Skip to content

[CO-06] Add permission separation and audit trail to restaurant_registry admin operations #284

Description

@Leothosine

Problem

contracts/restaurant_registry/src/lib.rs:141-176 - set_active() allows either the admin or the restaurant owner to activate/deactivate any restaurant, with no audit trail of who performed the action. A compromised admin key can silently deactivate every restaurant on the platform. There is no distinction between an owner voluntarily closing their restaurant and an admin suspending it.

Proposed Solution

  1. Add deactivated_by: Option<Address> and deactivated_at: Option<u64> to the Restaurant struct
  2. Split set_active() into:
    • owner_close_restaurant(env, caller, restaurant_id) - owner-only, permanent closure
    • admin_suspend_restaurant(env, caller, restaurant_id, reason: Symbol) - admin-only, recoverable
    • admin_unsuspend_restaurant(env, caller, restaurant_id) - admin-only
  3. Emit events including caller: (symbol_short!("rest"), symbol_short!("suspend"), restaurant_id, caller, timestamp)

Acceptance Criteria

  • Restaurant owner cannot call admin_suspend_restaurant() (panics with unauthorized)
  • Admin can suspend and unsuspend any restaurant
  • Admin cannot call owner_close_restaurant() for a restaurant they don't own
  • All events include the caller address and ledger timestamp
  • Unit tests cover all four actor/action permutations

Metadata

Metadata

Assignees

Labels

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions