poanetwork
/
quorum
mirror of https://github.com/poanetwork/quorum.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

permissions: changes to enables roles defined at org level to be available at sub org level

This commit is contained in:
vsmk98 2019-04-10 11:10:35 +08:00
parent 60f6c9fb07
commit b37af2f74a
3 changed files with 28 additions and 57 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
controls/permission/PermissionsImplementation.sol
View File

@ -399,19 +399,19 @@ contract PermissionsImplementation {
function checkOrgAdminExists(string memory _orgId) internal view function checkOrgAdminExists(string memory _orgId) internal view
returns (bool) returns (bool)
{ {
return (accounts.orgAdminExists(_orgId)); return accounts.orgAdminExists(_orgId);
} }
function roleExists(string memory _roleId, string memory _orgId) internal view function roleExists(string memory _roleId, string memory _orgId) internal view
returns (bool) returns (bool)
{ {
return (roles.roleExists(_roleId, _orgId)); return roles.roleExists(_roleId, _orgId, org.getUltimateParent(_orgId));
} }
function isVoterRole(string memory _roleId, string memory _orgId) internal view function isVoterRole(string memory _roleId, string memory _orgId) internal view
returns (bool) returns (bool)
{ {
return roles.isVoterRole(_roleId, _orgId); return roles.isVoterRole(_roleId, _orgId, org.getUltimateParent(_orgId));
} }
} }

30
controls/permission/RoleManager.sol
View File

@ -29,14 +29,14 @@ contract RoleManager {
permUpgradable = PermissionsUpgradable(_permUpgradable); permUpgradable = PermissionsUpgradable(_permUpgradable);
} }
function roleExists(string memory _roleId, string memory _orgId) public view returns(bool) function roleExists(string memory _roleId, string memory _orgId, string memory _ultParent) public view returns (bool)
{ {
return (roleIndex[keccak256(abi.encodePacked(_roleId, _orgId))] != 0); return ((roleIndex[keccak256(abi.encodePacked(_roleId, _orgId))] != 0) || (roleIndex[keccak256(abi.encodePacked(_roleId, _ultParent))] != 0));
} }
function getRoleDetails(string calldata _roleId, string calldata _orgId) external view returns (string memory roleId, string memory orgId, uint accessType, bool voter, bool active) function getRoleDetails(string calldata _roleId, string calldata _orgId) external view returns (string memory roleId, string memory orgId, uint accessType, bool voter, bool active)
{ {
if (!(roleExists(_roleId, _orgId))){ if (!(roleExists(_roleId, _orgId, ""))) {
return (_roleId, "", 0, false, false); return (_roleId, "", 0, false, false);
} }
uint rIndex = getRoleIndex(_roleId, _orgId); uint rIndex = getRoleIndex(_roleId, _orgId);
@ -79,19 +79,31 @@ contract RoleManager {
} }
function isFullAccessRole(string calldata _roleId, string calldata _orgId) external view returns (bool){ function isFullAccessRole(string calldata _roleId, string calldata _orgId, string calldata _ultParent) external view returns (bool){
if (!(roleExists(_roleId, _orgId))){ if (!(roleExists(_roleId, _orgId, _ultParent))) {
return false; return false;
} }
uint rIndex = getRoleIndex(_roleId, _orgId); uint rIndex;
if (roleIndex[keccak256(abi.encodePacked(_roleId, _orgId))] != 0) {
rIndex = getRoleIndex(_roleId, _orgId);
}
else {
rIndex = getRoleIndex(_roleId, _ultParent);
}
return (roleList[rIndex].active && roleList[rIndex].baseAccess == 3); return (roleList[rIndex].active && roleList[rIndex].baseAccess == 3);
} }
function isVoterRole(string calldata _roleId, string calldata _orgId) external view returns (bool){ function isVoterRole(string calldata _roleId, string calldata _orgId, string calldata _ultParent) external view returns (bool){
if (!(roleExists(_roleId, _orgId))){ if (!(roleExists(_roleId, _orgId, _ultParent))) {
return false; return false;
} }
uint rIndex = getRoleIndex(_roleId, _orgId); uint rIndex;
if (roleIndex[keccak256(abi.encodePacked(_roleId, _orgId))] != 0) {
rIndex = getRoleIndex(_roleId, _orgId);
}
else {
rIndex = getRoleIndex(_roleId, _ultParent);
}
return (roleList[rIndex].active && roleList[rIndex].isVoter); return (roleList[rIndex].active && roleList[rIndex].isVoter);
} }

