From 39ded52003effe0bedc5865312e2c4139df794ae Mon Sep 17 00:00:00 2001
From: lacoop6tu <burzi.andrea@gmail.com>
Date: Fri, 17 Dec 2021 06:22:46 -0500
Subject: [PATCH] add NFT owner check in Datatoken

---
 src/tokens/Datatoken.ts            |  7 ++++--
 test/unit/tokens/Datatoken.test.ts | 34 +++++++++++++++---------------
 2 files changed, 22 insertions(+), 19 deletions(-)

diff --git a/src/tokens/Datatoken.ts b/src/tokens/Datatoken.ts
index 538449dd..f2cdf636 100644
--- a/src/tokens/Datatoken.ts
+++ b/src/tokens/Datatoken.ts
@@ -40,7 +40,7 @@ export class Datatoken {
   public datatokensEnterpriseAbi: AbiItem | AbiItem[]
   public web3: Web3
   public startBlock: number
-  // public nft: Nft
+  public nft: Nft
 
   /**
    * Instantiate ERC20 DataTokens
@@ -58,7 +58,7 @@ export class Datatoken {
     this.datatokensEnterpriseAbi =
       datatokensEnterpriseAbi || (defaultDatatokensEnterpriseAbi.abi as AbiItem[])
     this.startBlock = startBlock || 0
-    // this.nft = new Nft(this.web3)
+    this.nft = new Nft(this.web3)
   }
 
   /**
@@ -1170,6 +1170,9 @@ export class Datatoken {
     dtAddress: string,
     address: string
   ): Promise<TransactionReceipt> {
+    if(await this.nft.getNftOwner(await this.getNFTAddress(dtAddress)) != address) {
+      throw new Error('Caller is NOT Nft Owner')
+    }
     const dtContract = new this.web3.eth.Contract(this.datatokensAbi, dtAddress)
     
     const estGas = await this.estGasCleanPermissions(dtAddress, address, dtContract)
diff --git a/test/unit/tokens/Datatoken.test.ts b/test/unit/tokens/Datatoken.test.ts
index df807974..641658e0 100644
--- a/test/unit/tokens/Datatoken.test.ts
+++ b/test/unit/tokens/Datatoken.test.ts
@@ -407,29 +407,29 @@ describe('Datatoken', () => {
     assert(buyTx !== null)
   })
 
-  // it('#cleanPermissions - should FAIL to clean permissions at ERC20 level, if NOT NFT Owner', async () => {
-  //   assert((await datatoken.getDTPermissions(datatokenAddress, nftOwner)).minter === true)
+  it('#cleanPermissions - should FAIL to clean permissions at ERC20 level, if NOT NFT Owner', async () => {
+    assert((await datatoken.getDTPermissions(datatokenAddress, nftOwner)).minter === true)
 
-  //   assert((await datatoken.getPaymentCollector(datatokenAddress)) === user3)
+    assert((await datatoken.getPaymentCollector(datatokenAddress)) === user3)
 
-  //   assert(
-  //     (await datatoken.getDTPermissions(datatokenAddress, user1)).paymentManager === true
-  //   )
+    assert(
+      (await datatoken.getDTPermissions(datatokenAddress, user1)).paymentManager === true
+    )
 
-  //   try {await datatoken.cleanPermissions(datatokenAddress, nftOwner)} catch(e){
-  //     assert(e.message === 'Caller is not NFTOwner')
-  //   }
+    try {await datatoken.cleanPermissions(datatokenAddress, user2)} catch(e){
+      assert(e.message === 'Caller is NOT Nft Owner')
+    }
 
-  //   assert((await datatoken.getPaymentCollector(datatokenAddress)) === nftOwner)
+    assert((await datatoken.getPaymentCollector(datatokenAddress)) === user3)
 
-  //   assert(
-  //     (await datatoken.getDTPermissions(datatokenAddress, nftOwner)).minter === false
-  //   )
+    assert(
+      (await datatoken.getDTPermissions(datatokenAddress, nftOwner)).minter === true
+    )
 
-  //   assert(
-  //     (await datatoken.getDTPermissions(datatokenAddress, user1)).paymentManager === false
-  //   )
-  // })
+    assert(
+      (await datatoken.getDTPermissions(datatokenAddress, user1)).paymentManager === true
+    )
+  })
 
 
   it('#cleanPermissions - should clean permissions at ERC20 level', async () => {