poanetwork
/
quorum
mirror of https://github.com/poanetwork/quorum.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

permissions: changes to incorporate security review feedback

This commit is contained in:
vsmk98 2019-07-19 16:48:42 +08:00
parent bc90e6f8af
commit 34957af299
13 changed files with 70 additions and 72 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
permission/bind/accounts.go
View File

@ -28,7 +28,7 @@ var (
) )
// AcctManagerABI is the input ABI used to generate the binding from. // AcctManagerABI is the input ABI used to generate the binding from.
const AcctManagerABI = "[{\"constant\":false,\"inputs\":[{\"name\":\"_account\",\"type\":\"address\"},{\"name\":\"_orgId\",\"type\":\"string\"},{\"name\":\"_roleId\",\"type\":\"string\"},{\"name\":\"_adminRole\",\"type\":\"bool\"}],\"name\":\"assignAccountRole\",\"outputs\":[],\"payable\":false,\"stateMutability\":\"nonpayable\",\"type\":\"function\"},{\"constant\":false,\"inputs\":[{\"name\":\"_orgId\",\"type\":\"string\"}],\"name\":\"removeExistingAdmin\",\"outputs\":[{\"name\":\"voterUpdate\",\"type\":\"bool\"},{\"name\":\"account\",\"type\":\"address\"}],\"payable\":false,\"stateMutability\":\"nonpayable\",\"type\":\"function\"},{\"constant\":true,\"inputs\":[{\"name\":\"_account\",\"type\":\"address\"}],\"name\":\"getAccountDetails\",\"outputs\":[{\"name\":\"\",\"type\":\"address\"},{\"name\":\"\",\"type\":\"string\"},{\"name\":\"\",\"type\":\"string\"},{\"name\":\"\",\"type\":\"uint256\"},{\"name\":\"\",\"type\":\"bool\"}],\"payable\":false,\"stateMutability\":\"view\",\"type\":\"function\"},{\"constant\":true,\"inputs\":[],\"name\":\"getNumberOfAccounts\",\"outputs\":[{\"name\":\"\",\"type\":\"uint256\"}],\"payable\":false,\"stateMutability\":\"view\",\"type\":\"function\"},{\"constant\":true,\"inputs\":[{\"name\":\"_account\",\"type\":\"address\"},{\"name\":\"_orgId\",\"type\":\"string\"}],\"name\":\"validateAccount\",\"outputs\":[{\"name\":\"\",\"type\":\"bool\"}],\"payable\":false,\"stateMutability\":\"view\",\"type\":\"function\"},{\"constant\":true,\"inputs\":[{\"name\":\"_account\",\"type\":\"address\"}],\"name\":\"getAccountRole\",\"outputs\":[{\"name\":\"\",\"type\":\"string\"}],\"payable\":false,\"stateMutability\":\"view\",\"type\":\"function\"},{\"constant\":false,\"inputs\":[{\"name\":\"_orgId\",\"type\":\"string\"},{\"name\":\"_account\",\"type\":\"address\"},{\"name\":\"_status\",\"type\":\"uint256\"}],\"name\":\"updateAccountStatus\",\"outputs\":[],\"payable\":false,\"stateMutability\":\"nonpayable\",\"type\":\"function\"},{\"constant\":true,\"inputs\":[{\"name\":\"_orgId\",\"type\":\"string\"}],\"name\":\"orgAdminExists\",\"outputs\":[{\"name\":\"\",\"type\":\"bool\"}],\"payable\":false,\"stateMutability\":\"view\",\"type\":\"function\"},{\"constant\":true,\"inputs\":[{\"name\":\"_aIndex\",\"type\":\"uint256\"}],\"name\":\"getAccountDetailsFromIndex\",\"outputs\":[{\"name\":\"\",\"type\":\"address\"},{\"name\":\"\",\"type\":\"string\"},{\"name\":\"\",\"type\":\"string\"},{\"name\":\"\",\"type\":\"uint256\"},{\"name\":\"\",\"type\":\"bool\"}],\"payable\":false,\"stateMutability\":\"view\",\"type\":\"function\"},{\"constant\":false,\"inputs\":[{\"name\":\"_orgId\",\"type\":\"string\"},{\"name\":\"_account\",\"type\":\"address\"}],\"name\":\"addNewAdmin\",\"outputs\":[{\"name\":\"voterUpdate\",\"type\":\"bool\"}],\"payable\":false,\"stateMutability\":\"nonpayable\",\"type\":\"function\"},{\"constant\":false,\"inputs\":[{\"name\":\"_nwAdminRole\",\"type\":\"string\"},{\"name\":\"_oAdminRole\",\"type\":\"string\"}],\"name\":\"setDefaults\",\"outputs\":[],\"payable\":false,\"stateMutability\":\"nonpayable\",\"type\":\"function\"},{\"constant\":false,\"inputs\":[{\"name\":\"_account\",\"type\":\"address\"},{\"name\":\"_orgId\",\"type\":\"string\"},{\"name\":\"_roleId\",\"type\":\"string\"},{\"name\":\"_status\",\"type\":\"uint256\"}],\"name\":\"assignAdminRole\",\"outputs\":[],\"payable\":false,\"stateMutability\":\"nonpayable\",\"type\":\"function\"},{\"constant\":true,\"inputs\":[{\"name\":\"_account\",\"type\":\"address\"},{\"name\":\"_orgId\",\"type\":\"string\"},{\"name\":\"_ultParent\",\"type\":\"string\"}],\"name\":\"checkOrgAdmin\",\"outputs\":[{\"name\":\"\",\"type\":\"bool\"}],\"payable\":false,\"stateMutability\":\"view\",\"type\":\"function\"},{\"inputs\":[{\"name\":\"_permUpgradable\",\"type\":\"address\"}],\"payable\":false,\"stateMutability\":\"nonpayable\",\"type\":\"constructor\"},{\"anonymous\":false,\"inputs\":[{\"indexed\":false,\"name\":\"_account\",\"type\":\"address\"},{\"indexed\":false,\"name\":\"_orgId\",\"type\":\"string\"