2019-03-14 23:41:04 -07:00
|
|
|
pragma solidity ^0.5.3;
|
|
|
|
|
|
|
|
import "./RoleManager.sol";
|
|
|
|
import "./AccountManager.sol";
|
|
|
|
import "./VoterManager.sol";
|
|
|
|
import "./NodeManager.sol";
|
|
|
|
import "./OrgManager.sol";
|
2019-03-15 02:26:57 -07:00
|
|
|
import "./PermissionsUpgradable.sol";
|
2019-03-14 23:41:04 -07:00
|
|
|
|
2019-07-19 01:16:50 -07:00
|
|
|
/// @title Permissions Implementation Contract
|
|
|
|
/// @notice This contract holds implementation logic for all permissions
|
|
|
|
/// @notice related functionality. This can be called only by the interface
|
|
|
|
/// @notice contract.
|
2019-03-14 23:41:04 -07:00
|
|
|
contract PermissionsImplementation {
|
|
|
|
AccountManager private accounts;
|
|
|
|
RoleManager private roles;
|
|
|
|
VoterManager private voter;
|
|
|
|
NodeManager private nodes;
|
|
|
|
OrgManager private org;
|
2019-03-19 02:15:51 -07:00
|
|
|
PermissionsUpgradable private permUpgradable;
|
|
|
|
|
2019-03-14 23:41:04 -07:00
|
|
|
string private adminOrg;
|
|
|
|
string private adminRole;
|
|
|
|
string private orgAdminRole;
|
|
|
|
|
2019-04-08 07:26:13 -07:00
|
|
|
|
2019-03-14 23:41:04 -07:00
|
|
|
uint private fullAccess = 3;
|
|
|
|
|
2019-07-19 01:16:50 -07:00
|
|
|
/// @dev this variable is meant for tracking the initial network boot up
|
|
|
|
/// @dev once the network boot up is done the value is set to true
|
2019-03-14 23:41:04 -07:00
|
|
|
bool private networkBoot = false;
|
|
|
|
|
2019-06-03 00:24:31 -07:00
|
|
|
// Modifiers
|
2019-07-19 01:16:50 -07:00
|
|
|
/// @notice modifier to confirm that caller is the interface contract
|
|
|
|
modifier onlyInterface{
|
|
|
|
require(msg.sender == permUpgradable.getPermInterface(),
|
|
|
|
"can be called by interface contract only");
|
2019-03-15 02:26:57 -07:00
|
|
|
_;
|
|
|
|
}
|
2019-07-19 01:16:50 -07:00
|
|
|
/// @notice modifier to confirm that caller is the upgradable contract
|
2019-06-03 00:24:31 -07:00
|
|
|
modifier onlyUpgradeable {
|
|
|
|
require(msg.sender == address(permUpgradable));
|
|
|
|
_;
|
|
|
|
}
|
|
|
|
|
2019-07-19 01:16:50 -07:00
|
|
|
/// @notice confirms if the network boot status is equal to passed value
|
|
|
|
/// @param _status true/false
|
|
|
|
modifier networkBootStatus(bool _status){
|
2019-03-28 02:53:11 -07:00
|
|
|
require(networkBoot == _status, "Incorrect network boot status");
|
2019-03-14 23:41:04 -07:00
|
|
|
_;
|
|
|
|
}
|
2019-05-10 00:17:01 -07:00
|
|
|
|
2019-07-19 01:16:50 -07:00
|
|
|
/// @notice confirms that the account passed is network admin account
|
|
|
|
/// @param _account account id
|
2019-03-14 23:41:04 -07:00
|
|
|
modifier networkAdmin(address _account) {
|
2019-07-19 01:16:50 -07:00
|
|
|
require(isNetworkAdmin(_account) == true, "account is not a network admin account");
|
2019-03-14 23:41:04 -07:00
|
|
|
_;
|
|
|
|
}
|
|
|
|
|
2019-07-19 01:16:50 -07:00
|
|
|
/// @notice confirms that the account passed is org admin account
|
|
|
|
/// @param _account account id
|
|
|
|
/// @param _orgId org id to which the account belongs
|
2019-03-14 23:41:04 -07:00
|
|
|
modifier orgAdmin(address _account, string memory _orgId) {
|
2019-07-19 01:16:50 -07:00
|
|
|
require(isOrgAdmin(_account, _orgId) == true, "account is not a org admin account");
|
2019-03-14 23:41:04 -07:00
|
|
|
_;
|
|
|
|
}
|
|
|
|
|
2019-07-19 01:16:50 -07:00
|
|
|
/// @notice confirms that org does not exist
|
|
|
|
/// @param _orgId org id
|
2019-03-14 23:41:04 -07:00
|
|
|
modifier orgNotExists(string memory _orgId) {
|
2019-07-19 01:16:50 -07:00
|
|
|
require(_checkOrgExists(_orgId) != true, "org exists");
|
2019-03-14 23:41:04 -07:00
|
|
|
_;
|
|
|
|
}
|
|
|
