refactor(permissions): define default permission set

Signed-off-by: Marin Veršić <marin.versic101@gmail.com>

crates/iroha/tests/integration/asset.rs

@@ -12,7 +12,7 @@ use iroha::{
     },
 };
 use iroha_config::parameters::actual::Root as Config;
-use iroha_executor_data_model::permission::asset::CanTransferUserAsset;
+use iroha_executor_data_model::permission::asset::CanModifyAsset;
 use iroha_test_network::*;
 use iroha_test_samples::{gen_account_in, ALICE_ID, BOB_ID};
 
@@ -328,7 +328,7 @@ fn find_rate_and_make_exchange_isi_should_succeed() {
 
     let alice_id = ALICE_ID.clone();
     let alice_can_transfer_asset = |asset_id: AssetId, owner_key_pair: KeyPair| {
-        let permission = CanTransferUserAsset {
+        let permission = CanModifyAsset {
             asset: asset_id.clone(),
         };
         let instruction = Grant::account_permission(permission, alice_id.clone());

crates/iroha/tests/integration/events/data.rs

@@ -2,8 +2,8 @@ use std::{fmt::Write as _, sync::mpsc, thread};
 
 use eyre::Result;
 use iroha::data_model::{prelude::*, transaction::WasmSmartContract};
-use iroha_executor_data_model::permission::account::{
-    CanRemoveKeyValueInAccount, CanSetKeyValueInAccount,
+use iroha_executor_data_model::permission::{
+    account::CanModifyAccountMetadata, domain::CanModifyDomainMetadata,
 };
 use iroha_test_network::*;
 use iroha_test_samples::{ALICE_ID, BOB_ID};
@@ -201,10 +201,12 @@ fn produce_multiple_events() -> Result<()> {
     // Registering role
     let alice_id = ALICE_ID.clone();
     let role_id = "TEST_ROLE".parse::<RoleId>()?;
-    let permission_1 = CanRemoveKeyValueInAccount {
+    let permission_1 = CanModifyAccountMetadata {
         account: alice_id.clone(),
     };
-    let permission_2 = CanSetKeyValueInAccount { account: alice_id };
+    let permission_2 = CanModifyDomainMetadata {
+        domain: alice_id.domain().clone(),
+    };
     let role = iroha::data_model::role::Role::new(role_id.clone())
         .add_permission(permission_1.clone())
         .add_permission(permission_2.clone());
@@ -241,7 +243,7 @@ fn produce_multiple_events() -> Result<()> {
     {
         assert_eq!(*event.account(), bob_id);
         assert_eq!(
-            CanRemoveKeyValueInAccount::try_from(event.permission()).unwrap(),
+            CanModifyAccountMetadata::try_from(event.permission()).unwrap(),
             permission_1
         );
     } else {
@@ -252,7 +254,7 @@ fn produce_multiple_events() -> Result<()> {
     {
         assert_eq!(*event.account(), bob_id);
         assert_eq!(
-            CanSetKeyValueInAccount::try_from(event.permission()).unwrap(),
+            CanModifyDomainMetadata::try_from(event.permission()).unwrap(),
             permission_2
         );
     } else {
@@ -272,7 +274,7 @@ fn produce_multiple_events() -> Result<()> {
     {
         assert_eq!(*event.account(), bob_id);
         assert_eq!(
-            CanRemoveKeyValueInAccount::try_from(event.permission()).unwrap(),
+            CanModifyAccountMetadata::try_from(event.permission()).unwrap(),
             permission_1
         );
     } else {
@@ -283,7 +285,7 @@ fn produce_multiple_events() -> Result<()> {
     {
         assert_eq!(*event.account(), bob_id);
         assert_eq!(
-            CanSetKeyValueInAccount::try_from(event.permission()).unwrap(),
+            CanModifyDomainMetadata::try_from(event.permission()).unwrap(),
             permission_2
         );
     } else {

