Search in sources :

Example 1 with RoleDoesNotExistException

use of com.jd.blockchain.ledger.RoleDoesNotExistException in project jdchain-core by blockchain-jd-com.

the class UserAuthorizeOperationHandle method doProcess.

@Override
protected void doProcess(UserAuthorizeOperation operation, LedgerTransactionContext transactionContext, TransactionRequestExtension request, LedgerQuery ledger, OperationHandleContext handleContext, EventManager manager) {
    // 权限校验;
    SecurityPolicy securityPolicy = SecurityContext.getContextUsersPolicy();
    securityPolicy.checkEndpointPermission(LedgerPermission.CONFIGURE_ROLES, MultiIDsPolicy.AT_LEAST_ONE);
    // 操作账本;
    UserRolesEntry[] urcfgs = operation.getUserRolesAuthorizations();
    UserAuthorizationSettings userRoleDataset = transactionContext.getDataset().getAdminDataset().getAdminSettings().getAuthorizations();
    RolePrivilegeSettings rolesSettings = transactionContext.getDataset().getAdminDataset().getAdminSettings().getRolePrivileges();
    if (urcfgs != null) {
        for (UserRolesEntry urcfg : urcfgs) {
            // 
            String[] authRoles = urcfg.getAuthorizedRoles();
            Arrays.stream(authRoles).forEach(role -> {
                if (!rolesSettings.contains(role)) {
                    throw new RoleDoesNotExistException(String.format("Role doesn't exist! --[Role=%s]", role));
                }
            });
            for (Bytes address : urcfg.getUserAddresses()) {
                UserRoles ur = userRoleDataset.getUserRoles(address);
                if (ur == null) {
                    // 这是新的授权;
                    RolesPolicy policy = urcfg.getPolicy();
                    if (policy == null) {
                        policy = RolesPolicy.UNION;
                    }
                    ((UserRoleDatasetEditor) userRoleDataset).addUserRoles(address, policy, authRoles);
                } else {
                    // 更改之前的授权;
                    ur.addRoles(authRoles);
                    ur.removeRoles(urcfg.getUnauthorizedRoles());
                    // 如果请求中设置了策略,才进行更新;
                    RolesPolicy policy = urcfg.getPolicy();
                    if (policy != null) {
                        ur.setPolicy(policy);
                    }
                    ((UserRoleDatasetEditor) userRoleDataset).updateUserRoles(ur);
                }
            }
        }
    }
}
Also used : UserRolesEntry(com.jd.blockchain.ledger.UserAuthorizeOperation.UserRolesEntry) Bytes(utils.Bytes) RolesPolicy(com.jd.blockchain.ledger.RolesPolicy) UserRoleDatasetEditor(com.jd.blockchain.ledger.core.UserRoleDatasetEditor) SecurityPolicy(com.jd.blockchain.ledger.SecurityPolicy) UserRoles(com.jd.blockchain.ledger.UserRoles) RoleDoesNotExistException(com.jd.blockchain.ledger.RoleDoesNotExistException) UserAuthorizationSettings(com.jd.blockchain.ledger.UserAuthorizationSettings) RolePrivilegeSettings(com.jd.blockchain.ledger.RolePrivilegeSettings)

Example 2 with RoleDoesNotExistException

use of com.jd.blockchain.ledger.RoleDoesNotExistException in project jdchain-core by blockchain-jd-com.

the class AccountPermissionOperationHandle method doProcess.

