Skip to content

Commit

Permalink
framework permissions
Browse files Browse the repository at this point in the history
  • Loading branch information
@runtian-zhou
runtian-zhou committed Nov 27, 2024
1 parent 1e81ef4 commit e2ca0c2
Show file tree
Hide file tree
Showing 36 changed files with 1,394 additions and 316 deletions.
149 changes: 98 additions & 51 deletions aptos-move/framework/aptos-framework/doc/aptos_governance.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,10 @@ on a proposal multiple times as long as the total voting power of these votes do
- [Struct `CreateProposal`](#0x1_aptos_governance_CreateProposal)
- [Struct `Vote`](#0x1_aptos_governance_Vote)
- [Struct `UpdateConfig`](#0x1_aptos_governance_UpdateConfig)
- [Struct `GovernancePermission`](#0x1_aptos_governance_GovernancePermission)
- [Constants](#@Constants_0)
- [Function `check_signer_permission`](#0x1_aptos_governance_check_signer_permission)
- [Function `grant_permission`](#0x1_aptos_governance_grant_permission)
- [Function `store_signer_cap`](#0x1_aptos_governance_store_signer_cap)
- [Function `initialize`](#0x1_aptos_governance_initialize)
- [Function `update_governance_config`](#0x1_aptos_governance_update_governance_config)
Expand Down Expand Up @@ -61,7 +64,6 @@ on a proposal multiple times as long as the total voting power of these votes do
- [Function `get_signer`](#0x1_aptos_governance_get_signer)
- [Function `create_proposal_metadata`](#0x1_aptos_governance_create_proposal_metadata)
- [Function `assert_voting_initialization`](#0x1_aptos_governance_assert_voting_initialization)
- [Function `initialize_for_verification`](#0x1_aptos_governance_initialize_for_verification)
- [Specification](#@Specification_1)
- [High-level Requirements](#high-level-req)
- [Module-level Specification](#module-level-spec)
Expand Down Expand Up @@ -96,7 +98,6 @@ on a proposal multiple times as long as the total voting power of these votes do
- [Function `get_signer`](#@Specification_1_get_signer)
- [Function `create_proposal_metadata`](#@Specification_1_create_proposal_metadata)
- [Function `assert_voting_initialization`](#@Specification_1_assert_voting_initialization)
- [Function `initialize_for_verification`](#@Specification_1_initialize_for_verification)


<pre><code><b>use</b> <a href="account.md#0x1_account">0x1::account</a>;
Expand All @@ -109,6 +110,7 @@ on a proposal multiple times as long as the total voting power of these votes do
<b>use</b> <a href="governance_proposal.md#0x1_governance_proposal">0x1::governance_proposal</a>;
<b>use</b> <a href="../../aptos-stdlib/doc/math64.md#0x1_math64">0x1::math64</a>;
<b>use</b> <a href="../../aptos-stdlib/../move-stdlib/doc/option.md#0x1_option">0x1::option</a>;
<b>use</b> <a href="permissioned_signer.md#0x1_permissioned_signer">0x1::permissioned_signer</a>;
<b>use</b> <a href="randomness_config.md#0x1_randomness_config">0x1::randomness_config</a>;
<b>use</b> <a href="reconfiguration_with_dkg.md#0x1_reconfiguration_with_dkg">0x1::reconfiguration_with_dkg</a>;
<b>use</b> <a href="../../aptos-stdlib/../move-stdlib/doc/signer.md#0x1_signer">0x1::signer</a>;
Expand Down Expand Up @@ -642,6 +644,33 @@ Event emitted when the governance configs are updated.
</dl>


</details>

<a id="0x1_aptos_governance_GovernancePermission"></a>

## Struct `GovernancePermission`



<pre><code><b>struct</b> <a href="aptos_governance.md#0x1_aptos_governance_GovernancePermission">GovernancePermission</a> <b>has</b> <b>copy</b>, drop, store
</code></pre>



<details>
<summary>Fields</summary>


<dl>
<dt>
<code>dummy_field: bool</code>
</dt>
<dd>

</dd>
</dl>


</details>

<a id="@Constants_0"></a>
Expand Down Expand Up @@ -738,6 +767,16 @@ The proposal in the argument is not a partial voting proposal.



