Governance: Allow realm authority create governances (#2828)

* feat: make it possible for realm authority to create governances

* chore: refactor create governance authority check into a single instruction

* chore: add tests to create governance with ream authority signer

* chore: make clippy happy

* chore: update comments

* chore: fix merge conflicts

Co-authored-by: Jon Cinque [email protected]

Author: SebastianBor

governance/program/src/instruction.rs

@@ -114,7 +114,7 @@ pub enum GovernanceInstruction {
     ///   0. `[]` Realm account the created Governance belongs to
     ///   1. `[writable]` Account Governance account. PDA seeds: ['account-governance', realm, governed_account]
     ///   2. `[]` Account governed by this Governance
-    ///   3. `[]` Governing TokenOwnerRecord account
+    ///   3. `[]` Governing TokenOwnerRecord account (Used only if not signed by RealmAuthority)
     ///   4. `[signer]` Payer
     ///   5. `[]` System program
     ///   6. `[]` Sysvar Rent
@@ -134,7 +134,7 @@ pub enum GovernanceInstruction {
     ///   2. `[]` Program governed by this Governance account
     ///   3. `[writable]` Program Data account of the Program governed by this Governance account
     ///   4. `[signer]` Current Upgrade Authority account of the Program governed by this Governance account
-    ///   5. `[]` Governing TokenOwnerRecord account     
+    ///    5. `[]` Governing TokenOwnerRecord account (Used only if not signed by RealmAuthority)
     ///   6. `[signer]` Payer
     ///   7. `[]` bpf_upgradeable_loader program
     ///   8. `[]` System program
@@ -345,7 +345,7 @@ pub enum GovernanceInstruction {
     ///   1. `[writable]` Mint Governance account. PDA seeds: ['mint-governance', realm, governed_mint]
     ///   2. `[writable]` Mint governed by this Governance account
     ///   3. `[signer]` Current Mint authority (MintTokens and optionally FreezeAccount)
-    ///   4. `[]` Governing TokenOwnerRecord account    
+    ///   4. `[]` Governing TokenOwnerRecord account (Used only if not signed by RealmAuthority)   
     ///   5. `[signer]` Payer
     ///   6. `[]` SPL Token program
     ///   7. `[]` System program
@@ -371,7 +371,7 @@ pub enum GovernanceInstruction {
     ///   1. `[writable]` Token Governance account. PDA seeds: ['token-governance', realm, governed_token]
     ///   2. `[writable]` Token account governed by this Governance account
     ///   3. `[signer]` Current token account authority (AccountOwner and optionally CloseAccount)
-    ///   4. `[]` Governing TokenOwnerRecord account        
+    ///   4. `[]` Governing TokenOwnerRecord account (Used only if not signed by RealmAuthority)       
     ///   5. `[signer]` Payer
     ///   6. `[]` SPL Token program
     ///   7. `[]` System program
@@ -688,7 +688,7 @@ pub fn create_account_governance(
     governed_account: &Pubkey,
     token_owner_record: &Pubkey,
     payer: &Pubkey,
-    governance_authority: &Pubkey,
+    create_authority: &Pubkey,
     voter_weight_record: Option<Pubkey>,
     // Args
     config: GovernanceConfig,
@@ -704,7 +704,7 @@ pub fn create_account_governance(
         AccountMeta::new(*payer, true),
         AccountMeta::new_readonly(system_program::id(), false),
         AccountMeta::new_readonly(sysvar::rent::id(), false),
-        AccountMeta::new_readonly(*governance_authority, true),
+        AccountMeta::new_readonly(*create_authority, true),
     ];
 
     with_realm_config_accounts(program_id, &mut accounts, realm, voter_weight_record, None);
@@ -728,7 +728,7 @@ pub fn create_program_governance(
     governed_program_upgrade_authority: &Pubkey,
     token_owner_record: &Pubkey,
     payer: &Pubkey,
-    governance_authority: &Pubkey,
+    create_authority: &Pubkey,
     voter_weight_record: Option<Pubkey>,
     // Args
     config: GovernanceConfig,
@@ -749,7 +749,7 @@ pub fn create_program_governance(
         AccountMeta::new_readonly(bpf_loader_upgradeable::id(), false),
         AccountMeta::new_readonly(system_program::id(), false),
         AccountMeta::new_readonly(sysvar::rent::id(), false),
-        AccountMeta::new_readonly(*governance_authority, true),
+        AccountMeta::new_readonly(*create_authority, true),
     ];
 