crates/iroha/tests/integration/permissions.rs

@@ -10,8 +10,8 @@ use iroha::{
     },
 };
 use iroha_executor_data_model::permission::{
-    asset::{CanSetKeyValueInUserAsset, CanTransferUserAsset},
-    domain::CanSetKeyValueInDomain,
+    asset::{CanModifyAsset, CanModifyAssetMetadata},
+    domain::CanModifyDomainMetadata,
 };
 use iroha_genesis::GenesisBlock;
 use iroha_test_network::{PeerBuilder, *};
@@ -243,7 +243,7 @@ fn permissions_differ_not_only_by_names() {
 
     // Granting permission to Alice to modify metadata in Mouse's hats
     let mouse_hat_id = AssetId::new(hat_definition_id, mouse_id.clone());
-    let mouse_hat_permission = CanSetKeyValueInUserAsset {
+    let mouse_hat_permission = CanModifyAssetMetadata {
         asset: mouse_hat_id.clone(),
     };
     let allow_alice_to_set_key_value_in_hats =
@@ -276,7 +276,7 @@ fn permissions_differ_not_only_by_names() {
         .submit_blocking(set_shoes_color.clone())
         .expect_err("Expected Alice to fail to modify Mouse's shoes");
 
-    let mouse_shoes_permission = CanSetKeyValueInUserAsset {
+    let mouse_shoes_permission = CanModifyAssetMetadata {
         asset: mouse_shoes_id,
     };
     let allow_alice_to_set_key_value_in_shoes =
@@ -326,7 +326,7 @@ fn stored_vs_granted_permission_payload() -> Result<()> {
 
     let mouse_asset = AssetId::new(asset_definition_id, mouse_id.clone());
     let allow_alice_to_set_key_value_in_mouse_asset = Grant::account_permission(
-        Permission::new("CanSetKeyValueInUserAsset".parse().unwrap(), value_json),
+        Permission::new("CanModifyAssetMetadata".parse().unwrap(), value_json),
         alice_id,
     );
 
@@ -359,12 +359,12 @@ fn permissions_are_unified() {
     // Given
     let alice_id = ALICE_ID.clone();
 
-    let permission1 = CanTransferUserAsset {
+    let permission1 = CanModifyAsset {
         asset: format!("rose#wonderland#{alice_id}").parse().unwrap(),
     };
     let allow_alice_to_transfer_rose_1 = Grant::account_permission(permission1, alice_id.clone());
 
-    let permission2 = CanTransferUserAsset {
+    let permission2 = CanModifyAsset {
         asset: format!("rose##{alice_id}").parse().unwrap(),
     };
     let allow_alice_to_transfer_rose_2 = Grant::account_permission(permission2, alice_id);
@@ -389,7 +389,7 @@ fn associated_permissions_removed_on_unregister() {
 
     // register kingdom and give bob permissions in this domain
     let register_domain = Register::domain(kingdom);
-    let bob_to_set_kv_in_domain = CanSetKeyValueInDomain {
+    let bob_to_set_kv_in_domain = CanModifyDomainMetadata {
         domain: kingdom_id.clone(),
     };
     let allow_bob_to_set_kv_in_domain =
@@ -409,7 +409,7 @@ fn associated_permissions_removed_on_unregister() {
         .expect("failed to get permissions for bob")
         .into_iter()
         .any(|permission| {
-            CanSetKeyValueInDomain::try_from(&permission)
+            CanModifyDomainMetadata::try_from(&permission)
                 .is_ok_and(|permission| permission == bob_to_set_kv_in_domain)
         }));
 
@@ -425,7 +425,7 @@ fn associated_permissions_removed_on_unregister() {
         .expect("failed to get permissions for bob")
         .into_iter()
         .any(|permission| {
-            CanSetKeyValueInDomain::try_from(&permission)
+            CanModifyDomainMetadata::try_from(&permission)
                 .is_ok_and(|permission| permission == bob_to_set_kv_in_domain)
         }));
 }
@@ -441,7 +441,7 @@ fn associated_permissions_removed_from_role_on_unregister() {
 
