[Work in Progress] add AccountPermission

[yinyiqian1]

spec:
XRPLF/XRPL-Standards#217
XRPLF/XRPL-Standards#218

This PR includes the following changes:

1. Added AccountPermissionSet transaction.
   to enable an account(delegating account) delegate some permissions to another account(delegated account), so that the delegated account can send transactions on behalf of the delegating account.
2. Added Account_Permission ledger object
   The AccountPermissionSet transaction will create AccountPermission ledger object, with keylet(delegating account, delegated account)
3. Added Onbehalf of common field.
4. Permission has two types:
   a. transaction level permission
   b. granular permission which will be part of a transaction

more details:

1. introduced account and isDelegated in PreflightContext, PreclaimContext and ApplyContext. The account is the account which is the transaction being operated on.
2. transactor's member account_ is updated to the account which is the transaction being operated on.
3. a set of Granular Permissions gpSet is added to ApplyContext. It contains the granular permissions enabled for that transaction. But if the transaction is fully delegated, then even there are granular permissions related to that transaction, the gpSet will be cleared up. To be more specific:
   a. isDelegated=true && gpSet not empty: only granular permissions delegated to the transaction
   b. isDelegated=true && gpSet is empty: the transaction is fully delegated
4. only the granular permissions listed in Permissions.cpp are supported, so the unauthorized granular operations and the other parts under these transactions are prohibited under granular permission mode.

High Level Overview of Change

Context of Change

Type of Change

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Refactor (non-breaking change that only restructures code)
• Performance (increase or change in throughput and/or latency)
• Tests (you added tests for code that already exists, or your new feature included in this PR)
• Documentation update
• Chore (no impact to binary, e.g. .gitignore, formatting, dropping support for older tooling)
• Release

API Impact

• Public API: New feature (new methods and/or new fields)
• Public API: Breaking change (in general, breaking changes should only impact the next api_version)
• libxrpl change (any change that may affect libxrpl or dependents of libxrpl)
• Peer protocol change (must be backward compatible or bump the peer protocol version)

[codecov]

Codecov Report

Attention: Patch coverage is 48.30287% with 198 lines in your changes missing coverage. Please review.

Project coverage is 77.6%. Comparing base (838978b) to head (372cc5c).
Report is 1 commits behind head on develop.

Files with missing lines	Patch %	Lines
src/xrpld/app/tx/detail/AccountPermissionSet.cpp	0.0%	59 Missing ⚠️
src/libxrpl/protocol/Permissions.cpp	0.0%	34 Missing ⚠️
src/xrpld/app/tx/detail/Transactor.cpp	8.8%	31 Missing ⚠️
src/xrpld/app/tx/detail/SetTrust.cpp	22.7%	17 Missing ⚠️
src/libxrpl/protocol/STParsedJSON.cpp	23.5%	13 Missing ⚠️
src/xrpld/app/tx/detail/Payment.cpp	20.0%	12 Missing ⚠️
src/xrpld/app/tx/detail/SetAccount.cpp	59.1%	9 Missing ⚠️
src/libxrpl/protocol/Indexes.cpp	0.0%	5 Missing ⚠️
src/xrpld/app/tx/detail/DeleteAccount.cpp	28.6%	5 Missing ⚠️
src/xrpld/app/tx/detail/MPTokenIssuanceSet.cpp	58.3%	5 Missing ⚠️
... and 3 more

Additional details and impacted files

@@            Coverage Diff            @@
##           develop   #5164     +/-   ##
=========================================
- Coverage     77.9%   77.6%   -0.3%     
=========================================
  Files          782     785      +3     
  Lines        66621   66847    +226     
  Branches      8161    8277    +116     
=========================================
- Hits         51902   51897      -5     
- Misses       14719   14950    +231     

Files with missing lines	Coverage Δ
include/xrpl/protocol/Feature.h	100.0% <ø> (ø)
include/xrpl/protocol/Indexes.h	100.0% <ø> (ø)
include/xrpl/protocol/detail/ledger_entries.macro	100.0% <100.0%> (ø)
include/xrpl/protocol/detail/transactions.macro	100.0% <100.0%> (ø)
src/libxrpl/protocol/InnerObjectFormats.cpp	100.0% <100.0%> (ø)
src/libxrpl/protocol/TxFormats.cpp	100.0% <ø> (ø)
src/xrpld/app/tx/applySteps.h	100.0% <100.0%> (ø)
src/xrpld/app/tx/detail/AMMBid.cpp	90.4% <100.0%> (ø)
src/xrpld/app/tx/detail/AMMClawback.cpp	100.0% <100.0%> (ø)
src/xrpld/app/tx/detail/AMMCreate.cpp	90.5% <100.0%> (ø)
... and 45 more

