feat(permission0): new wallet scope

Author: saiintbrisson

.helix/languages.toml

@@ -1,4 +1,5 @@
 [language-server.rust-analyzer.config]
 cargo.extraEnv = { SKIP_WASM_BUILD = "true" }
 cargo.features = ["runtime-benchmarks"]
-
+check.extraEnv = { SKIP_WASM_BUILD = "true" }
+check.overrideCommand = ["cargo", "check", "--message-format=json"]

pallets/permission0/api/src/lib.rs

@@ -161,6 +161,29 @@ pub trait Permission0NamespacesApi<AccountId, NamespacePath> {
     fn is_delegating_namespace(delegator: &AccountId, path: &NamespacePath) -> bool;
 }
 
+pub struct WalletPermission<AccountId> {
+    pub recipient: AccountId,
+    pub r#type: WalletScopeType,
+}
+
+pub enum WalletScopeType {
+    Stake {
+        /// If true, allows the recipient to perform transfer of stake between staked accounts.
+        can_transfer_stake: bool,
+        /// If true, this permission holds exclusive access to the delegator stake, meaning that
+        /// the delegator has no right to perform operations over stake (including unstaking)
+        /// while this permission is active.
+        exclusive_stake_access: bool,
+    },
+}
+
+pub trait Permission0WalletApi<AccountId> {
+    /// Lists all active wallet permissions, regardless of the type.
+    fn find_active_wallet_permission(
+        delegator: &AccountId,
+    ) -> impl Iterator<Item = (PermissionId, WalletPermission<AccountId>)>;
+}
+
 polkadot_sdk::sp_api::decl_runtime_apis! {
     /// A set of helper functions for permission and streams
     /// queries.

pallets/permission0/src/ext.rs

@@ -17,6 +17,7 @@ use polkadot_sdk::{
 pub mod curator_impl;
 pub mod namespace_impl;
 pub mod stream_impl;
+pub mod wallet_impl;
 
 /// Implementation of the Permission0Api trait to be used externally
 impl<T: Config> Permission0Api<OriginFor<T>> for pallet::Pallet<T> {
@@ -146,6 +147,7 @@ pub(crate) fn execute_permission_impl<T: Config>(
         }
         PermissionScope::Curator(_) => curator_impl::execute_permission_impl::<T>(permission_id),
         PermissionScope::Namespace(_) => Ok(()),
+        PermissionScope::Wallet(_) => Ok(()),
     }
 }
 
@@ -208,6 +210,7 @@ pub fn enforcement_execute_permission_impl<T: Config>(
             return curator_impl::execute_permission_impl::<T>(&permission_id);
         }
         PermissionScope::Namespace(_) => return Ok(()),
+        PermissionScope::Wallet(_) => return Ok(()),
     }
 
     EnforcementTracking::<T>::remove(permission_id, EnforcementReferendum::Execution);