     // register kingdom and give bob permissions in this domain
     let register_domain = Register::domain(kingdom);
-    let set_kv_in_domain = CanSetKeyValueInDomain {
+    let set_kv_in_domain = CanModifyDomainMetadata {
         domain: kingdom_id.clone(),
     };
     let role = Role::new(role_id.clone()).add_permission(set_kv_in_domain.clone());
@@ -459,7 +459,7 @@ fn associated_permissions_removed_from_role_on_unregister() {
         .expect("failed to get role")
         .permissions()
         .any(|permission| {
-            CanSetKeyValueInDomain::try_from(permission)
+            CanModifyDomainMetadata::try_from(permission)
                 .is_ok_and(|permission| permission == set_kv_in_domain)
         }));
 
@@ -476,7 +476,7 @@ fn associated_permissions_removed_from_role_on_unregister() {
         .expect("failed to get role")
         .permissions()
         .any(|permission| {
-            CanSetKeyValueInDomain::try_from(permission)
+            CanModifyDomainMetadata::try_from(permission)
                 .is_ok_and(|permission| permission == set_kv_in_domain)
         }));
 }

crates/iroha/tests/integration/queries/role.rs

@@ -5,7 +5,7 @@ use iroha::{
     client,
     data_model::{prelude::*, query::builder::SingleQueryError},
 };
-use iroha_executor_data_model::permission::account::CanSetKeyValueInAccount;
+use iroha_executor_data_model::permission::account::CanModifyAccountMetadata;
 use iroha_test_network::*;
 use iroha_test_samples::ALICE_ID;
 
@@ -133,7 +133,7 @@ fn find_roles_by_account_id() -> Result<()> {
         .iter()
         .cloned()
         .map(|role_id| {
-            Register::role(Role::new(role_id).add_permission(CanSetKeyValueInAccount {
+            Register::role(Role::new(role_id).add_permission(CanModifyAccountMetadata {
                 account: alice_id.clone(),
             }))
         })

crates/iroha/tests/integration/roles.rs

@@ -4,9 +4,7 @@ use iroha::{
     client,
     data_model::{prelude::*, transaction::error::TransactionRejectionReason},
 };
-use iroha_executor_data_model::permission::account::{
-    CanRemoveKeyValueInAccount, CanSetKeyValueInAccount,
-};
+use iroha_executor_data_model::permission::account::CanModifyAccountMetadata;
 use iroha_test_network::*;
 use iroha_test_samples::{gen_account_in, ALICE_ID};
 use serde_json::json;
@@ -49,13 +47,9 @@ fn register_and_grant_role_for_metadata_access() -> Result<()> {
 
     // Registering role
     let role_id = "ACCESS_TO_MOUSE_METADATA".parse::<RoleId>()?;
-    let role = Role::new(role_id.clone())
-        .add_permission(CanSetKeyValueInAccount {
-            account: mouse_id.clone(),
-        })
-        .add_permission(CanRemoveKeyValueInAccount {
-            account: mouse_id.clone(),
-        });
+    let role = Role::new(role_id.clone()).add_permission(CanModifyAccountMetadata {
+        account: mouse_id.clone(),
+    });
     let register_role = Register::role(role);
     test_client.submit_blocking(register_role)?;
 
@@ -98,7 +92,7 @@ fn unregistered_role_removed_from_account() -> Result<()> {
 
     // Register root role
     let register_role = Register::role(
-        Role::new(role_id.clone()).add_permission(CanSetKeyValueInAccount { account: alice_id }),
+        Role::new(role_id.clone()).add_permission(CanModifyAccountMetadata { account: alice_id }),
     );
     test_client.submit_blocking(register_role)?;
 
