poanetwork
/
quorum
mirror of https://github.com/poanetwork/quorum.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

permissions: fixed the validation of org admin to ensure that a network admin account will be able to add roles, accounts etc. to the network admin org. Allowed for multiple org admins

This commit is contained in:
vsmk98 2019-04-18 13:58:08 +08:00
parent e61d765aab
commit 29ebd34963
2 changed files with 8 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
controls/permission/AccountManager.sol
View File

@ -19,7 +19,7 @@ contract AccountManager {
string private adminRole;
string private orgAdminRole;
mapping(bytes32 => address) private orgAdminIndex;
mapping(bytes32 => bool) private orgAdminIndex;
// account permission events
event AccountAccessModified(address _address, string _orgId, string _roleId, bool _orgAdmin, uint _status);
@ -45,9 +45,9 @@ contract AccountManager {
}
// Get account details given index
function orgAdminExists(string memory _orgId) public view returns (bool)
function orgAdminExists(string memory _orgId, address _account) public view returns (bool)
{
return (orgAdminIndex[keccak256(abi.encodePacked(_orgId))] != address(0));
return (orgAdminIndex[keccak256(abi.encodePacked(_orgId, _account))] == true);
}
@ -101,7 +101,7 @@ contract AccountManager {
acctAccessList.push(AccountAccessDetails(_address, _orgId, _roleId, _status, _oAdmin));
}
if (_oAdmin) {
orgAdminIndex[keccak256(abi.encodePacked(_orgId))] = _address;
orgAdminIndex[keccak256(abi.encodePacked(_orgId, _address))] = true;
}
emit AccountAccessModified(_address, _orgId, _roleId, _oAdmin, _status);
}
@ -118,7 +118,7 @@ contract AccountManager {
// if the role id is ORGADMIN then check if already an orgadmin exists
if ((keccak256(abi.encodePacked(_roleId)) == keccak256(abi.encodePacked(orgAdminRole))) ||
(keccak256(abi.encodePacked(_roleId)) == keccak256(abi.encodePacked(adminRole)))) {
if (orgAdminIndex[keccak256(abi.encodePacked(_orgId))] != address(0)) {
if (orgAdminIndex[keccak256(abi.encodePacked(_orgId, _address))] == true) {
return;
}
else {
@ -199,7 +199,7 @@ contract AccountManager {
function checkOrgAdmin(address _acct, string memory _orgId, string memory _ultParent) public view returns (bool)
{
return ((orgAdminIndex[keccak256(abi.encodePacked(_orgId))] == _acct) || (orgAdminIndex[keccak256(abi.encodePacked(_ultParent))] == _acct));
return (orgAdminIndex[keccak256(abi.encodePacked(_orgId, _acct))] || orgAdminIndex[keccak256(abi.encodePacked(_ultParent, _acct))]);
}
// this function checks if account access can be modified. Account access can be modified for a new account
@ -209,7 +209,7 @@ contract AccountManager {
if (accountIndex[_acct] == 0) {
return true;
}
return ((orgAdminIndex[keccak256(abi.encodePacked(_orgId))] == _acct) || (orgAdminIndex[keccak256(abi.encodePacked(_ultParent))] == _acct));
return (orgAdminIndex[keccak256(abi.encodePacked(_orgId, _acct))] || orgAdminIndex[keccak256(abi.encodePacked(_ultParent, _acct))]);
}
// Returns the account index based on account id
function getAcctIndex(address _acct) internal view returns (uint)

8
controls/permission/PermissionsImplementation.sol
View File

@ -214,7 +214,7 @@ contract PermissionsImplementation {
{
require(validateAccount(_account, _orgId) == true, "Operation cannot be performed");
// check if orgAdmin already exists if yes then op cannot be performed
require(checkOrgAdminExists(_orgId) != true, "org admin exists");
// require(checkOrgAdminExists(_orgId) != true, "org admin exists");
// assign the account org admin role and propose voting
accounts.assignAccountRole(_account, _orgId, orgAdminRole);
//add voting item
@ -335,12 +335,6 @@ contract PermissionsImplementation {
return org.checkOrgStatus(_orgId, _status);
}
function checkOrgAdminExists(string memory _orgId) internal view
returns (bool)
{
return accounts.orgAdminExists(_orgId);
}
function roleExists(string memory _roleId, string memory _orgId) internal view
returns (bool)
{