},{\"indexed\":false,\"name\":\"_roleId\",\"type\":\"string\"},{\"indexed\":false,\"name\":\"_orgAdmin\",\"type\":\"bool\"},{\"indexed\":false,\"name\":\"_status\",\"type\":\"uint256\"}],\"name\":\"AccountAccessModified\",\"type\":\"event\"},{\"anonymous\":false,\"inputs\":[{\"indexed\":false,\"name\":\"_account\",\"type\":\"address\"},{\"indexed\":false,\"name\":\"_orgId\",\"type\":\"string\"},{\"indexed\":false,\"name\":\"_roleId\",\"type\":\"string\"},{\"indexed\":false,\"name\":\"_orgAdmin\",\"type\":\"bool\"}],\"name\":\"AccountAccessRevoked\",\"type\":\"event\"},{\"anonymous\":false,\"inputs\":[{\"indexed\":false,\"name\":\"_account\",\"type\":\"address\"},{\"indexed\":false,\"name\":\"_orgId\",\"type\":\"string\"},{\"indexed\":false,\"name\":\"_status\",\"type\":\"uint256\"}],\"name\":\"AccountStatusChanged\",\"type\":\"event\"}]" const AcctManagerABI = "[{\"constant\":false,\"inputs\":[{\"name\":\"_account\",\"type\":\"address\"},{\"name\":\"_orgId\",\"type\":\"string\"},{\"name\":\"_roleId\",\"type\":\"string\"},{\"name\":\"_adminRole\",\"type\":\"bool\"}],\"name\":\"assignAccountRole\",\"outputs\":[],\"payable\":false,\"stateMutability\":\"nonpayable\",\"type\":\"function\"},{\"constant\":false,\"inputs\":[{\"name\":\"_orgId\",\"type\":\"string\"}],\"name\":\"removeExistingAdmin\",\"outputs\":[{\"name\":\"voterUpdate\",\"type\":\"bool\"},{\"name\":\"account\",\"type\":\"address\"}],\"payable\":false,\"stateMutability\":\"nonpayable\",\"type\":\"function\"},{\"constant\":true,\"inputs\":[{\"name\":\"_account\",\"type\":\"address\"}],\"name\":\"getAccountDetails\",\"outputs\":[{\"name\":\"\",\"type\":\"address\"},{\"name\":\"\",\"type\":\"string\"},{\"name\":\"\",\"type\":\"string\"},{\"name\":\"\",\"type\":\"uint256\"},{\"name\":\"\",\"type\":\"bool\"}],\"payable\":false,\"stateMutability\":\"view\",\"type\":\"function\"},{\"constant\":true,\"inputs\":[],\"name\":\"getNumberOfAccounts\",\"outputs\":[{\"name\":\"\",\"type\":\"uint256\"}],\"payable\":false,\"stateMutability\":\"view\",\"type\":\"function\"},{\"constant\":true,\"inputs\":[{\"name\":\"_account\",\"type\":\"address\"},{\"name\":\"_orgId\",\"type\":\"string\"}],\"name\":\"validateAccount\",\"outputs\":[{\"name\":\"\",\"type\":\"bool\"}],\"payable\":false,\"stateMutability\":\"view\",\"type\":\"function\"},{\"constant\":true,\"inputs\":[{\"name\":\"_account\",\"type\":\"address\"}],\"name\":\"getAccountRole\",\"outputs\":[{\"name\":\"\",\"type\":\"string\"}],\"payable\":false,\"stateMutability\":\"view\",\"type\":\"function\"},{\"constant\":false,\"inputs\":[{\"name\":\"_orgId\",\"type\":\"string\"},{\"name\":\"_account\",\"type\":\"address\"},{\"name\":\"_action\",\"type\":\"uint256\"}],\"name\":\"updateAccountStatus\",\"outputs\":[],\"payable\":false,\"stateMutability\":\"nonpayable\",\"type\":\"function\"},{\"constant\":true,\"inputs\":[{\"name\":\"_orgId\",\"type\":\"string\"}],\"name\":\"orgAdminExists\",\"outputs\":[{\"name\":\"\",\"type\":\"bool\"}],\"payable\":false,\"stateMutability\":\"view\",\"type\":\"function\"},{\"constant\":true,\"inputs\":[{\"name\":\"_aIndex\",\"type\":\"uint256\"}],\"name\":\"getAccountDetailsFromIndex\",\"outputs\":[{\"name\":\"\",\"type\":\"address\"},{\"name\":\"\",\"type\":\"string\"},{\"name\":\"\",\"type\":\"string\"},{\"name\":\"\",\"type\":\"uint256\"},{\"name\":\"\",\"type\":\"bool\"}],\"payable\":false,\"stateMutability\":\"view\",\"type\":\"function\"},{\"constant\":false,\"inputs\":[{\"name\":\"_orgId\",\"type\":\"string\"},{\"name\":\"_account\",\"type\":\"address\"}],\"name\":\"addNewAdmin\",\"outputs\":[{\"name\":\"voterUpdate\",\"type\":\"bool\"}],\"payable\":false,\"stateMutability\":\"nonpayable\",\"type\":\"function\"},{\"constant\":false,\"inputs\":[{\"name\":\"_nwAdminRole\",\"type\":\"string\"},{\"name\":\"_oAdminRole\",\"type\":\"string\"}],\"name\":\"setDefaults\",\"outputs\":[],\"payable\":false,\"stateMutability\":\"nonpayable\",\"type\":\"function\"},{\"constant\":false,\"inputs\":[{\"name\":\"_account\",\"type\":\"address\"},{\"name\":\"_orgId\",\"type\":\"string\"},{\"name\":\"_roleId\",\"type\":\"string\"},{\"name\":\"_status\",\"type\":\"uint256\"}],\"name\":\"assignAdminRole\",\"outputs\":[],\"payable\":false,\"stateMutability\":\"nonpayable\",\"type\":\"function\"},{\"constant\":true,\"inputs\":[{\"name\":\"_account\",\"type\":\"address\"},{\"name\":\"_orgId\",\"type\":\"string\"},{\"name\":\"_ultParent\",\"type\":\"string\"}],\"name\":\"checkOrgAdmin\",\"outputs\":[{\"name\":\"\",\"type\":\"bool\"}],\"payable\":false,\"stateMutability\":\"view\",\"type\":\"function\"},{\"inputs\":[{\"name\":\"_permUpgradable\",\"type\":\"address\"}],\"payable\":false,\"stateMutability\":\"nonpayable\",\"type\":\"constructor\"},{\"anonymous\":false,\"inputs\":[{\"indexed\":false,\"name\":\"_account\",\"type\":\"address\"},{\"indexed\":false,\"name\":\"_orgId\",\"type\":\"string\"},{\"indexed\":false,\"name\":\"_roleId\",\"type\":\"string\"},{\"indexed\":false,\"name\":\"_orgAdmin\",\"type\":\"bool\"},{\"indexed\":false,\"name\":\"_status\",\"type\":\"uint256\"}],\"name\":\"AccountAccessModified\",\"type\":\"event\"},{\"anonymous\":false,\"inputs\":[{\"indexed\":false,\"name\":\"_account\",\"type\":\"address\"},{\"indexed\":false,\"name\":\"_orgId\",\"type\":\"string\"},{\"indexed\":false,\"name\":\"_roleId\",\"type\":\"string\"},{\"indexed\":false,\"name\":\"_orgAdmin\",\"type\":\"bool\"}],\"name\":\"AccountAccessRevoked\",\"type\":\"event\"},{\"anonymous\":false,\"inputs\":[{\"indexed\":false,\"name\":\"_account\",\"type\":\"address\"},{\"indexed\":false,\"name\":\"_orgId\",\"type\":\"string\"},{\"indexed\":false,\"name\":\"_status\",\"type\":\"uint256\"}],\"name\":\"AccountStatusChanged\",\"type\":\"event\"}]"
// AcctManager is an auto generated Go binding around an Ethereum contract. // AcctManager is an auto generated Go binding around an Ethereum contract.
type AcctManager struct { type AcctManager struct {
@ -481,23 +481,23 @@ func (_AcctManager *AcctManagerTransactorSession) SetDefaults(_nwAdminRole strin
// UpdateAccountStatus is a paid mutator transaction binding the contract method 0x84b7a84a. // UpdateAccountStatus is a paid mutator transaction binding the contract method 0x84b7a84a.
// //
// Solidity: function updateAccountStatus(_orgId string, _account address, _status uint256) returns() // Solidity: function updateAccountStatus(_orgId string, _account address, _action uint256) returns()
func (_AcctManager *AcctManagerTransactor) UpdateAccountStatus(opts *bind.TransactOpts, _orgId string, _account common.Address, _status *big.Int) (*types.Transaction, error) { func (_AcctManager *AcctManagerTransactor) UpdateAccountStatus(opts *bind.TransactOpts, _orgId string, _account common.Address, _action *big.Int) (*types.Transaction, error) {
return _AcctManager.contract.Transact(opts, "updateAccountStatus", _orgId, _account, _status) return _AcctManager.contract.Transact(opts, "updateAccountStatus", _orgId, _account, _action)
} }
// UpdateAccountStatus is a paid mutator transaction binding the contract method 0x84b7a84a. // UpdateAccountStatus is a paid mutator transaction binding the contract method 0x84b7a84a.
// //
// Solidity: function updateAccountStatus(_orgId string, _account address, _status uint256) returns() // Solidity: function updateAccountStatus(_orgId string, _account address, _action uint256) returns()
func (_AcctManager *AcctManagerSession) UpdateAccountStatus(_orgId string, _account common.Address, _status *big.Int) (*types.Transaction, error) { func (_AcctManager *AcctManagerSession) UpdateAccountStatus(_orgId string, _account common.Address, _action *big.Int) (*types.Transaction, error) {
return _AcctManager.Contract.UpdateAccountStatus(&_AcctManager.TransactOpts, _orgId, _account, _status) return _AcctManager.Contract.UpdateAccountStatus(&_AcctManager.TransactOpts, _orgId, _account, _action)
} }
// UpdateAccountStatus is a paid mutator transaction binding the contract method 0x84b7a84a. // UpdateAccountStatus is a paid mutator transaction binding the contract method 0x84b7a84a.
// //
// Solidity: function updateAccountStatus(_orgId string, _account address, _status uint256) returns() // Solidity: function updateAccountStatus(_orgId string, _account address, _action uint256) returns()
func (_AcctManager *AcctManagerTransactorSession) UpdateAccountStatus(_orgId string, _account common.Address, _status *big.Int) (*types.Transaction, error) { func (_AcctManager *AcctManagerTransactorSession) UpdateAccountStatus(_orgId string, _account common.Address, _action *big.Int) (*types.Transaction, error) {
return _AcctManager.Contract.UpdateAccountStatus(&_AcctManager.TransactOpts, _orgId, _account, _status) return _AcctManager.Contract.UpdateAccountStatus(&_AcctManager.TransactOpts, _orgId, _account, _action)
} }
// AcctManagerAccountAccessModifiedIterator is returned from FilterAccountAccessModified and is used to iterate over the raw logs and unpacked data for AccountAccessModified events raised by the AcctManager contract. // AcctManagerAccountAccessModifiedIterator is returned from FilterAccountAccessModified and is used to iterate over the raw logs and unpacked data for AccountAccessModified events raised by the AcctManager contract.

