fix: resolve issues #342 #343 #344 #345#369
Open
abrak01 wants to merge 1 commit into
Open
Conversation
…tellar#344 Healthy-Stellar#345 Healthy-Stellar#342 hospital-registry: add before/after audit events to admin functions - Add AuditEvent struct (caller, timestamp, field, old_value, new_value) - Add emit_audit() helper that publishes the event under 'audit' topic - Wire into set_hospital_config, update_departments, update_locations, update_equipment, update_policies, update_alerts, update_insurance_providers, update_billing, update_emergency_protocols Healthy-Stellar#343 multisig-governance: clean up expired proposals from storage - Add ProposalIds DataKey to catalog all proposal IDs at propose time - Add cleanup_expired_proposals() callable by anyone; iterates the catalog, removes entries past their TTL, and returns the count removed Healthy-Stellar#344 access-control: rate-limit consent grant/revoke per block - Add RateLimitExceeded error (code 23) - Add RateLimit(Address, u32) DataKey keyed by (caller, ledger_sequence) - Add check_rate_limit() helper enforcing MAX 10 ops per address per block - Wire into grant_consent and revoke_consent Healthy-Stellar#345 prescription-management: verify provider against provider-registry - Add contractclient trait ProviderRegistryInterface / ProviderRegistryClient - Add ProviderRegistry DataKey to store the registry contract address - Add ProviderNotRegistered error (code 23) - Add initialize(env, provider_registry) to store the registry address - In issue_prescription, call client.is_provider() when registry is set and return ProviderNotRegistered if the check fails
|
@abrak01 Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits. You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
close #342
close #343
close #344
close #345
#369
Summary
This PR fixes four issues across four contracts.
#342 — hospital-registry: before/after audit events on admin functions
Problem: Admin mutation functions emitted only a generic success event with no record of what changed.
Fix:
AuditEventstruct containingcaller,timestamp,field,old_value,new_value.emit_audit()helper that publishes the event under theaudittopic.set_hospital_config,update_departments,update_locations,update_equipment,update_policies,update_alerts,update_insurance_providers,update_billing,update_emergency_protocols.#343 — multisig-governance: clean up expired proposals from storage
Problem: Expired proposals were never deleted, causing unbounded storage growth.
Fix:
ProposalIdsDataKey storing aVec<Symbol>catalog of all proposal IDs.propose_multisig_actionnow appends each new ID to the catalog.cleanup_expired_proposals(env)callable by anyone: iterates the catalog, removes proposals past their TTL from persistent storage, prunes the catalog, emits acleanupevent, and returns the count of removed entries.#344 — access-control: rate limiting for consent grant/revoke
Problem: A single caller could spam thousands of consent records in one block.
Fix:
RateLimitExceedederror (code 23).RateLimit(Address, u32)DataKey keyed by(caller, ledger_sequence).check_rate_limit()helper that reads/increments the per-block counter and returnsRateLimitExceededonce it exceeds 10.grant_consentandrevoke_consentimmediately afterrequire_auth.#345 — prescription-management: cross-contract provider verification
Problem:
issue_prescriptionaccepted anyprovider_idwithout verifying it against the provider-registry.Fix:
#[contractclient]traitProviderRegistryInterfaceexposingis_provider().ProviderRegistryDataKey to store the registry contract address.ProviderNotRegisterederror (code 23).initialize(env, provider_registry: Address)to store the registry address once.issue_prescription, when the registry address is set, callsProviderRegistryClient::is_provider()and returnsProviderNotRegisteredif the check fails.Testing
Cargo is not available in this environment. All changes follow existing patterns in the codebase (e.g.,
contractclientusage mirrorscontracts/medical-claims). Tests should be run in a Rust-enabled CI environment.