github.com/kisexp/xdchain@v0.0.0-20211206025815-490d6b732aa7/permission/v2/contract/PermissionsImplementation.sol (about) 1 pragma solidity ^0.5.3; 2 3 import "./RoleManager.sol"; 4 import "./AccountManager.sol"; 5 import "./VoterManager.sol"; 6 import "./NodeManager.sol"; 7 import "./OrgManager.sol"; 8 import "./PermissionsUpgradable.sol"; 9 10 /** @title Permissions Implementation Contract 11 * @notice This contract holds implementation logic for all permissions 12 related functionality. This can be called only by the interface 13 contract. 14 */ 15 contract PermissionsImplementation { 16 AccountManager private accountManager; 17 RoleManager private roleManager; 18 VoterManager private voterManager; 19 NodeManager private nodeManager; 20 OrgManager private orgManager; 21 PermissionsUpgradable private permUpgradable; 22 23 string private adminOrg; 24 string private adminRole; 25 string private orgAdminRole; 26 27 28 uint256 private fullAccess = 3; 29 30 /** @dev this variable is meant for tracking the initial network boot up 31 once the network boot up is done the value is set to true 32 */ 33 bool private networkBoot = false; 34 35 event PermissionsInitialized(bool _networkBootStatus); 36 37 38 /** @notice modifier to confirm that caller is the interface contract 39 */ 40 modifier onlyInterface{ 41 require(msg.sender == permUpgradable.getPermInterface(), 42 "can be called by interface contract only"); 43 _; 44 } 45 /** @notice modifier to confirm that caller is the upgradable contract 46 */ 47 modifier onlyUpgradeable { 48 require(msg.sender == address(permUpgradable), "invalid caller"); 49 _; 50 } 51 52 /** @notice confirms if the network boot status is equal to passed value 53 * @param _status true/false 54 */ 55 modifier networkBootStatus(bool _status){ 56 require(networkBoot == _status, "Incorrect network boot status"); 57 _; 58 } 59 60 /** @notice confirms that the account passed is network admin account 61 * @param _account account id 62 */ 63 modifier networkAdmin(address _account) { 64 require(isNetworkAdmin(_account) == true, "account is not a network admin account"); 65 _; 66 } 67 68 /** @notice confirms that the account passed is org admin account 69 * @param _account account id 70 * @param _orgId org id to which the account belongs 71 */ 72 modifier orgAdmin(address _account, string memory _orgId) { 73 require(isOrgAdmin(_account, _orgId) == true, "account is not a org admin account"); 74 _; 75 } 76 77 /** @notice confirms that org does not exist 78 * @param _orgId org id 79 */ 80 modifier orgNotExists(string memory _orgId) { 81 require(_checkOrgExists(_orgId) != true, "org exists"); 82 _; 83 } 84 85 /** @notice confirms that org exists 86 * @param _orgId org id 87 */ 88 modifier orgExists(string memory _orgId) { 89 require(_checkOrgExists(_orgId) == true, "org does not exist"); 90 _; 91 } 92 93 /** @notice checks of the passed org id is in approved status 94 * @param _orgId org id 95 */ 96 modifier orgApproved(string memory _orgId) { 97 require(checkOrgApproved(_orgId) == true, "org not in approved status"); 98 _; 99 } 100 101 /** @notice constructor accepts the contracts addresses of other deployed 102 contracts of the permissions model 103 * @param _permUpgradable - address of permissions upgradable contract 104 * @param _orgManager - address of org manager contract 105 * @param _rolesManager - address of role manager contract 106 * @param _accountManager - address of account manager contract 107 * @param _voterManager - address of voter manager contract 108 * @param _nodeManager - address of node manager contract 109 */ 110 constructor (address _permUpgradable, address _orgManager, address _rolesManager, 111 address _accountManager, address _voterManager, address _nodeManager) public { 112 permUpgradable = PermissionsUpgradable(_permUpgradable); 113 orgManager = OrgManager(_orgManager); 114 roleManager = RoleManager(_rolesManager); 115 accountManager = AccountManager(_accountManager); 116 voterManager = VoterManager(_voterManager); 117 nodeManager = NodeManager(_nodeManager); 118 } 119 120 // initial set up related functions 121 /** @notice for permissions its necessary to define the initial admin org 122 id, network admin role id and default org admin role id. this 123 sets these values at the time of network boot up 124 * @param _nwAdminOrg - address of permissions upgradable contract 125 * @param _nwAdminRole - address of org manager contract 126 * @param _oAdminRole - address of role manager contract 127 * @dev this function will be executed only once as part of the boot up 128 */ 129 function setPolicy(string calldata _nwAdminOrg, string calldata _nwAdminRole, 130 string calldata _oAdminRole) external onlyInterface 131 networkBootStatus(false) { 132 adminOrg = _nwAdminOrg; 133 adminRole = _nwAdminRole; 134 orgAdminRole = _oAdminRole; 135 } 136 137 /** @notice when migrating implementation contract, the values of these 138 key values need to be set from the previous implementation 139 contract. this function allows these values to be set 140 * @param _nwAdminOrg - address of permissions upgradable contract 141 * @param _nwAdminRole - address of org manager contract 142 * @param _oAdminRole - address of role manager contract 143 * @param _networkBootStatus - network boot status true/false 144 */ 145 function setMigrationPolicy(string calldata _nwAdminOrg, string calldata _nwAdminRole, 146 string calldata _oAdminRole, bool _networkBootStatus) external onlyUpgradeable 147 networkBootStatus(false) { 148 adminOrg = _nwAdminOrg; 149 adminRole = _nwAdminRole; 150 orgAdminRole = _oAdminRole; 151 networkBoot = _networkBootStatus; 152 } 153 154 /** @notice called at the time of network initialization. sets up 155 network admin org with allowed sub org depth and breadth 156 creates the network admin for the network admin org 157 sets the default values required by account manager contract 158 * @param _breadth - number of sub orgs allowed at parent level 159 * @param _depth - levels of sub org nesting allowed at parent level 160 */ 161 function init(uint256 _breadth, uint256 _depth) external 162 onlyInterface 163 networkBootStatus(false) { 164 orgManager.setUpOrg(adminOrg, _breadth, _depth); 165 roleManager.addRole(adminRole, adminOrg, fullAccess, true, true); 166 accountManager.setDefaults(adminRole, orgAdminRole); 167 } 168 /** @notice as a part of network initialization add all nodes which 169 are part of static-nodes.json as nodes belonging to 170 network admin org 171 * @param _enodeId - enode id 172 * @param _ip IP of node 173 * @param _port tcp port of node 174 * @param _raftport raft port of node 175 */ 176 function addAdminNode(string calldata _enodeId, string calldata _ip, uint16 _port, uint16 _raftport) external 177 onlyInterface 178 networkBootStatus(false) { 179 nodeManager.addAdminNode(_enodeId, _ip, _port, _raftport, adminOrg); 180 } 181 182 /** @notice as a part of network initialization add all accounts which are 183 passed via permission-config.json as network administrator 184 accounts 185 * @param _account - account id 186 */ 187 function addAdminAccount(address _account) external 188 onlyInterface 189 networkBootStatus(false) { 190 updateVoterList(adminOrg, _account, true); 191 accountManager.assignAdminRole(_account, adminOrg, adminRole, 2); 192 } 193 194 /** @notice once the network initialization is complete, sets the network 195 boot status to true 196 * @return network boot status 197 * @dev this will be called only once from geth as a part of 198 * @dev network initialization 199 */ 200 function updateNetworkBootStatus() external 201 onlyInterface 202 networkBootStatus(false) 203 returns (bool){ 204 networkBoot = true; 205 emit PermissionsInitialized(networkBoot); 206 return networkBoot; 207 } 208 209 /** @notice function to add a new organization to the network. creates org 210 record and marks it as pending approval. adds the passed node 211 node manager contract. adds the account with org admin role to 212 account manager contracts. creates voting record for approval 213 by other network admin accounts 214 * @param _orgId unique organization id 215 * @param _enodeId enode id linked to the organization 216 * @param _ip IP of node 217 * @param _port tcp port of node 218 * @param _raftport raft port of node 219 * @param _account account id. this will have the org admin privileges 220 */ 221 function addOrg(string memory _orgId, string memory _enodeId, 222 string memory _ip, uint16 _port, uint16 _raftport, address _account, address _caller) public 223 onlyInterface 224 { 225 require(networkBoot == true, "Incorrect network boot status"); 226 require(isNetworkAdmin(_caller) == true, "account is not a network admin account"); 227 voterManager.addVotingItem(adminOrg, _orgId, _enodeId, _account, 1); 228 