Line data Source code
1 : /**
2 : * Copyright Soramitsu Co., Ltd. 2017 All Rights Reserved.
3 : * http://soramitsu.co.jp
4 : *
5 : * Licensed under the Apache License, Version 2.0 (the "License");
6 : * you may not use this file except in compliance with the License.
7 : * You may obtain a copy of the License at
8 : *
9 : * http://www.apache.org/licenses/LICENSE-2.0
10 : *
11 : * Unless required by applicable law or agreed to in writing, software
12 : * distributed under the License is distributed on an "AS IS" BASIS,
13 : * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 : * See the License for the specific language governing permissions and
15 : * limitations under the License.
16 : */
17 :
18 : #ifndef SHARED_MODEL_PERMISSIONS_HPP
19 : #define SHARED_MODEL_PERMISSIONS_HPP
20 :
21 : #include <set>
22 : #include <string>
23 :
24 : namespace shared_model {
25 : namespace permissions {
26 :
27 : /* ~~~~~~~~ Command-related permissions ~~~~~~~~ */
28 :
29 : // The set of permissions below refer to the specific commands.
30 : // During stateful validations, these permissions are checked
31 : // to be assigned to transaction creator.
32 :
33 : /* Role */
34 : const std::string can_append_role = "can_append_role";
35 : const std::string can_create_role = "can_create_role";
36 : const std::string can_detach_role = "can_detach_role";
37 :
38 : /* Asset quantity */
39 : const std::string can_add_asset_qty = "can_add_asset_qty";
40 : const std::string can_subtract_asset_qty = "can_subtract_asset_qty";
41 :
42 : /* Peer */
43 : const std::string can_add_peer = "can_add_peer";
44 :
45 : /* Signatory */
46 : const std::string can_add_signatory = "can_add_signatory";
47 : const std::string can_add_my_signatory = "can_add_my_signatory";
48 : const std::string can_remove_signatory = "can_remove_signatory";
49 : const std::string can_remove_my_signatory = "can_remove_my_signatory";
50 : const std::string can_set_quorum = "can_set_quorum";
51 : const std::string can_set_my_quorum = "can_set_my_quorum";
52 :
53 : /* Account */
54 : const std::string can_create_account = "can_create_account";
55 : const std::string can_set_detail = "can_set_detail";
56 : const std::string can_set_my_account_detail = "can_set_my_account_detail";
57 :
58 : /* Asset */
59 : const std::string can_create_asset = "can_create_asset";
60 : const std::string can_transfer = "can_transfer";
61 : const std::string can_transfer_my_assets = "can_transfer_my_assets";
62 : const std::string can_receive = "can_receive";
63 :
64 : /* Domain */
65 : const std::string can_create_domain = "can_create_domain";
66 :
67 : /* ~~~~~~~~ Query-related permissions ~~~~~~~~ */
68 :
69 : // The set of permissions below refer to the specific queries.
70 : // During stateful validations, these permissions are checked
71 : // to be assigned to query creator.
72 : // These permissions are divided into three groups:
73 : // * my — query creator can query its data
74 : // * domain — query creator can only query the data from the domain
75 : // where the account was created
76 : // * all — query creator can query all the data in the system
77 :
78 : /* Asset */
79 : const std::string can_read_assets = "can_read_assets";
80 :
81 : /* Roles */
82 : const std::string can_get_roles = "can_get_roles";
83 :
84 : /* Account */
85 : const std::string can_get_my_account = "can_get_my_account";
86 : const std::string can_get_all_accounts = "can_get_all_accounts";
87 : const std::string can_get_domain_accounts = "can_get_domain_accounts";
88 :
89 : /* Signatories */
90 : const std::string can_get_my_signatories = "can_get_my_signatories";
91 : const std::string can_get_all_signatories = "can_get_all_signatories";
92 : const std::string can_get_domain_signatories = "can_get_domain_signatories";
93 :
94 : /* Account asset (wallet) */
95 : const std::string can_get_my_acc_ast = "can_get_my_acc_ast";
96 : const std::string can_get_all_acc_ast = "can_get_all_acc_ast";
97 : const std::string can_get_domain_acc_ast = "can_get_domain_acc_ast";
98 :
99 : /* Account details (JSON key-value map) */
100 : const std::string can_get_my_acc_detail = "can_get_my_acc_detail";
101 : const std::string can_get_all_acc_detail = "can_get_all_acc_detail";
102 : const std::string can_get_domain_acc_detail = "can_get_domain_acc_detail";
103 :
104 : /* Account transactions */
105 : const std::string can_get_my_acc_txs = "can_get_my_acc_txs";
106 : const std::string can_get_all_acc_txs = "can_get_all_acc_txs";
107 : const std::string can_get_domain_acc_txs = "can_get_domain_acc_txs";
108 :
109 : /* Account asset transactions */
110 : const std::string can_get_my_acc_ast_txs = "can_get_my_acc_ast_txs";
111 : const std::string can_get_all_acc_ast_txs = "can_get_all_acc_ast_txs";
112 : const std::string can_get_domain_acc_ast_txs = "can_get_domain_acc_ast_txs";
113 :
114 : /* Account transactions (only mine or for everyone) */
115 : const std::string can_get_my_txs = "can_get_my_txs";
116 : const std::string can_get_all_txs = "can_get_all_txs";
117 :
118 : /* Blocks */
119 : const std::string can_get_blocks = "can_get_blocks";
120 :
121 : /* ~~~~~~~~ Groups ~~~~~~~~ */
122 : const std::set<std::string> read_self_group = {can_get_my_account,
123 22 : can_get_my_signatories,
124 22 : can_get_my_acc_ast,
125 22 : can_get_my_acc_detail,
126 22 : can_get_my_acc_txs,
127 22 : can_get_my_acc_ast_txs,
128 22 : can_get_my_txs};
129 :
130 : const std::set<std::string> read_all_group = {can_get_all_accounts,
131 22 : can_get_all_signatories,
132 22 : can_get_all_acc_ast,
133 22 : can_get_all_acc_detail,
134 22 : can_get_all_acc_txs,
135 22 : can_get_all_acc_ast_txs,
136 22 : can_get_all_txs,
137 22 : can_get_roles,
138 22 : can_read_assets,
139 22 : can_get_blocks};
140 :
141 : const std::set<std::string> read_domain_group = {
142 22 : can_get_domain_accounts,
143 22 : can_get_domain_signatories,
144 22 : can_get_domain_acc_ast,
145 22 : can_get_domain_acc_detail,
146 22 : can_get_domain_acc_txs,
147 22 : can_get_domain_acc_ast_txs,
148 : };
149 :
150 : /* Grantable permissions */
151 : const std::string can_grant = "can_grant_";
152 : const std::set<std::string> grant_group = {can_grant + can_set_my_quorum,
153 22 : can_grant + can_add_my_signatory,
154 22 : can_grant + can_remove_my_signatory,
155 22 : can_grant + can_transfer_my_assets,
156 22 : can_grant + can_set_my_account_detail};
157 :
158 : const std::set<std::string> edit_self_group = {
159 22 : can_set_quorum, can_add_signatory, can_remove_signatory};
160 :
161 : const std::set<std::string> asset_creator_group = {can_create_asset,
162 22 : can_add_asset_qty};
163 :
164 : const std::set<std::string> role_perm_group = {
165 22 : can_append_role,
166 22 : can_create_role,
167 22 : can_detach_role,
168 22 : can_add_asset_qty,
169 22 : can_subtract_asset_qty,
170 22 : can_add_peer,
171 22 : can_add_signatory,
172 22 : can_remove_signatory,
173 22 : can_set_quorum,
174 22 : can_create_account,
175 22 : can_set_detail,
176 22 : can_create_asset,
177 22 : can_transfer,
178 22 : can_receive,
179 22 : can_create_domain,
180 22 : can_read_assets,
181 22 : can_get_roles,
182 22 : can_get_my_account,
183 22 : can_get_all_accounts,
184 22 : can_get_domain_accounts,
185 22 : can_get_my_signatories,
186 22 : can_get_all_signatories,
187 22 : can_get_domain_signatories,
188 22 : can_get_my_acc_ast,
189 22 : can_get_all_acc_ast,
190 22 : can_get_domain_acc_ast,
191 22 : can_get_my_acc_detail,
192 22 : can_get_all_acc_detail,
193 22 : can_get_domain_acc_detail,
194 22 : can_get_my_acc_txs,
195 22 : can_get_all_acc_txs,
196 22 : can_get_domain_acc_txs,
197 22 : can_get_my_acc_ast_txs,
198 22 : can_get_all_acc_ast_txs,
199 22 : can_get_domain_acc_ast_txs,
200 22 : can_get_my_txs,
201 22 : can_get_all_txs,
202 22 : can_grant + can_set_my_quorum,
203 22 : can_grant + can_add_my_signatory,
204 22 : can_grant + can_remove_my_signatory,
205 22 : can_grant + can_transfer_my_assets,
206 22 : can_grant + can_set_my_account_detail};
207 :
208 : /* All permissions */
209 : const std::set<std::string> all_perm_group = {
210 22 : can_append_role,
211 22 : can_create_role,
212 22 : can_detach_role,
213 22 : can_add_asset_qty,
214 22 : can_subtract_asset_qty,
215 22 : can_add_peer,
216 22 : can_add_signatory,
217 22 : can_remove_signatory,
218 22 : can_set_quorum,
219 22 : can_create_account,
220 22 : can_set_detail,
221 22 : can_create_asset,
222 22 : can_transfer,
223 22 : can_receive,
224 22 : can_create_domain,
225 22 : can_read_assets,
226 22 : can_get_roles,
227 22 : can_get_my_account,
228 22 : can_get_all_accounts,
229 22 : can_get_domain_accounts,
230 22 : can_get_my_signatories,
231 22 : can_get_all_signatories,
232 22 : can_get_domain_signatories,
233 22 : can_get_my_acc_ast,
234 22 : can_get_all_acc_ast,
235 22 : can_get_domain_acc_ast,
236 22 : can_get_my_acc_detail,
237 22 : can_get_all_acc_detail,
238 22 : can_get_domain_acc_detail,
239 22 : can_get_my_acc_txs,
240 22 : can_get_all_acc_txs,
241 22 : can_get_domain_acc_txs,
242 22 : can_get_my_acc_ast_txs,
243 22 : can_get_all_acc_ast_txs,
244 22 : can_get_domain_acc_ast_txs,
245 22 : can_get_my_txs,
246 22 : can_get_all_txs,
247 22 : can_grant + can_set_my_quorum,
248 22 : can_grant + can_add_my_signatory,
249 22 : can_grant + can_remove_my_signatory,
250 22 : can_grant + can_transfer_my_assets,
251 22 : can_grant + can_set_my_account_detail,
252 : // TODO: IR 1190 kamilsa 30.03.2018 move permissions below to separated group
253 22 : can_add_my_signatory,
254 22 : can_remove_my_signatory,
255 22 : can_set_my_quorum,
256 22 : can_set_my_account_detail,
257 22 : can_transfer_my_assets,
258 22 : can_get_blocks};
259 :
260 : } // namespace shared_model
261 : } // namespace permissions
262 :
263 : #endif // SHARED_MODEL_PERMISSIONS_HPP
|
