Search in sources :

Example 1 with RolePrivilegeSettings

use of com.jd.blockchain.ledger.RolePrivilegeSettings in project jdchain-core by blockchain-jd-com.

the class UserAuthorizeOperationHandle method doProcess.

@Override
protected void doProcess(UserAuthorizeOperation operation, LedgerTransactionContext transactionContext, TransactionRequestExtension request, LedgerQuery ledger, OperationHandleContext handleContext, EventManager manager) {
    // 权限校验;
    SecurityPolicy securityPolicy = SecurityContext.getContextUsersPolicy();
    securityPolicy.checkEndpointPermission(LedgerPermission.CONFIGURE_ROLES, MultiIDsPolicy.AT_LEAST_ONE);
    // 操作账本;
    UserRolesEntry[] urcfgs = operation.getUserRolesAuthorizations();
    UserAuthorizationSettings userRoleDataset = transactionContext.getDataset().getAdminDataset().getAdminSettings().getAuthorizations();
    RolePrivilegeSettings rolesSettings = transactionContext.getDataset().getAdminDataset().getAdminSettings().getRolePrivileges();
    if (urcfgs != null) {
        for (UserRolesEntry urcfg : urcfgs) {
            // 
            String[] authRoles = urcfg.getAuthorizedRoles();
            Arrays.stream(authRoles).forEach(role -> {
                if (!rolesSettings.contains(role)) {
                    throw new RoleDoesNotExistException(String.format("Role doesn't exist! --[Role=%s]", role));
                }
            });
            for (Bytes address : urcfg.getUserAddresses()) {
                UserRoles ur = userRoleDataset.getUserRoles(address);
                if (ur == null) {
                    // 这是新的授权;
                    RolesPolicy policy = urcfg.getPolicy();
                    if (policy == null) {
                        policy = RolesPolicy.UNION;
                    }
                    ((UserRoleDatasetEditor) userRoleDataset).addUserRoles(address, policy, authRoles);
                } else {
                    // 更改之前的授权;
                    ur.addRoles(authRoles);
                    ur.removeRoles(urcfg.getUnauthorizedRoles());
                    // 如果请求中设置了策略,才进行更新;
                    RolesPolicy policy = urcfg.getPolicy();
                    if (policy != null) {
                        ur.setPolicy(policy);
                    }
                    ((UserRoleDatasetEditor) userRoleDataset).updateUserRoles(ur);
                }
            }
        }
    }
}
Also used : UserRolesEntry(com.jd.blockchain.ledger.UserAuthorizeOperation.UserRolesEntry) Bytes(utils.Bytes) RolesPolicy(com.jd.blockchain.ledger.RolesPolicy) UserRoleDatasetEditor(com.jd.blockchain.ledger.core.UserRoleDatasetEditor) SecurityPolicy(com.jd.blockchain.ledger.SecurityPolicy) UserRoles(com.jd.blockchain.ledger.UserRoles) RoleDoesNotExistException(com.jd.blockchain.ledger.RoleDoesNotExistException) UserAuthorizationSettings(com.jd.blockchain.ledger.UserAuthorizationSettings) RolePrivilegeSettings(com.jd.blockchain.ledger.RolePrivilegeSettings)

Example 2 with RolePrivilegeSettings

use of com.jd.blockchain.ledger.RolePrivilegeSettings in project jdchain-core by blockchain-jd-com.

the class LedgerAdminDatasetTest method verifyRealoadingRoleAuthorizations.

