From e243b4eef3981bdfac3d0b13cbecc8d552ff7242 Mon Sep 17 00:00:00 2001 From: vsmk98 Date: Wed, 10 Apr 2019 20:04:40 +0800 Subject: [PATCH 1/2] permissions: replaced isOrgExists with validateOrg for better error checks --- core/quorum/api.go | 27 ++++++++++++++++----------- 1 file changed, 16 insertions(+), 11 deletions(-) diff --git a/core/quorum/api.go b/core/quorum/api.go index c69cbc255..8565bda16 100644 --- a/core/quorum/api.go +++ b/core/quorum/api.go @@ -130,7 +130,8 @@ var ( ErrRoleDoesNotExist = ExecStatus{false, "Role not found for org. Add role first"} ErrRoleActive = ExecStatus{false, "Accounts linked to the role. Cannot be removed"} ErrAdminRoles = ExecStatus{false, "Admin role cannot be removed"} - ErrInvalidOrgName = ExecStatus{false, "Org id cannot contain '.'"} + ErrInvalidOrgName = ExecStatus{false, "Org id cannot contain special characters"} + ErrInvalidParentOrg = ExecStatus{false, "Invalid parent org id"} ExecSuccess = ExecStatus{true, "Action completed successfully"} ) @@ -254,13 +255,17 @@ func (s *QuorumControlsAPI) isOrgAdmin(account common.Address, orgId string) boo return ac != nil && (ac.RoleId == s.permConfig.OrgAdminRole && strings.Contains(orgId, ac.OrgId)) } -func (s *QuorumControlsAPI) checkOrgExists(orgId, pOrgId string) bool { - locOrgId := orgId - if pOrgId != "" { - locOrgId = pOrgId + "." + locOrgId +func (s *QuorumControlsAPI) validateOrg(orgId, pOrgId string) (ExecStatus, error) { + // validate Parent org id + if pOrgId != "" && types.OrgInfoMap.GetOrg(pOrgId) == nil { + return ErrInvalidParentOrg, errors.New("invalid parent org") + } else { + locOrgId := pOrgId + "." + orgId + if types.OrgInfoMap.GetOrg(locOrgId) != nil { + return ErrOrgExists, errors.New("org exists") + } } - org := types.OrgInfoMap.GetOrg(locOrgId) - return org != nil + return ExecSuccess, nil } func (s *QuorumControlsAPI) checkNodeExists(enodeId string) bool { @@ -364,8 +369,8 @@ func (s *QuorumControlsAPI) executePermAction(action PermAction, args txArgs) Ex return ErrPendingApprovals } // check if org already exists - if s.checkOrgExists(args.orgId, "") { - return ErrOrgExists + if execStatus, er := s.validateOrg(args.orgId, ""); er != nil { + return execStatus } // validate node id and @@ -411,8 +416,8 @@ func (s *QuorumControlsAPI) executePermAction(action PermAction, args txArgs) Ex } // check if org already exists - if s.checkOrgExists(args.orgId, args.porgId) { - return ErrOrgExists + if execStatus, er := s.validateOrg(args.orgId, args.porgId); er != nil { + return execStatus } // validate node id and From 115842dbea776440f32234a6fa935703809f9624 Mon Sep 17 00:00:00 2001 From: vsmk98 Date: Wed, 10 Apr 2019 21:38:44 +0800 Subject: [PATCH 2/2] permissions: updated the getOrgDetails to return suborg list as well --- core/quorum/api.go | 2 +- core/types/permissions_cache.go | 7 ++++--- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/core/quorum/api.go b/core/quorum/api.go index 8565bda16..0eea0f792 100644 --- a/core/quorum/api.go +++ b/core/quorum/api.go @@ -192,7 +192,7 @@ func (s *QuorumControlsAPI) GetOrgDetails(orgId string) types.OrgDetailInfo { nodeList = append(nodeList, a) } } - return types.OrgDetailInfo{NodeList: nodeList, RoleList: roleList, AcctList: acctList} + return types.OrgDetailInfo{NodeList: nodeList, RoleList: roleList, AcctList: acctList, SubOrgList: types.OrgInfoMap.GetOrg(orgId).SubOrgList} } func (s *QuorumControlsAPI) AddOrg(orgId string, url string, acct common.Address, txa ethapi.SendTxArgs) ExecStatus { diff --git a/core/types/permissions_cache.go b/core/types/permissions_cache.go index a694b99a4..adb541488 100644 --- a/core/types/permissions_cache.go +++ b/core/types/permissions_cache.go @@ -77,9 +77,10 @@ type AccountInfo struct { } type OrgDetailInfo struct { - NodeList []NodeInfo - RoleList []RoleInfo - AcctList []AccountInfo + NodeList []NodeInfo + RoleList []RoleInfo + AcctList []AccountInfo + SubOrgList []string } type OrgStruct struct {