2019-03-14 23:41:04 -07:00
|
|
|
pragma solidity ^0.5.3;
|
|
|
|
|
|
|
|
import "./RoleManager.sol";
|
|
|
|
import "./AccountManager.sol";
|
|
|
|
import "./VoterManager.sol";
|
|
|
|
import "./NodeManager.sol";
|
|
|
|
import "./OrgManager.sol";
|
2019-03-15 02:26:57 -07:00
|
|
|
import "./PermissionsUpgradable.sol";
|
2019-03-14 23:41:04 -07:00
|
|
|
|
2019-07-30 01:56:44 -07:00
|
|
|
/** @title Permissions Implementation Contract
|
|
|
|
* @notice This contract holds implementation logic for all permissions
|
|
|
|
related functionality. This can be called only by the interface
|
|
|
|
contract.
|
|
|
|
*/
|
2019-03-14 23:41:04 -07:00
|
|
|
contract PermissionsImplementation {
|
2019-07-21 20:17:39 -07:00
|
|
|
AccountManager private accountManager;
|
|
|
|
RoleManager private roleManager;
|
|
|
|
VoterManager private voterManager;
|
|
|
|
NodeManager private nodeManager;
|
|
|
|
OrgManager private orgManager;
|
2019-03-19 02:15:51 -07:00
|
|
|
PermissionsUpgradable private permUpgradable;
|
|
|
|
|
2019-03-14 23:41:04 -07:00
|
|
|
string private adminOrg;
|
|
|
|
string private adminRole;
|
|
|
|
string private orgAdminRole;
|
|
|
|
|
2019-04-08 07:26:13 -07:00
|
|
|
|
2019-07-21 20:25:14 -07:00
|
|
|
uint256 private fullAccess = 3;
|
2019-03-14 23:41:04 -07:00
|
|
|
|
2019-07-30 01:56:44 -07:00
|
|
|
/** @dev this variable is meant for tracking the initial network boot up
|
|
|
|
once the network boot up is done the value is set to true
|
|
|
|
*/
|
2019-03-14 23:41:04 -07:00
|
|
|
bool private networkBoot = false;
|
|
|
|
|
2019-07-30 01:56:44 -07:00
|
|
|
event PermissionsInitialized(bool _networkBootStatus);
|
|
|
|
|
|
|
|
|
|
|
|
/** @notice modifier to confirm that caller is the interface contract
|
|
|
|
*/
|
2019-07-19 01:16:50 -07:00
|
|
|
modifier onlyInterface{
|
|
|
|
require(msg.sender == permUpgradable.getPermInterface(),
|
|
|
|
"can be called by interface contract only");
|
2019-03-15 02:26:57 -07:00
|
|
|
_;
|
|
|
|
}
|
2019-07-30 01:56:44 -07:00
|
|
|
/** @notice modifier to confirm that caller is the upgradable contract
|
|
|
|
*/
|
2019-06-03 00:24:31 -07:00
|
|
|
modifier onlyUpgradeable {
|
2019-07-21 20:17:39 -07:00
|
|
|
require(msg.sender == address(permUpgradable), "invalid caller");
|
2019-06-03 00:24:31 -07:00
|
|
|
_;
|
|
|
|
}
|
|
|
|
|
2019-07-30 01:56:44 -07:00
|
|
|
/** @notice confirms if the network boot status is equal to passed value
|
|
|
|
* @param _status true/false
|
|
|
|
*/
|
2019-07-19 01:16:50 -07:00
|
|
|
modifier networkBootStatus(bool _status){
|
2019-03-28 02:53:11 -07:00
|
|
|
require(networkBoot == _status, "Incorrect network boot status");
|
2019-03-14 23:41:04 -07:00
|
|
|
_;
|
|
|
|
}
|
2019-05-10 00:17:01 -07:00
|
|
|
|
2019-07-30 01:56:44 -07:00
|
|
|
/** @notice confirms that the account passed is network admin account
|
|
|
|
* @param _account account id
|
|
|
|
*/
|
2019-03-14 23:41:04 -07:00
|
|
|
modifier networkAdmin(address _account) {
|
2019-07-19 01:16:50 -07:00
|
|
|
require(isNetworkAdmin(_account) == true, "account is not a network admin account");
|
2019-03-14 23:41:04 -07:00
|
|
|
_;
|
|
|
|
}
|
|
|
|
|
2019-07-30 01:56:44 -07:00
|
|
|
/** @notice confirms that the account passed is org admin account
|
|
|
|
* @param _account account id
|
|
|
|
* @param _orgId org id to which the account belongs
|
|
|
|
*/
|
2019-03-14 23:41:04 -07:00
|
|
|
modifier orgAdmin(address _account, string memory _orgId) {
|
2019-07-19 01:16:50 -07:00
|
|
|
require(isOrgAdmin(_account, _orgId) == true, "account is not a org admin account");
|
2019-03-14 23:41:04 -07:00
|
|
|
_;
|
|
|
|
}
|
|
|
|
|
2019-07-30 01:56:44 -07:00
|
|
|
/** @notice confirms that org does not exist
|
|
|
|
* @param _orgId org id
|
|
|
|
*/
|
2019-03-14 23:41:04 -07:00
|
|
|
modifier orgNotExists(string memory _orgId) {
|
2019-07-19 01:16:50 -07:00
|
|
|
require(_checkOrgExists(_orgId) != true, "org exists");
|
2019-03-14 23:41:04 -07:00
|
|
|
_;
|
|
|
|
}
|
|
|
|
|
2019-07-30 01:56:44 -07:00
|
|
|
/** @notice confirms that org exists
|
|
|
|
* @param _orgId org id
|
|
|
|
*/
|
2019-03-14 23:41:04 -07:00
|
|
|
modifier orgExists(string memory _orgId) {
|
2019-07-19 01:16:50 -07:00
|
|
|
require(_checkOrgExists(_orgId) == true, "org does not exist");
|
2019-03-14 23:41:04 -07:00
|
|
|
_;
|
|
|
|
}
|
|
|
|
|
2019-07-30 01:56:44 -07:00
|
|
|
