mirror of https://github.com/poanetwork/quorum.git
permission: modify account validation to refer the cache
This commit is contained in:
parent
293370cb94
commit
e6c8e64c35
|
@ -28,7 +28,7 @@ var (
|
|||
)
|
||||
|
||||
// AcctManagerABI is the input ABI used to generate the binding from.
|
||||
const AcctManagerABI = "[{\"constant\":true,\"inputs\":[{\"name\":\"_acct\",\"type\":\"address\"},{\"name\":\"_orgId\",\"type\":\"string\"}],\"name\":\"checkOrgAdmin\",\"outputs\":[{\"name\":\"\",\"type\":\"bool\"}],\"payable\":false,\"stateMutability\":\"view\",\"type\":\"function\"},{\"constant\":true,\"inputs\":[{\"name\":\"_acct\",\"type\":\"address\"}],\"name\":\"getAccountDetails\",\"outputs\":[{\"name\":\"\",\"type\":\"address\"},{\"name\":\"\",\"type\":\"string\"},{\"name\":\"\",\"type\":\"string\"},{\"name\":\"\",\"type\":\"uint256\"},{\"name\":\"\",\"type\":\"bool\"}],\"payable\":false,\"stateMutability\":\"view\",\"type\":\"function\"},{\"constant\":false,\"inputs\":[{\"name\":\"_address\",\"type\":\"address\"},{\"name\":\"_orgId\",\"type\":\"string\"},{\"name\":\"_roleId\",\"type\":\"string\"}],\"name\":\"assignAccountRole\",\"outputs\":[],\"payable\":false,\"stateMutability\":\"nonpayable\",\"type\":\"function\"},{\"constant\":true,\"inputs\":[],\"name\":\"getNumberOfAccounts\",\"outputs\":[{\"name\":\"\",\"type\":\"uint256\"}],\"payable\":false,\"stateMutability\":\"view\",\"type\":\"function\"},{\"constant\":true,\"inputs\":[{\"name\":\"_acct\",\"type\":\"address\"},{\"name\":\"_orgId\",\"type\":\"string\"}],\"name\":\"valAcctAccessChange\",\"outputs\":[{\"name\":\"\",\"type\":\"bool\"}],\"payable\":false,\"stateMutability\":\"view\",\"type\":\"function\"},{\"constant\":true,\"inputs\":[{\"name\":\"_acct\",\"type\":\"address\"}],\"name\":\"getAccountRole\",\"outputs\":[{\"name\":\"\",\"type\":\"string\"}],\"payable\":false,\"stateMutability\":\"view\",\"type\":\"function\"},{\"constant\":true,\"inputs\":[{\"name\":\"_orgId\",\"type\":\"string\"}],\"name\":\"orgAdminExists\",\"outputs\":[{\"name\":\"\",\"type\":\"bool\"}],\"payable\":false,\"stateMutability\":\"view\",\"type\":\"function\"},{\"constant\":true,\"inputs\":[{\"name\":\"aIndex\",\"type\":\"uint256\"}],\"name\":\"getAccountDetailsFromIndex\",\"outputs\":[{\"name\":\"\",\"type\":\"address\"},{\"name\":\"\",\"type\":\"string\"},{\"name\":\"\",\"type\":\"string\"},{\"name\":\"\",\"type\":\"uint256\"},{\"name\":\"\",\"type\":\"bool\"}],\"payable\":false,\"stateMutability\":\"view\",\"type\":\"function\"},{\"constant\":false,\"inputs\":[{\"name\":\"_address\",\"type\":\"address\"},{\"name\":\"_orgId\",\"type\":\"string\"}],\"name\":\"addNWAdminAccount\",\"outputs\":[],\"payable\":false,\"stateMutability\":\"nonpayable\",\"type\":\"function\"},{\"constant\":false,\"inputs\":[{\"name\":\"_nwAdminRole\",\"type\":\"string\"},{\"name\":\"_oAdminRole\",\"type\":\"string\"}],\"name\":\"setDefaults\",\"outputs\":[],\"payable\":false,\"stateMutability\":\"nonpayable\",\"type\":\"function\"},{\"constant\":false,\"inputs\":[{\"name\":\"_address\",\"type\":\"address\"}],\"name\":\"approveOrgAdminAccount\",\"outputs\":[],\"payable\":false,\"stateMutability\":\"nonpayable\",\"type\":\"function\"},{\"constant\":false,\"inputs\":[{\"name\":\"_address\",\"type\":\"address\"}],\"name\":\"revokeAccountRole\",\"outputs\":[],\"payable