Introduce in-origin filtering (#6318)

* impl filter in origin * remove IsCallable usage. Breaking: utility::batch(root, calls) no longer bypass BasicCallFilter * rename BasicCallFilter -> BaseCallFilter * refactor code * Apply suggestions from code review Co-authored-by: Kian Paimani <5588131+kianenigma@users.noreply.github.com> * remove forgotten temporar comment * better add suggestion in another PR * refactor: use Clone instead of mem::replace * fix tests * fix tests * fix tests * fix benchmarks * Make root bypass filter in utility::batch * fix unused imports Co-authored-by: Kian Paimani <5588131+kianenigma@users.noreply.github.com>
2026-06-12 21:41:12 +00:00 · 2020-06-15 17:05:41 +02:00
parent 97cac4ce8b
commit c2ad27271b
79 changed files with 536 additions and 302 deletions
@@ -50,7 +50,7 @@ use sp_std::prelude::*;
 use codec::{Encode, Decode};
 use sp_io::hashing::blake2_256;
 use frame_support::{decl_module, decl_event, decl_error, decl_storage, Parameter, ensure, RuntimeDebug};
-use frame_support::{traits::{Get, ReservableCurrency, Currency, Filter, FilterStack, ClearFilterGuard},
+use frame_support::{traits::{Get, ReservableCurrency, Currency},
 	weights::{Weight, GetDispatchInfo, DispatchClass, Pays},
 	dispatch::{DispatchResultWithPostInfo, DispatchErrorWithPostInfo, PostDispatchInfo},
 };
@@ -87,9 +87,6 @@ pub trait Trait: frame_system::Trait {

 	/// The maximum amount of signatories allowed in the multisig.
 	type MaxSignatories: Get<u16>;
-
-	/// Is a given call compatible with the proxying subsystem?
-	type IsCallable: FilterStack<<Self as Trait>::Call>;
 }

 /// A global extrinsic index, formed as the extrinsic index within a block, together with that
@@ -151,8 +148,6 @@ decl_error! {
 		WrongTimepoint,
 		/// A timepoint was given, yet no multisig operation is underway.
 		UnexpectedTimepoint,
-		/// A call with a `false` `IsCallable` filter was attempted.
-		Uncallable,
 	}
 }

@@ -175,8 +170,6 @@ decl_event! {
 		/// A multisig operation has been cancelled. First param is the account that is
 		/// cancelling, third is the multisig account, fourth is hash of the call.
 		MultisigCancelled(AccountId, Timepoint<BlockNumber>, AccountId, CallHash),
-		/// A call with a `false` IsCallable filter was attempted.
-		Uncallable(u32),
 	}
 }

@@ -220,8 +213,7 @@ decl_module! {
 		/// Register approval for a dispatch to be made from a deterministic composite account if
 		/// approved by a total of `threshold - 1` of `other_signatories`.
 		///
-		/// If there are enough, then dispatch the call. Calls must each fulfil the `IsCallable`
-		/// filter.
+		/// If there are enough, then dispatch the call.
 		///
 		/// Payment: `DepositBase` will be reserved if this is the first approval, plus
 		/// `threshold` times `DepositFactor`. It is returned once this dispatch happens or
@@ -280,10 +272,6 @@ decl_module! {
 			call: Box<<T as Trait>::Call>,
 		) -> DispatchResultWithPostInfo {
 			let who = ensure_signed(origin)?;
-			// We're now executing as a freshly authenticated new account, so the previous call
-			// restrictions no longer apply.
-			let _guard = ClearFilterGuard::<T::IsCallable, <T as Trait>::Call>::new();
-			ensure!(T::IsCallable::filter(call.as_ref()), Error::<T>::Uncallable);
 			ensure!(threshold >= 1, Error::<T>::ZeroThreshold);
 			let max_sigs = T::MaxSignatories::get() as usize;
 			ensure!(!other_signatories.is_empty(), Error::<T>::TooFewSignatories);
@@ -23,7 +23,7 @@ use super::*;

 use frame_support::{
 	assert_ok, assert_noop, impl_outer_origin, parameter_types, impl_outer_dispatch,
-	weights::Weight, impl_outer_event
+	weights::Weight, impl_outer_event, traits::Filter,
 };
 use sp_core::H256;
 use sp_runtime::{Perbill, traits::{BlakeTwo256, IdentityLookup}, testing::Header};
@@ -60,6 +60,7 @@ parameter_types! {
 	pub const AvailableBlockRatio: Perbill = Perbill::one();
 }
 impl frame_system::Trait for Test {
+	type BaseCallFilter = TestBaseCallFilter;
 	type Origin = Origin;
 	type Index = u64;
 	type BlockNumber = u64;
@@ -99,8 +100,8 @@ parameter_types! {
 	pub const DepositFactor: u64 = 1;
 	pub const MaxSignatories: u16 = 3;
 }
-pub struct TestIsCallable;
-impl Filter<Call> for TestIsCallable {
+pub struct TestBaseCallFilter;
+impl Filter<Call> for TestBaseCallFilter {
 	fn filter(c: &Call) -> bool {
 		match *c {
 			Call::Balances(_) => true,
@@ -110,13 +111,6 @@ impl Filter<Call> for TestIsCallable {
 		}
 	}
 }
-impl FilterStack<Call> for TestIsCallable {
-	type Stack = ();
-	fn push(_: impl Fn(&Call) -> bool + 'static) {}
-	fn pop() {}
-	fn take() -> Self::Stack { () }
-	fn restore(_: Self::Stack) {}
-}
 impl Trait for Test {
 	type Event = TestEvent;
 	type Call = Call;
@@ -124,7 +118,6 @@ impl Trait for Test {
 	type DepositBase = DepositBase;
 	type DepositFactor = DepositFactor;
 	type MaxSignatories = MaxSignatories;
-	type IsCallable = TestIsCallable;
 }
 type System = frame_system::Module<Test>;
 type Balances = pallet_balances::Module<Test>;
@@ -403,8 +396,8 @@ fn multisig_filters() {
 	new_test_ext().execute_with(|| {
 		let call = Box::new(Call::System(frame_system::Call::set_code(vec![])));
 		assert_noop!(
-			Multisig::as_multi(Origin::signed(1), 1, vec![], None, call.clone()),
-			Error::<Test>::Uncallable,
+			Multisig::as_multi(Origin::signed(1), 1, vec![2], None, call.clone()),
+			DispatchError::BadOrigin,
 		);
 	});
 }