/** @notice checks of the passed org id is in approved status
|
|
|
|
* @param _orgId org id
|
|
|
|
*/
|
2019-03-14 23:41:04 -07:00
|
|
|
modifier orgApproved(string memory _orgId) {
|
2019-07-19 01:16:50 -07:00
|
|
|
require(checkOrgApproved(_orgId) == true, "org not in approved status");
|
2019-03-14 23:41:04 -07:00
|
|
|
_;
|
|
|
|
}
|
|
|
|
|
2019-07-30 01:56:44 -07:00
|
|
|
/** @notice constructor accepts the contracts addresses of other deployed
|
|
|
|
contracts of the permissions model
|
|
|
|
* @param _permUpgradable - address of permissions upgradable contract
|
|
|
|
* @param _orgManager - address of org manager contract
|
|
|
|
* @param _rolesManager - address of role manager contract
|
|
|
|
* @param _accountManager - address of account manager contract
|
|
|
|
* @param _voterManager - address of voter manager contract
|
|
|
|
* @param _nodeManager - address of node manager contract
|
|
|
|
*/
|
2019-07-19 01:16:50 -07:00
|
|
|
constructor (address _permUpgradable, address _orgManager, address _rolesManager,
|
2019-07-21 20:17:39 -07:00
|
|
|
address _accountManager, address _voterManager, address _nodeManager) public {
|
2019-03-19 02:15:51 -07:00
|
|
|
permUpgradable = PermissionsUpgradable(_permUpgradable);
|
2019-07-21 20:17:39 -07:00
|
|
|
orgManager = OrgManager(_orgManager);
|
|
|
|
roleManager = RoleManager(_rolesManager);
|
|
|
|
accountManager = AccountManager(_accountManager);
|
|
|
|
voterManager = VoterManager(_voterManager);
|
|
|
|
nodeManager = NodeManager(_nodeManager);
|
2019-03-15 02:26:57 -07:00
|
|
|
}
|
2019-03-14 23:41:04 -07:00
|
|
|
|
2019-04-08 01:57:36 -07:00
|
|
|
// initial set up related functions
|
2019-07-30 01:56:44 -07:00
|
|
|
/** @notice for permissions its necessary to define the initial admin org
|
|
|
|
id, network admin role id and default org admin role id. this
|
|
|
|
sets these values at the time of network boot up
|
|
|
|
* @param _nwAdminOrg - address of permissions upgradable contract
|
|
|
|
* @param _nwAdminRole - address of org manager contract
|
|
|
|
* @param _oAdminRole - address of role manager contract
|
|
|
|
* @dev this function will be executed only once as part of the boot up
|
|
|
|
*/
|
2019-07-19 01:16:50 -07:00
|
|
|
function setPolicy(string calldata _nwAdminOrg, string calldata _nwAdminRole,
|
|
|
|
string calldata _oAdminRole) external onlyInterface
|
|
|
|
networkBootStatus(false) {
|
2019-03-14 23:41:04 -07:00
|
|
|
adminOrg = _nwAdminOrg;
|
|
|
|
adminRole = _nwAdminRole;
|
|
|
|
orgAdminRole = _oAdminRole;
|
|
|
|
}
|
|
|
|
|
2019-07-30 01:56:44 -07:00
|
|
|
/** @notice when migrating implementation contract, the values of these
|
|
|
|
key values need to be set from the previous implementation
|
|
|
|
contract. this function allows these values to be set
|
|
|
|
* @param _nwAdminOrg - address of permissions upgradable contract
|
|
|
|
* @param _nwAdminRole - address of org manager contract
|
|
|
|
* @param _oAdminRole - address of role manager contract
|
|
|
|
* @param _networkBootStatus - network boot status true/false
|
|
|
|
*/
|
2019-07-19 01:16:50 -07:00
|
|
|
function setMigrationPolicy(string calldata _nwAdminOrg, string calldata _nwAdminRole,
|
|
|
|
string calldata _oAdminRole, bool _networkBootStatus) external onlyUpgradeable
|
|
|
|
networkBootStatus(false) {
|
2019-06-03 00:24:31 -07:00
|
|
|
adminOrg = _nwAdminOrg;
|
|
|
|
adminRole = _nwAdminRole;
|
|
|
|
orgAdminRole = _oAdminRole;
|
|
|
|
networkBoot = _networkBootStatus;
|
|
|
|
}
|
|
|
|
|
2019-07-30 01:56:44 -07:00
|
|
|
/** @notice called at the time of network initialization. sets up
|
|
|
|
network admin org with allowed sub org depth and breadth
|
|
|
|
creates the network admin for the network admin org
|
|
|
|
sets the default values required by account manager contract
|
|
|
|
* @param _breadth - number of sub orgs allowed at parent level
|
|
|
|
* @param _depth - levels of sub org nesting allowed at parent level
|
|
|
|
*/
|
2019-07-21 20:25:14 -07:00
|
|
|
function init(uint256 _breadth, uint256 _depth) external
|
2019-07-19 01:16:50 -07:00
|
|
|
onlyInterface
|
|
|
|
networkBootStatus(false) {
|
2019-07-21 20:17:39 -07:00
|
|
|
orgManager.setUpOrg(adminOrg, _breadth, _depth);
|
|
|
|
roleManager.addRole(adminRole, adminOrg, fullAccess, true, true);
|
|
|
|
accountManager.setDefaults(adminRole, orgAdminRole);
|
