Peerplays_Blockchain/peerplays_migrated
1
0
Fork 0
Code Issues 35 Pull requests 4 Projects Releases 20 Packages Wiki Activity Actions

rbac2 - op_type hf checks

Browse source
This commit is contained in:
satyakoneru 2020-05-26 15:48:02 +00:00
parent 2a7c8749d3
commit c74e83d088
8 changed files with 253 additions and 215 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

73
libraries/chain/custom_account_authority_evaluator.cpp
View file

@ -15,28 +15,23 @@ struct rbac_operation_hardfork_visitor
typedef void result_type; typedef void result_type;
const fc::time_point_sec block_time; const fc::time_point_sec block_time;
rbac_operation_hardfork_visitor( const fc::time_point_sec bt ) : block_time(bt) {} rbac_operation_hardfork_visitor(const fc::time_point_sec bt) : block_time(bt) {}
void operator()(int op_type) const
template<typename T> {
void operator()(const T &v) const {} int first_allowed_op = operation::tag<custom_permission_create_operation>::value;
switch (op_type)
void operator()(const custom_permission_create_operation &op) const { {
FC_ASSERT( block_time >= HARDFORK_RBAC_TIME, "custom_permission_create_operation not allowed yet!" ); case operation::tag<custom_permission_create_operation>::value:
} case operation::tag<custom_permission_update_operation>::value:
void operator()(const custom_permission_update_operation &op) const { case operation::tag<custom_permission_delete_operation>::value:
FC_ASSERT( block_time >= HARDFORK_RBAC_TIME, "custom_permission_update_operation not allowed yet!" ); case operation::tag<custom_account_authority_create_operation>::value:
} case operation::tag<custom_account_authority_update_operation>::value:
void operator()(const custom_permission_delete_operation &op) const { case operation::tag<custom_account_authority_delete_operation>::value:
FC_ASSERT( block_time >= HARDFORK_RBAC_TIME, "custom_permission_delete_operation not allowed yet!" ); FC_ASSERT(block_time >= HARDFORK_RBAC_TIME, "Custom permission not allowed on this operation yet!");
} break;
void operator()(const custom_account_authority_create_operation &op) const { default:
FC_ASSERT( block_time >= HARDFORK_RBAC_TIME, "custom_account_authority_create_operation not allowed yet!" ); FC_ASSERT(op_type < first_allowed_op, "Custom permission not allowed on this operation!");
} }
void operator()(const custom_account_authority_update_operation &op) const {
FC_ASSERT( block_time >= HARDFORK_RBAC_TIME, "custom_account_authority_update_operation not allowed yet!" );
}
void operator()(const custom_account_authority_delete_operation &op) const {
FC_ASSERT( block_time >= HARDFORK_RBAC_TIME, "custom_account_authority_delete_operation not allowed yet!" );
} }
}; };
@ -48,9 +43,11 @@ void_result create_custom_account_authority_evaluator::do_evaluate(const custom_
auto now = d.head_block_time(); auto now = d.head_block_time();
FC_ASSERT(now >= HARDFORK_RBAC_TIME, "Not allowed until RBAC HF"); FC_ASSERT(now >= HARDFORK_RBAC_TIME, "Not allowed until RBAC HF");
op.owner_account(d); op.owner_account(d);
const custom_permission_object& pobj = op.permission_id(d); const custom_permission_object &pobj = op.permission_id(d);
FC_ASSERT(pobj.account == op.owner_account, "Only owner account can update account authority object"); FC_ASSERT(pobj.account == op.owner_account, "Only owner account can update account authority object");
FC_ASSERT(op.valid_to > now, "valid_to expiry should be in future"); FC_ASSERT(op.valid_to > now, "valid_to expiry should be in future");
rbac_operation_hardfork_visitor rvtor(now);
rvtor(op.operation_type);
return void_result(); return void_result();
} }
FC_CAPTURE_AND_RETHROW((op)) FC_CAPTURE_AND_RETHROW((op))
@ -66,7 +63,8 @@ object_id_type create_custom_account_authority_evaluator::do_apply(const custom_
obj.operation_type = op.operation_type; obj.operation_type = op.operation_type;
