start to define permission structure

EOSIO · Apr 19, 2017 · 4e59a50 · 4e59a50
1 parent b0d596b
commit 4e59a50
Show file tree

Hide file tree

Showing 4 changed files with 142 additions and 189 deletions.
diff --git a/libraries/chain/database.cpp b/libraries/chain/database.cpp
@@ -627,7 +627,11 @@ uint32_t database::last_irreversible_block_num() const
 
 void database::initialize_indexes()
 {
-   add_index<account_multi_index>();
+   add_index<account_index>();
+   add_index<permission_index>();
+   add_index<action_code_index>();
+   add_index<action_permission_index>();
+
    add_index<global_property_multi_index>();
    add_index<dynamic_global_property_multi_index>();
    add_index<block_summary_multi_index>();
@@ -656,8 +660,8 @@ void database::init_genesis(const genesis_state_type& genesis_state)
    for (const auto& acct : genesis_state.initial_accounts) {
       create<account_object>([&acct](account_object& a) {
          a.name = acct.name.c_str();
-         a.active_key = acct.active_key;
-         a.owner_key = acct.owner_key;
+//         a.active_key = acct.active_key;
+//         a.owner_key = acct.owner_key;
       });
    }
    // Create initial producers

diff --git a/libraries/chain/include/eos/chain/account_object.hpp b/libraries/chain/include/eos/chain/account_object.hpp
@@ -33,26 +33,145 @@ namespace eos { namespace chain {
 
       id_type           id;
       shared_string     name;
-      public_key_type   owner_key;
-      public_key_type   active_key;
    };
 
