Line data Source code
1 : /**
2 : * Copyright Soramitsu Co., Ltd. All Rights Reserved.
3 : * SPDX-License-Identifier: Apache-2.0
4 : */
5 :
6 : #ifndef SHARED_MODEL_PERMISSIONS_HPP
7 : #define SHARED_MODEL_PERMISSIONS_HPP
8 :
9 : #include <set>
10 : #include <string>
11 :
12 : namespace shared_model {
13 : namespace permissions {
14 :
15 : /* ~~~~~~~~ Command-related permissions ~~~~~~~~ */
16 :
17 : // The set of permissions below refer to the specific commands.
18 : // During stateful validations, these permissions are checked
19 : // to be assigned to transaction creator.
20 :
21 : /* Role */
22 : const std::string can_append_role = "can_append_role";
23 : const std::string can_create_role = "can_create_role";
24 : const std::string can_detach_role = "can_detach_role";
25 :
26 : /* Asset quantity */
27 : const std::string can_add_asset_qty = "can_add_asset_qty";
28 : const std::string can_subtract_asset_qty = "can_subtract_asset_qty";
29 :
30 : /* Peer */
31 : const std::string can_add_peer = "can_add_peer";
32 :
33 : /* Signatory */
34 : const std::string can_add_signatory = "can_add_signatory";
35 : const std::string can_add_my_signatory = "can_add_my_signatory";
36 : const std::string can_remove_signatory = "can_remove_signatory";
37 : const std::string can_remove_my_signatory = "can_remove_my_signatory";
38 : const std::string can_set_quorum = "can_set_quorum";
39 : const std::string can_set_my_quorum = "can_set_my_quorum";
40 :
41 : /* Account */
42 : const std::string can_create_account = "can_create_account";
43 : const std::string can_set_detail = "can_set_detail";
44 : const std::string can_set_my_account_detail = "can_set_my_account_detail";
45 :
46 : /* Asset */
47 : const std::string can_create_asset = "can_create_asset";
48 : const std::string can_transfer = "can_transfer";
49 : const std::string can_transfer_my_assets = "can_transfer_my_assets";
50 : const std::string can_receive = "can_receive";
51 :
52 : /* Domain */
53 : const std::string can_create_domain = "can_create_domain";
54 :
55 : /* ~~~~~~~~ Query-related permissions ~~~~~~~~ */
56 :
57 : // The set of permissions below refer to the specific queries.
58 : // During stateful validations, these permissions are checked
59 : // to be assigned to query creator.
60 : // These permissions are divided into three groups:
61 : // * my — query creator can query its data
62 : // * domain — query creator can only query the data from the domain
63 : // where the account was created
64 : // * all — query creator can query all the data in the system
65 :
66 : /* Asset */
67 : const std::string can_read_assets = "can_read_assets";
68 :
69 : /* Roles */
70 : const std::string can_get_roles = "can_get_roles";
71 :
72 : /* Account */
73 : const std::string can_get_my_account = "can_get_my_account";
74 : const std::string can_get_all_accounts = "can_get_all_accounts";
75 : const std::string can_get_domain_accounts = "can_get_domain_accounts";
76 :
77 : /* Signatories */
78 : const std::string can_get_my_signatories = "can_get_my_signatories";
79 : const std::string can_get_all_signatories = "can_get_all_signatories";
80 : const std::string can_get_domain_signatories = "can_get_domain_signatories";
81 :
82 : /* Account asset (wallet) */
83 : const std::string can_get_my_acc_ast = "can_get_my_acc_ast";
84 : const std::string can_get_all_acc_ast = "can_get_all_acc_ast";
85 : const std::string can_get_domain_acc_ast = "can_get_domain_acc_ast";
86 :
87 : /* Account details (JSON key-value map) */
88 : const std::string can_get_my_acc_detail = "can_get_my_acc_detail";
89 : const std::string can_get_all_acc_detail = "can_get_all_acc_detail";
90 : const std::string can_get_domain_acc_detail = "can_get_domain_acc_detail";
91 :
92 : /* Account transactions */
93 : const std::string can_get_my_acc_txs = "can_get_my_acc_txs";
94 : const std::string can_get_all_acc_txs = "can_get_all_acc_txs";
95 : const std::string can_get_domain_acc_txs = "can_get_domain_acc_txs";
96 :
97 : /* Account asset transactions */
98 : const std::string can_get_my_acc_ast_txs = "can_get_my_acc_ast_txs";
99 : const std::string can_get_all_acc_ast_txs = "can_get_all_acc_ast_txs";
100 : const std::string can_get_domain_acc_ast_txs = "can_get_domain_acc_ast_txs";
101 :
102 : /* Account transactions (only mine or for everyone) */
103 : const std::string can_get_my_txs = "can_get_my_txs";
104 : const std::string can_get_all_txs = "can_get_all_txs";
105 :
106 : /* Blocks */
107 : const std::string can_get_blocks = "can_get_blocks";
108 :
109 : /* ~~~~~~~~ Groups ~~~~~~~~ */
110 : const std::set<std::string> read_self_group = {can_get_my_account,
111 22 : can_get_my_signatories,
112 22 : can_get_my_acc_ast,
113 22 : can_get_my_acc_detail,
114 22 : can_get_my_acc_txs,
115 22 : can_get_my_acc_ast_txs,
116 22 : can_get_my_txs};
117 :
118 : const std::set<std::string> read_all_group = {can_get_all_accounts,
119 22 : can_get_all_signatories,
120 22 : can_get_all_acc_ast,
121 22 : can_get_all_acc_detail,
122 22 : can_get_all_acc_txs,
123 22 : can_get_all_acc_ast_txs,
124 22 : can_get_all_txs,
125 22 : can_get_roles,
126 22 : can_read_assets,
127 22 : can_get_blocks};
128 :
129 : const std::set<std::string> read_domain_group = {
130 22 : can_get_domain_accounts,
131 22 : can_get_domain_signatories,
132 22 : can_get_domain_acc_ast,
133 22 : can_get_domain_acc_detail,
134 22 : can_get_domain_acc_txs,
135 22 : can_get_domain_acc_ast_txs,
136 : };
137 :
138 : /* Grantable permissions */
139 : const std::string can_grant = "can_grant_";
140 : const std::set<std::string> grant_group = {can_grant + can_set_my_quorum,
141 22 : can_grant + can_add_my_signatory,
142 22 : can_grant + can_remove_my_signatory,
143 22 : can_grant + can_transfer_my_assets,
144 22 : can_grant + can_set_my_account_detail};
145 :
146 : const std::set<std::string> edit_self_group = {
147 22 : can_set_quorum, can_add_signatory, can_remove_signatory};
148 :
149 : const std::set<std::string> asset_creator_group = {can_create_asset,
150 22 : can_add_asset_qty};
151 :
152 : const std::set<std::string> role_perm_group = {
153 22 : can_append_role,
154 22 : can_create_role,
155 22 : can_detach_role,
156 22 : can_add_asset_qty,
157 22 : can_subtract_asset_qty,
158 22 : can_add_peer,
159 22 : can_add_signatory,
160 22 : can_remove_signatory,
161 22 : can_set_quorum,
162 22 : can_create_account,
163 22 : can_set_detail,
164 22 : can_create_asset,
165 22 : can_transfer,
166 22 : can_receive,
167 22 : can_create_domain,
168 22 : can_read_assets,
169 22 : can_get_roles,
170 22 : can_get_my_account,
171 22 : can_get_all_accounts,
172 22 : can_get_domain_accounts,
173 22 : can_get_my_signatories,
174 22 : can_get_all_signatories,
175 22 : can_get_domain_signatories,
176 22 : can_get_my_acc_ast,
177 22 : can_get_all_acc_ast,
178 22 : can_get_domain_acc_ast,
179 22 : can_get_my_acc_detail,
180 22 : can_get_all_acc_detail,
181 22 : can_get_domain_acc_detail,
182 22 : can_get_my_acc_txs,
183 22 : can_get_all_acc_txs,
184 22 : can_get_domain_acc_txs,
185 22 : can_get_my_acc_ast_txs,
186 22 : can_get_all_acc_ast_txs,
187 22 : can_get_domain_acc_ast_txs,
188 22 : can_get_my_txs,
189 22 : can_get_all_txs,
190 22 : can_grant + can_set_my_quorum,
191 22 : can_grant + can_add_my_signatory,
192 22 : can_grant + can_remove_my_signatory,
193 22 : can_grant + can_transfer_my_assets,
194 22 : can_grant + can_set_my_account_detail};
195 :
196 : /* All permissions */
197 : const std::set<std::string> all_perm_group = {
198 22 : can_append_role,
199 22 : can_create_role,
200 22 : can_detach_role,
201 22 : can_add_asset_qty,
202 22 : can_subtract_asset_qty,
203 22 : can_add_peer,
204 22 : can_add_signatory,
205 22 : can_remove_signatory,
206 22 : can_set_quorum,
207 22 : can_create_account,
208 22 : can_set_detail,
209 22 : can_create_asset,
210 22 : can_transfer,
211 22 : can_receive,
212 22 : can_create_domain,
213 22 : can_read_assets,
214 22 : can_get_roles,
215 22 : can_get_my_account,
216 22 : can_get_all_accounts,
217 22 : can_get_domain_accounts,
218 22 : can_get_my_signatories,
219 22 : can_get_all_signatories,
220 22 : can_get_domain_signatories,
221 22 : can_get_my_acc_ast,
222 22 : can_get_all_acc_ast,
223 22 : can_get_domain_acc_ast,
224 22 : can_get_my_acc_detail,
225 22 : can_get_all_acc_detail,
226 22 : can_get_domain_acc_detail,
227 22 : can_get_my_acc_txs,
228 22 : can_get_all_acc_txs,
229 22 : can_get_domain_acc_txs,
230 22 : can_get_my_acc_ast_txs,
231 22 : can_get_all_acc_ast_txs,
232 22 : can_get_domain_acc_ast_txs,
233 22 : can_get_my_txs,
234 22 : can_get_all_txs,
235 22 : can_grant + can_set_my_quorum,
236 22 : can_grant + can_add_my_signatory,
237 22 : can_grant + can_remove_my_signatory,
238 22 : can_grant + can_transfer_my_assets,
239 22 : can_grant + can_set_my_account_detail,
240 : // TODO: IR 1190 kamilsa 30.03.2018 move permissions below to separated group
241 22 : can_add_my_signatory,
242 22 : can_remove_my_signatory,
243 22 : can_set_my_quorum,
244 22 : can_set_my_account_detail,
245 22 : can_transfer_my_assets,
246 22 : can_get_blocks};
247 :
248 : } // namespace shared_model
249 : } // namespace permissions
250 :
251 : #endif // SHARED_MODEL_PERMISSIONS_HPP
|