\":false,\"stateMutability\":\"nonpayable\",\"type\":\"function\"},{\"inputs\":[{\"name\":\"_permUpgradable\",\"type\":\"address\"}],\"payable\":false,\"stateMutability\":\"nonpayable\",\"type\":\"constructor\"},{\"anonymous\":false,\"inputs\":[{\"indexed\":false,\"name\":\"_address\",\"type\":\"address\"},{\"indexed\":false,\"name\":\"_orgId\",\"type\":\"string\"},{\"indexed\":false,\"name\":\"_roleId\",\"type\":\"string\"},{\"indexed\":false,\"name\":\"_orgAdmin\",\"type\":\"bool\"}],\"name\":\"AccountAccessModified\",\"type\":\"event\"},{\"anonymous\":false,\"inputs\":[{\"indexed\":false,\"name\":\"_address\",\"type\":\"address\"},{\"indexed\":false,\"name\":\"_orgId\",\"type\":\"string\"},{\"indexed\":false,\"name\":\"_roleId\",\"type\":\"string\"},{\"indexed\":false,\"name\":\"_orgAdmin\",\"type\":\"bool\"}],\"name\":\"AccountAccessRevoked\",\"type\":\"event\"}]"
|
||||
const AcctManagerABI = "[{\"constant\":true,\"inputs\":[{\"name\":\"_acct\",\"type\":\"address\"},{\"name\":\"_orgId\",\"type\":\"string\"}],\"name\":\"checkOrgAdmin\",\"outputs\":[{\"name\":\"\",\"type\":\"bool\"}],\"payable\":false,\"stateMutability\":\"view\",\"type\":\"function\"},{\"constant\":true,\"inputs\":[{\"name\":\"_acct\",\"type\":\"address\"}],\"name\":\"getAccountDetails\",\"outputs\":[{\"name\":\"\",\"type\":\"address\"},{\"name\":\"\",\"type\":\"string\"},{\"name\":\"\",\"type\":\"string\"},{\"name\":\"\",\"type\":\"uint256\"},{\"name\":\"\",\"type\":\"bool\"}],\"payable\":false,\"stateMutability\":\"view\",\"type\":\"function\"},{\"constant\":false,\"inputs\":[{\"name\":\"_address\",\"type\":\"address\"},{\"name\":\"_orgId\",\"type\":\"string\"},{\"name\":\"_roleId\",\"type\":\"string\"}],\"name\":\"assignAccountRole\",\"outputs\":[],\"payable\":false,\"stateMutability\":\"nonpayable\",\"type\":\"function\"},{\"constant\":true,\"inputs\":[],\"name\":\"getNumberOfAccounts\",\"outputs\":[{\"name\":\"\",\"type\":\"uint256\"}],\"payable\":false,\"stateMutability\":\"view\",\"type\":\"function\"},{\"constant\":true,\"inputs\":[{\"name\":\"_acct\",\"type\":\"address\"},{\"name\":\"_orgId\",\"type\":\"string\"}],\"name\":\"valAcctAccessChange\",\"outputs\":[{\"name\":\"\",\"type\":\"bool\"}],\"payable\":false,\"stateMutability\":\"view\",\"type\":\"function\"},{\"constant\":true,\"inputs\":[{\"name\":\"_acct\",\"type\":\"address\"}],\"name\":\"getAccountRole\",\"outputs\":[{\"name\":\"\",\"type\":\"string\"}],\"payable\":false,\"stateMutability\":\"view\",\"type\":\"function\"},{\"constant\":true,\"inputs\":[{\"name\":\"_orgId\",\"type\":\"string\"}],\"name\":\"orgAdminExists\",\"outputs\":[{\"name\":\"\",\"type\":\"bool\"}],\"payable\":false,\"stateMutability\":\"view\",\"type\":\"function\"},{\"constant\":true,\"inputs\":[{\"name\":\"aIndex\",\"type\":\"uint256\"}],\"name\":\"getAccountDetailsFromIndex\",\"outputs\":[{\"name\":\"\",\"type\":\"address\"},{\"name\":\"\",\"type\":\"string\"},{\"name\":\"\",\"type\":\"string\"},{\"name\":\"\",\"type\":\"uint256\"},{\"name\":\"\",\"type\":\"bool\"}],\"payable\":false,\"stateMutability\":\"view\",\"type\":\"function\"},{\"constant\":false,\"inputs\":[{\"name\":\"_address\",\"type\":\"address\"},{\"name\":\"_orgId\",\"type\":\"string\"}],\"name\":\"addNWAdminAccount\",\"outputs\":[],\"payable\":false,\"stateMutability\":\"nonpayable\",\"type\":\"