mirror of https://github.com/poanetwork/quorum.git
permission: Enabled QIP714Block to allow staggered migration of network for enabling new permissions
This commit is contained in:
parent
afb61f089c
commit
4280bdadac
|
@ -1309,10 +1309,6 @@ func checkAccount(fromAcct common.Address, toAcct *common.Address) error {
|
|||
access := types.GetAcctAccess(fromAcct)
|
||||
|
||||
switch access {
|
||||
case types.FullAccess:
|
||||
case types.ContractDeploy:
|
||||
return nil
|
||||
|
||||
case types.ReadOnly:
|
||||
return errors.New("read only account. cannot transact")
|
||||
|
||||
|
@ -1320,6 +1316,10 @@ func checkAccount(fromAcct common.Address, toAcct *common.Address) error {
|
|||
if toAcct == nil {
|
||||
return errors.New("account does not have contract create permissions")
|
||||
}
|
||||
|
||||
case types.FullAccess, types.ContractDeploy:
|
||||
return nil
|
||||
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
|
|
@ -168,6 +168,7 @@ func NewAcctCache() *AcctCache {
|
|||
var syncStarted = false
|
||||
|
||||
var DefaultAccess = FullAccess
|
||||
var QIP714BlockReached = false
|
||||
var networkAdminRole string
|
||||
var orgAdminRole string
|
||||
|
||||
|
@ -190,10 +191,15 @@ func GetSyncStatus() bool {
|
|||
return syncStarted
|
||||
}
|
||||
|
||||
// sets the default access to Readonly upon QIP714Blokc
|
||||
func SetDefaultAccess(){
|
||||
DefaultAccess = ReadOnly
|
||||
QIP714BlockReached = true
|
||||
}
|
||||
|
||||
// sets default access to readonly and initializes the values for
|
||||
// network admin role and org admin role
|
||||
func SetDefaults(nwRoleId, oaRoleId string) {
|
||||
DefaultAccess = ReadOnly
|
||||
networkAdminRole = nwRoleId
|
||||
orgAdminRole = oaRoleId
|
||||
}
|
||||
|
@ -377,12 +383,12 @@ func GetAcctAccess(acctId common.Address) AccessType {
|
|||
return DefaultAccess
|
||||
}
|
||||
|
||||
func ValidateNodeForTxn(enodeId string, from common.Address) bool {
|
||||
if enodeId == "" {
|
||||
func ValidateNodeForTxn(hexnodeId string, from common.Address) bool {
|
||||
if !QIP714BlockReached || hexnodeId == ""{
|
||||
return true
|
||||
}
|
||||
|
||||
passedEnodeId, err := enode.ParseV4(enodeId)
|
||||
passedEnodeId, err := enode.ParseV4(hexnodeId)
|
||||
if err != nil {
|
||||
return false
|
||||
}
|
||||
|
|
|
@ -132,19 +132,19 @@ var (
|
|||
//
|
||||
// This configuration is intentionally not using keyed fields to force anyone
|
||||
// adding flags to the config to also have to set these fields.
|
||||
AllEthashProtocolChanges = &ChainConfig{big.NewInt(1337), big.NewInt(0), nil, false, big.NewInt(0), common.Hash{}, big.NewInt(0), big.NewInt(0), big.NewInt(0), big.NewInt(0), nil, new(EthashConfig), nil, nil, false, 32, 50}
|
||||
AllEthashProtocolChanges = &ChainConfig{big.NewInt(1337), big.NewInt(0), nil, false, big.NewInt(0), common.Hash{}, big.NewInt(0), big.NewInt(0), big.NewInt(0), big.NewInt(0), nil, new(EthashConfig), nil, nil, false, 32, 50, big.NewInt(0)}
|
||||
|
||||
// AllCliqueProtocolChanges contains every protocol change (EIPs) introduced
|
||||
// and accepted by the Ethereum core developers into the Clique consensus.
|
||||
//
|
||||
// This configuration is intentionally not using keyed fields to force anyone
|
||||
// adding flags to the config to also have to set these fields.