pallets/permission0/src/ext/wallet_impl.rs

@@ -0,0 +1,164 @@
+use codec::{Decode, Encode, MaxEncodedLen};
+use pallet_permission0_api::Permission0WalletApi;
+use pallet_torus0_api::Torus0Api;
+use polkadot_sdk::{
+    frame_support::{
+        CloneNoBound, DebugNoBound, EqNoBound, PartialEqNoBound, dispatch::DispatchResult, ensure,
+    },
+    frame_system::ensure_signed,
+    polkadot_sdk_frame::prelude::OriginFor,
+};
+use scale_info::TypeInfo;
+
+use crate::{
+    BalanceOf, Config, Error, Event, Pallet, PermissionContract, PermissionDuration, PermissionId,
+    PermissionScope, Permissions, PermissionsByDelegator, RevocationTerms, generate_permission_id,
+    permission::{
+        add_permission_indices,
+        wallet::{WalletScope, WalletScopeType, WalletStake},
+    },
+};
+
+impl<T: Config> Permission0WalletApi<T::AccountId> for Pallet<T> {
+    fn find_active_wallet_permission(
+        delegator: &T::AccountId,
+    ) -> impl Iterator<
+        Item = (
+            PermissionId,
+            pallet_permission0_api::WalletPermission<T::AccountId>,
+        ),
+    > {
+        PermissionsByDelegator::<T>::get(delegator)
+            .into_iter()
+            .filter_map(|pid| {
+                let permission = Permissions::<T>::get(pid)?;
+                let PermissionScope::Wallet(wallet) = permission.scope else {
+                    return None;
+                };
+
+                Some((
+                    pid,
+                    pallet_permission0_api::WalletPermission {
+                        recipient: wallet.recipient,
+                        r#type: match wallet.r#type {
+                            WalletScopeType::Stake(stake) => {
+                                pallet_permission0_api::WalletScopeType::Stake {
+                                    can_transfer_stake: stake.can_transfer_stake,
+                                    exclusive_stake_access: stake.exclusive_stake_access,
+                                }
+                            }
+                        },
+                    },
+                ))
+            })
+    }
+}
+pub(crate) fn delegate_wallet_stake_permission<T: Config>(
+    origin: OriginFor<T>,
+    recipient: T::AccountId,
+    stake_details: WalletStake,
+    duration: PermissionDuration<T>,
+    revocation: RevocationTerms<T>,
+) -> DispatchResult {
+    let delegator = ensure_signed(origin)?;
+    ensure!(delegator != recipient, Error::<T>::SelfPermissionNotAllowed);
+
+    for (_, perm) in Pallet::<T>::find_active_wallet_permission(&delegator) {
+        if stake_details.exclusive_stake_access
+            || matches!(
+                perm.r#type,
+                pallet_permission0_api::WalletScopeType::Stake {
+                    exclusive_stake_access: true,
+                    ..
+                }
+            )
+        {
+            return Err(Error::<T>::DuplicatePermission.into());
+        }
+    }
+
+    let scope = PermissionScope::Wallet(WalletScope {
+        recipient: recipient.clone(),
+        r#type: WalletScopeType::Stake(stake_details),
+    });
+    let permission_id = generate_permission_id::<T>(&delegator, &scope)?;
+
+    let contract = PermissionContract::<T>::new(
+        delegator,
+        scope,
+        duration,
+        revocation,
+        crate::EnforcementAuthority::None,
+    );
+
+    Permissions::<T>::insert(permission_id, &contract);
+    add_permission_indices::<T>(
+        &contract.delegator,
+        core::iter::once(&recipient),
+        permission_id,
+    )?;
+
+    <Pallet<T>>::deposit_event(Event::PermissionDelegated {
+        delegator: contract.delegator,
+        permission_id,
+    });
+
+    Ok(())
+}
+
+pub(crate) fn execute_wallet_stake_permission<T: Config>(
+    caller: OriginFor<T>,
+    permission_id: PermissionId,
+    op: WalletStakeOperation<T>,
+) -> DispatchResult {
+    let caller = ensure_signed(caller)?;
+    let Some(permission) = Permissions::<T>::get(permission_id) else {
+        return Err(Error::<T>::PermissionNotFound.into());
+    };
+    let PermissionScope::Wallet(wallet) = &permission.scope else {
+        return Err(Error::<T>::UnsupportedPermissionType.into());
+    };
+    #[allow(irrefutable_let_patterns)]
+    let WalletScopeType::Stake(stake) = &wallet.r#type else {
+        return Err(Error::<T>::UnsupportedPermissionType.into());
+    };
+
+    ensure!(
+        caller == wallet.recipient,
+        Error::<T>::NotPermissionRecipient
+    );
+
+    let staker = &permission.delegator;
+
+    match op {
+        WalletStakeOperation::Unstake { staked, amount } => {
+            <T::Torus>::remove_stake(staker, &staked, amount)?;
+        }
+        WalletStakeOperation::Transfer { from, to, amount } => {
+            ensure!(stake.can_transfer_stake, Error::<T>::PermissionNotFound);
+            <T::Torus>::transfer_stake(staker, &from, &to, amount)?;
+        }
+    }
+
+    Ok(())
+}
+
+#[derive(
+    CloneNoBound, DebugNoBound, Encode, Decode, MaxEncodedLen, TypeInfo, PartialEqNoBound, EqNoBound,
+)]
+#[scale_info(skip_type_params(T))]
+pub enum WalletStakeOperation<T: Config> {
+    /// Unstakes the balance from the staked account, yielding control of the
+    /// balance back to the delegator.
+    Unstake {
+        staked: T::AccountId,
+        amount: BalanceOf<T>,
+    },
+    /// Transfers stake from one staked agent to another staked agent,
+    /// related to the `transfer_stake` extrinsic in Torus0.
+    Transfer {
+        from: T::AccountId,
+        to: T::AccountId,
+        amount: BalanceOf<T>,
+    },
+}

