mirror of https://github.com/poanetwork/quorum.git
permissions: Changes for the following:
1. Enabling allow a role to marked as admin role 2. managing error handling
This commit is contained in:
parent
78dbedb254
commit
34565b5252
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
@ -28,7 +28,7 @@ var (
|
|||
)
|
||||
|
||||
// RoleManagerABI is the input ABI used to generate the binding from.
|
||||
const RoleManagerABI = "[{\"constant\":true,\"inputs\":[{\"name\":\"_roleId\",\"type\":\"string\"},{\"name\":\"_orgId\",\"type\":\"string\"}],\"name\":\"getRoleDetails\",\"outputs\":[{\"name\":\"roleId\",\"type\":\"string\"},{\"name\":\"orgId\",\"type\":\"string\"},{\"name\":\"accessType\",\"type\":\"uint256\"},{\"name\":\"voter\",\"type\":\"bool\"},{\"name\":\"active\",\"type\":\"bool\"}],\"payable\":false,\"stateMutability\":\"view\",\"type\":\"function\"},{\"constant\":true,\"inputs\":[{\"name\":\"_roleId\",\"type\":\"string\"},{\"name\":\"_orgId\",\"type\":\"string\"},{\"name\":\"_ultParent\",\"type\":\"string\"}],\"name\":\"isFullAccessRole\",\"outputs\":[{\"name\":\"\",\"type\":\"bool\"}],\"payable\":false,\"stateMutability\":\"view\",\"type\":\"function\"},{\"constant\":false,\"inputs\":[{\"name\":\"_roleId\",\"type\":\"string\"},{\"name\":\"_orgId\",\"type\":\"string\"},{\"name\":\"_baseAccess\",\"type\":\"uint256\"},{\"name\":\"_voter\",\"type\":\"bool\"}],\"name\":\"addRole\",\"outputs\":[],\"payable\":false,\"stateMutability\":\"nonpayable\",\"type\":\"function\"},{\"constant\":true,\"inputs\":[],\"name\":\"getNumberOfRoles\",\"outputs\":[{\"name\":\"\",\"type\":\"uint256\"}],\"payable\":false,\"stateMutability\":\"view\",\"type\":\"function\"},{\"constant\":true,\"inputs\":[{\"name\":\"rIndex\",\"type\":\"uint256\"}],\"name\":\"getRoleDetailsFromIndex\",\"outputs\":[{\"name\":\"roleId\",\"type\":\"string\"},{\"name\":\"orgId\",\"type\":\"string\"},{\"name\":\"accessType\",\"type\":\"uint256\"},{\"name\":\"voter\",\"type\":\"bool\"},{\"name\":\"active\",\"type\":\"bool\"}],\"payable\":false,\"stateMutability\":\"view\",\"type\":\"function\"},{\"constant\":false,\"inputs\":[{\"name\":\"_roleId\",\"type\":\"string\"},{\"name\":\"_orgId\",\"type\":\"string\"}],\"name\":\"removeRole\",\"outputs\":[],\"payable\":false,\"stateMutability\":\"nonpayable\",\"type\":\"function\"},{\"constant\":true,\"inputs\":[{\"name\":\"_roleId\",\"type\":\"string\"},{\"name\":\"_orgId\",\"type\":\"string\"},{\"name\":\"_ultParent\",\"type\":\"string\"}],\"name\":\"roleExists\",\"outputs\":[{\"name\":\"\",\"type\":\"bool\"}],\"payable\":false,\"stateMutability\":\"view\",\"type\":\"function\"},{\"constant\":true,\"inputs\":[{\"name\":\"_roleId\",\"type\":\"string\"},{\"name\":\"_orgId\",\"type\":\"string\"},{\"name\":\"_ultParent\",\"type\":\"string\"}],\"name\":\"isVoterRole\",\"outputs\":[{\"name\":\"\",\"type\":\"bool\"}],\"payable\":false,\"stateMutability\":\"view\",\"type\":\"function\"},{\"inputs\":[{\"name\":\"_permUpgradable\",\"type\":\"address\"}],\"payable\":false,\"stateMutability\":\"nonpayable\",\"type\":\"constructor\"},{\"anonymous\":false,\"inputs\":[{\"indexed\":false,\"name\":\"_roleId\",\"type\":\"string\"},{\"indexed\":false,\"name\":\"_orgId\",\"type\":\"string\"},{\"indexed\":false,\"name\":\"_baseAccess\",\"type\":\"uint256\"},{\"indexed\":false,\"name\":\"_isVoter\",\"type\":\"bool\"}],\"name\":\"RoleCreated\",\"type\":\"event\"},{\"anonymous\":false,\"inputs\":[{\"indexed\":false,\"name\":\"_roleId\",\"type\":\"string\"},{\"indexed\":false,\"name\":\"_orgId\",\"type\":\"string\"}],\"name\":\"RoleRevoked\",\"type\":\"event\"}]"
|
||||
const RoleManagerABI = "[{\"constant\":true,\"inputs\":[{\"name\":\"_roleId\",\"type\":\"string\"},{\"name\":\"_orgId\",\"type\":\"string\"}],\"name\":\"getRoleDetails\",\"outputs\":[{\"name\":\"roleId\",\"type\":\"string\"},{\"name\":\"orgId\",\"type\":\"string\"},{\"name\":\"accessType\",\"type\":\"uint256\"},{\"name\":\"voter\",\"type\":\"bool\"},{\"name\":\"active\",\"type\":\"bool\"}],\"payable\":false,\"stateMutability\":\"view\",\"type\":\"function\"},{\"constant\":true,\"inputs\":[{\"name\":\"_roleId\",\"type\":\"string\"},{\"name\":\"_orgId\",\"type\":\"string\"},{\"name\":\"_ultParent\",\"type\":\"string\"}],\"name\":\"isFullAccessRole\",\"outputs\":[{\"name\":\"\",\"type\":\"bool\"}],\"payable\":false,\"stateMutability\":\"view\",\"type\":\"function\"},{\"constant\":false,\"inputs\":[{\"name\":\"_roleId\",\"type\":\"string\"},{\"name\":\"_orgId\",\"type\":\"string\"},{\"name\":\"_baseAccess\",\"type\":\"uint256\"},{\"name\":\"_voter\",\"type\":\"bool\"},{\"name\":\"_admin\",\"type\":\"bool\"}],\"name\":\"addRole\",\"outputs\":[],\"payable\":false,\"stateMutability\":\"nonpayable\",\"type\":\"function\"},{\"constant\":true,\"inputs\":[],\"name\":\"getNumberOfRoles\",\"outputs\":[{\"name\":\"\",\"type\":\"uint256\"}],\"payable\":false,\"stateMutability\":\"view\",\"type\":\"function\"},{\"constant\":true,\"inputs\":[{\"name\":\"rIndex\",\"type\":\"uint256\"}],\"name\":\"getRoleDetailsFromIndex\",\"outputs\":[{\"name\":\"roleId\",\"type\":\"string\"},{\"name\":\"orgId\",\"type\":\"string\"},{\"name\":\"accessType\",\"type\":\"uint256\"},{\"name\":\"voter\",\"type\":\"bool\"},{\"name\":\"admin\",\"type\":\"bool\"},{\"name\":\"active\",\"type\":\"bool\"}],\"payable\":false,\"stateMutability\":\"view\",\"type\":\"function\"},{\"constant\":false,\"inputs\":[{\"name\":\"_roleId\",\"type\":\"string\"},{\"name\":\"_orgId\",\"type\":\"string\"}],\"name\":\"removeRole\",\"outputs\":[],\"payable\":false,\"stateMutability\":\"nonpayable\",\"type\":\"function\"},{\"constant\":true,\"inputs\":[{\"name\":\"_roleId\",\"type\":\"string\"},{\"name\":\"_orgId\",\"type\":\"string\"},{\"name\":\"_ultParent\",\"type\":\"string\"}],\"name\":\"roleExists\",\"outputs\":[{\"name\":\"\",\"type\":\"bool\"}],\"payable\":false,\"stateMutability\":\"view\",\"type\":\"function\"},{\"constant\":true,\"inputs\":[{\"name\":\"_roleId\",\"type\":\"string\"},{\"name\":\"_orgId\",\"type\":\"string\"},{\"name\":\"_ultParent\",\"type\":\"string\"}],\"name\":\"isAdminRole\",\"outputs\":[{\"name\":\"\",\"type\":\"bool\"}],\"payable\":false,\"stateMutability\":\"view\",\"type\":\"function\"},{\"constant\":true,\"inputs\":[{\"name\":\"_roleId\",\"type\":\"string\"},{\"name\":\"_orgId\",\"type\":\"string\"},{\"name\":\"_ultParent\",\"type\":\"string\"}],\"name\":\"isVoterRole\",\"outputs\":[{\"name\":\"\",\"type\":\"bool\"}],\"payable\":false,\"stateMutability\":\"view\",\"type\":\"function\"},{\"inputs\":[{\"name\":\"_permUpgradable\",\"type\":\"address\"}],\"payable\":false,\"stateMutability\":\"nonpayable\",\"type\":\"constructor\"},{\"anonymous\":false,\"inputs\":[{\"indexed\":false,\"name\":\"_roleId\",\"type\":\"string\"},{\"indexed\":false,\"name\":\"_orgId\",\"type\":\"string\"},{\"indexed\":false,\"name\":\"_baseAccess\",\"type\":\"uint256\"},{\"indexed\":false,\"name\":\"_isVoter\",\"type\":\"bool\"},{\"indexed\":false,\"name\":\"_isAdmin\",\"type\":\"bool\"}],\"name\":\"RoleCreated\",\"type\":\"event\"},{\"anonymous\":false,\"inputs\":[{\"indexed\":false,\"name\":\"_roleId\",\"type\":\"string\"},{\"indexed\":false,\"name\":\"_orgId\",\"type\":\"string\"}],\"name\":\"RoleRevoked\",\"type\":\"event\"}]"
|
||||
|
||||
// RoleManager is an auto generated Go binding around an Ethereum contract.
|
||||
type RoleManager struct {
|
||||
|
@ -248,12 +248,13 @@ func (_RoleManager *RoleManagerCallerSession) GetRoleDetails(_roleId string, _or
|
|||
|
||||
// GetRoleDetailsFromIndex is a free data retrieval call binding the contract method 0xa451d4a8.
|
||||
//
|
||||
// Solidity: function getRoleDetailsFromIndex(rIndex uint256) constant returns(roleId string, orgId string, accessType uint256, voter bool, active bool)
|
||||
// Solidity: function getRoleDetailsFromIndex(rIndex uint256) constant returns(roleId string, orgId string, accessType uint256, voter bool, admin bool, active bool)
|
||||
func (_RoleManager *RoleManagerCaller) GetRoleDetailsFromIndex(opts *bind.CallOpts, rIndex *big.Int) (struct {
|
||||
RoleId string
|
||||
OrgId string
|
||||
AccessType *big.Int
|
||||
Voter bool
|
||||
Admin bool
|
||||
Active bool
|
||||
}, error) {
|
||||
ret := new(struct {
|
||||
|
@ -261,6 +262,7 @@ func (_RoleManager *RoleManagerCaller) GetRoleDetailsFromIndex(opts *bind.CallOp
|
|||
OrgId string
|
||||
AccessType *big.Int
|
||||
Voter bool
|
||||
Admin bool
|
||||
Active bool
|
||||
})
|
||||
out := ret
|
||||
|
@ -270,12 +272,13 @@ func (_RoleManager *RoleManagerCaller) GetRoleDetailsFromIndex(opts *bind.CallOp
|
|||
|
||||
// GetRoleDetailsFromIndex is a free data retrieval call binding the contract method 0xa451d4a8.
|
||||
//
|
||||
// Solidity: function getRoleDetailsFromIndex(rIndex uint256) constant returns(roleId string, orgId string, accessType uint256, voter bool, active bool)
|
||||
// Solidity: function getRoleDetailsFromIndex(rIndex uint256) constant returns(roleId string, orgId string, accessType uint256, voter bool, admin bool, active bool)
|
||||
func (_RoleManager *RoleManagerSession) GetRoleDetailsFromIndex(rIndex *big.Int) (struct {
|
||||
RoleId string
|
||||
OrgId string
|
||||
AccessType *big.Int
|
||||
Voter bool
|
||||
Admin bool
|
||||
Active bool
|
||||
}, error) {
|
||||
return _RoleManager.Contract.GetRoleDetailsFromIndex(&_RoleManager.CallOpts, rIndex)
|
||||
|
@ -283,17 +286,44 @@ func (_RoleManager *RoleManagerSession) GetRoleDetailsFromIndex(rIndex *big.Int)
|
|||
|
||||
// GetRoleDetailsFromIndex is a free data retrieval call binding the contract method 0xa451d4a8.
|
||||
//
|
||||
// Solidity: function getRoleDetailsFromIndex(rIndex uint256) constant returns(roleId string, orgId string, accessType uint256, voter bool, active bool)
|
||||
// Solidity: function getRoleDetailsFromIndex(rIndex uint256) constant returns(roleId string, orgId string, accessType uint256, voter bool, admin bool, active bool)
|
||||
func (_RoleManager *RoleManagerCallerSession) GetRoleDetailsFromIndex(rIndex *big.Int) (struct {
|
||||
RoleId string
|
||||
OrgId string
|
||||
AccessType *big.Int
|
||||
Voter bool
|
||||
Admin bool
|
||||
Active bool
|
||||
}, error) {
|
||||
return _RoleManager.Contract.GetRoleDetailsFromIndex(&_RoleManager.CallOpts, rIndex)
|
||||
}
|
||||
|
||||
// IsAdminRole is a free data retrieval call binding the contract method 0xbe322e54.
|
||||
//
|
||||
// Solidity: function isAdminRole(_roleId string, _orgId string, _ultParent string) constant returns(bool)
|
||||
func (_RoleManager *RoleManagerCaller) IsAdminRole(opts *bind.CallOpts, _roleId string, _orgId string, _ultParent string) (bool, error) {
|
||||
var (
|
||||
ret0 = new(bool)
|
||||
)
|
||||
out := ret0
|
||||
err := _RoleManager.contract.Call(opts, out, "isAdminRole", _roleId, _orgId, _ultParent)
|
||||
return *ret0, err
|
||||
}
|
||||
|
||||
// IsAdminRole is a free data retrieval call binding the contract method 0xbe322e54.
|
||||
//
|
||||
// Solidity: function isAdminRole(_roleId string, _orgId string, _ultParent string) constant returns(bool)
|
||||
func (_RoleManager *RoleManagerSession) IsAdminRole(_roleId string, _orgId string, _ultParent string) (bool, error) {
|
||||
return _RoleManager.Contract.IsAdminRole(&_RoleManager.CallOpts, _roleId, _orgId, _ultParent)
|
||||
}
|
||||
|
||||
// IsAdminRole is a free data retrieval call binding the contract method 0xbe322e54.
|
||||
//
|
||||
// Solidity: function isAdminRole(_roleId string, _orgId string, _ultParent string) constant returns(bool)
|
||||
func (_RoleManager *RoleManagerCallerSession) IsAdminRole(_roleId string, _orgId string, _ultParent string) (bool, error) {
|
||||
return _RoleManager.Contract.IsAdminRole(&_RoleManager.CallOpts, _roleId, _orgId, _ultParent)
|
||||
}
|
||||
|
||||
// IsFullAccessRole is a free data retrieval call binding the contract method 0x1df2ec04.
|
||||
//
|
||||
// Solidity: function isFullAccessRole(_roleId string, _orgId string, _ultParent string) constant returns(bool)
|
||||
|
@ -372,25 +402,25 @@ func (_RoleManager *RoleManagerCallerSession) RoleExists(_roleId string, _orgId
|
|||
return _RoleManager.Contract.RoleExists(&_RoleManager.CallOpts, _roleId, _orgId, _ultParent)
|
||||
}
|
||||
|
||||
// AddRole is a paid mutator transaction binding the contract method 0x5ba4d7c5.
|
||||
// AddRole is a paid mutator transaction binding the contract method 0x7b713579.
|
||||
//
|
||||
// Solidity: function addRole(_roleId string, _orgId string, _baseAccess uint256, _voter bool) returns()
|
||||
func (_RoleManager *RoleManagerTransactor) AddRole(opts *bind.TransactOpts, _roleId string, _orgId string, _baseAccess *big.Int, _voter bool) (*types.Transaction, error) {
|
||||
return _RoleManager.contract.Transact(opts, "addRole", _roleId, _orgId, _baseAccess, _voter)
|
||||
// Solidity: function addRole(_roleId string, _orgId string, _baseAccess uint256, _voter bool, _admin bool) returns()
|
||||
func (_RoleManager *RoleManagerTransactor) AddRole(opts *bind.TransactOpts, _roleId string, _orgId string, _baseAccess *big.Int, _voter bool, _admin bool) (*types.Transaction, error) {
|
||||
return _RoleManager.contract.Transact(opts, "addRole", _roleId, _orgId, _baseAccess, _voter, _admin)
|
||||
}
|
||||
|
||||
// AddRole is a paid mutator transaction binding the contract method 0x5ba4d7c5.
|
||||
// AddRole is a paid mutator transaction binding the contract method 0x7b713579.
|
||||
//
|
||||
// Solidity: function addRole(_roleId string, _orgId string, _baseAccess uint256, _voter bool) returns()
|
||||
func (_RoleManager *RoleManagerSession) AddRole(_roleId string, _orgId string, _baseAccess *big.Int, _voter bool) (*types.Transaction, error) {
|
||||
return _RoleManager.Contract.AddRole(&_RoleManager.TransactOpts, _roleId, _orgId, _baseAccess, _voter)
|
||||
// Solidity: function addRole(_roleId string, _orgId string, _baseAccess uint256, _voter bool, _admin bool) returns()
|
||||
func (_RoleManager *RoleManagerSession) AddRole(_roleId string, _orgId string, _baseAccess *big.Int, _voter bool, _admin bool) (*types.Transaction, error) {
|
||||
return _RoleManager.Contract.AddRole(&_RoleManager.TransactOpts, _roleId, _orgId, _baseAccess, _voter, _admin)
|
||||
}
|
||||
|
||||
// AddRole is a paid mutator transaction binding the contract method 0x5ba4d7c5.
|
||||
// AddRole is a paid mutator transaction binding the contract method 0x7b713579.
|
||||
//
|
||||
// Solidity: function addRole(_roleId string, _orgId string, _baseAccess uint256, _voter bool) returns()
|
||||
func (_RoleManager *RoleManagerTransactorSession) AddRole(_roleId string, _orgId string, _baseAccess *big.Int, _voter bool) (*types.Transaction, error) {
|
||||
return _RoleManager.Contract.AddRole(&_RoleManager.TransactOpts, _roleId, _orgId, _baseAccess, _voter)
|
||||
// Solidity: function addRole(_roleId string, _orgId string, _baseAccess uint256, _voter bool, _admin bool) returns()
|
||||
func (_RoleManager *RoleManagerTransactorSession) AddRole(_roleId string, _orgId string, _baseAccess *big.Int, _voter bool, _admin bool) (*types.Transaction, error) {
|
||||
return _RoleManager.Contract.AddRole(&_RoleManager.TransactOpts, _roleId, _orgId, _baseAccess, _voter, _admin)
|
||||
}
|
||||
|
||||
// RemoveRole is a paid mutator transaction binding the contract method 0xa6343012.
|
||||
|
@ -487,12 +517,13 @@ type RoleManagerRoleCreated struct {
|
|||
OrgId string
|
||||
BaseAccess *big.Int
|
||||
IsVoter bool
|
||||
IsAdmin bool
|
||||
Raw types.Log // Blockchain specific contextual infos
|
||||
}
|
||||
|
||||
// FilterRoleCreated is a free log retrieval operation binding the contract event 0x386ac6109c3e45c782fc5c1ad923957645d668ed4197e3173966eb66413e07c6.
|
||||
// FilterRoleCreated is a free log retrieval operation binding the contract event 0xefa5bc1bedbee25b04b00855c15a0c180ecb4a2440d4d08296e49561655e2b1c.
|
||||
//
|
||||
// Solidity: e RoleCreated(_roleId string, _orgId string, _baseAccess uint256, _isVoter bool)
|
||||
// Solidity: e RoleCreated(_roleId string, _orgId string, _baseAccess uint256, _isVoter bool, _isAdmin bool)
|
||||
func (_RoleManager *RoleManagerFilterer) FilterRoleCreated(opts *bind.FilterOpts) (*RoleManagerRoleCreatedIterator, error) {
|
||||
|
||||
logs, sub, err := _RoleManager.contract.FilterLogs(opts, "RoleCreated")
|
||||
|
@ -502,9 +533,9 @@ func (_RoleManager *RoleManagerFilterer) FilterRoleCreated(opts *bind.FilterOpts
|
|||
return &RoleManagerRoleCreatedIterator{contract: _RoleManager.contract, event: "RoleCreated", logs: logs, sub: sub}, nil
|
||||
}
|
||||
|
||||
// WatchRoleCreated is a free log subscription operation binding the contract event 0x386ac6109c3e45c782fc5c1ad923957645d668ed4197e3173966eb66413e07c6.
|
||||
// WatchRoleCreated is a free log subscription operation binding the contract event 0xefa5bc1bedbee25b04b00855c15a0c180ecb4a2440d4d08296e49561655e2b1c.