<a id="0x1_aptos_governance_ENO_GOVERNANCE_PERMISSION"></a>

Current permissioned signer cannot perform governance operations.


<pre><code><b>const</b> <a href="aptos_governance.md#0x1_aptos_governance_ENO_GOVERNANCE_PERMISSION">ENO_GOVERNANCE_PERMISSION</a>: u64 = 15;
</code></pre>



<a id="0x1_aptos_governance_ENO_VOTING_POWER"></a>

The specified stake pool must be part of the validator set
Expand Down Expand Up @@ -817,6 +856,59 @@ Proposal metadata attribute keys.



<a id="0x1_aptos_governance_check_signer_permission"></a>

## Function `check_signer_permission`

Permissions


<pre><code><b>fun</b> <a href="aptos_governance.md#0x1_aptos_governance_check_signer_permission">check_signer_permission</a>(s: &<a href="../../aptos-stdlib/../move-stdlib/doc/signer.md#0x1_signer">signer</a>)
</code></pre>



<details>
<summary>Implementation</summary>


<pre><code>inline <b>fun</b> <a href="aptos_governance.md#0x1_aptos_governance_check_signer_permission">check_signer_permission</a>(s: &<a href="../../aptos-stdlib/../move-stdlib/doc/signer.md#0x1_signer">signer</a>) {
<b>assert</b>!(
<a href="permissioned_signer.md#0x1_permissioned_signer_check_permission_exists">permissioned_signer::check_permission_exists</a>(s, <a href="aptos_governance.md#0x1_aptos_governance_GovernancePermission">GovernancePermission</a> {}),
<a href="../../aptos-stdlib/../move-stdlib/doc/error.md#0x1_error_permission_denied">error::permission_denied</a>(<a href="aptos_governance.md#0x1_aptos_governance_ENO_GOVERNANCE_PERMISSION">ENO_GOVERNANCE_PERMISSION</a>),
);
}
</code></pre>



</details>

<a id="0x1_aptos_governance_grant_permission"></a>

## Function `grant_permission`

Grant permission to perform governance operations on behalf of the master signer.


<pre><code><b>public</b> <b>fun</b> <a href="aptos_governance.md#0x1_aptos_governance_grant_permission">grant_permission</a>(master: &<a href="../../aptos-stdlib/../move-stdlib/doc/signer.md#0x1_signer">signer</a>, <a href="permissioned_signer.md#0x1_permissioned_signer">permissioned_signer</a>: &<a href="../../aptos-stdlib/../move-stdlib/doc/signer.md#0x1_signer">signer</a>)
</code></pre>



<details>
<summary>Implementation</summary>


<pre><code><b>public</b> <b>fun</b> <a href="aptos_governance.md#0x1_aptos_governance_grant_permission">grant_permission</a>(master: &<a href="../../aptos-stdlib/../move-stdlib/doc/signer.md#0x1_signer">signer</a>, <a href="permissioned_signer.md#0x1_permissioned_signer">permissioned_signer</a>: &<a href="../../aptos-stdlib/../move-stdlib/doc/signer.md#0x1_signer">signer</a>) {
<a href="permissioned_signer.md#0x1_permissioned_signer_authorize_unlimited">permissioned_signer::authorize_unlimited</a>(master, <a href="permissioned_signer.md#0x1_permissioned_signer">permissioned_signer</a>, <a href="aptos_governance.md#0x1_aptos_governance_GovernancePermission">GovernancePermission</a> {})
}
</code></pre>



