mirror of https://github.com/poanetwork/quorum.git
permissions: changes to enables roles defined at org level to be available at sub org level
This commit is contained in:
parent
60f6c9fb07
commit
b37af2f74a
|
@ -399,19 +399,19 @@ contract PermissionsImplementation {
|
|||
function checkOrgAdminExists(string memory _orgId) internal view
|
||||
returns (bool)
|
||||
{
|
||||
return (accounts.orgAdminExists(_orgId));
|
||||
return accounts.orgAdminExists(_orgId);
|
||||
}
|
||||
|
||||
function roleExists(string memory _roleId, string memory _orgId) internal view
|
||||
returns (bool)
|
||||
{
|
||||
return (roles.roleExists(_roleId, _orgId));
|
||||
return roles.roleExists(_roleId, _orgId, org.getUltimateParent(_orgId));
|
||||
}
|
||||
|
||||
function isVoterRole(string memory _roleId, string memory _orgId) internal view
|
||||
returns (bool)
|
||||
{
|
||||
return roles.isVoterRole(_roleId, _orgId);
|
||||
return roles.isVoterRole(_roleId, _orgId, org.getUltimateParent(_orgId));
|
||||
}
|
||||
|
||||
}
|
|
@ -29,14 +29,14 @@ contract RoleManager {
|
|||
permUpgradable = PermissionsUpgradable(_permUpgradable);
|
||||
}
|
||||
|
||||
function roleExists(string memory _roleId, string memory _orgId) public view returns(bool)
|
||||
function roleExists(string memory _roleId, string memory _orgId, string memory _ultParent) public view returns (bool)
|
||||
{
|
||||
return (roleIndex[keccak256(abi.encodePacked(_roleId, _orgId))] != 0);
|
||||
return ((roleIndex[keccak256(abi.encodePacked(_roleId, _orgId))] != 0) || (roleIndex[keccak256(abi.encodePacked(_roleId, _ultParent))] != 0));
|
||||
}
|
||||
|
||||
function getRoleDetails(string calldata _roleId, string calldata _orgId) external view returns (string memory roleId, string memory orgId, uint accessType, bool voter, bool active)
|
||||
{
|
||||
if (!(roleExists(_roleId, _orgId))){
|
||||
if (!(roleExists(_roleId, _orgId, ""))) {
|
||||
return (_roleId, "", 0, false, false);
|
||||
}
|
||||
uint rIndex = getRoleIndex(_roleId, _orgId);
|
||||
|
@ -79,19 +79,31 @@ contract RoleManager {
|
|||
}
|
||||
|
||||
|
||||
function isFullAccessRole(string calldata _roleId, string calldata _orgId) external view returns (bool){
|
||||
if (!(roleExists(_roleId, _orgId))){
|
||||
function isFullAccessRole(string calldata _roleId, string calldata _orgId, string calldata _ultParent) external view returns (bool){
|
||||
if (!(roleExists(_roleId, _orgId, _ultParent))) {
|
||||
return false;
|
||||
}
|
||||
uint rIndex = getRoleIndex(_roleId, _orgId);
|
||||
uint rIndex;
|
||||
if (roleIndex[keccak256(abi.encodePacked(_roleId, _orgId))] != 0) {
|
||||
rIndex = getRoleIndex(_roleId, _orgId);
|
||||
}
|
||||
else {
|
||||
rIndex = getRoleIndex(_roleId, _ultParent);
|
||||
}
|
||||
return (roleList[rIndex].active && roleList[rIndex].baseAccess == 3);
|
||||
}
|
||||
|
||||
function isVoterRole(string calldata _roleId, string calldata _orgId) external view returns (bool){
|
||||
if (!(roleExists(_roleId, _orgId))){
|
||||
function isVoterRole(string calldata _roleId, string calldata _orgId, string calldata _ultParent) external view returns (bool){
|
