diff --git a/controls/permission/PermissionsImplementation.sol b/controls/permission/PermissionsImplementation.sol index 999dbdcf2..cbff5844f 100644 --- a/controls/permission/PermissionsImplementation.sol +++ b/controls/permission/PermissionsImplementation.sol @@ -399,19 +399,19 @@ contract PermissionsImplementation { function checkOrgAdminExists(string memory _orgId) internal view returns (bool) { - return (accounts.orgAdminExists(_orgId)); + return accounts.orgAdminExists(_orgId); } function roleExists(string memory _roleId, string memory _orgId) internal view returns (bool) { - return (roles.roleExists(_roleId, _orgId)); + return roles.roleExists(_roleId, _orgId, org.getUltimateParent(_orgId)); } function isVoterRole(string memory _roleId, string memory _orgId) internal view returns (bool) { - return roles.isVoterRole(_roleId, _orgId); + return roles.isVoterRole(_roleId, _orgId, org.getUltimateParent(_orgId)); } } \ No newline at end of file diff --git a/controls/permission/RoleManager.sol b/controls/permission/RoleManager.sol index e7b5fc3bd..a20c575ff 100644 --- a/controls/permission/RoleManager.sol +++ b/controls/permission/RoleManager.sol @@ -29,14 +29,14 @@ contract RoleManager { permUpgradable = PermissionsUpgradable(_permUpgradable); } - function roleExists(string memory _roleId, string memory _orgId) public view returns(bool) + function roleExists(string memory _roleId, string memory _orgId, string memory _ultParent) public view returns (bool) { - return (roleIndex[keccak256(abi.encodePacked(_roleId, _orgId))] != 0); + return ((roleIndex[keccak256(abi.encodePacked(_roleId, _orgId))] != 0) || (roleIndex[keccak256(abi.encodePacked(_roleId, _ultParent))] != 0)); } function getRoleDetails(string calldata _roleId, string calldata _orgId) external view returns (string memory roleId, string memory orgId, uint accessType, bool voter, bool active) { - if (!(roleExists(_roleId, _orgId))){ + if (!(roleExists(_roleId, _orgId, ""))) { return (_roleId, "", 0, false, false); } uint rIndex = getRoleIndex(_roleId, _orgId); @@ -79,19 +79,31 @@ contract RoleManager { } - function isFullAccessRole(string calldata _roleId, string calldata _orgId) external view returns (bool){ - if (!(roleExists(_roleId, _orgId))){ + function isFullAccessRole(string calldata _roleId, string calldata _orgId, string calldata _ultParent) external view returns (bool){ + if (!(roleExists(_roleId, _orgId, _ultParent))) { return false; } - uint rIndex = getRoleIndex(_roleId, _orgId); + uint rIndex; + if (roleIndex[keccak256(abi.encodePacked(_roleId, _orgId))] != 0) { + rIndex = getRoleIndex(_roleId, _orgId); + } + else { + rIndex = getRoleIndex(_roleId, _ultParent); + } return (roleList[rIndex].active && roleList[rIndex].baseAccess == 3); } - function isVoterRole(string calldata _roleId, string calldata _orgId) external view returns (bool){ - if (!(roleExists(_roleId, _orgId))){ + function isVoterRole(string calldata _roleId, string calldata _orgId, string calldata _ultParent) external view returns (bool){ + if (!(roleExists(_roleId, _orgId, _ultParent))) { return false; } - uint rIndex = getRoleIndex(_roleId, _orgId); + uint rIndex; + if (roleIndex[keccak256(abi.encodePacked(_roleId, _orgId))] != 0) { + rIndex = getRoleIndex(_roleId, _orgId); + } + else { + rIndex = getRoleIndex(_roleId, _ultParent); + } return (roleList[rIndex].active && roleList[rIndex].isVoter); } diff --git a/core/quorum/api.go b/core/quorum/api.go index 069db67e4..db080cb08 100644 --- a/core/quorum/api.go +++ b/core/quorum/api.go @@ -94,30 +94,6 @@ type txArgs struct { txa ethapi.SendTxArgs } -type nodeStatus struct { - EnodeId string `json:"enodeId"` - Status string `json:"status"` -} - -type accountInfo struct { - Address string `json:"address"` - Access uint8 `json:"access"` -} - -type orgDetails struct { - OrgId string `json:"orgId"` - Status uint `json:"status"` - nodeDetails []*nodeStatus `json:"nodeDetails"` - accountDetails []*accountInfo `json:"accountDetails"` - SubOrgs []*orgDetails `json:"subOrgs"` -} - -type orgInfo struct { - MasterOrgId string `json:"masterOrgId"` - SubOrgId string `json:"subOrgId"` - SubOrgKeyList []string `json:"subOrgKeyList"` -} - type PendingOpInfo struct { PendingKey string `json:"pendingKey"` PendingOp string `json:"pendingOp"` @@ -214,26 +190,6 @@ func (s *QuorumControlsAPI) GetOrgDetails(orgId string) types.OrgDetailInfo { return types.OrgDetailInfo{NodeList: nodeList, RoleList: roleList, AcctList: acctList} } -func (s *QuorumControlsAPI) GetOrgInfo(orgId string) []orgDetails { - var od orgDetails - od.OrgId = orgId - od.Status = uint(types.OrgInfoMap.GetOrg(orgId).Status) - log.Info("SMK-GetOrgInfo @196") - - for _, v := range types.AcctInfoMap.GetAcctListOrg(orgId) { - var acctInfo accountInfo - log.Info("SMK-GetOrgInfo @198") - acctInfo.Address = v.AcctId.String() - acctInfo.Access = uint8(types.GetAcctAccess(v.AcctId)) - log.Info("SMK-GetOrgInfo @202", "account", acctInfo) - od.accountDetails = append(od.accountDetails, &acctInfo) - } - - var odRet []orgDetails - odRet = append(odRet, od) - return odRet -} - func (s *QuorumControlsAPI) AddOrg(orgId string, url string, acct common.Address, txa ethapi.SendTxArgs) ExecStatus { return s.executePermAction(AddOrg, txArgs{orgId: orgId, url: url, acctId: acct, txa: txa}) } @@ -602,7 +558,10 @@ func (s *QuorumControlsAPI) executePermAction(action PermAction, args txArgs) Ex // check if the role is part of the org if types.RoleInfoMap.GetRole(args.orgId, args.roleId) == nil { - return ErrRoleDoesNotExist + // check if the role is existing at master org level + if types.RoleInfoMap.GetRole(types.OrgInfoMap.GetOrg(args.orgId).UltimateParent, args.roleId) == nil { + return ErrRoleDoesNotExist + } } // check if the account is part of another org