|
|
2019-07-19 01:16:50 -07:00
|
|
|
/// @notice confirms that org exists
|
|
|
|
/// @param _orgId org id
|
2019-03-14 23:41:04 -07:00
|
|
|
modifier orgExists(string memory _orgId) {
|
2019-07-19 01:16:50 -07:00
|
|
|
require(_checkOrgExists(_orgId) == true, "org does not exist");
|
2019-03-14 23:41:04 -07:00
|
|
|
_;
|
|
|
|
}
|
|
|
|
|
2019-07-19 01:16:50 -07:00
|
|
|
/// @notice checks of the passed org id is in approved status
|
|
|
|
/// @param _orgId org id
|
2019-03-14 23:41:04 -07:00
|
|
|
modifier orgApproved(string memory _orgId) {
|
2019-07-19 01:16:50 -07:00
|
|
|
require(checkOrgApproved(_orgId) == true, "org not in approved status");
|
2019-03-14 23:41:04 -07:00
|
|
|
_;
|
|
|
|
}
|
|
|
|
|
2019-07-19 01:16:50 -07:00
|
|
|
/// @notice constructor accepts the contracts addresses of other deployed
|
|
|
|
/// @notice contracts of the permissions model
|
|
|
|
/// @param _permUpgradable - address of permissions upgradable contract
|
|
|
|
/// @param _orgManager - address of org manager contract
|
|
|
|
/// @param _rolesManager - address of role manager contract
|
|
|
|
/// @param _acctManager - address of account manager contract
|
|
|
|
/// @param _voterManager - address of voter manager contract
|
|
|
|
/// @param _nodeManager - address of node manager contract
|
|
|
|
constructor (address _permUpgradable, address _orgManager, address _rolesManager,
|
|
|
|
address _acctManager, address _voterManager, address _nodeManager) public {
|
2019-03-19 02:15:51 -07:00
|
|
|
permUpgradable = PermissionsUpgradable(_permUpgradable);
|
2019-06-02 22:37:23 -07:00
|
|
|
org = OrgManager(_orgManager);
|
|
|
|
roles = RoleManager(_rolesManager);
|
|
|
|
accounts = AccountManager(_acctManager);
|
|
|
|
voter = VoterManager(_voterManager);
|
|
|
|
nodes = NodeManager(_nodeManager);
|
2019-03-15 02:26:57 -07:00
|
|
|
}
|
2019-03-14 23:41:04 -07:00
|
|
|
|
2019-04-08 01:57:36 -07:00
|
|
|
// initial set up related functions
|
2019-07-19 01:16:50 -07:00
|
|
|
/// @notice for permissions its necessary to define the initial admin org
|
|
|
|
/// @notice id, network admin role id and default org admin role id. this
|
|
|
|
/// @notice sets these values at the time of network boot up
|
|
|
|
/// @param _nwAdminOrg - address of permissions upgradable contract
|
|
|
|
/// @param _nwAdminRole - address of org manager contract
|
|
|
|
/// @param _oAdminRole - address of role manager contract
|
|
|
|
/// @dev this function will be executed only once as part of the boot up
|
|
|
|
function setPolicy(string calldata _nwAdminOrg, string calldata _nwAdminRole,
|
|
|
|
string calldata _oAdminRole) external onlyInterface
|
|
|
|
networkBootStatus(false) {
|
2019-03-14 23:41:04 -07:00
|
|
|
adminOrg = _nwAdminOrg;
|
|
|
|
adminRole = _nwAdminRole;
|
|
|
|
orgAdminRole = _oAdminRole;
|
|
|
|
}
|
|
|
|
|
2019-07-19 01:16:50 -07:00
|
|
|
/// @notice when migrating implementation contract, the values of these
|
|
|
|
/// @notice key values need to be set from the previous implementation
|
|
|
|
/// @notice contract. this function allows these values to be set
|
|
|
|
/// @param _nwAdminOrg - address of permissions upgradable contract
|
|
|
|
/// @param _nwAdminRole - address of org manager contract
|
|
|
|
/// @param _oAdminRole - address of role manager contract
|
|
|
|
/// @param _networkBootStatus - network boot status true/false
|
|
|
|
function setMigrationPolicy(string calldata _nwAdminOrg, string calldata _nwAdminRole,
|
|
|
|
string calldata _oAdminRole, bool _networkBootStatus) external onlyUpgradeable
|
|
|
|
networkBootStatus(false) {
|
2019-06-03 00:24:31 -07:00
|
|
|
adminOrg = _nwAdminOrg;
|
|
|
|
adminRole = _nwAdminRole;
