You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
175 lines
4.2 KiB
175 lines
4.2 KiB
package types
|
|
|
|
import (
|
|
"fmt"
|
|
. "github.com/tendermint/tendermint/common"
|
|
)
|
|
|
|
//------------------------------------------------------------------------------------------------
|
|
|
|
var (
|
|
GlobalPermissionsAddress = Zero256[:20]
|
|
GlobalPermissionsAddress256 = Zero256
|
|
DougAddress = append([]byte{0, 0, 0, 0, 0, 0, 0, 0, 0, 0}, []byte("THISISDOUG")...)
|
|
DougAddress256 = LeftPadWord256(DougAddress)
|
|
)
|
|
|
|
// A particular permission
|
|
type PermFlag uint64
|
|
|
|
// Base permission references are like unix (the index is already bit shifted)
|
|
const (
|
|
Root PermFlag = 1 << iota // 1
|
|
Send // 2
|
|
Call // 4
|
|
CreateContract // 8
|
|
CreateAccount // 16
|
|
Bond // 32
|
|
Name // 64
|
|
|
|
DefaultBBPB = Send | Call | CreateContract | CreateAccount | Bond | Name
|
|
|
|
NumBasePermissions uint = 7
|
|
TopBasePermission PermFlag = 1 << (NumBasePermissions - 1)
|
|
AllSet PermFlag = (1 << 63) - 1 + (1 << 63)
|
|
)
|
|
|
|
//---------------------------------------------------------------------------------------------
|
|
|
|
// Base chain permissions struct
|
|
type BasePermissions struct {
|
|
// bit array with "has"/"doesn't have" for each permission
|
|
Perms PermFlag
|
|
|
|
// bit array with "set"/"not set" for each permission (not-set should fall back to global)
|
|
SetBit PermFlag
|
|
}
|
|
|
|
func NewBasePermissions() *BasePermissions {
|
|
return &BasePermissions{0, 0}
|
|
}
|
|
|
|
// Get a permission value. ty should be a power of 2.
|
|
// ErrValueNotSet is returned if the permission's set bit is off,
|
|
// and should be caught by caller so the global permission can be fetched
|
|
func (p *BasePermissions) Get(ty PermFlag) (bool, error) {
|
|
if ty == 0 {
|
|
return false, ErrInvalidPermission(ty)
|
|
}
|
|
if p.SetBit&ty == 0 {
|
|
return false, ErrValueNotSet(ty)
|
|
}
|
|
return p.Perms&ty > 0, nil
|
|
}
|
|
|
|
// Set a permission bit. Will set the permission's set bit to true.
|
|
func (p *BasePermissions) Set(ty PermFlag, value bool) error {
|
|
if ty == 0 {
|
|
return ErrInvalidPermission(ty)
|
|
}
|
|
p.SetBit |= ty
|
|
if value {
|
|
p.Perms |= ty
|
|
} else {
|
|
p.Perms &= ^ty
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// Set the permission's set bit to false
|
|
func (p *BasePermissions) Unset(ty PermFlag) error {
|
|
if ty == 0 {
|
|
return ErrInvalidPermission(ty)
|
|
}
|
|
p.SetBit &= ^ty
|
|
return nil
|
|
}
|
|
|
|
func (p *BasePermissions) Copy() *BasePermissions {
|
|
if p == nil {
|
|
return nil
|
|
}
|
|
return &BasePermissions{
|
|
Perms: p.Perms,
|
|
SetBit: p.SetBit,
|
|
}
|
|
}
|
|
|
|
func (p *BasePermissions) String() string {
|
|
return fmt.Sprintf("Base: %b; Set: %b", p.Perms, p.SetBit)
|
|
}
|
|
|
|
//---------------------------------------------------------------------------------------------
|
|
|
|
type AccountPermissions struct {
|
|
Base *BasePermissions
|
|
Roles []string
|
|
}
|
|
|
|
func NewAccountPermissions() *AccountPermissions {
|
|
return &AccountPermissions{
|
|
Base: NewBasePermissions(),
|
|
Roles: []string{},
|
|
}
|
|
}
|
|
|
|
// Returns true if the role is found
|
|
func (aP *AccountPermissions) HasRole(role string) bool {
|
|
role = string(LeftPadBytes([]byte(role), 32))
|
|
for _, r := range aP.Roles {
|
|
if r == role {
|
|
return true
|
|
}
|
|
}
|
|
return false
|
|
}
|
|
|
|
// Returns true if the role is added, and false if it already exists
|
|
func (aP *AccountPermissions) AddRole(role string) bool {
|
|
role = string(LeftPadBytes([]byte(role), 32))
|
|
for _, r := range aP.Roles {
|
|
if r == role {
|
|
return false
|
|
}
|
|
}
|
|
aP.Roles = append(aP.Roles, role)
|
|
return true
|
|
}
|
|
|
|
// Returns true if the role is removed, and false if it is not found
|
|
func (aP *AccountPermissions) RmRole(role string) bool {
|
|
role = string(LeftPadBytes([]byte(role), 32))
|
|
for i, r := range aP.Roles {
|
|
if r == role {
|
|
post := []string{}
|
|
if len(aP.Roles) > i+1 {
|
|
post = aP.Roles[i+1:]
|
|
}
|
|
aP.Roles = append(aP.Roles[:i], post...)
|
|
return true
|
|
}
|
|
}
|
|
return false
|
|
}
|
|
|
|
func (aP *AccountPermissions) Copy() *AccountPermissions {
|
|
if aP == nil {
|
|
return nil
|
|
}
|
|
r := make([]string, len(aP.Roles))
|
|
copy(r, aP.Roles)
|
|
return &AccountPermissions{
|
|
Base: aP.Base.Copy(),
|
|
Roles: r,
|
|
}
|
|
}
|
|
|
|
func NewDefaultAccountPermissions() *AccountPermissions {
|
|
return &AccountPermissions{
|
|
Base: &BasePermissions{
|
|
Perms: DefaultBBPB,
|
|
SetBit: AllSet,
|
|
},
|
|
Roles: []string{},
|
|
}
|
|
}
|