obj.valid_from = op.valid_from; obj.valid_from = op.valid_from;
obj.valid_to = op.valid_to; obj.valid_to = op.valid_to;
}).id; })
.id;
} }
FC_CAPTURE_AND_RETHROW((op)) FC_CAPTURE_AND_RETHROW((op))
} }
@ -79,20 +77,22 @@ void_result update_custom_account_authority_evaluator::do_evaluate(const custom_
auto now = d.head_block_time(); auto now = d.head_block_time();
FC_ASSERT(now >= HARDFORK_RBAC_TIME, "Not allowed until RBAC HF"); FC_ASSERT(now >= HARDFORK_RBAC_TIME, "Not allowed until RBAC HF");
op.owner_account(d); op.owner_account(d);
const custom_account_authority_object& aobj = op.auth_id(d); const custom_account_authority_object &aobj = op.auth_id(d);
const custom_permission_object& pobj = aobj.permission_id(d); const custom_permission_object &pobj = aobj.permission_id(d);
FC_ASSERT(pobj.account == op.owner_account, "Only owner account can update account authority object"); FC_ASSERT(pobj.account == op.owner_account, "Only owner account can update account authority object");
auto valid_from = aobj.valid_from; auto valid_from = aobj.valid_from;
auto valid_to = aobj.valid_to; auto valid_to = aobj.valid_to;
if (op.new_valid_from) { if (op.new_valid_from)
{
FC_ASSERT(*op.new_valid_from != aobj.valid_from, FC_ASSERT(*op.new_valid_from != aobj.valid_from,
"New valid_from provided is not different from old valid_from"); "New valid_from provided is not different from old valid_from");
valid_from = *op.new_valid_from; valid_from = *op.new_valid_from;
} }
if (op.new_valid_to) { if (op.new_valid_to)
{
FC_ASSERT(*op.new_valid_to != aobj.valid_to, FC_ASSERT(*op.new_valid_to != aobj.valid_to,
"New valid_to provided is not different from old valid_to"); "New valid_to provided is not different from old valid_to");
FC_ASSERT(*op.new_valid_to > now, "New valid_to expiry should be in the future"); FC_ASSERT(*op.new_valid_to > now, "New valid_to expiry should be in the future");
valid_to = *op.new_valid_to; valid_to = *op.new_valid_to;
} }
@ -106,8 +106,8 @@ object_id_type update_custom_account_authority_evaluator::do_apply(const custom_
{ {
try try
{ {
database& d = db(); database &d = db();
const custom_account_authority_object& aobj = op.auth_id(d); const custom_account_authority_object &aobj = op.auth_id(d);
d.modify(aobj, [&op](custom_account_authority_object &obj) { d.modify(aobj, [&op](custom_account_authority_object &obj) {
if (op.new_valid_from) if (op.new_valid_from)
obj.valid_from = *op.new_valid_from; obj.valid_from = *op.new_valid_from;
@ -127,21 +127,22 @@ void_result delete_custom_account_authority_evaluator::do_evaluate(const custom_
auto now = d.head_block_time(); auto now = d.head_block_time();
FC_ASSERT(now >= HARDFORK_RBAC_TIME, "Not allowed until RBAC HF"); FC_ASSERT(now >= HARDFORK_RBAC_TIME, "Not allowed until RBAC HF");
op.owner_account(d); op.owner_account(d);
const custom_account_authority_object& aobj = op.auth_id(d); const custom_account_authority_object &aobj = op.auth_id(d);
const custom_permission_object& pobj = aobj.permission_id(d); const custom_permission_object &pobj = aobj.permission_id(d);
FC_ASSERT(pobj.account == op.owner_account, "Only owner account can delete account authority object"); FC_ASSERT(pobj.account == op.owner_account, "Only owner account can delete account authority object");
return void_result(); return void_result();
} }
FC_CAPTURE_AND_RETHROW((op)) FC_CAPTURE_AND_RETHROW((op))
} }
object_id_type delete_custom_account_authority_evaluator::do_apply(const custom_account_authority_delete_operation &op) void_result delete_custom_account_authority_evaluator::do_apply(const custom_account_authority_delete_operation &op)
{ {
try try
{ {
database &d = db(); database &d = db();
const custom_account_authority_object& aobj = op.auth_id(d); const custom_account_authority_object &aobj = op.auth_id(d);
d.remove(aobj); d.remove(aobj);
return void_result();
} }
FC_CAPTURE_AND_RETHROW((op)) FC_CAPTURE_AND_RETHROW((op))
} }