20
permission/bind/permission_impl.go
View File

File diff suppressed because one or more lines are too long

20
permission/bind/permission_interface.go
View File

File diff suppressed because one or more lines are too long

35
permission/contract/AccountManager.sol
View File

@ -47,7 +47,6 @@ contract AccountManager {
/// @param _account - account id /// @param _account - account id
modifier accountExists(string memory _orgId, address _account){ modifier accountExists(string memory _orgId, address _account){
require((accountIndex[_account]) != 0, "account does not exists"); require((accountIndex[_account]) != 0, "account does not exists");
// if account exists it should belong to the same orgAdminIndex
require(keccak256(abi.encode(accountAccessList[_getAccountIndex(_account)].orgId)) == keccak256(abi.encode(_orgId)), "account in different org"); require(keccak256(abi.encode(accountAccessList[_getAccountIndex(_account)].orgId)) == keccak256(abi.encode(_orgId)), "account in different org");
_; _;
} }
@ -113,7 +112,8 @@ contract AccountManager {
function assignAdminRole(address _account, string calldata _orgId, function assignAdminRole(address _account, string calldata _orgId,
string calldata _roleId, uint _status) external onlyImplementation { string calldata _roleId, uint _status) external onlyImplementation {
require(((keccak256(abi.encode(_roleId)) == keccak256(abi.encode(orgAdminRole))) || require(((keccak256(abi.encode(_roleId)) == keccak256(abi.encode(orgAdminRole))) ||
(keccak256(abi.encode(_roleId)) == keccak256(abi.encode(adminRole)))), "can be called to assign admin roles only"); (keccak256(abi.encode(_roleId)) == keccak256(abi.encode(adminRole)))),
"can be called to assign admin roles only");
_setAccountRole(_account, _orgId, _roleId, _status, true); _setAccountRole(_account, _orgId, _roleId, _status, true);
@ -182,34 +182,34 @@ contract AccountManager {
/// @notice updates the account status to the passed status value /// @notice updates the account status to the passed status value
/// @param _orgId - org id /// @param _orgId - org id
/// @param _account - account id /// @param _account - account id
/// @param _status - new status of the account /// @param _action - new status of the account
function updateAccountStatus(string calldata _orgId, address _account, uint _status) external function updateAccountStatus(string calldata _orgId, address _account, uint _action) external
onlyImplementation onlyImplementation
accountExists(_orgId, _account) { accountExists(_orgId, _account) {
// operations that can be done 1-Suspend account, 2-Unsuspend Account, 3-Blacklist account // operations that can be done 1-Suspend account, 2-Unsuspend Account, 3-Blacklist account
require((_status == 1 || _status == 2 || _status == 3), "invalid status change request"); require((_action == 1 || _action == 2 || _action == 3), "invalid status change request");
// check if the account is org admin. if yes then do not allow any status change // check if the account is org admin. if yes then do not allow any status change
require(checkOrgAdmin(_account, _orgId, "") != true, "org admin account status change cannot be done"); require(checkOrgAdmin(_account, _orgId, "") != true, "status change not possible for org admin accounts");
uint newStat; uint newStatus;
if (_status == 1) { if (_action == 1) {
// account current status should be active // for suspending an account current status should be active
require(accountAccessList[_getAccountIndex(_account)].status == 2, require(accountAccessList[_getAccountIndex(_account)].status == 2,
"account is not in active status. operation cannot be done"); "account is not in active status. operation cannot be done");
newStat = 4; newStatus = 4;
} }
else if (_status == 2) { else if (_action == 2) {
// account current status should be suspended // for reactivating a suspended account, current status should be suspended
require(accountAccessList[_getAccountIndex(_account)].status == 4, require(accountAccessList[_getAccountIndex(_account)].status == 4,
"account is not in suspended status. operation cannot be done"); "account is not in suspended status. operation cannot be done");
newStat = 2; newStatus = 2;
} }
else if (_status == 3) { else if (_action == 3) {
require(accountAccessList[_getAccountIndex(_account)].status != 5, require(accountAccessList[_getAccountIndex(_account)].status != 5,
"account is already blacklisted. operation cannot be done"); "account is already blacklisted. operation cannot be done");
newStat = 5; newStatus = 5;
} }
accountAccessList[_getAccountIndex(_account)].status = newStat; accountAccessList[_getAccountIndex(_account)].status = newStatus;
emit AccountStatusChanged(_account, _orgId, newStat); emit AccountStatusChanged(_account, _orgId, newStatus);
} }
/// @notice checks if the passed account exists and if exists does it /// @notice checks if the passed account exists and if exists does it
@ -223,7 +223,6 @@ contract AccountManager {
if (accountIndex[_account] == 0) { if (accountIndex[_account] == 0) {
return true; return true;
} }
// check if the acount is part of this org else return false
uint id = _getAccountIndex(_account); uint id = _getAccountIndex(_account);
return (keccak256(abi.encode(accountAccessList[id].orgId)) == keccak256(abi.encode(_orgId))); return (keccak256(abi.encode(accountAccessList[id].orgId)) == keccak256(abi.encode(_orgId)));
} }

