2017-07-10 04:50:11 -07:00
|
|
|
package roles
|
2017-07-10 10:41:17 -07:00
|
|
|
|
|
|
|
import (
|
|
|
|
"github.com/tendermint/basecoin"
|
|
|
|
"github.com/tendermint/basecoin/stack"
|
|
|
|
"github.com/tendermint/basecoin/state"
|
|
|
|
)
|
|
|
|
|
2017-07-11 05:10:40 -07:00
|
|
|
// Middleware allows us to add a requested role as a permission
|
|
|
|
// if the tx requests it and has sufficient authority
|
2017-07-10 10:41:17 -07:00
|
|
|
type Middleware struct {
|
2017-07-30 14:26:25 -07:00
|
|
|
stack.PassInitState
|
|
|
|
stack.PassInitValidate
|
2017-07-10 10:41:17 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
var _ stack.Middleware = Middleware{}
|
|
|
|
|
2017-07-11 05:10:40 -07:00
|
|
|
// NewMiddleware creates a role-checking middleware
|
2017-07-10 10:41:17 -07:00
|
|
|
func NewMiddleware() Middleware {
|
|
|
|
return Middleware{}
|
|
|
|
}
|
|
|
|
|
|
|
|
// Name - return name space
|
|
|
|
func (Middleware) Name() string {
|
|
|
|
return NameRole
|
|
|
|
}
|
|
|
|
|
2017-07-11 05:10:40 -07:00
|
|
|
// CheckTx tries to assume the named role if requested.
|
|
|
|
// If no role is requested, do nothing.
|
|
|
|
// If insufficient authority to assume the role, return error.
|
2017-07-30 08:45:08 -07:00
|
|
|
func (m Middleware) CheckTx(ctx basecoin.Context, store state.SimpleDB, tx basecoin.Tx, next basecoin.Checker) (res basecoin.CheckResult, err error) {
|
2017-07-11 05:10:40 -07:00
|
|
|
// if this is not an AssumeRoleTx, then continue
|
|
|
|
assume, ok := tx.Unwrap().(AssumeRoleTx)
|
|
|
|
if !ok { // this also breaks the recursion below
|
|
|
|
return next.CheckTx(ctx, store, tx)
|
2017-07-10 10:41:17 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
ctx, err = assumeRole(ctx, store, assume)
|
|
|
|
if err != nil {
|
|
|
|
return res, err
|
|
|
|
}
|
|
|
|
|
2017-07-11 05:10:40 -07:00
|
|
|
// one could add multiple role statements, repeat as needed
|
2017-08-03 10:27:06 -07:00
|
|
|
// charging for each level
|
|
|
|
res, err = m.CheckTx(ctx, store, assume.Tx, next)
|
|
|
|
res.GasAllocated += CostAssume
|
|
|
|
return
|
2017-07-10 10:41:17 -07:00
|
|
|
}
|
|
|
|
|
2017-07-11 05:10:40 -07:00
|
|
|
// DeliverTx tries to assume the named role if requested.
|
|
|
|
// If no role is requested, do nothing.
|
|
|
|
// If insufficient authority to assume the role, return error.
|
2017-07-30 08:45:08 -07:00
|
|
|
func (m Middleware) DeliverTx(ctx basecoin.Context, store state.SimpleDB, tx basecoin.Tx, next basecoin.Deliver) (res basecoin.DeliverResult, err error) {
|
2017-07-11 05:10:40 -07:00
|
|
|
// if this is not an AssumeRoleTx, then continue
|
|
|
|
assume, ok := tx.Unwrap().(AssumeRoleTx)
|
|
|
|
if !ok { // this also breaks the recursion below
|
|
|
|
return next.DeliverTx(ctx, store, tx)
|
2017-07-10 10:41:17 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
ctx, err = assumeRole(ctx, store, assume)
|
|
|
|
if err != nil {
|
|
|
|
return res, err
|
|
|
|
}
|
|
|
|
|
2017-07-11 05:10:40 -07:00
|
|
|
// one could add multiple role statements, repeat as needed
|
|
|
|
return m.DeliverTx(ctx, store, assume.Tx, next)
|
2017-07-10 10:41:17 -07:00
|
|
|
}
|
|
|
|
|
2017-07-26 16:55:05 -07:00
|
|
|
func assumeRole(ctx basecoin.Context, store state.SimpleDB, assume AssumeRoleTx) (basecoin.Context, error) {
|
2017-07-11 05:10:40 -07:00
|
|
|
err := assume.ValidateBasic()
|
2017-07-10 10:41:17 -07:00
|
|
|
if err != nil {
|
2017-07-11 05:10:40 -07:00
|
|
|
return nil, err
|
2017-07-10 10:41:17 -07:00
|
|
|
}
|
|
|
|
|
2017-07-11 06:11:10 -07:00
|
|
|
role, err := loadRole(store, assume.Role)
|
2017-07-10 10:41:17 -07:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
if !role.IsAuthorized(ctx) {
|
|
|
|
return nil, ErrInsufficientSigs()
|
|
|
|
}
|
|
|
|
ctx = ctx.WithPermissions(NewPerm(assume.Role))
|
|
|
|
return ctx, nil
|
|
|
|
}
|