2019-03-14 23:41:04 -07:00
|
|
|
}
|
2019-07-30 01:56:44 -07:00
|
|
|
/** @notice as a part of network initialization add all nodes which
|
|
|
|
are part of static-nodes.json as nodes belonging to
|
|
|
|
network admin org
|
|
|
|
* @param _enodeId - full enode id
|
|
|
|
*/
|
2019-07-19 01:16:50 -07:00
|
|
|
function addAdminNode(string calldata _enodeId) external
|
|
|
|
onlyInterface
|
|
|
|
networkBootStatus(false) {
|
2019-07-21 20:17:39 -07:00
|
|
|
nodeManager.addAdminNode(_enodeId, adminOrg);
|
2019-03-14 23:41:04 -07:00
|
|
|
}
|
|
|
|
|
2019-07-30 01:56:44 -07:00
|
|
|
/** @notice as a part of network initialization add all accounts which are
|
|
|
|
passed via permission-config.json as network administrator
|
|
|
|
accounts
|
|
|
|
* @param _account - account id
|
|
|
|
*/
|
2019-07-19 01:16:50 -07:00
|
|
|
function addAdminAccount(address _account) external
|
|
|
|
onlyInterface
|
|
|
|
networkBootStatus(false) {
|
|
|
|
updateVoterList(adminOrg, _account, true);
|
2019-07-21 20:17:39 -07:00
|
|
|
accountManager.assignAdminRole(_account, adminOrg, adminRole, 2);
|
2019-03-14 23:41:04 -07:00
|
|
|
}
|
|
|
|
|
2019-07-30 01:56:44 -07:00
|
|
|
/** @notice once the network initialization is complete, sets the network
|
|
|
|
boot status to true
|
|
|
|
* @return network boot status
|
|
|
|
* @dev this will be called only once from geth as a part of
|
|
|
|
* @dev network initialization
|
|
|
|
*/
|
2019-03-14 23:41:04 -07:00
|
|
|
function updateNetworkBootStatus() external
|
2019-07-19 01:16:50 -07:00
|
|
|
onlyInterface
|
2019-03-28 02:53:11 -07:00
|
|
|
networkBootStatus(false)
|
2019-07-19 01:16:50 -07:00
|
|
|
returns (bool){
|
2019-03-14 23:41:04 -07:00
|
|
|
networkBoot = true;
|
2019-07-30 01:56:44 -07:00
|
|
|
emit PermissionsInitialized(networkBoot);
|
2019-03-14 23:41:04 -07:00
|
|
|
return networkBoot;
|
|
|
|
}
|
|
|
|
|
2019-07-30 01:56:44 -07:00
|
|
|
/** @notice function to add a new organization to the network. creates org
|
|
|
|
record and marks it as pending approval. adds the passed node
|
|
|
|
node manager contract. adds the account with org admin role to
|
|
|
|
account manager contracts. creates voting record for approval
|
|
|
|
by other network admin accounts
|
|
|
|
* @param _orgId unique organization id
|
|
|
|
* @param _enodeId full enode id linked to the organization
|
|
|
|
* @param _account account id. this will have the org admin privileges
|
|
|
|
*/
|
2019-07-19 01:16:50 -07:00
|
|
|
function addOrg(string calldata _orgId, string calldata _enodeId,
|
|
|
|
address _account, address _caller) external
|
|
|
|
onlyInterface
|
2019-03-28 02:53:11 -07:00
|
|
|
networkBootStatus(true)
|
2019-07-19 01:16:50 -07:00
|
|
|
networkAdmin(_caller) {
|
2019-07-21 20:17:39 -07:00
|
|
|
voterManager.addVotingItem(adminOrg, _orgId, _enodeId, _account, 1);
|
|
|
|
orgManager.addOrg(_orgId);
|
|
|
|
nodeManager.addNode(_enodeId, _orgId);
|
2019-07-19 01:16:50 -07:00
|
|
|
require(validateAccount(_account, _orgId) == true,
|
|
|
|
"Operation cannot be performed");
|
2019-07-21 20:17:39 -07:00
|
|
|
accountManager.assignAdminRole(_account, _orgId, orgAdminRole, 1);
|
2019-03-14 23:41:04 -07:00
|
|
|
}
|
|
|
|
|
2019-07-30 01:56:44 -07:00
|
|
|
/** @notice functions to approve a pending approval org record by networ
|
|
|
|
admin account. once majority votes are received the org is
|
|
|
|
marked as approved
|
|
|
|
* @param _orgId unique organization id
|
|
|
|
* @param _enodeId full enode id linked to the organization
|
|
|
|
* @param _account account id this will have the org admin privileges
|
|
|
|
*/
|
2019-07-19 01:16:50 -07:00
|
|
|
function approveOrg(string calldata _orgId, string calldata _enodeId,
|
|
|
|
address _account, address _caller) external onlyInterface networkAdmin(_caller) {
|
|
|
|
require(_checkOrgStatus(_orgId, 1) == true, "Nothing to approve");
|
2019-03-28 02:53:11 -07:00
|
|
|
if ((processVote(adminOrg, _caller, 1))) {
|
2019-07-21 20:17:39 -07:00
|
|
|
orgManager.approveOrg(_orgId);
|
|
|
|
roleManager.addRole(orgAdminRole, _orgId, fullAccess, true, true);
|
|
|
|
nodeManager.approveNode(_enodeId, _orgId);
|
|
|
|
accountManager.addNewAdmin(_orgId, _account);
|
2019-03-14 23:41:04 -07:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2019-07-30 01:56:44 -07:00
|
|
|
/** @notice function to create a sub org under a given parent org.