10
permission/contract/NodeManager.sol
View File

@ -7,6 +7,7 @@ import "./PermissionsUpgradable.sol";
/// @notice contract only. there are few view functions exposed as public and /// @notice contract only. there are few view functions exposed as public and
/// @notice can be called directly. these are invoked by quorum for populating /// @notice can be called directly. these are invoked by quorum for populating
/// @notice permissions data in cache /// @notice permissions data in cache
contract NodeManager { contract NodeManager {
PermissionsUpgradable private permUpgradable; PermissionsUpgradable private permUpgradable;
struct NodeDetails { struct NodeDetails {
@ -17,9 +18,9 @@ contract NodeManager {
// use an array to store node details // use an array to store node details
// if we want to list all node one day, mapping is not capable // if we want to list all node one day, mapping is not capable
NodeDetails[] private nodeList; NodeDetails[] private nodeList;
// use a mapping of enodeid to array index to track node // mapping of enodeid to array index to track node
mapping(bytes32 => uint) private nodeIdToIndex; mapping(bytes32 => uint) private nodeIdToIndex;
// keep track of node number // tracking total number of nodes in network
uint private numberOfNodes; uint private numberOfNodes;
@ -140,7 +141,6 @@ contract NodeManager {
require(_checkOrg(_enodeId, _orgId), "enode id does not belong to the passed org id"); require(_checkOrg(_enodeId, _orgId), "enode id does not belong to the passed org id");
require(_getNodeStatus(_enodeId) == 1, "nothing pending for approval"); require(_getNodeStatus(_enodeId) == 1, "nothing pending for approval");
uint nodeIndex = _getNodeIndex(_enodeId); uint nodeIndex = _getNodeIndex(_enodeId);
// vote node
nodeList[nodeIndex].status = 2; nodeList[nodeIndex].status = 2;
emit NodeApproved(nodeList[nodeIndex].enodeId, nodeList[nodeIndex].orgId); emit NodeApproved(nodeList[nodeIndex].enodeId, nodeList[nodeIndex].orgId);
} }
@ -155,10 +155,6 @@ contract NodeManager {
enodeExists(_enodeId) { enodeExists(_enodeId) {
// node should belong to the org // node should belong to the org
require(_checkOrg(_enodeId, _orgId), "enode id does not belong to the passed org"); require(_checkOrg(_enodeId, _orgId), "enode id does not belong to the passed org");
// changing node status to integer (0-NotInList, 1- PendingApproval,
// 2-Approved, 3-Deactivated, 4-Blacklisted)
// operations that can be done 3-Deactivate Node,
// 4-ActivateNode, 5-Blacklist nodeList
require((_action == 1 || _action == 2 || _action == 3), require((_action == 1 || _action == 2 || _action == 3),
"invalid operation. wrong action passed"); "invalid operation. wrong action passed");

2
permission/contract/OrgManager.sol
View File

@ -7,6 +7,8 @@ import "./PermissionsUpgradable.sol";
/// @notice contract only. there are few view functions exposed as public and /// @notice contract only. there are few view functions exposed as public and
/// @notice can be called directly. these are invoked by quorum for populating /// @notice can be called directly. these are invoked by quorum for populating
/// @notice permissions data in cache /// @notice permissions data in cache
/// @dev possible values of org status are - 0- NotInList, 1- Proposed,
/// @dev 2- Approved, 3- PendingSuspension, 4- Suspended, 5- RevokeSuspension
contract OrgManager { contract OrgManager {
string private adminOrgId; string private adminOrgId;
PermissionsUpgradable private permUpgradable; PermissionsUpgradable private permUpgradable;