     with_realm_config_accounts(program_id, &mut accounts, realm, voter_weight_record, None);
@@ -776,7 +776,7 @@ pub fn create_mint_governance(
     governed_mint_authority: &Pubkey,
     token_owner_record: &Pubkey,
     payer: &Pubkey,
-    governance_authority: &Pubkey,
+    create_authority: &Pubkey,
     voter_weight_record: Option<Pubkey>,
     // Args
     config: GovernanceConfig,
@@ -794,7 +794,7 @@ pub fn create_mint_governance(
         AccountMeta::new_readonly(spl_token::id(), false),
         AccountMeta::new_readonly(system_program::id(), false),
         AccountMeta::new_readonly(sysvar::rent::id(), false),
-        AccountMeta::new_readonly(*governance_authority, true),
+        AccountMeta::new_readonly(*create_authority, true),
     ];
 
     with_realm_config_accounts(program_id, &mut accounts, realm, voter_weight_record, None);
@@ -821,7 +821,7 @@ pub fn create_token_governance(
     governed_token_owner: &Pubkey,
     token_owner_record: &Pubkey,
     payer: &Pubkey,
-    governance_authority: &Pubkey,
+    create_authority: &Pubkey,
     voter_weight_record: Option<Pubkey>,
     // Args
     config: GovernanceConfig,
@@ -839,7 +839,7 @@ pub fn create_token_governance(
         AccountMeta::new_readonly(spl_token::id(), false),
         AccountMeta::new_readonly(system_program::id(), false),
         AccountMeta::new_readonly(sysvar::rent::id(), false),
-        AccountMeta::new_readonly(*governance_authority, true),
+        AccountMeta::new_readonly(*create_authority, true),
     ];
 
     with_realm_config_accounts(program_id, &mut accounts, realm, voter_weight_record, None);

governance/program/src/processor/process_create_account_governance.rs

@@ -7,7 +7,6 @@ use crate::state::{
         GovernanceConfig,
     },
     realm::get_realm_data,
-    token_owner_record::get_token_owner_record_data_for_realm,
 };
 use solana_program::{
     account_info::{next_account_info, AccountInfo},
@@ -16,7 +15,7 @@ use solana_program::{
     rent::Rent,
     sysvar::Sysvar,
 };
-use spl_governance_addin_api::voter_weight::VoterWeightAction;
+
 use spl_governance_tools::account::create_and_serialize_account_signed;
 
 /// Processes CreateAccountGovernance instruction
@@ -39,30 +38,20 @@ pub fn process_create_account_governance(
     let rent_sysvar_info = next_account_info(account_info_iter)?; // 6
     let rent = &Rent::from_account_info(rent_sysvar_info)?;
 
-    let governance_authority_info = next_account_info(account_info_iter)?; // 7
+    let create_authority_info = next_account_info(account_info_iter)?; // 7
 
     assert_valid_create_governance_args(program_id, &config, realm_info)?;
 
     let realm_data = get_realm_data(program_id, realm_info)?;
-    let token_owner_record_data =
-        get_token_owner_record_data_for_realm(program_id, token_owner_record_info, realm_info.key)?;
-
-    token_owner_record_data.assert_token_owner_or_delegate_is_signer(governance_authority_info)?;
-
-    let realm_config_info = next_account_info(account_info_iter)?; // 8
 
-    let voter_weight = token_owner_record_data.resolve_voter_weight(
+    realm_data.assert_can_create_governance(
         program_id,
-        realm_config_info,
-        account_info_iter,
-        realm_info.key,
-        &realm_data,
-        VoterWeightAction::CreateGovernance,
         realm_info.key,
+        token_owner_record_info,
+        create_authority_info,
+        account_info_iter, // 8, 9
     )?;
 
-    token_owner_record_data.assert_can_create_governance(&realm_data, voter_weight)?;
-
     let account_governance_data = Governance {
         account_type: GovernanceAccountType::AccountGovernance,
         realm: *realm_info.key,

governance/program/src/processor/process_create_mint_governance.rs

@@ -8,7 +8,6 @@ use crate::{
             GovernanceConfig,
         },
         realm::get_realm_data,
-        token_owner_record::get_token_owner_record_data_for_realm,
     },
     tools::spl_token::{
         assert_spl_token_mint_authority_is_signer, set_spl_token_account_authority,
@@ -22,7 +21,7 @@ use solana_program::{
     rent::Rent,
     sysvar::Sysvar,
 };
-use spl_governance_addin_api::voter_weight::VoterWeightAction;
+
 use spl_governance_tools::account::create_and_serialize_account_signed;
 use spl_token::{instruction::AuthorityType, state::Mint};
 