|
|
|
|
* @param _pOrgId parent org id under which the sub org is being added
|
|
|
|
* @param _orgId unique id for the sub organization
|
|
|
|
* @param _enodeId full enode id linked to the sjb organization
|
|
|
|
* @dev _enodeId is optional. parent org id should contain the complete
|
|
|
|
org hierarchy from master org id to the immediate parent. The org
|
|
|
|
hierarchy is separated by. For example, if master org ABC has a
|
|
|
|
sub organization SUB1, then while creating the sub organization at
|
|
|
|
SUB1 level, the parent org should be given as ABC.SUB1
|
|
|
|
*/
|
2019-07-19 01:16:50 -07:00
|
|
|
function addSubOrg(string calldata _pOrgId, string calldata _orgId,
|
|
|
|
string calldata _enodeId, address _caller) external onlyInterface
|
|
|
|
orgExists(_pOrgId) orgAdmin(_caller, _pOrgId) {
|
2019-07-21 20:17:39 -07:00
|
|
|
orgManager.addSubOrg(_pOrgId, _orgId);
|
2019-07-19 01:16:50 -07:00
|
|
|
string memory pOrgId = string(abi.encode(_pOrgId, ".", _orgId));
|
2019-04-08 23:58:30 -07:00
|
|
|
if (bytes(_enodeId).length > 0) {
|
2019-07-21 20:17:39 -07:00
|
|
|
nodeManager.addOrgNode(_enodeId, pOrgId);
|
2019-04-08 23:58:30 -07:00
|
|
|
}
|
2019-04-03 07:25:01 -07:00
|
|
|
}
|
|
|
|
|
2019-07-30 01:56:44 -07:00
|
|
|
/** @notice function to update the org status. it updates the org status
|
|
|
|
and adds a voting item for network admins to approve
|
|
|
|
* @param _orgId unique id of the organization
|
|
|
|
* @param _action 1 for suspending an org and 2 for revoke of suspension
|
|
|
|
*/
|
2019-07-21 20:25:14 -07:00
|
|
|
function updateOrgStatus(string calldata _orgId, uint256 _action, address _caller)
|
2019-07-19 01:16:50 -07:00
|
|
|
external onlyInterface networkAdmin(_caller) {
|
2019-07-21 20:25:14 -07:00
|
|
|
uint256 pendingOp;
|
2019-07-21 20:17:39 -07:00
|
|
|
pendingOp = orgManager.updateOrg(_orgId, _action);
|
|
|
|
voterManager.addVotingItem(adminOrg, _orgId, "", address(0), pendingOp);
|
2019-03-28 02:53:11 -07:00
|
|
|
}
|
|
|
|
|
2019-07-30 01:56:44 -07:00
|
|
|
/** @notice function to approve org status change. the org status is
|
|
|
|
changed once the majority votes are received from network
|
|
|
|
admin accounts.
|
|
|
|
* @param _orgId unique id for the sub organization
|
|
|
|
* @param _action 1 for suspending an org and 2 for revoke of suspension
|
|
|
|
*/
|
2019-07-21 20:25:14 -07:00
|
|
|
function approveOrgStatus(string calldata _orgId, uint256 _action, address _caller)
|
2019-07-19 01:16:50 -07:00
|
|
|
external onlyInterface networkAdmin(_caller) {
|
2019-05-12 23:15:09 -07:00
|
|
|
require((_action == 1 || _action == 2), "Operation not allowed");
|
2019-07-21 20:25:14 -07:00
|
|
|
uint256 pendingOp;
|
|
|
|
uint256 orgStatus;
|
2019-05-12 23:15:09 -07:00
|
|
|
if (_action == 1) {
|
2019-03-28 02:53:11 -07:00
|
|
|
pendingOp = 2;
|
2019-05-12 23:15:09 -07:00
|
|
|
orgStatus = 3;
|
2019-03-28 02:53:11 -07:00
|
|
|
}
|
2019-05-12 23:15:09 -07:00
|
|
|
else if (_action == 2) {
|
2019-03-28 02:53:11 -07:00
|
|
|
pendingOp = 3;
|
2019-05-12 23:15:09 -07:00
|
|
|
orgStatus = 5;
|
2019-03-28 02:53:11 -07:00
|
|
|
}
|
2019-07-19 01:16:50 -07:00
|
|
|
require(_checkOrgStatus(_orgId, orgStatus) == true, "operation not allowed");
|
2019-04-02 19:13:05 -07:00
|
|
|
if ((processVote(adminOrg, _caller, pendingOp))) {
|
2019-07-21 20:17:39 -07:00
|
|
|
orgManager.approveOrgStatusUpdate(_orgId, _action);
|
2019-03-28 02:53:11 -07:00
|
|
|
}
|
|
|
|
}
|
2019-03-14 23:41:04 -07:00
|
|
|
|
|
|
|
// Role related functions
|
2019-05-10 00:17:01 -07:00
|
|
|
|
2019-07-30 01:56:44 -07:00
|
|
|
/** @notice function to add new role definition to an organization
|
|
|
|
can be executed by the org admin account only
|
|
|
|
* @param _roleId unique id for the role
|
|
|
|
* @param _orgId unique id of the organization to which the role belongs
|
|
|
|
* @param _access account access type allowed for the role
|
|
|
|
* @param _voter bool indicates if the role is voter role or not