|
|
|
|
orgAdminRole = _oAdminRole;
|
|
|
|
networkBoot = _networkBootStatus;
|
|
|
|
}
|
|
|
|
|
2019-07-19 01:16:50 -07:00
|
|
|
/// @notice called at the time of network initialization. sets up
|
|
|
|
/// @notice network admin org with allowed sub org depth and breadth
|
|
|
|
/// @notice creates the network admin for the network admin org
|
|
|
|
/// @notice sets the default values required by account manager contract
|
|
|
|
/// @param _breadth - number of sub orgs allowed at parent level
|
|
|
|
/// @param _depth - levels of sub org nesting allowed at parent level
|
2019-06-02 22:37:23 -07:00
|
|
|
function init(uint _breadth, uint _depth) external
|
2019-07-19 01:16:50 -07:00
|
|
|
onlyInterface
|
|
|
|
networkBootStatus(false) {
|
2019-04-14 21:32:06 -07:00
|
|
|
org.setUpOrg(adminOrg, _breadth, _depth);
|
2019-04-26 01:35:51 -07:00
|
|
|
roles.addRole(adminRole, adminOrg, fullAccess, true, true);
|
2019-03-14 23:41:04 -07:00
|
|
|
accounts.setDefaults(adminRole, orgAdminRole);
|
|
|
|
}
|
2019-07-19 01:16:50 -07:00
|
|
|
/// @notice as a part of network initialization add all nodes which
|
|
|
|
/// @notice are part of static-nodes.json as nodes belonging to
|
|
|
|
/// @notice network admin org
|
|
|
|
/// @param _enodeId - full enode id
|
|
|
|
function addAdminNode(string calldata _enodeId) external
|
|
|
|
onlyInterface
|
|
|
|
networkBootStatus(false) {
|
2019-03-28 02:53:11 -07:00
|
|
|
nodes.addAdminNode(_enodeId, adminOrg);
|
2019-03-14 23:41:04 -07:00
|
|
|
}
|
|
|
|
|
2019-07-19 01:16:50 -07:00
|
|
|
/// @notice as a part of network initialization add all accounts which are
|
|
|
|
/// @notice passed via permission-config.json as network administrator
|
|
|
|
/// @notice accounts
|
|
|
|
/// @param _account - account id
|
|
|
|
function addAdminAccount(address _account) external
|
|
|
|
onlyInterface
|
|
|
|
networkBootStatus(false) {
|
|
|
|
updateVoterList(adminOrg, _account, true);
|
|
|
|
accounts.assignAdminRole(_account, adminOrg, adminRole, 2);
|
2019-03-14 23:41:04 -07:00
|
|
|
}
|
|
|
|
|
2019-07-19 01:16:50 -07:00
|
|
|
/// @notice once the network initialization is complete, sets the network
|
|
|
|
/// @notice boot status to true
|
|
|
|
/// @return network boot status
|
|
|
|
/// @dev this will be called only once from geth as a part of
|
|
|
|
/// @dev network initialization
|
2019-03-14 23:41:04 -07:00
|
|
|
function updateNetworkBootStatus() external
|
2019-07-19 01:16:50 -07:00
|
|
|
onlyInterface
|
2019-03-28 02:53:11 -07:00
|
|
|
networkBootStatus(false)
|
2019-07-19 01:16:50 -07:00
|
|
|
returns (bool){
|
2019-03-14 23:41:04 -07:00
|
|
|
networkBoot = true;
|
|
|
|
return networkBoot;
|
|
|
|
}
|
|
|
|
|
2019-07-19 01:16:50 -07:00
|
|
|
/// @notice function to add a new organization to the network. creates org
|
|
|
|
/// @notice record and marks it as pending approval. adds the passed node
|
|
|
|
/// @notice node manager contract. adds the account with org admin role to
|
|
|
|
/// @notice account manager contracts. creates voting record for approval
|
|
|
|
/// @notice by other network admin accounts
|
|
|
|
/// @param _orgId unique organization id
|
|
|
|
/// @param _enodeId full enode id linked to the organization
|
|
|
|
/// @param _account account id. this will have the org admin privileges
|
|
|
|
function addOrg(string calldata _orgId, string calldata _enodeId,
|
|
|
|
address _account, address _caller) external
|
|
|
|
onlyInterface
|
2019-03-28 02:53:11 -07:00
|
|
|
networkBootStatus(true)
|
2019-07-19 01:16:50 -07:00
|
|
|
networkAdmin(_caller) {
|
2019-04-08 23:58:30 -07:00
|
|
|
voter.addVotingItem(adminOrg, _orgId, _enodeId, _account, 1);
|
|