11
libraries/chain/custom_permission_evaluator.cpp
View file

@ -39,7 +39,8 @@ object_id_type create_custom_permission_evaluator::do_apply(const custom_permiss
obj.account = op.owner_account; obj.account = op.owner_account;
obj.permission_name = op.permission_name; obj.permission_name = op.permission_name;
obj.auth = op.auth; obj.auth = op.auth;
}).id; })
.id;
} }
FC_CAPTURE_AND_RETHROW((op)) FC_CAPTURE_AND_RETHROW((op))
} }
@ -52,7 +53,7 @@ void_result update_custom_permission_evaluator::do_evaluate(const custom_permiss
auto now = d.head_block_time(); auto now = d.head_block_time();
FC_ASSERT(now >= HARDFORK_RBAC_TIME, "Not allowed until RBAC HF"); FC_ASSERT(now >= HARDFORK_RBAC_TIME, "Not allowed until RBAC HF");
op.owner_account(d); op.owner_account(d);
const custom_permission_object& pobj = op.permission_id(d); const custom_permission_object &pobj = op.permission_id(d);
FC_ASSERT(pobj.account == op.owner_account, "Only owner account can update permission object"); FC_ASSERT(pobj.account == op.owner_account, "Only owner account can update permission object");
if (op.new_auth) if (op.new_auth)
{ {
@ -72,7 +73,7 @@ object_id_type update_custom_permission_evaluator::do_apply(const custom_permiss
try try
{ {
database &d = db(); database &d = db();
const custom_permission_object& pobj = op.permission_id(d); const custom_permission_object &pobj = op.permission_id(d);
d.modify(pobj, [&op](custom_permission_object &obj) { d.modify(pobj, [&op](custom_permission_object &obj) {
if (op.new_auth) if (op.new_auth)
obj.auth = *op.new_auth; obj.auth = *op.new_auth;
@ -91,7 +92,7 @@ void_result delete_custom_permission_evaluator::do_evaluate(const custom_permiss
auto now = d.head_block_time(); auto now = d.head_block_time();
FC_ASSERT(now >= HARDFORK_RBAC_TIME, "Not allowed until RBAC HF"); FC_ASSERT(now >= HARDFORK_RBAC_TIME, "Not allowed until RBAC HF");
op.owner_account(d); op.owner_account(d);
const custom_permission_object& pobj = op.permission_id(d); const custom_permission_object &pobj = op.permission_id(d);
FC_ASSERT(pobj.account == op.owner_account, "Only owner account can delete permission object"); FC_ASSERT(pobj.account == op.owner_account, "Only owner account can delete permission object");
return void_result(); return void_result();
} }
@ -103,7 +104,7 @@ void_result delete_custom_permission_evaluator::do_apply(const custom_permission
try try
{ {
database &d = db(); database &d = db();
const custom_permission_object& pobj = op.permission_id(d); const custom_permission_object &pobj = op.permission_id(d);
// TODO: Remove all the custom_account_authority_object linked to this permission object. // TODO: Remove all the custom_account_authority_object linked to this permission object.
d.remove(pobj); d.remove(pobj);
return void_result(); return void_result();

26
libraries/chain/include/graphene/chain/custom_account_authority_evaluator.hpp
View file

@ -2,33 +2,37 @@
#include <graphene/chain/evaluator.hpp> #include <graphene/chain/evaluator.hpp>
#include <graphene/chain/protocol/custom_account_authority.hpp> #include <graphene/chain/protocol/custom_account_authority.hpp>
namespace graphene { namespace chain { namespace graphene
{
namespace chain
{
class create_custom_account_authority_evaluator : public evaluator<create_custom_account_authority_evaluator> class create_custom_account_authority_evaluator : public evaluator<create_custom_account_authority_evaluator>
{ {
public: public:
typedef custom_account_authority_create_operation operation_type; typedef custom_account_authority_create_operation operation_type;
void_result do_evaluate(const custom_account_authority_create_operation& o); void_result do_evaluate(const custom_account_authority_create_operation &o);
object_id_type do_apply(const custom_account_authority_create_operation& o); object_id_type do_apply(const custom_account_authority_create_operation &o);
}; };
class update_custom_account_authority_evaluator : public evaluator<update_custom_account_authority_evaluator> class update_custom_account_authority_evaluator : public evaluator<update_custom_account_authority_evaluator>
{ {
public: public:
typedef custom_account_authority_update_operation operation_type; typedef custom_account_authority_update_operation operation_type;
void_result do_evaluate(const custom_account_authority_update_operation& o); void_result do_evaluate(const custom_account_authority_update_operation &o);
object_id_type do_apply(const custom_account_authority_update_operation& o); object_id_type do_apply(const custom_account_authority_update_operation &o);
}; };
class delete_custom_account_authority_evaluator : public evaluator<delete_custom_account_authority_evaluator> class delete_custom_account_authority_evaluator : public evaluator<delete_custom_account_authority_evaluator>
{ {
public: public:
typedef custom_account_authority_delete_operation operation_type; typedef custom_account_authority_delete_operation operation_type;
void_result do_evaluate(const custom_account_authority_delete_operation& o); void_result do_evaluate(const custom_account_authority_delete_operation &o);
object_id_type do_apply(const custom_account_authority_delete_operation& o); void_result do_apply(const custom_account_authority_delete_operation &o);
}; };
} } // namespace graphene::chain } // namespace chain
} // namespace graphene

