poanetwork
/
quorum
mirror of https://github.com/poanetwork/quorum.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

permission: Standardising the rpc response object in line with JSON RPC response struct as per review comments

This commit is contained in:
vsmk98 2019-06-03 11:54:13 +08:00
parent bc91ea034b
commit 44089d1be6
2 changed files with 136 additions and 216 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

153
core/quorum/api.go
View File

@ -108,6 +108,13 @@ type ExecStatus struct {
Msg string `json:"msg"`
}
func (e ExecStatus) OpStatus() (string, error) {
if e.Status {
return e.Msg, nil
}
return "", fmt.Errorf("%s", e.Msg)
}
var (
ErrNotNetworkAdmin = ExecStatus{false, "Operation can be performed by network admin only. Account not a network admin."}
ErrNotOrgAdmin = ExecStatus{false, "Operation can be performed by org admin only. Account not a org admin."}
@ -182,9 +189,9 @@ func (q *QuorumControlsAPI) AcctList() []types.AccountInfo {
return types.AcctInfoMap.GetAcctList()
}
func (q *QuorumControlsAPI) GetOrgDetails(orgId string) types.OrgDetailInfo {
func (q *QuorumControlsAPI) GetOrgDetails(orgId string) (types.OrgDetailInfo, error) {
if o := types.OrgInfoMap.GetOrg(orgId); o == nil {
return types.OrgDetailInfo{}
return types.OrgDetailInfo{}, errors.New("org does not exist")
}
var acctList []types.AccountInfo
var roleList []types.RoleInfo
@ -204,7 +211,7 @@ func (q *QuorumControlsAPI) GetOrgDetails(orgId string) types.OrgDetailInfo {
nodeList = append(nodeList, a)
}
}
return types.OrgDetailInfo{NodeList: nodeList, RoleList: roleList, AcctList: acctList, SubOrgList: types.OrgInfoMap.GetOrg(orgId).SubOrgList}
return types.OrgDetailInfo{NodeList: nodeList, RoleList: roleList, AcctList: acctList, SubOrgList: types.OrgInfoMap.GetOrg(orgId).SubOrgList}, nil
}
func (q *QuorumControlsAPI) initOp(txa ethapi.SendTxArgs) (*pbind.PermInterfaceSession, ExecStatus) {
@ -223,282 +230,282 @@ func (q *QuorumControlsAPI) initOp(txa ethapi.SendTxArgs) (*pbind.PermInterfaceS
return pinterf, ExecSuccess
}
func (q *QuorumControlsAPI) AddOrg(orgId string, url string, acct common.Address, txa ethapi.SendTxArgs) ExecStatus {
func (q *QuorumControlsAPI) AddOrg(orgId string, url string, acct common.Address, txa ethapi.SendTxArgs) (string, error) {
pinterf, execStatus := q.initOp(txa)
if execStatus != ExecSuccess {
return execStatus
return execStatus.OpStatus()
}
args := txArgs{orgId: orgId, url: url, acctId: acct, txa: txa}
if execStatus := q.valAddOrg(args, pinterf); execStatus != ExecSuccess {
return execStatus
return execStatus.OpStatus()
}
tx, err := pinterf.AddOrg(args.orgId, args.url, args.acctId)
if err != nil {
log.Error("Failed to execute permission action", "action", AddOrg, "err", err)
msg := fmt.Sprintf("failed to execute permissions action: %v", err)
return ExecStatus{false, msg}
return ExecStatus{false, msg}.OpStatus()
}
log.Debug("executed permission action", "action", AddOrg, "tx", tx)
return ExecSuccess
return ExecSuccess.OpStatus()
}
func (q *QuorumControlsAPI) AddSubOrg(porgId, orgId string, url string, txa ethapi.SendTxArgs) ExecStatus {
func (q *QuorumControlsAPI) AddSubOrg(porgId, orgId string, url string, txa ethapi.SendTxArgs) (string, error) {
pinterf, execStatus := q.initOp(txa)
if execStatus != ExecSuccess {
return execStatus
return execStatus.OpStatus()
}
args := txArgs{porgId: porgId, orgId: orgId, url: url, txa: txa}
if execStatus := q.valAddSubOrg(args, pinterf); execStatus != ExecSuccess {
return execStatus
return execStatus.OpStatus()
}
tx, err := pinterf.AddSubOrg(args.porgId, args.orgId, args.url)
if err != nil {
log.Error("Failed to execute permission action", "action", AddSubOrg, "err", err)
msg := fmt.Sprintf("failed to execute permissions action: %v", err)
return ExecStatus{false, msg}
return ExecStatus{false, msg}.OpStatus()
}
