mirror of https://github.com/poanetwork/quorum.git
permissions: documentation changes based on review feedback
This commit is contained in:
parent
237a2a6269
commit
5abf2b301a
|
@ -3,156 +3,218 @@ pragma solidity ^0.5.3;
|
||||||
import "./PermissionsImplementation.sol";
|
import "./PermissionsImplementation.sol";
|
||||||
import "./PermissionsUpgradable.sol";
|
import "./PermissionsUpgradable.sol";
|
||||||
|
|
||||||
|
/// @title Permissions Interface Contract
|
||||||
|
/// @notice This contract is the interface for permissions implementation
|
||||||
|
/// @notice contract. for any call, it forwards the call to the implementation
|
||||||
|
/// @notice contract
|
||||||
contract PermissionsInterface {
|
contract PermissionsInterface {
|
||||||
PermissionsImplementation private permImplementation;
|
PermissionsImplementation private permImplementation;
|
||||||
PermissionsUpgradable private permUpgradable;
|
PermissionsUpgradable private permUpgradable;
|
||||||
address private permImplUpgradeable;
|
address private permImplUpgradeable;
|
||||||
|
|
||||||
|
/// @notice constructor
|
||||||
|
/// @param _permImplUpgradeable permissions upgradable contract address
|
||||||
constructor(address _permImplUpgradeable) public {
|
constructor(address _permImplUpgradeable) public {
|
||||||
permImplUpgradeable = _permImplUpgradeable;
|
permImplUpgradeable = _permImplUpgradeable;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/// @notice modifier to verify that caller is permissions upgradable contract
|
||||||
|
/// @notice address
|
||||||
modifier onlyUpgradeable {
|
modifier onlyUpgradeable {
|
||||||
require(msg.sender == permImplUpgradeable);
|
require(msg.sender == permImplUpgradeable);
|
||||||
_;
|
_;
|
||||||
}
|
}
|
||||||
|
|
||||||
function setPermImplementation(address _permImplementation) public
|
/// @notice interface for setting the permissions policy in implementation
|
||||||
onlyUpgradeable
|
/// @param _nwAdminOrg network admin organization id
|
||||||
{
|
/// @param _nwAdminRole default network admin role id
|
||||||
permImplementation = PermissionsImplementation(_permImplementation);
|
/// @param _oAdminRole default organization admin role id
|
||||||
}
|
function setPolicy(string calldata _nwAdminOrg, string calldata _nwAdminRole, string calldata _oAdminRole) external {
|
||||||
|
|
||||||
function getPermissionsImpl() public view returns (address)
|
|
||||||
{
|
|
||||||
return address(permImplementation);
|
|
||||||
}
|
|
||||||
|
|
||||||
function setPolicy(string calldata _nwAdminOrg, string calldata _nwAdminRole, string calldata _oAdminRole) external
|
|
||||||
{
|
|
||||||
permImplementation.setPolicy(_nwAdminOrg, _nwAdminRole, _oAdminRole);
|
permImplementation.setPolicy(_nwAdminOrg, _nwAdminRole, _oAdminRole);
|
||||||
}
|
}
|
||||||
|
|
||||||
function init(uint _breadth, uint _depth) external
|
/// @notice interface to initializes the breadth and depth values for
|
||||||
{
|
/// @notice sub organization management
|
||||||
|
/// @param _breadth controls the number of sub org a parent org can have
|
||||||
|
/// @param _depth controls the depth of nesting allowed for sub orgs
|
||||||
|
function init(uint _breadth, uint _depth) external {
|
||||||
permImplementation.init(_breadth, _depth);
|
permImplementation.init(_breadth, _depth);
|
||||||
}
|
}
|
||||||
|
/// @notice interface to add new node to an admin organization
|
||||||
function addAdminNodes(string calldata _enodeId) external
|
/// @param _enodeId full enode id of the node to be added
|
||||||
{
|
function addAdminNodes(string calldata _enodeId) external {
|
||||||
permImplementation.addAdminNodes(_enodeId);
|
permImplementation.addAdminNodes(_enodeId);
|
||||||
}
|
}
|
||||||
|
|
||||||
function addAdminAccounts(address _acct) external
|
/// @notice interface to add accounts to an admin organization
|
||||||
{
|
/// @param _acct account address to be added
|
||||||
|
function addAdminAccounts(address _acct) external {
|
||||||
permImplementation.addAdminAccounts(_acct);
|
permImplementation.addAdminAccounts(_acct);
|
||||||
}
|
}
|
||||||
|
|
||||||
// update the network boot status as true
|
/// @notice interface to update network boot up status
|
||||||
|
/// @return bool true or false
|
||||||
function updateNetworkBootStatus() external
|
function updateNetworkBootStatus() external
|
||||||
returns (bool)
|
returns (bool)
|
||||||
{
|
{
|
||||||
permImplementation.updateNetworkBootStatus();
|
permImplementation.updateNetworkBootStatus();
|
||||||
}
|
}
|
||||||
|
|
||||||
// // Get network boot status
|
/// @notice interface to fetch network boot status
|
||||||
function getNetworkBootStatus() external view returns (bool)
|
/// @return bool network boot status
|
||||||
{
|
function getNetworkBootStatus() external view returns (bool){
|
||||||
return permImplementation.getNetworkBootStatus();
|
return permImplementation.getNetworkBootStatus();
|
||||||
}
|
}
|
||||||
|
|
||||||
// function for adding a new master org
|
/// @notice interface to add a new organization to the network
|
||||||
function addOrg(string calldata _orgId, string calldata _enodeId, address _account) external
|
/// @param _orgId unique organization id
|
||||||
{
|
/// @param _enodeId full enode id linked to the organization
|
||||||
|
/// @param _account account id. this will have the org admin privileges
|
||||||
|
function addOrg(string calldata _orgId, string calldata _enodeId, address _account) external {
|
||||||
permImplementation.addOrg(_orgId, _enodeId, _account, msg.sender);
|
permImplementation.addOrg(_orgId, _enodeId, _account, msg.sender);
|
||||||
}
|
}
|
||||||
|
|
||||||
function approveOrg(string calldata _orgId, string calldata _enodeId, address _account) external
|
/// @notice interface to approve a newly added organization
|
||||||
{
|
/// @param _orgId unique organization id
|
||||||
|
/// @param _enodeId full enode id linked to the organization
|
||||||
|
/// @param _account account id this will have the org admin privileges
|
||||||
|
function approveOrg(string calldata _orgId, string calldata _enodeId, address _account) external {
|
||||||
permImplementation.approveOrg(_orgId, _enodeId, _account, msg.sender);
|
permImplementation.approveOrg(_orgId, _enodeId, _account, msg.sender);
|
||||||
}
|
}
|
||||||
|
|
||||||
// function for adding a new master org
|
/// @notice interface to add sub org under an org
|
||||||
function addSubOrg(string calldata _pOrg, string calldata _orgId, string calldata _enodeId) external
|
/// @param _pOrgId parent org id under which the sub org is being added
|
||||||
{
|
/// @param _orgId unique id for the sub organization
|
||||||
permImplementation.addSubOrg(_pOrg, _orgId, _enodeId, msg.sender);
|
/// @param _enodeId full enode id linked to the sjb organization
|
||||||
|
function addSubOrg(string calldata _pOrgId, string calldata _orgId, string calldata _enodeId) external {
|
||||||
|
permImplementation.addSubOrg(_pOrgId, _orgId, _enodeId, msg.sender);
|
||||||
}
|
}
|
||||||
|
|
||||||
function updateOrgStatus(string calldata _orgId, uint _action) external
|
/// @notice interface to update the org status
|
||||||
{
|
/// @param _orgId unique id of the organization
|
||||||
|
/// @param _action 1 for suspending an org and 2 for revoke of suspension
|
||||||
|
function updateOrgStatus(string calldata _orgId, uint _action) external {
|
||||||
permImplementation.updateOrgStatus(_orgId, _action, msg.sender);
|
permImplementation.updateOrgStatus(_orgId, _action, msg.sender);
|
||||||
}
|
}
|
||||||
|
|
||||||
function approveOrgStatus(string calldata _orgId, uint _action) external
|
/// @notice interface to approve org status change
|
||||||
{
|
