permissions: changes to enables roles defined at org level to be available at sub org level

controls/permission/PermissionsImplementation.sol

@@ -399,19 +399,19 @@ contract PermissionsImplementation {
     function checkOrgAdminExists(string memory _orgId) internal view
     returns (bool)
     {
-        return (accounts.orgAdminExists(_orgId));
+        return accounts.orgAdminExists(_orgId);
     }
 
     function roleExists(string memory _roleId, string memory _orgId) internal view
     returns (bool)
     {
-        return (roles.roleExists(_roleId, _orgId));
+        return roles.roleExists(_roleId, _orgId, org.getUltimateParent(_orgId));
     }
 
     function isVoterRole(string memory _roleId, string memory _orgId) internal view
     returns (bool)
     {
-        return roles.isVoterRole(_roleId, _orgId);
+        return roles.isVoterRole(_roleId, _orgId, org.getUltimateParent(_orgId));
     }
 
 }

controls/permission/RoleManager.sol

@@ -29,14 +29,14 @@ contract RoleManager {
         permUpgradable = PermissionsUpgradable(_permUpgradable);
     }
 
-    function roleExists(string memory _roleId, string memory _orgId) public view returns(bool)
+    function roleExists(string memory _roleId, string memory _orgId, string memory _ultParent) public view returns (bool)
     {
-        return (roleIndex[keccak256(abi.encodePacked(_roleId, _orgId))] != 0);
+        return ((roleIndex[keccak256(abi.encodePacked(_roleId, _orgId))] != 0) || (roleIndex[keccak256(abi.encodePacked(_roleId, _ultParent))] != 0));
     }
 
     function getRoleDetails(string calldata _roleId, string calldata _orgId) external view returns (string memory roleId, string memory orgId, uint accessType, bool voter, bool active)
     {
-        if (!(roleExists(_roleId, _orgId))){
+        if (!(roleExists(_roleId, _orgId, ""))) {
             return (_roleId, "", 0, false, false);
         }
         uint rIndex = getRoleIndex(_roleId, _orgId);
@@ -79,19 +79,31 @@ contract RoleManager {
     }
 
 
-    function isFullAccessRole(string calldata _roleId, string calldata _orgId) external view returns (bool){
-        if (!(roleExists(_roleId, _orgId))){
+    function isFullAccessRole(string calldata _roleId, string calldata _orgId, string calldata _ultParent) external view returns (bool){
+        if (!(roleExists(_roleId, _orgId, _ultParent))) {
             return false;
         }
-        uint rIndex = getRoleIndex(_roleId, _orgId);
+        uint rIndex;
+        if (roleIndex[keccak256(abi.encodePacked(_roleId, _orgId))] != 0) {
+            rIndex = getRoleIndex(_roleId, _orgId);
+        }
+        else {
+            rIndex = getRoleIndex(_roleId, _ultParent);
+        }
         return (roleList[rIndex].active && roleList[rIndex].baseAccess == 3);
     }
 
-    function isVoterRole(string calldata _roleId, string calldata _orgId) external view returns (bool){
-        if (!(roleExists(_roleId, _orgId))){
+    function isVoterRole(string calldata _roleId, string calldata _orgId, string calldata _ultParent) external view returns (bool){
+        if (!(roleExists(_roleId, _orgId, _ultParent))) {
             return false;
         }
-        uint rIndex = getRoleIndex(_roleId, _orgId);
+        uint rIndex;
+        if (roleIndex[keccak256(abi.encodePacked(_roleId, _orgId))] != 0) {
+            rIndex = getRoleIndex(_roleId, _orgId);
+        }
+        else {
+            rIndex = getRoleIndex(_roleId, _ultParent);
+        }
         return (roleList[rIndex].active && roleList[rIndex].isVoter);
     }
 

core/quorum/api.go

@@ -94,30 +94,6 @@ type txArgs struct {
 	txa        ethapi.SendTxArgs
 }
 
-type nodeStatus struct {
-	EnodeId string `json:"enodeId"`
-	Status  string `json:"status"`
-}
-
-type accountInfo struct {
-	Address string `json:"address"`
-	Access  uint8  `json:"access"`
-}
-
-type orgDetails struct {
-	OrgId          string         `json:"orgId"`
-	Status         uint           `json:"status"`
-	nodeDetails    []*nodeStatus  `json:"nodeDetails"`
-	accountDetails []*accountInfo `json:"accountDetails"`
-	SubOrgs        []*orgDetails  `json:"subOrgs"`
-}
-
-type orgInfo struct {
-	MasterOrgId   string   `json:"masterOrgId"`
-	SubOrgId      string   `json:"subOrgId"`
-	SubOrgKeyList []string `json:"subOrgKeyList"`
-}
-
 type PendingOpInfo struct {
 	PendingKey string `json:"pendingKey"`
 	PendingOp  string `json:"pendingOp"`
@@ -214,26 +190,6 @@ func (s *QuorumControlsAPI) GetOrgDetails(orgId string) types.OrgDetailInfo {
 	return types.OrgDetailInfo{NodeList: nodeList, RoleList: roleList, AcctList: acctList}
 }
 
-func (s *QuorumControlsAPI) GetOrgInfo(orgId string) []orgDetails {
-	var od orgDetails
-	od.OrgId = orgId
-	od.Status = uint(types.OrgInfoMap.GetOrg(orgId).Status)
-	log.Info("SMK-GetOrgInfo @196")
-
-	for _, v := range types.AcctInfoMap.GetAcctListOrg(orgId) {
-		var acctInfo accountInfo
-		log.Info("SMK-GetOrgInfo @198")
-		acctInfo.Address = v.AcctId.String()
-		acctInfo.Access = uint8(types.GetAcctAccess(v.AcctId))
-		log.Info("SMK-GetOrgInfo @202", "account", acctInfo)
-		od.accountDetails = append(od.accountDetails, &acctInfo)
-	}
-
-	var odRet []orgDetails
-	odRet = append(odRet, od)
-	return odRet
-}
-
 func (s *QuorumControlsAPI) AddOrg(orgId string, url string, acct common.Address, txa ethapi.SendTxArgs) ExecStatus {
 	return s.executePermAction(AddOrg, txArgs{orgId: orgId, url: url, acctId: acct, txa: txa})
 }
@@ -602,7 +558,10 @@ func (s *QuorumControlsAPI) executePermAction(action PermAction, args txArgs) Ex
 
 		// check if the role is part of the org
 		if types.RoleInfoMap.GetRole(args.orgId, args.roleId) == nil {
-			return ErrRoleDoesNotExist
+			// check if the role is existing at master org level
+			if types.RoleInfoMap.GetRole(types.OrgInfoMap.GetOrg(args.orgId).UltimateParent, args.roleId) == nil {
+				return ErrRoleDoesNotExist
+			}
 		}
 
 		// check if the account is part of another org