|
||||
//
|
||||
// Solidity: e RoleCreated(_roleId string, _orgId string, _baseAccess uint256, _isVoter bool)
|
||||
// Solidity: e RoleCreated(_roleId string, _orgId string, _baseAccess uint256, _isVoter bool, _isAdmin bool)
|
||||
func (_RoleManager *RoleManagerFilterer) WatchRoleCreated(opts *bind.WatchOpts, sink chan<- *RoleManagerRoleCreated) (event.Subscription, error) {
|
||||
|
||||
logs, sub, err := _RoleManager.contract.WatchLogs(opts, "RoleCreated")
|
||||
|
|
|
@ -137,25 +137,11 @@ contract AccountManager {
|
|||
|
||||
}
|
||||
|
||||
function assignAccountRole(address _address, string calldata _orgId, string calldata _roleId) external
|
||||
function assignAccountRole(address _address, string calldata _orgId, string calldata _roleId, bool _adminRole) external
|
||||
onlyImpl
|
||||
{
|
||||
require(((keccak256(abi.encodePacked(_roleId)) != keccak256(abi.encodePacked(adminRole))) && (keccak256(abi.encodePacked(abi.encodePacked(_roleId))) != keccak256(abi.encodePacked(orgAdminRole)))), "cannot be called fro assigning org admin and network admin roles");
|
||||
|
||||
bool oAdminRole = false;
|
||||
uint status = 2;
|
||||
|
||||
if (keccak256(abi.encodePacked(_roleId)) == keccak256(abi.encodePacked(orgAdminRole))) {
|
||||
require(orgAdminIndex[keccak256(abi.encodePacked(_orgId))] != address(0), "org admin exists");
|
||||
}
|
||||
|
||||
// if the role id is ORGADMIN then check if already an orgadmin exists
|
||||
if ((keccak256(abi.encodePacked(_roleId)) == keccak256(abi.encodePacked(orgAdminRole))) ||
|
||||
(keccak256(abi.encodePacked(_roleId)) == keccak256(abi.encodePacked(adminRole)))) {
|
||||
oAdminRole = true;
|
||||
status = 1;
|
||||
}
|
||||
setAccountRole(_address, _orgId, _roleId, status, oAdminRole);
|
||||
setAccountRole(_address, _orgId, _roleId, 2, _adminRole);
|
||||
}
|
||||
|
||||
function removeExistingAdmin(string calldata _orgId) external
|
||||
|
|
|
@ -89,7 +89,7 @@ contract PermissionsImplementation {
|
|||
nodes = NodeManager(_nodeManager);
|
||||
|
||||
org.setUpOrg(adminOrg, _breadth, _depth);
|
||||
roles.addRole(adminRole, adminOrg, fullAccess, true);
|
||||
roles.addRole(adminRole, adminOrg, fullAccess, true, true);
|
||||
accounts.setDefaults(adminRole, orgAdminRole);
|
||||
}
|
||||
|
||||
|
@ -137,7 +137,7 @@ contract PermissionsImplementation {
|
|||
require(checkOrgStatus(_orgId, 1) == true, "Nothing to approve");
|
||||
if ((processVote(adminOrg, _caller, 1))) {
|
||||
org.approveOrg(_orgId);
|
||||
roles.addRole(orgAdminRole, _orgId, fullAccess, true);
|
||||
roles.addRole(orgAdminRole, _orgId, fullAccess, true, true);
|
||||
nodes.approveNode(_enodeId, _orgId);
|
||||
accounts.addNewAdmin(_orgId, _account);
|
||||
}
|
||||
|
@ -155,7 +155,7 @@ contract PermissionsImplementation {
|
|||
}
|
||||
if (_account != address(0)) {
|
||||
require(validateAccount(_account, pid) == true, "Operation cannot be performed");
|
||||
accounts.assignAccountRole(_account, pid, orgAdminRole);
|
||||
accounts.assignAccountRole(_account, pid, orgAdminRole, true);
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -187,13 +187,13 @@ contract PermissionsImplementation {
|
|||
}
|
||||
|
||||
// Role related functions
|
||||
function addNewRole(string calldata _roleId, string calldata _orgId, uint _access, bool _voter, address _caller) external
|
||||
function addNewRole(string calldata _roleId, string calldata _orgId, uint _access, bool _voter, bool _admin, address _caller) external
|
||||
onlyProxy
|
||||
orgApproved(_orgId)
|
||||
orgAdmin(_caller, _orgId)
|
||||
{
|
||||
//add new roles can be created by org admins only
|
||||
roles.addRole(_roleId, _orgId, _access, _voter);
|
||||
roles.addRole(_roleId, _orgId, _access, _voter, _admin);
|
||||
}
|
||||
|
||||
function removeRole(string calldata _roleId, string calldata _orgId, address _caller) external
|
||||
|
@ -240,7 +240,8 @@ contract PermissionsImplementation {
|
|||
{
|
||||
require(validateAccount(_acct, _orgId) == true, "Operation cannot be performed");
|
||||
require(roleExists(_roleId, _orgId) == true, "role does not exists");
|
||||
accounts.assignAccountRole(_acct, _orgId, _roleId);
|
||||
bool admin = roles.isAdminRole(_roleId, _orgId, getUltimateParent(_orgId));
|
||||
accounts.assignAccountRole(_acct, _orgId, _roleId, admin);
|
||||
}
|
||||
|
||||
function updateAccountStatus(string calldata _orgId, address _account, uint _status, address _caller) external
|
||||
|
@ -307,7 +308,10 @@ contract PermissionsImplementation {
|
|||
function isOrgAdmin(address _account, string memory _orgId) public view
|
||||
returns (bool)
|
||||
{
|
||||
return (accounts.checkOrgAdmin(_account, _orgId, getUltimateParent(_orgId)));
|
||||
if (accounts.checkOrgAdmin(_account, _orgId, getUltimateParent(_orgId))) {
|
||||
return true;
|
||||
}
|
||||
return roles.isAdminRole(accounts.getAccountRole(_account), _orgId, getUltimateParent(_orgId));
|
||||
}
|
||||
|
||||
function validateAccount(address _account, string memory _orgId) public view
|
||||
|
|
|
@ -90,9 +90,9 @@ contract PermissionsInterface {
|
|||
}
|
||||
|
||||
// Role related functions
|
||||
function addNewRole(string calldata _roleId, string calldata _orgId, uint _access, bool _voter) external
|
||||
function addNewRole(string calldata _roleId, string calldata _orgId, uint _access, bool _voter, bool _admin) external
|
||||
{
|
||||
permImplementation.addNewRole(_roleId, _orgId, _access, _voter, msg.sender);
|
||||
permImplementation.addNewRole(_roleId, _orgId, _access, _voter, _admin, msg.sender);
|
||||
}
|
||||
|
||||
function removeRole(string calldata _roleId, string calldata _orgId) external
|
||||
|
|
|
@ -9,6 +9,7 @@ contract RoleManager {
|
|||
string orgId;
|
||||
uint baseAccess;
|
||||
bool isVoter;
|
||||
bool isAdmin;
|
||||
bool active;
|
||||
}
|
||||
|
||||
|
@ -16,7 +17,7 @@ contract RoleManager {
|
|||
mapping(bytes32 => uint) private roleIndex;
|
||||
uint private numberOfRoles;
|
||||
|
||||
event RoleCreated(string _roleId, string _orgId, uint _baseAccess, bool _isVoter);
|
||||
event RoleCreated(string _roleId, string _orgId, uint _baseAccess, bool _isVoter, bool _isAdmin);
|
||||
event RoleRevoked(string _roleId, string _orgId);
|
||||
|
||||
modifier onlyImpl
|
||||
|
@ -43,9 +44,9 @@ contract RoleManager {
|
|||
return (roleList[rIndex].roleId, roleList[rIndex].orgId, roleList[rIndex].baseAccess, roleList[rIndex].isVoter, roleList[rIndex].active);
|
||||
}
|
||||
|
||||
function getRoleDetailsFromIndex(uint rIndex) external view returns (string memory roleId, string memory orgId, uint accessType, bool voter, bool active)
|
||||
function getRoleDetailsFromIndex(uint rIndex) external view returns (string memory roleId, string memory orgId, uint accessType, bool voter, bool admin, bool active)
|
||||
{
|
||||