/// @param _orgId unique id for the sub organization
|
||||||
|
/// @param _action 1 for suspending an org and 2 for revoke of suspension
|
||||||
|
function approveOrgStatus(string calldata _orgId, uint _action) external {
|
||||||
permImplementation.approveOrgStatus(_orgId, _action, msg.sender);
|
permImplementation.approveOrgStatus(_orgId, _action, msg.sender);
|
||||||
}
|
}
|
||||||
|
|
||||||
// Role related functions
|
/// @notice interface to new role definition to an organization
|
||||||
function addNewRole(string calldata _roleId, string calldata _orgId, uint _access, bool _voter, bool _admin) external
|
/// @param _roleId unique id for the role
|
||||||
{
|
/// @param _orgId unique id of the organization to which the role belongs
|
||||||
|
/// @param _access 0-ReadOnly, 1-Transact, 2-ContractDeploy, 3-FullAccess
|
||||||
|
/// @param _voter bool indicates if the role is voter role or not
|
||||||
|
/// @param _admin bool indicates if the role is an admin role
|
||||||
|
function addNewRole(string calldata _roleId, string calldata _orgId, uint _access, bool _voter, bool _admin) external {
|
||||||
permImplementation.addNewRole(_roleId, _orgId, _access, _voter, _admin, msg.sender);
|
permImplementation.addNewRole(_roleId, _orgId, _access, _voter, _admin, msg.sender);
|
||||||
}
|
}
|
||||||
|
|
||||||
function removeRole(string calldata _roleId, string calldata _orgId) external
|
/// @notice interface to remove a role definition from an organization
|
||||||
{
|
/// @param _roleId unique id for the role
|
||||||
|
/// @param _orgId unique id of the organization to which the role belongs
|
||||||
|
function removeRole(string calldata _roleId, string calldata _orgId) external {
|
||||||
permImplementation.removeRole(_roleId, _orgId, msg.sender);
|
permImplementation.removeRole(_roleId, _orgId, msg.sender);
|
||||||
}
|
}
|
||||||
|
|
||||||
function assignAdminRole(string calldata _orgId, address _account, string calldata _roleId) external
|
/// @notice interface to assign network admin/org admin role to an account
|
||||||
{
|
/// @notice this can be executed by network admin accounts only
|
||||||
|
/// @param _orgId unique id of the organization to which the account belongs
|
||||||
|
/// @param _account account id
|
||||||
|
/// @param _roleId role id to be assigned to the account
|
||||||
|
function assignAdminRole(string calldata _orgId, address _account, string calldata _roleId) external {
|
||||||
permImplementation.assignAdminRole(_orgId, _account, _roleId, msg.sender);
|
permImplementation.assignAdminRole(_orgId, _account, _roleId, msg.sender);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
/// @notice interface to approve network admin/org admin role assigment
|
||||||
function approveAdminRole(string calldata _orgId, address _account) external
|
/// @notice this can be executed by network admin accounts only
|
||||||
{
|
/// @param _orgId unique id of the organization to which the account belongs
|
||||||
|
/// @param _account account id
|
||||||
|
function approveAdminRole(string calldata _orgId, address _account) external {
|
||||||
permImplementation.approveAdminRole(_orgId, _account, msg.sender);
|
permImplementation.approveAdminRole(_orgId, _account, msg.sender);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
function assignAccountRole(address _acct, string memory _orgId, string memory _roleId) public
|
/// @notice interface to update account status
|
||||||
{
|
/// @notice this can be executed by org admin accounts only
|
||||||
permImplementation.assignAccountRole(_acct, _orgId, _roleId, msg.sender);
|
/// @param _orgId unique id of the organization to which the account belongs
|
||||||
|
/// @param _account account id
|
||||||
}
|
/// @param _status 1-suspending 2-activating back 3-blacklisting
|
||||||
|
function updateAccountStatus(string calldata _orgId, address _account, uint _status) external {
