github.com/kisexp/xdchain@v0.0.0-20211206025815-490d6b732aa7/permission/v1/contract/PermissionsImplementation.sol (about) 1 pragma solidity ^0.5.3; 2 3 import "./RoleManager.sol"; 4 import "./AccountManager.sol"; 5 import "./VoterManager.sol"; 6 import "./NodeManager.sol"; 7 import "./OrgManager.sol"; 8 import "./PermissionsUpgradable.sol"; 9 10 /** @title Permissions Implementation Contract 11 * @notice This contract holds implementation logic for all permissions 12 related functionality. This can be called only by the interface 13 contract. 14 */ 15 contract PermissionsImplementation { 16 AccountManager private accountManager; 17 RoleManager private roleManager; 18 VoterManager private voterManager; 19 NodeManager private nodeManager; 20 OrgManager private orgManager; 21 PermissionsUpgradable private permUpgradable; 22 23 string private adminOrg; 24 string private adminRole; 25 string private orgAdminRole; 26 27 28 uint256 private fullAccess = 3; 29 30 /** @dev this variable is meant for tracking the initial network boot up 31 once the network boot up is done the value is set to true 32 */ 33 bool private networkBoot = false; 34 35 event PermissionsInitialized(bool _networkBootStatus); 36 37 38 /** @notice modifier to confirm that caller is the interface contract 39 */ 40 modifier onlyInterface{ 41 require(msg.sender == permUpgradable.getPermInterface(), 42 "can be called by interface contract only"); 43 _; 44 } 45 /** @notice modifier to confirm that caller is the upgradable contract 46 */ 47 modifier onlyUpgradeable { 48 require(msg.sender == address(permUpgradable), "invalid caller"); 49 _; 50 } 51 52 /** @notice confirms if the network boot status is equal to passed value 53 * @param _status true/false 54 */ 55 modifier networkBootStatus(bool _status){ 56 require(networkBoot == _status, "Incorrect network boot status"); 57 _; 58 } 59 60 /** @notice confirms that the account passed is network admin account 61 * @param _account account id 62 */ 63 modifier networkAdmin(address _account) { 64 require(isNetworkAdmin(_account) == true, "account is not a network admin account"); 65 _; 66 } 67 68 /** @notice confirms that the account passed is org admin account 69 * @param _account account id 70 * @param _orgId org id to which the account belongs 71 */ 72 modifier orgAdmin(address _account, string memory _orgId) { 73 require(isOrgAdmin(_account, _orgId) == true, "account is not a org admin account"); 74 _; 75 } 76 77 /** @notice confirms that org does not exist 78 * @param _orgId org id 79 */ 80 modifier orgNotExists(string memory _orgId) { 81 require(_checkOrgExists(_orgId) != true, "org exists"); 82 _; 83 } 84 85 /** @notice confirms that org exists 86 * @param _orgId org id 87 */ 88 modifier orgExists(string memory _orgId) { 89 require(_checkOrgExists(_orgId) == true, "org does not exist"); 90 _; 91 } 92 93 /** @notice checks of the passed org id is in approved status 94 * @param _orgId org id 95 */ 96 modifier orgApproved(string memory _orgId) { 97 require(checkOrgApproved(_orgId) == true, "org not in approved status"); 98 _; 99 } 100 101 /** @notice constructor accepts the contracts addresses of other deployed 102 contracts of the permissions model 103 * @param _permUpgradable - address of permissions upgradable contract 104 * @param _orgManager - address of org manager contract 105 * @param _rolesManager - address of role manager contract 106 * @param _accountManager - address of account manager contract 107 * @param _voterManager - address of voter manager contract 108 * @param _nodeManager - address of node manager contract 109 */ 110 constructor (address _permUpgradable, address _orgManager, address _rolesManager, 111 address _accountManager, address _voterManager, address _nodeManager) public { 112 permUpgradable = PermissionsUpgradable(_permUpgradable); 113 orgManager = OrgManager(_orgManager); 114 roleManager = RoleManager(_rolesManager); 115 accountManager = AccountManager(_accountManager); 116 voterManager = VoterManager(_voterManager); 117 nodeManager = NodeManager(_nodeManager); 118 } 119 120 // initial set up related functions 121 /** @notice for permissions its necessary to define the initial admin org 122 id, network admin role id and default org admin role id. this 123 sets these values at the time of network boot up 124 * @param _nwAdminOrg - address of permissions upgradable contract 125 * @param _nwAdminRole - address of org manager contract 126 * @param _oAdminRole - address of role manager contract 127 * @dev this function will be executed only once as part of the boot up 128 */ 129 function setPolicy(string calldata _nwAdminOrg, string calldata _nwAdminRole, 130 string calldata _oAdminRole) external onlyInterface 131 networkBootStatus(false) { 132 adminOrg = _nwAdminOrg; 133 adminRole = _nwAdminRole; 134 orgAdminRole = _oAdminRole; 135 } 136 137 /** @notice when migrating implementation contract, the values of these 138 key values need to be set from the previous implementation 139 contract. this function allows these values to be set 140 * @param _nwAdminOrg - address of permissions upgradable contract 141 * @param _nwAdminRole - address of org manager contract 142 * @param _oAdminRole - address of role manager contract 143 * @param _networkBootStatus - network boot status true/false 144 */ 145 function setMigrationPolicy(string calldata _nwAdminOrg, string calldata _nwAdminRole, 146 string calldata _oAdminRole, bool _networkBootStatus) external onlyUpgradeable 147 networkBootStatus(false) { 148 adminOrg = _nwAdminOrg; 149 adminRole = _nwAdminRole; 150 orgAdminRole = _oAdminRole; 151 networkBoot = _networkBootStatus; 152 } 153 154 /** @notice called at the time of network initialization. sets up 155 network admin org with allowed sub org depth and breadth 156 creates the network admin for the network admin org 157 sets the default values required by account manager contract 158 * @param _breadth - number of sub orgs allowed at parent level 159 * @param _depth - levels of sub org nesting allowed at parent level 160 */ 161 function init(uint256 _breadth, uint256 _depth) external 162 onlyInterface 163 networkBootStatus(false) { 164 orgManager.setUpOrg(adminOrg, _breadth, _depth); 165 roleManager.addRole(adminRole, adminOrg, fullAccess, true, true); 166 accountManager.setDefaults(adminRole, orgAdminRole); 167 } 168 /** @notice as a part of network initialization add all nodes which 169 are part of static-nodes.json as nodes belonging to 170 network admin org 171 * @param _enodeId - full enode id 172 */ 173 function addAdminNode(string calldata _enodeId) external 174 onlyInterface 175 networkBootStatus(false) { 176 nodeManager.addAdminNode(_enodeId, adminOrg); 177 } 178 179 /** @notice as a part of network initialization add all accounts which are 180 passed via permission-config.json as network administrator 181 accounts 182 * @param _account - account id 183 */ 184 function addAdminAccount(address _account) external 185 onlyInterface 186 networkBootStatus(false) { 187 updateVoterList(adminOrg, _account, true); 188 accountManager.assignAdminRole(_account, adminOrg, adminRole, 2); 189 } 190 191 /** @notice once the network initialization is complete, sets the network 192 boot status to true 193 * @return network boot status 194 * @dev this will be called only once from geth as a part of 195 * @dev network initialization 196 */ 197 function updateNetworkBootStatus() external 198 onlyInterface 199 networkBootStatus(false) 200 returns (bool){ 201 networkBoot = true; 202 emit PermissionsInitialized(networkBoot); 203 return networkBoot; 204 } 205 206 /** @notice function to add a new organization to the network. creates org 207 record and marks it as pending approval. adds the passed node 208 node manager contract. adds the account with org admin role to 209 account manager contracts. creates voting record for approval 210 by other network admin accounts 211 * @param _orgId unique organization id 212 * @param _enodeId full enode id linked to the organization 213 * @param _account account id. this will have the org admin privileges 214 */ 215 function addOrg(string calldata _orgId, string calldata _enodeId, 216 address _account, address _caller) external 217 onlyInterface 218 networkBootStatus(true) 219 networkAdmin(_caller) { 220 voterManager.addVotingItem(adminOrg, _orgId, _enodeId, _account, 1); 221 orgManager.addOrg(_orgId); 222 nodeManager.addNode(_enodeId, _orgId); 223 require(validateAccount(_account, _orgId) == true, 224 "Operation cannot be performed"); 225 accountManager.assignAdminRole(_account, _orgId, orgAdminRole, 1); 226 } 227 228 /** @notice functions to approve a pending approval org record by networ 229 admin account. once majority votes are received the org is 230 marked as approved 231 * @param _orgId unique organization id 232 * @param _enodeId full enode id linked to the organization 233 * @param _account account id this will have the org admin privileges 234 */ 235 function approveOrg(string calldata _orgId, string calldata _enodeId, 236 address _account, address _caller) external onlyInterface networkAdmin(_caller) { 237 require(_checkOrgStatus(_orgId, 1) == true, "Nothing to approve"); 238 if ((processVote(adminOrg, _caller, 1))) { 239 orgManager.approveOrg(_orgId); 240 roleManager.addRole(orgAdminRole, _orgId, fullAccess, true, true); 241 nodeManager.approveNode(_enodeId, _orgId); 242 accountManager.addNewAdmin(_orgId, _account); 243 } 244 } 245 246 /** @notice function to create a sub org under a given parent org. 247 * @param _pOrgId parent org id under which the sub org is being added 248 * @param _orgId unique id for the sub organization 249 * @param _enodeId full enode id linked to the sjb organization 250 * @dev _enodeId is optional. parent org id should contain the complete 251 org hierarchy from master org id to the immediate parent. The org 252 hierarchy is separated by. For example, if master org ABC has a 253 sub organization SUB1, then while creating the sub organization at 254 SUB1 level, the parent org should be given as ABC.SUB1 255 */ 256 function addSubOrg(string calldata _pOrgId, string calldata _orgId, 257 string calldata _enodeId, address _caller) external onlyInterface 258 orgExists(_pOrgId) orgAdmin(_caller, _pOrgId) { 259 orgManager.addSubOrg(_pOrgId, _orgId); 260 string memory pOrgId = string(abi.encodePacked(_pOrgId, ".", _orgId)); 261 if (bytes(_enodeId).length > 0) { 262 nodeManager.addOrgNode(_enodeId, pOrgId); 263 } 264 } 265 266 /** @notice function to update the org status. it updates the org status 267 and adds a voting item for network admins to approve 268 * @param _orgId unique id of the organization 269 * @param _action 1 for suspending an org and 2 for revoke of suspension 270 */ 271 function updateOrgStatus(string calldata _orgId, uint256 _action, address _caller) 272 external onlyInterface networkAdmin(_caller) { 273 uint256 pendingOp; 274 pendingOp = orgManager.updateOrg(_orgId, _action); 275 voterManager.addVotingItem(adminOrg, _orgId, "", address(0), pendingOp); 276 } 277 278 /** @notice function to approve org status change. the org status is 279 changed once the majority votes are received from network 280 admin accounts. 281 * @param _orgId unique id for the sub organization 282 * @param _action 1 for suspending an org and 2 for revoke of suspension 283 */ 284 function approveOrgStatus(string calldata _orgId, uint256 _action, address _caller) 285 external onlyInterface networkAdmin(_caller) { 286 require((_action == 1 || _action == 2), "Operation not allowed"); 287 uint256 pendingOp; 288 uint256 orgStatus; 289 if (_action == 1) { 290 pendingOp = 2; 291 orgStatus = 3; 292 } 293 else if (_action == 2) { 294 pendingOp = 3; 295 orgStatus = 5; 296 } 297 require(_checkOrgStatus(_orgId, orgStatus) == true, "operation not allowed"); 298 if ((processVote(adminOrg, _caller, pendingOp))) { 299 orgManager.approveOrgStatusUpdate(_orgId, _action); 300 } 301 } 302 303 // Role related functions 304 305 /** @notice function to add new role definition to an organization 306 can be executed by the org admin account only 307 * @param _roleId unique id for the role 308 * @param _orgId unique id of the organization to which the role belongs 309 * @param _access account access type allowed for the role 310 * @param _voter bool indicates if the role is voter role or not 311 * @param _admin bool indicates if the role is an admin role 312 * @dev account access type can have of the following four values: 313 0 - Read only 314 1 - Transact access 315 2 - Contract deployment access. Can transact as well 316 3 - Full access 317 */ 318 function addNewRole(string calldata _roleId, string calldata _orgId, 319 uint256 _access, bool _voter, bool _admin, address _caller) external 320 onlyInterface orgApproved(_orgId) orgAdmin(_caller, _orgId) { 321 //add new roles can be created by org admins only 322 roleManager.addRole(_roleId, _orgId, _access, _voter, _admin); 323 } 324 325 /** @notice function to remove a role definition from an organization 326 can be executed by the org admin account only 327 * @param _roleId unique id for the role 328 * @param _orgId unique id of the organization to which the role belongs 329 */ 330 function removeRole(string calldata _roleId, string calldata _orgId, 331 address _caller) external onlyInterface orgApproved(_orgId) 332 orgAdmin(_caller, _orgId) { 333 require(((keccak256(abi.encode(_roleId)) != keccak256(abi.encode(adminRole))) && 334 (keccak256(abi.encode(_roleId)) != keccak256(abi.encode(orgAdminRole)))), 335 "admin roles cannot be removed"); 336 roleManager.removeRole(_roleId, _orgId); 