return (roleList[rIndex].roleId, roleList[rIndex].orgId, roleList[rIndex].baseAccess, roleList[rIndex].isVoter, roleList[rIndex].active);
|
||||
return (roleList[rIndex].roleId, roleList[rIndex].orgId, roleList[rIndex].baseAccess, roleList[rIndex].isVoter, roleList[rIndex].isAdmin, roleList[rIndex].active);
|
||||
}
|
||||
|
||||
// Get number of Role
|
||||
|
@ -54,14 +55,14 @@ contract RoleManager {
|
|||
return roleList.length;
|
||||
}
|
||||
|
||||
function addRole(string memory _roleId, string memory _orgId, uint _baseAccess, bool _voter) public
|
||||
function addRole(string memory _roleId, string memory _orgId, uint _baseAccess, bool _voter, bool _admin) public
|
||||
{
|
||||
// Check if account already exists
|
||||
if (roleIndex[keccak256(abi.encodePacked(_roleId, _orgId))] == 0) {
|
||||
numberOfRoles ++;
|
||||
roleIndex[keccak256(abi.encodePacked(_roleId, _orgId))] = numberOfRoles;
|
||||
roleList.push(RoleDetails(_roleId, _orgId, _baseAccess, _voter, true));
|
||||
emit RoleCreated(_roleId, _orgId, _baseAccess, _voter);
|
||||
roleList.push(RoleDetails(_roleId, _orgId, _baseAccess, _voter, _admin, true));
|
||||
emit RoleCreated(_roleId, _orgId, _baseAccess, _voter, _admin);
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -107,4 +108,18 @@ contract RoleManager {
|
|||
return (roleList[rIndex].active && roleList[rIndex].isVoter);
|
||||
}
|
||||
|
||||
function isAdminRole(string calldata _roleId, string calldata _orgId, string calldata _ultParent) external view returns (bool){
|
||||
if (!(roleExists(_roleId, _orgId, _ultParent))) {
|
||||
return false;
|
||||
}
|
||||
uint rIndex;
|
||||
if (roleIndex[keccak256(abi.encodePacked(_roleId, _orgId))] != 0) {
|
||||
rIndex = getRoleIndex(_roleId, _orgId);
|
||||
}
|
||||
else {
|
||||
rIndex = getRoleIndex(_roleId, _ultParent);
|
||||
}
|
||||
return (roleList[rIndex].active && roleList[rIndex].isAdmin);
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -1 +1 @@
|
|||
[{"constant":false,"inputs":[{"name":"_orgId","type":"string"},{"name":"_address","type":"address"}],"name":"approveAdminRole","outputs":[],"payable":false,"stateMutability":"nonpayable","type":"function"},{"constant":true,"inputs":[{"name":"_acct","type":"address"}],"name":"getAccountDetails","outputs":[{"name":"","type":"address"},{"name":"","type":"string"},{"name":"","type":"string"},{"name":"","type":"uint256"},{"name":"","type":"bool"}],"payable":false,"stateMutability":"view","type":"function"},{"constant":false,"inputs":[{"name":"_address","type":"address"},{"name":"_orgId","type":"string"},{"name":"_roleId","type":"string"}],"name":"assignAccountRole","outputs":[],"payable":false,"stateMutability":"nonpayable","type":"function"},{"constant":true,"inputs":[],"name":"getNumberOfAccounts","outputs":[{"name":"","type":"uint256"}],"payable":false,"stateMutability":"view","type":"function"},{"constant":true,"inputs":[{"name":"_acct","type":"address"},{"name":"_orgId","type":"string"}],"name":"validateAccount","outputs":[{"name":"","type":"bool"}],"payable":false,"stateMutability":"view","type":"function"},{"constant":true,"inputs":[{"name":"_acct","type":"address"}],"name":"getAccountRole","outputs":[{"name":"","type":"string"}],"payable":false,"stateMutability":"view","type":"function"},{"constant":false,"inputs":[{"name":"_orgId","type":"string"},{"name":"_account","type":"address"},{"name":"_status","type":"uint256"}],"name":"updateAccountStatus","outputs":[],"payable":false,"stateMutability":"nonpayable","type":"function"},{"constant":true,"inputs":[{"name":"_orgId","type":"string"}],"name":"orgAdminExists","outputs":[{"name":"","type":"bool"}],"payable":false,"stateMutability":"view","type":"function"},{"constant":true,"inputs":[{"name":"aIndex","type":"uint256"}],"name":"getAccountDetailsFromIndex","outputs":[{"name":"","type":"address"},{"name":"","type":"string"},{"name":"","type":"string"},{"name":"","type":"uint256"},{"name":"","type":"bool"}],"payable":false,"stateMutability":"view","type":"function"},{"constant":false,"inputs":[{"name":"_nwAdminRole","type":"string"},{"name":"_oAdminRole","type":"string"}],"name":"setDefaults","outputs":[],"payable":false,"stateMutability":"nonpayable","type":"function"},{"constant":false,"inputs":[{"name":"_address","type":"address"}],"name":"revokeAccountRole","outputs":[],"payable":false,"stateMutability":"nonpayable","type":"function"},{"constant":false,"inputs":[{"name":"_address","type":"address"},{"name":"_orgId","type":"string"},{"name":"_roleId","type":"string"},{"name":"_status","type":"uint256"}],"name":"assignAdminRole","outputs":[],"payable":false,"stateMutability":"nonpayable","type":"function"},{"constant":true,"inputs":[{"name":"_acct","type":"address"},{"name":"_orgId","type":"string"},{"name":"_ultParent","type":"string"}],"name":"checkOrgAdmin","outputs":[{"name":"","type":"bool"}],"payable":false,"stateMutability":"view","type":"function"},{"inputs":[{"name":"_permUpgradable","type":"address"}],"payable":false,"stateMutability":"nonpayable","type":"constructor"},{"anonymous":false,"inputs":[{"indexed":false,"name":"_address","type":"address"},{"indexed":false,"name":"_orgId","type":"string"},{"indexed":false,"name":"_roleId","type":"string"},{"indexed":false,"name":"_orgAdmin","type":"bool"},{"indexed":false,"name":"_status","type":"uint256"}],"name":"AccountAccessModified","type":"event"},{"anonymous":false,"inputs":[{"indexed":false,"name":"_address","type":"address"},{"indexed":false,"name":"_orgId","type":"string"},{"indexed":false,"name":"_roleId","type":"string"},{"indexed":false,"name":"_orgAdmin","type":"bool"}],"name":"AccountAccessRevoked","type":"event"},{"anonymous":false,"inputs":[{"indexed":false,"name":"_address","type":"address"},{"indexed":false,"name":"_orgId","type":"string"},{"indexed":false,"name":"_status","type":"uint256"}],"name":"AccountStatusChanged","type":"event"}]
|
||||
[{"constant":false,"inputs":[{"name":"_address","type":"address"},{"name":"_orgId","type":"string"},{"name":"_roleId","type":"string"},{"name":"_adminRole","type":"bool"}],"name":"assignAccountRole","outputs":[],"payable":false,"stateMutability":"nonpayable","type":"function"},{"constant":false,"inputs":[{"name":"_orgId","type":"string"}],"name":"removeExistingAdmin","outputs":[{"name":"voterUpdate","type":"bool"},{"name":"acct","type":"address"}],"payable":false,"stateMutability":"nonpayable","type":"function"},{"constant":true,"inputs":[{"name":"_acct","type":"address"}],"name":"getAccountDetails","outputs":[{"name":"","type":"address"},{"name":"","type":"string"},{"name":"","type":"string"},{"name":"","type":"uint256"},{"name":"","type":"bool"}],"payable":false,"stateMutability":"view","type":"function"},{"constant":true,"inputs":[],"name":"getNumberOfAccounts","outputs":[{"name":"","type":"uint256"}],"payable":false,"stateMutability":"view","type":"function"},{"constant":true,"inputs":[{"name":"_acct","type":"address"},{"name":"_orgId","type":"string"}],"name":"validateAccount","outputs":[{"name":"","type":"bool"}],"payable":false,"stateMutability":"view","type":"function"},{"constant":true,"inputs":[{"name":"_acct","type":"address"}],"name":"getAccountRole","outputs":[{"name":"","type":"string"}],"payable":false,"stateMutability":"view","type":"function"},{"constant":false,"inputs":[{"name":"_orgId","type":"string"},{"name":"_account","type":"address"},{"name":"_status","type":"uint256"}],"name":"updateAccountStatus","outputs":[],"payable":false,"stateMutability":"nonpayable","type":"function"},{"constant":true,"inputs":[{"name":"_orgId","type":"string"}],"name":"orgAdminExists","outputs":[{"name":"","type":"bool"}],"payable":false,"stateMutability":"view","type":"function"},{"constant":true,"inputs":[{"name":"aIndex","type":"uint256"}],"name":"getAccountDetailsFromIndex","outputs":[{"name":"","type":"address"},{"name":"","type":"string"},{"name":"","type":"string"},{"name":"","type":"uint256"},{"name":"","type":"bool"}],"payable":false,"stateMutability":"view","type":"function"},{"constant":false,"inputs":[{"name":"_orgId","type":"string"},{"name":"_address","type":"address"}],"name":"addNewAdmin","outputs":[{"name":"voterUpdate","type":"bool"}],"payable":false,"stateMutability":"nonpayable","type":"function"},{"constant":false,"inputs":[{"name":"_nwAdminRole","type":"string"},{"name":"_oAdminRole","type":"string"}],"name":"setDefaults","outputs":[],"payable":false,"stateMutability":"nonpayable","type":"function"},{"constant":false,"inputs":[{"name":"_address","type":"address"}],"name":"revokeAccountRole","outputs":[],"payable":false,"stateMutability":"nonpayable","type":"function"},{"constant":false,"inputs":[{"name":"_address","type":"address"},{"name":"_orgId","type":"string"},{"name":"_roleId","type":"string"},{"name":"_status","type":"uint256"}],"name":"assignAdminRole","outputs":[],"payable":false,"stateMutability":"nonpayable","type":"function"},{"constant":true,"inputs":[{"name":"_acct","type":"address"},{"name":"_orgId","type":"string"},{"name":"_ultParent","type":"string"}],"name":"checkOrgAdmin","outputs":[{"name":"","type":"bool"}],"payable":false,"stateMutability":"view","type":"function"},{"inputs":[{"name":"_permUpgradable","type":"address"}],"payable":false,"stateMutability":"nonpayable","type":"constructor"},{"anonymous":false,"inputs":[{"indexed":false,"name":"_address","type":"address"},{"indexed":false,"name":"_orgId","type":"string"},{"indexed":false,"name":"_roleId","type":"string"},{"indexed":false,"name":"_orgAdmin","type":"bool"},{"indexed":false,"name":"_status","type":"uint256"}],"name":"AccountAccessModified","type":"event"},{"anonymous":false,"inputs":[{"indexed":false,"name":"_address","type":"address"},{"indexed":false,"name":"_orgId","type":"string"},{"indexed":false,"name":"_roleId","type":"string"},{"indexed":false,"name":"_orgAdmin","type":"bool"}],"name":"AccountAccessRevoked","type":"event"},{"anonymous":false,"inputs":[{"indexed":false,"name":"_address","type":"address"},{"indexed":false,"name":"_orgId","type":"string"},{"indexed":false,"name":"_status","type":"uint256"}],"name":"AccountStatusChanged","type":"event"}]
|
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
@ -1 +1 @@
|
|||
[{"constant":true,"inputs":[{"name":"_roleId","type":"string"},{"name":"_orgId","type":"string"}],"name":"getRoleDetails","outputs":[{"name":"roleId","type":"string"},{"name":"orgId","type":"string"},{"name":"accessType","type":"uint256"},{"name":"voter","type":"bool"},{"name":"active","type":"bool"}],"payable":false,"stateMutability":"view","type":"function"},{"constant":true,"inputs":[{"name":"_roleId","type":"string"},{"name":"_orgId","type":"string"},{"name":"_ultParent","type":"string"}],"name":"isFullAccessRole","outputs":[{"name":"","type":"bool"}],"payable":false,"stateMutability":"view","type":"function"},{"constant":false,"inputs":[{"name":"_roleId","type":"string"},{"name":"_orgId","type":"string"},{"name":"_baseAccess","type":"uint256"},{"name":"_voter","type":"bool"}],"name":"addRole","outputs":[],"payable":false,"stateMutability":"nonpayable","type":"function"},{"constant":true,"inputs":[],"name":"getNumberOfRoles","outputs":[{"name":"","type":"uint256"}],"payable":false,"stateMutability":"view","type":"function"},{"constant":true,"inputs":[{"name":"rIndex","type":"uint256"}],"name":"getRoleDetailsFromIndex","outputs":[{"name":"roleId","type":"string"},{"name":"orgId","type":"string"},{"name":"accessType","type":"uint256"},{"name":"voter","type":"bool"},{"name":"active","type":"bool"}],"payable":false,"stateMutability":"view","type":"function"},{"constant":false,"inputs":[{"name":"_roleId","type":"string"},{"name":"_orgId","type":"string"}],"name":"removeRole","outputs":[],"payable":false,"stateMutability":"nonpayable","type":"function"},{"constant":true,"inputs":[{"name":"_roleId","type":"string"},{"name":"_orgId","type":"string"},{"name":"_ultParent","type":"string"}],"name":"roleExists","outputs":[{"name":"","type":"bool"}],"payable":false,"stateMutability":"view","type":"function"},{"constant":true,"inputs":[{"name":"_roleId","type":"string"},{"name":"_orgId","type":"string"},{"name":"_ultParent","type":"string"}],"name":"isVoterRole","outputs":[{"name":"","type":"bool"}],"payable":false,"stateMutability":"view","type":"function"},{"inputs":[{"name":"_permUpgradable","type":"address"}],"payable":false,"stateMutability":"nonpayable","type":"constructor"},{"anonymous":false,"inputs":[{"indexed":false,"name":"_roleId","type":"string"},{"indexed":false,"name":"_orgId","type":"string"},{"indexed":false,"name":"_baseAccess","type":"uint256"},{"indexed":false,"name":"_isVoter","type":"bool"}],"name":"RoleCreated","type":"event"},{"anonymous":false,"inputs":[{"indexed":false,"name":"_roleId","type":"string"},{"indexed":false,"name":"_orgId","type":"string"}],"name":"RoleRevoked","type":"event"}]
|
||||
[{"constant":true,"inputs":[{"name":"_roleId","type":"string"},{"name":"_orgId","type":"string"}],"name":"getRoleDetails","outputs":[{"name":"roleId","type":"string"},{"name":"orgId","type":"string"},{"name":"accessType","type":"uint256"},{"name":"voter","type":"bool"},{"name":"active","type":"bool"}],"payable":false,"stateMutability":"view","type":"function"},{"constant":true,"inputs":[{"name":"_roleId","type":"string"},{"name":"_orgId","type":"string"},{"name":"_ultParent","type":"string"}],"name":"isFullAccessRole","outputs":[{"name":"","type":"bool"}],"payable":false,"stateMutability":"view","type":"function"},{"constant":false,"inputs":[{"name":"_roleId","type":"string"},{"name":"_orgId","type":"string"},{"name":"_baseAccess","type":"uint256"},{"name":"_voter","type":"bool"},{"name":"_admin","type":"bool"}],"name":"addRole","outputs":[],"payable":false,"stateMutability":"nonpayable","type":"function"},{"constant":true,"inputs":[],"name":"getNumberOfRoles","outputs":[{"name":"","type":"uint256"}],"payable":false,"stateMutability":"view","type":"function"},{"constant":true,"inputs":[{"name":"rIndex","type":"uint256"}],"name":"getRoleDetailsFromIndex","outputs":[{"name":"roleId","type":"string"},{"name":"orgId","type":"string"},{"name":"accessType","type":"uint256"},{"name":"voter","type":"bool"},{"name":"admin","type":"bool"},{"name":"active","type":"bool"}],"payable":false,"stateMutability":"view","type":"function"},{"constant":false,"inputs":[{"name":"_roleId","type":"string"},{"name":"_orgId","type":"string"}],"name":"removeRole","outputs":[],"payable":false,"stateMutability":"nonpayable","type":"function"},{"constant":true,"inputs":[{"name":"_roleId","type":"string"},{"name":"_orgId","type":"string"},{"name":"_ultParent","type":"string"}],"name":"roleExists","outputs":[{"name":"","type":"bool"}],"payable":false,"stateMutability":"view","type":"function"},{"constant":true,"inputs":[{"name":"_roleId","type":"string"},{"name":"_orgId","type":"string"},{"name":"_ultParent","type":"string"}],"name":"isAdminRole","outputs":[{"name":"","type":"bool"}],"payable":false,"stateMutability":"view","type":"function"},{"constant":true,"inputs":[{"name":"_roleId","type":"string"},{"name":"_orgId","type":"string"},{"name":"_ultParent","type":"string"}],"name":"isVoterRole","outputs":[{"name":"","type":"bool"}],"payable":false,"stateMutability":"view","type":"function"},{"inputs":[{"name":"_permUpgradable","type":"address"}],"payable":false,"stateMutability":"nonpayable","type":"constructor"},{"anonymous":false,"inputs":[{"indexed":false,"name":"_roleId","type":"string"},{"indexed":false,"name":"_orgId","type":"string"},{"indexed":false,"name":"_baseAccess","type":"uint256"},{"indexed":false,"name":"_isVoter","type":"bool"},{"indexed":false,"name":"_isAdmin","type":"bool"}],"name":"RoleCreated","type":"event"},{"anonymous":false,"inputs":[{"indexed":false,"name":"_roleId","type":"string"},{"indexed":false,"name":"_orgId","type":"string"}],"name":"RoleRevoked","type":"event"}]
|
|
@ -326,7 +326,7 @@ func (p *PermissionCtrl) manageNodePermissions() {
|
|||
|
||||
case evtNodeActivated = <-chNodeActivated:
|
||||
p.updatePermissionedNodes(evtNodeActivated.EnodeId, NodeAdd)
|
||||
types.NodeInfoMap.UpsertNode(evtNodeActivated.OrgId, evtNodeActivated.EnodeId, types.NodeActivated)
|
||||
types.NodeInfoMap.UpsertNode(evtNodeActivated.OrgId, evtNodeActivated.EnodeId, types.NodeApproved)
|
||||
|
||||
case evtNodeBlacklisted = <-chNodeBlacklisted:
|
||||
p.updatePermissionedNodes(evtNodeBlacklisted.EnodeId, NodeDelete)
|
||||
|
@ -552,7 +552,7 @@ func (p *PermissionCtrl) bootupNetwork(permInterfSession *pbind.PermInterfaceSes
|
|||
}
|
||||
|
||||
types.OrgInfoMap.UpsertOrg(p.permConfig.NwAdminOrg, "", "", big.NewInt(1), types.OrgApproved)
|
||||
types.RoleInfoMap.UpsertRole(p.permConfig.NwAdminOrg, p.permConfig.NwAdminRole, true, types.FullAccess, true)
|
||||
types.RoleInfoMap.UpsertRole(p.permConfig.NwAdminOrg, p.permConfig.NwAdminRole, true, true, types.FullAccess, true)
|
||||
// populate the initial node list from static-nodes.json
|
||||
if err := p.populateStaticNodesToContract(permInterfSession); err != nil {
|
||||
return err
|
||||
|
@ -603,7 +603,7 @@ func (p *PermissionCtrl) populateRolesFromContract(auth *bind.TransactOpts) {
|
|||
iOrgNum := numberOfRoles.Uint64()
|
||||
for k := uint64(0); k < iOrgNum; k++ {
|
||||
if roleStruct, err := permRoleSession.GetRoleDetailsFromIndex(big.NewInt(int64(k))); err == nil {
|
||||
types.RoleInfoMap.UpsertRole(roleStruct.OrgId, roleStruct.RoleId, roleStruct.Voter, types.AccessType(int(roleStruct.AccessType.Int64())), roleStruct.Active)
|
||||
types.RoleInfoMap.UpsertRole(roleStruct.OrgId, roleStruct.RoleId, roleStruct.Voter, roleStruct.Admin, types.AccessType(int(roleStruct.AccessType.Int64())), roleStruct.Active)
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -720,11 +720,11 @@ func (p *PermissionCtrl) manageRolePermissions() {
|
|||
for {
|
||||
select {
|
||||
case evtRoleCreated = <-chRoleCreated:
|
||||
types.RoleInfoMap.UpsertRole(evtRoleCreated.OrgId, evtRoleCreated.RoleId, evtRoleCreated.IsVoter, types.AccessType(int(evtRoleCreated.BaseAccess.Uint64())), true)
|
||||
types.RoleInfoMap.UpsertRole(evtRoleCreated.OrgId, evtRoleCreated.RoleId, evtRoleCreated.IsVoter, evtRoleCreated.IsAdmin, types.AccessType(int(evtRoleCreated.BaseAccess.Uint64())), true)
|
||||
|
||||
case evtRoleRevoked = <-chRoleRevoked:
|
||||
if r := types.RoleInfoMap.GetRole(evtRoleRevoked.OrgId, evtRoleRevoked.RoleId); r != nil {
|
||||
types.RoleInfoMap.UpsertRole(evtRoleRevoked.OrgId, evtRoleRevoked.RoleId, r.IsVoter, r.Access, false)
|
||||
types.RoleInfoMap.UpsertRole(evtRoleRevoked.OrgId, evtRoleRevoked.RoleId, r.IsVoter, r.IsAdmin, r.Access, false)
|
||||
} else {
|
||||
log.Error("Revoke role - cache is missing role", "org", evtRoleRevoked.OrgId, "role", evtRoleRevoked.RoleId)
|
||||
}
|
||||
|
|
|
@ -89,6 +89,7 @@ type txArgs struct {
|
|||
url string
|
||||
roleId string
|
||||
isVoter bool
|
||||
isAdmin bool
|
||||
acctId common.Address
|
||||
accessType uint8
|
||||
status uint8
|
||||
|
@ -141,6 +142,7 @@ var (
|
|||
ErrOrgDoesNotExists = ExecStatus{false, "Org does not exists"}
|
||||
ErrInactiveRole = ExecStatus{false, "Role is already inactive"}
|
||||
ErrInvalidRole = ExecStatus{false, "Invalid role"}
|
||||
ErrInvalidInput = ExecStatus{false, "Invalid input"}
|
||||
ExecSuccess = ExecStatus{true, "Action completed successfully"}
|
||||
)
|
||||
|
||||
|
@ -243,8 +245,8 @@ func (s *QuorumControlsAPI) ApproveAdminRole(orgId string, acct common.Address,
|
|||
return s.executePermAction(ApproveAdminRole, txArgs{orgId: orgId, acctId: acct, txa: txa})
|
||||
}
|
||||
|
||||
func (s *QuorumControlsAPI) AddNewRole(orgId string, roleId string, access uint8, isVoter bool, txa ethapi.SendTxArgs) ExecStatus {
|
||||
return s.executePermAction(AddNewRole, txArgs{orgId: orgId, roleId: roleId, accessType: access, isVoter: isVoter, txa: txa})
|
||||
func (s *QuorumControlsAPI) AddNewRole(orgId string, roleId string, access uint8, isVoter bool, isAdmin bool, txa ethapi.SendTxArgs) ExecStatus {
|
||||
return s.executePermAction(AddNewRole, txArgs{orgId: orgId, roleId: roleId, accessType: access, isVoter: isVoter, isAdmin: isAdmin, txa: txa})
|
||||
}
|
||||
|
||||
func (s *QuorumControlsAPI) RemoveRole(orgId string, roleId string, txa ethapi.SendTxArgs) ExecStatus {
|
||||
|
@ -354,7 +356,7 @@ func (s *QuorumControlsAPI) valAccountStatusChange(orgId string, account common.
