Example 1 with UserRoles
use of com.jd.blockchain.ledger.UserRoles in project jdchain-core by blockchain-jd-com.
the class UserAuthorizeOperationHandle method doProcess.
@Override
protected void doProcess(UserAuthorizeOperation operation, LedgerTransactionContext transactionContext, TransactionRequestExtension request, LedgerQuery ledger, OperationHandleContext handleContext, EventManager manager) {
// 权限校验;
SecurityPolicy securityPolicy = SecurityContext.getContextUsersPolicy();
securityPolicy.checkEndpointPermission(LedgerPermission.CONFIGURE_ROLES, MultiIDsPolicy.AT_LEAST_ONE);
// 操作账本;
UserRolesEntry[] urcfgs = operation.getUserRolesAuthorizations();
UserAuthorizationSettings userRoleDataset = transactionContext.getDataset().getAdminDataset().getAdminSettings().getAuthorizations();
RolePrivilegeSettings rolesSettings = transactionContext.getDataset().getAdminDataset().getAdminSettings().getRolePrivileges();
if (urcfgs != null) {
for (UserRolesEntry urcfg : urcfgs) {
//
String[] authRoles = urcfg.getAuthorizedRoles();
Arrays.stream(authRoles).forEach(role -> {
if (!rolesSettings.contains(role)) {
throw new RoleDoesNotExistException(String.format("Role doesn't exist! --[Role=%s]", role));
}
});
for (Bytes address : urcfg.getUserAddresses()) {
UserRoles ur = userRoleDataset.getUserRoles(address);
if (ur == null) {
// 这是新的授权;
RolesPolicy policy = urcfg.getPolicy();
if (policy == null) {
policy = RolesPolicy.UNION;
}
((UserRoleDatasetEditor) userRoleDataset).addUserRoles(address, policy, authRoles);
} else {
// 更改之前的授权;
ur.addRoles(authRoles);
ur.removeRoles(urcfg.getUnauthorizedRoles());
// 如果请求中设置了策略,才进行更新;
RolesPolicy policy = urcfg.getPolicy();
if (policy != null) {
ur.setPolicy(policy);
}
((UserRoleDatasetEditor) userRoleDataset).updateUserRoles(ur);
}
}
}
}
}
Also used :
UserRolesEntry(com.jd.blockchain.ledger.UserAuthorizeOperation.UserRolesEntry)
Bytes(utils.Bytes)
RolesPolicy(com.jd.blockchain.ledger.RolesPolicy)
UserRoleDatasetEditor(com.jd.blockchain.ledger.core.UserRoleDatasetEditor)
SecurityPolicy(com.jd.blockchain.ledger.SecurityPolicy)
UserRoles(com.jd.blockchain.ledger.UserRoles)
RoleDoesNotExistException(com.jd.blockchain.ledger.RoleDoesNotExistException)
UserAuthorizationSettings(com.jd.blockchain.ledger.UserAuthorizationSettings)
RolePrivilegeSettings(com.jd.blockchain.ledger.RolePrivilegeSettings)
Example 2 with UserRoles
use of com.jd.blockchain.ledger.UserRoles in project jdchain-core by blockchain-jd-com.
the class UserRoleDatasetEditor method addUserRoles.
/**
* 加入新的用户角色授权; <br>
*
* 如果该用户的授权已经存在,则引发 {@link LedgerException} 异常;
*
* @param userAddress
* @param rolesPolicy
* @param roles
*/
public void addUserRoles(Bytes userAddress, RolesPolicy rolesPolicy, String... roles) {
UserRoles roleAuth = new UserRoles(userAddress, -1, rolesPolicy);
roleAuth.addRoles(roles);
long nv = setUserRolesAuthorization(roleAuth);
if (nv < 0) {
throw new AuthorizationException("Roles authorization of User[" + userAddress + "] already exists!");
}
if (ledgerDataStructure.equals(LedgerDataStructure.KV)) {
Bytes index = USEERROLR_SEQUENCE_KEY_PREFIX.concat(Bytes.fromString(String.valueOf(dataset.getDataCount() + userrole_index_in_block)));
nv = dataset.setValue(index, userAddress.toBytes(), -1);
if (nv < 0) {
throw new AuthorizationException("Roles authorization seq of User[" + userAddress + "] already exists!");
}
userrole_index_in_block++;
}
}
Also used :
Bytes(utils.Bytes)
AuthorizationException(com.jd.blockchain.ledger.AuthorizationException)
UserRoles(com.jd.blockchain.ledger.UserRoles)
Example 3 with UserRoles
use of com.jd.blockchain.ledger.UserRoles in project jdchain-core by blockchain-jd-com.
the class UserRoleDatasetEditor method addUserRoles.
/**
* 加入新的用户角色授权; <br>
*
* 如果该用户的授权已经存在,则引发 {@link LedgerException} 异常;
*
* @param userAddress
* @param rolesPolicy
* @param roles
*/
public void addUserRoles(Bytes userAddress, RolesPolicy rolesPolicy, Collection<String> roles) {
UserRoles roleAuth = new UserRoles(userAddress, -1, rolesPolicy);
roleAuth.addRoles(roles);
long nv = setUserRolesAuthorization(roleAuth);
if (nv < 0) {
throw new AuthorizationException("Roles authorization of User[" + userAddress + "] already exists!");
}
if (ledgerDataStructure.equals(LedgerDataStructure.KV)) {
Bytes index = USEERROLR_SEQUENCE_KEY_PREFIX.concat(Bytes.fromString(String.valueOf(dataset.getDataCount() + userrole_index_in_block)));
nv = dataset.setValue(index, userAddress.toBytes(), -1);
if (nv < 0) {
throw new AuthorizationException("Roles authorization seq of User[" + userAddress + "] already exists!");
}
userrole_index_in_block++;
}
}
Also used :
Bytes(utils.Bytes)
AuthorizationException(com.jd.blockchain.ledger.AuthorizationException)
UserRoles(com.jd.blockchain.ledger.UserRoles)
Example 4 with UserRoles
use of com.jd.blockchain.ledger.UserRoles in project jdchain-core by blockchain-jd-com.
the class UserRoleDatasetEditor method setRoles.
/**
* 设置用户的角色; <br>
* 如果用户的角色授权不存在,则创建新的授权;
*
* @param userAddress 用户;
* @param policy 角色策略;
* @param roles 角色列表;
* @return
*/
public long setRoles(Bytes userAddress, RolesPolicy policy, String... roles) {
UserRoles userRoles = getUserRoles(userAddress);
if (userRoles == null) {
userRoles = new UserRoles(userAddress, -1, policy);
}
userRoles.setPolicy(policy);
userRoles.setRoles(roles);
return setUserRolesAuthorization(userRoles);
}
Also used :
UserRoles(com.jd.blockchain.ledger.UserRoles)
Example 5 with UserRoles
use of com.jd.blockchain.ledger.UserRoles in project jdchain-core by blockchain-jd-com.
the class LedgerAdminDatasetTest method verifyRealoadingRoleAuthorizations.
private void verifyRealoadingRoleAuthorizations(LedgerAdminSettings actualAccount, RolePrivilegeSettings expRolePrivilegeSettings, UserAuthorizationSettings expUserRoleSettings) {
// 验证基本信息;
RolePrivilegeSettings actualRolePrivileges = actualAccount.getRolePrivileges();
SkippingIterator<RolePrivileges> expRPs = expRolePrivilegeSettings.rolePrivilegesIterator();
assertEquals(expRPs.getTotalCount(), actualRolePrivileges.getRoleCount());
while (expRPs.hasNext()) {
RolePrivileges expRP = expRPs.next();
RolePrivileges actualRP = actualRolePrivileges.getRolePrivilege(expRP.getRoleName());
assertNotNull(actualRP);
assertArrayEquals(expRP.getLedgerPrivilege().toBytes(), actualRP.getLedgerPrivilege().toBytes());
assertArrayEquals(expRP.getTransactionPrivilege().toBytes(), actualRP.getTransactionPrivilege().toBytes());
}
UserAuthorizationSettings actualUserRoleSettings = actualAccount.getAuthorizations();
UserRoles[] expUserRoles = expUserRoleSettings.getUserRoles();
assertEquals(expUserRoles.length, actualUserRoleSettings.getUserCount());
for (UserRoles expUR : expUserRoles) {
UserRoles actualUR = actualAccount.getAuthorizations().getUserRoles(expUR.getUserAddress());
assertNotNull(actualUR);
assertEquals(expUR.getPolicy(), actualUR.getPolicy());
String[] expRoles = expUR.getRoles();
Arrays.sort(expRoles);
String[] actualRoles = actualUR.getRoles();
Arrays.sort(actualRoles);
assertArrayEquals(expRoles, actualRoles);
}
}
Also used :
RolePrivileges(com.jd.blockchain.ledger.RolePrivileges)
UserRoles(com.jd.blockchain.ledger.UserRoles)
UserAuthorizationSettings(com.jd.blockchain.ledger.UserAuthorizationSettings)
RolePrivilegeSettings(com.jd.blockchain.ledger.RolePrivilegeSettings)
Aggregations
UserRoles (com.jd.blockchain.ledger.UserRoles)8
Bytes (utils.Bytes)4
AuthorizationException (com.jd.blockchain.ledger.AuthorizationException)2
RolePrivilegeSettings (com.jd.blockchain.ledger.RolePrivilegeSettings)2
RoleSet (com.jd.blockchain.ledger.RoleSet)2
UserAuthorizationSettings (com.jd.blockchain.ledger.UserAuthorizationSettings)2
UserRoleDatasetEditor (com.jd.blockchain.ledger.core.UserRoleDatasetEditor)2
BlockchainKeypair (com.jd.blockchain.ledger.BlockchainKeypair)1
RoleDoesNotExistException (com.jd.blockchain.ledger.RoleDoesNotExistException)1
RolePrivileges (com.jd.blockchain.ledger.RolePrivileges)1
RolesPolicy (com.jd.blockchain.ledger.RolesPolicy)1
SecurityPolicy (com.jd.blockchain.ledger.SecurityPolicy)1
UserRolesEntry (com.jd.blockchain.ledger.UserAuthorizeOperation.UserRolesEntry)1
CryptoConfig (com.jd.blockchain.ledger.core.CryptoConfig)1
MemoryKVStorage (com.jd.blockchain.storage.service.utils.MemoryKVStorage)1
Test (org.junit.Test)1
DataEntry (utils.DataEntry)1