337 } 338 339 // Account related functions 340 /** @notice function to assign network admin/org admin role to an account 341 this can be executed by network admin accounts only. it assigns 342 the role to the accounts and creates voting record for network 343 admin accounts 344 * @param _orgId unique id of the organization to which the account belongs 345 * @param _account account id 346 * @param _roleId role id to be assigned to the account 347 */ 348 function assignAdminRole(string calldata _orgId, address _account, 349 string calldata _roleId, address _caller) external 350 onlyInterface orgExists(_orgId) networkAdmin(_caller) { 351 accountManager.assignAdminRole(_account, _orgId, _roleId, 1); 352 //add voting item 353 voterManager.addVotingItem(adminOrg, _orgId, "", _account, 4); 354 } 355 356 /** @notice function to approve network admin/org admin role assigment 357 this can be executed by network admin accounts only. 358 * @param _orgId unique id of the organization to which the account belongs 359 * @param _account account id 360 */ 361 function approveAdminRole(string calldata _orgId, address _account, 362 address _caller) external onlyInterface networkAdmin(_caller) { 363 if ((processVote(adminOrg, _caller, 4))) { 364 (bool ret, address account) = accountManager.removeExistingAdmin(_orgId); 365 if (ret) { 366 updateVoterList(adminOrg, account, false); 367 } 368 bool ret1 = accountManager.addNewAdmin(_orgId, _account); 369 if (ret1) { 370 updateVoterList(adminOrg, _account, true); 371 } 372 } 373 } 374 375 /** @notice function to update account status. can be executed by org admin 376 account only. 377 * @param _orgId unique id of the organization to which the account belongs 378 * @param _account account id 379 * @param _action 1-suspend 2-activate back 3-blacklist 380 */ 381 function updateAccountStatus(string calldata _orgId, address _account, 382 uint256 _action, address _caller) external onlyInterface 383 orgAdmin(_caller, _orgId) { 384 // ensure that the action passed to this call is proper and is not 385 // called with action 4 and 5 which are actions for blacklisted account 386 // recovery 387 require((_action == 1 || _action == 2 || _action == 3), 388 "invalid action. operation not allowed"); 389 accountManager.updateAccountStatus(_orgId, _account, _action); 390 } 391 392 // Node related functions 393 394 /** @notice function to add a new node to the organization. can be invoked 395 org admin account only 396 * @param _orgId unique id of the organization to which the account belongs 397 * @param _enodeId full enode id being dded to the org 398 */ 399 function addNode(string calldata _orgId, string calldata _enodeId, address _caller) 400 external onlyInterface orgApproved(_orgId) orgAdmin(_caller, _orgId) { 401 // check that the node is not part of another org 402 nodeManager.addOrgNode(_enodeId, _orgId); 403 } 404 405 /** @notice function to update node status. can be invoked by org admin 406 account only 407 * @param _orgId unique id of the organization to which the account belongs 408 * @param _enodeId full enode id being dded to the org 409 * @param _action 1-deactivate, 2-activate back, 3-blacklist the node 410 */ 411 function updateNodeStatus(string calldata _orgId, string calldata _enodeId, 412 uint256 _action, address _caller) external onlyInterface 413 orgAdmin(_caller, _orgId) { 414 // ensure that the action passed to this call is proper and is not 415 // called with action 4 and 5 which are actions for blacklisted node 416 // recovery 417 require((_action == 1 || _action == 2 || _action == 3), 418 "invalid action. operation not allowed"); 419 nodeManager.updateNodeStatus(_enodeId, _orgId, _action); 420 } 421 422 /** @notice function to initiate blacklisted nodes recovery. this can be 423 invoked by an network admin account only 424 * @param _orgId unique id of the organization to which the account belongs 425 * @param _enodeId full enode id being dded to the org 426 * @dev this function creates a voting record for other network admins to 427 approve the operation. The recovery is complete only after majority voting 428 */ 429 function startBlacklistedNodeRecovery(string calldata _orgId, string calldata _enodeId, 430 address _caller) external onlyInterface networkAdmin(_caller) { 431 // update the node status as recovery initiated. action for this is 4 432 nodeManager.updateNodeStatus(_enodeId, _orgId, 4); 433 434 // add a voting record with pending op of 5 which corresponds to blacklisted node 435 // recovery 436 