@@ -51,30 +50,20 @@ pub fn process_create_mint_governance(
     let rent_sysvar_info = next_account_info(account_info_iter)?; // 8
     let rent = &Rent::from_account_info(rent_sysvar_info)?;
 
-    let governance_authority_info = next_account_info(account_info_iter)?; // 9
+    let create_authority_info = next_account_info(account_info_iter)?; // 9
 
     assert_valid_create_governance_args(program_id, &config, realm_info)?;
 
     let realm_data = get_realm_data(program_id, realm_info)?;
-    let token_owner_record_data =
-        get_token_owner_record_data_for_realm(program_id, token_owner_record_info, realm_info.key)?;
-
-    token_owner_record_data.assert_token_owner_or_delegate_is_signer(governance_authority_info)?;
-
-    let realm_config_info = next_account_info(account_info_iter)?; // 10
 
-    let voter_weight = token_owner_record_data.resolve_voter_weight(
+    realm_data.assert_can_create_governance(
         program_id,
-        realm_config_info,
-        account_info_iter,
-        realm_info.key,
-        &realm_data,
-        VoterWeightAction::CreateGovernance,
         realm_info.key,
+        token_owner_record_info,
+        create_authority_info,
+        account_info_iter, // 10, 11
     )?;
 
-    token_owner_record_data.assert_can_create_governance(&realm_data, voter_weight)?;
-
     let mint_governance_data = Governance {
         account_type: GovernanceAccountType::MintGovernance,
         realm: *realm_info.key,

governance/program/src/processor/process_create_program_governance.rs

@@ -9,7 +9,6 @@ use crate::{
             GovernanceConfig,
         },
         realm::get_realm_data,
-        token_owner_record::get_token_owner_record_data_for_realm,
     },
     tools::bpf_loader_upgradeable::{
         assert_program_upgrade_authority_is_signer, set_program_upgrade_authority,
@@ -22,7 +21,7 @@ use solana_program::{
     rent::Rent,
     sysvar::Sysvar,
 };
-use spl_governance_addin_api::voter_weight::VoterWeightAction;
+
 use spl_governance_tools::account::create_and_serialize_account_signed;
 
 /// Processes CreateProgramGovernance instruction
@@ -51,30 +50,20 @@ pub fn process_create_program_governance(
     let rent_sysvar_info = next_account_info(account_info_iter)?; // 9
     let rent = &Rent::from_account_info(rent_sysvar_info)?;
 
-    let governance_authority_info = next_account_info(account_info_iter)?; // 10
+    let create_authority_info = next_account_info(account_info_iter)?; // 10
 
     assert_valid_create_governance_args(program_id, &config, realm_info)?;
 
     let realm_data = get_realm_data(program_id, realm_info)?;
-    let token_owner_record_data =
-        get_token_owner_record_data_for_realm(program_id, token_owner_record_info, realm_info.key)?;
-
-    token_owner_record_data.assert_token_owner_or_delegate_is_signer(governance_authority_info)?;
-
-    let realm_config_info = next_account_info(account_info_iter)?; // 11
 
-    let voter_weight = token_owner_record_data.resolve_voter_weight(
+    realm_data.assert_can_create_governance(
         program_id,
-        realm_config_info,
-        account_info_iter,
-        realm_info.key,
-        &realm_data,
-        VoterWeightAction::CreateGovernance,
         realm_info.key,
+        token_owner_record_info,
+        create_authority_info,
+        account_info_iter, // 10, 11
     )?;
 
-    token_owner_record_data.assert_can_create_governance(&realm_data, voter_weight)?;
-
     let program_governance_data = Governance {
         account_type: GovernanceAccountType::ProgramGovernance,
         realm: *realm_info.key,

governance/program/src/processor/process_create_token_governance.rs

@@ -8,7 +8,6 @@ use crate::{
             GovernanceConfig,
         },
         realm::get_realm_data,
-        token_owner_record::get_token_owner_record_data_for_realm,
     },
     tools::spl_token::{assert_spl_token_owner_is_signer, set_spl_token_account_authority},
 };
@@ -20,7 +19,7 @@ use solana_program::{
     rent::Rent,
     sysvar::Sysvar,
 };
-use spl_governance_addin_api::voter_weight::VoterWeightAction;
+
 use spl_governance_tools::account::create_and_serialize_account_signed;
 use spl_token::{instruction::AuthorityType, state::Account};
 