</details>

<a id="0x1_aptos_governance_store_signer_cap"></a>

## Function `store_signer_cap`
Expand Down Expand Up @@ -1262,6 +1354,7 @@ Return proposal_id when a proposal is successfully created.
metadata_hash: <a href="../../aptos-stdlib/../move-stdlib/doc/vector.md#0x1_vector">vector</a>&lt;u8&gt;,
is_multi_step_proposal: bool,
): u64 <b>acquires</b> <a href="aptos_governance.md#0x1_aptos_governance_GovernanceConfig">GovernanceConfig</a>, <a href="aptos_governance.md#0x1_aptos_governance_GovernanceEvents">GovernanceEvents</a> {
<a href="aptos_governance.md#0x1_aptos_governance_check_signer_permission">check_signer_permission</a>(proposer);
<b>let</b> proposer_address = <a href="../../aptos-stdlib/../move-stdlib/doc/signer.md#0x1_signer_address_of">signer::address_of</a>(proposer);
<b>assert</b>!(
<a href="stake.md#0x1_stake_get_delegated_voter">stake::get_delegated_voter</a>(stake_pool) == proposer_address,
Expand Down Expand Up @@ -1494,6 +1587,7 @@ cannot vote on the proposal even after partial governance voting is enabled.
voting_power: u64,
should_pass: bool,
) <b>acquires</b> <a href="aptos_governance.md#0x1_aptos_governance_ApprovedExecutionHashes">ApprovedExecutionHashes</a>, <a href="aptos_governance.md#0x1_aptos_governance_VotingRecords">VotingRecords</a>, <a href="aptos_governance.md#0x1_aptos_governance_VotingRecordsV2">VotingRecordsV2</a>, <a href="aptos_governance.md#0x1_aptos_governance_GovernanceEvents">GovernanceEvents</a> {
<a href="permissioned_signer.md#0x1_permissioned_signer_assert_master_signer">permissioned_signer::assert_master_signer</a>(voter);
<b>let</b> voter_address = <a href="../../aptos-stdlib/../move-stdlib/doc/signer.md#0x1_signer_address_of">signer::address_of</a>(voter);
<b>assert</b>!(<a href="stake.md#0x1_stake_get_delegated_voter">stake::get_delegated_voter</a>(stake_pool) == voter_address, <a href="../../aptos-stdlib/../move-stdlib/doc/error.md#0x1_error_invalid_argument">error::invalid_argument</a>(<a href="aptos_governance.md#0x1_aptos_governance_ENOT_DELEGATED_VOTER">ENOT_DELEGATED_VOTER</a>));

Expand Down Expand Up @@ -1888,7 +1982,7 @@ Only called in testnet where the core resources account exists and has been gran
<pre><code><b>public</b> <b>fun</b> <a href="aptos_governance.md#0x1_aptos_governance_get_signer_testnet_only">get_signer_testnet_only</a>(
core_resources: &<a href="../../aptos-stdlib/../move-stdlib/doc/signer.md#0x1_signer">signer</a>, signer_address: <b>address</b>): <a href="../../aptos-stdlib/../move-stdlib/doc/signer.md#0x1_signer">signer</a> <b>acquires</b> <a href="aptos_governance.md#0x1_aptos_governance_GovernanceResponsbility">GovernanceResponsbility</a> {
<a href="system_addresses.md#0x1_system_addresses_assert_core_resource">system_addresses::assert_core_resource</a>(core_resources);
// Core resources <a href="account.md#0x1_account">account</a> only <b>has</b> mint capability in tests/testnets.
// Core resources <a href="account.md#0x1_account">account</a> only <b>has</b> mint <a href="../../aptos-stdlib/doc/capability.md#0x1_capability">capability</a> in tests/testnets.
<b>assert</b>!(<a href="aptos_coin.md#0x1_aptos_coin_has_mint_capability">aptos_coin::has_mint_capability</a>(core_resources), <a href="../../aptos-stdlib/../move-stdlib/doc/error.md#0x1_error_unauthenticated">error::unauthenticated</a>(<a href="aptos_governance.md#0x1_aptos_governance_EUNAUTHORIZED">EUNAUTHORIZED</a>));
<a href="aptos_governance.md#0x1_aptos_governance_get_signer">get_signer</a>(signer_address)
}
Expand Down Expand Up @@ -2017,36 +2111,6 @@ Return a signer for making changes to 0x1 as part of on-chain governance proposa