log.Debug("executed permission action", "action", AddSubOrg, "tx", tx)
return ExecSuccess
return ExecSuccess.OpStatus()
}
func (q *QuorumControlsAPI) ApproveOrg(orgId string, url string, acct common.Address, txa ethapi.SendTxArgs) ExecStatus {
func (q *QuorumControlsAPI) ApproveOrg(orgId string, url string, acct common.Address, txa ethapi.SendTxArgs) (string, error) {
pinterf, execStatus := q.initOp(txa)
if execStatus != ExecSuccess {
return execStatus
return execStatus.OpStatus()
}
args := txArgs{orgId: orgId, url: url, acctId: acct, txa: txa}
if execStatus := q.valApproveOrg(args, pinterf); execStatus != ExecSuccess {
return execStatus
return execStatus.OpStatus()
}
tx, err := pinterf.ApproveOrg(args.orgId, args.url, args.acctId)
if err != nil {
log.Error("Failed to execute permission action", "action", ApproveOrg, "err", err)
msg := fmt.Sprintf("failed to execute permissions action: %v", err)
return ExecStatus{false, msg}
return ExecStatus{false, msg}.OpStatus()
}
log.Debug("executed permission action", "action", ApproveOrg, "tx", tx)
return ExecSuccess
return ExecSuccess.OpStatus()
}
func (q *QuorumControlsAPI) UpdateOrgStatus(orgId string, status uint8, txa ethapi.SendTxArgs) ExecStatus {
func (q *QuorumControlsAPI) UpdateOrgStatus(orgId string, status uint8, txa ethapi.SendTxArgs) (string, error) {
pinterf, execStatus := q.initOp(txa)
if execStatus != ExecSuccess {
return execStatus
return execStatus.OpStatus()
}
args := txArgs{orgId: orgId, action: status, txa: txa}
if execStatus := q.valUpdateOrgStatus(args, pinterf); execStatus != ExecSuccess {
return execStatus
return execStatus.OpStatus()
}
// and in suspended state for suspension revoke
tx, err := pinterf.UpdateOrgStatus(args.orgId, big.NewInt(int64(args.action)))
if err != nil {
log.Error("Failed to execute permission action", "action", UpdateOrgStatus, "err", err)
msg := fmt.Sprintf("failed to execute permissions action: %v", err)
return ExecStatus{false, msg}
return ExecStatus{false, msg}.OpStatus()
}
log.Debug("executed permission action", "action", UpdateOrgStatus, "tx", tx)
return ExecSuccess
return ExecSuccess.OpStatus()
}
func (q *QuorumControlsAPI) AddNode(orgId string, url string, txa ethapi.SendTxArgs) ExecStatus {
func (q *QuorumControlsAPI) AddNode(orgId string, url string, txa ethapi.SendTxArgs) (string, error) {
pinterf, execStatus := q.initOp(txa)
if execStatus != ExecSuccess {
return execStatus
return execStatus.OpStatus()
}
args := txArgs{orgId: orgId, url: url, txa: txa}
if execStatus := q.valAddNode(args, pinterf); execStatus != ExecSuccess {
return execStatus
return execStatus.OpStatus()
}
// check if node is already there
tx, err := pinterf.AddNode(args.orgId, args.url)
if err != nil {
log.Error("Failed to execute permission action", "action", AddNode, "err", err)
msg := fmt.Sprintf("failed to execute permissions action: %v", err)
return ExecStatus{false, msg}
return ExecStatus{false, msg}.OpStatus()
}
log.Debug("executed permission action", "action", AddNode, "tx", tx)
return ExecSuccess
return ExecSuccess.OpStatus()
}
func (q *QuorumControlsAPI) UpdateNodeStatus(orgId string, url string, status uint8, txa ethapi.SendTxArgs) ExecStatus {
func (q *QuorumControlsAPI) UpdateNodeStatus(orgId string, url string, status uint8, txa ethapi.SendTxArgs) (string, error) {
pinterf, execStatus := q.initOp(txa)
if execStatus != ExecSuccess {
return execStatus
return execStatus.OpStatus()
}
args := txArgs{orgId: orgId, url: url, action: status, txa: txa}
if execStatus := q.valUpdateNodeStatus(args, pinterf); execStatus != ExecSuccess {
return execStatus
return execStatus.OpStatus()
}
// check node status for operation
tx, err := pinterf.UpdateNodeStatus(args.orgId, args.url, big.NewInt(int64(args.action)))
if err != nil {
log.Error("Failed to execute permission action", "action", UpdateNodeStatus, "err", err)
msg := fmt.Sprintf("failed to execute permissions action: %v", err)
return ExecStatus{false, msg}
return ExecStatus{false, msg}.OpStatus()
}
log.Debug("executed permission action", "action", UpdateNodeStatus, "tx", tx)
return ExecSuccess
return ExecSuccess.OpStatus()
}
func (q *QuorumControlsAPI) ApproveOrgStatus(orgId string, status uint8, txa ethapi.SendTxArgs) ExecStatus {
func (q *QuorumControlsAPI) ApproveOrgStatus(orgId string, status uint8, txa ethapi.SendTxArgs) (string, error) {
pinterf, execStatus := q.initOp(txa)
if execStatus != ExecSuccess {
return execStatus
return execStatus.OpStatus()
}
args := txArgs{orgId: orgId, action: status, txa: txa}
if execStatus := q.valApproveOrgStatus(args, pinterf); execStatus != ExecSuccess {
return execStatus
return execStatus.OpStatus()
}
// validate that status change is pending approval
tx, err := pinterf.ApproveOrgStatus(args.orgId, big.NewInt(int64(args.action)))
if err != nil {
log.Error("Failed to execute permission action", "action", UpdateNodeStatus, "err", err)
msg := fmt.Sprintf("failed to execute permissions action: %v", err)
return ExecStatus{false, msg}
return ExecStatus{false, msg}.OpStatus()
}
log.Debug("executed permission action", "action", UpdateNodeStatus, "tx", tx)
return ExecSuccess
return ExecSuccess.OpStatus()
}
func (q *QuorumControlsAPI) AssignAdminRole(orgId string, acct common.Address, roleId string, txa ethapi.SendTxArgs) ExecStatus {
func (q *QuorumControlsAPI) AssignAdminRole(orgId string, acct common.Address, roleId string, txa ethapi.SendTxArgs) (string, error) {
pinterf, execStatus := q.initOp(txa)
if execStatus != ExecSuccess {
return execStatus
return execStatus.OpStatus()
}
args := txArgs{orgId: orgId, acctId: acct, roleId: roleId, txa: txa}
if execStatus := q.valAssignAdminRole(args, pinterf); execStatus != ExecSuccess {
return execStatus
return execStatus.OpStatus()
}
// check if account is already in use in another org
tx, err := pinterf.AssignAdminRole(args.orgId, args.acctId, args.roleId)
if err != nil {
log.Error("Failed to execute permission action", "action", AssignAdminRole, "err", err)
msg := fmt.Sprintf("failed to execute permissions action: %v", err)
return ExecStatus{false, msg}
return ExecStatus{false, msg}.OpStatus()
}
log.Debug("executed permission action", "action", AssignAdminRole, "tx", tx)
return ExecSuccess
return ExecSuccess.OpStatus()
}
func (q *QuorumControlsAPI) ApproveAdminRole(orgId string, acct common.Address, txa ethapi.SendTxArgs) ExecStatus {
func (q *QuorumControlsAPI) ApproveAdminRole(orgId string, acct common.Address, txa ethapi.SendTxArgs) (string, error) {
pinterf, execStatus := q.initOp(txa)
if execStatus != ExecSuccess {
return execStatus
return execStatus.OpStatus()
}
args := txArgs{orgId: orgId, acctId: acct, txa: txa}
if execStatus := q.valApproveAdminRole(args, pinterf); execStatus != ExecSuccess {
return execStatus
return execStatus.OpStatus()
}
// check if anything is pending approval
tx, err := pinterf.ApproveAdminRole(args.orgId, args.acctId)
if err != nil {
log.Error("Failed to execute permission action", "action", ApproveAdminRole, "err", err)
msg := fmt.Sprintf("failed to execute permissions action: %v", err)
return ExecStatus{false, msg}
return ExecStatus{false, msg}.OpStatus()
}
log.Debug("executed permission action", "action", ApproveAdminRole, "tx", tx)
return ExecSuccess
return ExecSuccess.OpStatus()
}
func (q *QuorumControlsAPI) AddNewRole(orgId string, roleId string, access uint8, isVoter bool, isAdmin bool, txa ethapi.SendTxArgs) ExecStatus {
func (q *QuorumControlsAPI) AddNewRole(orgId string, roleId string, access uint8, isVoter bool, isAdmin bool, txa ethapi.SendTxArgs) (string, error) {
pinterf, execStatus := q.initOp(txa)
if execStatus != ExecSuccess {
return execStatus
return execStatus.OpStatus()
}
