From e6c8e64c35e0280ab54185018b38de6a70d9269f Mon Sep 17 00:00:00 2001 From: "amalraj.manigmail.com" Date: Fri, 29 Mar 2019 14:50:38 +0800 Subject: [PATCH] permission: modify account validation to refer the cache --- controls/bind/permission/accounts.go | 11 +++++---- controls/permission/permission.go | 4 +--- core/types/permissions_cache.go | 35 ++++++++++++++-------------- 3 files changed, 25 insertions(+), 25 deletions(-) diff --git a/controls/bind/permission/accounts.go b/controls/bind/permission/accounts.go index 4f9ede17f..c4cecf0fd 100644 --- a/controls/bind/permission/accounts.go +++ b/controls/bind/permission/accounts.go @@ -28,7 +28,7 @@ var ( ) // AcctManagerABI is the input ABI used to generate the binding from. -const AcctManagerABI = "[{\"constant\":true,\"inputs\":[{\"name\":\"_acct\",\"type\":\"address\"},{\"name\":\"_orgId\",\"type\":\"string\"}],\"name\":\"checkOrgAdmin\",\"outputs\":[{\"name\":\"\",\"type\":\"bool\"}],\"payable\":false,\"stateMutability\":\"view\",\"type\":\"function\"},{\"constant\":true,\"inputs\":[{\"name\":\"_acct\",\"type\":\"address\"}],\"name\":\"getAccountDetails\",\"outputs\":[{\"name\":\"\",\"type\":\"address\"},{\"name\":\"\",\"type\":\"string\"},{\"name\":\"\",\"type\":\"string\"},{\"name\":\"\",\"type\":\"uint256\"},{\"name\":\"\",\"type\":\"bool\"}],\"payable\":false,\"stateMutability\":\"view\",\"type\":\"function\"},{\"constant\":false,\"inputs\":[{\"name\":\"_address\",\"type\":\"address\"},{\"name\":\"_orgId\",\"type\":\"string\"},{\"name\":\"_roleId\",\"type\":\"string\"}],\"name\":\"assignAccountRole\",\"outputs\":[],\"payable\":false,\"stateMutability\":\"nonpayable\",\"type\":\"function\"},{\"constant\":true,\"inputs\":[],\"name\":\"getNumberOfAccounts\",\"outputs\":[{\"name\":\"\",\"type\":\"uint256\"}],\"payable\":false,\"stateMutability\":\"view\",\"type\":\"function\"},{\"constant\":true,\"inputs\":[{\"name\":\"_acct\",\"type\":\"address\"},{\"name\":\"_orgId\",\"type\":\"string\"}],\"name\":\"valAcctAccessChange\",\"outputs\":[{\"name\":\"\",\"type\":\"bool\"}],\"payable\":false,\"stateMutability\":\"view\",\"type\":\"function\"},{\"constant\":true,\"inputs\":[{\"name\":\"_acct\",\"type\":\"address\"}],\"name\":\"getAccountRole\",\"outputs\":[{\"name\":\"\",\"type\":\"string\"}],\"payable\":false,\"stateMutability\":\"view\",\"type\":\"function\"},{\"constant\":true,\"inputs\":[{\"name\":\"_orgId\",\"type\":\"string\"}],\"name\":\"orgAdminExists\",\"outputs\":[{\"name\":\"\",\"type\":\"bool\"}],\"payable\":false,\"stateMutability\":\"view\",\"type\":\"function\"},{\"constant\":true,\"inputs\":[{\"name\":\"aIndex\",\"type\":\"uint256\"}],\"name\":\"getAccountDetailsFromIndex\",\"outputs\":[{\"name\":\"\",\"type\":\"address\"},{\"name\":\"\",\"type\":\"string\"},{\"name\":\"\",\"type\":\"string\"},{\"name\":\"\",\"type\":\"uint256\"},{\"name\":\"\",\"type\":\"bool\"}],\"payable\":false,\"stateMutability\":\"view\",\"type\":\"function\"},{\"constant\":false,\"inputs\":[{\"name\":\"_address\",\"type\":\"address\"},{\"name\":\"_orgId\",\"type\":\"string\"}],\"name\":\"addNWAdminAccount\",\"outputs\":[],\"payable\":false,\"stateMutability\":\"nonpayable\",\"type\":\"function\"},{\"constant\":false,\"inputs\":[{\"name\":\"_nwAdminRole\",\"type\":\"string\"},{\"name\":\"_oAdminRole\",\"type\":\"string\"}],\"name\":\"setDefaults\",\"outputs\":[],\"payable\":false,\"stateMutability\":\"nonpayable\",\"type\":\"function\"},{\"constant\":false,\"inputs\":[{\"name\":\"_address\",\"type