||||
if (!(roleExists(_roleId, _orgId, _ultParent))) {
|
||||
return false;
|
||||
}
|
||||
uint rIndex = getRoleIndex(_roleId, _orgId);
|
||||
uint rIndex;
|
||||
if (roleIndex[keccak256(abi.encodePacked(_roleId, _orgId))] != 0) {
|
||||
rIndex = getRoleIndex(_roleId, _orgId);
|
||||
}
|
||||
else {
|
||||
rIndex = getRoleIndex(_roleId, _ultParent);
|
||||
}
|
||||
return (roleList[rIndex].active && roleList[rIndex].isVoter);
|
||||
}
|
||||
|
||||
|
|
|
@ -94,30 +94,6 @@ type txArgs struct {
|
|||
txa ethapi.SendTxArgs
|
||||
}
|
||||
|
||||
type nodeStatus struct {
|
||||
EnodeId string `json:"enodeId"`
|
||||
Status string `json:"status"`
|
||||
}
|
||||
|
||||
type accountInfo struct {
|
||||
Address string `json:"address"`
|
||||
Access uint8 `json:"access"`
|
||||
}
|
||||
|
||||
type orgDetails struct {
|
||||
OrgId string `json:"orgId"`
|
||||
Status uint `json:"status"`
|
||||
nodeDetails []*nodeStatus `json:"nodeDetails"`
|
||||
accountDetails []*accountInfo `json:"accountDetails"`
|
||||
SubOrgs []*orgDetails `json:"subOrgs"`
|
||||
}
|
||||
|
||||
type orgInfo struct {
|
||||
MasterOrgId string `json:"masterOrgId"`
|
||||
SubOrgId string `json:"subOrgId"`
|
||||
SubOrgKeyList []string `json:"subOrgKeyList"`
|
||||
}
|
||||
|
||||
type PendingOpInfo struct {
|
||||
PendingKey string `json:"pendingKey"`
|
||||
PendingOp string `json:"pendingOp"`
|
||||
|
@ -214,26 +190,6 @@ func (s *QuorumControlsAPI) GetOrgDetails(orgId string) types.OrgDetailInfo {
|
|||
return types.OrgDetailInfo{NodeList: nodeList, RoleList: roleList, AcctList: acctList}
|
||||
}
|
||||
|
||||
func (s *QuorumControlsAPI) GetOrgInfo(orgId string) []orgDetails {
|
||||
var od orgDetails
|
||||
od.OrgId = orgId
|
||||
od.Status = uint(types.OrgInfoMap.GetOrg(orgId).Status)
|
||||
log.Info("SMK-GetOrgInfo @196")
|
||||
|
||||
for _, v := range types.AcctInfoMap.GetAcctListOrg(orgId) {
|
||||
var acctInfo accountInfo
|
||||
log.Info("SMK-GetOrgInfo @198")
|
||||
acctInfo.Address = v.AcctId.String()
|
||||
acctInfo.Access = uint8(types.GetAcctAccess(v.AcctId))
|
||||
log.Info("SMK-GetOrgInfo @202", "account", acctInfo)
|
||||
od.accountDetails = append(od.accountDetails, &acctInfo)
|
||||
}
|
||||
|
||||
var odRet []orgDetails
|
||||
odRet = append(odRet, od)
|
||||
return odRet
|
||||
}
|
||||
|
||||
func (s *QuorumControlsAPI) AddOrg(orgId string, url string, acct common.Address, txa ethapi.SendTxArgs) ExecStatus {
|
||||
return s.executePermAction(AddOrg, txArgs{orgId: orgId, url: url, acctId: acct, txa: txa})
|
||||
}
|
||||
|
@ -602,7 +558,10 @@ func (s *QuorumControlsAPI) executePermAction(action PermAction, args txArgs) Ex
|
|||
|
||||
// check if the role is part of the org
|
||||
if types.RoleInfoMap.GetRole(args.orgId, args.roleId) == nil {
|
||||
return ErrRoleDoesNotExist
|
||||
// check if the role is existing at master org level
|
||||
if types.RoleInfoMap.GetRole(types.OrgInfoMap.GetOrg(args.orgId).UltimateParent, args.roleId) == nil {
|
||||
return ErrRoleDoesNotExist
|
||||
}
|
||||
}
|
||||
|
||||
// check if the account is part of another org
|
||||
|
|
Loading…
Reference in New Issue