Skip to content

Commit

Permalink
fixup! fixup! [feature] #2050: Add role-related queries.
Browse files Browse the repository at this point in the history
Signed-off-by: Aleksandr Petrosyan <[email protected]>
  • Loading branch information
appetrosyan committed May 5, 2022
1 parent 80b90ef commit 40ca90d
Show file tree
Hide file tree
Showing 2 changed files with 27 additions and 29 deletions.
3 changes: 0 additions & 3 deletions permissions_validators/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -11,9 +11,6 @@ iroha_core = { version = "=2.0.0-pre-rc.4", path = "../core", default-features =
iroha_data_model = { version = "=2.0.0-pre-rc.4", path = "../data_model", default-features = false }
iroha_macro = { version = "=2.0.0-pre-rc.4", path = "../macro" }
iroha_schema = { version = "=2.0.0-pre-rc.4", path = "../schema" }
iroha_core = { version = "=2.0.0-pre-rc.4", path = "../core", default-features = false }
iroha_data_model = { version = "=2.0.0-pre-rc.4", path = "../data_model", default-features = false }
iroha_macro = { version = "=2.0.0-pre-rc.4", path = "../macro" }

serde = { version = "1.0", features = ["derive"] }
parity-scale-codec = { version = "2.3.1", default-features = false, features = ["derive"] }
Expand Down
53 changes: 27 additions & 26 deletions permissions_validators/src/private_blockchain/query.rs
Original file line number Diff line number Diff line change
Expand Up @@ -34,13 +34,13 @@ impl<W: WorldTrait> IsAllowed<W, QueryBox> for OnlyAccountsDomain {
}
FindAllRoleIds(_) => Ok(()), // In case you need to debug the permissions.
FindRoleByRoleId(_) => {
Err("Only access to roles of the same domain is permitted.".to_owned())
},
Err("Only access to roles of the same domain is permitted.".to_owned())
}
FindAllPeers(_) => Ok(()), // Can be obtained in other ways, so why hide it.
FindAllActiveTriggerIds(_) => Ok(()),
// Private blockchains should have debugging too, hence
// all accounts should also be
FindTriggerById(_) => {
FindTriggerById(query) => {
let id = query
.id
.evaluate(wsv, &context)
Expand All @@ -49,12 +49,9 @@ impl<W: WorldTrait> IsAllowed<W, QueryBox> for OnlyAccountsDomain {
if trigger.technical_account == *authority {
Ok(())
} else {
Err(
"Cannot access Trigger if you're not the technical account."
.to_owned(),
)
Err("Cannot access Trigger if you're not the technical account.".to_owned())
}
},
}
FindTriggerKeyValueByIdAndKey(query) => {
let id = query
.id
Expand Down Expand Up @@ -286,25 +283,29 @@ impl<W: WorldTrait> IsAllowed<W, QueryBox> for OnlyAccountsData {
let context = Context::new();
match query {
FindAccountsByName(_)
| FindAccountsByDomainId(_)
| FindAllAccounts(_)
| FindAllAssetsDefinitions(_)
| FindAssetsByAssetDefinitionId(_)
| FindAssetsByDomainId(_)
| FindAssetsByName(_)
| FindAllDomains(_)
| FindDomainById(_)
| FindDomainKeyValueByIdAndKey(_)
| FindAssetsByDomainIdAndAssetDefinitionId(_)
| FindAssetDefinitionKeyValueByIdAndKey(_)
| FindAllAssets(_) => {
Err("Only access to the assets of the same domain is permitted.".to_owned())
}
FindAllRoles(_)
| FindAllRoleIds(_)
| FindRoleByRoleId(_)
| FindAccountsByDomainId(_)
| FindAllAccounts(_) => {
Err("Other accounts are private.".to_owned())
}
| FindAllDomains(_)
| FindDomainById(_)
| FindDomainKeyValueByIdAndKey(_) => {
Err("Only access to your account's data is permitted.".to_owned())
},
FindAssetsByDomainIdAndAssetDefinitionId(_)
| FindAssetsByName(_) // TODO: I think this is a mistake.
| FindAssetsByDomainId(_)
| FindAllAssetsDefinitions(_)
| FindAssetsByAssetDefinitionId(_)
| FindAssetDefinitionKeyValueByIdAndKey(_)
| FindAllAssets(_) => {
Err("Only access to the assets of your account is permitted.".to_owned())
}
FindAllRoles(_) | FindAllRoleIds(_) | FindRoleByRoleId(_) => {
Err("Only access to roles of the same account is permitted.".to_owned())
},
| FindAllActiveTriggerIds(_) => {
Err("Only access to the roles of the same account is permitted.".to_owned())
Err("Only access to the triggers of the same account is permitted.".to_owned())
}
FindAllPeers(_) => {
Err("Only access to your account-local data is permitted.".to_owned())
Expand Down

0 comments on commit 40ca90d

Please sign in to comment.