function\"},{\"constant\":false,\"inputs\":[{\"name\":\"_nwAdminRole\",\"type\":\"string\"},{\"name\":\"_oAdminRole\",\"type\":\"string\"}],\"name\":\"setDefaults\",\"outputs\":[],\"payable\":false,\"stateMutability\":\"nonpayable\",\"type\":\"function\"},{\"constant\":false,\"inputs\":[{\"name\":\"_address\",\"type\":\"address\"}],\"name\":\"approveOrgAdminAccount\",\"outputs\":[],\"payable\":false,\"stateMutability\":\"nonpayable\",\"type\":\"function\"},{\"constant\":false,\"inputs\":[{\"name\":\"_address\",\"type\":\"address\"}],\"name\":\"revokeAccountRole\",\"outputs\":[],\"payable\":false,\"stateMutability\":\"nonpayable\",\"type\":\"function\"},{\"inputs\":[{\"name\":\"_permUpgradable\",\"type\":\"address\"}],\"payable\":false,\"stateMutability\":\"nonpayable\",\"type\":\"constructor\"},{\"anonymous\":false,\"inputs\":[{\"indexed\":false,\"name\":\"_address\",\"type\":\"address\"},{\"indexed\":false,\"name\":\"_orgId\",\"type\":\"string\"},{\"indexed\":false,\"name\":\"_roleId\",\"type\":\"string\"},{\"indexed\":false,\"name\":\"_orgAdmin\",\"type\":\"bool\"},{\"indexed\":false,\"name\":\"_status\",\"type\":\"uint256\"}],\"name\":\"AccountAccessModified\",\"type\":\"event\"},{\"anonymous\":false,\"inputs\":[{\"indexed\":false,\"name\":\"_address\",\"type\":\"address\"},{\"indexed\":false,\"name\":\"_orgId\",\"type\":\"string\"},{\"indexed\":false,\"name\":\"_roleId\",\"type\":\"string\"},{\"indexed\":false,\"name\":\"_orgAdmin\",\"type\":\"bool\"}],\"name\":\"AccountAccessRevoked\",\"type\":\"event\"}]"
|
||||
|
||||
// AcctManager is an auto generated Go binding around an Ethereum contract.
|
||||
type AcctManager struct {
|
||||
|
@ -552,12 +552,13 @@ type AcctManagerAccountAccessModified struct {
|
|||
OrgId string
|
||||
RoleId string
|
||||
OrgAdmin bool
|
||||
Status *big.Int
|
||||
Raw types.Log // Blockchain specific contextual infos
|
||||
}
|
||||
|
||||
// FilterAccountAccessModified is a free log retrieval operation binding the contract event 0x0bb794229c395f517356b6da8c38dd52b0bca8356b7f56e5d4dcdf82609664e6.
|
||||
// FilterAccountAccessModified is a free log retrieval operation binding the contract event 0x68e62a03aeb0a125c2fc869eed72f2fca473680987bdd680c093a534e17cc776.
|
||||
//
|
||||
// Solidity: e AccountAccessModified(_address address, _orgId string, _roleId string, _orgAdmin bool)
|
||||
// Solidity: e AccountAccessModified(_address address, _orgId string, _roleId string, _orgAdmin bool, _status uint256)
|
||||
func (_AcctManager *AcctManagerFilterer) FilterAccountAccessModified(opts *bind.FilterOpts) (*AcctManagerAccountAccessModifiedIterator, error) {
|
||||
|
||||
logs, sub, err := _AcctManager.contract.FilterLogs(opts, "AccountAccessModified")
|
||||
|
@ -567,9 +568,9 @@ func (_AcctManager *AcctManagerFilterer) FilterAccountAccessModified(opts *bind.
|
|||
return &AcctManagerAccountAccessModifiedIterator{contract: _AcctManager.contract, event: "AccountAccessModified", logs: logs, sub: sub}, nil
|
||||
}
|
||||
|
||||
// WatchAccountAccessModified is a free log subscription operation binding the contract event 0x0bb794229c395f517356b6da8c38dd52b0bca8356b7f56e5d4dcdf82609664e6.
|
||||
// WatchAccountAccessModified is a free log subscription operation binding the contract event 0x68e62a03aeb0a125c2fc869eed72f2fca473680987bdd680c093a534e17cc776.
