mirror of https://github.com/poanetwork/quorum.git
permissions: changes to enables roles defined at org level to be available at sub org level
This commit is contained in:
parent
60f6c9fb07
commit
b37af2f74a
|
@ -399,19 +399,19 @@ contract PermissionsImplementation {
|
||||||
function checkOrgAdminExists(string memory _orgId) internal view
|
function checkOrgAdminExists(string memory _orgId) internal view
|
||||||
returns (bool)
|
returns (bool)
|
||||||
{
|
{
|
||||||
return (accounts.orgAdminExists(_orgId));
|
return accounts.orgAdminExists(_orgId);
|
||||||
}
|
}
|
||||||
|
|
||||||
function roleExists(string memory _roleId, string memory _orgId) internal view
|
function roleExists(string memory _roleId, string memory _orgId) internal view
|
||||||
returns (bool)
|
returns (bool)
|
||||||
{
|
{
|
||||||
return (roles.roleExists(_roleId, _orgId));
|
return roles.roleExists(_roleId, _orgId, org.getUltimateParent(_orgId));
|
||||||
}
|
}
|
||||||
|
|
||||||
function isVoterRole(string memory _roleId, string memory _orgId) internal view
|
function isVoterRole(string memory _roleId, string memory _orgId) internal view
|
||||||
returns (bool)
|
returns (bool)
|
||||||
{
|
{
|
||||||
return roles.isVoterRole(_roleId, _orgId);
|
return roles.isVoterRole(_roleId, _orgId, org.getUltimateParent(_orgId));
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
|
@ -29,14 +29,14 @@ contract RoleManager {
|
||||||
permUpgradable = PermissionsUpgradable(_permUpgradable);
|
permUpgradable = PermissionsUpgradable(_permUpgradable);
|
||||||
}
|
}
|
||||||
|
|
||||||
function roleExists(string memory _roleId, string memory _orgId) public view returns(bool)
|
function roleExists(string memory _roleId, string memory _orgId, string memory _ultParent) public view returns (bool)
|
||||||
{
|
{
|
||||||
return (roleIndex[keccak256(abi.encodePacked(_roleId, _orgId))] != 0);
|
return ((roleIndex[keccak256(abi.encodePacked(_roleId, _orgId))] != 0) || (roleIndex[keccak256(abi.encodePacked(_roleId, _ultParent))] != 0));
|
||||||
}
|
}
|
||||||
|
|
||||||
function getRoleDetails(string calldata _roleId, string calldata _orgId) external view returns (string memory roleId, string memory orgId, uint accessType, bool voter, bool active)
|
function getRoleDetails(string calldata _roleId, string calldata _orgId) external view returns (string memory roleId, string memory orgId, uint accessType, bool voter, bool active)
|
||||||
{
|
{
|
||||||
if (!(roleExists(_roleId, _orgId))){
|
if (!(roleExists(_roleId, _orgId, ""))) {
|
||||||
return (_roleId, "", 0, false, false);
|
return (_roleId, "", 0, false, false);
|
||||||
}
|
}
|
||||||
uint rIndex = getRoleIndex(_roleId, _orgId);
|
uint rIndex = getRoleIndex(_roleId, _orgId);
|
||||||
|
@ -79,19 +79,31 @@ contract RoleManager {
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
function isFullAccessRole(string calldata _roleId, string calldata _orgId) external view returns (bool){
|
function isFullAccessRole(string calldata _roleId, string calldata _orgId, string calldata _ultParent) external view returns (bool){
|
||||||
if (!(roleExists(_roleId, _orgId))){
|
if (!(roleExists(_roleId, _orgId, _ultParent))) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
uint rIndex = getRoleIndex(_roleId, _orgId);
|
uint rIndex;
|
||||||
|
if (roleIndex[keccak256(abi.encodePacked(_roleId, _orgId))] != 0) {
|
||||||
|
rIndex = getRoleIndex(_roleId, _orgId);
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
rIndex = getRoleIndex(_roleId, _ultParent);
|
||||||
|
}
|
||||||
return (roleList[rIndex].active && roleList[rIndex].baseAccess == 3);
|
return (roleList[rIndex].active && roleList[rIndex].baseAccess == 3);
|
||||||
}
|
}
|
||||||
|
|
||||||
function isVoterRole(string calldata _roleId, string calldata _orgId) external view returns (bool){
|
function isVoterRole(string calldata _roleId, string calldata _orgId, string calldata _ultParent) external view returns (bool){
|
||||||
if (!(roleExists(_roleId, _orgId))){
|
if (!(roleExists(_roleId, _orgId, _ultParent))) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
