Skip to content
This repository has been archived by the owner on May 5, 2023. It is now read-only.

Commit

Permalink
export ROLES and ROLEGROUPS, add role assignment UI to admin UI
Browse files Browse the repository at this point in the history
  • Loading branch information
@hiddentao
hiddentao committed Feb 18, 2020
1 parent caa3b2a commit d2da154
Show file tree
Hide file tree
Showing 9 changed files with 239 additions and 77 deletions.
2 changes: 2 additions & 0 deletions README.md
View file
Expand Up @@ -70,6 +70,8 @@ The package exposes the following properties:
* `addresses` - on-chain addresses of contracts in `contracts`
* `events` - ABIs for events to listen for
* `extractEventsFromAbis()` - given an array of contract ABIs, this will extract the event ABIs within.
* `ROLES` - role constants
* `ROLEGROUPS` - rolegroup constants

The key contracts are:

Expand Down
166 changes: 166 additions & 0 deletions contracts/admin.json
View file
Expand Up @@ -270,6 +270,172 @@
}
]
},
{
"id": "assignRole",
"title": "ACL: Assign role",
"description": "You must be an admin or an assigner for the role to do this",
"inputs": [
{
"name": "contractAddress",
"title": "ACL contract address",
"type": "address",
"initialValue": "@constant[aclAddress]",
"validation": [
{
"type": "allowedTypes",
"contract": true
}
]
},
{
"name": "context",
"title": "Context",
"type": "string",
"validation": [
{
"type": "length",
"min": "0"
}
]
},
{
"name": "address",
"title": "Address",
"type": "address"
},
{
"name": "role",
"title": "Role",
"type": "bytes32"
}
],
"execs": [
{
"type": "send",
"contract": "ACL",
"method": "assignRole",
"address": "@input[contractAddress]",
"args": {
"_context": "@input[context]",
"_addr": "@input[address]",
"_role": "@input[role]"
}
}
]
},
{
"id": "unassignRole",
"title": "ACL: Un-assign role",
"description": "You must be an admin or an assigner for the role to do this",
"inputs": [
{
"name": "contractAddress",
"title": "ACL contract address",
"type": "address",
"initialValue": "@constant[aclAddress]",
"validation": [
{
"type": "allowedTypes",
"contract": true
}
]
},
{
"name": "context",
"title": "Context",
"type": "string",
"validation": [
{
"type": "length",
"min": "0"
}
]
},
{
"name": "address",
"title": "Address",
"type": "address"
},
{
"name": "role",
"title": "Role",
"type": "bytes32"
}
],
"execs": [
{
"type": "send",
"contract": "ACL",
"method": "unassignRole",
"address": "@input[contractAddress]",
"args": {
"_context": "@input[context]",
"_addr": "@input[address]",
"_role": "@input[role]"
}
}
]
},
{
"id": "hasRole",
"title": "ACL: Does user have role?",
"inputs": [
{
"name": "contractAddress",
"title": "ACL contract address",
"type": "address",
"initialValue": "@constant[aclAddress]",
"validation": [
{
"type": "allowedTypes",
"contract": true
}
]
},
{
"name": "context",
"title": "Context",
"type": "string",
"validation": [
{
"type": "length",
"min": "0"
}
]
},
{
"name": "address",
"title": "Address",
"type": "address"
},
{
"name": "role",
"title": "Role",
"type": "bytes32"
}
],
"execs": [
{
"type": "call",
"contract": "ACL",
"method": "hasRole",
"address": "@input[contractAddress]",
"args": {
"_context": "@input[context]",
"_addr": "@input[address]",
"_role": "@input[role]"
},
"saveResultAsInput": "has"
}
],
"outputs": [
{
"title": "Has role",
"type": "bool",
"value": "@input[has]"
}
]
},
{
"id": "deployEntity",
"title": "EntityDeployer: Deploy entity",
Expand Down
4 changes: 4 additions & 0 deletions index.js
View file
Expand Up @@ -5,6 +5,8 @@ try {

const rawContracts = require('./contracts.generated.js')

const { ROLES, ROLEGROUPS } = require('./migrations/utils/constants')