26
libraries/chain/include/graphene/chain/custom_permission_evaluator.hpp
View file

@ -2,33 +2,37 @@
#include <graphene/chain/evaluator.hpp> #include <graphene/chain/evaluator.hpp>
#include <graphene/chain/protocol/custom_permission.hpp> #include <graphene/chain/protocol/custom_permission.hpp>
namespace graphene { namespace chain { namespace graphene
{
namespace chain
{
class create_custom_permission_evaluator : public evaluator<create_custom_permission_evaluator> class create_custom_permission_evaluator : public evaluator<create_custom_permission_evaluator>
{ {
public: public:
typedef custom_permission_create_operation operation_type; typedef custom_permission_create_operation operation_type;
void_result do_evaluate(const custom_permission_create_operation& o); void_result do_evaluate(const custom_permission_create_operation &o);
object_id_type do_apply(const custom_permission_create_operation& o); object_id_type do_apply(const custom_permission_create_operation &o);
}; };
class update_custom_permission_evaluator : public evaluator<update_custom_permission_evaluator> class update_custom_permission_evaluator : public evaluator<update_custom_permission_evaluator>
{ {
public: public:
typedef custom_permission_update_operation operation_type; typedef custom_permission_update_operation operation_type;
void_result do_evaluate(const custom_permission_update_operation& o); void_result do_evaluate(const custom_permission_update_operation &o);
object_id_type do_apply(const custom_permission_update_operation& o); object_id_type do_apply(const custom_permission_update_operation &o);
}; };
class delete_custom_permission_evaluator : public evaluator<delete_custom_permission_evaluator> class delete_custom_permission_evaluator : public evaluator<delete_custom_permission_evaluator>
{ {
public: public:
typedef custom_permission_delete_operation operation_type; typedef custom_permission_delete_operation operation_type;
void_result do_evaluate(const custom_permission_delete_operation& o); void_result do_evaluate(const custom_permission_delete_operation &o);
void_result do_apply(const custom_permission_delete_operation& o); void_result do_apply(const custom_permission_delete_operation &o);
}; };
} } // namespace graphene::chain } // namespace chain
} // namespace graphene

99
libraries/chain/include/graphene/chain/protocol/custom_account_authority.hpp
View file

