lnrpc+rpcserver: add QoL flag for permission check

To make it even more obvious that by default the permissions to check
aren't taken from the full method provided, we add a new flag that does
that on request.

Author: guggero

itest/lnd_macaroons_test.go

@@ -12,6 +12,7 @@ import (
 	"github.com/lightningnetwork/lnd/lnrpc"
 	"github.com/lightningnetwork/lnd/lntest"
 	"github.com/lightningnetwork/lnd/lntest/node"
+	"github.com/lightningnetwork/lnd/lntest/wait"
 	"github.com/lightningnetwork/lnd/macaroons"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
@@ -316,6 +317,37 @@ func testMacaroonAuthentication(ht *lntest.HarnessTest) {
 			require.Error(t, err)
 			require.Contains(t, err.Error(), "permission denied")
 		},
+	}, {
+		// Check that with the CheckMacaroonPermissions RPC, we can
+		// check that a macaroon follows the permissions of a given
+		// method.
+		name: "default permissions from full method",
+		run: func(ctxt context.Context, t *testing.T) {
+			// We test that the macaroon of the test client has
+			// all the permissions for calling the BakeMacaroon RPC.
+			mac, err := testNode.ReadMacaroon(
+				testNode.Cfg.AdminMacPath, wait.DefaultTimeout,
+			)
+			require.NoError(t, err)
+
+			macBytes, err := mac.MarshalBinary()
+			require.NoError(t, err)
+
+			checkReq := &lnrpc.CheckMacPermRequest{
+				Macaroon:   macBytes,
+				FullMethod: "/lnrpc.Lightning/BakeMacaroon",
+			}
+			checkReq.CheckDefaultPermsFromFullMethod = true
+
+			// Test that CheckMacaroonPermissions accurately
+			// characterizes macaroon as valid, since the admin
+			// macaroon should have all the permissions.
+			checkResp, err := testClient.CheckMacaroonPermissions(
+				ctxt, checkReq,
+			)
+			require.NoError(t, err)
+			require.Equal(t, checkResp.Valid, true)
+		},
 	}}
 
 	for _, tc := range testCases {