\":\"address\"}],\"name\":\"approveOrgAdminAccount\",\"outputs\":[],\"payable\":false,\"stateMutability\":\"nonpayable\",\"type\":\"function\"},{\"constant\":false,\"inputs\":[{\"name\":\"_address\",\"type\":\"address\"}],\"name\":\"revokeAccountRole\",\"outputs\":[],\"payable\":false,\"stateMutability\":\"nonpayable\",\"type\":\"function\"},{\"inputs\":[{\"name\":\"_permUpgradable\",\"type\":\"address\"}],\"payable\":false,\"stateMutability\":\"nonpayable\",\"type\":\"constructor\"},{\"anonymous\":false,\"inputs\":[{\"indexed\":false,\"name\":\"_address\",\"type\":\"address\"},{\"indexed\":false,\"name\":\"_orgId\",\"type\":\"string\"},{\"indexed\":false,\"name\":\"_roleId\",\"type\":\"string\"},{\"indexed\":false,\"name\":\"_orgAdmin\",\"type\":\"bool\"}],\"name\":\"AccountAccessModified\",\"type\":\"event\"},{\"anonymous\":false,\"inputs\":[{\"indexed\":false,\"name\":\"_address\",\"type\":\"address\"},{\"indexed\":false,\"name\":\"_orgId\",\"type\":\"string\"},{\"indexed\":false,\"name\":\"_roleId\",\"type\":\"string\"},{\"indexed\":false,\"name\":\"_orgAdmin\",\"type\":\"bool\"}],\"name\":\"AccountAccessRevoked\",\"type\":\"event\"}]" +const AcctManagerABI = "[{\"constant\":true,\"inputs\":[{\"name\":\"_acct\",\"type\":\"address\"},{\"name\":\"_orgId\",\"type\":\"string\"}],\"name\":\"checkOrgAdmin\",\"outputs\":[{\"name\":\"\",\"type\":\"bool\"}],\"payable\":false,\"stateMutability\":\"view\",\"type\":\"function\"},{\"constant\":true,\"inputs\":[{\"name\":\"_acct\",\"type\":\"address\"}],\"name\":\"getAccountDetails\",\"outputs\":[{\"name\":\"\",\"type\":\"address\"},{\"name\":\"\",\"type\":\"string\"},{\"name\":\"\",\"type\":\"string\"},{\"name\":\"\",\"type\":\"uint256\"},{\"name\":\"\",\"type\":\"bool\"}],\"payable\":false,\"stateMutability\":\"view\",\"type\":\"function\"},{\"constant\":false,\"inputs\":[{\"name\":\"_address\",\"type\":\"address\"},{\"name\":\"_orgId\",\"type\":\"string\"},{\"name\":\"_roleId\",\"type\":\"string\"}],\"name\":\"assignAccountRole\",\"outputs\":[],\"payable\":false,\"stateMutability\":\"nonpayable\",\"type\":\"function\"},{\"constant\":true,\"inputs\":[],\"name\":\"getNumberOfAccounts\",\"outputs\":[{\"name\":\"\",\"type\":\"uint256\"}],\"payable\":false,\"stateMutability\":\"view\",\"type\":\"function\"},{\"constant\":true,\"inputs\":[{\"name\":\"_acct\",\"type\":\"address\"},{\"name\":\"_orgId\",\"type\":\"string\"}],\"name\":\"valAcctAccessChange\",\"outputs\":[{\"name\":\"\",\"type\":\"bool\"}],\"payable\":false,\"stateMutability\":\"view\",\"type\":\"function\"},{\"constant\":true,\"inputs\":[{\"name\":\"_acct\",\"type\":\"address\"}],\"name\":\"getAccountRole\",\"outputs\":[{\"name\":\"\",\"type\":\"string\"}],\"payable\":false,\"stateMutability\":\"view\",\"type\":\"function\"},{\"constant\":true,\"inputs\":[{\"name\":\"_orgId\",\"type\":\"string\"}],\"name\":\"orgAdminExists\",\"outputs\":[{\"name\":\"\",\"type\":\"bool\"}],\"payable\":false,\"stateMutability\":\"view\",\"type\":\"function\"},{\"constant\":true,\"inputs\":[{\"name\":\"aIndex\",\"type\":\"uint256\"}],\"name\":\"getAccountDetailsFromIndex\",\"outputs\":[{\"name\":\"\",\"type\":\"address\"},{\"name\":\"\",\"type\":\"string\"},{\"name\":\"\",\"type\":\"string\"},{\"name\":\"\",\"type\":\"uint256\"},{\"name\":\"\",\"type\":\"bool\"}],\"payable\":false,\"stateMutability\":\"view\",\"type\":\"function\"},{\"constant\":false,\"inputs\":[{\"name\":\"_address\",\"type\":\"address\"},{\"name\":\"_orgId\",\"type\":\"string\"}],