Skip to content
This repository has been archived by the owner on Apr 17, 2019. It is now read-only.

Feature/permissions are checked in sql executors #1605

Merged
merged 17 commits into from
Aug 14, 2018
Merged

Feature/permissions are checked in sql executors #1605

merged 17 commits into from
Aug 14, 2018

Conversation

vdrobnyi
Copy link
Contributor

@vdrobnyi vdrobnyi commented Jul 26, 2018
edited
Loading

Description of the Change

Validation and permissions checks are done in sql executors

Benefits

Less db communication, better performance

nickaleks
nickaleks suggested changes Jul 30, 2018
View reviewed changes
irohad/ametsuchi/impl/postgres_block_query.hpp Outdated
@@ -82,6 +82,7 @@ namespace iroha {
std::function<void(std::vector<std::string> &result)> callback(
const rxcpp::subscriber<wTransaction> &s, uint64_t block_id);

std::unique_ptr<soci::session> sql_ptr_;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is this needed?

irohad/ametsuchi/impl/postgres_command_executor.cpp Outdated

std::vector<std::function<std::string()>> message_gen = {
[&] {
return std::string(
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

do we need std::string constructor here?

irohad/ametsuchi/impl/postgres_wsv_query.hpp Outdated
@@ -87,6 +87,7 @@ namespace iroha {
shared_model::interface::permissions::Grantable permission) override;

private:
std::unique_ptr<soci::session> sql_ptr_;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this needed?

@vdrobnyi
fix pr issues
f05788a 
Signed-off-by: Victor Drobny <vdrobny@yandex.ru>
@vdrobnyi
wip
fc7b5ba 
Signed-off-by: Victor Drobny <vdrobny@yandex.ru>
@vdrobnyi
fix tests
373ad4b 
Signed-off-by: Victor Drobny <vdrobny@yandex.ru>
@vdrobnyi
remove isValid from command executor
31d9025 
Signed-off-by: Victor Drobny <vdrobny@yandex.ru>
@vdrobnyi
remove useless method
f0d1f53 
Signed-off-by: Victor Drobny <vdrobny@yandex.ru>
@vdrobnyi
checks perms in sql executors
d629844 
Signed-off-by: Victor Drobny <vdrobny@yandex.ru>
@vdrobnyi
fix pr issues
9e79dea 
Signed-off-by: Victor Drobny <vdrobny@yandex.ru>
@vdrobnyi
fix issues
69f924f 
Signed-off-by: Victor Drobny <vdrobny@yandex.ru>
@vdrobnyi
remove command executor from irohad/execution
25780ce 
Signed-off-by: Victor Drobny <vdrobny@yandex.ru>
@vdrobnyi
fix pr issues
5339bf0 
Signed-off-by: Victor Drobny <vdrobny@yandex.ru>
@vdrobnyi
refactor has_permission with role and grantable
d3a5504 
Signed-off-by: Victor Drobny <vdrobny@yandex.ru>
@vdrobnyi
merge develop
29d99d1 
Signed-off-by: Victor Drobny <vdrobny@yandex.ru>
nickaleks
nickaleks suggested changes Aug 1, 2018
View reviewed changes
irohad/ametsuchi/impl/postgres_command_executor.cpp Outdated
const auto bits = shared_model::interface::GrantablePermissionSet::size();
std::string query = R"(
SELECT COALESCE(bit_or(permission), '0'::bit()"
+ std::to_string(bits) + R"()) & ')" + std::string(perm_str)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we use boost::format here?

irohad/ametsuchi/impl/temporary_wsv_impl.cpp Outdated
@@ -18,7 +18,6 @@ namespace iroha {
wsv_(std::make_shared<PostgresWsvQuery>(*sql_, factory)),
executor_(std::make_shared<PostgresWsvCommand>(*sql_)),
command_executor_(std::make_shared<PostgresCommandExecutor>(*sql_)),
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe make unique?

test/module/irohad/ametsuchi/postgres_executor_test.cpp Outdated
}

/**
* @given command ]
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

command ]?

test/module/irohad/ametsuchi/postgres_executor_test.cpp Outdated
ASSERT_TRUE(val(execute(buildCommand(TestTransactionBuilder().createAsset(
"coin", domain->domainId(), 1)))));
auto ass = query->getAsset(asset->assetId());
ASSERT_TRUE(ass);
ASSERT_EQ(*asset.get(), *ass.get());
}