orgManager.addOrg(_orgId); 229 nodeManager.addNode(_enodeId, _ip, _port, _raftport, _orgId); 230 require(validateAccount(_account, _orgId) == true, 231 "Operation cannot be performed"); 232 accountManager.assignAdminRole(_account, _orgId, orgAdminRole, 1); 233 } 234 235 /** @notice functions to approve a pending approval org record by networ 236 admin account. once majority votes are received the org is 237 marked as approved 238 * @param _orgId unique organization id 239 * @param _enodeId enode id linked to the organization 240 * @param _ip IP of node 241 * @param _port tcp port of node 242 * @param _raftport raft port of node 243 * @param _account account id this will have the org admin privileges 244 */ 245 function approveOrg(string memory _orgId, string memory _enodeId, string memory _ip, uint16 _port, uint16 _raftport, 246 address _account, address _caller) public 247 onlyInterface 248 { 249 require(isNetworkAdmin(_caller) == true, "account is not a network admin account"); 250 require(_checkOrgStatus(_orgId, 1) == true, "Nothing to approve"); 251 if ((processVote(adminOrg, _caller, 1))) { 252 orgManager.approveOrg(_orgId); 253 roleManager.addRole(orgAdminRole, _orgId, fullAccess, true, true); 254 nodeManager.approveNode(_enodeId, _ip, _port, _raftport, _orgId); 255 accountManager.addNewAdmin(_orgId, _account); 256 } 257 } 258 259 /** @notice function to create a sub org under a given parent org. 260 * @param _pOrgId parent org id under which the sub org is being added 261 * @param _orgId unique id for the sub organization 262 * @param _enodeId enode id linked to the sjb organization 263 * @param _ip IP of node 264 * @param _port tcp port of node 265 * @param _raftport raft port of node 266 * @dev _enodeId is optional. parent org id should contain the complete 267 org hierarchy from master org id to the immediate parent. The org 268 hierarchy is separated by. For example, if master org ABC has a 269 sub organization SUB1, then while creating the sub organization at 270 SUB1 level, the parent org should be given as ABC.SUB1 271 */ 272 function addSubOrg(string calldata _pOrgId, string calldata _orgId, 273 string calldata _enodeId, string calldata _ip, uint16 _port, uint16 _raftport, address _caller) external onlyInterface 274 orgExists(_pOrgId) orgAdmin(_caller, _pOrgId) { 275 orgManager.addSubOrg(_pOrgId, _orgId); 276 string memory pOrgId = string(abi.encodePacked(_pOrgId, ".", _orgId)); 277 if (bytes(_enodeId).length > 0) { 278 nodeManager.addOrgNode(_enodeId, _ip, _port, _raftport, pOrgId); 279 } 280 } 281 282 /** @notice function to update the org status. it updates the org status 283 and adds a voting item for network admins to approve 284 * @param _orgId unique id of the organization 285 * @param _action 1 for suspending an org and 2 for revoke of suspension 286 */ 287 function updateOrgStatus(string calldata _orgId, uint256 _action, address _caller) 288 external onlyInterface networkAdmin(_caller) { 289 uint256 pendingOp; 290 pendingOp = orgManager.updateOrg(_orgId, _action); 291 voterManager.addVotingItem(adminOrg, _orgId, "", address(0), pendingOp); 292 } 293 294 /** @notice function to approve org status change. the org status is 295 changed once the majority votes are received from network 296 admin accounts. 297 * @param _orgId unique id for the sub organization 298 * @param _action 1 for suspending an org and 2 for revoke of suspension 299 */ 300 function approveOrgStatus(string calldata _orgId, uint256 _action, address _caller) 301 external onlyInterface networkAdmin(_caller) { 302 require((_action == 1 || _action == 2), "Operation not allowed"); 303 uint256 pendingOp; 304 uint256 orgStatus; 305 if (_action == 1) { 306 pendingOp = 2; 307 orgStatus = 3; 308 } 309 else if (_action == 2) { 310 pendingOp = 3; 311 orgStatus = 5; 312 } 313 require(_checkOrgStatus(_orgId, orgStatus) == true, "operation not allowed"); 314 if ((processVote(adminOrg, _caller, pendingOp))) { 315 orgManager.approveOrgStatusUpdate(_orgId, _action); 316 } 317 } 318 319 // Role related functions 320 321 /** @notice function to add new role definition to an organization 322 can be executed by the org admin account only 323 * @param _roleId unique id for the role 324 * @param _orgId unique id of the organization to which the role belongs 325 * @param _access account access type allowed for the role 326 * @param _voter bool indicates if