\"name\":\"addNWAdminAccount\",\"outputs\":[],\"payable\":false,\"stateMutability\":\"nonpayable\",\"type\":\"function\"},{\"constant\":false,\"inputs\":[{\"name\":\"_nwAdminRole\",\"type\":\"string\"},{\"name\":\"_oAdminRole\",\"type\":\"string\"}],\"name\":\"setDefaults\",\"outputs\":[],\"payable\":false,\"stateMutability\":\"nonpayable\",\"type\":\"function\"},{\"constant\":false,\"inputs\":[{\"name\":\"_address\",\"type\":\"address\"}],\"name\":\"approveOrgAdminAccount\",\"outputs\":[],\"payable\":false,\"stateMutability\":\"nonpayable\",\"type\":\"function\"},{\"constant\":false,\"inputs\":[{\"name\":\"_address\",\"type\":\"address\"}],\"name\":\"revokeAccountRole\",\"outputs\":[],\"payable\":false,\"stateMutability\":\"nonpayable\",\"type\":\"function\"},{\"inputs\":[{\"name\":\"_permUpgradable\",\"type\":\"address\"}],\"payable\":false,\"stateMutability\":\"nonpayable\",\"type\":\"constructor\"},{\"anonymous\":false,\"inputs\":[{\"indexed\":false,\"name\":\"_address\",\"type\":\"address\"},{\"indexed\":false,\"name\":\"_orgId\",\"type\":\"string\"},{\"indexed\":false,\"name\":\"_roleId\",\"type\":\"string\"},{\"indexed\":false,\"name\":\"_orgAdmin\",\"type\":\"bool\"},{\"indexed\":false,\"name\":\"_status\",\"type\":\"uint256\"}],\"name\":\"AccountAccessModified\",\"type\":\"event\"},{\"anonymous\":false,\"inputs\":[{\"indexed\":false,\"name\":\"_address\",\"type\":\"address\"},{\"indexed\":false,\"name\":\"_orgId\",\"type\":\"string\"},{\"indexed\":false,\"name\":\"_roleId\",\"type\":\"string\"},{\"indexed\":false,\"name\":\"_orgAdmin\",\"type\":\"bool\"}],\"name\":\"AccountAccessRevoked\",\"type\":\"event\"}]" // AcctManager is an auto generated Go binding around an Ethereum contract. type AcctManager struct { @@ -552,12 +552,13 @@ type AcctManagerAccountAccessModified struct { OrgId string RoleId string OrgAdmin bool + Status *big.Int Raw types.Log // Blockchain specific contextual infos } -// FilterAccountAccessModified is a free log retrieval operation binding the contract event 0x0bb794229c395f517356b6da8c38dd52b0bca8356b7f56e5d4dcdf82609664e6. +// FilterAccountAccessModified is a free log retrieval operation binding the contract event 0x68e62a03aeb0a125c2fc869eed72f2fca473680987bdd680c093a534e17cc776. // -// Solidity: e AccountAccessModified(_address address, _orgId string, _roleId string, _orgAdmin bool) +// Solidity: e AccountAccessModified(_address address, _orgId string, _roleId string, _orgAdmin bool, _status uint256) func (_AcctManager *AcctManagerFilterer) FilterAccountAccessModified(opts *bind.FilterOpts) (*AcctManagerAccountAccessModifiedIterator, error) { logs, sub, err := _AcctManager.contract.FilterLogs(opts, "AccountAccessModified") @@ -567,9 +568,9 @@ func (_AcctManager *AcctManagerFilterer) FilterAccountAccessModified(opts *bind. return &AcctManagerAccountAccessModifiedIterator{contract: _AcctManager.contract, event: "AccountAccessModified", logs: logs, sub: sub}, nil } -// WatchAccountAccessModified is a free log subscription operation binding the contract event 0x0bb794229c395f517356b6da8c38dd52b0bca8356b7f56e5d4dcdf82609664e6. +// WatchAccountAccessModified is a free log subscription operation binding the contract event 0x68e62a03aeb0a125c2fc869eed72f2fca473680987bdd680c093a534e17cc776. // -// Solidity: e AccountAccessModified(_address address, _orgId string, _roleId string, _orgAdmin bool) +// Solidity: e AccountAccessModified(_address address, _orgId string, _roleId string, _orgAdmin bool, _status