drift: access control on market type

anchor/programs/glam/src/instructions/drift.rs

@@ -428,6 +428,14 @@ pub fn drift_place_orders_handler<'c: 'info, 'info>(
     ctx: Context<'_, '_, 'c, 'info, DriftPlaceOrders<'info>>,
     order_params: Vec<OrderParams>,
 ) -> Result<()> {
+    for order in &order_params {
+        let permission = match order.market_type {
+            MarketType::Spot => Permission::DriftSpotMarket,
+            MarketType::Perp => Permission::DriftPerpMarket,
+        };
+        acl::check_access(&ctx.accounts.fund, &ctx.accounts.manager.key, permission)?;
+    }
+
     let fund_key = ctx.accounts.fund.key();
     let seeds = &[
         "treasury".as_bytes(),

anchor/programs/glam/src/state/acl.rs

@@ -20,6 +20,8 @@ pub enum Permission {
     DriftWithdraw,
     DriftPlaceOrders,
     DriftCancelOrders,
+    DriftPerpMarket,
+    DriftSpotMarket,
     Stake, // Stake with marinade or spl/sanctum stake pool programs
     Unstake,
     LiquidUnstake,

anchor/target/idl/glam.json

@@ -3866,48 +3866,58 @@
   "errors": [
     {
       "code": 6000,
-      "name": "CloseNotEmptyError",
-      "msg": "Error closing account: not empty"
+      "name": "FundNotActive",
+      "msg": "Fund is not active"
     },
     {
       "code": 6001,
-      "name": "NotAuthorizedError",
-      "msg": "Error: not authorized"
+      "name": "InvalidShareClass",
+      "msg": "Share class not allowed to subscribe"
     },
     {
       "code": 6002,
-      "name": "InvalidFundName",
-      "msg": "Invalid fund name: max 30 chars"
+      "name": "InvalidAssetSubscribe",
+      "msg": "Asset not allowed to subscribe"
     },
     {
       "code": 6003,
-      "name": "InvalidFundSymbol",
-      "msg": "Too many assets: max 50"
+      "name": "InvalidPricingOracle",
+      "msg": "Invalid oracle for asset price"
     },
     {
       "code": 6004,
-      "name": "InvalidFundUri",
-      "msg": "Too many assets: max 20"
+      "name": "InvalidRemainingAccounts",
+      "msg": "Invalid accounts: the transaction is malformed"
     },
     {
       "code": 6005,
-      "name": "InvalidAssetsLen",
-      "msg": "Too many assets: max 100"
+      "name": "InvalidTreasuryAccount",
+      "msg": "Invalid treasury ata"
     },
     {
       "code": 6006,
-      "name": "InvalidAssetsWeights",
-      "msg": "Number of weights should match number of assets"
+      "name": "InvalidSignerAccount",
+      "msg": "Invalid signer ata"
     },
     {
       "code": 6007,
-      "name": "InvalidAssetForSwap",
-      "msg": "Asset cannot be swapped"
+      "name": "InvalidAssetPrice",
+      "msg": "Invalid asset price"
     },
     {
       "code": 6008,
-      "name": "InvalidSwap",
-      "msg": "Swap failed"
+      "name": "InvalidStableCoinPriceForSubscribe",
+      "msg": "Subscription not allowed: invalid stable coin price"
+    },
+    {
+      "code": 6009,
+      "name": "SubscribeRedeemPaused",
+      "msg": "Fund is paused for subscription and redemption"
+    },
+    {
+      "code": 6010,
+      "name": "InvalidPolicyAccount",
+      "msg": "Policy account is mandatory"
     }
   ],
   "types": [
@@ -5187,6 +5197,12 @@
           {
             "name": "DriftCancelOrders"
           },
+          {
+            "name": "DriftPerpMarket"
+          },
+          {
+            "name": "DriftSpotMarket"
+          },
           {
             "name": "Stake"
           },

anchor/target/types/glam.ts

@@ -3872,48 +3872,58 @@ export type Glam = {
   "errors": [
     {
       "code": 6000,
-      "name": "closeNotEmptyError",
-      "msg": "Error closing account: not empty"
+      "name": "fundNotActive",
+      "msg": "Fund is not active"
     },
     {
       "code": 6001,
-      "name": "notAuthorizedError",
-      "msg": "Error: not authorized"
+      "name": "invalidShareClass",
+      "msg": "Share class not allowed to subscribe"
     },
     {
       "code": 6002,
-      "name": "invalidFundName",
-      "msg": "Invalid fund name: max 30 chars"
+      "name": "invalidAssetSubscribe",
+      "msg": "Asset not allowed to subscribe"
     },
     {
       "code": 6003,
-      "name": "invalidFundSymbol",
-      "msg": "Too many assets: max 50"
+      "name": "invalidPricingOracle",
+      "msg": "Invalid oracle for asset price"
     },
     {
       "code": 6004,
-      "name": "invalidFundUri",
-      "msg": "Too many assets: max 20"
+      "name": "invalidRemainingAccounts",
+      "msg": "Invalid accounts: the transaction is malformed"
     },
     {
       "code": 6005,
-      "name": "invalidAssetsLen",
-      "msg": "Too many assets: max 100"
+      "name": "invalidTreasuryAccount",
+      "msg": "Invalid treasury ata"
     },
     {
       "code": 6006,
-      "name": "invalidAssetsWeights",
-      "msg": "Number of weights should match number of assets"
+      "name": "invalidSignerAccount",
+      "msg": "Invalid signer ata"
     },
     {
       "code": 6007,
-      "name": "invalidAssetForSwap",
-      "msg": "Asset cannot be swapped"
+      "name": "invalidAssetPrice",
+      "msg": "Invalid asset price"
     },
     {
       "code": 6008,
-      "name": "invalidSwap",
-      "msg": "Swap failed"
+      "name": "invalidStableCoinPriceForSubscribe",
+      "msg": "Subscription not allowed: invalid stable coin price"
+    },
+    {
+      "code": 6009,
+      "name": "subscribeRedeemPaused",
+      "msg": "Fund is paused for subscription and redemption"
+    },
+    {
+      "code": 6010,
+      "name": "invalidPolicyAccount",
+      "msg": "Policy account is mandatory"
     }
   ],
   "types": [
@@ -5193,6 +5203,12 @@ export type Glam = {
           {
             "name": "driftCancelOrders"
           },
+          {
+            "name": "driftPerpMarket"
+          },
+          {
+            "name": "driftSpotMarket"
+          },
           {
             "name": "stake"
           },