diff --git a/controls/permission/AccountManager.sol b/controls/permission/AccountManager.sol index 0e79ca676..605c22147 100644 --- a/controls/permission/AccountManager.sol +++ b/controls/permission/AccountManager.sol @@ -1,6 +1,8 @@ pragma solidity ^0.5.3; +import "./PermissionsUpgradable.sol"; contract AccountManager { + PermissionsImplUpgradeable private permUpgradable; // enum AccountStatus {0-NotInList, 1-PendingApproval, 2-Active, 3-Inactive} struct AccountAccessDetails { address acctId; @@ -23,6 +25,16 @@ contract AccountManager { event AccountAccessModified(address _address, string _roleId); event AccountAccessRevoked(address _address, string _roleId); + modifier onlyImpl + { + require(msg.sender == permUpgradable.getPermImpl()); + _; + } + + constructor (address _permUpgradable) public { + permUpgradable = PermissionsImplUpgradeable(_permUpgradable); + } + // Get account details given index function orgAdminExists(string memory _orgId) public view returns (bool) diff --git a/controls/permission/NodeManager.sol b/controls/permission/NodeManager.sol index 000d51474..b16b23f70 100644 --- a/controls/permission/NodeManager.sol +++ b/controls/permission/NodeManager.sol @@ -1,7 +1,9 @@ pragma solidity ^0.5.3; +import "./PermissionsUpgradable.sol"; + contract NodeManager { - address[] initialAcctList; + PermissionsImplUpgradeable private permUpgradable; // enum and struct declaration // changing node status to integer (0-NotInList, 1- PendingApproval, 2-Approved, // PendingDeactivation, Deactivated, PendingActivation, PendingBlacklisting, Blacklisted) @@ -36,6 +38,12 @@ contract NodeManager { event NodePendingBlacklist(string _enodeId); event NodeBlacklisted(string); + modifier onlyImpl + { + require(msg.sender == permUpgradable.getPermImpl()); + _; + } + // Checks if the given enode exists modifier enodeInList(string memory _enodeId) { @@ -50,6 +58,10 @@ contract NodeManager { _; } + constructor (address _permUpgradable) public { + permUpgradable = PermissionsImplUpgradeable(_permUpgradable); + } + // Get node details given enode Id function getNodeDetails(string memory enodeId) public view returns (string memory _enodeId, uint _nodeStatus) { @@ -76,14 +88,20 @@ contract NodeManager { return nodeList[getNodeIndex(_enodeId)].status; } - function addNode(string calldata _enodeId, string calldata _orgId) external enodeNotInList(_enodeId){ + function addNode(string calldata _enodeId, string calldata _orgId) external + onlyImpl + enodeNotInList(_enodeId) + { numberOfNodes++; nodeIdToIndex[keccak256(abi.encodePacked(_enodeId))] = numberOfNodes; nodeList.push(NodeDetails(_enodeId, _orgId, 1)); emit NodeProposed(_enodeId); } - function addOrgNode(string calldata _enodeId, string calldata _orgId) external enodeNotInList(_enodeId){ + function addOrgNode(string calldata _enodeId, string calldata _orgId) external + onlyImpl + enodeNotInList(_enodeId) + { numberOfNodes++; nodeIdToIndex[keccak256(abi.encodePacked(_enodeId))] = numberOfNodes; nodeList.push(NodeDetails(_enodeId, _orgId, 2)); @@ -91,7 +109,8 @@ contract NodeManager { } // Adds a node to the nodeList mapping and emits node added event if successfully and node exists event of node is already present - function approveNode(string calldata _enodeId) external + function approveNode(string calldata _enodeId) external + onlyImpl { require(getNodeStatus(_enodeId) == 1, "Node need to be in PendingApproval status"); uint nodeIndex = getNodeIndex(_enodeId); diff --git a/controls/permission/OrgManager.sol b/controls/permission/OrgManager.sol index 3913a8c41..8b590ee02 100644 --- a/controls/permission/OrgManager.sol +++ b/controls/permission/OrgManager.sol @@ -40,7 +40,7 @@ contract OrgManager { _; } - function setUpgradable (address _permUpgradable) external { + constructor (address _permUpgradable) public { permUpgradable = PermissionsImplUpgradeable(_permUpgradable); } diff --git a/controls/permission/PermissionsImplementation.sol b/controls/permission/PermissionsImplementation.sol index 