@@ -150,7 +144,6 @@ fn role_with_invalid_permissions_is_not_accepted() -> Result<()> {
 }
 
 #[test]
-#[allow(deprecated)]
 // NOTE: Permissions in this test are created explicitly as json strings
 // so that they don't get deduplicated eagerly but rather in the executor
 // This way, if the executor compares permissions just as JSON strings, the test will fail
@@ -159,13 +152,13 @@ fn role_permissions_are_deduplicated() {
     wait_for_genesis_committed(&vec![test_client.clone()], 0);
 
     let allow_alice_to_transfer_rose_1 = Permission::new(
-        "CanTransferUserAsset".parse().unwrap(),
+        "CanModifyAsset".parse().unwrap(),
         json!({ "asset": "rose#wonderland#ed0120CE7FA46C9DCE7EA4B125E2E36BDB63EA33073E7590AC92816AE1E861B7048B03@wonderland" }),
     );
 
     // Different content, but same meaning
     let allow_alice_to_transfer_rose_2 = Permission::new(
-        "CanTransferUserAsset".parse().unwrap(),
+        "CanTModifysset".parse().unwrap(),
         json!({ "asset": "rose##ed0120CE7FA46C9DCE7EA4B125E2E36BDB63EA33073E7590AC92816AE1E861B7048B03@wonderland" }),
     );
 
@@ -229,7 +222,7 @@ fn grant_revoke_role_permissions() -> Result<()> {
         "key".parse()?,
         "value".parse::<JsonString>()?,
     );
-    let can_set_key_value_in_mouse = CanSetKeyValueInAccount {
+    let can_set_key_value_in_mouse = CanModifyAccountMetadata {
         account: mouse_id.clone(),
     };
     let grant_role_permission =
@@ -243,7 +236,7 @@ fn grant_revoke_role_permissions() -> Result<()> {
         .execute_all()?
         .iter()
         .any(|permission| {
-            CanSetKeyValueInAccount::try_from(permission)
+            CanModifyAccountMetadata::try_from(permission)
                 .is_ok_and(|permission| permission == can_set_key_value_in_mouse)
         }));
     let _ = test_client
@@ -260,7 +253,7 @@ fn grant_revoke_role_permissions() -> Result<()> {
         .execute_all()?
         .iter()
         .any(|permission| {
-            CanSetKeyValueInAccount::try_from(permission)
+            CanModifyAccountMetadata::try_from(permission)
                 .is_ok_and(|permission| permission == can_set_key_value_in_mouse)
         }));
     test_client.submit_blocking(set_key_value.clone())?;
@@ -275,7 +268,7 @@ fn grant_revoke_role_permissions() -> Result<()> {
         .execute_all()?
         .iter()
         .any(|permission| {
-            CanSetKeyValueInAccount::try_from(permission)
+            CanModifyAccountMetadata::try_from(permission)
                 .is_ok_and(|permission| permission == can_set_key_value_in_mouse)
         }));
     let _ = test_client

crates/iroha/tests/integration/transfer_domain.rs

@@ -7,10 +7,10 @@ use iroha::{
 };
 use iroha_executor_data_model::permission::{
     account::CanUnregisterAccount,
-    asset::CanUnregisterUserAsset,
-    asset_definition::CanUnregisterAssetDefinition,
-    domain::{CanRegisterAssetDefinitionInDomain, CanUnregisterDomain},
-    trigger::CanUnregisterUserTrigger,
+    asset::CanUnregisterAsset,
+    asset_definition::{CanRegisterAssetDefinition, CanUnregisterAssetDefinition},
+    domain::CanUnregisterDomain,
+    trigger::CanUnregisterTrigger,
 };
 use iroha_genesis::GenesisBlock;
 use iroha_primitives::json::JsonString;
@@ -59,7 +59,7 @@ fn domain_owner_domain_permissions() -> Result<()> {
     test_client.submit_blocking(Unregister::asset_definition(coin_id))?;
 