    struct by_name;
-   using account_multi_index = chainbase::shared_multi_index_container<
+   using account_index = chainbase::shared_multi_index_container<
       account_object,
       indexed_by<
          ordered_unique<tag<by_id>, member<account_object, account_object::id_type, &account_object::id>>,
          ordered_unique<tag<by_name>, member<account_object, shared_string, &account_object::name>,
                         chainbase::strcmp_less>
       >
    >;
+
+   class permission_object : public chainbase::object<permission_object_type, permission_object>
+   {
+      OBJECT_CTOR(permission_object, (name))
+
+      id_type         id;
+      account_id_type owner; ///< the account this permission belongs to
+      id_type         parent; ///< parent permission 
+      shared_string   name;
+#warning TODO - add shared_authority to permission object
+     // shared_authority auth; ///< TODO
+   };
+
+
+
+   struct by_parent;
+   struct by_owner;
+   using permission_index = chainbase::shared_multi_index_container<
+      permission_object,
+      indexed_by<
+         ordered_unique<tag<by_id>, member<permission_object, permission_object::id_type, &permission_object::id>>,
+         ordered_unique<tag<by_parent>, 
+            composite_key< permission_object,
+               member<permission_object, permission_object::id_type, &permission_object::parent>,
+               member<permission_object, permission_object::id_type, &permission_object::id>
+            >
+         >,
+         ordered_unique<tag<by_owner>, 
+            composite_key< permission_object,
+               member<permission_object, account_object::id_type, &permission_object::owner>,
+               member<permission_object, permission_object::id_type, &permission_object::id>
+            >
+         >,
+         ordered_unique<tag<by_name>, member<permission_object, shared_string, &permission_object::name>, chainbase::strcmp_less>
+      >
+   >;
+
+
+   /**
+    * This table defines all of the event handlers for every contract
+    */
+   class action_code_object : public chainbase::object<action_code_object_type, action_code_object>
+   {
+      OBJECT_CTOR(action_code_object, (action)(validate_action)(validate_precondition)(apply) )
+
+      id_type                        id;
+      account_id_type                scope;
+      permission_object::id_type     permission;
+
+#warning TODO: convert action name to fixed with string
+      shared_string   action; ///< the name of the action (defines serialization)
+      shared_string   validate_action; ///< read only access to action
+      shared_string   validate_precondition; ///< read only access to state
+      shared_string   apply; ///< the code that executes the state transition
+   };
+
+   struct by_parent;
+   struct by_scope_action;
+   using action_code_index = chainbase::shared_multi_index_container<
+      action_code_object,
+      indexed_by<
+         ordered_unique<tag<by_id>, member<action_code_object, action_code_object::id_type, &action_code_object::id>>,
+         ordered_unique<tag<by_scope_action>, 
+            composite_key< action_code_object,
+               member<action_code_object, account_id_type, &action_code_object::scope>,
+               member<action_code_object, shared_string, &action_code_object::action>
+            >,
+            composite_key_compare< std::less<account_id_type>, chainbase::strcmp_less >
+         >
+      >
+   >;
+
+
+   /**
+    *  Maps the permission level on the code to the permission level specififed by owner, when specifying a contract the
+    *  contract will specify 1 permission_object per action, and by default the parent of that permission object will be
+    *  the active permission of the contract; however, the contract owner could group their actions any way they like.
+    *
+    *  When it comes time to evaluate whether User can call Action on Contract with UserPermissionLevel the algorithm 
+    *  operates as follows:
+    *
+    *  let scope_permission = action_code.permission
+    *  while( ! mapping for (scope_permission / owner )
+    *    scope_permission = scope_permission.parent
+    *    if( !scope_permission ) 
+    *       user permission => active 
+    *       break;
+    *
+    *   Now that we know the required user permission...
+    *
+    *   while( ! transaction.has( user_permission ) )
+    *       user_permission = user_permission.parent
+    *       if( !user_permission )
+    *          throw invalid permission
+    *   pass
+    */
+   class action_permission_object : public chainbase::object<action_permission_object_type, action_permission_object>
+   {
+      OBJECT_CTOR(action_permission_object)
+
+      id_type                        id;
+      account_id_type                owner; ///< the account whose permission we seek
+      permission_object::id_type     scope_permission; ///< the scope permission defined by the contract for the action
+      permission_object::id_type     owner_permission; ///< the owner permission that is required
+   };
+
+   struct by_owner_scope;
+   using action_permission_index = chainbase::shared_multi_index_container<
+      action_permission_object,
+      indexed_by<
+         ordered_unique<tag<by_id>, member<action_permission_object, action_permission_object::id_type, &action_permission_object::id>>,
+         ordered_unique<tag<by_owner_scope>, 
+            composite_key< action_permission_object,
+               member<action_permission_object, account_id_type, &action_permission_object::owner>,
+               member<action_permission_object, permission_object::id_type, &action_permission_object::scope_permission>
+            >
+         >
+      >
+   >;
+
 } } // eos::chain
 
-CHAINBASE_SET_INDEX_TYPE(eos::chain::account_object, eos::chain::account_multi_index)
+CHAINBASE_SET_INDEX_TYPE(eos::chain::account_object, eos::chain::account_index)
+CHAINBASE_SET_INDEX_TYPE(eos::chain::permission_object, eos::chain::permission_index)
+CHAINBASE_SET_INDEX_TYPE(eos::chain::action_code_object, eos::chain::action_code_index)
+CHAINBASE_SET_INDEX_TYPE(eos::chain::action_permission_object, eos::chain::action_permission_index)
 
-FC_REFLECT(eos::chain::account_object,
-           (id)
-           (name)
-           (owner_key)
-           (active_key)
-          )
+FC_REFLECT(eos::chain::account_object, (id)(name))
+FC_REFLECT(eos::chain::permission_object, (id)(owner)(parent)(name) )
+FC_REFLECT(eos::chain::action_code_object, (id)(scope)(permission)(action)(validate_action)(validate_precondition)(apply) )
+FC_REFLECT(eos::chain::action_permission_object, (id)(owner)(owner_permission)(scope_permission) )
diff --git a/libraries/chain/include/eos/chain/protocol/types.hpp b/libraries/chain/include/eos/chain/protocol/types.hpp
@@ -119,6 +119,9 @@ namespace eos { namespace chain {
    {
       null_object_type,
       account_object_type,
+      permission_object_type,
+      action_code_object_type,
+      action_permission_object_type,
       global_property_object_type,
       dynamic_global_property_object_type,
       block_summary_object_type,
@@ -165,74 +168,27 @@ namespace eos { namespace chain {
        bool is_valid_v1( const std::string& base58str );
    };
 