the role is voter role or not 327 * @param _admin bool indicates if the role is an admin role 328 * @dev account access type can have of the following four values: 329 0 - Read only 330 1 - value transfer 331 2 - contract deploy 332 3 - full access 333 4 - contract call 334 5 - value transfer and contract call 335 6 - value transfer and contract deploy 336 7 - contract call and deploy 337 */ 338 function addNewRole(string calldata _roleId, string calldata _orgId, 339 uint256 _access, bool _voter, bool _admin, address _caller) external 340 onlyInterface orgApproved(_orgId) orgAdmin(_caller, _orgId) { 341 //add new roles can be created by org admins only 342 roleManager.addRole(_roleId, _orgId, _access, _voter, _admin); 343 } 344 345 /** @notice function to remove a role definition from an organization 346 can be executed by the org admin account only 347 * @param _roleId unique id for the role 348 * @param _orgId unique id of the organization to which the role belongs 349 */ 350 function removeRole(string calldata _roleId, string calldata _orgId, 351 address _caller) external onlyInterface orgApproved(_orgId) 352 orgAdmin(_caller, _orgId) { 353 require(((keccak256(abi.encode(_roleId)) != keccak256(abi.encode(adminRole))) && 354 (keccak256(abi.encode(_roleId)) != keccak256(abi.encode(orgAdminRole)))), 355 "admin roles cannot be removed"); 356 roleManager.removeRole(_roleId, _orgId); 357 } 358 359 // Account related functions 360 /** @notice function to assign network admin/org admin role to an account 361 this can be executed by network admin accounts only. it assigns 362 the role to the accounts and creates voting record for network 363 admin accounts 364 * @param _orgId unique id of the organization to which the account belongs 365 * @param _account account id 366 * @param _roleId role id to be assigned to the account 367 */ 368 function assignAdminRole(string calldata _orgId, address _account, 369 string calldata _roleId, address _caller) external 370 onlyInterface orgExists(_orgId) networkAdmin(_caller) { 371 accountManager.assignAdminRole(_account, _orgId, _roleId, 1); 372 //add voting item 373 voterManager.addVotingItem(adminOrg, _orgId, "", _account, 4); 374 } 375 376 /** @notice function to approve network admin/org admin role assigment 377 this can be executed by network admin accounts only. 378 * @param _orgId unique id of the organization to which the account belongs 379 * @param _account account id 380 */ 381 function approveAdminRole(string calldata _orgId, address _account, 382 address _caller) external onlyInterface networkAdmin(_caller) { 383 if ((processVote(adminOrg, _caller, 4))) { 384 (bool ret, address account) = accountManager.removeExistingAdmin(_orgId); 385 if (ret) { 386 updateVoterList(adminOrg, account, false); 387 } 388 bool ret1 = accountManager.addNewAdmin(_orgId, _account); 389 if (ret1) { 390 updateVoterList(adminOrg, _account, true); 391 } 392 } 393 } 394 395 /** @notice function to update account status. can be executed by org admin 396 account only. 397 * @param _orgId unique id of the organization to which the account belongs 398 * @param _account account id 399 * @param _action 1-suspend 2-activate back 3-blacklist 400 */ 401 function updateAccountStatus(string calldata _orgId, address _account, 402 uint256 _action, address _caller) external onlyInterface 403 orgAdmin(_caller, _orgId) { 404 // ensure that the action passed to this call is proper and is not 405 // called with action 4 and 5 which are actions for blacklisted account 406 // recovery 407 require((_action == 1 || _action == 2 || _action == 3), 408 "invalid action. operation not allowed"); 409 accountManager.updateAccountStatus(_orgId, _account, _action); 410 } 411 412 // Node related functions 413 414 /** @notice function to add a new node to the organization. can be invoked 415 org admin account only 416 * @param _orgId unique id of the organization to which the account belongs 417 * @param _enodeId enode id being dded to the org 418 * @param _ip IP of node 419 * @param _port tcp port of node 420 * @param _raftport raft port of node 421 422 */ 423 function addNode(string memory _orgId, string memory _enodeId, string memory _ip, uint16 _port, uint16 _raftport, address _caller) 424 public 425 onlyInterface 426 orgApproved(_orgId) 427 { 428 // check that the node is not part of another org 429 require(isOrgAdmin(_caller, _orgId) == true, "account