49
core/quorum/api.go
View File

@ -94,30 +94,6 @@ type txArgs struct {
txa ethapi.SendTxArgs txa ethapi.SendTxArgs
} }
type nodeStatus struct {
EnodeId string `json:"enodeId"`
Status string `json:"status"`
}
type accountInfo struct {
Address string `json:"address"`
Access uint8 `json:"access"`
}
type orgDetails struct {
OrgId string `json:"orgId"`
Status uint `json:"status"`
nodeDetails []*nodeStatus `json:"nodeDetails"`
accountDetails []*accountInfo `json:"accountDetails"`
SubOrgs []*orgDetails `json:"subOrgs"`
}
type orgInfo struct {
MasterOrgId string `json:"masterOrgId"`
SubOrgId string `json:"subOrgId"`
SubOrgKeyList []string `json:"subOrgKeyList"`
}
type PendingOpInfo struct { type PendingOpInfo struct {
PendingKey string `json:"pendingKey"` PendingKey string `json:"pendingKey"`
PendingOp string `json:"pendingOp"` PendingOp string `json:"pendingOp"`
@ -214,26 +190,6 @@ func (s *QuorumControlsAPI) GetOrgDetails(orgId string) types.OrgDetailInfo {
return types.OrgDetailInfo{NodeList: nodeList, RoleList: roleList, AcctList: acctList} return types.OrgDetailInfo{NodeList: nodeList, RoleList: roleList, AcctList: acctList}
} }
func (s *QuorumControlsAPI) GetOrgInfo(orgId string) []orgDetails {
var od orgDetails
od.OrgId = orgId
od.Status = uint(types.OrgInfoMap.GetOrg(orgId).Status)
log.Info("SMK-GetOrgInfo @196")
for _, v := range types.AcctInfoMap.GetAcctListOrg(orgId) {
var acctInfo accountInfo
log.Info("SMK-GetOrgInfo @198")
acctInfo.Address = v.AcctId.String()
acctInfo.Access = uint8(types.GetAcctAccess(v.AcctId))
log.Info("SMK-GetOrgInfo @202", "account", acctInfo)
od.accountDetails = append(od.accountDetails, &acctInfo)
}
var odRet []orgDetails
odRet = append(odRet, od)
return odRet
}
func (s *QuorumControlsAPI) AddOrg(orgId string, url string, acct common.Address, txa ethapi.SendTxArgs) ExecStatus { func (s *QuorumControlsAPI) AddOrg(orgId string, url string, acct common.Address, txa ethapi.SendTxArgs) ExecStatus {
return s.executePermAction(AddOrg, txArgs{orgId: orgId, url: url, acctId: acct, txa: txa}) return s.executePermAction(AddOrg, txArgs{orgId: orgId, url: url, acctId: acct, txa: txa})
} }
@ -602,7 +558,10 @@ func (s *QuorumControlsAPI) executePermAction(action PermAction, args txArgs) Ex
// check if the role is part of the org // check if the role is part of the org
if types.RoleInfoMap.GetRole(args.orgId, args.roleId) == nil { if types.RoleInfoMap.GetRole(args.orgId, args.roleId) == nil {
return ErrRoleDoesNotExist // check if the role is existing at master org level
if types.RoleInfoMap.GetRole(types.OrgInfoMap.GetOrg(args.orgId).UltimateParent, args.roleId) == nil {
return ErrRoleDoesNotExist
}
} }
// check if the account is part of another org // check if the account is part of another org