use of com.jd.blockchain.ledger.AccountDataPermission in project jdchain-core by blockchain-jd-com.
the class PermissionAccountDecorator method setRole.
@Override
public void setRole(String role) {
DataPermission permission = getPermission();
if (null == permission) {
permission = new AccountDataPermission(new AccountModeBits(accountType), null, role);
} else {
permission = new AccountDataPermission(new AccountModeBits(accountType), permission.getOwners(), role);
}
setPermission(permission);
}
use of com.jd.blockchain.ledger.AccountDataPermission in project jdchain-core by blockchain-jd-com.
the class AccountPermissionOperationHandle method doProcess.
@Override
protected void doProcess(AccountPermissionSetOperation op, LedgerTransactionContext transactionContext, TransactionRequestExtension requestContext, LedgerQuery ledger, OperationHandleContext handleContext, EventManager manager) {
PermissionAccount account = null;
// 查找账户
switch(op.getAccountType()) {
case DATA:
account = transactionContext.getDataset().getDataAccountSet().getAccount(op.getAddress());
if (null == account) {
throw new DataAccountDoesNotExistException(String.format("Data account doesn't exist! --[Address=%s]", op.getAddress()));
}
break;
case EVENT:
account = transactionContext.getEventSet().getEventAccountSet().getAccount(op.getAddress());
if (null == account) {
throw new EventAccountDoesNotExistException(String.format("Event account doesn't exist! --[Address=%s]", op.getAddress()));
}
break;
case CONTRACT:
account = transactionContext.getDataset().getContractAccountSet().getAccount(op.getAddress());
if (null == account) {
throw new ContractDoesNotExistException(String.format("Contract doesn't exist! --[Address=%s]", op.getAddress()));
}
break;
}
if (!StringUtils.isEmpty(op.getRole()) && !transactionContext.getDataset().getAdminDataset().getAdminSettings().getRolePrivileges().contains(op.getRole())) {
throw new RoleDoesNotExistException(String.format("Role doesn't exist! --[Role=%s]", op.getRole()));
}
// 写权限校验
SecurityPolicy securityPolicy = SecurityContext.getContextUsersPolicy();
securityPolicy.checkDataOwners(account.getPermission(), MultiIDsPolicy.AT_LEAST_ONE);
// 更新权限信息
DataPermission originPermission = account.getPermission();
AccountModeBits modeBits = op.getMode() > -1 ? new AccountModeBits(op.getAccountType(), op.getMode()) : originPermission.getModeBits();
String rols = !StringUtils.isEmpty(op.getRole()) ? op.getRole().toUpperCase() : originPermission.getRole();
account.setPermission(new AccountDataPermission(modeBits, originPermission.getOwners(), rols));
}
use of com.jd.blockchain.ledger.AccountDataPermission in project jdchain-core by blockchain-jd-com.
the class DataAccountRegisterOperationHandle method doProcess.
@Override
protected void doProcess(DataAccountRegisterOperation op, LedgerTransactionContext transactionContext, TransactionRequestExtension requestContext, LedgerQuery ledger, OperationHandleContext handleContext, EventManager manager) {
// TODO: 请求者应该提供数据账户的公钥签名,以更好地确保注册人对该地址和公钥具有合法使用权;
// 权限校验;
SecurityPolicy securityPolicy = SecurityContext.getContextUsersPolicy();
securityPolicy.checkEndpointPermission(LedgerPermission.REGISTER_DATA_ACCOUNT, MultiIDsPolicy.AT_LEAST_ONE);
// 操作账本;
BlockchainIdentity bid = op.getAccountID();
DataAccount account = ((DataAccountSetEditor) (transactionContext.getDataset().getDataAccountSet())).register(bid.getAddress(), bid.getPubKey(), null);
account.setPermission(new AccountDataPermission(AccountType.DATA, requestContext.getEndpointAddresses().toArray(new Bytes[0])));
}
use of com.jd.blockchain.ledger.AccountDataPermission in project jdchain-core by blockchain-jd-com.
the class PermissionAccountDecorator method setModeBits.
@Override
public void setModeBits(AccountModeBits modeBits) {
DataPermission permission = getPermission();
if (null == permission) {
permission = new AccountDataPermission(modeBits, null, null);
} else {
permission = new AccountDataPermission(modeBits, permission.getOwners(), permission.getRole());
}
setPermission(permission);
}
Aggregations