is not a org admin account"); 430 nodeManager.addOrgNode(_enodeId, _ip, _port, _raftport, _orgId); 431 } 432 433 /** @notice function to update node status. can be invoked by org admin 434 account only 435 * @param _orgId unique id of the organization to which the account belongs 436 * @param _enodeId enode id being dded to the org 437 * @param _ip IP of node 438 * @param _port tcp port of node 439 * @param _raftport raft port of node 440 * @param _action 1-deactivate, 2-activate back, 3-blacklist the node 441 */ 442 function updateNodeStatus(string memory _orgId, string memory _enodeId, string memory _ip, uint16 _port, uint16 _raftport, 443 uint256 _action, address _caller) public 444 onlyInterface 445 { 446 require(isOrgAdmin(_caller, _orgId) == true, "account is not a org admin account"); 447 // ensure that the action passed to this call is proper and is not 448 // called with action 4 and 5 which are actions for blacklisted node 449 // recovery 450 require((_action == 1 || _action == 2 || _action == 3), 451 "invalid action. operation not allowed"); 452 nodeManager.updateNodeStatus(_enodeId, _ip, _port, _raftport, _orgId, _action); 453 } 454 455 /** @notice function to initiate blacklisted nodes recovery. this can be 456 invoked by an network admin account only 457 * @param _orgId unique id of the organization to which the account belongs 458 * @param _enodeId enode id being dded to the org 459 * @param _ip IP of node 460 * @param _port tcp port of node 461 * @param _raftport raft port of node 462 * @dev this function creates a voting record for other network admins to 463 approve the operation. The recovery is complete only after majority voting 464 */ 465 function startBlacklistedNodeRecovery(string memory _orgId, string memory _enodeId, string memory _ip, uint16 _port, uint16 _raftport, 466 address _caller) public 467 onlyInterface 468 networkAdmin(_caller) 469 { 470 // update the node status as recovery initiated. action for this is 4 471 nodeManager.updateNodeStatus(_enodeId, _ip, _port, _raftport, _orgId, 4); 472 473 // add a voting record with pending op of 5 which corresponds to blacklisted node 474 // recovery 475 voterManager.addVotingItem(adminOrg, _orgId, _enodeId, address(0), 5); 476 } 477 478 /** @notice function to initiate blacklisted nodes recovery. this can be 479 invoked by an network admin account only 480 * @param _orgId unique id of the organization to which the account belongs 481 * @param _enodeId enode id being dded to the org 482 * @param _ip IP of node 483 * @param _port tcp port of node 484 * @param _raftport raft port of node 485 * @dev this function creates a voting record for other network admins to 486 approve the operation. The recovery is complete only after majority voting 487 */ 488 function approveBlacklistedNodeRecovery(string memory _orgId, string memory _enodeId, string memory _ip, uint16 _port, uint16 _raftport, 489 address _caller) public 490 onlyInterface 491 networkAdmin(_caller) 492 { 493 // check if majority votes are received. pending op type is passed as 5 494 // which stands for black listed node recovery 495 if ((processVote(adminOrg, _caller, 5))) { 496 // update the node back to active 497 nodeManager.updateNodeStatus(_enodeId, _ip, _port, _raftport, _orgId, 5); 498 } 499 } 500 501 /** @notice function to initaite blacklisted nodes recovery. this can be 502 invoked by an network admin account only 503 * @param _orgId unique id of the organization to which the account belongs 504 * @param _account account id being dded to the org 505 * @dev this function creates a voting record for other network admins to 506 approve the operation. The recovery is complete only after majority voting 507 */ 508 function startBlacklistedAccountRecovery(string calldata _orgId, address _account, 509 address _caller) external 510 onlyInterface 511 networkAdmin(_caller) 512 { 513 // update the account status as recovery initiated. action for this is 4 514 accountManager.updateAccountStatus(_orgId, _account, 4); 515 // add a voting record with pending op of 5 which corresponds to blacklisted node 516 // recovery 517 voterManager.addVotingItem(adminOrg, _orgId, "", _account, 6); 518 } 519 520 /** @notice function to initaite blacklisted nodes recovery. this can be 521 invoked by an network admin account only 522 * @param _orgId unique id of the organization to which the