uint rIndex = getRoleIndex(_roleId, _orgId);
|
uint rIndex;
|
||||||
|
if (roleIndex[keccak256(abi.encodePacked(_roleId, _orgId))] != 0) {
|
||||||
|
rIndex = getRoleIndex(_roleId, _orgId);
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
rIndex = getRoleIndex(_roleId, _ultParent);
|
||||||
|
}
|
||||||
return (roleList[rIndex].active && roleList[rIndex].isVoter);
|
return (roleList[rIndex].active && roleList[rIndex].isVoter);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -94,30 +94,6 @@ type txArgs struct {
|
||||||
txa ethapi.SendTxArgs
|
txa ethapi.SendTxArgs
|
||||||
}
|
}
|
||||||
|
|
||||||
type nodeStatus struct {
|
|
||||||
EnodeId string `json:"enodeId"`
|
|
||||||
Status string `json:"status"`
|
|
||||||
}
|
|
||||||
|
|
||||||
type accountInfo struct {
|
|
||||||
Address string `json:"address"`
|
|
||||||
Access uint8 `json:"access"`
|
|
||||||
}
|
|
||||||
|
|
||||||
type orgDetails struct {
|
|
||||||
OrgId string `json:"orgId"`
|
|
||||||
Status uint `json:"status"`
|
|
||||||
nodeDetails []*nodeStatus `json:"nodeDetails"`
|
|
||||||
accountDetails []*accountInfo `json:"accountDetails"`
|
|
||||||
SubOrgs []*orgDetails `json:"subOrgs"`
|
|
||||||
}
|
|
||||||
|
|
||||||
type orgInfo struct {
|
|
||||||
MasterOrgId string `json:"masterOrgId"`
|
|
||||||
SubOrgId string `json:"subOrgId"`
|
|
||||||
SubOrgKeyList []string `json:"subOrgKeyList"`
|
|
||||||
}
|
|
||||||
|
|
||||||
type PendingOpInfo struct {
|
type PendingOpInfo struct {
|
||||||
PendingKey string `json:"pendingKey"`
|
PendingKey string `json:"pendingKey"`
|
||||||
PendingOp string `json:"pendingOp"`
|
PendingOp string `json:"pendingOp"`
|
||||||
|
@ -214,26 +190,6 @@ func (s *QuorumControlsAPI) GetOrgDetails(orgId string) types.OrgDetailInfo {
|
||||||
return types.OrgDetailInfo{NodeList: nodeList, RoleList: roleList, AcctList: acctList}
|
return types.OrgDetailInfo{NodeList: nodeList, RoleList: roleList, AcctList: acctList}
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *QuorumControlsAPI) GetOrgInfo(orgId string) []orgDetails {
|
|
||||||
var od orgDetails
|
|
||||||
od.OrgId = orgId
|
|
||||||
od.Status = uint(types.OrgInfoMap.GetOrg(orgId).Status)
|
|
||||||
log.Info("SMK-GetOrgInfo @196")
|
|
||||||
|
|
||||||
for _, v := range types.AcctInfoMap.GetAcctListOrg(orgId) {
|
|
||||||
var acctInfo accountInfo
|
|
||||||
log.Info("SMK-GetOrgInfo @198")
|
|
||||||
acctInfo.Address = v.AcctId.String()
|
|
||||||
acctInfo.Access = uint8(types.GetAcctAccess(v.AcctId))
|
|
||||||
log.Info("SMK-GetOrgInfo @202", "account", acctInfo)
|
|
||||||
od.accountDetails = append(od.accountDetails, &acctInfo)
|
|
||||||
}
|
|
||||||
|
|
||||||
var odRet []orgDetails
|
|
||||||
odRet = append(odRet, od)
|
|
||||||
return odRet
|
|
||||||
}
|
|
||||||
|
|
||||||
func (s *QuorumControlsAPI) AddOrg(orgId string, url string, acct common.Address, txa ethapi.SendTxArgs) ExecStatus {
|
func (s *QuorumControlsAPI) AddOrg(orgId string, url string, acct common.Address, txa ethapi.SendTxArgs) ExecStatus {
|
||||||
return s.executePermAction(AddOrg, txArgs{orgId: orgId, url: url, acctId: acct, txa: txa})
|
return s.executePermAction(AddOrg, txArgs{orgId: orgId, url: url, acctId: acct, txa: txa})
|
||||||
}
|
}
|
||||||
|
@ -602,7 +558,10 @@ func (s *QuorumControlsAPI) executePermAction(action PermAction, args txArgs) Ex
|
||||||
|
|
||||||
// check if the role is part of the org
|
// check if the role is part of the org
|
||||||
if types.RoleInfoMap.GetRole(args.orgId, args.roleId) == nil {
|
if types.RoleInfoMap.GetRole(args.orgId, args.roleId) == nil {
|
||||||
return ErrRoleDoesNotExist
|
// check if the role is existing at master org level
|
||||||
|
if types.RoleInfoMap.GetRole(types.OrgInfoMap.GetOrg(args.orgId).UltimateParent, args.roleId) == nil {
|
||||||
|
return ErrRoleDoesNotExist
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// check if the account is part of another org
|
// check if the account is part of another org
|
||||||
|
|
Loading…
Reference in New Issue