|
|
|
|
* @param _admin bool indicates if the role is an admin role
|
|
|
|
* @dev account access type can have of the following four values:
|
|
|
|
0 - Read only
|
|
|
|
1 - Transact access
|
|
|
|
2 - Contract deployment access. Can transact as well
|
|
|
|
3 - Full access
|
|
|
|
*/
|
2019-07-19 01:16:50 -07:00
|
|
|
function addNewRole(string calldata _roleId, string calldata _orgId,
|
2019-07-21 20:25:14 -07:00
|
|
|
uint256 _access, bool _voter, bool _admin, address _caller) external
|
2019-07-19 01:16:50 -07:00
|
|
|
onlyInterface orgApproved(_orgId) orgAdmin(_caller, _orgId) {
|
2019-03-14 23:41:04 -07:00
|
|
|
//add new roles can be created by org admins only
|
2019-07-21 20:17:39 -07:00
|
|
|
roleManager.addRole(_roleId, _orgId, _access, _voter, _admin);
|
2019-03-14 23:41:04 -07:00
|
|
|
}
|
|
|
|
|
2019-07-30 01:56:44 -07:00
|
|
|
/** @notice function to remove a role definition from an organization
|
|
|
|
can be executed by the org admin account only
|
|
|
|
* @param _roleId unique id for the role
|
|
|
|
* @param _orgId unique id of the organization to which the role belongs
|
|
|
|
*/
|
2019-07-19 01:16:50 -07:00
|
|
|
function removeRole(string calldata _roleId, string calldata _orgId,
|
|
|
|
address _caller) external onlyInterface orgApproved(_orgId)
|
|
|
|
orgAdmin(_caller, _orgId) {
|
|
|
|
require(((keccak256(abi.encode(_roleId)) != keccak256(abi.encode(adminRole))) &&
|
|
|
|
(keccak256(abi.encode(_roleId)) != keccak256(abi.encode(orgAdminRole)))),
|
|
|
|
"admin roles cannot be removed");
|
2019-07-21 20:17:39 -07:00
|
|
|
roleManager.removeRole(_roleId, _orgId);
|
2019-04-04 03:25:43 -07:00
|
|
|
}
|
2019-03-14 23:41:04 -07:00
|
|
|
|
2019-04-08 01:57:36 -07:00
|
|
|
// Account related functions
|
2019-07-30 01:56:44 -07:00
|
|
|
/** @notice function to assign network admin/org admin role to an account
|
|
|
|
this can be executed by network admin accounts only. it assigns
|
|
|
|
the role to the accounts and creates voting record for network
|
|
|
|
admin accounts
|
|
|
|
* @param _orgId unique id of the organization to which the account belongs
|
|
|
|
* @param _account account id
|
|
|
|
* @param _roleId role id to be assigned to the account
|
|
|
|
*/
|
2019-07-19 01:16:50 -07:00
|
|
|
function assignAdminRole(string calldata _orgId, address _account,
|
|
|
|
string calldata _roleId, address _caller) external
|
|
|
|
onlyInterface orgExists(_orgId) networkAdmin(_caller) {
|
2019-07-21 20:17:39 -07:00
|
|
|
accountManager.assignAdminRole(_account, _orgId, _roleId, 1);
|
2019-03-14 23:41:04 -07:00
|
|
|
//add voting item
|
2019-07-21 20:17:39 -07:00
|
|
|
voterManager.addVotingItem(adminOrg, _orgId, "", _account, 4);
|
2019-03-14 23:41:04 -07:00
|
|
|
}
|
|
|
|
|
2019-07-30 01:56:44 -07:00
|
|
|
/** @notice function to approve network admin/org admin role assigment
|
|
|
|
this can be executed by network admin accounts only.
|
|
|
|
* @param _orgId unique id of the organization to which the account belongs
|
|
|
|
* @param _account account id
|
|
|
|
*/
|
2019-07-19 01:16:50 -07:00
|
|
|
function approveAdminRole(string calldata _orgId, address _account,
|
|
|
|
address _caller) external onlyInterface networkAdmin(_caller) {
|
2019-03-28 02:53:11 -07:00
|
|
|
if ((processVote(adminOrg, _caller, 4))) {
|
2019-07-21 20:17:39 -07:00
|
|
|
(bool ret, address account) = accountManager.removeExistingAdmin(_orgId);
|
2019-04-23 23:40:28 -07:00
|
|
|
if (ret) {
|
2019-07-21 20:17:39 -07:00
|
|
|
updateVoterList(adminOrg, account, false);
|
2019-04-23 23:40:28 -07:00
|
|
|
}
|
2019-07-21 20:17:39 -07:00
|
|
|
bool ret1 = accountManager.addNewAdmin(_orgId, _account);
|
2019-04-23 23:40:28 -07:00
|
|
|
if (ret1) {
|
|
|
|
updateVoterList(adminOrg, _account, true);
|
|
|
|
}
|
2019-03-14 23:41:04 -07:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2019-07-30 01:56:44 -07:00
|
|
|
/** @notice function to update account status. can be executed by org admin
|
|
|
|
account only.