uint256) func (_AcctManager *AcctManagerFilterer) WatchAccountAccessModified(opts *bind.WatchOpts, sink chan<- *AcctManagerAccountAccessModified) (event.Subscription, error) { logs, sub, err := _AcctManager.contract.WatchLogs(opts, "AccountAccessModified") diff --git a/controls/permission/permission.go b/controls/permission/permission.go index eebffefd0..7b182e0e1 100644 --- a/controls/permission/permission.go +++ b/controls/permission/permission.go @@ -473,8 +473,7 @@ func (p *PermissionCtrl) monitorAccountPermissionsAccessModified() { select { case evt = <-ch: log.Info("AJ-AccountAccessModified", "address", evt.Address, "role", evt.RoleId) - types.AddAccountAccess(evt.Address, evt.RoleId) - types.AcctInfoMap.UpsertAccount(evt.OrgId, evt.RoleId, evt.Address, evt.OrgAdmin, types.AcctActive) + types.AcctInfoMap.UpsertAccount(evt.OrgId, evt.RoleId, evt.Address, evt.OrgAdmin, types.AcctStatus(int(evt.Status.Uint64()))) log.Info("AJ-AccountAccessModified cached updated for ", "acct", evt.Address) } @@ -498,7 +497,6 @@ func (p *PermissionCtrl) monitorAccountPermissionsAccessRevoked() { select { case evt = <-ch: log.Info("AJ-AccountAccessModified", "address", evt.Address, "role", evt.RoleId) - types.AddAccountAccess(evt.Address, evt.RoleId) types.AcctInfoMap.UpsertAccount(evt.OrgId, evt.RoleId, evt.Address, evt.OrgAdmin, types.AcctActive) log.Info("AJ-AccountAccessModified cached updated for ", "acct", evt.Address) } diff --git a/core/types/permissions_cache.go b/core/types/permissions_cache.go index 0763b3702..c96d1c38c 100644 --- a/core/types/permissions_cache.go +++ b/core/types/permissions_cache.go @@ -70,11 +70,6 @@ type AccountInfo struct { Status AcctStatus } -type PermStruct struct { - AcctId common.Address - roleId string -} - type OrgStruct struct { OrgId string Keys []string @@ -159,12 +154,10 @@ func NewAcctCache() *AcctCache { var DefaultAccess = FullAccess -const acctMapLimit = 100 const orgKeyMapLimit = 100 const defaultMapLimit = 100 -var AcctMap, _ = lru.New(acctMapLimit) var OrgKeyMap, _ = lru.New(orgKeyMapLimit) var OrgInfoMap = NewOrgCache() @@ -180,7 +173,7 @@ func (pc *PermissionConfig) IsEmpty() bool { // sets default access to ReadOnly func SetDefaultAccess() { - DefaultAccess = FullAccess + DefaultAccess = ReadOnly } func (o *OrgCache) UpsertOrg(orgId string, status OrgStatus) { @@ -368,19 +361,27 @@ func (o *RoleCache) GetRoleList() []RoleInfo { return olist } -// Adds account access to the cache -func AddAccountAccess(acctId common.Address, roleId string) { - AcctMap.Add(acctId, &PermStruct{AcctId: acctId, roleId: roleId}) -} - // Returns the access type for an account. If not found returns // default access func GetAcctAccess(acctId common.Address) AccessType { - if AcctMap.Len() != 0 { - if _, ok := AcctMap.Get(acctId); ok { - // val.(*PermStruct) - return DefaultAccess + log.Info("AJ-get acct access ", "acct", acctId) + if a := AcctInfoMap.GetAccountByAccount(acctId); a != nil { + log.Info("AJ-Acct found", "a", a) + o := OrgInfoMap.GetOrg(a.OrgId) + r := RoleInfoMap.GetRole(a.OrgId, a.RoleId) + if o != nil && r != nil { + log.Info("AJ-org role found") + if (o.Status == OrgApproved || o.Status == OrgRevokeSuspension) && r.Active { + log.Info("AJ-access found", "access", r.Access) + return r.Access + } else { + log.Info("AJ-access org or role invalid") + } + } else { + log.Info("AJ-access org or role is missing") } + } else { + log.Info("AJ-Acct not found", "def access", DefaultAccess) } return DefaultAccess }