rules/IsCollectionOwnerOrApproved.php | 3 +-- src/Support/Account.php | 20 ++++++++++++++++++++ 3 files changed, 22 insertions(+), 4 deletions(-) diff --git a/src/Rules/IsCollectionOwner.php b/src/Rules/IsCollectionOwner.php index 677efe3c..2f75af5d 100644 --- a/src/Rules/IsCollectionOwner.php +++ b/src/Rules/IsCollectionOwner.php @@ -6,7 +6,6 @@ use Enjin\Platform\Models\Collection; use Enjin\Platform\Rules\Traits\HasDataAwareRule; use Enjin\Platform\Support\Account; -use Enjin\Platform\Support\SS58Address; use Illuminate\Contracts\Validation\DataAwareRule; use Illuminate\Contracts\Validation\ValidationRule; use Illuminate\Support\Arr; @@ -31,7 +30,7 @@ public function validate(string $attribute, mixed $value, Closure $fail): void } if (!static::$bypass && - (!$collection->owner || !SS58Address::isSameAddress( + (!$collection->owner || !Account::isAccountOwner( $collection->owner->public_key, Arr::get($this->data, 'signingAccount') ?: Account::daemonPublicKey() )) diff --git a/src/Rules/IsCollectionOwnerOrApproved.php b/src/Rules/IsCollectionOwnerOrApproved.php index 58dc7890..ae92f7e4 100644 --- a/src/Rules/IsCollectionOwnerOrApproved.php +++ b/src/Rules/IsCollectionOwnerOrApproved.php @@ -6,7 +6,6 @@ use Enjin\Platform\Models\Collection; use Enjin\Platform\Services\Database\CollectionService; use Enjin\Platform\Support\Account; -use Enjin\Platform\Support\SS58Address; use Illuminate\Contracts\Validation\ValidationRule; class IsCollectionOwnerOrApproved implements ValidationRule @@ -32,7 +31,7 @@ public function validate(string $attribute, mixed $value, Closure $fail): void $daemonAccount = Account::daemonPublicKey(); if (!$collection || - (!SS58Address::isSameAddress($collection->owner->public_key, $daemonAccount) && + (!Account::isAccountOwner($collection->owner->public_key, $daemonAccount) && !$this->collectionService->approvalExistsInCollection( $collection->collection_chain_id, $daemonAccount, diff --git a/src/Support/Account.php b/src/Support/Account.php index 17e8de5c..334ed71c 100644 --- a/src/Support/Account.php +++ b/src/Support/Account.php @@ -10,8 +10,28 @@ class Account { public static $publicKey; + public static $walletAccounts = []; private static $account; + /** + * Check if account is owner. + */ + public static function isAccountOwner(string $publicKey, string $others = ''): bool + { + $accounts = array_merge( + static::$publicKey, + static::$walletAccounts, + $others + ); + foreach (array_filter($accounts) as $account) { + if ($account && SS58Address::isSameAddress($publicKey, $account)) { + return true; + } + } + + return false; + } + /** * Get daemon account public key. */ From 693008f34b3528f9396dc96bdf30f04d0c2d9505 Mon Sep 17 00:00:00 2001 From: Abner Tudtud Date: Wed, 3 Jul 2024 14:04:09 +0800 Subject: [PATCH 2/2] fix tests --- src/Support/Account.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/Support/Account.php b/src/Support/Account.php index 334ed71c..c0b9010c 100644 --- a/src/Support/Account.php +++ b/src/Support/Account.php @@ -18,11 +18,11 @@ class Account */ public static function isAccountOwner(string $publicKey, string $others = ''): bool { - $accounts = array_merge( + $accounts = [ static::$publicKey, - static::$walletAccounts, - $others - ); + ...static::$walletAccounts, + $others, + ]; foreach (array_filter($accounts) as $account) { if ($account && SS58Address::isSameAddress($publicKey, $account)) { return true;