/**
* @given command ]
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

sab

@vdrobnyi vdrobnyi requested a review from lebdron August 1, 2018 10:22
@vdrobnyi
fix pr issues
0793884 
Signed-off-by: Victor Drobny <vdrobny@yandex.ru>
lebdron
lebdron suggested changes Aug 7, 2018
View reviewed changes
irohad/ametsuchi/impl/postgres_command_executor.cpp Outdated
& '%s' = '%s' FROM role_has_permissions AS rp
JOIN account_has_roles AS ar on ar.role_id = rp.role_id
WHERE ar.account_id = :%s)")
% bits % perm_str % perm_str % account_alias)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

%1%, %2% can be used for positional arguments, so that there is no need to write perm_str twice.

irohad/ametsuchi/impl/postgres_command_executor.cpp Outdated
std::string checkAccountHasRoleOrGrantablePerm(
shared_model::interface::permissions::Role role,
shared_model::interface::permissions::Grantable grantable) {
return R"(WITH
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This also looks like a candidate for boost::format, to reduce the number of raw strings.

irohad/ametsuchi/impl/postgres_command_executor.cpp Outdated
@@ -122,7 +151,12 @@ namespace iroha {
WHERE account_id = :account_id LIMIT 1),
has_asset AS (SELECT asset_id FROM asset
WHERE asset_id = :asset_id AND
precision >= :precision LIMIT 1),
precision >= :precision LIMIT 1),)" +
(do_validation_ ? R"(has_perm AS ()"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How about introducing boost::format to all commands, and doing something like:

boost::format cmd("...");
if (do_validation_)
    cmd % "has_perm_...";
else 
    cmd % "";

It might be easier to read without ternary operators.

irohad/ametsuchi/impl/postgres_wsv_query.cpp Outdated
@@ -124,6 +124,9 @@ namespace iroha {
processSoci(st, ind, row, [&set](std::string &row) {
set = shared_model::interface::RolePermissionSet(row);
});
if (set.none()) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This does not look valid, because empty roles are allowed, and boost::none means db error here. Consider refactoring.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Isn't it IR-1480?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It looks like the task is outdated 😔 Since roles with no permissions are allowed at the moment, boost::none can be returned only as a result of database error.

test/module/irohad/ametsuchi/postgres_executor_test.cpp Outdated
@@ -53,8 +53,10 @@ namespace iroha {

CommandResult execute(
const std::unique_ptr<shared_model::interface::Command> &command,
bool is_genesis = false,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure if genesis block should be mentioned here. Maybe use do_validation?

nickaleks
nickaleks suggested changes Aug 7, 2018
View reviewed changes
irohad/ametsuchi/impl/postgres_command_executor.cpp Outdated
% peer.pubkey().hex() % peer.address())
.str();
soci::statement st = sql_.prepare << R"(
WITH
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please use boost::format

@vdrobnyi
fix pr issues
4dc9e63 
Signed-off-by: Victor Drobny <vdrobny@yandex.ru>
@vdrobnyi
fix getRolePermissions
5f7b920 
Signed-off-by: Victor Drobny <vdrobny@yandex.ru>
@sorabot
Copy link

sorabot commented Aug 14, 2018

SonarQube analysis reported 2 issues

  1. MINOR postgres_executor_test.cpp#L98: The class 'RemoveSignatory' defines member variable with name 'pubkey' also defined in its parent class 'CommandExecutorTest'. rule
  2. MINOR postgres_executor_test.cpp#L1408: The function 'checkTransfer' is never used. rule

@vdrobnyi vdrobnyi merged commit 1fc88bf into develop Aug 14, 2018
@vdrobnyi vdrobnyi deleted the feature/sql-permissions branch August 14, 2018 13:41
@kamilsa kamilsa mentioned this pull request Nov 1, 2018
Closed
bakhtin pushed a commit that referenced this pull request Nov 2, 2018
@vdrobnyi @bakhtin
Feature/permissions are checked in sql executors (#1605)
509067a 
Validation and permissions checks are done in sql executors

Signed-off-by: Victor Drobny <vdrobny@yandex.ru>
@neewy neewy mentioned this pull request Nov 2, 2018
Closed
@kamilsa kamilsa mentioned this pull request Dec 12, 2018
Merged
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@nickaleks nickaleks nickaleks approved these changes

@lebdron lebdron lebdron approved these changes

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@vdrobnyi @sorabot @nickaleks @lebdron