const coreContracts = [
{ name: 'Settings', actual: 'ISettingsImpl' },
{ name: 'ACL', actual: 'IACL' },
Expand Down Expand Up @@ -36,4 +38,6 @@ module.exports = {
rawContracts,
events: extractEventsFromAbis(Object.values(coreContracts)),
extractEventsFromAbis,
ROLES,
ROLEGROUPS,
}
24 changes: 8 additions & 16 deletions migrations/utils/acl.js
View file
@@ -1,15 +1,7 @@
const { sha3, deploy } = require('./functions')
const { createLog } = require('./log')

export const ROLE_ENTITY_ADMIN = sha3('roleEntityAdmin')
export const ROLE_ENTITY_MANAGER = sha3('roleEntityManager')
export const ROLE_ENTITY_REPRESENTATIVE = sha3('roleEntityRepresentative')
export const ROLE_ASSET_MANAGER = sha3('roleAssetManager')
export const ROLE_CLIENT_MANAGER = sha3('roleClientManager')

export const ROLEGROUP_MANAGE_ENTITY = sha3('rolegroupManageEntity')
export const ROLEGROUP_MANAGE_POLICY = sha3('rolegroupManagePolicy')
export const ROLEGROUP_APPROVE_POLICY = sha3('rolegroupApprovePolicy')
const { ROLES, ROLEGROUPS } = require('./constants')

export const ensureAclIsDeployed = async ({ deployer, artifacts, logger }) => {
const log = createLog(logger)
Expand All @@ -22,15 +14,15 @@ export const ensureAclIsDeployed = async ({ deployer, artifacts, logger }) => {
log('Ensure ACL role groups and roles are setup ...')

// setup role groups
await acl.setRoleGroup(ROLEGROUP_MANAGE_ENTITY, [ ROLE_ENTITY_ADMIN, ROLE_ENTITY_MANAGER ])
await acl.setRoleGroup(ROLEGROUP_MANAGE_POLICY, [ ROLE_ENTITY_MANAGER, ROLE_ENTITY_REPRESENTATIVE ])
await acl.setRoleGroup(ROLEGROUP_APPROVE_POLICY, [ ROLE_ASSET_MANAGER, ROLE_CLIENT_MANAGER ])
await acl.setRoleGroup(ROLEGROUPS.MANAGE_ENTITY, [ ROLES.ENTITY_ADMIN, ROLES.ENTITY_MANAGER ])
await acl.setRoleGroup(ROLEGROUPS.MANAGE_POLICY, [ ROLES.ENTITY_MANAGER, ROLES.ENTITY_REPRESENTATIVE ])
await acl.setRoleGroup(ROLEGROUPS.APPROVE_POLICY, [ ROLES.ASSET_MANAGER, ROLES.CLIENT_MANAGER ])

// setup assigners
await acl.addAssigner(ROLE_ENTITY_MANAGER, ROLE_ENTITY_ADMIN)
await acl.addAssigner(ROLE_ENTITY_REPRESENTATIVE, ROLE_ENTITY_MANAGER)
await acl.addAssigner(ROLE_ASSET_MANAGER, ROLE_ENTITY_REPRESENTATIVE)
await acl.addAssigner(ROLE_CLIENT_MANAGER, ROLE_ENTITY_REPRESENTATIVE)
await acl.addAssigner(ROLES.ENTITY_MANAGER, ROLES.ENTITY_ADMIN)
await acl.addAssigner(ROLES.ENTITY_REPRESENTATIVE, ROLES.ENTITY_MANAGER)
await acl.addAssigner(ROLES.ASSET_MANAGER, ROLES.ENTITY_REPRESENTATIVE)
await acl.addAssigner(ROLES.CLIENT_MANAGER, ROLES.ENTITY_REPRESENTATIVE)

log('... role groups and roles have been setup.')