8
permission/contract/PermissionsImplementation.sol
View File

@ -342,11 +342,11 @@ contract PermissionsImplementation {
/// @notice account only. /// @notice account only.
/// @param _orgId unique id of the organization to which the account belongs /// @param _orgId unique id of the organization to which the account belongs
/// @param _account account id /// @param _account account id
/// @param _status 1-suspending 2-activating back 3-blacklisting /// @param _action 1-suspend 2-activate back 3-blacklist
function updateAccountStatus(string calldata _orgId, address _account, function updateAccountStatus(string calldata _orgId, address _account,
uint _status, address _caller) external onlyInterface uint _action, address _caller) external onlyInterface
orgAdmin(_caller, _orgId) { orgAdmin(_caller, _orgId) {
accounts.updateAccountStatus(_orgId, _account, _status); accounts.updateAccountStatus(_orgId, _account, _action);
} }
// Node related functions // Node related functions
@ -397,7 +397,7 @@ contract PermissionsImplementation {
onlyInterface onlyInterface
orgAdmin(_caller, _orgId) orgAdmin(_caller, _orgId)
orgApproved(_orgId) { orgApproved(_orgId) {
require(validateAccount(_account, _orgId) == true, "Operation cannot be performed"); require(validateAccount(_account, _orgId) == true, "operation cannot be performed");
require(_roleExists(_roleId, _orgId) == true, "role does not exists"); require(_roleExists(_roleId, _orgId) == true, "role does not exists");
bool admin = roles.isAdminRole(_roleId, _orgId, _getUltimateParent(_orgId)); bool admin = roles.isAdminRole(_roleId, _orgId, _getUltimateParent(_orgId));
accounts.assignAccountRole(_account, _orgId, _roleId, admin); accounts.assignAccountRole(_account, _orgId, _roleId, admin);

6
permission/contract/PermissionsInterface.sol
View File

@ -149,10 +149,10 @@ contract PermissionsInterface {
/// @notice this can be executed by org admin accounts only /// @notice this can be executed by org admin accounts only
/// @param _orgId unique id of the organization to which the account belongs /// @param _orgId unique id of the organization to which the account belongs
/// @param _account account id /// @param _account account id
/// @param _status 1-suspending 2-activating back 3-blacklisting /// @param _action 1-suspending 2-activating back 3-blacklisting
function updateAccountStatus(string calldata _orgId, address _account, function updateAccountStatus(string calldata _orgId, address _account,
uint _status) external { uint _action) external {
permImplementation.updateAccountStatus(_orgId, _account, _status, msg.sender); permImplementation.updateAccountStatus(_orgId, _account, _action, msg.sender);
} }
/// @notice interface to add a new node to the organization /// @notice interface to add a new node to the organization

3
permission/contract/PermissionsUpgradable.sol
View File

@ -12,6 +12,7 @@ contract PermissionsUpgradable {
address private guardian; address private guardian;
address private permImpl; address private permImpl;
address private permInterface; address private permInterface;
// initDone ensures that init can be called only once
bool private initDone; bool private initDone;
/// @notice constructor /// @notice constructor
@ -65,7 +66,7 @@ contract PermissionsUpgradable {
return permImpl; return permImpl;
} }
/// @notice function to fetch the interface address /// @notice function to fetch the interface address
/// @return defpermissions interface contract address /// @return permissions interface contract address
function getPermInterface() public view returns (address) { function getPermInterface() public view returns (address) {
return permInterface; return permInterface;
} }

12
permission/contract/VoterManager.sol
View File

@ -92,7 +92,7 @@ contract VoterManager {
} }
else { else {
uint id = _getVoterOrgIndex(_orgId); uint id = _getVoterOrgIndex(_orgId);
// check of the voter already present in the list // check if the voter is already present in the list
if (orgVoterList[id].voterIndex[_vAccount] == 0) { if (orgVoterList[id].voterIndex[_vAccount] == 0) {
orgVoterList[id].voterCount++; orgVoterList[id].voterCount++;
orgVoterList[id].voterIndex[_vAccount] = orgVoterList[id].voterCount; orgVoterList[id].voterIndex[_vAccount] = orgVoterList[id].voterCount;
@ -126,7 +126,7 @@ contract VoterManager {
} }
/// @notice function to a voting item for network admin accounts to vote /// @notice function to a voting item for network admin accounts to vote
/// @param _authOrg org id of the authirizing org. it will be network admin org /// @param _authOrg org id of the authorizing org. it will be network admin org
/// @param _orgId - org id for which the voting record is being created /// @param _orgId - org id for which the voting record is being created
/// @param _enodeId - enode id for which the voting record is being created /// @param _enodeId - enode id for which the voting record is being created
/// @param _account - account id for which the voting record is being created /// @param _account - account id for which the voting record is being created
@ -137,7 +137,7 @@ contract VoterManager {
// check if anything is pending approval for the org. // check if anything is pending approval for the org.
// If yes another item cannot be added // If yes another item cannot be added
require((_checkPendingOp(_authOrg, 0)), require((_checkPendingOp(_authOrg, 0)),
"items pending approval. new item cannot be added"); "items pending for approval. new item cannot be added");
uint id = _getVoterOrgIndex(_authOrg); uint id = _getVoterOrgIndex(_authOrg);
orgVoterList[id].pendingOp.orgId = _orgId; orgVoterList[id].pendingOp.orgId = _orgId;
orgVoterList[id].pendingOp.enodeId = _enodeId; orgVoterList[id].pendingOp.enodeId = _enodeId;
@ -162,10 +162,10 @@ contract VoterManager {
/// @return success of the voter process. either true or false /// @return success of the voter process. either true or false
function processVote(string calldata _authOrg, address _vAccount, uint _pendingOp) function processVote(string calldata _authOrg, address _vAccount, uint _pendingOp)
external onlyImplementation voterExists(_authOrg, _vAccount) returns (bool) { external onlyImplementation voterExists(_authOrg, _vAccount) returns (bool) {
// check something is pending approval // check something if anything is pending approval
require(_checkPendingOp(_authOrg, _pendingOp) == true, "nothing to approve"); require(_checkPendingOp(_authOrg, _pendingOp) == true, "nothing to approve");
uint id = _getVoterOrgIndex(_authOrg); uint id = _getVoterOrgIndex(_authOrg);
// check if vote already processed // check if vote is already processed
require(orgVoterList[id].votingStatus[id][_vAccount] != true, "cannot double vote"); require(orgVoterList[id].votingStatus[id][_vAccount] != true, "cannot double vote");
orgVoterList[id].voteCount++; orgVoterList[id].voteCount++;
orgVoterList[id].votingStatus[id][_vAccount] = true; orgVoterList[id].votingStatus[id][_vAccount] = true;
@ -181,7 +181,7 @@ contract VoterManager {
return false; return false;
} }
/// @notice returns the details of any pending oepration to be approved /// @notice returns the details of any pending operation to be approved
/// @param _orgId org id. this will be the org id of network admin org /// @param _orgId org id. this will be the org id of network admin org
function getPendingOpDetails(string calldata _orgId) external view function getPendingOpDetails(string calldata _orgId) external view
onlyImplementation returns (string memory, string memory, address, uint){ onlyImplementation returns (string memory, string memory, address, uint){