private void verifyRealoadingRoleAuthorizations(LedgerAdminSettings actualAccount, RolePrivilegeSettings expRolePrivilegeSettings, UserAuthorizationSettings expUserRoleSettings) {
    // 验证基本信息;
    RolePrivilegeSettings actualRolePrivileges = actualAccount.getRolePrivileges();
    SkippingIterator<RolePrivileges> expRPs = expRolePrivilegeSettings.rolePrivilegesIterator();
    assertEquals(expRPs.getTotalCount(), actualRolePrivileges.getRoleCount());
    while (expRPs.hasNext()) {
        RolePrivileges expRP = expRPs.next();
        RolePrivileges actualRP = actualRolePrivileges.getRolePrivilege(expRP.getRoleName());
        assertNotNull(actualRP);
        assertArrayEquals(expRP.getLedgerPrivilege().toBytes(), actualRP.getLedgerPrivilege().toBytes());
        assertArrayEquals(expRP.getTransactionPrivilege().toBytes(), actualRP.getTransactionPrivilege().toBytes());
    }
    UserAuthorizationSettings actualUserRoleSettings = actualAccount.getAuthorizations();
    UserRoles[] expUserRoles = expUserRoleSettings.getUserRoles();
    assertEquals(expUserRoles.length, actualUserRoleSettings.getUserCount());
    for (UserRoles expUR : expUserRoles) {
        UserRoles actualUR = actualAccount.getAuthorizations().getUserRoles(expUR.getUserAddress());
        assertNotNull(actualUR);
        assertEquals(expUR.getPolicy(), actualUR.getPolicy());
        String[] expRoles = expUR.getRoles();
        Arrays.sort(expRoles);
        String[] actualRoles = actualUR.getRoles();
        Arrays.sort(actualRoles);
        assertArrayEquals(expRoles, actualRoles);
    }
}
Also used : RolePrivileges(com.jd.blockchain.ledger.RolePrivileges) UserRoles(com.jd.blockchain.ledger.UserRoles) UserAuthorizationSettings(com.jd.blockchain.ledger.UserAuthorizationSettings) RolePrivilegeSettings(com.jd.blockchain.ledger.RolePrivilegeSettings)

Example 3 with RolePrivilegeSettings

use of com.jd.blockchain.ledger.RolePrivilegeSettings in project jdchain-core by blockchain-jd-com.

the class RolesConfigureOperationHandle method doProcess.

@Override
protected void doProcess(RolesConfigureOperation operation, LedgerTransactionContext transactionContext, TransactionRequestExtension request, LedgerQuery ledger, OperationHandleContext handleContext, EventManager manager) {
    // 权限校验;
    SecurityPolicy securityPolicy = SecurityContext.getContextUsersPolicy();
    securityPolicy.checkEndpointPermission(LedgerPermission.CONFIGURE_ROLES, MultiIDsPolicy.AT_LEAST_ONE);
    // 操作账本;
    RolePrivilegeEntry[] rpcfgs = operation.getRoles();
    RolePrivilegeSettings rpSettings = transactionContext.getDataset().getAdminDataset().getAdminSettings().getRolePrivileges();
    if (rpcfgs != null) {
        for (RolePrivilegeEntry rpcfg : rpcfgs) {
            RolePrivileges rp = rpSettings.getRolePrivilege(rpcfg.getRoleName());
            if (rp == null) {
                ((RolePrivilegeDataset) rpSettings).addRolePrivilege(rpcfg.getRoleName(), rpcfg.getEnableLedgerPermissions(), rpcfg.getEnableTransactionPermissions());
            } else {
                rp.enable(rpcfg.getEnableLedgerPermissions());
                rp.enable(rpcfg.getEnableTransactionPermissions());
                rp.disable(rpcfg.getDisableLedgerPermissions());
                rp.disable(rpcfg.getDisableTransactionPermissions());
                ((RolePrivilegeDataset) rpSettings).updateRolePrivilege(rp);
            }
        }
    }
}
Also used : RolePrivilegeDataset(com.jd.blockchain.ledger.core.RolePrivilegeDataset) RolePrivileges(com.jd.blockchain.ledger.RolePrivileges) SecurityPolicy(com.jd.blockchain.ledger.SecurityPolicy) RolePrivilegeEntry(com.jd.blockchain.ledger.RolesConfigureOperation.RolePrivilegeEntry) RolePrivilegeSettings(com.jd.blockchain.ledger.RolePrivilegeSettings)

Aggregations

RolePrivilegeSettings (com.jd.blockchain.ledger.RolePrivilegeSettings)3 RolePrivileges (com.jd.blockchain.ledger.RolePrivileges)2 SecurityPolicy (com.jd.blockchain.ledger.SecurityPolicy)2 UserAuthorizationSettings (com.jd.blockchain.ledger.UserAuthorizationSettings)2 UserRoles (com.jd.blockchain.ledger.UserRoles)2 RoleDoesNotExistException (com.jd.blockchain.ledger.RoleDoesNotExistException)1 RolePrivilegeEntry (com.jd.blockchain.ledger.RolesConfigureOperation.RolePrivilegeEntry)1 RolesPolicy (com.jd.blockchain.ledger.RolesPolicy)1 UserRolesEntry (com.jd.blockchain.ledger.UserAuthorizeOperation.UserRolesEntry)1 RolePrivilegeDataset (com.jd.blockchain.ledger.core.RolePrivilegeDataset)1 UserRoleDatasetEditor (com.jd.blockchain.ledger.core.UserRoleDatasetEditor)1 Bytes (utils.Bytes)1