</details>

<a id="0x1_aptos_governance_initialize_for_verification"></a>

## Function `initialize_for_verification`



<pre><code>#[verify_only]
<b>public</b> <b>fun</b> <a href="aptos_governance.md#0x1_aptos_governance_initialize_for_verification">initialize_for_verification</a>(aptos_framework: &<a href="../../aptos-stdlib/../move-stdlib/doc/signer.md#0x1_signer">signer</a>, min_voting_threshold: u128, required_proposer_stake: u64, voting_duration_secs: u64)
</code></pre>



<details>
<summary>Implementation</summary>


<pre><code><b>public</b> <b>fun</b> <a href="aptos_governance.md#0x1_aptos_governance_initialize_for_verification">initialize_for_verification</a>(
aptos_framework: &<a href="../../aptos-stdlib/../move-stdlib/doc/signer.md#0x1_signer">signer</a>,
min_voting_threshold: u128,
required_proposer_stake: u64,
voting_duration_secs: u64,
) {
<a href="aptos_governance.md#0x1_aptos_governance_initialize">initialize</a>(aptos_framework, min_voting_threshold, required_proposer_stake, voting_duration_secs);
}
</code></pre>



</details>

<a id="@Specification_1"></a>
Expand Down Expand Up @@ -2153,6 +2217,7 @@ Limit addition overflow.

<pre><code><b>let</b> addr = <a href="../../aptos-stdlib/../move-stdlib/doc/signer.md#0x1_signer_address_of">signer::address_of</a>(aptos_framework);
<b>let</b> register_account = <b>global</b>&lt;<a href="account.md#0x1_account_Account">account::Account</a>&gt;(addr);
<b>aborts_if</b> <a href="permissioned_signer.md#0x1_permissioned_signer_spec_is_permissioned_signer">permissioned_signer::spec_is_permissioned_signer</a>(aptos_framework);
<b>aborts_if</b> <b>exists</b>&lt;<a href="voting.md#0x1_voting_VotingForum">voting::VotingForum</a>&lt;GovernanceProposal&gt;&gt;(addr);
<b>aborts_if</b> !<b>exists</b>&lt;<a href="account.md#0x1_account_Account">account::Account</a>&gt;(addr);
<b>aborts_if</b> register_account.guid_creation_num + 7 &gt; <a href="aptos_governance.md#0x1_aptos_governance_MAX_U64">MAX_U64</a>;
Expand Down Expand Up @@ -3240,22 +3305,4 @@ pool_address must exist in StakePool.
</code></pre>



<a id="@Specification_1_initialize_for_verification"></a>

### Function `initialize_for_verification`


<pre><code>#[verify_only]
<b>public</b> <b>fun</b> <a href="aptos_governance.md#0x1_aptos_governance_initialize_for_verification">initialize_for_verification</a>(aptos_framework: &<a href="../../aptos-stdlib/../move-stdlib/doc/signer.md#0x1_signer">signer</a>, min_voting_threshold: u128, required_proposer_stake: u64, voting_duration_secs: u64)
</code></pre>