@Override
protected void doProcess(AccountPermissionSetOperation op, LedgerTransactionContext transactionContext, TransactionRequestExtension requestContext, LedgerQuery ledger, OperationHandleContext handleContext, EventManager manager) {
    PermissionAccount account = null;
    // 查找账户
    switch(op.getAccountType()) {
        case DATA:
            account = transactionContext.getDataset().getDataAccountSet().getAccount(op.getAddress());
            if (null == account) {
                throw new DataAccountDoesNotExistException(String.format("Data account doesn't exist! --[Address=%s]", op.getAddress()));
            }
            break;
        case EVENT:
            account = transactionContext.getEventSet().getEventAccountSet().getAccount(op.getAddress());
            if (null == account) {
                throw new EventAccountDoesNotExistException(String.format("Event account doesn't exist! --[Address=%s]", op.getAddress()));
            }
            break;
        case CONTRACT:
            account = transactionContext.getDataset().getContractAccountSet().getAccount(op.getAddress());
            if (null == account) {
                throw new ContractDoesNotExistException(String.format("Contract doesn't exist! --[Address=%s]", op.getAddress()));
            }
            break;
    }
    if (!StringUtils.isEmpty(op.getRole()) && !transactionContext.getDataset().getAdminDataset().getAdminSettings().getRolePrivileges().contains(op.getRole())) {
        throw new RoleDoesNotExistException(String.format("Role doesn't exist! --[Role=%s]", op.getRole()));
    }
    // 写权限校验
    SecurityPolicy securityPolicy = SecurityContext.getContextUsersPolicy();
    securityPolicy.checkDataOwners(account.getPermission(), MultiIDsPolicy.AT_LEAST_ONE);
    // 更新权限信息
    DataPermission originPermission = account.getPermission();
    AccountModeBits modeBits = op.getMode() > -1 ? new AccountModeBits(op.getAccountType(), op.getMode()) : originPermission.getModeBits();
    String rols = !StringUtils.isEmpty(op.getRole()) ? op.getRole().toUpperCase() : originPermission.getRole();
    account.setPermission(new AccountDataPermission(modeBits, originPermission.getOwners(), rols));
}
Also used : DataAccountDoesNotExistException(com.jd.blockchain.ledger.DataAccountDoesNotExistException) AccountModeBits(com.jd.blockchain.ledger.AccountModeBits) DataPermission(com.jd.blockchain.ledger.DataPermission) AccountDataPermission(com.jd.blockchain.ledger.AccountDataPermission) SecurityPolicy(com.jd.blockchain.ledger.SecurityPolicy) PermissionAccount(com.jd.blockchain.ledger.PermissionAccount) EventAccountDoesNotExistException(com.jd.blockchain.ledger.EventAccountDoesNotExistException) RoleDoesNotExistException(com.jd.blockchain.ledger.RoleDoesNotExistException) ContractDoesNotExistException(com.jd.blockchain.ledger.ContractDoesNotExistException) AccountDataPermission(com.jd.blockchain.ledger.AccountDataPermission)

Aggregations

RoleDoesNotExistException (com.jd.blockchain.ledger.RoleDoesNotExistException)2 SecurityPolicy (com.jd.blockchain.ledger.SecurityPolicy)2 AccountDataPermission (com.jd.blockchain.ledger.AccountDataPermission)1 AccountModeBits (com.jd.blockchain.ledger.AccountModeBits)1 ContractDoesNotExistException (com.jd.blockchain.ledger.ContractDoesNotExistException)1 DataAccountDoesNotExistException (com.jd.blockchain.ledger.DataAccountDoesNotExistException)1 DataPermission (com.jd.blockchain.ledger.DataPermission)1 EventAccountDoesNotExistException (com.jd.blockchain.ledger.EventAccountDoesNotExistException)1 PermissionAccount (com.jd.blockchain.ledger.PermissionAccount)1 RolePrivilegeSettings (com.jd.blockchain.ledger.RolePrivilegeSettings)1 RolesPolicy (com.jd.blockchain.ledger.RolesPolicy)1 UserAuthorizationSettings (com.jd.blockchain.ledger.UserAuthorizationSettings)1 UserRolesEntry (com.jd.blockchain.ledger.UserAuthorizeOperation.UserRolesEntry)1 UserRoles (com.jd.blockchain.ledger.UserRoles)1 UserRoleDatasetEditor (com.jd.blockchain.ledger.core.UserRoleDatasetEditor)1 Bytes (utils.Bytes)1