|
|
|
|
* @param _orgId unique id of the organization to which the account belongs
|
|
|
|
* @param _account account id
|
|
|
|
* @param _action 1-suspend 2-activate back 3-blacklist
|
|
|
|
*/
|
2019-07-19 01:16:50 -07:00
|
|
|
function updateAccountStatus(string calldata _orgId, address _account,
|
2019-07-21 20:25:14 -07:00
|
|
|
uint256 _action, address _caller) external onlyInterface
|
2019-07-19 01:16:50 -07:00
|
|
|
orgAdmin(_caller, _orgId) {
|
2019-07-21 20:17:39 -07:00
|
|
|
accountManager.updateAccountStatus(_orgId, _account, _action);
|
2019-04-14 21:32:06 -07:00
|
|
|
}
|
2019-04-08 01:57:36 -07:00
|
|
|
|
|
|
|
// Node related functions
|
2019-05-10 00:17:01 -07:00
|
|
|
|
2019-07-30 01:56:44 -07:00
|
|
|
/** @notice function to add a new node to the organization. can be invoked
|
|
|
|
org admin account only
|
|
|
|
* @param _orgId unique id of the organization to which the account belongs
|
|
|
|
* @param _enodeId full enode id being dded to the org
|
|
|
|
*/
|
2019-07-19 01:16:50 -07:00
|
|
|
function addNode(string calldata _orgId, string calldata _enodeId, address _caller)
|
|
|
|
external onlyInterface orgApproved(_orgId) orgAdmin(_caller, _orgId) {
|
2019-03-14 23:41:04 -07:00
|
|
|
// check that the node is not part of another org
|
2019-07-21 20:17:39 -07:00
|
|
|
nodeManager.addOrgNode(_enodeId, _orgId);
|
2019-03-14 23:41:04 -07:00
|
|
|
}
|
|
|
|
|
2019-07-30 01:56:44 -07:00
|
|
|
/** @notice function to update node status. can be invoked by org admin
|
|
|
|
account only
|
|
|
|
* @param _orgId unique id of the organization to which the account belongs
|
|
|
|
* @param _enodeId full enode id being dded to the org
|
|
|
|
* @param _action 1-deactivate, 2-activate back, 3-blacklist the node
|
|
|
|
*/
|
2019-07-19 01:16:50 -07:00
|
|
|
function updateNodeStatus(string calldata _orgId, string calldata _enodeId,
|
2019-07-21 20:25:14 -07:00
|
|
|
uint256 _action, address _caller) external onlyInterface
|
2019-07-19 01:16:50 -07:00
|
|
|
orgAdmin(_caller, _orgId) {
|
2019-07-21 20:17:39 -07:00
|
|
|
nodeManager.updateNodeStatus(_enodeId, _orgId, _action);
|
2019-04-08 01:57:36 -07:00
|
|
|
}
|
2019-04-04 03:25:43 -07:00
|
|
|
|
2019-07-31 20:10:50 -07:00
|
|
|
/** @notice function to initaite blacklisted nodes recovery. this can be
|
|
|
|
invoked by an network admin account only
|
|
|
|
* @param _orgId unique id of the organization to which the account belongs
|
|
|
|
* @param _enodeId full enode id being dded to the org
|
|
|
|
* @dev this function creates a voting record for other network admins to
|
|
|
|
approve the operation. The recovery is complete only after majority voting
|
|
|
|
*/
|
|
|
|
function startBlacklistedNodeRecovery(string calldata _orgId, string calldata _enodeId,
|
|
|
|
address _caller) external onlyInterface networkAdmin(_caller) {
|
|
|
|
// update the node status as recovery initiated. action for this is 4
|
|
|
|
nodeManager.updateNodeStatus(_enodeId, _orgId, 4);
|
|
|
|
|
|
|
|
// add a voting record with pending op of 5 which corresponds to blacklisted node
|
|
|
|
// recovery
|
|
|
|
voterManager.addVotingItem(adminOrg, _orgId, _enodeId, address(0), 5);
|
|
|
|
}
|
|
|
|
|
2019-07-30 01:56:44 -07:00
|
|
|
/** @notice function to fetch network boot status
|
|
|
|
* @return bool network boot status
|
|
|
|
*/
|
2019-04-08 01:57:36 -07:00
|
|
|
function getNetworkBootStatus() external view
|
2019-07-19 01:16:50 -07:00
|
|
|
returns (bool){
|
2019-04-08 01:57:36 -07:00
|
|
|
return networkBoot;
|
|
|
|
}
|
2019-04-04 03:25:43 -07:00
|
|
|
|
2019-07-30 01:56:44 -07:00
|
|
|
/** @notice function to fetch detail of any pending approval activities
|
|
|
|
for network admin organization
|
|
|
|
* @param _orgId unique id of the organization to which the account belongs
|
|
|
|
*/
|
2019-04-08 01:57:36 -07:00
|
|
|
function getPendingOp(string calldata _orgId) external view
|
2019-07-21 20:25:14 -07:00
|
|
|
returns (string memory, string memory, address, uint256){
|
2019-07-21 20:17:39 -07:00
|
|
|
return voterManager.getPendingOpDetails(_orgId);
|
2019-04-08 01:57:36 -07:00
|
|
|
}
|
|
|
|
|
2019-07-30 01:56:44 -07:00
|
|
|
/** @notice function to assigns a role id to the account given account
|
|
|
|
can be executed by org admin account only
|
|
|
|
* @param _account account id
|
|
|
|
* @param _orgId organization id to which the account belongs
|
|
|
|
* @param _roleId role id to be assigned to the account
|
|
|
|
*/
|
2019-07-19 01:16:50 -07:00
|
|
|
function assignAccountRole(address _account, string memory _orgId,
|
|
|
|
string memory _roleId, address _caller) public
|
|
|
|
onlyInterface
|
|
|
|
orgAdmin(_caller, _orgId)
|
|
|
|
orgApproved(_orgId) {
|
2019-07-19 01:48:42 -07:00
|
|
|
require(validateAccount(_account, _orgId) == true, "operation cannot be performed");
|
2019-07-19 01:16:50 -07:00
|
|
|
require(_roleExists(_roleId, _orgId) == true, "role does not exists");
|
2019-07-21 20:17:39 -07:00
|
|
|
bool admin = roleManager.isAdminRole(_roleId, _orgId, _getUltimateParent(_orgId));
|
|
|
|
accountManager.assignAccountRole(_account, _orgId, _roleId, admin);
|
2019-06-03 00:24:31 -07:00
|
|
|
}
|
|
|
|
|
2019-07-30 01:56:44 -07:00
|
|
|
/** @notice function to check if passed account is an network admin account
|
|
|
|
* @param _account account id
|
|
|
|
* @return true/false
|
|
|
|
*/
|
2019-03-15 02:26:57 -07:00
|
|
|
function isNetworkAdmin(address _account) public view
|
2019-07-19 01:16:50 -07:00
|
|
|
returns (bool){
|
2019-07-21 20:17:39 -07:00
|
|
|
return (keccak256(abi.encode(accountManager.getAccountRole(_account))) == keccak256(abi.encode(adminRole)));
|
2019-03-14 23:41:04 -07:00
|
|
|
}
|
|
|
|
|
2019-07-30 01:56:44 -07:00
|
|
|
/** @notice function to check if passed account is an org admin account
|
|
|
|
* @param _account account id
|
|
|
|
* @param _orgId organization id
|
|
|
|
* @return true/false
|
|
|
|
*/
|
2019-04-04 03:25:43 -07:00
|
|
|
function isOrgAdmin(address _account, string memory _orgId) public view
|
2019-07-19 01:16:50 -07:00
|
|
|
returns (bool){
|
2019-07-21 20:17:39 -07:00
|
|
|
if (accountManager.checkOrgAdmin(_account, _orgId, _getUltimateParent(_orgId))) {
|
2019-04-26 01:35:51 -07:00
|
|
|
return true;
|
|
|
|
}
|
2019-07-21 20:17:39 -07:00
|
|
|
return roleManager.isAdminRole(accountManager.getAccountRole(_account), _orgId,
|
2019-07-19 01:16:50 -07:00
|
|
|
_getUltimateParent(_orgId));
|
2019-03-14 23:41:04 -07:00
|
|
|
}
|
|
|
|
|
2019-07-30 01:56:44 -07:00
|
|
|
/** @notice function to validate the account for access change operation
|
|
|
|
* @param _account account id
|
|
|
|
* @param _orgId organization id
|
|
|
|
* @return true/false
|
|
|
|
*/
|
2019-03-15 02:26:57 -07:00
|
|
|
function validateAccount(address _account, string memory _orgId) public view
|
2019-07-19 01:16:50 -07:00
|
|
|
returns (bool){
|
2019-07-21 20:17:39 -07:00
|
|
|
return (accountManager.validateAccount(_account, _orgId));
|
2019-04-04 03:25:43 -07:00
|
|
|
}
|
2019-03-14 23:41:04 -07:00
|
|
|
|
2019-07-30 01:56:44 -07:00
|
|
|
/** @notice function to update the voter list at network level. this will
|
|
|
|
be called whenever an account is assigned a network admin role
|
|
|
|
or an account having network admin role is being assigned
|
|
|
|
different role
|
|
|
|
* @param _orgId org id to which the account belongs
|
|
|
|
* @param _account account which needs to be added/removed as voter
|
|
|
|
* @param _add bool indicating if its an add or delete operation
|
|
|
|
*/
|
2019-07-19 01:16:50 -07:00
|
|
|
function updateVoterList(string memory _orgId, address _account, bool _add) internal {
|
|
|
|
if (_add) {
|
2019-07-21 20:17:39 -07:00
|
|
|
voterManager.addVoter(_orgId, _account);
|
2019-07-19 01:16:50 -07:00
|
|
|
}
|
|
|
|
else {
|
2019-07-21 20:17:39 -07:00
|
|
|
voterManager.deleteVoter(_orgId, _account);
|
2019-07-19 01:16:50 -07:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2019-07-30 01:56:44 -07:00
|
|
|
/** @notice whenever a network admin account votes on a pending item, this
|
|
|
|
function processes the vote.