|
|
org.addOrg(_orgId);
|
2019-04-08 07:26:13 -07:00
|
|
|
nodes.addNode(_enodeId, _orgId);
|
2019-07-19 01:16:50 -07:00
|
|
|
require(validateAccount(_account, _orgId) == true,
|
|
|
|
"Operation cannot be performed");
|
2019-04-23 23:40:28 -07:00
|
|
|
accounts.assignAdminRole(_account, _orgId, orgAdminRole, 1);
|
2019-03-14 23:41:04 -07:00
|
|
|
}
|
|
|
|
|
2019-07-19 01:16:50 -07:00
|
|
|
/// @notice functions to approve a pending approval org record by networ
|
|
|
|
/// @notice admin account. once majority votes are received the org is
|
|
|
|
/// @notice marked as approved
|
|
|
|
/// @param _orgId unique organization id
|
|
|
|
/// @param _enodeId full enode id linked to the organization
|
|
|
|
/// @param _account account id this will have the org admin privileges
|
|
|
|
function approveOrg(string calldata _orgId, string calldata _enodeId,
|
|
|
|
address _account, address _caller) external onlyInterface networkAdmin(_caller) {
|
|
|
|
require(_checkOrgStatus(_orgId, 1) == true, "Nothing to approve");
|
2019-03-28 02:53:11 -07:00
|
|
|
if ((processVote(adminOrg, _caller, 1))) {
|
2019-03-14 23:41:04 -07:00
|
|
|
org.approveOrg(_orgId);
|
2019-04-26 01:35:51 -07:00
|
|
|
roles.addRole(orgAdminRole, _orgId, fullAccess, true, true);
|
2019-03-28 02:53:11 -07:00
|
|
|
nodes.approveNode(_enodeId, _orgId);
|
2019-04-23 23:40:28 -07:00
|
|
|
accounts.addNewAdmin(_orgId, _account);
|
2019-03-14 23:41:04 -07:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2019-07-19 01:16:50 -07:00
|
|
|
/// @notice function to create a sub org under a given parent org.
|
|
|
|
/// @param _pOrgId parent org id under which the sub org is being added
|
|
|
|
/// @param _orgId unique id for the sub organization
|
|
|
|
/// @param _enodeId full enode id linked to the sjb organization
|
|
|
|
/// @dev _enodeId is optional. parent org id should contain the complete
|
|
|
|
/// @dev org hierarchy from master org id to the immediate parent. The org
|
|
|
|
/// @dev hierarchy is separated by .. For example, if master org ABC has a
|
|
|
|
/// @dev sub organization SUB1, then while creating the sub organization at
|
|
|
|
/// @dev SUB1 level, the parent org should be given as ABC.SUB1
|
|
|
|
function addSubOrg(string calldata _pOrgId, string calldata _orgId,
|
|
|
|
string calldata _enodeId, address _caller) external onlyInterface
|
|
|
|
orgExists(_pOrgId) orgAdmin(_caller, _pOrgId) {
|
|
|
|
org.addSubOrg(_pOrgId, _orgId);
|
|
|
|
string memory pOrgId = string(abi.encode(_pOrgId, ".", _orgId));
|
2019-04-08 23:58:30 -07:00
|
|
|
if (bytes(_enodeId).length > 0) {
|
2019-07-19 01:16:50 -07:00
|
|
|
nodes.addOrgNode(_enodeId, pOrgId);
|
2019-04-08 23:58:30 -07:00
|
|
|
}
|
2019-04-03 07:25:01 -07:00
|
|
|
}
|
|
|
|
|
2019-07-19 01:16:50 -07:00
|
|
|
/// @notice function to update the org status. it updates the org status
|
|
|
|
/// @notice and adds a voting item for network admins to approve
|
|
|
|
/// @param _orgId unique id of the organization
|
|
|
|
/// @param _action 1 for suspending an org and 2 for revoke of suspension
|
|
|
|
function updateOrgStatus(string calldata _orgId, uint _action, address _caller)
|
|
|
|
external onlyInterface networkAdmin(_caller) {
|
2019-03-28 02:53:11 -07:00
|
|
|
uint pendingOp;
|
2019-05-12 23:15:09 -07:00
|
|
|
pendingOp = org.updateOrg(_orgId, _action);
|
2019-03-28 02:53:11 -07:00
|
|
|
voter.addVotingItem(adminOrg, _orgId, "", address(0), pendingOp);
|
|
|
|
}
|
|
|
|
|
2019-07-19 01:16:50 -07:00
|
|
|
/// @notice function to approve org status change. the org status is
|
|
|
|
/// @notice changed once the majority votes are received from network
|
|
|
|
/// @notice admin accounts.