Expand Down
16 changes: 16 additions & 0 deletions migrations/utils/constants.js
View file
@@ -0,0 +1,16 @@
const { sha3 } = require('./functions')

exports.ROLES = {
ENTITY_ADMIN: sha3('roleEntityAdmin'),
ENTITY_MANAGER: sha3('roleEntityManager'),
ENTITY_REPRESENTATIVE: sha3('roleEntityRepresentative'),
ASSET_MANAGER: sha3('roleAssetManager'),
CLIENT_MANAGER: sha3('roleClientManager'),
}


exports.ROLEGROUPS = {
MANAGE_ENTITY: sha3('rolegroupManageEntity'),
MANAGE_POLICY: sha3('rolegroupManagePolicy'),
APPROVE_POLICY: sha3('rolegroupApprovePolicy'),
}
45 changes: 18 additions & 27 deletions test/acl.js
View file
@@ -1,17 +1,8 @@
import { extractEventArgs } from './utils'
import { events } from '../'
import { sha3 } from './utils/web3'
import {
ensureAclIsDeployed,
ROLE_ENTITY_ADMIN,
ROLE_ENTITY_MANAGER,
ROLE_ENTITY_REPRESENTATIVE,
ROLE_ASSET_MANAGER,
ROLE_CLIENT_MANAGER,
ROLEGROUP_MANAGE_ENTITY,
ROLEGROUP_MANAGE_POLICY,
ROLEGROUP_APPROVE_POLICY,
} from '../migrations/utils/acl'
import { ensureAclIsDeployed } from '../migrations/utils/acl'
import { ROLES, ROLEGROUPS } from '../migrations/utils/constants'

contract('ACL', accounts => {
const role1 = sha3('testrole1')
Expand All @@ -33,34 +24,34 @@ contract('ACL', accounts => {

describe('default roles and role groups', async () => {
it('entity admins', async () => {
await acl.assignRole("test", accounts[1], ROLE_ENTITY_ADMIN)
await acl.hasRoleInGroup("test", accounts[1], ROLEGROUP_MANAGE_ENTITY).should.eventually.eq(true)
await acl.assignRole("test", accounts[1], ROLES.ENTITY_ADMIN)
await acl.hasRoleInGroup("test", accounts[1], ROLEGROUPS.MANAGE_ENTITY).should.eventually.eq(true)
})

it('entity managers', async () => {
await acl.assignRole("test", accounts[1], ROLE_ENTITY_MANAGER)
await acl.hasRoleInGroup("test", accounts[1], ROLEGROUP_MANAGE_ENTITY).should.eventually.eq(true)
await acl.getAssigners(ROLE_ENTITY_MANAGER).should.eventually.eq([ROLE_ENTITY_ADMIN])
await acl.assignRole("test", accounts[1], ROLES.ENTITY_MANAGER)
await acl.hasRoleInGroup("test", accounts[1], ROLEGROUPS.MANAGE_ENTITY).should.eventually.eq(true)
await acl.getAssigners(ROLES.ENTITY_MANAGER).should.eventually.eq([ROLES.ENTITY_ADMIN])
})

it('entity reps', async () => {
await acl.assignRole("test", accounts[1], ROLE_ENTITY_REPRESENTATIVE)
await acl.hasRoleInGroup("test", accounts[1], ROLEGROUP_MANAGE_POLICY).should.eventually.eq(true)
await acl.getAssigners(ROLE_ENTITY_REPRESENTATIVE).should.eventually.eq([ROLE_ENTITY_MANAGER])
await acl.assignRole("test", accounts[1], ROLES.ENTITY_REPRESENTATIVE)
await acl.hasRoleInGroup("test", accounts[1], ROLEGROUPS.MANAGE_POLICY).should.eventually.eq(true)
await acl.getAssigners(ROLES.ENTITY_REPRESENTATIVE).should.eventually.eq([ROLES.ENTITY_MANAGER])
})

it('assset managers', async () => {
await acl.assignRole("test", accounts[1], ROLE_ASSET_MANAGER)
await acl.hasRoleInGroup("test", accounts[1], ROLEGROUP_MANAGE_POLICY).should.eventually.eq(false)
await acl.hasRoleInGroup("test", accounts[1], ROLEGROUP_APPROVE_POLICY).should.eventually.eq(true)
await acl.getAssigners(ROLE_ASSET_MANAGER).should.eventually.eq([ROLE_ENTITY_REPRESENTATIVE])
await acl.assignRole("test", accounts[1], ROLES.ASSET_MANAGER)
await acl.hasRoleInGroup("test", accounts[1], ROLEGROUPS.MANAGE_POLICY).should.eventually.eq(false)
await acl.hasRoleInGroup("test", accounts[1], ROLEGROUPS.APPROVE_POLICY).should.eventually.eq(true)
await acl.getAssigners(ROLES.ASSET_MANAGER).should.eventually.eq([ROLES.ENTITY_REPRESENTATIVE])
})