voterManager.addVotingItem(adminOrg, _orgId, _enodeId, address(0), 5); 437 } 438 439 /** @notice function to initiate blacklisted nodes recovery. this can be 440 invoked by an network admin account only 441 * @param _orgId unique id of the organization to which the account belongs 442 * @param _enodeId full enode id being dded to the org 443 * @dev this function creates a voting record for other network admins to 444 approve the operation. The recovery is complete only after majority voting 445 */ 446 function approveBlacklistedNodeRecovery(string calldata _orgId, string calldata _enodeId, 447 address _caller) external onlyInterface networkAdmin(_caller) { 448 // check if majority votes are received. pending op type is passed as 5 449 // which stands for black listed node recovery 450 if ((processVote(adminOrg, _caller, 5))) { 451 // update the node back to active 452 nodeManager.updateNodeStatus(_enodeId, _orgId, 5); 453 } 454 } 455 456 /** @notice function to initaite blacklisted nodes recovery. this can be 457 invoked by an network admin account only 458 * @param _orgId unique id of the organization to which the account belongs 459 * @param _account account id being dded to the org 460 * @dev this function creates a voting record for other network admins to 461 approve the operation. The recovery is complete only after majority voting 462 */ 463 function startBlacklistedAccountRecovery(string calldata _orgId, address _account, 464 address _caller) external onlyInterface networkAdmin(_caller) { 465 // update the account status as recovery initiated. action for this is 4 466 accountManager.updateAccountStatus(_orgId, _account, 4); 467 // add a voting record with pending op of 5 which corresponds to blacklisted node 468 // recovery 469 voterManager.addVotingItem(adminOrg, _orgId, "", _account, 6); 470 } 471 472 /** @notice function to initaite blacklisted nodes recovery. this can be 473 invoked by an network admin account only 474 * @param _orgId unique id of the organization to which the account belongs 475 * @param _account account id being dded to the org 476 * @dev this function creates a voting record for other network admins to 477 approve the operation. The recovery is complete only after majority voting 478 */ 479 function approveBlacklistedAccountRecovery(string calldata _orgId, address _account, 480 address _caller) external onlyInterface networkAdmin(_caller) { 481 // check if majority votes are received. pending op type is passed as 6 482 // which stands for black listed account recovery 483 if ((processVote(adminOrg, _caller, 6))) { 484 // update the node back to active 485 accountManager.updateAccountStatus(_orgId, _account, 5); 486 } 487 } 488 489 /** @notice function to fetch network boot status 490 * @return bool network boot status 491 */ 492 function getNetworkBootStatus() external view 493 returns (bool){ 494 return networkBoot; 495 } 496 497 /** @notice function to fetch detail of any pending approval activities 498 for network admin organization 499 * @param _orgId unique id of the organization to which the account belongs 500 */ 501 function getPendingOp(string calldata _orgId) external view 502 returns (string memory, string memory, address, uint256){ 503 return voterManager.getPendingOpDetails(_orgId); 504 } 505 506 /** @notice function to assigns a role id to the account given account 507 can be executed by org admin account only 508 * @param _account account id 509 * @param _orgId organization id to which the account belongs 510 * @param _roleId role id to be assigned to the account 511 */ 512 function assignAccountRole(address _account, string memory _orgId, 513 string memory _roleId, address _caller) public 514 onlyInterface 515 orgAdmin(_caller, _orgId) 516 orgApproved(_orgId) { 517 require(validateAccount(_account, _orgId) == true, "operation cannot be performed"); 518 require(_roleExists(_roleId, _orgId) == true, "role does not exists"); 519 bool admin = roleManager.isAdminRole(_roleId, _orgId, _getUltimateParent(_orgId)); 520 accountManager.assignAccountRole(_account, _orgId, _roleId, admin); 521 } 522 523 /** @notice function to check if passed account is an network admin account 524 * @param _account account id 525 * @return true/false 526 */ 527 function isNetworkAdmin(address _account) public view 528 returns (bool){ 529 return (keccak256(abi.encode(accountManager.getAccountRole(_account))) == keccak256(abi.encode(adminRole))); 530 } 531 532 /** @notice function to check if passed account is an org admin account 533 * @param _account account