-
Notifications
You must be signed in to change notification settings - Fork 0
/
accesscontrol.go
115 lines (91 loc) · 3.27 KB
/
accesscontrol.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
package openzeppelingo
import (
"errors"
"fmt"
"strings"
"github.com/11090815/openzeppelin-go/governance"
"github.com/hyperledger/fabric-contract-api-go/contractapi"
)
type AccessControl struct {
contractapi.Contract
store governance.UserStore
}
func (ac *AccessControl) InitLedger(ctx contractapi.TransactionContextInterface) error {
ac.store = governance.NewUserStore()
return nil
}
func (ac *AccessControl) RegisterUser(ctx contractapi.TransactionContextInterface, userID string) error {
if userID == "" {
return errors.New("failed registering new user, user id should not be empty")
}
user := governance.NewUser(userID)
if err := ac.store.StoreUser(ctx, user); err != nil {
return fmt.Errorf("failed registering new user [%s]: [%s]", userID, err.Error())
}
return nil
}
func (ac *AccessControl) DelegateUserAttributes(ctx contractapi.TransactionContextInterface, userID string, attrs string) error {
if userID == "" {
return errors.New("failed delegating attributes to user, user id should not be empty")
}
attrArr := make([]string, 0)
if strings.Contains(attrs, ";") {
attrArr = strings.Split(attrs, ";")
} else {
attrArr = append(attrArr, attrs)
}
user, err := ac.store.GetUser(ctx, userID)
if err != nil {
return fmt.Errorf("failed delegating attributes to user [%s]: [%s]", userID, err.Error())
}
for _, attr := range attrArr {
if err = user.DelegateAttributeAuthority(attr); err != nil {
return fmt.Errorf("failed delegating attribute [%s] to user [%s]: [%s]", attr, userID, err.Error())
}
}
if err = ac.store.UpdateUser(ctx, user); err != nil {
return fmt.Errorf("failed delegating attributes to user [%s]: [%s]", userID, err.Error())
}
return nil
}
func (ac *AccessControl) RevokeUserAttributes(ctx contractapi.TransactionContextInterface, userID string, attrs string) error {
if userID == "" {
return errors.New("failed revoking attributes from user, user id should not be empty")
}
attrArr := make([]string, 0)
if strings.Contains(attrs, ";") {
attrArr = strings.Split(attrs, ";")
} else {
attrArr = append(attrArr, attrs)
}
user, err := ac.store.GetUser(ctx, userID)
if err != nil {
return fmt.Errorf("failed revoking attributes from user [%s]: [%s]", userID, err.Error())
}
for _, attr := range attrArr {
if err = user.RevokeAttributeAuthority(attr); err != nil {
return fmt.Errorf("failed revoking attribute [%s] from user [%s]: [%s]", attr, userID, err.Error())
}
}
if err = ac.store.UpdateUser(ctx, user); err != nil {
return fmt.Errorf("failed delegating attributes to user [%s]: [%s]", userID, err.Error())
}
return nil
}
func (ac *AccessControl) Authentication(ctx contractapi.TransactionContextInterface, userID string, attr string) error {
if userID == "" {
return errors.New("failed verifying user access rights, user id should not be empty")
}
if attr == "" {
return errors.New("failed verifying user access rights, attribute should not be empty")
}
user, err := ac.store.GetUser(ctx, userID)
if err != nil {
return fmt.Errorf("failed verifying user [%s] access rights: [%s]", userID, err.Error())
}
if user.CheckAuthorisedAttribute(attr) {
return nil
} else {
return fmt.Errorf("the user [%s] has not been delegated the attribute [%s] and therefore access is denied to him", userID, attr)
}
}