Remove unrestricted powerbox chain

src/delegation/agent.rs

@@ -62,7 +62,7 @@ where
     pub fn delegate(
         &self,
         audience: DID,
-        subject: Option<DID>,
+        subject: &DID,
         via: Option<DID>,
         command: String,
         new_policy: Vec<Predicate>,
@@ -75,25 +75,21 @@ where
         let mut salt = self.did.clone().to_string().into_bytes();
         let nonce = Nonce::generate_12(&mut salt);
 
-        if let Some(ref sub) = subject {
-            if sub == &self.did {
-                let payload: Payload<DID> = Payload {
-                    issuer: self.did.clone(),
-                    audience,
-                    subject,
-                    via,
-                    command,
-                    metadata,
-                    nonce,
-                    expiration: expiration.into(),
-                    not_before: not_before.map(Into::into),
-                    policy: new_policy,
-                };
-
-                return Ok(
-                    Delegation::try_sign(&self.signer, varsig_header, payload).expect("FIXME")
-                );
-            }
+        if *subject == self.did {
+            let payload: Payload<DID> = Payload {
+                issuer: self.did.clone(),
+                audience,
+                subject: Some(subject.clone()),
+                via,
+                command,
+                metadata,
+                nonce,
+                expiration: expiration.into(),
+                not_before: not_before.map(Into::into),
+                policy: new_policy,
+            };
+
+            return Ok(Delegation::try_sign(&self.signer, varsig_header, payload).expect("FIXME"));
         }
 
         let proofs = &self
@@ -109,7 +105,7 @@ where
         let payload: Payload<DID> = Payload {
             issuer: self.did.clone(),
             audience,
-            subject,
+            subject: Some(subject.clone()),
             via,
             command,
             policy,

src/delegation/store/memory.rs

@@ -198,11 +198,10 @@ where
         Ok(())
     }
 
-    // FIXME take a PayloadBuilder
     fn get_chain(
         &self,
         aud: &DID,
-        subject: &Option<DID>,
+        subject: &DID,
         command: String,
         policy: Vec<Predicate>,
         now: SystemTime,
@@ -213,7 +212,10 @@ where
         let read_tx = self.read();
 
         let all_powerlines = read_tx.index.get(&None).unwrap_or(&blank_map);
-        let all_aud_for_subject = read_tx.index.get(subject).unwrap_or(&blank_map);
+        let all_aud_for_subject = read_tx
+            .index
+            .get(&Some(subject.clone()))
+            .unwrap_or(&blank_map);
         let powerline_candidates = all_powerlines.get(aud).unwrap_or(&blank_set);
         let sub_candidates = all_aud_for_subject.get(aud).unwrap_or(&blank_set);
 
@@ -411,13 +413,14 @@ mod tests {
         #[test_log::test]
         fn test_simple_fail() -> TestResult {
             let (server, _server_signer) = gen_did();
+            let (nope, _nope_signer) = gen_did();
 
             let store = MemoryStore::<
                 did::preset::Verifier,
                 varsig::header::Preset,
                 varsig::encoding::Preset,
             >::default();
-            let got = store.get_chain(&server, &None, "/".into(), vec![], SystemTime::now())?;
+            let got = store.get_chain(&server, &nope, "/".into(), vec![], SystemTime::now())?;
 
             pretty::assert_eq!(got, None);
             Ok(())
@@ -449,7 +452,7 @@ mod tests {
 
             store.insert(deleg.clone())?;
 
-            let got = store.get_chain(&bob, &Some(alice), "/".into(), vec![], SystemTime::now())?;
+            let got = store.get_chain(&bob, &alice, "/".into(), vec![], SystemTime::now())?;
             pretty::assert_eq!(got, Some(nonempty![(deleg.cid()?, Arc::new(deleg))].into()));
             Ok(())
         }
@@ -509,7 +512,7 @@ mod tests {
 
             store.insert(more_noise.clone())?;
 
-            let got = store.get_chain(&bob, &Some(alice), "/".into(), vec![], SystemTime::now())?;
+            let got = store.get_chain(&bob, &alice, "/".into(), vec![], SystemTime::now())?;
             pretty::assert_eq!(got, Some(nonempty![(deleg.cid()?, Arc::new(deleg))].into()));
             Ok(())
         }
@@ -555,8 +558,7 @@ mod tests {
 
             store.insert(deleg_2.clone())?;
 
-            let got =
-                store.get_chain(&carol, &Some(alice), "/".into(), vec![], SystemTime::now())?;
+            let got = store.get_chain(&carol, &alice, "/".into(), vec![], SystemTime::now())?;
 
             pretty::assert_eq!(
                 got,
@@ -614,7 +616,7 @@ mod tests {
 
             let got = store.get_chain(
                 &carol,
-                &Some(alice),
+                &alice,
                 "/test/me/now".into(),
                 vec![],
                 SystemTime::now(),
@@ -677,7 +679,7 @@ mod tests {
 
             let got = store.get_chain(
                 &carol,
-                &Some(alice),
+                &alice,
                 "/test/me/now".into(),
                 vec![],
                 SystemTime::now(),
@@ -751,7 +753,7 @@ mod tests {
             store.insert(alice_to_bob.clone())?;
 
             let got: Vec<Cid> = store
-                .get_chain(&dave, &Some(alice), "/".into(), vec![], SystemTime::now())
+                .get_chain(&dave, &alice, "/".into(), vec![], SystemTime::now())
                 .map_err(|e| e.to_string())?
                 .ok_or("failed during proof lookup")?
                 .iter()
@@ -835,13 +837,7 @@ mod tests {
             store.insert(alice_to_bob.clone())?;
 
             let got: Vec<Cid> = store
-                .get_chain(
-                    &dave,
-                    &Some(alice.clone()),
-                    "/".into(),
-                    vec![],
-                    SystemTime::now(),
-                )
+                .get_chain(&dave, &alice.clone(), "/".into(), vec![], SystemTime::now())
                 .map_err(|e| e.to_string())?
                 .ok_or("failed during proof lookup")?
                 .iter()

src/delegation/store/traits.rs

@@ -49,7 +49,7 @@ where
     fn get_chain(
         &self,
         audience: &DID,
-        subject: &Option<DID>,
+        subject: &DID,
         command: String,
         policy: Vec<Predicate>,
         now: SystemTime,
@@ -58,7 +58,7 @@ where
     fn get_chain_cids(
         &self,
         audience: &DID,
-        subject: &Option<DID>,
+        subject: &DID,
         command: String,
         policy: Vec<Predicate>,
         now: SystemTime,
@@ -75,7 +75,7 @@ where
         policy: Vec<Predicate>,
         now: SystemTime,
     ) -> Result<bool, Self::DelegationStoreError> {
-        self.get_chain(audience, &Some(issuer), command, policy, now)
+        self.get_chain(audience, &issuer, command, policy, now)
             .map(|chain| chain.is_some())
     }
 
@@ -124,7 +124,7 @@ where
     fn get_chain(
         &self,
         audience: &DID,
-        subject: &Option<DID>,
+        subject: &DID,
         command: String,
         policy: Vec<Predicate>,
         now: SystemTime,

src/invocation/agent.rs

@@ -104,7 +104,7 @@ where
             self.delegation_store
                 .get_chain(
                     &self.did,
-                    &Some(subject.clone()),
+                    &subject.clone(),
                     ability.to_command(),
                     vec![],
                     now,
@@ -695,7 +695,7 @@ mod tests {
             let chain_for_dnslink: Vec<Cid> = del_store
                 .get_chain(
                     &device,
-                    &Some(dnslink.clone()),
+                    &dnslink.clone(),
                     "/".into(),
                     vec![],
                     SystemTime::now(),