|
||||||
function updateAccountStatus(string calldata _orgId, address _account, uint _status) external
|
|
||||||
{
|
|
||||||
permImplementation.updateAccountStatus(_orgId, _account, _status, msg.sender);
|
permImplementation.updateAccountStatus(_orgId, _account, _status, msg.sender);
|
||||||
}
|
}
|
||||||
|
|
||||||
function addNode(string calldata _orgId, string calldata _enodeId) external
|
/// @notice interface to add a new node to the organization
|
||||||
{
|
/// @param _orgId unique id of the organization to which the account belongs
|
||||||
|
/// @param _enodeId full enode id being dded to the org
|
||||||
|
function addNode(string calldata _orgId, string calldata _enodeId) external {
|
||||||
permImplementation.addNode(_orgId, _enodeId, msg.sender);
|
permImplementation.addNode(_orgId, _enodeId, msg.sender);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
function updateNodeStatus(string calldata _orgId, string calldata _enodeId, uint _action) external
|
/// @notice interface to update node status
|
||||||
{
|
/// @param _orgId unique id of the organization to which the account belongs
|
||||||
|
/// @param _enodeId full enode id being dded to the org
|
||||||
|
/// @param _action 1-deactivate, 2-activate back, 3-blacklist the node
|
||||||
|
function updateNodeStatus(string calldata _orgId, string calldata _enodeId, uint _action) external {
|
||||||
permImplementation.updateNodeStatus(_orgId, _enodeId, _action, msg.sender);
|
permImplementation.updateNodeStatus(_orgId, _enodeId, _action, msg.sender);
|
||||||
}
|
}
|
||||||
|
|
||||||
function isNetworkAdmin(address _account) public view returns (bool)
|
/// @notice interface to fetch detail of any pending approval activities
|
||||||
{
|
/// @notice for network admin organization
|
||||||
return permImplementation.isNetworkAdmin(_account);
|
/// @param _orgId unique id of the organization to which the account belongs
|
||||||
}
|
function getPendingOp(string calldata _orgId) external view returns (string memory, string memory, address, uint) {
|
||||||
|
|
||||||
function isOrgAdmin(address _account, string memory _orgId) public view returns (bool)
|
|
||||||
{
|
|
||||||
|
|
||||||
return permImplementation.isOrgAdmin(_account, _orgId);
|
|
||||||
}
|
|
||||||
|
|
||||||
function validateAccount(address _account, string memory _orgId) public view returns (bool)
|
|
||||||
{
|
|
||||||
return permImplementation.validateAccount(_account, _orgId);
|
|
||||||
}
|
|
||||||
|
|
||||||
function getPendingOp(string calldata _orgId) external view returns (string memory, string memory, address, uint)
|
|
||||||
{
|
|
||||||
return permImplementation.getPendingOp(_orgId);
|
return permImplementation.getPendingOp(_orgId);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/// @notice sets the permissions implementation contract address
|
||||||
|
/// @notice can be called from upgradable contract only
|
||||||
|
/// @param _permImplementation permissions implementation contract address
|
||||||
|
function setPermImplementation(address _permImplementation) external
|
||||||
|
onlyUpgradeable {
|
||||||
|
permImplementation = PermissionsImplementation(_permImplementation);
|
||||||
|
}
|
||||||
|
|
||||||
|
/// @notice returns the address of permissions implementation contract
|
||||||
|
/// @return permissions implementation contract address
|
||||||
|
function getPermissionsImpl() external view returns (address) {
|
||||||
|
return address(permImplementation);
|
||||||
|
}
|
||||||
|
|
||||||
|
/// @notice interface to assigns a role id to the account give
|
||||||
|
/// @param _account account id
|
||||||
|
/// @param _orgId organization id to which the account belongs
|
||||||
|
/// @param _roleId role id to be assigned to the account
|
||||||
|
function assignAccountRole(address _account, string calldata _orgId, string calldata _roleId) external {
|
||||||
|
permImplementation.assignAccountRole(_account, _orgId, _roleId, msg.sender);
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
/// @notice interface to check if passed account is an network admin account
|
||||||
|
/// @param _account account id
|
||||||
|
/// @return true/false
|
||||||
|
function isNetworkAdmin(address _account) external view returns (bool) {
|
||||||
|
return permImplementation.isNetworkAdmin(_account);
|
||||||
|
}
|
||||||
|
|
||||||
|
/// @notice interface to check if passed account is an org admin account
|
||||||
|
/// @param _account account id
|
||||||
|
/// @param _orgId organization id
|
||||||
|
/// @return true/false
|
||||||
|
function isOrgAdmin(address _account, string calldata _orgId) external view returns (bool) {
|
||||||
|
return permImplementation.isOrgAdmin(_account, _orgId);
|
||||||
|
}
|
||||||
|
|
||||||
|
/// @notice interface to validate the account for access change operation
|
||||||
|
/// @param _account account id
|
||||||
|
/// @param _orgId organization id
|
||||||
|
/// @return true/false
|
||||||
|
function validateAccount(address _account, string calldata _orgId) external view returns (bool) {
|
||||||
|
return permImplementation.validateAccount(_account, _orgId);
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
|
@ -2,69 +2,85 @@ pragma solidity ^0.5.3;
|
||||||
|
|
||||||
import "./PermissionsInterface.sol";
|
import "./PermissionsInterface.sol";
|
||||||
|
|
||||||
|
/// @title Permissions Upgradable Contract
|
||||||
|
/// @notice This contract holds the address of current permissions implementation
|
||||||
|
/// @notice contract. The contract is owned by a guardian account. Only the
|
||||||
|
/// @notice guardian account can change the implementation contract address as
|
||||||
|
/// @notice business needs.
|
||||||
contract PermissionsUpgradable {
|
contract PermissionsUpgradable {
|
||||||
|
|
||||||
address private guardian;
|
address private guardian;
|
||||||
address private permImpl;
|
address private permImpl;
|
||||||
address private permInterface;
|
address private permInterface;
|
||||||
|
|
||||||
// sets the guardian account as part of constructor
|
/// @notice constructor
|
||||||
// only this account will be able to change the implementation contract address
|
/// @param _guardian account address
|
||||||
constructor (address _guardian) public
|
constructor (address _guardian) public{
|
||||||
{
|
|
||||||
guardian = _guardian;
|
guardian = _guardian;
|
||||||
}
|
}
|
||||||
|
|
||||||
modifier onlyCustodian {
|
/// @notice modifier to verify that caller is guardian account
|
||||||
|
modifier onlyGuardian {
|
||||||
require(msg.sender == guardian);
|
require(msg.sender == guardian);
|
||||||
_;
|
_;
|
||||||
}
|
}
|
||||||
|
|
||||||
// executed by guardian, links interface and implementation contract addresses
|
/// @notice executed by guardian. Links interface and implementation contract
|
||||||
|
/// @notice addresses. Can be executed by guardian account only
|
||||||
|
/// @param _permInterface permissions interface contract address
|
||||||
|
/// @param _permImpl implementation contract address
|
||||||
function init(address _permInterface, address _permImpl) external
|
function init(address _permInterface, address _permImpl) external
|
||||||
onlyCustodian
|
onlyGuardian {
|
||||||
{
|
|
||||||
permImpl = _permImpl;
|
permImpl = _permImpl;
|
||||||
permInterface = _permInterface;
|
permInterface = _permInterface;
|
||||||
setImpl(permImpl);
|
_setImpl(permImpl);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/// @notice changes the implementation contract address to the new address
|
||||||
// guardian can potentially become a contract
|
/// @notice address passed. Can be executed by guardian account only
|
||||||
// implementation change and guardian change are sending from guardian
|
/// @param _proposedImpl address of the new permissions implementation contract
|
||||||
function confirmImplChange(address _proposedImpl) public
|
function confirmImplChange(address _proposedImpl) public
|
||||||
onlyCustodian
|
onlyGuardian {
|
||||||
{
|
// The policy details needs to be carried forward from existing
|
||||||
// read the details from current implementation
|
// implementation to new. So first these are read from existing
|
||||||
|
// implementation and then updated in new implementation
|
||||||
(string memory adminOrg, string memory adminRole, string memory orgAdminRole, bool bootStatus) = PermissionsImplementation(permImpl).getPolicyDetails();
|
(string memory adminOrg, string memory adminRole, string memory orgAdminRole, bool bootStatus) = PermissionsImplementation(permImpl).getPolicyDetails();
|
||||||
setPolicy(_proposedImpl, adminOrg, adminRole, orgAdminRole, bootStatus);
|
_setPolicy(_proposedImpl, adminOrg, adminRole, orgAdminRole, bootStatus);
|
||||||
// set these values in new implementation
|
|
||||||
permImpl = _proposedImpl;
|
permImpl = _proposedImpl;
|
||||||
setImpl(permImpl);
|
_setImpl(permImpl);
|
||||||
}
|
}
|
||||||
|
/// @notice function to fetch the guardian account address
|
||||||
function getGuardian() public view returns (address)
|
/// @return _guardian guardian account address
|
||||||
{
|
function getGuardian() public view returns (address) {
|
||||||
return guardian;
|
return guardian;
|
||||||
}
|
}
|
||||||
|
|
||||||
function getPermImpl() public view returns (address)
|
/// @notice function to fetch the current implementation address
|
||||||
{
|
/// @return permissions implementation contract address
|
||||||
|
function getPermImpl() public view returns (address) {
|
||||||
return permImpl;
|
return permImpl;
|
||||||
}
|
}
|
||||||
|
/// @notice function to fetch the interface address
|
||||||
function getPermInterface() public view returns (address)
|
/// @return defpermissions interface contract address
|
||||||
{
|
function getPermInterface() public view returns (address) {
|
||||||
return permInterface;
|
return permInterface;
|
||||||
}
|
}
|
||||||
|
|
||||||
function setPolicy(address _permImpl, string memory _adminOrg, string memory _adminRole, string memory _orgAdminRole, bool _bootStatus) private
|
/// @notice function to set the permissions policy details in the
|
||||||
{
|
/// @notice permissions implementation contract
|
||||||
|
/// @param _permImpl permissions implementation contract address
|
||||||
|
/// @param _adminOrg name of admin organization
|
||||||
|
/// @param _adminRole name of the admin role
|
||||||
|
/// @param _orgAdminRole name of default organization admin role
|
||||||
|
/// @param _bootStatus network boot status
|
||||||
|
function _setPolicy(address _permImpl, string memory _adminOrg, string memory _adminRole, string memory _orgAdminRole, bool _bootStatus) private {
|
||||||
PermissionsImplementation(_permImpl).setMigrationPolicy(_adminOrg, _adminRole, _orgAdminRole, _bootStatus);
|
PermissionsImplementation(_permImpl).setMigrationPolicy(_adminOrg, _adminRole, _orgAdminRole, _bootStatus);
|
||||||
}
|
}
|
||||||
|
|
||||||
function setImpl(address _permImpl) private
|
/// @notice function to set the permissions implementation contract address
|
||||||
{
|
/// @notice in the permissions interface contract
|
||||||
|
/// @param _permImpl permissions implementation contract address
|
||||||
|
function _setImpl(address _permImpl) private {
|
||||||
PermissionsInterface(permInterface).setPermImplementation(_permImpl);
|
PermissionsInterface(permInterface).setPermImplementation(_permImpl);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
File diff suppressed because one or more lines are too long
Loading…
Reference in New Issue