-   struct extended_public_key_type
-   {
-      struct binary_key
-      {
-         binary_key() {}
-         uint32_t                   check = 0;
-         fc::ecc::extended_key_data data;
-      };
-
-      fc::ecc::extended_key_data key_data;
-
-      extended_public_key_type();
-      extended_public_key_type( const fc::ecc::extended_key_data& data );
-      extended_public_key_type( const fc::ecc::extended_public_key& extpubkey );
-      explicit extended_public_key_type( const std::string& base58str );
-      operator fc::ecc::extended_public_key() const;
-      explicit operator std::string() const;
-      friend bool operator == ( const extended_public_key_type& p1, const fc::ecc::extended_public_key& p2);
-      friend bool operator == ( const extended_public_key_type& p1, const extended_public_key_type& p2);
-      friend bool operator != ( const extended_public_key_type& p1, const extended_public_key_type& p2);
-   };
 
-   struct extended_private_key_type
-   {
-      struct binary_key
-      {
-         binary_key() {}
-         uint32_t                   check = 0;
-         fc::ecc::extended_key_data data;
-      };
-
-      fc::ecc::extended_key_data key_data;
-
-      extended_private_key_type();
-      extended_private_key_type( const fc::ecc::extended_key_data& data );
-      extended_private_key_type( const fc::ecc::extended_private_key& extprivkey );
-      explicit extended_private_key_type( const std::string& base58str );
-      operator fc::ecc::extended_private_key() const;
-      explicit operator std::string() const;
-      friend bool operator == ( const extended_private_key_type& p1, const fc::ecc::extended_private_key& p2);
-      friend bool operator == ( const extended_private_key_type& p1, const extended_private_key_type& p2);
-      friend bool operator != ( const extended_private_key_type& p1, const extended_private_key_type& p2);
-   };
 } }  // eos::chain
 
 namespace fc
 {
     void to_variant( const eos::chain::public_key_type& var,  fc::variant& vo );
     void from_variant( const fc::variant& var,  eos::chain::public_key_type& vo );
-    void to_variant( const eos::chain::extended_public_key_type& var, fc::variant& vo );
-    void from_variant( const fc::variant& var, eos::chain::extended_public_key_type& vo );
-    void to_variant( const eos::chain::extended_private_key_type& var, fc::variant& vo );
-    void from_variant( const fc::variant& var, eos::chain::extended_private_key_type& vo );
 }
 
 FC_REFLECT( eos::chain::public_key_type, (key_data) )
 FC_REFLECT( eos::chain::public_key_type::binary_key, (data)(check) )
-FC_REFLECT( eos::chain::extended_public_key_type, (key_data) )
-FC_REFLECT( eos::chain::extended_public_key_type::binary_key, (check)(data) )
-FC_REFLECT( eos::chain::extended_private_key_type, (key_data) )
-FC_REFLECT( eos::chain::extended_private_key_type::binary_key, (check)(data) )
 
 FC_REFLECT(eos::chain::account_id_type, (_id))
 FC_REFLECT(eos::chain::producer_id_type, (_id))
 
 FC_REFLECT_ENUM( eos::chain::object_type,
                  (null_object_type)
                  (account_object_type)
+                 (permission_object_type)
+                 (action_code_object_type)
+                 (action_permission_object_type)
                  (global_property_object_type)
                  (dynamic_global_property_object_type)
                  (block_summary_object_type)