4fcfa3a83..0b565fd9f 100644 --- a/controls/permission/PermissionsImplementation.sol +++ b/controls/permission/PermissionsImplementation.sol @@ -5,6 +5,7 @@ import "./AccountManager.sol"; import "./VoterManager.sol"; import "./NodeManager.sol"; import "./OrgManager.sol"; +import "./PermissionsUpgradable.sol"; contract PermissionsImplementation { AccountManager private accounts; @@ -12,6 +13,7 @@ contract PermissionsImplementation { VoterManager private voter; NodeManager private nodes; OrgManager private org; + PermissionsImplUpgradeable private permUpgradable; string private adminOrg; string private adminRole; @@ -22,6 +24,12 @@ contract PermissionsImplementation { // checks if first time network boot up has happened or not bool private networkBoot = false; + modifier onlyProxy + { + require(msg.sender == permUpgradable.getPermInterface(), "can be called by proxy only"); + _; + } + // Checks if the given network boot up is pending exists modifier networkBootUpPending() { @@ -61,8 +69,12 @@ contract PermissionsImplementation { _; } + constructor (address _permUpgradable) public { + permUpgradable = PermissionsImplUpgradeable(_permUpgradable); + } function setPolicy(string calldata _nwAdminOrg, string calldata _nwAdminRole, string calldata _oAdminRole) external + onlyProxy networkBootUpPending() { adminOrg = _nwAdminOrg; @@ -71,6 +83,7 @@ contract PermissionsImplementation { } function init(address _orgManager, address _rolesManager, address _acctManager, address _voterManager, address _nodeManager) external + onlyProxy networkBootUpPending() { org = OrgManager(_orgManager); @@ -85,6 +98,7 @@ contract PermissionsImplementation { } function addAdminNodes(string calldata _enodeId) external + onlyProxy networkBootUpPending() { nodes.addNode(_enodeId, adminOrg); @@ -92,6 +106,7 @@ contract PermissionsImplementation { } function addAdminAccounts(address _acct) external + onlyProxy networkBootUpPending() { // add the account as a voter for the admin org @@ -102,6 +117,7 @@ contract PermissionsImplementation { // update the network boot status as true function updateNetworkBootStatus() external + onlyProxy networkBootUpPending() returns (bool) { @@ -109,14 +125,16 @@ contract PermissionsImplementation { return networkBoot; } - // // Get network boot status - function getNetworkBootStatus() external view returns (bool) +// Get network boot status + function getNetworkBootStatus() external view + returns (bool) { return networkBoot; } // function for adding a new master org function addOrg(string calldata _orgId, string calldata _enodeId) external + onlyProxy networkBootUpDone() orgNotExists(_orgId) networkAdmin(msg.sender) @@ -129,6 +147,7 @@ contract PermissionsImplementation { } function approveOrg(string calldata _orgId, string calldata _enodeId) external + onlyProxy networkBootUpDone() networkAdmin(msg.sender) { @@ -140,6 +159,7 @@ contract PermissionsImplementation { } function updateOrgStatus(string calldata _orgId, uint _status) external + onlyProxy networkBootUpDone() orgExists(_orgId) networkAdmin(msg.sender) @@ -161,6 +181,7 @@ contract PermissionsImplementation { } function approveOrgStatus(string calldata _orgId, uint _status) external + onlyProxy networkBootUpDone() orgExists(_orgId) networkAdmin(msg.sender) @@ -179,13 +200,16 @@ contract PermissionsImplementation { } } // returns org and master org details based on org index - function getOrgInfo(uint _orgIndex) external view returns (string memory, uint) + function getOrgInfo(uint _orgIndex) external view + returns (string memory, uint) + { return org.getOrgInfo(_orgIndex); } // Role related functions function addNewRole(string calldata _roleId, string calldata _orgId, uint _access, bool _voter) external + onlyProxy orgApproved(_orgId) orgAdmin(msg.sender, _orgId) { @@ -194,25 +218,29 @@ contract PermissionsImplementation { } function removeRole(string calldata _roleId, string calldata _orgId) external + onlyProxy orgApproved(_orgId) orgAdmin(msg.sender, _orgId) { roles.removeRole(_roleId, _orgId); } - function