verify_only


<pre><code><b>pragma</b> verify = <b>false</b>;
</code></pre>


[move-book]: https://aptos.dev/move/book/SUMMARY
96 changes: 96 additions & 0 deletions aptos-move/framework/aptos-framework/doc/code.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,8 +12,11 @@ This module supports functionality related to code management.
- [Struct `ModuleMetadata`](#0x1_code_ModuleMetadata)
- [Struct `UpgradePolicy`](#0x1_code_UpgradePolicy)
- [Struct `PublishPackage`](#0x1_code_PublishPackage)
- [Struct `CodePermission`](#0x1_code_CodePermission)
- [Struct `AllowedDep`](#0x1_code_AllowedDep)
- [Constants](#@Constants_0)
- [Function `check_signer_permission`](#0x1_code_check_signer_permission)
- [Function `grant_permission`](#0x1_code_grant_permission)
- [Function `upgrade_policy_arbitrary`](#0x1_code_upgrade_policy_arbitrary)
- [Function `upgrade_policy_compat`](#0x1_code_upgrade_policy_compat)
- [Function `upgrade_policy_immutable`](#0x1_code_upgrade_policy_immutable)
Expand Down Expand Up @@ -50,6 +53,7 @@ This module supports functionality related to code management.
<b>use</b> <a href="../../aptos-stdlib/../move-stdlib/doc/features.md#0x1_features">0x1::features</a>;
<b>use</b> <a href="object.md#0x1_object">0x1::object</a>;
<b>use</b> <a href="../../aptos-stdlib/../move-stdlib/doc/option.md#0x1_option">0x1::option</a>;
<b>use</b> <a href="permissioned_signer.md#0x1_permissioned_signer">0x1::permissioned_signer</a>;
<b>use</b> <a href="../../aptos-stdlib/../move-stdlib/doc/signer.md#0x1_signer">0x1::signer</a>;
<b>use</b> <a href="../../aptos-stdlib/../move-stdlib/doc/string.md#0x1_string">0x1::string</a>;
<b>use</b> <a href="system_addresses.md#0x1_system_addresses">0x1::system_addresses</a>;
Expand Down Expand Up @@ -300,6 +304,33 @@ Event emitted when code is published to an address.
</dl>


</details>

<a id="0x1_code_CodePermission"></a>

## Struct `CodePermission`



<pre><code><b>struct</b> <a href="code.md#0x1_code_CodePermission">CodePermission</a> <b>has</b> <b>copy</b>, drop, store
</code></pre>



<details>
<summary>Fields</summary>


<dl>
<dt>
<code>dummy_field: bool</code>
</dt>
<dd>

</dd>
</dl>


</details>

<a id="0x1_code_AllowedDep"></a>
Expand Down Expand Up @@ -413,6 +444,16 @@ Not the owner of the package registry.



<a id="0x1_code_ENO_CODE_PERMISSION"></a>

Current permissioned signer cannot publish codes.


<pre><code><b>const</b> <a href="code.md#0x1_code_ENO_CODE_PERMISSION">ENO_CODE_PERMISSION</a>: u64 = 11;
</code></pre>



<a id="0x1_code_EPACKAGE_DEP_MISSING"></a>

Dependency could not be resolved to any published package.
Expand Down Expand Up @@ -443,6 +484,59 @@ Cannot downgrade a package's upgradability policy



<a id="0x1_code_check_signer_permission"></a>

## Function `check_signer_permission`

Permissions


<pre><code><b>fun</b> <a href="code.md#0x1_code_check_signer_permission">check_signer_permission</a>(s: &<a href="../../aptos-stdlib/../move-stdlib/doc/signer.md#0x1_signer">signer</a>)
</code></pre>



<details>
<summary>Implementation</summary>


<pre><code>inline <b>fun</b> <a href="code.md#0x1_code_check_signer_permission">check_signer_permission</a>(s: &<a href="../../aptos-stdlib/../move-stdlib/doc/signer.md#0x1_signer">signer</a>) {
<b>assert</b>!(
<a href="permissioned_signer.md#0x1_permissioned_signer_check_permission_exists">permissioned_signer::check_permission_exists</a>(s, <a href="code.md#0x1_code_CodePermission">CodePermission</a> {}),
<a href="../../aptos-stdlib/../move-stdlib/doc/error.md#0x1_error_permission_denied">error::permission_denied</a>(<a href="code.md#0x1_code_ENO_CODE_PERMISSION">ENO_CODE_PERMISSION</a>),
);
}
</code></pre>



</details>

<a id="0x1_code_grant_permission"></a>

## Function `grant_permission`

Grant permission to publish code on behalf of the master signer.