it('client managers', async () => {
await acl.assignRole("test", accounts[1], ROLE_CLIENT_MANAGER)
await acl.hasRoleInGroup("test", accounts[1], ROLEGROUP_MANAGE_POLICY).should.eventually.eq(false)
await acl.hasRoleInGroup("test", accounts[1], ROLEGROUP_APPROVE_POLICY).should.eventually.eq(true)
await acl.getAssigners(ROLE_CLIENT_MANAGER).should.eventually.eq([ROLE_ENTITY_REPRESENTATIVE])
await acl.assignRole("test", accounts[1], ROLES.CLIENT_MANAGER)
await acl.hasRoleInGroup("test", accounts[1], ROLEGROUPS.MANAGE_POLICY).should.eventually.eq(false)
await acl.hasRoleInGroup("test", accounts[1], ROLEGROUPS.APPROVE_POLICY).should.eventually.eq(true)
await acl.getAssigners(ROLES.CLIENT_MANAGER).should.eventually.eq([ROLES.ENTITY_REPRESENTATIVE])
})
})

Expand Down
21 changes: 9 additions & 12 deletions test/entity.js
View file
Expand Up @@ -9,12 +9,9 @@ import {

import { events } from '../'

import {
ensureAclIsDeployed,
ROLE_ENTITY_ADMIN,
ROLE_ENTITY_MANAGER,
ROLE_ENTITY_REPRESENTATIVE,
} from '../migrations/utils/acl'
import { ROLES, ROLEGROUPS } from '../migrations/utils/constants'

import { ensureAclIsDeployed } from '../migrations/utils/acl'

import {
ensureSettingsIsDeployed,
Expand Down Expand Up @@ -78,13 +75,13 @@ contract('Entity', accounts => {
// generate upgrade approval signatures
const implVersion = await entityImpl2.getImplementationVersion()

await acl.assignRole(entityContext, accounts[1], ROLE_ENTITY_ADMIN)
await acl.assignRole(entityContext, accounts[1], ROLES.ENTITY_ADMIN)
entityAdminSig = hdWallet.sign({ address: accounts[1], data: sha3(implVersion) })

await acl.assignRole(entityContext, accounts[2], ROLE_ENTITY_MANAGER)
await acl.assignRole(entityContext, accounts[2], ROLES.ENTITY_MANAGER)
entityManagerSig = hdWallet.sign({ address: accounts[2], data: sha3(implVersion) })

await acl.assignRole(entityContext, accounts[3], ROLE_ENTITY_REPRESENTATIVE)
await acl.assignRole(entityContext, accounts[3], ROLES.ENTITY_REPRESENTATIVE)
entityRepresentativeSig = hdWallet.sign({ address: accounts[3], data: sha3(implVersion) })
})

Expand Down Expand Up @@ -126,9 +123,9 @@ contract('Entity', accounts => {
beforeEach(async () => {
policyImpl = await PolicyImpl.new(acl.address, settings.address)

await acl.assignRole(entityContext, accounts[1], ROLE_ENTITY_ADMIN)
await acl.assignRole(entityContext, accounts[2], ROLE_ENTITY_MANAGER)
await acl.assignRole(entityContext, accounts[3], ROLE_ENTITY_REPRESENTATIVE)
await acl.assignRole(entityContext, accounts[1], ROLES.ENTITY_ADMIN)
await acl.assignRole(entityContext, accounts[2], ROLES.ENTITY_MANAGER)
await acl.assignRole(entityContext, accounts[3], ROLES.ENTITY_REPRESENTATIVE)
})

it('but not by entity admins', async () => {
Expand Down

0 comments on commit d2da154

Please sign in to comment.