getRoleDetails(string calldata _roleId, string calldata _orgId) external view returns (string memory, string memory, uint, bool, bool) + function getRoleDetails(string calldata _roleId, string calldata _orgId) external view + returns (string memory, string memory, uint, bool, bool) { return roles.getRoleDetails(_roleId, _orgId); } // Org voter related functions - function getNumberOfVoters(string calldata _orgId) external view returns (uint){ + function getNumberOfVoters(string calldata _orgId) external view + returns (uint){ return voter.getNumberOfValidVoters(_orgId); } - function checkIfVoterExists(string calldata _orgId, address _acct) external view returns (bool) + function checkIfVoterExists(string calldata _orgId, address _acct) external view + returns (bool) { return voter.checkIfVoterExists(_orgId, _acct); } @@ -222,12 +250,14 @@ contract PermissionsImplementation { return voter.getVoteCount(_orgId); } - function getPendingOp(string calldata _orgId) external view returns (string memory, string memory, address, uint) + function getPendingOp(string calldata _orgId) external view + returns (string memory, string memory, address, uint) { return voter.getPendingOpDetails(_orgId); } function assignOrgAdminAccount(string calldata _orgId, address _account) external + onlyProxy networkBootUpDone() networkAdmin(msg.sender) orgExists(_orgId) @@ -241,6 +271,7 @@ contract PermissionsImplementation { } function approveOrgAdminAccount(address _account) external + onlyProxy networkBootUpDone() networkAdmin(msg.sender) { @@ -252,6 +283,7 @@ contract PermissionsImplementation { function assignAccountRole(address _acct, string memory _orgId, string memory _roleId) public + onlyProxy networkBootUpDone() orgApproved(_orgId) orgAdmin(msg.sender, _orgId) @@ -288,6 +320,7 @@ contract PermissionsImplementation { } function addNode(string calldata _orgId, string calldata _enodeId) external + onlyProxy networkBootUpDone() orgApproved(_orgId) orgAdmin(msg.sender, _orgId) @@ -297,27 +330,32 @@ contract PermissionsImplementation { nodes.addOrgNode(_enodeId, _orgId); } - function getNodeStatus(string memory _enodeId) public view returns (uint) + function getNodeStatus(string memory _enodeId) public view + returns (uint) { return (nodes.getNodeStatus(_enodeId)); } - function isNetworkAdmin(address _account) public view returns (bool) + function isNetworkAdmin(address _account) public view + returns (bool) { return (keccak256(abi.encodePacked(accounts.getAccountRole(_account))) == keccak256(abi.encodePacked(adminRole))); } - function isOrgAdmin(address _account, string memory _orgId) public view returns (bool) + function isOrgAdmin(address _account, string memory _orgId) public view + returns (bool) { return (accounts.checkOrgAdmin(_account, _orgId)); } - function validateAccount(address _account, string memory _orgId) public view returns (bool) + function validateAccount(address _account, string memory _orgId) public view + returns (bool) { return (accounts.valAcctAccessChange(_account, _orgId)); } - function getAccountDetails(address _acct) external view returns (address, string memory, string memory, uint, bool) + function getAccountDetails(address _acct) external view + returns (address, string memory, string memory, uint, bool) { return accounts.getAccountDetails(_acct); } diff --git a/controls/permission/PermissionsInterface.sol b/controls/permission/PermissionsInterface.sol index 79631a0cd..2ee4337d3 100644 --- a/controls/permission/PermissionsInterface.sol +++ b/controls/permission/PermissionsInterface.sol @@ -1,9 +1,12 @@ pragma solidity ^0.5.3; import "./PermissionsImplementation.sol"; +import "./PermissionsUpgradable.sol"; + contract PermissionsInterface { - PermissionsImplementation permImplementation; + PermissionsImplementation private permImplementation; + PermissionsImplUpgradeable private permUpgradable; address private permImplUpgradeable; constructor(address _permImplUpgradeable) public { diff --git