def validate_role_task(header, confirm, txn_signer_rel_address, state):
proposal_address = addresser.make_proposal_address(
object_id=confirm.role_id, related_id=confirm.task_id
)
state_entries = state_accessor.get_state(
state, [txn_signer_rel_address, proposal_address]
)
if not proposal_validator.proposal_exists_and_open(
state_entries, proposal_address, confirm.proposal_id
):
raise InvalidTransaction(
"The proposal {} does not exist or "
"is not open".format(confirm.proposal_id)
)
try:
entry = state_accessor.get_state_entry(state_entries, txn_signer_rel_address)
task_owners_container = message_accessor.get_task_rel_container(entry)
except KeyError:
raise InvalidTransaction(
"Signer {} is not a task owner for task {}".format(
header.signer_public_key, confirm.task_id
)
)
if not message_accessor.is_in_task_rel_container(
task_owners_container, confirm.task_id, header.signer_public_key
):
raise InvalidTransaction(
"Signer {} is not a task owner for task {} no bytes in "
"state".format(header.signer_public_key, confirm.task_id)
)
return state_entries
def hierarchical_decide(header, confirm, state, txn_signer_rel_address,
isApproval):
proposal_address = addresser.make_proposal_address(
object_id=confirm.role_id, related_id=confirm.user_id)
state_entries = state_accessor.get_state(
state, [txn_signer_rel_address, proposal_address])
if not proposal_validator.proposal_exists_and_open(
state_entries, proposal_address, confirm.proposal_id):
raise InvalidTransaction("The proposal {} does not exist or "
"is not open".format(confirm.proposal_id))
# verify on_behalf user has the permission to perform the action
role_validator.verify_user_with_role_permission_on_proposal(
proposal_address,
confirm.on_behalf_id,
confirm.role_id,
txn_signer_rel_address,
state,
)
# verify current user is in the manager hierachy of on_behalf user
if not state_accessor.is_hierarchical_manager_of_user(
state, header, confirm.on_behalf_id):
raise InvalidTransaction(
"Signer {} is not a higher manager of {}. Signer cannot "
"make decision on behalf of {}".format(header.signer_public_key,
confirm.on_behalf_id,
confirm.on_behalf_id))
state_change.record_decision(state, header, confirm, isApproval)
def get_state_entries(header, confirm, txn_signer_rel_address, state):
"""Fetch a collection of state entries veri
Args:
header (TransactionHeader): The transaction header protobuf class.:
confirm: ConfirmAddRoleAdmin, RejectAddRoleAdmin, ...
txn_signer_rel_address: Transaction signer role relationship address
state (Context): The class responsible for gets and sets of state.
Returns:
(dict of addresses)
"""
proposal_address = addresser.proposal.address(object_id=confirm.role_id,
related_id=confirm.user_id)
state_entries = state_accessor.get_state(
state, [txn_signer_rel_address, proposal_address])
if not proposal_validator.proposal_exists_and_open(
state_entries, proposal_address, confirm.proposal_id):
raise InvalidTransaction("The proposal {} does not exist or "
"is not open".format(confirm.proposal_id))
verify_user_with_role_permission_on_proposal(
proposal_address,
header.signer_public_key,
confirm.role_id,
txn_signer_rel_address,
state,
)
return state_entries
def validate_task_admin_or_owner(
header, confirm, txn_signer_rel_address, task_rel_address, state, is_remove
):
"""Validate a [ Confirm | Reject }_____Task[ Admin | Owner } transaction.
Args:
header (TransactionHeader): The transaction header protobuf class.:
confirm: ConfirmAddTaskAdmin, RejectAddTaskAdmin, ...
txn_signer_rel_address (str): The transaction signer address.
task_rel_address (str): The task relationship address.
state (Context): The class responsible for gets and sets of state.
is_remove (boolean): Determines if task owner is being added or removed.
Returns:
(dict of addresses)
Raises:
InvalidTransaction
- The transaction is invalid.