pallets/permission0/src/lib.rs

@@ -34,6 +34,7 @@ use polkadot_sdk::{
 #[frame::pallet]
 pub mod pallet {
     use pallet_torus0_api::NamespacePathInner;
+    use permission::wallet::WalletStake;
     use polkadot_sdk::{frame_support::PalletId, sp_core::TryCollect};
 
     use super::*;
@@ -491,6 +492,27 @@ pub mod pallet {
             Ok(())
         }
 
+        /// Delegate a permission over namespaces
+        #[pallet::call_index(11)]
+        #[pallet::weight(T::WeightInfo::delegate_namespace_permission())]
+        pub fn delegate_wallet_stake_permission(
+            origin: OriginFor<T>,
+            recipient: T::AccountId,
+            stake_details: WalletStake,
+            duration: PermissionDuration<T>,
+            revocation: RevocationTerms<T>,
+        ) -> DispatchResult {
+            ext::wallet_impl::delegate_wallet_stake_permission::<T>(
+                origin,
+                recipient,
+                stake_details,
+                duration,
+                revocation,
+            )?;
+
+            Ok(())
+        }
+
         /// Delegate a permission over namespaces to multiple recipients.
         /// Note: this extrinsic creates _multiple_ permissions with the same
         /// properties.
@@ -568,6 +590,16 @@ pub mod pallet {
 
             Ok(())
         }
+
+        #[pallet::call_index(12)]
+        #[pallet::weight(T::WeightInfo::update_namespace_permission())]
+        pub fn execute_wallet_stake_permission(
+            caller: OriginFor<T>,
+            permission_id: PermissionId,
+            op: ext::wallet_impl::WalletStakeOperation<T>,
+        ) -> DispatchResult {
+            ext::wallet_impl::execute_wallet_stake_permission(caller, permission_id, op)
+        }
     }
 }
 

pallets/permission0/src/permission.rs

@@ -11,10 +11,11 @@ use polkadot_sdk::{
         BoundedBTreeMap, BoundedVec, DispatchError, Percent,
         traits::{BlakeTwo256, Hash},
     },
-    sp_std::vec::Vec,
+    sp_std::{vec, vec::Vec},
     sp_tracing::{error, info, trace},
 };
 use scale_info::TypeInfo;
+use wallet::WalletScope;
 
 use crate::*;
 
@@ -25,6 +26,7 @@ pub use stream::{DistributionControl, StreamAllocation, StreamScope};
 pub mod curator;
 pub mod namespace;
 pub mod stream;
+pub mod wallet;
 
