Implements initial version subscriiption validations, using the censu…

…ssize
vocdoni · Oct 25, 2024 · e8d7ddb · e8d7ddb
1 parent 2e3c2e8
commit e8d7ddb
Show file tree

Hide file tree

Showing 4 changed files with 35 additions and 1 deletion.
diff --git a/api/api_test.go b/api/api_test.go
@@ -109,7 +109,7 @@ func TestMain(m *testing.M) {
 	// set reset db env var to true
 	_ = os.Setenv("VOCDONI_MONGO_RESET_DB", "true")
 	// create a new MongoDB connection with the test database
-	if testDB, err = db.New(mongoURI, test.RandomDatabaseName()); err != nil {
+	if testDB, err = db.New(mongoURI, test.RandomDatabaseName(), "subscriptions.json"); err != nil {
 		panic(err)
 	}
 	defer testDB.Close()

diff --git a/api/transaction.go b/api/transaction.go
@@ -69,6 +69,12 @@ func (a *API) signTxHandler(w http.ResponseWriter, r *http.Request) {
 	}
 	// check if the api is not in transparent mode
 	if !a.transparentMode {
+		// get subscirption plan
+		plan, err := a.db.Subscription(org.Subscription.SubscriptionID)
+		if err != nil {
+			ErrNoOrganizationSubscription.Withf("could not get organization subscription: %v", err).Write(w)
+			return
+		}
 		switch tx.Payload.(type) {
 		case *models.Tx_SetAccount:
 			txSetAccount := tx.GetSetAccount()
@@ -114,9 +120,14 @@ func (a *API) signTxHandler(w http.ResponseWriter, r *http.Request) {
 				ErrInvalidTxFormat.With("missing fields").Write(w)
 				return
 			}
+			if hasPermission, err := a.db.CheckSubscriptionPermissions(tx, txNewProcess.Txtype, org, plan); !hasPermission || err != nil {
+				ErrUnauthorized.Withf("user does not have permission to sign transactions: %v", err).Write(w)
+				return
+			}
 			// check the tx subtype
 			switch txNewProcess.Txtype {
 			case models.TxType_NEW_PROCESS:
+
 				// generate a new faucet package if it's not present and include it in the tx
 				if txNewProcess.FaucetPackage == nil {
 					// get the tx cost for the tx type
@@ -162,6 +173,10 @@ func (a *API) signTxHandler(w http.ResponseWriter, r *http.Request) {
 				ErrInvalidTxFormat.With("invalid tx type").Write(w)
 				return
 			}
+			if hasPermission, err := a.db.CheckSubscriptionPermissions(tx, txSetProcess.Txtype, org, plan); !hasPermission || err != nil {
+				ErrUnauthorized.Withf("user does not have permission to sign transactions: %v", err).Write(w)
+				return
+			}
 			// check the tx subtype
 			switch txSetProcess.Txtype {
 			case models.TxType_SET_PROCESS_STATUS:

diff --git a/cmd/service/main.go b/cmd/service/main.go
@@ -47,6 +47,7 @@ func main() {
 	if err := viper.BindPFlags(flag.CommandLine); err != nil {
 		panic(err)
 	}
+	log.SetCometLogLevel("debug")
 	viper.AutomaticEnv()
 	// read the configuration
 	host := viper.GetString("host")

diff --git a/db/helpers.go b/db/helpers.go
@@ -12,6 +12,7 @@ import (
 	"go.mongodb.org/mongo-driver/mongo"
 	"go.mongodb.org/mongo-driver/mongo/options"
 	"go.vocdoni.io/dvote/log"
+	"go.vocdoni.io/proto/build/go/models"
 )
 
 // initCollections creates the collections in the MongoDB database if they
@@ -246,3 +247,20 @@ func readSubscriptionJSON(subscriptionsFile string) ([]*Subscription, error) {
 	}
 	return subscriptions, nil
 }
+
+func (ms *MongoStorage) CheckSubscriptionPermissions(
+	tx *models.Tx,
+	txType models.TxType,
+	org *Organization,
+	plan *Subscription,
+) (bool, error) {
+
+	switch txType {
+	case models.TxType_NEW_PROCESS, models.TxType_SET_PROCESS_CENSUS:
+		newProcess := tx.GetNewProcess()
+		if newProcess.Process.MaxCensusSize > uint64(org.Subscription.MaxCensusSize) {
+			return false, fmt.Errorf("MaxCensusSize is greater than the allowed")
+		}
+	}
+	return true, nil
+}