"""
proposal_address = addresser.make_proposal_address(
object_id=confirm.task_id, related_id=confirm.user_id
)
if not is_remove:
state_entries = state_accessor.get_state(
state, [txn_signer_rel_address, proposal_address]
)
else:
state_entries = state_accessor.get_state(
state, [txn_signer_rel_address, task_rel_address, proposal_address]
)
if not proposal_validator.proposal_exists_and_open(
state_entries, proposal_address, confirm.proposal_id
):
raise InvalidTransaction(
"The proposal {} does not exist or "
"is not open".format(confirm.proposal_id)
)
try:
entry = state_accessor.get_state_entry(state_entries, txn_signer_rel_address)
task_rel_container = message_accessor.get_task_rel_container(entry)
except KeyError:
raise InvalidTransaction(
"Signer {} does not have the Task permissions "
"to close the proposal".format(header.signer_public_key)
)
if not message_accessor.is_in_task_rel_container(
task_rel_container, task_id=confirm.task_id, identifier=header.signer_public_key
):
raise InvalidTransaction(
"Signer {} does not have the Task "
"permissions to close the "
"proposal".format(header.signer_public_key)
)
return state_entries
def apply_user_confirm(header, payload, state):
confirm_payload = user_transaction_pb2.ConfirmUpdateUserManager()
confirm_payload.ParseFromString(payload.content)
proposal_address = addresser.proposal.address(
object_id=confirm_payload.user_id, target_id=confirm_payload.manager_id
)
proposal_entries = state_accessor.get_state(state, [proposal_address])
if not proposal_validator.proposal_exists_and_open(
state_entries=proposal_entries,
proposal_address=proposal_address,
proposal_id=confirm_payload.proposal_id,
):
raise InvalidTransaction(
"Proposal id {} for user {} to update manager to {} does not exist or is not open.".format(
confirm_payload.proposal_id,
confirm_payload.user_id,
confirm_payload.manager_id,
)
)
entry = state_accessor.get_state_entry(proposal_entries, proposal_address)
proposal_container = message_accessor.get_prop_container(entry)
proposal = message_accessor.get_prop_from_container(
container=proposal_container, proposal_id=confirm_payload.proposal_id
)
if not proposal.target_id == header.signer_public_key:
raise InvalidTransaction(
"Confirm update manager txn signed by {} while "
"proposal expecting {}".format(header.signer_public_key, proposal.target_id)
)
state_change.confirm_manager_change(
container=proposal_container,
proposal=proposal,
closer=header.signer_public_key,
reason=confirm_payload.reason,
address=proposal_address,
user_id=confirm_payload.user_id,
new_manager_id=confirm_payload.manager_id,
state=state,
)
def apply_user_reject(header, payload, state):
reject_payload = user_transaction_pb2.RejectUpdateUserManager()
reject_payload.ParseFromString(payload.content)
proposal_address = addresser.proposal.address(
object_id=reject_payload.user_id, target_id=reject_payload.manager_id
)
state_entries = state_accessor.get_state(state, [proposal_address])
if not proposal_validator.proposal_exists_and_open(
state_entries=state_entries,
proposal_address=proposal_address,
proposal_id=reject_payload.proposal_id,
):
raise InvalidTransaction(
"Proposal {} is not open or does not "
"exist".format(reject_payload.proposal_id)
)
entry = state_accessor.get_state_entry(state_entries, proposal_address)
proposal_container = message_accessor.get_prop_container(entry)
if not reject_payload.manager_id == header.signer_public_key:
raise InvalidTransaction(
"Proposal expected closer to be {} while txn "
"signer was {}".format(reject_payload.manager_id, header.signer_public_key)
)
proposal = message_accessor.get_prop_from_container(
proposal_container, reject_payload.proposal_id
)
state_change.reject_state_change(
container=proposal_container,
proposal=proposal,
closer=header.signer_public_key,
reason=reject_payload.reason,
address=proposal_address,
state=state,
)
def get_state_entries(header, confirm, txn_signer_rel_address, state):
"""Fetch a collection of state entries veri
Args:
header (TransactionHeader): The transaction header protobuf class.:
confirm: ConfirmAddRoleAdmin, RejectAddRoleAdmin, ...
txn_signer_rel_address: Transaction signer role relationship address
state (Context): The class responsible for gets and sets of state.
Returns:
(dict of addresses)
"""
proposal_address = addresser.make_proposal_address(
object_id=confirm.role_id, related_id=confirm.user_id)
state_entries = get_state(state,
[txn_signer_rel_address, proposal_address])
if not proposal_validator.proposal_exists_and_open(
state_entries, proposal_address, confirm.proposal_id):
raise InvalidTransaction("The proposal {} does not exist or "
"is not open".format(confirm.proposal_id))
try:
entry = get_state_entry(state_entries, txn_signer_rel_address)
role_rel_container = message_accessor.get_role_rel_container(entry)
except KeyError:
raise InvalidTransaction(
"Signer {} does not have the Role permissions "
"to close the proposal".format(header.signer_public_key))
if not message_accessor.is_in_role_rel_container(
role_rel_container,
role_id=confirm.role_id,
identifier=header.signer_public_key):
raise InvalidTransaction("Signer {} does not have the Role "
"permissions to close the "
"proposal".format(header.signer_public_key))
return state_entries