|
||||
//
|
||||
// Solidity: e AccountAccessModified(_address address, _orgId string, _roleId string, _orgAdmin bool)
|
||||
// Solidity: e AccountAccessModified(_address address, _orgId string, _roleId string, _orgAdmin bool, _status uint256)
|
||||
func (_AcctManager *AcctManagerFilterer) WatchAccountAccessModified(opts *bind.WatchOpts, sink chan<- *AcctManagerAccountAccessModified) (event.Subscription, error) {
|
||||
|
||||
logs, sub, err := _AcctManager.contract.WatchLogs(opts, "AccountAccessModified")
|
||||
|
|
|
@ -473,8 +473,7 @@ func (p *PermissionCtrl) monitorAccountPermissionsAccessModified() {
|
|||
select {
|
||||
case evt = <-ch:
|
||||
log.Info("AJ-AccountAccessModified", "address", evt.Address, "role", evt.RoleId)
|
||||
types.AddAccountAccess(evt.Address, evt.RoleId)
|
||||
types.AcctInfoMap.UpsertAccount(evt.OrgId, evt.RoleId, evt.Address, evt.OrgAdmin, types.AcctActive)
|
||||
types.AcctInfoMap.UpsertAccount(evt.OrgId, evt.RoleId, evt.Address, evt.OrgAdmin, types.AcctStatus(int(evt.Status.Uint64())))
|
||||
log.Info("AJ-AccountAccessModified cached updated for ", "acct", evt.Address)
|
||||
}
|
||||
|
||||
|
@ -498,7 +497,6 @@ func (p *PermissionCtrl) monitorAccountPermissionsAccessRevoked() {
|
|||
select {
|
||||
case evt = <-ch:
|
||||
log.Info("AJ-AccountAccessModified", "address", evt.Address, "role", evt.RoleId)
|
||||
types.AddAccountAccess(evt.Address, evt.RoleId)
|
||||
types.AcctInfoMap.UpsertAccount(evt.OrgId, evt.RoleId, evt.Address, evt.OrgAdmin, types.AcctActive)
|
||||
log.Info("AJ-AccountAccessModified cached updated for ", "acct", evt.Address)
|
||||
}
|
||||
|
|
|
@ -70,11 +70,6 @@ type AccountInfo struct {
|
|||
Status AcctStatus
|
||||
}
|
||||
|
||||
type PermStruct struct {
|
||||
AcctId common.Address
|
||||
roleId string
|
||||
}
|
||||
|
||||
type OrgStruct struct {
|
||||
OrgId string
|
||||
Keys []string
|
||||
|
@ -159,12 +154,10 @@ func NewAcctCache() *AcctCache {
|
|||
|
||||
var DefaultAccess = FullAccess
|
||||
|
||||
const acctMapLimit = 100
|
||||
const orgKeyMapLimit = 100
|
||||
|
||||
const defaultMapLimit = 100
|
||||
|
||||
var AcctMap, _ = lru.New(acctMapLimit)
|
||||
var OrgKeyMap, _ = lru.New(orgKeyMapLimit)
|
||||
|
||||
var OrgInfoMap = NewOrgCache()
|
||||
|
@ -180,7 +173,7 @@ func (pc *PermissionConfig) IsEmpty() bool {
|
|||
|
||||
// sets default access to ReadOnly
|
||||
func SetDefaultAccess() {
|
||||
DefaultAccess = FullAccess
|
||||
DefaultAccess = ReadOnly
|
||||
}
|
||||
|
||||
func (o *OrgCache) UpsertOrg(orgId string, status OrgStatus) {
|
||||
|
@ -368,19 +361,27 @@ func (o *RoleCache) GetRoleList() []RoleInfo {
|
|||
return olist
|
||||
}
|
||||
|
||||
// Adds account access to the cache
|
||||
func AddAccountAccess(acctId common.Address, roleId string) {
|
||||
AcctMap.Add(acctId, &PermStruct{AcctId: acctId, roleId: roleId})
|
||||
}
|
||||
|
||||
// Returns the access type for an account. If not found returns
|
||||
// default access
|
||||
func GetAcctAccess(acctId common.Address) AccessType {
|
||||
if AcctMap.Len() != 0 {
|
||||
if _, ok := AcctMap.Get(acctId); ok {
|
||||
// val.(*PermStruct)
|
||||
return DefaultAccess
|
||||
log.Info("AJ-get acct access ", "acct", acctId)
|
||||
if a := AcctInfoMap.GetAccountByAccount(acctId); a != nil {
|
||||
log.Info("AJ-Acct found", "a", a)
|
||||
o := OrgInfoMap.GetOrg(a.OrgId)
|
||||
r := RoleInfoMap.GetRole(a.OrgId, a.RoleId)
|
||||
if o != nil && r != nil {
|
||||
log.Info("AJ-org role found")
|
||||
if (o.Status == OrgApproved || o.Status == OrgRevokeSuspension) && r.Active {
|
||||
log.Info("AJ-access found", "access", r.Access)
|
||||
return r.Access
|
||||
} else {
|
||||
log.Info("AJ-access org or role invalid")
|
||||
}
|
||||
} else {
|
||||
log.Info("AJ-access org or role is missing")
|
||||
}
|
||||
} else {
|
||||
log.Info("AJ-Acct not found", "def access", DefaultAccess)
|
||||
}
|
||||
return DefaultAccess
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue