Problem
contracts/restaurant_registry/src/lib.rs:141-176 - set_active() allows either the admin or the restaurant owner to activate/deactivate any restaurant, with no audit trail of who performed the action. A compromised admin key can silently deactivate every restaurant on the platform. There is no distinction between an owner voluntarily closing their restaurant and an admin suspending it.
Proposed Solution
- Add
deactivated_by: Option<Address> and deactivated_at: Option<u64> to the Restaurant struct
- Split
set_active() into:
owner_close_restaurant(env, caller, restaurant_id) - owner-only, permanent closure
admin_suspend_restaurant(env, caller, restaurant_id, reason: Symbol) - admin-only, recoverable
admin_unsuspend_restaurant(env, caller, restaurant_id) - admin-only
- Emit events including caller:
(symbol_short!("rest"), symbol_short!("suspend"), restaurant_id, caller, timestamp)
Acceptance Criteria
Problem
contracts/restaurant_registry/src/lib.rs:141-176-set_active()allows either the admin or the restaurant owner to activate/deactivate any restaurant, with no audit trail of who performed the action. A compromised admin key can silently deactivate every restaurant on the platform. There is no distinction between an owner voluntarily closing their restaurant and an admin suspending it.Proposed Solution
deactivated_by: Option<Address>anddeactivated_at: Option<u64>to theRestaurantstructset_active()into:owner_close_restaurant(env, caller, restaurant_id)- owner-only, permanent closureadmin_suspend_restaurant(env, caller, restaurant_id, reason: Symbol)- admin-only, recoverableadmin_unsuspend_restaurant(env, caller, restaurant_id)- admin-only(symbol_short!("rest"), symbol_short!("suspend"), restaurant_id, caller, timestamp)Acceptance Criteria
admin_suspend_restaurant()(panics with unauthorized)owner_close_restaurant()for a restaurant they don't own