|
|||
return ErrAccountNotThere, errors.New("account not there")
|
||||
}
|
||||
|
||||
if ac.IsOrgAdmin && (op == 1 || op == 3) {
|
||||
if ac.IsOrgAdmin && (ac.RoleId == s.permConfig.NwAdminRole || ac.RoleId == s.permConfig.OrgAdminRole) && (op == 1 || op == 3) {
|
||||
return ErrOpNotAllowed, errors.New("operation not allowed on org admin account")
|
||||
}
|
||||
|
||||
|
@ -476,6 +478,9 @@ func (s *QuorumControlsAPI) executePermAction(action PermAction, args txArgs) Ex
|
|||
|
||||
case AddOrg:
|
||||
// check if the org id contains "."
|
||||
if args.orgId == "" || args.url == "" || args.acctId == (common.Address{0}) {
|
||||
return ErrInvalidInput
|
||||
}
|
||||
if !isStringAlphaNumeric(args.orgId) {
|
||||
return ErrInvalidOrgName
|
||||
}
|
||||
|
@ -521,6 +526,9 @@ func (s *QuorumControlsAPI) executePermAction(action PermAction, args txArgs) Ex
|
|||
|
||||
case AddSubOrg:
|
||||
// check if the org id contains "."
|
||||
if args.orgId == "" {
|
||||
return ErrInvalidInput
|
||||
}
|
||||
if !isStringAlphaNumeric(args.orgId) {
|
||||
return ErrInvalidOrgName
|
||||
}
|
||||
|
@ -593,7 +601,9 @@ func (s *QuorumControlsAPI) executePermAction(action PermAction, args txArgs) Ex
|
|||
tx, err = pinterf.ApproveOrgStatus(args.orgId, big.NewInt(int64(args.status)))
|
||||
|
||||
case AddNode:
|
||||
// check if org admin
|
||||
if args.url == "" {
|
||||
return ErrInvalidInput
|
||||
}
|
||||
// check if caller is network admin
|
||||
if execStatus, er := s.isOrgAdmin(args.txa.From, args.orgId); er != nil {
|
||||
return execStatus
|
||||
|
@ -621,6 +631,9 @@ func (s *QuorumControlsAPI) executePermAction(action PermAction, args txArgs) Ex
|
|||
tx, err = pinterf.UpdateNodeStatus(args.orgId, args.url, big.NewInt(int64(args.status)))
|
||||
|
||||
case AssignAdminRole:
|
||||
if args.acctId == (common.Address{0}) {
|
||||
return ErrInvalidInput
|
||||
}
|
||||
// check if caller is network admin
|
||||
if args.roleId != s.permConfig.OrgAdminRole && args.roleId != s.permConfig.NwAdminRole {
|
||||
return ErrOpNotAllowed
|
||||
|
@ -657,6 +670,9 @@ func (s *QuorumControlsAPI) executePermAction(action PermAction, args txArgs) Ex
|
|||
tx, err = pinterf.ApproveAdminRole(args.orgId, args.acctId)
|
||||
|
||||
case AddNewRole:
|
||||
if args.roleId == "" {
|
||||
return ErrInvalidInput
|
||||
}
|
||||
// check if caller is network admin
|
||||
if execStatus, er := s.isOrgAdmin(args.txa.From, args.orgId); er != nil {
|
||||
return execStatus
|
||||
|
@ -667,7 +683,7 @@ func (s *QuorumControlsAPI) executePermAction(action PermAction, args txArgs) Ex
|
|||
}
|
||||
|
||||
// check if role is already there in the org
|
||||
tx, err = pinterf.AddNewRole(args.roleId, args.orgId, big.NewInt(int64(args.accessType)), args.isVoter)
|
||||
tx, err = pinterf.AddNewRole(args.roleId, args.orgId, big.NewInt(int64(args.accessType)), args.isVoter, args.isAdmin)
|
||||
|
||||
case RemoveRole:
|
||||
// check if caller is network admin
|
||||
|
@ -696,6 +712,12 @@ func (s *QuorumControlsAPI) executePermAction(action PermAction, args txArgs) Ex
|
|||
tx, err = pinterf.RemoveRole(args.roleId, args.orgId)
|
||||
|
||||
case AssignAccountRole:
|
||||
if args.acctId == (common.Address{0}) {
|
||||
return ErrInvalidInput
|
||||
}
|
||||
if args.roleId == s.permConfig.OrgAdminRole || args.roleId == s.permConfig.NwAdminRole {
|
||||
return ErrInvalidRole
|
||||
}
|
||||
// check if caller is network admin
|
||||
if execStatus, er := s.isOrgAdmin(args.txa.From, args.orgId); er != nil {
|
||||
return execStatus
|
||||
|
|
|
@ -43,7 +43,6 @@ const (
|
|||
NodePendingApproval NodeStatus = iota + 1
|
||||
NodeApproved
|
||||
NodeDeactivated
|
||||
NodeActivated
|
||||
NodeBlackListed
|
||||
)
|
||||
|
||||
|
@ -68,6 +67,7 @@ type RoleInfo struct {
|
|||
OrgId string `json:"orgId"`
|
||||
RoleId string `json:"roleId"`
|
||||
IsVoter bool `json:"isVoter"`
|
||||
IsAdmin bool `json:"isAdmin"`
|
||||
Access AccessType `json:"access"`
|
||||
Active bool `json:"active"`
|
||||
}
|
||||
|
@ -331,11 +331,11 @@ func (a *AcctCache) GetAcctListRole(orgId, roleId string) []AccountInfo {
|
|||
return alist
|
||||
}
|
||||
|
||||
func (r *RoleCache) UpsertRole(orgId string, role string, voter bool, access AccessType, active bool) {
|
||||
func (r *RoleCache) UpsertRole(orgId string, role string, voter bool, admin bool, access AccessType, active bool) {
|
||||
defer r.mux.Unlock()
|
||||
r.mux.Lock()
|
||||
key := RoleKey{orgId, role}
|
||||
r.c.Add(key, &RoleInfo{orgId, role, voter, access, active})
|
||||
r.c.Add(key, &RoleInfo{orgId, role, voter, admin, access, active})
|
||||
|
||||
}
|
||||
|
||||
|
|
|
@ -802,8 +802,8 @@ web3._extend({
|
|||
new web3._extend.Method({
|
||||
name: 'addNewRole',
|
||||
call: 'quorumPermission_addNewRole',
|
||||
params: 5,
|
||||
inputFormatter: [null,null,null,null,web3._extend.formatters.inputTransactionFormatter]
|
||||
params: 6,
|
||||
inputFormatter: [null,null,null,null,null,web3._extend.formatters.inputTransactionFormatter]
|
||||
}),
|
||||
new web3._extend.Method({
|
||||
name: 'removeRole',
|
||||
|
|
|
@ -80,7 +80,7 @@ const (
|
|||
TxDataNonZeroGas uint64 = 68 // Per byte of data attached to a transaction that is not equal to zero. NOTE: Not payable on data of calls between transactions.
|
||||
|
||||
//MaxCodeSize = 24576 // Maximum bytecode to permit for a contract
|
||||
MaxCodeSize = 65536 // Maximum bytecode to permit for a contract
|
||||
MaxCodeSize = 32768 // Maximum bytecode to permit for a contract
|
||||
|
||||
// Precompiled contract gas prices
|
||||
|
||||
|
|
Loading…
Reference in New Issue