... and 9 files with indirect coverage changes

---- 🚨 Try these New Features:

• Flaky Tests Detection - Detect and resolve failed and flaky tests
• JS Bundle Analysis - Avoid shipping oversized bundles

[shawnxie999]

should probably delete copy and copy assignment constructors

[shawnxie999]

does this still needs to be done?

[shawnxie999]

Suggested change

	return {tefINTERNAL}; // LCOV_EXCL_LINE
	return tecINTERNAL; // LCOV_EXCL_LINE

[yinyiqian1]

updated

[shawnxie999]

Suggested change

	auto page = ctx_.view().dirInsert(
	auto const page = ctx_.view().dirInsert(

[yinyiqian1]

updated

[shawnxie999]

can be refactored like

auto sle = ctx_.view().peek(accountPermissionKey);
if (sle)
{
     auto const& permissions = ctx_.tx.getFieldArray(sfPermissions);
     sle->setFieldArray(sfPermissions, permissions);
     ctx_.view().update(sle); 
     return tesSUCCESS;
}
STAmount const reserve{ctx_.view().fees().accountReserve(
         sleOwner->getFieldU32(sfOwnerCount) + 1)};
 ...

[yinyiqian1]

updated

[shawnxie999]

Suggested change

	auto sle = ctx_.view().peek(accountPermissionKey);
	auto const sle = ctx_.view().peek(accountPermissionKey);

[yinyiqian1]

need to update sle later (sle = std::make_shared<SLE>(accountPermissionKey);). can not be const.

[shawnxie999]

so what's the behavior when someone submits a tx with sfOnBehalfOf but not enabled the amendment? what error code does it return? To me, i feel we should not be throwing a runtime error, because it's a completely acceptable input. pls consider performing this check in the Transactor::preflight1 instead and return an code like temDISABLED

[gregtatcam]

PR description should be added with a link to technical specifications if applicable.

[yinyiqian1]

PR description should be added with a link to technical specifications if applicable.

just added

[yinyiqian1]

FYI: unit test failures are transient, which have passed locally. "ERR:Env Env::close() failed: no response from server"

[gregtatcam]

I took a pass and left a few comments.
My big concern is how sfAccount is obfuscated by sfOnBehalfOf. sfAccount pretty much should never be used in the transactors with some exceptions. It's easy to miss these kind of errors where sfAccount is used instead of the account included in the context.

[gregtatcam]

Does it make sense to make this optional since it could be empty?

[gregtatcam]

Does it make sense to make it optional since it could be empty?

[gregtatcam]

Is gp prefix necessary? Can we just have TrustlineAuthorize, etc?

[gregtatcam]

This value is already used by DEPOSIT_PREAUTH_CREDENTIALS

[gregtatcam]

Is this needed? If the array is invalid it should fail in the array parsing. And if the name is not Permission then it should fail also before it gets to the transactor. Should have a unit-test fo this.

[gregtatcam]

Should be const&. Please check everywhere where an alias variable is used for ctx.account. It should be AccountID const&.

[gregtatcam]

Can simplify here and below.

if (bLock && !ctx.gpSet.contains(gpMPTokenIssuanceLock))

[gregtatcam]

Can simplify here and below:

if (amountIssue.account == account_ &&
        ctx_.gpSet.contains(gpPaymentMint))

[gregtatcam]

Can simplify here and below:

if (bSetAuth &&
        !ctx_.gpSet.contains(gpTrustlineAuthorize))

[gregtatcam]

I can't leave a comment on unchanged lines so commenting here for ValidClawback::finalize:924, which is this line:

 AccountID const issuer = tx.getAccountID(sfAccount);

The issuer in this case could be either sfAccount or sfOnBehalfOf, right?

[yinyiqian1]

This is missed out. I'll also check all the other similar places which is missed out.

[yinyiqian1]

@gregtatcam
I also need to make change to AcceptedLedgerTx.cpp, LedgerToJson.cpp, and NetworkOPs.cpp, because they also check the account id when the transaction type is ttOFFER_CREATE. I'm working on this as well