Skip to content

feat: implement authorization checks for group member management#94

Merged
Abd-Standard merged 1 commit into
Core-Foundry:mainfrom
A-one-tech:Notify-Chain
Jun 19, 2026
Merged

feat: implement authorization checks for group member management#94
Abd-Standard merged 1 commit into
Core-Foundry:mainfrom
A-one-tech:Notify-Chain

Conversation

@A-one-tech

@A-one-tech A-one-tech commented Jun 19, 2026

Copy link
Copy Markdown

closes #84

PR Summary

Title

Enhance AutoShare access control and add on-chain authorization failure event

Summary

This PR tightens permissions in the AutoShare Soroban contract by preventing unauthorized accounts from modifying group membership. It adds an explicit AuthorizationFailure event, improves admin permission checks, and updates the contract interface and tests to support the new authorization flow.

Why

The contract previously allowed add_group_member to be called without verifying that the caller was the group creator, creating an access control gap. This PR ensures unauthorized actions revert cleanly and adds on-chain telemetry for authorization failures.

Key Changes

  • Added AuthorizationFailure event type in contract/contracts/hello-world/src/base/events.rs
  • Added publish_authorization_failure helper in autoshare_logic.rs
  • Tightened require_admin to publish a failure event and return Unauthorized
  • Enforced creator-only access for add_group_member in contract/contracts/hello-world/src/autoshare_logic.rs
  • Updated public contract method signature in contract/contracts/hello-world/src/lib.rs
  • Updated the contract interface trait in contract/contracts/hello-world/src/interfaces/autoshare.rs
  • Updated tests in contract/contracts/hello-world/src/tests/autoshare_test.rs and contract/contracts/hello-world/src/tests/pause_test.rs

Files Changed

  • contract/contracts/hello-world/src/base/events.rs
  • contract/contracts/hello-world/src/autoshare_logic.rs
  • contract/contracts/hello-world/src/lib.rs
  • contract/contracts/hello-world/src/interfaces/autoshare.rs
  • contract/contracts/hello-world/src/tests/autoshare_test.rs
  • contract/contracts/hello-world/src/tests/pause_test.rs

Testing

  • Ran cargo test in contract/contracts/hello-world
  • Result: 95 passed

Notes

  • This change is backwards compatible for existing read-only flows.
  • The update improves off-chain observability by emitting auth failure events that can be consumed by notification and monitoring systems.

@Abd-Standard Abd-Standard merged commit 9b472f1 into Core-Foundry:main Jun 19, 2026
0 of 2 checks passed
@grantfox-oss grantfox-oss Bot mentioned this pull request Jun 19, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Contracts] Restrict Unauthorized Template Registration

3 participants

@A-one-tech @Abd-Standard @WisdomAvan