hyperledger/iroha
Iroha - A simple, decentralized ledger http://iroha.tech
permissions.hpp
Go to the documentation of this file.
1 
6 #ifndef SHARED_MODEL_PERMISSIONS_HPP
7 #define SHARED_MODEL_PERMISSIONS_HPP
8 
9 #include <set>
10 #include <string>
11 
12 namespace shared_model {
13  namespace permissions {
14 
15  /* ~~~~~~~~ Command-related permissions ~~~~~~~~ */
16 
17  // The set of permissions below refer to the specific commands.
18  // During stateful validations, these permissions are checked
19  // to be assigned to transaction creator.
20 
21  /* Role */
22  const std::string can_append_role = "can_append_role";
23  const std::string can_create_role = "can_create_role";
24  const std::string can_detach_role = "can_detach_role";
25 
26  /* Asset quantity */
27  const std::string can_add_asset_qty = "can_add_asset_qty";
28  const std::string can_subtract_asset_qty = "can_subtract_asset_qty";
29 
30  /* Peer */
31  const std::string can_add_peer = "can_add_peer";
32 
33  /* Signatory */
34  const std::string can_add_signatory = "can_add_signatory";
35  const std::string can_add_my_signatory = "can_add_my_signatory";
36  const std::string can_remove_signatory = "can_remove_signatory";
37  const std::string can_remove_my_signatory = "can_remove_my_signatory";
38  const std::string can_set_quorum = "can_set_quorum";
39  const std::string can_set_my_quorum = "can_set_my_quorum";
40 
41  /* Account */
42  const std::string can_create_account = "can_create_account";
43  const std::string can_set_detail = "can_set_detail";
44  const std::string can_set_my_account_detail = "can_set_my_account_detail";
45 
46  /* Asset */
47  const std::string can_create_asset = "can_create_asset";
48  const std::string can_transfer = "can_transfer";
49  const std::string can_transfer_my_assets = "can_transfer_my_assets";
50  const std::string can_receive = "can_receive";
51 
52  /* Domain */
53  const std::string can_create_domain = "can_create_domain";
54 
55  /* ~~~~~~~~ Query-related permissions ~~~~~~~~ */
56 
57  // The set of permissions below refer to the specific queries.
58  // During stateful validations, these permissions are checked
59  // to be assigned to query creator.
60  // These permissions are divided into three groups:
61  // * my — query creator can query its data
62  // * domain — query creator can only query the data from the domain
63  // where the account was created
64  // * all — query creator can query all the data in the system
65 
66  /* Asset */
67  const std::string can_read_assets = "can_read_assets";
68 
69  /* Roles */
70  const std::string can_get_roles = "can_get_roles";
71 
72  /* Account */
73  const std::string can_get_my_account = "can_get_my_account";
74  const std::string can_get_all_accounts = "can_get_all_accounts";
75  const std::string can_get_domain_accounts = "can_get_domain_accounts";
76 
77  /* Signatories */
78  const std::string can_get_my_signatories = "can_get_my_signatories";
79  const std::string can_get_all_signatories = "can_get_all_signatories";
80  const std::string can_get_domain_signatories = "can_get_domain_signatories";
81 
82  /* Account asset (wallet) */
83  const std::string can_get_my_acc_ast = "can_get_my_acc_ast";
84  const std::string can_get_all_acc_ast = "can_get_all_acc_ast";
85  const std::string can_get_domain_acc_ast = "can_get_domain_acc_ast";
86 
87  /* Account details (JSON key-value map) */
88  const std::string can_get_my_acc_detail = "can_get_my_acc_detail";
89  const std::string can_get_all_acc_detail = "can_get_all_acc_detail";
90  const std::string can_get_domain_acc_detail = "can_get_domain_acc_detail";
91 
92  /* Account transactions */
93  const std::string can_get_my_acc_txs = "can_get_my_acc_txs";
94  const std::string can_get_all_acc_txs = "can_get_all_acc_txs";
95  const std::string can_get_domain_acc_txs = "can_get_domain_acc_txs";
96 
97  /* Account asset transactions */
98  const std::string can_get_my_acc_ast_txs = "can_get_my_acc_ast_txs";
99  const std::string can_get_all_acc_ast_txs = "can_get_all_acc_ast_txs";
100  const std::string can_get_domain_acc_ast_txs = "can_get_domain_acc_ast_txs";
101 
102  /* Account transactions (only mine or for everyone) */
103  const std::string can_get_my_txs = "can_get_my_txs";
104  const std::string can_get_all_txs = "can_get_all_txs";
105 
106  /* Blocks */
107  const std::string can_get_blocks = "can_get_blocks";
108 
109  /* ~~~~~~~~ Groups ~~~~~~~~ */
110  const std::set<std::string> read_self_group = {can_get_my_account,
116  can_get_my_txs};
117 
118  const std::set<std::string> read_all_group = {can_get_all_accounts,
127  can_get_blocks};
128 
129  const std::set<std::string> read_domain_group = {
136  };
137 
138  /* Grantable permissions */
139  const std::string can_grant = "can_grant_";
140  const std::set<std::string> grant_group = {can_grant + can_set_my_quorum,
141  can_grant + can_add_my_signatory,
142  can_grant + can_remove_my_signatory,
143  can_grant + can_transfer_my_assets,
144  can_grant + can_set_my_account_detail};
145 
146  const std::set<std::string> edit_self_group = {
147  can_set_quorum, can_add_signatory, can_remove_signatory};
148 
149  const std::set<std::string> asset_creator_group = {can_create_asset,
150  can_add_asset_qty};
151 
152  const std::set<std::string> role_perm_group = {
158  can_add_peer,
165  can_transfer,
166  can_receive,
190  can_grant + can_set_my_quorum,
191  can_grant + can_add_my_signatory,
192  can_grant + can_remove_my_signatory,
193  can_grant + can_transfer_my_assets,
194  can_grant + can_set_my_account_detail};
195 
196  /* All permissions */
197  const std::set<std::string> all_perm_group = {
203  can_add_peer,
210  can_transfer,
211  can_receive,
235  can_grant + can_set_my_quorum,
236  can_grant + can_add_my_signatory,
237  can_grant + can_remove_my_signatory,
238  can_grant + can_transfer_my_assets,
239  can_grant + can_set_my_account_detail,
240  // TODO: IR 1190 kamilsa 30.03.2018 move permissions below to separated group
246  can_get_blocks};
247 
248  } // namespace shared_model
249 } // namespace permissions
250 
251 #endif // SHARED_MODEL_PERMISSIONS_HPP
const std::string can_subtract_asset_qty
Definition: permissions.hpp:28
const std::string can_transfer
Definition: permissions.hpp:48
const std::string can_add_my_signatory
Definition: permissions.hpp:35
const std::string can_get_my_signatories
Definition: permissions.hpp:78
const std::string can_get_domain_signatories
Definition: permissions.hpp:80
const std::string can_get_domain_acc_txs
Definition: permissions.hpp:95
const std::string can_read_assets
Definition: permissions.hpp:67
const std::string can_get_my_acc_ast
Definition: permissions.hpp:83
const std::string can_get_all_acc_txs
Definition: permissions.hpp:94
const std::set< std::string > all_perm_group
Definition: permissions.hpp:197
const std::set< std::string > asset_creator_group
Definition: permissions.hpp:149
const std::string can_remove_signatory
Definition: permissions.hpp:36
const std::string can_get_domain_accounts
Definition: permissions.hpp:75
const std::string can_transfer_my_assets
Definition: permissions.hpp:49
const std::set< std::string > read_self_group
Definition: permissions.hpp:110
const std::set< std::string > edit_self_group
Definition: permissions.hpp:146
const std::string can_set_my_account_detail
Definition: permissions.hpp:44
const std::string can_get_all_acc_ast_txs
Definition: permissions.hpp:99
const std::string can_get_domain_acc_ast_txs
Definition: permissions.hpp:100
const std::string can_get_all_acc_detail
Definition: permissions.hpp:89
string(REPLACE".""/"CMAKE_SWIG_OUTDIR ${SWIG_JAVA_PKG}) else() set(CMAKE_SWIG_FLAGS"") endif() myswig_add_library(irohajava LANGUAGE java SOURCES bindings.i) unset(CMAKE_SWIG_FLAGS) swig_link_libraries(irohajava $
Definition: CMakeLists.txt:54
const std::string can_grant
Definition: permissions.hpp:139
const std::string can_get_all_txs
Definition: permissions.hpp:104
const std::string can_create_asset
Definition: permissions.hpp:47
const std::string can_remove_my_signatory
Definition: permissions.hpp:37
const std::set< std::string > grant_group
Definition: permissions.hpp:140
const std::string can_set_my_quorum
Definition: permissions.hpp:39
const std::set< std::string > read_domain_group
Definition: permissions.hpp:129
const std::string can_get_all_acc_ast
Definition: permissions.hpp:84
const std::string can_add_signatory
Definition: permissions.hpp:34
const std::string can_get_my_account
Definition: permissions.hpp:73
const std::string can_detach_role
Definition: permissions.hpp:24
const std::set< std::string > read_all_group
Definition: permissions.hpp:118
const std::set< std::string > role_perm_group
Definition: permissions.hpp:152
const std::string can_append_role
Definition: permissions.hpp:22
const std::string can_create_domain
Definition: permissions.hpp:53
const std::string can_set_detail
Definition: permissions.hpp:43
const std::string can_create_role
Definition: permissions.hpp:23
const std::string can_get_all_signatories
Definition: permissions.hpp:79
const std::string can_get_blocks
Definition: permissions.hpp:107
const std::string can_add_peer
Definition: permissions.hpp:31
const std::string can_get_all_accounts
Definition: permissions.hpp:74
const std::string can_get_roles
Definition: permissions.hpp:70
const std::string can_set_quorum
Definition: permissions.hpp:38
const std::string can_add_asset_qty
Definition: permissions.hpp:27
const std::string can_get_my_acc_detail
Definition: permissions.hpp:88
const std::string can_get_domain_acc_detail
Definition: permissions.hpp:90
Definition: command_executor.hpp:12
const std::string can_get_my_txs
Definition: permissions.hpp:103
const std::string can_receive
Definition: permissions.hpp:50
const std::string can_get_my_acc_ast_txs
Definition: permissions.hpp:98
const std::string can_get_my_acc_txs
Definition: permissions.hpp:93
const std::string can_create_account
Definition: permissions.hpp:42
const std::string can_get_domain_acc_ast
Definition: permissions.hpp:85