feat(frontend-canister): allow setting permissions in init args (#3965)

dfinity · Oct 28, 2024 · abab449 · abab449
1 parent 4e14a6f
commit abab449
Show file tree

Hide file tree

Showing 8 changed files with 68 additions and 10 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,13 @@
 
 # UNRELEASED
 
+### Frontend canister
+
+Allow setting permissions lists in init arguments just like in upgrade arguments.
+
+- Module hash: 2c24b5e1584890a7965011d5d1d827aca68c489c9a6308475730420fa53372e8
+- https://github.com/dfinity/sdk/pull/3965
+
 # 0.24.2
 
 ### feat: Support canister log allowed viewer list

diff --git a/docs/design/asset-canister-interface.md b/docs/design/asset-canister-interface.md
@@ -163,7 +163,13 @@ The size of any chunk cannot exceed the message ingress limit.
 
 ```candid
 service: (asset_canister_args: variant {
-  Init: record {};
+  Init: record {
+    set_permissions: opt record {
+      prepare: vec principal;
+      commit: vec principal;
+      manage_permissions: vec principal;
+    };
+  };
   Upgrade: record {
     set_permissions: opt record {
       prepare: vec principal;
@@ -179,7 +185,7 @@ The methods `init` and `post_upgrade` are called automatically by the system aft
 Both methods take the same argument type by definition. Therefore, to be able to have different arguments for the two cases, an enum is used to make the distinction.
 If `init` is called with the `Upgrade` variant or if `post_upgrade` is called with the `Init` variant the asset canister traps and thereby reverts the code changes.
 
-In `Upgrade`, the field `set_permissions` can be used to (re)set the list of principals with the listed permissions.
+In both variants, the field `set_permissions` can be used to (re)set the list of principals with the listed permissions.
 If `set_permissions` that is not `null`, then all permissions are set to the newly provided list of principals and the previous lists of principals are discarded.
 
 ### Method: `get`

diff --git a/e2e/tests-dfx/assetscanister.bash b/e2e/tests-dfx/assetscanister.bash
@@ -1988,6 +1988,38 @@ WARN: {
   assert_command      dfx deploy
 }
 
+@test "set permissions through init argument" {
+  dfx_start
+  dfx deploy
+
+  dfx identity new alice --storage-mode plaintext
+  ALICE="$(dfx --identity alice identity get-principal)"
+
+  dfx canister install e2e_project_frontend --mode reinstall --yes --argument "(opt variant {
+    Init = record {
+      set_permissions = opt record {
+        prepare = vec {
+          principal \"${ALICE}\";
+        };
+        commit = vec {
+          principal \"$(dfx identity get-principal)\";
+          principal \"aaaaa-aa\";
+        };
+        manage_permissions = vec {
+          principal \"$(dfx identity get-principal)\";
+        };
+      }
+    }
+  })"
+  assert_command dfx canister call e2e_project_frontend list_permitted '(record { permission = variant { Prepare }; })'
+  assert_match "${ALICE}"
+  assert_command dfx canister call e2e_project_frontend list_permitted '(record { permission = variant { Commit }; })'
+  assert_match "$(dfx identity get-principal)"
+  assert_match '"aaaaa-aa"'
+  assert_command dfx canister call e2e_project_frontend list_permitted '(record { permission = variant { ManagePermissions }; })'
+  assert_match "$(dfx identity get-principal)"
+}
+
 @test "set permissions through upgrade argument" {
   dfx_start
   dfx deploy

diff --git a/src/canisters/frontend/ic-certified-assets/assets.did b/src/canisters/frontend/ic-certified-assets/assets.did
@@ -144,7 +144,9 @@ type AssetCanisterArgs = variant {
   Upgrade: UpgradeArgs;
 };
 
-type InitArgs = record {};
+type InitArgs = record {
+  set_permissions: opt SetPermissions;
+};
 
 type UpgradeArgs = record {
   set_permissions: opt SetPermissions;

diff --git a/src/canisters/frontend/ic-certified-assets/src/lib.rs b/src/canisters/frontend/ic-certified-assets/src/lib.rs
@@ -423,16 +423,23 @@ fn is_controller() -> Result<(), String> {
 }
 
 pub fn init(args: Option<AssetCanisterArgs>) {
-    if let Some(upgrade_arg) = args {
-        let AssetCanisterArgs::Init(InitArgs {}) = upgrade_arg else {
-            ic_cdk::trap("Cannot initialize the canister with an Upgrade argument. Please provide an Init argument.")
-        };
-    }
     STATE.with(|s| {
         let mut s = s.borrow_mut();
         s.clear();
         s.grant_permission(caller(), &Permission::Commit);
     });
+
+    if let Some(upgrade_arg) = args {
+        let AssetCanisterArgs::Init(init_args) = upgrade_arg else {
+            ic_cdk::trap("Cannot initialize the canister with an Upgrade argument. Please provide an Init argument.")
+        };
+        STATE.with(|s| {
+            let mut state = s.borrow_mut();
+            if let Some(set_permissions) = init_args.set_permissions {
+                state.set_permissions(set_permissions);
+            }
+        });
+    }
 }
 
 pub fn pre_upgrade() -> StableState {

diff --git a/src/canisters/frontend/ic-certified-assets/src/types.rs b/src/canisters/frontend/ic-certified-assets/src/types.rs
@@ -207,7 +207,9 @@ pub enum AssetCanisterArgs {
 }
 
 #[derive(Clone, Debug, CandidType, Deserialize)]
-pub struct InitArgs {}
+pub struct InitArgs {
+    pub set_permissions: Option<SetPermissions>,
+}
 
 #[derive(Clone, Debug, CandidType, Deserialize)]
 pub struct UpgradeArgs {

diff --git a/src/distributed/assetstorage.did b/src/distributed/assetstorage.did
@@ -144,7 +144,9 @@ type AssetCanisterArgs = variant {
   Upgrade: UpgradeArgs;
 };
 
-type InitArgs = record {};
+type InitArgs = record {
+  set_permissions: opt SetPermissions;
+};
 
 type UpgradeArgs = record {
   set_permissions: opt SetPermissions;

diff --git a/src/distributed/assetstorage.wasm.gz b/src/distributed/assetstorage.wasm.gz