account belongs 523 * @param _account account id being dded to the org 524 * @dev this function creates a voting record for other network admins to 525 approve the operation. The recovery is complete only after majority voting 526 */ 527 function approveBlacklistedAccountRecovery(string calldata _orgId, address _account, 528 address _caller) external 529 onlyInterface 530 networkAdmin(_caller) { 531 // check if majority votes are received. pending op type is passed as 6 532 // which stands for black listed account recovery 533 if ((processVote(adminOrg, _caller, 6))) { 534 // update the node back to active 535 accountManager.updateAccountStatus(_orgId, _account, 5); 536 } 537 } 538 539 /** @notice function to fetch network boot status 540 * @return bool network boot status 541 */ 542 function getNetworkBootStatus() external view 543 returns (bool){ 544 return networkBoot; 545 } 546 547 /** @notice function to fetch detail of any pending approval activities 548 for network admin organization 549 * @param _orgId unique id of the organization to which the account belongs 550 */ 551 function getPendingOp(string calldata _orgId) external view 552 returns (string memory, string memory, address, uint256){ 553 return voterManager.getPendingOpDetails(_orgId); 554 } 555 556 /** @notice function to assigns a role id to the account given account 557 can be executed by org admin account only 558 * @param _account account id 559 * @param _orgId organization id to which the account belongs 560 * @param _roleId role id to be assigned to the account 561 */ 562 function assignAccountRole(address _account, string memory _orgId, 563 string memory _roleId, address _caller) public 564 onlyInterface 565 orgAdmin(_caller, _orgId) 566 orgApproved(_orgId) { 567 require(validateAccount(_account, _orgId) == true, "operation cannot be performed"); 568 require(_roleExists(_roleId, _orgId) == true, "role does not exists"); 569 bool admin = roleManager.isAdminRole(_roleId, _orgId, _getUltimateParent(_orgId)); 570 accountManager.assignAccountRole(_account, _orgId, _roleId, admin); 571 } 572 573 /** @notice function to check if passed account is an network admin account 574 * @param _account account id 575 * @return true/false 576 */ 577 function isNetworkAdmin(address _account) public view 578 returns (bool){ 579 return (keccak256(abi.encode(accountManager.getAccountRole(_account))) == keccak256(abi.encode(adminRole))); 580 } 581 582 /** @notice function to check if passed account is an org admin account 583 * @param _account account id 584 * @param _orgId organization id 585 * @return true/false 586 */ 587 function isOrgAdmin(address _account, string memory _orgId) public view 588 returns (bool){ 589 if (accountManager.checkOrgAdmin(_account, _orgId, _getUltimateParent(_orgId))) { 590 return true; 591 } 592 return roleManager.isAdminRole(accountManager.getAccountRole(_account), _orgId, 593 _getUltimateParent(_orgId)); 594 } 595 596 /** @notice function to validate the account for access change operation 597 * @param _account account id 598 * @param _orgId organization id 599 * @return true/false 600 */ 601 function validateAccount(address _account, string memory _orgId) public view 602 returns (bool){ 603 return (accountManager.validateAccount(_account, _orgId)); 604 } 605 606 /** @notice function to update the voter list at network level. this will 607 be called whenever an account is assigned a network admin role 608 or an account having network admin role is being assigned 609 different role 610 * @param _orgId org id to which the account belongs 611 * @param _account account which needs to be added/removed as voter 612 * @param _add bool indicating if its an add or delete operation 613 */ 614 function updateVoterList(string memory _orgId, address _account, bool _add) internal { 615 if (_add) { 616 voterManager.addVoter(_orgId, _account); 617 } 618 else { 619 voterManager.deleteVoter(_orgId, _account); 620 } 621 } 622 623 /** @notice whenever a network admin account votes on a pending item, this 624 function processes the vote. 625 * @param _orgId org id of the caller 626 * @param _caller account which approving the operation 627 * @param _pendingOp operation for which the approval is being done 628 * @dev the list of pending ops are managed in voter manager contract 629 */ 630 function processVote(string memory _orgId, address _caller, uint256 _pendingOp) internal 631 returns (bool){ 632 return voterManager.processVote(_orgId, _caller, _pendingOp); 633 } 634 635 /** @notice returns various permissions policy related parameters 636 * @return adminOrg admin org id 637 * @return adminRole default network admin role 638 * @return orgAdminRole default org admin role 639 * @return networkBoot network boot status 640 */ 641 function getPolicyDetails() external view 642 returns (string memory, string memory, string memory, bool){ 643 return (adminOrg, adminRole, orgAdminRole, networkBoot); 644 } 645 646 /** @notice checks if the passed org exists or not 647 * @param _orgId org id 648 * @return true/false 649 */ 650 function _checkOrgExists(string memory _orgId) internal view 651 returns (bool){ 652 return orgManager.checkOrgExists(_orgId); 653 } 654 655 /** @notice checks if the passed org is in approved status 656 * @param _orgId org id 657 * @return true/false 658 */ 659 function checkOrgApproved(string memory _orgId) internal view 660 returns (bool){ 661 return orgManager.checkOrgStatus(_orgId, 2); 662 } 663 664 /** @notice checks if the passed org is in the status passed 665 * @param _orgId org id 666 * @param _status status to be checked for 667 * @return true/false 668 */ 669 function _checkOrgStatus(string memory _orgId, uint256 _status) internal view 670 returns (bool){ 671 return orgManager.checkOrgStatus(_orgId, _status); 672 } 673 674 /** @notice checks if org admin account exists for the passed org id 675 * @param _orgId org id 676 * @return true/false 677 */ 678 function _checkOrgAdminExists(string memory _orgId) internal view 679 returns (bool){ 680 return accountManager.orgAdminExists(_orgId); 681 } 682 683 /** @notice checks if role id exists for the passed org_id 684 * @param _roleId role id 685 * @param _orgId org id 686 * @return true/false 687 */ 688 function _roleExists(string memory _roleId, string memory _orgId) internal view 689 returns (bool){ 690 return roleManager.roleExists(_roleId, _orgId, _getUltimateParent(_orgId)); 691 } 692 693 /** @notice checks if the role id for the org is a voter role 694 * @param _roleId role id 695 * @param _orgId org id 696 * @return true/false 697 */ 698 function _isVoterRole(string memory _roleId, string memory _orgId) internal view 699 returns (bool){ 700 return roleManager.isVoterRole(_roleId, _orgId, _getUltimateParent(_orgId)); 701 } 702 703 /** @notice returns the ultimate parent for a given org id 704 * @param _orgId org id 705 * @return ultimate parent org id 706 */ 707 function _getUltimateParent(string memory _orgId) internal view 708 returns (string memory){ 709 return orgManager.getUltimateParent(_orgId); 710 } 711 712 /** @notice checks if the node is allowed to connect or not 713 * @param _enodeId enode id 714 * @param _ip IP of node 715 * @param _port tcp port of node 716 * @return bool indicating if the node is allowed to connect or not 717 */ 718 function connectionAllowed(string calldata _enodeId, string calldata _ip, uint16 _port) external view returns (bool) { 719 if (!networkBoot){ 720 return true; 721 } 722 return nodeManager.connectionAllowed(_enodeId, _ip, _port); 723 } 724 725 /** @notice checks if the account is allowed to transact or not 726 * @param _sender source account 727 * @param _target target account 728 * @param _value value being transferred 729 * @param _gasPrice gas price 730 * @param _gasLimit gas limit 731 * @param _payload payload for transactions on contracts 732 * @return bool indicating if the account is allowed to transact or not 733 */ 734 function transactionAllowed(address _sender, address _target, uint256 _value, uint256 _gasPrice, uint256 _gasLimit, bytes calldata _payload) 735 external view returns (bool) { 736 if (!networkBoot){ 737 return true; 738 } 739 740 if (accountManager.getAccountStatus(_sender) == 2) { 741 (string memory act_org, string memory act_role) = accountManager.getAccountOrgRole(_sender); 742 string memory act_uOrg = _getUltimateParent(act_org); 743 if (orgManager.checkOrgActive(act_org)) { 744 if (isNetworkAdmin(_sender) || isOrgAdmin(_sender, act_org)) { 745 return true; 746 } 747 748 uint256 typeOfxn = 1; 749 if (_target == address(0)) { 750 typeOfxn = 2; 751 } 752 else if (_payload.length > 0) { 753 typeOfxn = 3; 754 } 755 return roleManager.transactionAllowed(act_role, act_org, act_uOrg, typeOfxn); 756 } 757 } 758 return false; 759 } 760 }