|
|
|
|
* @param _orgId org id of the caller
|
|
|
|
* @param _caller account which approving the operation
|
|
|
|
* @param _pendingOp operation for which the approval is being done
|
|
|
|
* @dev the list of pending ops are managed in voter manager contract
|
|
|
|
*/
|
2019-07-21 20:25:14 -07:00
|
|
|
function processVote(string memory _orgId, address _caller, uint256 _pendingOp) internal
|
2019-07-19 01:16:50 -07:00
|
|
|
returns (bool){
|
2019-07-21 20:17:39 -07:00
|
|
|
return voterManager.processVote(_orgId, _caller, _pendingOp);
|
2019-07-19 01:16:50 -07:00
|
|
|
}
|
|
|
|
|
2019-07-30 01:56:44 -07:00
|
|
|
/** @notice returns various permissions policy related parameters
|
|
|
|
* @return adminOrg admin org id
|
|
|
|
* @return adminRole default network admin role
|
|
|
|
* @return orgAdminRole default org admin role
|
|
|
|
* @return networkBoot network boot status
|
|
|
|
*/
|
2019-07-19 01:16:50 -07:00
|
|
|
function getPolicyDetails() external view
|
|
|
|
returns (string memory, string memory, string memory, bool){
|
|
|
|
return (adminOrg, adminRole, orgAdminRole, networkBoot);
|
|
|
|
}
|
|
|
|
|
2019-07-30 01:56:44 -07:00
|
|
|
/** @notice checks if the passed org exists or not
|
|
|
|
* @param _orgId org id
|
|
|
|
* @return true/false
|
|
|
|
*/
|
2019-07-19 01:16:50 -07:00
|
|
|
function _checkOrgExists(string memory _orgId) internal view
|
|
|
|
returns (bool){
|
2019-07-21 20:17:39 -07:00
|
|
|
return orgManager.checkOrgExists(_orgId);
|
2019-03-28 02:53:11 -07:00
|
|
|
}
|
|
|
|
|
2019-07-30 01:56:44 -07:00
|
|
|
/** @notice checks if the passed org is in approved status
|
|
|
|
* @param _orgId org id
|
|
|
|
* @return true/false
|
|
|
|
*/
|
2019-03-28 02:53:11 -07:00
|
|
|
function checkOrgApproved(string memory _orgId) internal view
|
2019-07-19 01:16:50 -07:00
|
|
|
returns (bool){
|
2019-07-21 20:17:39 -07:00
|
|
|
return orgManager.checkOrgStatus(_orgId, 2);
|
2019-03-28 02:53:11 -07:00
|
|
|
}
|
|
|
|
|
2019-07-30 01:56:44 -07:00
|
|
|
/** @notice checks if the passed org is in the status passed
|
|
|
|
* @param _orgId org id
|
|
|
|
* @param _status status to be checked for
|
|
|
|
* @return true/false
|
|
|
|
*/
|
2019-07-21 20:25:14 -07:00
|
|
|
function _checkOrgStatus(string memory _orgId, uint256 _status) internal view
|
2019-07-19 01:16:50 -07:00
|
|
|
returns (bool){
|
2019-07-21 20:17:39 -07:00
|
|
|
return orgManager.checkOrgStatus(_orgId, _status);
|
2019-03-28 02:53:11 -07:00
|
|
|
}
|
2019-04-03 07:25:01 -07:00
|
|
|
|
2019-07-30 01:56:44 -07:00
|
|
|
/** @notice checks if org admin account exists for the passed org id
|
|
|
|
* @param _orgId org id
|
|
|
|
* @return true/false
|
|
|
|
*/
|
2019-07-19 01:16:50 -07:00
|
|
|
function _checkOrgAdminExists(string memory _orgId) internal view
|
|
|
|
returns (bool){
|
2019-07-21 20:17:39 -07:00
|
|
|
return accountManager.orgAdminExists(_orgId);
|
2019-04-21 18:51:03 -07:00
|
|
|
}
|
|
|
|
|
2019-07-30 01:56:44 -07:00
|
|
|
/** @notice checks if role id exists for the passed org_id
|
|
|
|
* @param _roleId role id
|
|
|
|
* @param _orgId org id
|
|
|
|
* @return true/false
|
|
|
|
*/
|
2019-07-19 01:16:50 -07:00
|
|
|
function _roleExists(string memory _roleId, string memory _orgId) internal view
|
|
|
|
returns (bool){
|
2019-07-21 20:17:39 -07:00
|
|
|
return roleManager.roleExists(_roleId, _orgId, _getUltimateParent(_orgId));
|
2019-03-28 02:53:11 -07:00
|
|
|
}
|
2019-04-03 07:25:01 -07:00
|
|
|
|
2019-07-30 01:56:44 -07:00
|
|
|
/** @notice checks if the role id for the org is a voter role
|
|
|
|
* @param _roleId role id
|
|
|
|
* @param _orgId org id
|
|
|
|
* @return true/false
|
|
|
|
*/
|
2019-07-19 01:16:50 -07:00
|
|
|
function _isVoterRole(string memory _roleId, string memory _orgId) internal view
|
|
|
|
returns (bool){
|
2019-07-21 20:17:39 -07:00
|
|
|
return roleManager.isVoterRole(_roleId, _orgId, _getUltimateParent(_orgId));
|
2019-04-09 22:59:15 -07:00
|
|
|
}
|
|
|
|
|
2019-07-30 01:56:44 -07:00
|
|
|
/** @notice returns the ultimate parent for a given org id
|
|
|
|
* @param _orgId org id
|
|
|
|
* @return ultimate parent org id
|
|
|
|
*/
|
2019-07-19 01:16:50 -07:00
|
|
|
function _getUltimateParent(string memory _orgId) internal view
|
|
|
|
returns (string memory){
|
2019-07-21 20:17:39 -07:00
|
|
|
return orgManager.getUltimateParent(_orgId);
|
2019-03-28 02:53:11 -07:00
|
|
|
}
|
|
|
|
|
2019-03-14 23:41:04 -07:00
|
|
|
}
|