|
|
|
|
/// @param _orgId unique id for the sub organization
|
|
|
|
/// @param _action 1 for suspending an org and 2 for revoke of suspension
|
|
|
|
function approveOrgStatus(string calldata _orgId, uint _action, address _caller)
|
|
|
|
external onlyInterface networkAdmin(_caller) {
|
2019-05-12 23:15:09 -07:00
|
|
|
require((_action == 1 || _action == 2), "Operation not allowed");
|
2019-03-28 02:53:11 -07:00
|
|
|
uint pendingOp;
|
2019-05-12 23:15:09 -07:00
|
|
|
uint orgStatus;
|
|
|
|
if (_action == 1) {
|
2019-03-28 02:53:11 -07:00
|
|
|
pendingOp = 2;
|
2019-05-12 23:15:09 -07:00
|
|
|
orgStatus = 3;
|
2019-03-28 02:53:11 -07:00
|
|
|
}
|
2019-05-12 23:15:09 -07:00
|
|
|
else if (_action == 2) {
|
2019-03-28 02:53:11 -07:00
|
|
|
pendingOp = 3;
|
2019-05-12 23:15:09 -07:00
|
|
|
orgStatus = 5;
|
2019-03-28 02:53:11 -07:00
|
|
|
}
|
2019-07-19 01:16:50 -07:00
|
|
|
require(_checkOrgStatus(_orgId, orgStatus) == true, "operation not allowed");
|
2019-04-02 19:13:05 -07:00
|
|
|
if ((processVote(adminOrg, _caller, pendingOp))) {
|
2019-05-12 23:15:09 -07:00
|
|
|
org.approveOrgStatusUpdate(_orgId, _action);
|
2019-03-28 02:53:11 -07:00
|
|
|
}
|
|
|
|
}
|
2019-03-14 23:41:04 -07:00
|
|
|
|
|
|
|
// Role related functions
|
2019-05-10 00:17:01 -07:00
|
|
|
|
2019-07-19 01:16:50 -07:00
|
|
|
/// @notice function to add new role definition to an organization
|
|
|
|
/// @notice can be executed by the org admin account only
|
|
|
|
/// @param _roleId unique id for the role
|
|
|
|
/// @param _orgId unique id of the organization to which the role belongs
|
|
|
|
/// @param _access 0-ReadOnly, 1-Transact, 2-ContractDeploy, 3-FullAccess
|
|
|
|
/// @param _voter bool indicates if the role is voter role or not
|
|
|
|
/// @param _admin bool indicates if the role is an admin role
|
|
|
|
function addNewRole(string calldata _roleId, string calldata _orgId,
|
|
|
|
uint _access, bool _voter, bool _admin, address _caller) external
|
|
|
|
onlyInterface orgApproved(_orgId) orgAdmin(_caller, _orgId) {
|
2019-03-14 23:41:04 -07:00
|
|
|
//add new roles can be created by org admins only
|
2019-04-26 01:35:51 -07:00
|
|
|
roles.addRole(_roleId, _orgId, _access, _voter, _admin);
|
2019-03-14 23:41:04 -07:00
|
|
|
}
|
|
|
|
|
2019-07-19 01:16:50 -07:00
|
|
|
/// @notice function to remove a role definition from an organization
|
|
|
|
/// @notice can be executed by the org admin account only
|
|
|
|
/// @param _roleId unique id for the role
|
|
|
|
/// @param _orgId unique id of the organization to which the role belongs
|
|
|
|
function removeRole(string calldata _roleId, string calldata _orgId,
|
|
|
|
address _caller) external onlyInterface orgApproved(_orgId)
|
|
|
|
orgAdmin(_caller, _orgId) {
|
|
|
|
require(((keccak256(abi.encode(_roleId)) != keccak256(abi.encode(adminRole))) &&
|
|
|
|
(keccak256(abi.encode(_roleId)) != keccak256(abi.encode(orgAdminRole)))),
|
|
|
|
"admin roles cannot be removed");
|
2019-03-14 23:41:04 -07:00
|
|
|
roles.removeRole(_roleId, _orgId);
|
2019-04-04 03:25:43 -07:00
|
|
|
}
|
2019-03-14 23:41:04 -07:00
|
|
|
|
2019-04-08 01:57:36 -07:00
|
|
|
// Account related functions
|
2019-07-19 01:16:50 -07:00
|
|
|
/// @notice function to assign network admin/org admin role to an account
|
|
|
|
/// @notice this can be executed by network admin accounts only. it assigns
|
|
|
|
/// @notice the role to the accounts and creates voting record for network
|
|
|
|
/// @notice admin accounts
|
|
|
|
/// @param _orgId unique id of the organization to which the account belongs
|
|
|
|
/// @param _account account id
|
|
|
|
/// @param _roleId role id to be assigned to the account
|
|
|
|
function assignAdminRole(string calldata _orgId, address _account,
|
|
|
|
string calldata _roleId, address _caller) external
|
|
|
|
onlyInterface orgExists(_orgId) networkAdmin(_caller) {
|
2019-04-23 23:40:28 -07:00
|
|
|
accounts.assignAdminRole(_account, _orgId, _roleId, 1);
|
2019-03-14 23:41:04 -07:00
|
|
|
//add voting item
|
|
|
|
voter.addVotingItem(adminOrg, _orgId, "", _account, 4);
|
|
|
|
}
|
|
|
|
|
2019-07-19 01:16:50 -07:00
|
|
|
/// @notice function to approve network admin/org admin role assigment
|
|
|
|
/// @notice this can be executed by network admin accounts only.