 /// Type for permission ID
 pub type PermissionId = H256;
@@ -246,7 +248,8 @@ impl<T: Config> PermissionContract<T> {
         let delegator = self.delegator.clone();
         let recipients = match &self.scope {
             PermissionScope::Curator(CuratorScope { recipient, .. })
-            | PermissionScope::Namespace(NamespaceScope { recipient, .. }) => {
+            | PermissionScope::Namespace(NamespaceScope { recipient, .. })
+            | PermissionScope::Wallet(WalletScope { recipient, .. }) => {
                 vec![recipient.clone()]
             }
             PermissionScope::Stream(StreamScope { recipients, .. }) => {
@@ -292,7 +295,7 @@ impl<T: Config> PermissionContract<T> {
                         Error::<T>::NotAuthorizedToRevoke
                     );
 
-                    if recipients.len() > 1 {
+                    if recipients.len() > 1usize {
                         remove_recipient_from_indices::<T>(&delegator, caller, permission_id);
 
                         Permissions::<T>::mutate(permission_id, |permission| {
@@ -347,7 +350,8 @@ impl<T: Config> PermissionContract<T> {
     fn cleanup(self, permission_id: H256) -> DispatchResult {
         match &self.scope {
             PermissionScope::Curator(CuratorScope { recipient, .. })
-            | PermissionScope::Namespace(NamespaceScope { recipient, .. }) => {
+            | PermissionScope::Namespace(NamespaceScope { recipient, .. })
+            | PermissionScope::Wallet(WalletScope { recipient, .. }) => {
                 remove_permission_from_indices::<T>(
                     &self.delegator,
                     core::iter::once(recipient),
@@ -377,6 +381,9 @@ impl<T: Config> PermissionContract<T> {
             PermissionScope::Namespace(namespace) => {
                 namespace.cleanup(permission_id, &self.last_execution, &self.delegator);
             }
+            PermissionScope::Wallet(wallet) => {
+                wallet.cleanup(permission_id, &self.last_execution, &self.delegator);
+            }
         }
 
         Ok(())
@@ -394,6 +401,7 @@ pub enum PermissionScope<T: Config> {
     Stream(StreamScope<T>),
     Curator(CuratorScope<T>),
     Namespace(NamespaceScope<T>),
+    Wallet(WalletScope<T>),
 }
 
 #[derive(

pallets/permission0/src/permission/wallet.rs

@@ -0,0 +1,41 @@
+use codec::{Decode, Encode, MaxEncodedLen};
+use polkadot_sdk::frame_support::{CloneNoBound, DebugNoBound, EqNoBound, PartialEqNoBound};
+use scale_info::TypeInfo;
+
+use crate::Config;
+
+#[derive(CloneNoBound, DebugNoBound, Encode, Decode, MaxEncodedLen, TypeInfo)]
+#[scale_info(skip_type_params(T))]
+pub struct WalletScope<T: Config> {
+    pub recipient: T::AccountId,
+    pub r#type: WalletScopeType,
+}
+
+impl<T: Config> WalletScope<T> {
+    /// Cleanup operations when permission is revoked or expired
+    pub(crate) fn cleanup(
+        &self,
+        _permission_id: polkadot_sdk::sp_core::H256,
+        _last_execution: &Option<crate::BlockNumberFor<T>>,
+        _delegator: &T::AccountId,
+    ) {
+        // No actions to perform
+    }
+}
+
+#[derive(CloneNoBound, DebugNoBound, Encode, Decode, MaxEncodedLen, TypeInfo)]
+pub enum WalletScopeType {
+    Stake(WalletStake),
+}
+
+#[derive(
+    CloneNoBound, DebugNoBound, Encode, Decode, MaxEncodedLen, TypeInfo, PartialEqNoBound, EqNoBound,
+)]
+pub struct WalletStake {
+    /// If true, allows the recipient to perform transfer of stake between staked accounts.
+    pub can_transfer_stake: bool,
+    /// If true, this permission holds exclusive access to the delegator stake, meaning that
+    /// the delegator has no right to perform operations over stake (including unstaking)
+    /// while this permission is active.
+    pub exclusive_stake_access: bool,
+}