use of com.jd.blockchain.ledger.RoleDoesNotExistException in project jdchain-core by blockchain-jd-com.
the class UserAuthorizeOperationHandle method doProcess.
@Override
protected void doProcess(UserAuthorizeOperation operation, LedgerTransactionContext transactionContext, TransactionRequestExtension request, LedgerQuery ledger, OperationHandleContext handleContext, EventManager manager) {
// 权限校验;
SecurityPolicy securityPolicy = SecurityContext.getContextUsersPolicy();
securityPolicy.checkEndpointPermission(LedgerPermission.CONFIGURE_ROLES, MultiIDsPolicy.AT_LEAST_ONE);
// 操作账本;
UserRolesEntry[] urcfgs = operation.getUserRolesAuthorizations();
UserAuthorizationSettings userRoleDataset = transactionContext.getDataset().getAdminDataset().getAdminSettings().getAuthorizations();
RolePrivilegeSettings rolesSettings = transactionContext.getDataset().getAdminDataset().getAdminSettings().getRolePrivileges();
if (urcfgs != null) {
for (UserRolesEntry urcfg : urcfgs) {
//
String[] authRoles = urcfg.getAuthorizedRoles();
Arrays.stream(authRoles).forEach(role -> {
if (!rolesSettings.contains(role)) {
throw new RoleDoesNotExistException(String.format("Role doesn't exist! --[Role=%s]", role));
}
});
for (Bytes address : urcfg.getUserAddresses()) {
UserRoles ur = userRoleDataset.getUserRoles(address);
if (ur == null) {
// 这是新的授权;
RolesPolicy policy = urcfg.getPolicy();
if (policy == null) {
policy = RolesPolicy.UNION;
}
((UserRoleDatasetEditor) userRoleDataset).addUserRoles(address, policy, authRoles);
} else {
// 更改之前的授权;
ur.addRoles(authRoles);
ur.removeRoles(urcfg.getUnauthorizedRoles());
// 如果请求中设置了策略,才进行更新;
RolesPolicy policy = urcfg.getPolicy();
if (policy != null) {
ur.setPolicy(policy);
}
((UserRoleDatasetEditor) userRoleDataset).updateUserRoles(ur);
}
}
}
}
}
use of com.jd.blockchain.ledger.RoleDoesNotExistException in project jdchain-core by blockchain-jd-com.
the class AccountPermissionOperationHandle method doProcess.
@Override
protected void doProcess(AccountPermissionSetOperation op, LedgerTransactionContext transactionContext, TransactionRequestExtension requestContext, LedgerQuery ledger, OperationHandleContext handleContext, EventManager manager) {
PermissionAccount account = null;
// 查找账户
switch(op.getAccountType()) {
case DATA:
account = transactionContext.getDataset().getDataAccountSet().getAccount(op.getAddress());
if (null == account) {
throw new DataAccountDoesNotExistException(String.format("Data account doesn't exist! --[Address=%s]", op.getAddress()));
}
break;
case EVENT:
account = transactionContext.getEventSet().getEventAccountSet().getAccount(op.getAddress());
if (null == account) {
throw new EventAccountDoesNotExistException(String.format("Event account doesn't exist! --[Address=%s]", op.getAddress()));
}
break;
case CONTRACT:
account = transactionContext.getDataset().getContractAccountSet().getAccount(op.getAddress());
if (null == account) {
throw new ContractDoesNotExistException(String.format("Contract doesn't exist! --[Address=%s]", op.getAddress()));
}
break;
}
if (!StringUtils.isEmpty(op.getRole()) && !transactionContext.getDataset().getAdminDataset().getAdminSettings().getRolePrivileges().contains(op.getRole())) {
throw new RoleDoesNotExistException(String.format("Role doesn't exist! --[Role=%s]", op.getRole()));
}
// 写权限校验
SecurityPolicy securityPolicy = SecurityContext.getContextUsersPolicy();
securityPolicy.checkDataOwners(account.getPermission(), MultiIDsPolicy.AT_LEAST_ONE);
// 更新权限信息
DataPermission originPermission = account.getPermission();
AccountModeBits modeBits = op.getMode() > -1 ? new AccountModeBits(op.getAccountType(), op.getMode()) : originPermission.getModeBits();
String rols = !StringUtils.isEmpty(op.getRole()) ? op.getRole().toUpperCase() : originPermission.getRole();
account.setPermission(new AccountDataPermission(modeBits, originPermission.getOwners(), rols));
}
Aggregations