a/controls/permission/PermissionsUpgradable.sol b/controls/permission/PermissionsUpgradable.sol index 8184627c2..25c74e33e 100644 --- a/controls/permission/PermissionsUpgradable.sol +++ b/controls/permission/PermissionsUpgradable.sol @@ -2,18 +2,15 @@ pragma solidity ^0.5.3; import "./PermissionsInterface.sol"; -contract PermissionsImplUpgradeable { +contract PermissionsUpgradeable { address private custodian; address private permImpl; - // store the instances in the contract because upgradeable will setCoinImpl for them - PermissionsInterface private permInterface; + address private permInterface; - constructor (address _custodian, address _permInterface, address _permImpl) public { + constructor (address _custodian) public + { custodian = _custodian; - permImpl = _permImpl; - permInterface = PermissionsInterface(_permInterface); - setImpl(_permImpl); } modifier onlyCustodian { @@ -21,23 +18,41 @@ contract PermissionsImplUpgradeable { _; } + function init (address _permInterface, address _permImpl) external + onlyCustodian + { + permImpl = _permImpl; + permInterface = _permInterface; + setImpl(permImpl); + } + // custodian can potentially become a contract // implementation change and custodian change are sending from custodian - function confirmImplChange(address _proposedImpl) public onlyCustodian { + function confirmImplChange(address _proposedImpl) public + onlyCustodian + { permImpl = _proposedImpl; setImpl(permImpl); } - function getCustodian() public view returns(address) { + function getCustodian() public view returns(address) + { return custodian; } - function getPermImpl() public view returns(address) { + function getPermImpl() public view returns(address) + { return permImpl; } - function setImpl(address _permImpl) private { - permInterface.setPermImplementation(_permImpl); + function getPermInterface() public view returns(address) + { + return permInterface; + } + + function setImpl(address _permImpl) private + { + PermissionsInterface(permInterface).setPermImplementation(_permImpl); } } \ No newline at end of file diff --git a/controls/permission/RoleManager.sol b/controls/permission/RoleManager.sol index 89bdde84c..bf59da697 100644 --- a/controls/permission/RoleManager.sol +++ b/controls/permission/RoleManager.sol @@ -1,6 +1,9 @@ pragma solidity ^0.5.3; +import "./PermissionsUpgradable.sol"; + contract RoleManager { + PermissionsImplUpgradeable private permUpgradable; struct RoleDetails { string roleId; string orgId; @@ -16,6 +19,16 @@ contract RoleManager { event RoleCreated(string _roleId, string _orgId); event RoleRevoked(string _roleId, string _orgId); + modifier onlyImpl + { + require(msg.sender == permUpgradable.getPermImpl()); + _; + } + + constructor (address _permUpgradable) public { + permUpgradable = PermissionsImplUpgradeable(_permUpgradable); + } + function roleExists(string memory _roleId, string memory _orgId) public view returns(bool) { return (roleIndex[keccak256(abi.encodePacked(_roleId, _orgId))] != 0); diff --git a/controls/permission/VoterManager.sol b/controls/permission/VoterManager.sol index 57970dd7d..152262ae2 100644 --- a/controls/permission/VoterManager.sol +++ b/controls/permission/VoterManager.sol @@ -1,6 +1,9 @@ pragma solidity ^0.5.3; +import "./PermissionsUpgradable.sol"; + contract VoterManager { + PermissionsImplUpgradeable private permUpgradable; // enum PendingOpType {0-None, 1-OrgAdd, 2-OrgSuspension, 3-OrgRevokeSuspension, 4-AddOrgAdmin} struct PendingOpDetails { string orgId; @@ -38,11 +41,21 @@ contract VoterManager { event Dummy(string _msg); + modifier onlyImpl + { + require(msg.sender == permUpgradable.getPermImpl()); + _; + } + modifier voterExists(string memory _orgId, address _address) { require(checkIfVoterExists(_orgId, _address) == true, "must be a voter"); _; } + constructor (address _permUpgradable) public { + permUpgradable = PermissionsImplUpgradeable(_permUpgradable); + } + // returns the voter index function getVoterIndex(string memory _orgId, address _vAccount) internal view returns (uint) {