Skip to content
This repository has been archived by the owner on Aug 2, 2022. It is now read-only.

Commit

Permalink
Ref #123: Implement lookup_minimum_permission
Browse files Browse the repository at this point in the history
Add docs on some of the types, register the index, and implement
chain_controller::lookup_minimum_permission.
  • Loading branch information
nathanielhourt committed Aug 3, 2017
1 parent a744f46 commit 8dda914
Show file tree
Hide file tree
Showing 3 changed files with 32 additions and 7 deletions.
19 changes: 16 additions & 3 deletions libraries/chain/chain_controller.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@
#include <eos/chain/action_objects.hpp>
#include <eos/chain/transaction_object.hpp>
#include <eos/chain/producer_object.hpp>
#include <eos/chain/permission_link_object.hpp>

#include <eos/chain/wasm_interface.hpp>

Expand Down Expand Up @@ -533,9 +534,20 @@ const permission_object& chain_controller::lookup_minimum_permission(types::Acco
types::AccountName code_account,
types::FuncName type) const {
try {
#warning TODO: Define messages/contracts/index for users to specify which authority levels correspond to which message types
// ... and look up the real minimum permission
return _db.get<permission_object, by_owner>(boost::make_tuple(authorizer_account, "active"));
// First look up a specific link for this message type
auto key = boost::make_tuple(authorizer_account, code_account, type);
auto link = _db.find<permission_link_object, by_message_type>(key);
// If no specific link found, check for a contract-wide default
if (link == nullptr) {
get<2>(key) = "";
link = _db.find<permission_link_object, by_message_type>(key);
}

// If no specific or default link found, use active permission
auto permissionKey = boost::make_tuple<AccountName, PermissionName>(authorizer_account, "active");
if (link != nullptr)
get<1>(permissionKey) = link->required_permission;
return _db.get<permission_object, by_owner>(permissionKey);
} FC_CAPTURE_AND_RETHROW((authorizer_account)(code_account)(type))
}

Expand Down Expand Up @@ -799,6 +811,7 @@ uint32_t chain_controller::last_irreversible_block_num() const {
void chain_controller::initialize_indexes() {
_db.add_index<account_index>();
_db.add_index<permission_index>();
_db.add_index<permission_link_index>();
_db.add_index<action_permission_index>();
_db.add_index<key_value_index>();
_db.add_index<key128x128_value_index>();
Expand Down
12 changes: 12 additions & 0 deletions libraries/chain/include/eos/chain/permission_link_object.hpp
Original file line number Diff line number Diff line change
Expand Up @@ -38,14 +38,26 @@ namespace eos { namespace chain {
* permission_link_object for his account with "currency" as the code account, "transfer" as the message_type, and
* "money" as the required_permission. After this, in order to validate, any message to "currency" of type
* "transfer" that requires joe's approval would require signatures sufficient to satisfy joe's "money" authority.
*
* Accounts may set links to individual message types, or may set default permission requirements for all messages
* to a given contract. To set the default for all messages to a given contract, set @ref message_type to the empty
* string. When looking up which permission to use, if a link is found for a particular {account, code,
* message_type} triplet, then the required_permission from that link is used. If no such link is found, but a link
* is found for {account, code, ""}, then the required_permission from that link is used. If no such link is found,
* account's active authority is used.
*/
class permission_link_object : public chainbase::object<permission_link_object_type, permission_link_object> {
OBJECT_CTOR(permission_link_object)

id_type id;
/// The account which is defining its permission requirements
AccountName account;
/// The contract which account requires @ref required_permission to invoke
AccountName code;
/// The message type which account requires @ref required_permission to invoke
/// May be empty; if so, it sets a default @ref required_permission for all messages to @ref code
FuncName message_type;
/// The permission level which @ref account requires for the specified message types
PermissionName required_permission;
};

Expand Down
8 changes: 4 additions & 4 deletions libraries/types/types.eos
Original file line number Diff line number Diff line change
Expand Up @@ -127,7 +127,7 @@ struct DeletePermission
permission PermissionName

struct requirepermission
account AccountName
code AccountName
type FuncName
requirement PermissionName
account AccountName # The account to require permissions for
code AccountName # The contract to require permissions to invoke
type FuncName # The message type to require permissions to invoke (if empty, all message types for contract)
requirement PermissionName # The permission name to require

0 comments on commit 8dda914

Please sign in to comment.