@ -1,59 +1,72 @@
#pragma once #pragma once
#include <graphene/chain/protocol/base.hpp> #include <graphene/chain/protocol/base.hpp>
namespace graphene { namespace chain { namespace graphene
{
namespace chain
{
struct custom_account_authority_create_operation : public base_operation struct custom_account_authority_create_operation : public base_operation
{
struct fee_parameters_type
{ {
struct fee_parameters_type { uint64_t fee = 0; }; uint64_t fee = 0;
asset fee;
custom_permission_id_type permission_id;
int operation_type;
time_point_sec valid_from;
time_point_sec valid_to;
account_id_type owner_account;
account_id_type fee_payer()const { return owner_account; }
void validate() const;
share_type calculate_fee(const fee_parameters_type& k)const { return 0; }
}; };
struct custom_account_authority_update_operation : public base_operation asset fee;
custom_permission_id_type permission_id;
int operation_type;
time_point_sec valid_from;
time_point_sec valid_to;
account_id_type owner_account;
account_id_type fee_payer() const { return owner_account; }
void validate() const;
share_type calculate_fee(const fee_parameters_type &k) const { return 0; }
};
struct custom_account_authority_update_operation : public base_operation
{
struct fee_parameters_type
{ {
struct fee_parameters_type { uint64_t fee = 0; }; uint64_t fee = 0;
asset fee;
custom_account_authority_id_type auth_id;
optional<time_point_sec> new_valid_from;
optional<time_point_sec> new_valid_to;
account_id_type owner_account;
account_id_type fee_payer()const { return owner_account; }
void validate() const;
share_type calculate_fee(const fee_parameters_type& k)const { return 0; }
}; };
struct custom_account_authority_delete_operation : public base_operation asset fee;
custom_account_authority_id_type auth_id;
optional<time_point_sec> new_valid_from;
optional<time_point_sec> new_valid_to;
account_id_type owner_account;
account_id_type fee_payer() const { return owner_account; }
void validate() const;
share_type calculate_fee(const fee_parameters_type &k) const { return 0; }
};
struct custom_account_authority_delete_operation : public base_operation
{
struct fee_parameters_type
{ {
struct fee_parameters_type { uint64_t fee = 0; }; uint64_t fee = 0;
asset fee;
custom_account_authority_id_type auth_id;
account_id_type owner_account;
account_id_type fee_payer()const { return owner_account; }
void validate() const;
share_type calculate_fee(const fee_parameters_type& k)const { return 0; }
}; };
} } // namespace graphene::chain asset fee;
custom_account_authority_id_type auth_id;
account_id_type owner_account;
FC_REFLECT(graphene::chain::custom_account_authority_create_operation::fee_parameters_type, (fee) ) account_id_type fee_payer() const { return owner_account; }
FC_REFLECT(graphene::chain::custom_account_authority_create_operation, (fee)(permission_id)(operation_type)(valid_from)(valid_to)(owner_account) ) void validate() const;
share_type calculate_fee(const fee_parameters_type &k) const { return 0; }
};
FC_REFLECT(graphene::chain::custom_account_authority_update_operation::fee_parameters_type, (fee) ) } // namespace chain
FC_REFLECT(graphene::chain::custom_account_authority_update_operation, (fee)(auth_id)(new_valid_from)(new_valid_to)(owner_account) ) } // namespace graphene
FC_REFLECT(graphene::chain::custom_account_authority_delete_operation::fee_parameters_type, (fee) ) FC_REFLECT(graphene::chain::custom_account_authority_create_operation::fee_parameters_type, (fee))
FC_REFLECT(graphene::chain::custom_account_authority_delete_operation, (fee)(auth_id)(owner_account) ) FC_REFLECT(graphene::chain::custom_account_authority_create_operation, (fee)(permission_id)(operation_type)(valid_from)(valid_to)(owner_account))
FC_REFLECT(graphene::chain::custom_account_authority_update_operation::fee_parameters_type, (fee))
FC_REFLECT(graphene::chain::custom_account_authority_update_operation, (fee)(auth_id)(new_valid_from)(new_valid_to)(owner_account))
FC_REFLECT(graphene::chain::custom_account_authority_delete_operation::fee_parameters_type, (fee))
FC_REFLECT(graphene::chain::custom_account_authority_delete_operation, (fee)(auth_id)(owner_account))

93
libraries/chain/include/graphene/chain/protocol/custom_permission.hpp
View file