<pre><code><b>public</b> <b>fun</b> <a href="code.md#0x1_code_grant_permission">grant_permission</a>(master: &<a href="../../aptos-stdlib/../move-stdlib/doc/signer.md#0x1_signer">signer</a>, <a href="permissioned_signer.md#0x1_permissioned_signer">permissioned_signer</a>: &<a href="../../aptos-stdlib/../move-stdlib/doc/signer.md#0x1_signer">signer</a>)
</code></pre>



<details>
<summary>Implementation</summary>


<pre><code><b>public</b> <b>fun</b> <a href="code.md#0x1_code_grant_permission">grant_permission</a>(master: &<a href="../../aptos-stdlib/../move-stdlib/doc/signer.md#0x1_signer">signer</a>, <a href="permissioned_signer.md#0x1_permissioned_signer">permissioned_signer</a>: &<a href="../../aptos-stdlib/../move-stdlib/doc/signer.md#0x1_signer">signer</a>) {
<a href="permissioned_signer.md#0x1_permissioned_signer_authorize_unlimited">permissioned_signer::authorize_unlimited</a>(master, <a href="permissioned_signer.md#0x1_permissioned_signer">permissioned_signer</a>, <a href="code.md#0x1_code_CodePermission">CodePermission</a> {})
}
</code></pre>



</details>

<a id="0x1_code_upgrade_policy_arbitrary"></a>

## Function `upgrade_policy_arbitrary`
Expand Down Expand Up @@ -598,6 +692,7 @@ package.


<pre><code><b>public</b> <b>fun</b> <a href="code.md#0x1_code_publish_package">publish_package</a>(owner: &<a href="../../aptos-stdlib/../move-stdlib/doc/signer.md#0x1_signer">signer</a>, pack: <a href="code.md#0x1_code_PackageMetadata">PackageMetadata</a>, <a href="code.md#0x1_code">code</a>: <a href="../../aptos-stdlib/../move-stdlib/doc/vector.md#0x1_vector">vector</a>&lt;<a href="../../aptos-stdlib/../move-stdlib/doc/vector.md#0x1_vector">vector</a>&lt;u8&gt;&gt;) <b>acquires</b> <a href="code.md#0x1_code_PackageRegistry">PackageRegistry</a> {
<a href="code.md#0x1_code_check_signer_permission">check_signer_permission</a>(owner);
// Disallow incompatible upgrade mode. Governance can decide later <b>if</b> this should be reconsidered.
<b>assert</b>!(
pack.upgrade_policy.policy &gt; <a href="code.md#0x1_code_upgrade_policy_arbitrary">upgrade_policy_arbitrary</a>().policy,
Expand Down Expand Up @@ -679,6 +774,7 @@ package.


<pre><code><b>public</b> <b>fun</b> <a href="code.md#0x1_code_freeze_code_object">freeze_code_object</a>(publisher: &<a href="../../aptos-stdlib/../move-stdlib/doc/signer.md#0x1_signer">signer</a>, code_object: Object&lt;<a href="code.md#0x1_code_PackageRegistry">PackageRegistry</a>&gt;) <b>acquires</b> <a href="code.md#0x1_code_PackageRegistry">PackageRegistry</a> {
<a href="code.md#0x1_code_check_signer_permission">check_signer_permission</a>(publisher);
<b>let</b> code_object_addr = <a href="object.md#0x1_object_object_address">object::object_address</a>(&code_object);
<b>assert</b>!(<b>exists</b>&lt;<a href="code.md#0x1_code_PackageRegistry">PackageRegistry</a>&gt;(code_object_addr), <a href="../../aptos-stdlib/../move-stdlib/doc/error.md#0x1_error_not_found">error::not_found</a>(<a href="code.md#0x1_code_ECODE_OBJECT_DOES_NOT_EXIST">ECODE_OBJECT_DOES_NOT_EXIST</a>));
<b>assert</b>!(
Expand Down
Loading

0 comments on commit e2ca0c2

Please sign in to comment.