poanetwork
/
quorum
mirror of https://github.com/poanetwork/quorum.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

permissions: added validations for node recovery initiation and approval activties.

This commit is contained in:
vsmk98 2019-08-01 16:19:26 +08:00
parent 755b586428
commit 56c2717eb1
1 changed files with 29 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
permission/api.go
View File

@ -639,16 +639,17 @@ func (q *QuorumControlsAPI) valNodeStatusChange(orgId, url string, op int64) (Ex
return ErrNodeOrgMismatch, errors.New("node does not belong to the organization passed")
}
if node.Status == types.NodeBlackListed {
if node.Status == types.NodeBlackListed && op != 4 {
return ErrBlacklistedNode, errors.New("blacklisted node. operation not allowed")
}
// validate the op and node status and check if the op can be performed
if op != 1 && op != 2 && op != 3 {
if op != 1 && op != 2 && op != 3 && op != 4 && op != 5 {
return ErrOpNotAllowed, errors.New("invalid node status change operation")
}
if (op == 1 && node.Status != types.NodeApproved) || (op == 2 && node.Status != types.NodeDeactivated) {
if (op == 1 && node.Status != types.NodeApproved) || (op == 2 && node.Status != types.NodeDeactivated) ||
(op == 4 && node.Status != types.NodeBlackListed) || (op == 5 && node.Status != types.NodeRecoveryInitiated) {
return ErrOpNotAllowed, errors.New("node status change cannot be performed")
}
} else {
@ -1032,11 +1033,33 @@ func (q *QuorumControlsAPI) valRecoverNode(args txArgs, pinterf *pbind.PermInter
if !q.isNetworkAdmin(args.txa.From) {
return ErrNotNetworkAdmin
}
if action == InitiateNodeRecovery && q.checkPendingOp(q.permCtrl.permConfig.NwAdminOrg, pinterf) {
return ErrPendingApprovals
// validate inputs - org id is valid, node is valid and in blacklisted state
if execStatus, _ := q.validateOrg(args.orgId, ""); execStatus != ErrOrgExists {
return ErrInvalidOrgName
}
if action == InitiateNodeRecovery {
if execStatus, _ := q.valNodeStatusChange(args.orgId, args.url, 4); execStatus != ExecSuccess {
return execStatus
}
// check no pending approval items
if q.checkPendingOp(q.permCtrl.permConfig.NwAdminOrg, pinterf) {
return ErrPendingApprovals
}
} else {
// validate inputs - org id is valid, node is valid pending recovery state
if execStatus, _ := q.valNodeStatusChange(args.orgId, args.url, 5); execStatus != ExecSuccess {
return execStatus
}
// check that there is a pending approval item for node recovery
if !q.validatePendingOp(q.permCtrl.permConfig.NwAdminOrg, args.orgId, args.url, common.Address{}, 5, pinterf) {
return ErrNothingToApprove
}
}
// if it is approval ensure that
return ExecSuccess
}