@ -1,56 +1,69 @@
#pragma once #pragma once
#include <graphene/chain/protocol/base.hpp> #include <graphene/chain/protocol/base.hpp>
namespace graphene { namespace chain { namespace graphene
{
namespace chain
{
struct custom_permission_create_operation : public base_operation struct custom_permission_create_operation : public base_operation
{
struct fee_parameters_type
{ {
struct fee_parameters_type { uint64_t fee = 0; }; uint64_t fee = 0;
asset fee;
account_id_type owner_account;
string permission_name;
authority auth;
account_id_type fee_payer()const { return owner_account; }
void validate() const;
share_type calculate_fee(const fee_parameters_type& k)const { return 0; }
}; };
struct custom_permission_update_operation : public base_operation asset fee;
account_id_type owner_account;
string permission_name;
authority auth;
account_id_type fee_payer() const { return owner_account; }
void validate() const;
share_type calculate_fee(const fee_parameters_type &k) const { return 0; }
};
struct custom_permission_update_operation : public base_operation
{
struct fee_parameters_type
{ {
struct fee_parameters_type { uint64_t fee = 0; }; uint64_t fee = 0;
asset fee;
custom_permission_id_type permission_id;
optional<authority> new_auth;
account_id_type owner_account;
account_id_type fee_payer()const { return owner_account; }
void validate() const;
share_type calculate_fee(const fee_parameters_type& k)const { return 0; }
}; };
struct custom_permission_delete_operation : public base_operation asset fee;
custom_permission_id_type permission_id;
optional<authority> new_auth;
account_id_type owner_account;
account_id_type fee_payer() const { return owner_account; }
void validate() const;
share_type calculate_fee(const fee_parameters_type &k) const { return 0; }
};
struct custom_permission_delete_operation : public base_operation
{
struct fee_parameters_type
{ {
struct fee_parameters_type { uint64_t fee = 0; }; uint64_t fee = 0;
asset fee;
custom_permission_id_type permission_id;
account_id_type owner_account;
account_id_type fee_payer()const { return owner_account; }
void validate() const;
share_type calculate_fee(const fee_parameters_type& k)const { return 0; }
}; };
} } // namespace graphene::chain asset fee;
custom_permission_id_type permission_id;
account_id_type owner_account;
FC_REFLECT(graphene::chain::custom_permission_create_operation::fee_parameters_type, (fee) ) account_id_type fee_payer() const { return owner_account; }
FC_REFLECT(graphene::chain::custom_permission_create_operation, (fee)(owner_account)(permission_name)(auth) ) void validate() const;
share_type calculate_fee(const fee_parameters_type &k) const { return 0; }
};
FC_REFLECT(graphene::chain::custom_permission_update_operation::fee_parameters_type, (fee) ) } // namespace chain
FC_REFLECT(graphene::chain::custom_permission_update_operation, (fee)(permission_id)(new_auth)(owner_account) ) } // namespace graphene
FC_REFLECT(graphene::chain::custom_permission_delete_operation::fee_parameters_type, (fee) ) FC_REFLECT(graphene::chain::custom_permission_create_operation::fee_parameters_type, (fee))
FC_REFLECT(graphene::chain::custom_permission_delete_operation, (fee)(permission_id)(owner_account) ) FC_REFLECT(graphene::chain::custom_permission_create_operation, (fee)(owner_account)(permission_name)(auth))
FC_REFLECT(graphene::chain::custom_permission_update_operation::fee_parameters_type, (fee))
FC_REFLECT(graphene::chain::custom_permission_update_operation, (fee)(permission_id)(new_auth)(owner_account))
FC_REFLECT(graphene::chain::custom_permission_delete_operation::fee_parameters_type, (fee))
FC_REFLECT(graphene::chain::custom_permission_delete_operation, (fee)(permission_id)(owner_account))