@@ -49,30 +48,20 @@ pub fn process_create_token_governance(
     let rent_sysvar_info = next_account_info(account_info_iter)?; // 8
     let rent = &Rent::from_account_info(rent_sysvar_info)?;
 
-    let governance_authority_info = next_account_info(account_info_iter)?; // 9
+    let create_authority_info = next_account_info(account_info_iter)?; // 9
 
     assert_valid_create_governance_args(program_id, &config, realm_info)?;
 
     let realm_data = get_realm_data(program_id, realm_info)?;
-    let token_owner_record_data =
-        get_token_owner_record_data_for_realm(program_id, token_owner_record_info, realm_info.key)?;
-
-    token_owner_record_data.assert_token_owner_or_delegate_is_signer(governance_authority_info)?;
-
-    let realm_config_info = next_account_info(account_info_iter)?; //10
 
-    let voter_weight = token_owner_record_data.resolve_voter_weight(
+    realm_data.assert_can_create_governance(
         program_id,
-        realm_config_info,
-        account_info_iter,
-        realm_info.key,
-        &realm_data,
-        VoterWeightAction::CreateGovernance,
         realm_info.key,
+        token_owner_record_info,
+        create_authority_info,
+        account_info_iter, // 10, 11
     )?;
 
-    token_owner_record_data.assert_can_create_governance(&realm_data, voter_weight)?;
-
     let token_governance_data = Governance {
         account_type: GovernanceAccountType::TokenGovernance,
         realm: *realm_info.key,

governance/program/src/state/realm.rs

@@ -1,15 +1,23 @@
 //! Realm Account
 
+use std::slice::Iter;
+
 use borsh::{BorshDeserialize, BorshSchema, BorshSerialize};
 use solana_program::{
-    account_info::AccountInfo, program_error::ProgramError, program_pack::IsInitialized,
+    account_info::{next_account_info, AccountInfo},
+    program_error::ProgramError,
+    program_pack::IsInitialized,
     pubkey::Pubkey,
 };
+use spl_governance_addin_api::voter_weight::VoterWeightAction;
 use spl_governance_tools::account::{assert_is_valid_account, get_account_data, AccountMaxSize};
 
 use crate::{
     error::GovernanceError,
-    state::enums::{GovernanceAccountType, MintMaxVoteWeightSource},
+    state::{
+        enums::{GovernanceAccountType, MintMaxVoteWeightSource},
+        token_owner_record::get_token_owner_record_data_for_realm,
+    },
     PROGRAM_AUTHORITY_SEED,
 };
 
@@ -163,6 +171,47 @@ impl Realm {
 
         Ok(())
     }
+
+    /// Assert the given create authority can create governance
+    pub fn assert_can_create_governance(
+        &self,
+        program_id: &Pubkey,
+        realm: &Pubkey,
+        token_owner_record_info: &AccountInfo,
+        create_authority_info: &AccountInfo,
+        account_info_iter: &mut Iter<AccountInfo>,
+    ) -> Result<(), ProgramError> {
+        // Check if create_authority_info is realm_authority and if yes then it must signed the transaction
+        if self.authority == Some(*create_authority_info.key) {
+            return if !create_authority_info.is_signer {
+                Err(GovernanceError::RealmAuthorityMustSign.into())
+            } else {
+                Ok(())
+            };
+        }
+
+        // If realm_authority hasn't signed then check if TokenOwner or Delegate signed and can crate governance
+        let token_owner_record_data =
+            get_token_owner_record_data_for_realm(program_id, token_owner_record_info, realm)?;
+
+        token_owner_record_data.assert_token_owner_or_delegate_is_signer(create_authority_info)?;
+
+        let realm_config_info = next_account_info(account_info_iter)?;
+
+        let voter_weight = token_owner_record_data.resolve_voter_weight(
+            program_id,
+            realm_config_info,
+            account_info_iter,
+            realm,
+            self,
+            VoterWeightAction::CreateGovernance,
+            realm,
+        )?;
+
+        token_owner_record_data.assert_can_create_governance(self, voter_weight)?;
+
+        Ok(())
+    }
 }
 
 /// Checks whether realm account exists, is initialized and  owned by Governance program