args := txArgs{orgId: orgId, roleId: roleId, accessType: access, isVoter: isVoter, isAdmin: isAdmin, txa: txa}
if execStatus := q.valAddNewRole(args, pinterf); execStatus != ExecSuccess {
return execStatus
return execStatus.OpStatus()
}
// check if role is already there in the org
tx, err := pinterf.AddNewRole(args.roleId, args.orgId, big.NewInt(int64(args.accessType)), args.isVoter, args.isAdmin)
if err != nil {
log.Error("Failed to execute permission action", "action", ApproveAdminRole, "err", err)
msg := fmt.Sprintf("failed to execute permissions action: %v", err)
return ExecStatus{false, msg}
return ExecStatus{false, msg}.OpStatus()
}
log.Debug("executed permission action", "action", ApproveAdminRole, "tx", tx)
return ExecSuccess
return ExecSuccess.OpStatus()
}
func (q *QuorumControlsAPI) RemoveRole(orgId string, roleId string, txa ethapi.SendTxArgs) ExecStatus {
func (q *QuorumControlsAPI) RemoveRole(orgId string, roleId string, txa ethapi.SendTxArgs) (string, error) {
pinterf, execStatus := q.initOp(txa)
if execStatus != ExecSuccess {
return execStatus
return execStatus.OpStatus()
}
args := txArgs{orgId: orgId, roleId: roleId, txa: txa}
if execStatus := q.valRemoveRole(args, pinterf); execStatus != ExecSuccess {
return execStatus
return execStatus.OpStatus()
}
tx, err := pinterf.RemoveRole(args.roleId, args.orgId)
if err != nil {
log.Error("Failed to execute permission action", "action", RemoveRole, "err", err)
msg := fmt.Sprintf("failed to execute permissions action: %v", err)
return ExecStatus{false, msg}
return ExecStatus{false, msg}.OpStatus()
}
log.Debug("executed permission action", "action", RemoveRole, "tx", tx)
return ExecSuccess
return ExecSuccess.OpStatus()
}
func (q *QuorumControlsAPI) AddAccountToOrg(acct common.Address, orgId string, roleId string, txa ethapi.SendTxArgs) ExecStatus {
func (q *QuorumControlsAPI) AddAccountToOrg(acct common.Address, orgId string, roleId string, txa ethapi.SendTxArgs) (string, error) {
pinterf, execStatus := q.initOp(txa)
if execStatus != ExecSuccess {
return execStatus
return execStatus.OpStatus()
}
args := txArgs{orgId: orgId, roleId: roleId, acctId: acct, txa: txa}
if execStatus := q.valAssignRole(args, pinterf); execStatus != ExecSuccess {
return execStatus
return execStatus.OpStatus()
}
tx, err := pinterf.AssignAccountRole(args.acctId, args.orgId, args.roleId)
if err != nil {
log.Error("Failed to execute permission action", "action", AddAccountToOrg, "err", err)
msg := fmt.Sprintf("failed to execute permissions action: %v", err)
return ExecStatus{false, msg}
return ExecStatus{false, msg}.OpStatus()
}
log.Debug("executed permission action", "action", AddAccountToOrg, "tx", tx)
return ExecSuccess
return ExecSuccess.OpStatus()
}
func (q *QuorumControlsAPI) ChangeAccountRole(acct common.Address, orgId string, roleId string, txa ethapi.SendTxArgs) ExecStatus {
func (q *QuorumControlsAPI) ChangeAccountRole(acct common.Address, orgId string, roleId string, txa ethapi.SendTxArgs) (string, error) {
pinterf, execStatus := q.initOp(txa)
if execStatus != ExecSuccess {
return execStatus
return execStatus.OpStatus()
}
args := txArgs{orgId: orgId, roleId: roleId, acctId: acct, txa: txa}
if execStatus := q.valAssignRole(args, pinterf); execStatus != ExecSuccess {
return execStatus
return execStatus.OpStatus()
}
tx, err := pinterf.AssignAccountRole(args.acctId, args.orgId, args.roleId)
if err != nil {
log.Error("Failed to execute permission action", "action", ChangeAccountRole, "err", err)
msg := fmt.Sprintf("failed to execute permissions action: %v", err)
return ExecStatus{false, msg}
return ExecStatus{false, msg}.OpStatus()
}
log.Debug("executed permission action", "action", ChangeAccountRole, "tx", tx)
return ExecSuccess
return ExecSuccess.OpStatus()
}
func (q *QuorumControlsAPI) UpdateAccountStatus(orgId string, acct common.Address, status uint8, txa ethapi.SendTxArgs) ExecStatus {
func (q *QuorumControlsAPI) UpdateAccountStatus(orgId string, acct common.Address, status uint8, txa ethapi.SendTxArgs) (string, error) {
pinterf, execStatus := q.initOp(txa)
if execStatus != ExecSuccess {
return execStatus
return execStatus.OpStatus()
}
args := txArgs{orgId: orgId, acctId: acct, action: status, txa: txa}
if execStatus := q.valUpdateAccountStatus(args, pinterf); execStatus != ExecSuccess {
return execStatus
return execStatus.OpStatus()
}
tx, err := pinterf.UpdateAccountStatus(args.orgId, args.acctId, big.NewInt(int64(args.action)))
if err != nil {
log.Error("Failed to execute permission action", "action", UpdateAccountStatus, "err", err)
msg := fmt.Sprintf("failed to execute permissions action: %v", err)
return ExecStatus{false, msg}
return ExecStatus{false, msg}.OpStatus()
}
log.Debug("executed permission action", "action", UpdateAccountStatus, "tx", tx)
return ExecSuccess
return ExecSuccess.OpStatus()
}
// check if the account is network admin

199
docs/Permissioning/Permissioning apis.md
View File

@ -306,36 +306,35 @@ Via JSON RPC
curl -X POST http://127.0.0.1:22000 --data '{"jsonrpc":"2.0","method":"quorumPermission_addOrg","params":["ABC", "enode://3d9ca5956b38557aba991e31cf510d4df641dce9cc26bfeb7de082f0c07abb6ede3a58410c8f249dabeecee4ad3979929ac4c7c496ad20b8cfdd061b7401b4f5@127.0.0.1:21003?discport=0&raftport=50404", "0x0638e1574728b6d862dd5d3a3e0942c3be47d996", {"from":"0xed9d02e382b34818e88b88a309c7fe71e65f419d"}],"id":10}' --header "Content-Type: application/json"
// Response
{
msg: "Action completed successfully",
status: true
}
{"jsonrpc":"2.0","id":10,"result":"Action completed successfully"}
```
Via `geth` console
```javascript
> quorumPermission.addOrg("ABC", "enode://3d9ca5956b38557aba991e31cf510d4df641dce9cc26bfeb7de082f0c07abb6ede3a58410c8f249dabeecee4ad3979929ac4c7c496ad20b8cfdd061b7401b4f5@127.0.0.1:21003?discport=0&raftport=50404", "0x0638e1574728b6d862dd5d3a3e0942c3be47d996", {from: eth.accounts[0]})
{
msg: "Action completed successfully",
status: true
}
"Action completed successfully"
```
If there are any pending items for approval, proposal of any new organization will fail. Also the enode id and accounts can be linked to one organization only.
```javascript
> quorumPermission.addOrg("ABC", "enode://3d9ca5956b38557aba991e31cf510d4df641dce9cc26bfeb7de082f0c07abb6ede3a58410c8f249dabeecee4ad3979929ac4c7c496ad20b8cfdd061b7401b4f5@127.0.0.1:21003?discport=0&raftport=50404", "0x0638e1574728b6d862dd5d3a3e0942c3be47d996", {from: eth.accounts[0]})
{
msg: "Pending approvals for the organization. Approve first",
status: false
}
Error: Pending approvals for the organization. Approve first
at web3.js:3143:20
at web3.js:6347:15
at web3.js:5081:36
at <anonymous>:1:1
> quorumPermission.addOrg("XYZ", "enode://3d9ca5956b38557aba991e31cf510d4df641dce9cc26bfeb7de082f0c07abb6ede3a58410c8f249dabeecee4ad3979929ac4c7c496ad20b8cfdd061b7401b4f5@127.0.0.1:21003?discport=0&raftport=50404", "0x0638e1574728b6d862dd5d3a3e0942c3be47d996", {from: eth.accounts[0]})
{
msg: "EnodeId already part of network.",
status: false
}
Error: EnodeId already part of network.
at web3.js:3143:20
at web3.js:6347:15
at web3.js:5081:36
at <anonymous>:1:1
> quorumPermission.addOrg("XYZ", "enode://de9c2d5937e599930832cecc1df8cc90b50839bdf635c1a4e68e1dab2d001cd4a11c626e155078cc65958a72e2d72c1342a28909775edd99cc39470172cce0ac@127.0.0.1:21004?discport=0", "0x0638e1574728b6d862dd5d3a3e0942c3be47d996", {from: eth.accounts[0]})
{
msg: "Account already in use in another organization",
status: false
}
Error: Account already in use in another organization
at web3.js:3143:20
at web3.js:6347:15
at web3.js:5081:36
at <anonymous>:1:1
```
### `quorumPermission_approveOrg`
This api can be executed by a network admin account (`from:` in transactions args) only for approving a proposed organization into the network.
@ -353,18 +352,12 @@ Via JSON RPC
curl -X POST http://127.0.0.1:22000 --data '{"jsonrpc":"2.0","method":"quorumPermission_approveOrg","params":["ABC", "enode://3d9ca5956b38557aba991e31cf510d4df641dce9cc26bfeb7de082f0c07abb6ede3a58410c8f249dabeecee4ad3979929ac4c7c496ad20b8cfdd061b7401b4f5@127.0.0.1:21003?discport=0&raftport=50404", "0x0638e1574728b6d862dd5d3a3e0942c3be47d996", {"from":"0xed9d02e382b34818e88b88a309c7fe71e65f419d"}],"id":10}' --header "Content-Type: application/json"
// Response
{
msg: "Action completed successfully",
status: true
}
{"jsonrpc":"2.0","id":10,"result":"Action completed successfully"}
```
Via `geth` console
```javascript
quorumPermission.approveOrg("ABC", "enode://3d9ca5956b38557aba991e31cf510d4df641dce9cc26bfeb7de082f0c07abb6ede3a58410c8f249dabeecee4ad3979929ac4c7c496ad20b8cfdd061b7401b4f5@127.0.0.1:21003?discport=0&raftport=50404", "0x0638e1574728b6d862dd5d3a3e0942c3be47d996", {from: eth.accounts[0]})
{
msg: "Action completed successfully",
status: true
}
"Action completed successfully"
```
### `quorumPermission_updateOrgStatus`
This api can only be executed by a network admin account and is used for temporarily suspending an organization or re-enabling a suspended organization. This activity can be performed for master organization only and requires majority approval from network admins.
@ -382,18 +375,12 @@ Via JSON RPC
// Request
curl -X POST http://127.0.0.1:22000 --data '{"jsonrpc":"2.0","method":"quorumPermission_updateOrgStatus","params":["ABC", 1, {"from":"0xed9d02e382b34818e88b88a309c7fe71e65f419d"}],"id":10}' --header "Content-Type: application/json"
//Response
{
msg: "Action completed successfully",
status: true
}
{"jsonrpc":"2.0","id":10,"result":"Action completed successfully"}
```
Via `geth` console
```javascript
> quorumPermission.updateOrgStatus("ABC", 1, {from:eth.accounts[0]})
{
msg: "Action completed successfully",
status: true
}
"Action completed successfully"
```
### `quorumPermission_approveOrgStatus`
This api can only be executed by a network admin account and is used for approving the org status change proposal. Once majority approval is received from network admins, the org status is updated.
@ -412,18 +399,13 @@ Via JSON RPC
curl -X POST http://127.0.0.1:22000 --data '{"jsonrpc":"2.0","method":"quorumPermission_approveOrgStatus","params":["ABC", 1, {"from":"0xed9d02e382b34818e88b88a309c7fe71e65f419d"}],"id":10}' --header "Content-Type: application/json"
//Response
{
msg: "Action completed successfully",
status: true
}
{"jsonrpc":"2.0","id":10,"result":"Action completed successfully"}
```
Via `geth` console
```javascript
quorumPermission.approveOrgStatus("ABC", 1, {from: eth.accounts[0]})
{
msg: "Action completed successfully",
status: true
}
"Action completed successfully"
```
When an organization is in suspended status, no transactions or contract deploy activities are allowed from any nodes linked to the org and sub organizations under it. Similarly no transactions will be allowed from any accounts linked to the organization
@ -443,32 +425,20 @@ Via JSON RPC
curl -X POST http://127.0.0.1:22000 --data '{"jsonrpc":"2.0","method":"quorumPermission_addSubOrg","params":["ABC", "SUB1","", {"from":"0xed9d02e382b34818e88b88a309c7fe71e65f419d"}],"id":10}' --header "Content-Type: application/json"
// Response
{
msg: "Action completed successfully",
status: true
}
{"jsonrpc":"2.0","id":10,"result":"Action completed successfully"}
```
Via `geth` console
```javascript
> quorumPermission.addSubOrg("ABC", "SUB1", "", {from: eth.accounts[0]})
{
msg: "Action completed successfully",
status: true
}
"Action completed successfully"
```
Few examples of adding sub org in nested hierarchy:
```javascript
> quorumPermission.addSubOrg("ABC.SUB1", "SUB2","", {from: eth.accounts[0]})
{
msg: "Action completed successfully",
status: true
}
"Action completed successfully"
> quorumPermission.addSubOrg("ABC.SUB1.SUB2", "SUB3","", {from: eth.accounts[0]})
{
msg: "Action completed successfully",
status: true
}
"Action completed successfully"
```
### `quorumPermission_addNewRole`
This api can be executed by an organization admin account to create a new role for the organization.
@ -488,23 +458,14 @@ Via JSON RPC
curl -X POST http://127.0.0.1:22000 --data '{"jsonrpc":"2.0","method":"quorumPermission_addNewRole","params":["ABC", "TRANSACT",1,false,false, {"from":"0xed9d02e382b34818e88b88a309c7fe71e65f419d"}],"id":10}' --header "Content-Type: application/json"
// Response
{
msg: "Action completed successfully",
status: true
}
{"jsonrpc":"2.0","id":10,"result":"Action completed successfully"}
```
Via `geth` console
```javascript
> quorumPermission.addNewRole("ABC", "TRANSACT", 1, false, false,{from: eth.accounts[0]})
{
msg: "Action completed successfully",
status: true
}
"Action completed successfully"
> quorumPermission.addNewRole("ABC.SUB1.SUB2.SUB3", "TRANSACT", 1, false, false,{from: eth.accounts[0]})
{
msg: "Action completed successfully",
status: true
}
"Action completed successfully"
```
### `quorumPermission_removeRole`
This api can be executed by an organization admin account to create a new role for the organization.
@ -521,18 +482,12 @@ Via JSON RPC
curl -X POST http://127.0.0.1:22000 --data '{"jsonrpc":"2.0","method":"quorumPermission_removeRole","params":["ABC", "TRANSACT", {"from":"0xed9d02e382b34818e88b88a309c7fe71e65f419d"}],"id":10}' --header "Content-Type: application/json"
// Response
{
msg: "Action completed successfully",
status: true
}
{"jsonrpc":"2.0","id":10,"result":"Action completed successfully"}
```
Via `geth` console
```javascript
> quorumPermission.removeRole("ABC.SUB1.SUB2.SUB3", "TRANSACT", {from: eth.accounts[1]})
{
msg: "Action completed successfully",
status: true
}
"Action completed successfully"
```
### `quorumPermission_addAccountToOrg`
This api can be executed by an organization admin to add an account to an organization and assign a role to the account
@ -550,26 +505,21 @@ Via JSON RPC
curl -X POST http://127.0.0.1:22000 --data '{"jsonrpc":"2.0","method":"quorumPermission_addAccountToOrg","params":["0xf017976fdf1521de2e108e63b423380307f501f8", "ABC", "TRANSACT", {"from":"0xed9d02e382b34818e88b88a309c7fe71e65f419d"}],"id":10}' --header "Content-Type: application/json"
// Response
{
msg: "Action completed successfully",
status: true
}
{"jsonrpc":"2.0","id":10,"result":"Action completed successfully"}
```
Via `geth` console
```javascript
> quorumPermission.addAccountToOrg("0xf017976fdf1521de2e108e63b423380307f501f8", "ABC", "TRANSACT", {from: eth.accounts[1]})
{
msg: "Action completed successfully",
status: true
}
"Action completed successfully"
```
The account can at best be linked to a single organization or sub organization and cannot belong to multiple organizations or sub organizations
```javascript
> quorumPermission.assignAccountRole("0xf017976fdf1521de2e108e63b423380307f501f8", "ABC.SUB1", "TRANSACT", {from: eth.accounts[1]})
{
msg: "Account already in use in another organization",
status: false
}
> quorumPermission.addAccountToOrg("0xf017976fdf1521de2e108e63b423380307f501f8", "ABC.SUB1", "TRANSACT", {from: eth.accounts[1]})
Error: Account already in use in another organization
at web3.js:3143:20
at web3.js:6347:15
at web3.js:5081:36
at <anonymous>:1:1
```
### `quorumPermission_changeAccountRole`
This api can be executed by an organization admin account to assign a role to an account.
@ -587,18 +537,12 @@ Via JSON RPC
curl -X POST http://127.0.0.1:22000 --data '{"jsonrpc":"2.0","method":"quorumPermission_changeAccountRole","params":["0xf017976fdf1521de2e108e63b423380307f501f8", "ABC", "TRANSACT", {"from":"0xed9d02e382b34818e88b88a309c7fe71e65f419d"}],"id":10}' --header "Content-Type: application/json"
// Response
{
msg: "Action completed successfully",
status: true
}
{"jsonrpc":"2.0","id":10,"result":"Action completed successfully"}
```
Via `geth` console
```javascript
> quorumPermission.changeAccountRole("0xf017976fdf1521de2e108e63b423380307f501f8", "ABC", "TRANSACT", {from: eth.accounts[1]})
{
msg: "Action completed successfully",
status: true
}
"Action completed successfully"
```
### `quorumPermission_updateAccountStatus`
@ -620,18 +564,12 @@ Via JSON RPC
curl -X POST http://127.0.0.1:22000 --data '{"jsonrpc":"2.0","method":"quorumPermission_updateAccountStatus","params":["ABC", "0xf017976fdf1521de2e108e63b423380307f501f8", 1, {"from":"0xed9d02e382b34818e88b88a309c7fe71e65f419d"}],"id":10}' --header "Content-Type: application/json"
// Response
{
msg: "Action completed successfully",
status: true
}
{"jsonrpc":"2.0","id":10,"result":"Action completed successfully"}
```
Via `geth` console
```javascript
> quorumPermission.updateAccountStatus("ABC", "0xf017976fdf1521de2e108e63b423380307f501f8", 1, {from: eth.accounts[1]})
{
msg: "Action completed successfully",
status: true
}
"Action completed successfully"
```
Once a account is blacklisted no further action is allowed on it.
@ -650,18 +588,12 @@ Via JSON RPC
// Request
curl -X POST http://127.0.0.1:22000 --data '{"jsonrpc":"2.0","method":"quorumPermission_assignAdminRole","params":["ABC", "0xf017976fdf1521de2e108e63b423380307f501f8", "NWADMIN", {"from":"0xed9d02e382b34818e88b88a309c7fe71e65f419d"}],"id":10}' --header "Content-Type: application/json"
// Response
{
msg: "Action completed successfully",
status: true
}
{"jsonrpc":"2.0","id":10,"result":"Action completed successfully"}
```
Via `geth` console
```javascript
> quorumPermission.assignAdminRole("ABC", "0xf017976fdf1521de2e108e63b423380307f501f8", "NWADMIN", {from: eth.accounts[0]})
{
msg: "Action completed successfully",
status: true
}
"Action completed successfully"
```
### `quorumPermission_approveAdminRole`
@ -679,19 +611,12 @@ Via JSON RPC
curl -X POST http://127.0.0.1:22000 --data '{"jsonrpc":"2.0","method":"quorumPermission_approveAdminRole","params":["ABC", "0xf017976fdf1521de2e108e63b423380307f501f8", {"from":"0xed9d02e382b34818e88b88a309c7fe71e65f419d"}],"id":10}' --header "Content-Type: application/json"
// Response
{
msg: "Action completed successfully",
status: true
}
{"jsonrpc":"2.0","id":10,"result":"Action completed successfully"}
```
Via `geth` console
```javascript
> quorumPermission.approveAdminRole("ABC", "0xf017976fdf1521de2e108e63b423380307f501f8", {from: eth.accounts[0]})
{
msg: "Action completed successfully",
status: true
}
"Action completed successfully"
```
### `quorumPermission_addNode`
This api can be executed by the organization admin account to add a node to the organization or sub organization. A node cannot be part of multiple organizations.
@ -708,18 +633,12 @@ Via JSON RPC
curl -X POST http://127.0.0.1:22000 --data '{"jsonrpc":"2.0","method":"quorumPermission_addNode","params":["ABC.SUB1.SUB2.SUB3", "enode://239c1f044a2b03b6c4713109af036b775c5418fe4ca63b04b1ce00124af00ddab7cc088fc46020cdc783b6207efe624551be4c06a994993d8d70f684688fb7cf@127.0.0.1:21006?discport=0&raftport=50407", {"from":"0xed9d02e382b34818e88b88a309c7fe71e65f419d"}],"id":10}' --header "Content-Type: application/json"
// Response
{
msg: "Action completed successfully",
status: true
}
{"jsonrpc":"2.0","id":10,"result":"Action completed successfully"}
```
Via `geth` console
```javascript
> quorumPermission.addNode("ABC.SUB1.SUB2.SUB3", "enode://239c1f044a2b03b6c4713109af036b775c5418fe4ca63b04b1ce00124af00ddab7cc088fc46020cdc783b6207efe624551be4c06a994993d8d70f684688fb7cf@127.0.0.1:21006?discport=0&raftport=50407", {from: eth.accounts[1]})
{
msg: "Action completed successfully",
status: true
}
"Action completed successfully"
```
### `quorumPermission_updateNodeStatus`
This api can be executed by the organization admin account to update the status of a node.
@ -743,18 +662,12 @@ Via JSON RPC
curl -X POST http://127.0.0.1:22000 --data '{"jsonrpc":"2.0","method":"quorumPermission_updateNodeStatus","params":["ABC.SUB1.SUB2.SUB3", "enode://239c1f044a2b03b6c4713109af036b775c5418fe4ca63b04b1ce00124af00ddab7cc088fc46020cdc783b6207efe624551be4c06a994993d8d70f684688fb7cf@127.0.0.1:21006?discport=0&raftport=50407",1, {"from":"0xed9d02e382b34818e88b88a309c7fe71e65f419d"}],"id":10}' --header "Content-Type: application/json"
// Response
{
msg: "Action completed successfully",
status: true
}
{"jsonrpc":"2.0","id":10,"result":"Action completed successfully"}
```
Via `geth` console
```javascript
> quorumPermission.updateNodeStatus("ABC.SUB1.SUB2.SUB3", "enode://239c1f044a2b03b6c4713109af036b775c5418fe4ca63b04b1ce00124af00ddab7cc088fc46020cdc783b6207efe624551be4c06a994993d8d70f684688fb7cf@127.0.0.1:21006?discport=0&raftport=50407",3, {from: eth.accounts[1]})
{
msg: "Action completed successfully",
status: true
}
"Action completed successfully"
```
Once a node is blacklisted no further action is possible on the same.