id 534 * @param _orgId organization id 535 * @return true/false 536 */ 537 function isOrgAdmin(address _account, string memory _orgId) public view 538 returns (bool){ 539 if (accountManager.checkOrgAdmin(_account, _orgId, _getUltimateParent(_orgId))) { 540 return true; 541 } 542 return roleManager.isAdminRole(accountManager.getAccountRole(_account), _orgId, 543 _getUltimateParent(_orgId)); 544 } 545 546 /** @notice function to validate the account for access change operation 547 * @param _account account id 548 * @param _orgId organization id 549 * @return true/false 550 */ 551 function validateAccount(address _account, string memory _orgId) public view 552 returns (bool){ 553 return (accountManager.validateAccount(_account, _orgId)); 554 } 555 556 /** @notice function to update the voter list at network level. this will 557 be called whenever an account is assigned a network admin role 558 or an account having network admin role is being assigned 559 different role 560 * @param _orgId org id to which the account belongs 561 * @param _account account which needs to be added/removed as voter 562 * @param _add bool indicating if its an add or delete operation 563 */ 564 function updateVoterList(string memory _orgId, address _account, bool _add) internal { 565 if (_add) { 566 voterManager.addVoter(_orgId, _account); 567 } 568 else { 569 voterManager.deleteVoter(_orgId, _account); 570 } 571 } 572 573 /** @notice whenever a network admin account votes on a pending item, this 574 function processes the vote. 575 * @param _orgId org id of the caller 576 * @param _caller account which approving the operation 577 * @param _pendingOp operation for which the approval is being done 578 * @dev the list of pending ops are managed in voter manager contract 579 */ 580 function processVote(string memory _orgId, address _caller, uint256 _pendingOp) internal 581 returns (bool){ 582 return voterManager.processVote(_orgId, _caller, _pendingOp); 583 } 584 585 /** @notice returns various permissions policy related parameters 586 * @return adminOrg admin org id 587 * @return adminRole default network admin role 588 * @return orgAdminRole default org admin role 589 * @return networkBoot network boot status 590 */ 591 function getPolicyDetails() external view 592 returns (string memory, string memory, string memory, bool){ 593 return (adminOrg, adminRole, orgAdminRole, networkBoot); 594 } 595 596 /** @notice checks if the passed org exists or not 597 * @param _orgId org id 598 * @return true/false 599 */ 600 function _checkOrgExists(string memory _orgId) internal view 601 returns (bool){ 602 return orgManager.checkOrgExists(_orgId); 603 } 604 605 /** @notice checks if the passed org is in approved status 606 * @param _orgId org id 607 * @return true/false 608 */ 609 function checkOrgApproved(string memory _orgId) internal view 610 returns (bool){ 611 return orgManager.checkOrgStatus(_orgId, 2); 612 } 613 614 /** @notice checks if the passed org is in the status passed 615 * @param _orgId org id 616 * @param _status status to be checked for 617 * @return true/false 618 */ 619 function _checkOrgStatus(string memory _orgId, uint256 _status) internal view 620 returns (bool){ 621 return orgManager.checkOrgStatus(_orgId, _status); 622 } 623 624 /** @notice checks if org admin account exists for the passed org id 625 * @param _orgId org id 626 * @return true/false 627 */ 628 function _checkOrgAdminExists(string memory _orgId) internal view 629 returns (bool){ 630 return accountManager.orgAdminExists(_orgId); 631 } 632 633 /** @notice checks if role id exists for the passed org_id 634 * @param _roleId role id 635 * @param _orgId org id 636 * @return true/false 637 */ 638 function _roleExists(string memory _roleId, string memory _orgId) internal view 639 returns (bool){ 640 return roleManager.roleExists(_roleId, _orgId, _getUltimateParent(_orgId)); 641 } 642 643 /** @notice checks if the role id for the org is a voter role 644 * @param _roleId role id 645 * @param _orgId org id 646 * @return true/false 647 */ 648 function _isVoterRole(string memory _roleId, string memory _orgId) internal view 649 returns (bool){ 650 return roleManager.isVoterRole(_roleId, _orgId, _getUltimateParent(_orgId)); 651 } 652 653 /** @notice returns the ultimate parent for a given org id 654 * @param _orgId org id 655 * @return ultimate parent org id 656 */ 657 function _getUltimateParent(string memory _orgId) internal view 658 returns (string memory){ 659 return orgManager.getUltimateParent(_orgId); 660 } 661 662 }