2
permission/contract/abi/AccountManager.abi
View File

@ -1 +1 @@
[{"constant":false,"inputs":[{"name":"_account","type":"address"},{"name":"_orgId","type":"string"},{"name":"_roleId","type":"string"},{"name":"_adminRole","type":"bool"}],"name":"assignAccountRole","outputs":[],"payable":false,"stateMutability":"nonpayable","type":"function"},{"constant":false,"inputs":[{"name":"_orgId","type":"string"}],"name":"removeExistingAdmin","outputs":[{"name":"voterUpdate","type":"bool"},{"name":"account","type":"address"}],"payable":false,"stateMutability":"nonpayable","type":"function"},{"constant":true,"inputs":[{"name":"_account","type":"address"}],"name":"getAccountDetails","outputs":[{"name":"","type":"address"},{"name":"","type":"string"},{"name":"","type":"string"},{"name":"","type":"uint256"},{"name":"","type":"bool"}],"payable":false,"stateMutability":"view","type":"function"},{"constant":true,"inputs":[],"name":"getNumberOfAccounts","outputs":[{"name":"","type":"uint256"}],"payable":false,"stateMutability":"view","type":"function"},{"constant":true,"inputs":[{"name":"_account","type":"address"},{"name":"_orgId","type":"string"}],"name":"validateAccount","outputs":[{"name":"","type":"bool"}],"payable":false,"stateMutability":"view","type":"function"},{"constant":true,"inputs":[{"name":"_account","type":"address"}],"name":"getAccountRole","outputs":[{"name":"","type":"string"}],"payable":false,"stateMutability":"view","type":"function"},{"constant":false,"inputs":[{"name":"_orgId","type":"string"},{"name":"_account","type":"address"},{"name":"_status","type":"uint256"}],"name":"updateAccountStatus","outputs":[],"payable":false,"stateMutability":"nonpayable","type":"function"},{"constant":true,"inputs":[{"name":"_orgId","type":"string"}],"name":"orgAdminExists","outputs":[{"name":"","type":"bool"}],"payable":false,"stateMutability":"view","type":"function"},{"constant":true,"inputs":[{"name":"_aIndex","type":"uint256"}],"name":"getAccountDetailsFromIndex","outputs":[{"name":"","type":"address"},{"name":"","type":"string"},{"name":"","type":"string"},{"name":"","type":"uint256"},{"name":"","type":"bool"}],"payable":false,"stateMutability":"view","type":"function"},{"constant":false,"inputs":[{"name":"_orgId","type":"string"},{"name":"_account","type":"address"}],"name":"addNewAdmin","outputs":[{"name":"voterUpdate","type":"bool"}],"payable":false,"stateMutability":"nonpayable","type":"function"},{"constant":false,"inputs":[{"name":"_nwAdminRole","type":"string"},{"name":"_oAdminRole","type":"string"}],"name":"setDefaults","outputs":[],"payable":false,"stateMutability":"nonpayable","type":"function"},{"constant":false,"inputs":[{"name":"_account","type":"address"},{"name":"_orgId","type":"string"},{"name":"_roleId","type":"string"},{"name":"_status","type":"uint256"}],"name":"assignAdminRole","outputs":[],"payable":false,"stateMutability":"nonpayable","type":"function"},{"constant":true,"inputs":[{"name":"_account","type":"address"},{"name":"_orgId","type":"string"},{"name":"_ultParent","type":"string"}],"name":"checkOrgAdmin","outputs":[{"name":"","type":"bool"}],"payable":false,"stateMutability":"view","type":"function"},{"inputs":[{"name":"_permUpgradable","type":"address"}],"payable":false,"stateMutability":"nonpayable","type":"constructor"},{"anonymous":false,"inputs":[{"indexed":false,"name":"_account","type":"address"},{"indexed":false,"name":"_orgId","type":"string"},{"indexed":false,"name":"_roleId","type":"string"},{"indexed":false,"name":"_orgAdmin","type":"bool"},{"indexed":false,"name":"_status","type":"uint256"}],"name":"AccountAccessModified","type":"event"},{"anonymous":false,"inputs":[{"indexed":false,"name":"_account","type":"address"},{"indexed":false,"name":"_orgId","type":"string"},{"indexed":false,"name":"_roleId","type":"string"},{"indexed":false,"name":"_orgAdmin","type":"bool"}],"name":"AccountAccessRevoked","type":"event"},{"anonymous":false,"inputs":[{"indexed":false,"name":"_account","type":"address"},{"indexed":false,"name":"_orgId","type":"string"},{"indexed":false,"name":"_status","type":"uint256"}],"name":"AccountStatusChanged","type":"event"}] [{"constant":false,"inputs":[{"name":"_account","type":"address"},{"name":"_orgId","type":"