|
|
|
|
/// @param _orgId unique id of the organization to which the account belongs
|
|
|
|
/// @param _account account id
|
|
|
|
function approveAdminRole(string calldata _orgId, address _account,
|
|
|
|
address _caller) external onlyInterface networkAdmin(_caller) {
|
2019-03-28 02:53:11 -07:00
|
|
|
if ((processVote(adminOrg, _caller, 4))) {
|
2019-04-23 23:40:28 -07:00
|
|
|
(bool ret, address acct) = accounts.removeExistingAdmin(_orgId);
|
|
|
|
if (ret) {
|
|
|
|
updateVoterList(adminOrg, acct, false);
|
|
|
|
}
|
|
|
|
bool ret1 = accounts.addNewAdmin(_orgId, _account);
|
|
|
|
if (ret1) {
|
|
|
|
updateVoterList(adminOrg, _account, true);
|
|
|
|
}
|
2019-03-14 23:41:04 -07:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2019-07-19 01:16:50 -07:00
|
|
|
/// @notice function to update account status. can be executed by org admin
|
|
|
|
/// @notice account only.
|
|
|
|
/// @param _orgId unique id of the organization to which the account belongs
|
|
|
|
/// @param _account account id
|
2019-07-19 01:48:42 -07:00
|
|
|
/// @param _action 1-suspend 2-activate back 3-blacklist
|
2019-07-19 01:16:50 -07:00
|
|
|
function updateAccountStatus(string calldata _orgId, address _account,
|
2019-07-19 01:48:42 -07:00
|
|
|
uint _action, address _caller) external onlyInterface
|
2019-07-19 01:16:50 -07:00
|
|
|
orgAdmin(_caller, _orgId) {
|
2019-07-19 01:48:42 -07:00
|
|
|
accounts.updateAccountStatus(_orgId, _account, _action);
|
2019-04-14 21:32:06 -07:00
|
|
|
}
|
2019-04-08 01:57:36 -07:00
|
|
|
|
|
|
|
// Node related functions
|
2019-05-10 00:17:01 -07:00
|
|
|
|
2019-07-19 01:16:50 -07:00
|
|
|
/// @notice function to add a new node to the organization. can be invoked
|
|
|
|
/// @notice org admin account only
|
|
|
|
/// @param _orgId unique id of the organization to which the account belongs
|
|
|
|
/// @param _enodeId full enode id being dded to the org
|
|
|
|
function addNode(string calldata _orgId, string calldata _enodeId, address _caller)
|
|
|
|
external onlyInterface orgApproved(_orgId) orgAdmin(_caller, _orgId) {
|
2019-03-14 23:41:04 -07:00
|
|
|
// check that the node is not part of another org
|
|
|
|
nodes.addOrgNode(_enodeId, _orgId);
|
|
|
|
}
|
|
|
|
|
2019-07-19 01:16:50 -07:00
|
|
|
/// @notice function to update node status. can be invoked by org admin
|
|
|
|
/// @notice account only
|
|
|
|
/// @param _orgId unique id of the organization to which the account belongs
|
|
|
|
/// @param _enodeId full enode id being dded to the org
|
|
|
|
/// @param _action 1-deactivate, 2-activate back, 3-blacklist the node
|
|
|
|
function updateNodeStatus(string calldata _orgId, string calldata _enodeId,
|
|
|
|
uint _action, address _caller) external onlyInterface
|
|
|
|
orgAdmin(_caller, _orgId) {
|
2019-05-12 23:15:09 -07:00
|
|
|
nodes.updateNodeStatus(_enodeId, _orgId, _action);
|
2019-04-08 01:57:36 -07:00
|
|
|
}
|
2019-04-04 03:25:43 -07:00
|
|
|
|
2019-07-19 01:16:50 -07:00
|
|
|
/// @notice function to fetch network boot status
|
|
|
|
/// @return bool network boot status
|
2019-04-08 01:57:36 -07:00
|
|
|
function getNetworkBootStatus() external view
|
2019-07-19 01:16:50 -07:00
|
|
|
returns (bool){
|
2019-04-08 01:57:36 -07:00
|
|
|
return networkBoot;
|
|
|
|
}
|
2019-04-04 03:25:43 -07:00
|
|
|
|
2019-07-19 01:16:50 -07:00
|
|
|
/// @notice function to fetch detail of any pending approval activities
|
|
|
|
/// @notice for network admin organization
|
|
|
|
/// @param _orgId unique id of the organization to which the account belongs
|
2019-04-08 01:57:36 -07:00
|
|
|
function getPendingOp(string calldata _orgId) external view
|
2019-07-19 01:16:50 -07:00
|
|
|
returns (string memory, string memory, address, uint){
|