|
||||
AllCliqueProtocolChanges = &ChainConfig{big.NewInt(1337), big.NewInt(0), nil, false, big.NewInt(0), common.Hash{}, big.NewInt(0), big.NewInt(0), big.NewInt(0), big.NewInt(0), nil, nil, &CliqueConfig{Period: 0, Epoch: 30000}, nil, false, 32, 32}
|
||||
AllCliqueProtocolChanges = &ChainConfig{big.NewInt(1337), big.NewInt(0), nil, false, big.NewInt(0), common.Hash{}, big.NewInt(0), big.NewInt(0), big.NewInt(0), big.NewInt(0), nil, nil, &CliqueConfig{Period: 0, Epoch: 30000}, nil, false, 32, 32, big.NewInt(0)}
|
||||
|
||||
TestChainConfig = &ChainConfig{big.NewInt(10), big.NewInt(0), nil, false, big.NewInt(0), common.Hash{}, big.NewInt(0), big.NewInt(0), big.NewInt(0), big.NewInt(0), nil, new(EthashConfig), nil, nil, false, 32, 32}
|
||||
TestChainConfig = &ChainConfig{big.NewInt(10), big.NewInt(0), nil, false, big.NewInt(0), common.Hash{}, big.NewInt(0), big.NewInt(0), big.NewInt(0), big.NewInt(0), nil, new(EthashConfig), nil, nil, false, 32, 32, big.NewInt(0)}
|
||||
TestRules = TestChainConfig.Rules(new(big.Int))
|
||||
|
||||
QuorumTestChainConfig = &ChainConfig{big.NewInt(10), big.NewInt(0), nil, false, nil, common.Hash{}, nil, nil, nil, nil, nil, new(EthashConfig), nil, nil, true, 64, 32}
|
||||
QuorumTestChainConfig = &ChainConfig{big.NewInt(10), big.NewInt(0), nil, false, nil, common.Hash{}, nil, nil, nil, nil, nil, new(EthashConfig), nil, nil, true, 64, 32, big.NewInt(0)}
|
||||
)
|
||||
|
||||
// TrustedCheckpoint represents a set of post-processed trie roots (CHT and
|
||||
|
@ -191,6 +191,10 @@ type ChainConfig struct {
|
|||
IsQuorum bool `json:"isQuorum"`
|
||||
TransactionSizeLimit uint64 `json:"txnSizeLimit"`
|
||||
MaxCodeSize uint64 `json:"maxCodeSize"`
|
||||
// Quorum
|
||||
//
|
||||
// QIP714Block implements the permissions related changes
|
||||
QIP714Block *big.Int `json:"qip714Block,omitempty"`
|
||||
}
|
||||
|
||||
// EthashConfig is the consensus engine configs for proof-of-work based sealing.
|
||||
|
@ -304,6 +308,13 @@ func (c *ChainConfig) IsEWASM(num *big.Int) bool {
|
|||
return isForked(c.EWASMBlock, num)
|
||||
}
|
||||
|
||||
// Quorum
|
||||
//
|
||||
// IsQIP714 returns whether num represents a block number where permissions is enabled
|
||||
func (c *ChainConfig) IsQIP714(num *big.Int) bool {
|
||||
return isForked(c.QIP714Block, num)
|
||||
}
|
||||
|
||||
// GasTable returns the gas table corresponding to the current phase (homestead or homestead reprice).
|
||||
//
|
||||
// The returned GasTable's fields shouldn't, under any circumstances, be changed.
|
||||
|
@ -375,6 +386,9 @@ func (c *ChainConfig) checkCompatible(newcfg *ChainConfig, head *big.Int, isQuor
|
|||
if isForkIncompatible(c.EWASMBlock, newcfg.EWASMBlock, head) {
|
||||
return newCompatError("ewasm fork block", c.EWASMBlock, newcfg.EWASMBlock)
|
||||
}
|
||||
if isForkIncompatible(c.QIP714Block, newcfg.QIP714Block, head) {
|
||||
return newCompatError("permissions fork block", c.QIP714Block, newcfg.QIP714Block)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
|
|
|
@ -4,6 +4,7 @@ import (
|
|||
"crypto/ecdsa"
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"github.com/ethereum/go-ethereum/core"
|
||||
"io/ioutil"
|
||||
"math/big"
|
||||
"os"
|
||||
|
@ -181,6 +182,7 @@ func (p *PermissionCtrl) AfterStart() error {
|
|||
types.SetDefaults(p.permConfig.NwAdminRole, p.permConfig.OrgAdminRole)
|
||||
|
||||
for _, f := range []func() error{
|
||||
p.monitorQIP714Block, // monitor block number to activate new permissions controls
|
||||
p.manageOrgPermissions, // monitor org management related events
|
||||
p.manageNodePermissions, // monitor org level node management events
|
||||
p.manageRolePermissions, // monitor org level role management events
|
||||
|
@ -275,6 +277,37 @@ func (p *PermissionCtrl) Stop() error {
|
|||
return nil
|
||||
}
|
||||
|
||||
// monitors org management related events happening via smart contracts
|
||||
// and updates cache accordingly
|
||||
func (p *PermissionCtrl) monitorQIP714Block() error {
|
||||
// if QIP714block is not given, set the default access
|
||||
// to readonly
|
||||
if p.eth.ChainConfig().QIP714Block == nil {
|
||||
types.SetDefaultAccess()
|
||||
return nil
|
||||
}
|
||||
//QIP714block is given, monitor block count
|
||||
go func() {
|
||||
chainHeadCh := make(chan core.ChainHeadEvent, 1)
|
||||
headSub := p.eth.BlockChain().SubscribeChainHeadEvent(chainHeadCh)
|
||||
defer headSub.Unsubscribe()
|
||||
stopChan, stopSubscription := p.subscribeStopEvent()
|
||||
defer stopSubscription.Unsubscribe()
|
||||
for {
|
||||
select {
|
||||
case head := <-chainHeadCh:
|
||||
if p.eth.ChainConfig().IsQIP714(head.Block.Number()) {
|
||||
types.SetDefaultAccess()
|
||||
return
|
||||
}
|
||||
case <-stopChan:
|
||||
return
|
||||
}
|
||||
}
|
||||
}()
|
||||
return nil
|
||||
}
|
||||
|
||||
// monitors org management related events happening via smart contracts
|
||||
// and updates cache accordingly
|
||||
func (p *PermissionCtrl) manageOrgPermissions() error {
|
||||
|
|
Loading…
Reference in New Issue