string"},{"name":"_roleId","type":"string"},{"name":"_adminRole","type":"bool"}],"name":"assignAccountRole","outputs":[],"payable":false,"stateMutability":"nonpayable","type":"function"},{"constant":false,"inputs":[{"name":"_orgId","type":"string"}],"name":"removeExistingAdmin","outputs":[{"name":"voterUpdate","type":"bool"},{"name":"account","type":"address"}],"payable":false,"stateMutability":"nonpayable","type":"function"},{"constant":true,"inputs":[{"name":"_account","type":"address"}],"name":"getAccountDetails","outputs":[{"name":"","type":"address"},{"name":"","type":"string"},{"name":"","type":"string"},{"name":"","type":"uint256"},{"name":"","type":"bool"}],"payable":false,"stateMutability":"view","type":"function"},{"constant":true,"inputs":[],"name":"getNumberOfAccounts","outputs":[{"name":"","type":"uint256"}],"payable":false,"stateMutability":"view","type":"function"},{"constant":true,"inputs":[{"name":"_account","type":"address"},{"name":"_orgId","type":"string"}],"name":"validateAccount","outputs":[{"name":"","type":"bool"}],"payable":false,"stateMutability":"view","type":"function"},{"constant":true,"inputs":[{"name":"_account","type":"address"}],"name":"getAccountRole","outputs":[{"name":"","type":"string"}],"payable":false,"stateMutability":"view","type":"function"},{"constant":false,"inputs":[{"name":"_orgId","type":"string"},{"name":"_account","type":"address"},{"name":"_action","type":"uint256"}],"name":"updateAccountStatus","outputs":[],"payable":false,"stateMutability":"nonpayable","type":"function"},{"constant":true,"inputs":[{"name":"_orgId","type":"string"}],"name":"orgAdminExists","outputs":[{"name":"","type":"bool"}],"payable":false,"stateMutability":"view","type":"function"},{"constant":true,"inputs":[{"name":"_aIndex","type":"uint256"}],"name":"getAccountDetailsFromIndex","outputs":[{"name":"","type":"address"},{"name":"","type":"string"},{"name":"","type":"string"},{"name":"","type":"uint256"},{"name":"","type":"bool"}],"payable":false,"stateMutability":"view","type":"function"},{"constant":false,"inputs":[{"name":"_orgId","type":"string"},{"name":"_account","type":"address"}],"name":"addNewAdmin","outputs":[{"name":"voterUpdate","type":"bool"}],"payable":false,"stateMutability":"nonpayable","type":"function"},{"constant":false,"inputs":[{"name":"_nwAdminRole","type":"string"},{"name":"_oAdminRole","type":"string"}],"name":"setDefaults","outputs":[],"payable":false,"stateMutability":"nonpayable","type":"function"},{"constant":false,"inputs":[{"name":"_account","type":"address"},{"name":"_orgId","type":"string"},{"name":"_roleId","type":"string"},{"name":"_status","type":"uint256"}],"name":"assignAdminRole","outputs":[],"payable":false,"stateMutability":"nonpayable","type":"function"},{"constant":true,"inputs":[{"name":"_account","type":"address"},{"name":"_orgId","type":"string"},{"name":"_ultParent","type":"string"}],"name":"checkOrgAdmin","outputs":[{"name":"","type":"bool"}],"payable":false,"stateMutability":"view","type":"function"},{"inputs":[{"name":"_permUpgradable","type":"address"}],"payable":false,"stateMutability":"nonpayable","type":"constructor"},{"anonymous":false,"inputs":[{"indexed":false,"name":"_account","type":"address"},{"indexed":false,"name":"_orgId","type":"string"},{"indexed":false,"name":"_roleId","type":"string"},{"indexed":false,"name":"_orgAdmin","type":"bool"},{"indexed":false,"name":"_status","type":"uint256"}],"name":"AccountAccessModified","type":"event"},{"anonymous":false,"inputs":[{"indexed":false,"name":"_account","type":"address"},{"indexed":false,"name":"_orgId","type":"string"},{"indexed":false,"name":"_roleId","type":"string"},{"indexed":false,"name":"_orgAdmin","type":"bool"}],"name":"AccountAccessRevoked","type":"event"},{"anonymous":false,"inputs":[{"indexed":false,"name":"_account","type":"address"},{"indexed":false,"name":"_orgId","type":"string"},{"indexed":false,"name":"_status","type":"uint256"}],"name":"AccountStatusChanged","type":"event"}]

2
permission/contract/abi/PermissionsImplementation.abi
View File

File diff suppressed because one or more lines are too long

2
permission/contract/abi/PermissionsInterface.abi
View File

File diff suppressed because one or more lines are too long