2019-04-08 01:57:36 -07:00
|
|
|
return voter.getPendingOpDetails(_orgId);
|
|
|
|
}
|
|
|
|
|
2019-07-19 01:16:50 -07:00
|
|
|
/// @notice function to assigns a role id to the account given account
|
|
|
|
/// @notice can be executed by org admin account only
|
|
|
|
/// @param _account account id
|
|
|
|
/// @param _orgId organization id to which the account belongs
|
|
|
|
/// @param _roleId role id to be assigned to the account
|
|
|
|
function assignAccountRole(address _account, string memory _orgId,
|
|
|
|
string memory _roleId, address _caller) public
|
|
|
|
onlyInterface
|
|
|
|
orgAdmin(_caller, _orgId)
|
|
|
|
orgApproved(_orgId) {
|
2019-07-19 01:48:42 -07:00
|
|
|
require(validateAccount(_account, _orgId) == true, "operation cannot be performed");
|
2019-07-19 01:16:50 -07:00
|
|
|
require(_roleExists(_roleId, _orgId) == true, "role does not exists");
|
|
|
|
bool admin = roles.isAdminRole(_roleId, _orgId, _getUltimateParent(_orgId));
|
|
|
|
accounts.assignAccountRole(_account, _orgId, _roleId, admin);
|
2019-06-03 00:24:31 -07:00
|
|
|
}
|
|
|
|
|
2019-07-19 01:16:50 -07:00
|
|
|
/// @notice function to check if passed account is an network admin account
|
|
|
|
/// @param _account account id
|
|
|
|
/// @return true/false
|
2019-03-15 02:26:57 -07:00
|
|
|
function isNetworkAdmin(address _account) public view
|
2019-07-19 01:16:50 -07:00
|
|
|
returns (bool){
|
|
|
|
return (keccak256(abi.encode(accounts.getAccountRole(_account))) == keccak256(abi.encode(adminRole)));
|
2019-03-14 23:41:04 -07:00
|
|
|
}
|
|
|
|
|
2019-07-19 01:16:50 -07:00
|
|
|
/// @notice function to check if passed account is an org admin account
|
|
|
|
/// @param _account account id
|
|
|
|
/// @param _orgId organization id
|
|
|
|
/// @return true/false
|
2019-04-04 03:25:43 -07:00
|
|
|
function isOrgAdmin(address _account, string memory _orgId) public view
|
2019-07-19 01:16:50 -07:00
|
|
|
returns (bool){
|
|
|
|
if (accounts.checkOrgAdmin(_account, _orgId, _getUltimateParent(_orgId))) {
|
2019-04-26 01:35:51 -07:00
|
|
|
return true;
|
|
|
|
}
|
2019-07-19 01:16:50 -07:00
|
|
|
return roles.isAdminRole(accounts.getAccountRole(_account), _orgId,
|
|
|
|
_getUltimateParent(_orgId));
|
2019-03-14 23:41:04 -07:00
|
|
|
}
|
|
|
|
|
2019-07-19 01:16:50 -07:00
|
|
|
/// @notice function to validate the account for access change operation
|
|
|
|
/// @param _account account id
|
|
|
|
/// @param _orgId organization id
|
|
|
|
/// @return true/false
|
2019-03-15 02:26:57 -07:00
|
|
|
function validateAccount(address _account, string memory _orgId) public view
|
2019-07-19 01:16:50 -07:00
|
|
|
returns (bool){
|
2019-04-23 23:40:28 -07:00
|
|
|
return (accounts.validateAccount(_account, _orgId));
|
2019-04-04 03:25:43 -07:00
|
|
|
}
|
2019-03-14 23:41:04 -07:00
|
|
|
|
2019-07-19 01:16:50 -07:00
|
|
|
/// @notice function to update the voter list at network level. this will
|
|
|
|
/// @notice be called whenever an account is assigned a network admin role
|
|
|
|
/// @notice or an account having network admin role is being assigned
|
|
|
|
/// @notice different role
|
|
|
|
/// @param _orgId org id to which the account belongs
|
|
|
|
/// @param _account account which needs to be added/removed as voter
|
|
|
|
/// @param _add bool indicating if its an add or delete operation
|
|
|
|
function updateVoterList(string memory _orgId, address _account, bool _add) internal {
|
|
|
|
if (_add) {
|
|
|
|
voter.addVoter(_orgId, _account);
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
voter.deleteVoter(_orgId, _account);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/// @notice whenever a network admin account votes on a pending item, this
|
|
|
|
/// @notice function processes the vote.