35
libraries/chain/protocol/custom_account_authority.cpp
View file

@ -1,39 +1,38 @@
#include <graphene/chain/protocol/custom_account_authority.hpp> #include <graphene/chain/protocol/custom_account_authority.hpp>
#include <graphene/chain/protocol/operations.hpp> #include <graphene/chain/protocol/operations.hpp>
namespace graphene { namespace chain { namespace graphene
{
namespace chain
{
void custom_account_authority_create_operation::validate()const { void custom_account_authority_create_operation::validate() const
{
FC_ASSERT(fee.amount >= 0, "Fee must not be negative"); FC_ASSERT(fee.amount >= 0, "Fee must not be negative");
FC_ASSERT(owner_account != GRAPHENE_TEMP_ACCOUNT FC_ASSERT(owner_account != GRAPHENE_TEMP_ACCOUNT && owner_account != GRAPHENE_COMMITTEE_ACCOUNT && owner_account != GRAPHENE_WITNESS_ACCOUNT && owner_account != GRAPHENE_RELAXED_COMMITTEE_ACCOUNT,
&& owner_account != GRAPHENE_COMMITTEE_ACCOUNT
&& owner_account != GRAPHENE_WITNESS_ACCOUNT
&& owner_account != GRAPHENE_RELAXED_COMMITTEE_ACCOUNT,
"Custom permissions and account auths cannot be created for special accounts"); "Custom permissions and account auths cannot be created for special accounts");
FC_ASSERT(valid_from < valid_to, "valid_from should be earlier than valid_to"); FC_ASSERT(valid_from < valid_to, "valid_from should be earlier than valid_to");
FC_ASSERT(operation_type >= 0 && operation_type < operation::count(), "operation_type is not valid"); FC_ASSERT(operation_type >= 0 && operation_type < operation::count(), "operation_type is not valid");
} }
void custom_account_authority_update_operation::validate()const { void custom_account_authority_update_operation::validate() const
{
FC_ASSERT(fee.amount >= 0, "Fee must not be negative"); FC_ASSERT(fee.amount >= 0, "Fee must not be negative");
FC_ASSERT(owner_account != GRAPHENE_TEMP_ACCOUNT FC_ASSERT(owner_account != GRAPHENE_TEMP_ACCOUNT && owner_account != GRAPHENE_COMMITTEE_ACCOUNT && owner_account != GRAPHENE_WITNESS_ACCOUNT && owner_account != GRAPHENE_RELAXED_COMMITTEE_ACCOUNT,
&& owner_account != GRAPHENE_COMMITTEE_ACCOUNT
&& owner_account != GRAPHENE_WITNESS_ACCOUNT
&& owner_account != GRAPHENE_RELAXED_COMMITTEE_ACCOUNT,
"Custom permissions and account auths cannot be created for special accounts"); "Custom permissions and account auths cannot be created for special accounts");
FC_ASSERT(new_valid_from.valid() || new_valid_to.valid(), "Something must be updated"); FC_ASSERT(new_valid_from.valid() || new_valid_to.valid(), "Something must be updated");
if (new_valid_from && new_valid_to) { if (new_valid_from && new_valid_to)
{
FC_ASSERT(*new_valid_from < *new_valid_to, "valid_from should be earlier than valid_to"); FC_ASSERT(*new_valid_from < *new_valid_to, "valid_from should be earlier than valid_to");
} }
} }
void custom_account_authority_delete_operation::validate()const { void custom_account_authority_delete_operation::validate() const
{
FC_ASSERT(fee.amount >= 0, "Fee must not be negative"); FC_ASSERT(fee.amount >= 0, "Fee must not be negative");
FC_ASSERT(owner_account != GRAPHENE_TEMP_ACCOUNT FC_ASSERT(owner_account != GRAPHENE_TEMP_ACCOUNT && owner_account != GRAPHENE_COMMITTEE_ACCOUNT && owner_account != GRAPHENE_WITNESS_ACCOUNT && owner_account != GRAPHENE_RELAXED_COMMITTEE_ACCOUNT,
&& owner_account != GRAPHENE_COMMITTEE_ACCOUNT
&& owner_account != GRAPHENE_WITNESS_ACCOUNT
&& owner_account != GRAPHENE_RELAXED_COMMITTEE_ACCOUNT,
"Custom permissions and account auths cannot be created for special accounts"); "Custom permissions and account auths cannot be created for special accounts");
} }
} } // graphene::chain } // namespace chain
} // namespace graphene

103
libraries/chain/protocol/custom_permission.cpp
View file

@ -1,77 +1,80 @@
#include <graphene/chain/protocol/custom_permission.hpp> #include <graphene/chain/protocol/custom_permission.hpp>
#include <graphene/chain/protocol/operations.hpp> #include <graphene/chain/protocol/operations.hpp>
namespace graphene { namespace chain { namespace graphene
{
namespace chain
{
bool is_valid_permission_name( const string& name ) bool is_valid_permission_name(const string &name)
{ try { {
const size_t len = name.size(); try
// RBAC_MIN_PERMISSION_NAME_LENGTH <= len minimum length check
if( len < RBAC_MIN_PERMISSION_NAME_LENGTH )
{ {
return false; const size_t len = name.size();
} // RBAC_MIN_PERMISSION_NAME_LENGTH <= len minimum length check
// len <= RBAC_MAX_PERMISSION_NAME_LENGTH max length check if (len < RBAC_MIN_PERMISSION_NAME_LENGTH)
if( len > RBAC_MAX_PERMISSION_NAME_LENGTH ) {
{ return false;
return false; }
} // len <= RBAC_MAX_PERMISSION_NAME_LENGTH max length check
// First character should be a letter between a-z if (len > RBAC_MAX_PERMISSION_NAME_LENGTH)
if( !(name[0] >= 'a' && name[0] <= 'z') ) {
{ return false;
return false; }
} // First character should be a letter between a-z
// Any character of a permission name should either be a small case letter a-z or a digit 0-9 if (!(name[0] >= 'a' && name[0] <= 'z'))
for( const auto& ch: name) {
{ return false;
if( !((ch >= 'a' && ch <= 'z') || (ch >= '0' && ch <= '9')) ) }
// Any character of a permission name should either be a small case letter a-z or a digit 0-9
for (const auto &ch : name)
{
if (!((ch >= 'a' && ch <= 'z') || (ch >= '0' && ch <= '9')))
{
return false;
}
}
// Don't accept active and owner permissions as we already have them by default
// This is for removing ambiguity for users, accepting them doesn't create any problems
if (name == "active" || name == "owner")
{ {
return false; return false;
} }
}
// Don't accept active and owner permissions as we already have them by default
// This is for removing ambiguity for users, accepting them doesn't create any problems
if( name == "active" || name == "owner" )
{
return false;
}
return true; return true;
} FC_CAPTURE_AND_RETHROW( (name) ) } }
FC_CAPTURE_AND_RETHROW((name))
}
void custom_permission_create_operation::validate()const { void custom_permission_create_operation::validate() const
{
FC_ASSERT(fee.amount >= 0, "Fee must not be negative"); FC_ASSERT(fee.amount >= 0, "Fee must not be negative");
FC_ASSERT(is_valid_permission_name( permission_name ), "Invalid permission name provided"); FC_ASSERT(is_valid_permission_name(permission_name), "Invalid permission name provided");
FC_ASSERT(owner_account != GRAPHENE_TEMP_ACCOUNT FC_ASSERT(owner_account != GRAPHENE_TEMP_ACCOUNT && owner_account != GRAPHENE_COMMITTEE_ACCOUNT && owner_account != GRAPHENE_WITNESS_ACCOUNT && owner_account != GRAPHENE_RELAXED_COMMITTEE_ACCOUNT,
&& owner_account != GRAPHENE_COMMITTEE_ACCOUNT
&& owner_account != GRAPHENE_WITNESS_ACCOUNT
&& owner_account != GRAPHENE_RELAXED_COMMITTEE_ACCOUNT,
"Custom permissions and account auths cannot be created for special accounts"); "Custom permissions and account auths cannot be created for special accounts");
FC_ASSERT(!auth.is_impossible(), "Impossible authority threshold auth provided"); FC_ASSERT(!auth.is_impossible(), "Impossible authority threshold auth provided");
FC_ASSERT(auth.address_auths.size() == 0, "Only account and key auths supported"); FC_ASSERT(auth.address_auths.size() == 0, "Only account and key auths supported");
} }
void custom_permission_update_operation::validate()const { void custom_permission_update_operation::validate() const
{
FC_ASSERT(fee.amount >= 0, "Fee must not be negative"); FC_ASSERT(fee.amount >= 0, "Fee must not be negative");
FC_ASSERT(owner_account != GRAPHENE_TEMP_ACCOUNT FC_ASSERT(owner_account != GRAPHENE_TEMP_ACCOUNT && owner_account != GRAPHENE_COMMITTEE_ACCOUNT && owner_account != GRAPHENE_WITNESS_ACCOUNT && owner_account != GRAPHENE_RELAXED_COMMITTEE_ACCOUNT,
&& owner_account != GRAPHENE_COMMITTEE_ACCOUNT
&& owner_account != GRAPHENE_WITNESS_ACCOUNT
&& owner_account != GRAPHENE_RELAXED_COMMITTEE_ACCOUNT,
"Custom permissions and account auths cannot be created for special accounts"); "Custom permissions and account auths cannot be created for special accounts");
FC_ASSERT( new_auth.valid(), "Something must be updated"); FC_ASSERT(new_auth.valid(), "Something must be updated");
if (new_auth) { if (new_auth)
{
FC_ASSERT(!new_auth->is_impossible(), "Impossible authority threshold auth provided"); FC_ASSERT(!new_auth->is_impossible(), "Impossible authority threshold auth provided");
FC_ASSERT(new_auth->address_auths.size() == 0, "Only account and key auths supported"); FC_ASSERT(new_auth->address_auths.size() == 0, "Only account and key auths supported");
} }
} }
void custom_permission_delete_operation::validate()const { void custom_permission_delete_operation::validate() const
{
FC_ASSERT(fee.amount >= 0, "Fee must not be negative"); FC_ASSERT(fee.amount >= 0, "Fee must not be negative");
FC_ASSERT(owner_account != GRAPHENE_TEMP_ACCOUNT FC_ASSERT(owner_account != GRAPHENE_TEMP_ACCOUNT && owner_account != GRAPHENE_COMMITTEE_ACCOUNT && owner_account != GRAPHENE_WITNESS_ACCOUNT && owner_account != GRAPHENE_RELAXED_COMMITTEE_ACCOUNT,
&& owner_account != GRAPHENE_COMMITTEE_ACCOUNT
&& owner_account != GRAPHENE_WITNESS_ACCOUNT
&& owner_account != GRAPHENE_RELAXED_COMMITTEE_ACCOUNT,
"Custom permissions and account auths cannot be created for special accounts"); "Custom permissions and account auths cannot be created for special accounts");
} }
} } // graphene::chain } // namespace chain
} // namespace graphene