add perimission checks to object

[runtian-zhou]

Description

Type of Change

• New feature
• Bug fix
• Breaking change
• Performance improvement
• Refactoring
• Dependency update
• Documentation update
• Tests

Which Components or Systems Does This Change Impact?

• Validator Node
• Full Node (API, Indexer, etc.)
• Move/Aptos Virtual Machine
• Aptos Framework
• Aptos CLI/SDK
• Developer Infrastructure
• Other (specify)

How Has This Been Tested?

Key Areas to Review

Checklist

• I have read and followed the CONTRIBUTING doc
• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas
• I identified and added all stakeholders and component owners affected by this change as reviewers
• I tested both happy and unhappy path of the functionality
• I have made corresponding changes to the documentation

[trunk-io]

⏱️ 1h 39m total CI duration on this PR

Slowest 15 Jobs	Cumulative Duration	Recent Runs
rust-move-unit-coverage	18m	🟩
rust-move-unit-coverage	14m	🟩
rust-move-unit-coverage	14m	🟩
rust-move-tests	10m	🟥
rust-move-tests	9m	🟥
general-lints	7m	🟩 🟩 🟩 🟩
rust-cargo-deny	7m	🟩 🟩 🟩 🟩
rust-move-tests	5m	⬜
rust-move-unit-coverage	5m	⬜
check-dynamic-deps	3m	🟩 🟩 🟩 🟩
rust-move-tests	3m	🟥
semgrep/ci	2m	🟩 🟩 🟩 🟩
file_change_determinator	48s	🟩 🟩 🟩 🟩
file_change_determinator	43s	🟩 🟩 🟩 🟩
permission-check	15s	🟩 🟩 🟩 🟩

_{settings ⋅ feedback ⋅ docs ⋅ learn more about trunk.io}

[runtian-zhou]

Warning

This pull request is not mergeable via GitHub because a downstack PR is open. Once all requirements are satisfied, merge this PR as a stack on Graphite.
Learn more

• Create benchmark #14916
• permission for framework #14605
• add perimission checks to object #14582 👈 (View in Graphite)
• Add permission check to account #14535
• add permissions for fungible assets operation #14567
• [feature] Add permissioned signer functionality #14521
• create permissioned signer example #14469
• main

This stack of pull requests is managed by Graphite. Learn more about stacking.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 59.4%. Comparing base (0161bbf) to head (2431b7b).

Additional details and impacted files

@@                          Coverage Diff                           @@
##           09-04-add_permission_check_to_account   #14582   +/-   ##
======================================================================
  Coverage                                   59.4%    59.4%           
======================================================================
  Files                                        857      857           
  Lines                                     210762   210762           
======================================================================
  Hits                                      125197   125197           
  Misses                                     85565    85565           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[igor-aptos]

whether we want it here or not, from expressiviness of permissions model, we should think of how would it be implemented to have either a global permission to update all tokens, or a specific permission to update a concrete object.

in that case would these be enums, we would be checking both against? or something else more concrete with permissioned_signer?

[igor-aptos]

second I don't think this is the file you want to be adding permissions to - this is an example implementation of tokens on aptos.
aptos-move/framework/aptos-token-objects/sources/token.move and collection.move are the right places