|
|
|
|
/// @param _orgId org id of the caller
|
|
|
|
/// @param _caller account which approving the operation
|
|
|
|
/// @param _pendingOp operation for which the approval is being done
|
|
|
|
/// @dev the list of pending ops are managed in voter manager contract
|
|
|
|
function processVote(string memory _orgId, address _caller, uint _pendingOp) internal
|
|
|
|
returns (bool){
|
|
|
|
return voter.processVote(_orgId, _caller, _pendingOp);
|
|
|
|
}
|
|
|
|
|
|
|
|
/// @notice returns various permissions policy related parameters
|
|
|
|
/// @return adminOrg admin org id
|
|
|
|
/// @return adminRole default network admin role
|
|
|
|
/// @return orgAdminRole default org admin role
|
|
|
|
/// @return networkBoot network boot status
|
|
|
|
function getPolicyDetails() external view
|
|
|
|
returns (string memory, string memory, string memory, bool){
|
|
|
|
return (adminOrg, adminRole, orgAdminRole, networkBoot);
|
|
|
|
}
|
|
|
|
|
|
|
|
/// @notice checks if the passed org exists or not
|
|
|
|
/// @param _orgId org id
|
|
|
|
/// @return true/false
|
|
|
|
function _checkOrgExists(string memory _orgId) internal view
|
|
|
|
returns (bool){
|
2019-03-28 02:53:11 -07:00
|
|
|
return org.checkOrgExists(_orgId);
|
|
|
|
}
|
|
|
|
|
2019-07-19 01:16:50 -07:00
|
|
|
/// @notice checks if the passed org is in approved status
|
|
|
|
/// @param _orgId org id
|
|
|
|
/// @return true/false
|
2019-03-28 02:53:11 -07:00
|
|
|
function checkOrgApproved(string memory _orgId) internal view
|
2019-07-19 01:16:50 -07:00
|
|
|
returns (bool){
|
2019-03-28 02:53:11 -07:00
|
|
|
return org.checkOrgStatus(_orgId, 2);
|
|
|
|
}
|
|
|
|
|
2019-07-19 01:16:50 -07:00
|
|
|
/// @notice checks if the passed org is in the status passed
|
|
|
|
/// @param _orgId org id
|
|
|
|
/// @param _status status to be checked for
|
|
|
|
/// @return true/false
|
|
|
|
function _checkOrgStatus(string memory _orgId, uint _status) internal view
|
|
|
|
returns (bool){
|
2019-03-28 02:53:11 -07:00
|
|
|
return org.checkOrgStatus(_orgId, _status);
|
|
|
|
}
|
2019-04-03 07:25:01 -07:00
|
|
|
|
2019-07-19 01:16:50 -07:00
|
|
|
/// @notice checks if org admin account exists for the passed org id
|
|
|
|
/// @param _orgId org id
|
|
|
|
/// @return true/false
|
|
|
|
function _checkOrgAdminExists(string memory _orgId) internal view
|
|
|
|
returns (bool){
|
2019-04-21 18:51:03 -07:00
|
|
|
return accounts.orgAdminExists(_orgId);
|
|
|
|
}
|
|
|
|
|
2019-07-19 01:16:50 -07:00
|
|
|
/// @notice checks if role id exists for the passed org_id
|
|
|
|
/// @param _roleId role id
|
|
|
|
/// @param _orgId org id
|
|
|
|
/// @return true/false
|
|
|
|
function _roleExists(string memory _roleId, string memory _orgId) internal view
|
|
|
|
returns (bool){
|
|
|
|
return roles.roleExists(_roleId, _orgId, _getUltimateParent(_orgId));
|
2019-03-28 02:53:11 -07:00
|
|
|
}
|
2019-04-03 07:25:01 -07:00
|
|
|
|
2019-07-19 01:16:50 -07:00
|
|
|
/// @notice checks if the role id for the org is a voter role
|
|
|
|
/// @param _roleId role id
|
|
|
|
/// @param _orgId org id
|
|
|
|
/// @return true/false
|
|
|
|
function _isVoterRole(string memory _roleId, string memory _orgId) internal view
|
|
|
|
returns (bool){
|
|
|
|
return roles.isVoterRole(_roleId, _orgId, _getUltimateParent(_orgId));
|
2019-04-09 22:59:15 -07:00
|
|
|
}
|
|
|
|
|
2019-07-19 01:16:50 -07:00
|
|
|
/// @notice returns the ultimate parent for a given org id
|
|
|
|
/// @param _orgId org id
|
|
|
|
/// @return ultimate parent org id
|
|
|
|
function _getUltimateParent(string memory _orgId) internal view
|
|
|
|
returns (string memory){
|
2019-04-09 22:59:15 -07:00
|
|
|
return org.getUltimateParent(_orgId);
|
2019-03-28 02:53:11 -07:00
|
|
|
}
|
|
|
|
|
2019-03-14 23:41:04 -07:00
|
|
|
}
|