     // Granting a respective permission also allows "bob@kingdom" to do so
-    let permission = CanRegisterAssetDefinitionInDomain {
+    let permission = CanRegisterAssetDefinition {
         domain: kingdom_id.clone(),
     };
     test_client.submit_blocking(Grant::account_permission(
@@ -158,7 +158,7 @@ fn domain_owner_asset_definition_permissions() -> Result<()> {
     test_client.submit_blocking(Register::account(rabbit))?;
 
     // Grant permission to register asset definitions to "bob@kingdom"
-    let permission = CanRegisterAssetDefinitionInDomain { domain: kingdom_id };
+    let permission = CanRegisterAssetDefinition { domain: kingdom_id };
     test_client.submit_blocking(Grant::account_permission(permission, bob_id.clone()))?;
 
     // register asset definitions by "bob@kingdom" so he is owner of it
@@ -222,7 +222,7 @@ fn domain_owner_asset_permissions() -> Result<()> {
     test_client.submit_blocking(Register::account(bob))?;
 
     // Grant permission to register asset definitions to "bob@kingdom"
-    let permission = CanRegisterAssetDefinitionInDomain { domain: kingdom_id };
+    let permission = CanRegisterAssetDefinition { domain: kingdom_id };
     test_client.submit_blocking(Grant::account_permission(permission, bob_id.clone()))?;
 
     // register asset definitions by "bob@kingdom" so he is owner of it
@@ -255,7 +255,7 @@ fn domain_owner_asset_permissions() -> Result<()> {
     test_client.submit_blocking(RemoveKeyValue::asset(bob_store_id.clone(), key))?;
 
     // check that "alice@wonderland" as owner of domain can grant and revoke asset related permissions in her domain
-    let permission = CanUnregisterUserAsset {
+    let permission = CanUnregisterAsset {
         asset: bob_store_id,
     };
     test_client.submit_blocking(Grant::account_permission(
@@ -308,8 +308,8 @@ fn domain_owner_trigger_permissions() -> Result<()> {
     let _result = test_client.submit_blocking(execute_trigger)?;
 
     // check that "alice@wonderland" as owner of domain can grant and revoke trigger related permissions in her domain
-    let permission = CanUnregisterUserTrigger {
-        account: bob_id.clone(),
+    let permission = CanUnregisterTrigger {
+        trigger: trigger_id.clone(),
     };
     test_client.submit_blocking(Grant::account_permission(
         permission.clone(),

crates/iroha/tests/integration/triggers/by_call_trigger.rs

@@ -12,7 +12,7 @@ use iroha::{
     },
 };
 use iroha_data_model::query::{builder::SingleQueryError, trigger::FindTriggers};
-use iroha_executor_data_model::permission::trigger::CanRegisterUserTrigger;
+use iroha_executor_data_model::permission::trigger::CanRegisterTrigger;
 use iroha_genesis::GenesisBlock;
 use iroha_logger::info;
 use iroha_test_network::{Peer as TestPeer, *};
@@ -217,8 +217,7 @@ fn trigger_should_not_be_executed_with_zero_repeats_count() -> Result<()> {
             downcasted_error,
             Some(FindError::Trigger(id)) if *id == trigger_id
         ),
-        "Unexpected error received: {:?}",
-        error
+        "Unexpected error received: {error:?}",
     );
 
     // Checking results
@@ -295,8 +294,8 @@ fn only_account_with_permission_can_register_trigger() -> Result<()> {
     rabbit_client.key_pair = rabbit_keys;
 
     // Permission for the trigger registration on behalf of alice
-    let permission_on_registration = CanRegisterUserTrigger {
-        account: ALICE_ID.clone(),
+    let permission_on_registration = CanRegisterTrigger {
+        authority: ALICE_ID.clone(),
     };
 
     // Trigger with 'alice' as authority