def authorize(self,
request: Request,
auth_constraint: AuthConstraint,
auth_action: AbstractAuthAction = None):
# 1. Check that the Author is the owner
# do first since it doesn't require going to state
if not self.is_owner_accepted(auth_constraint, auth_action):
if auth_action.field != '*':
return False, "{} can not touch {} field since only the owner can modify it". \
format(self.get_named_role_from_req(request),
auth_action.field)
else:
return False, "{} can not edit {} txn since only owner can modify it". \
format(self.get_named_role_from_req(request),
IndyTransactions.get_name_from_code(auth_action.txn_type))
author_role = self.get_role(request)
# 2. Check that the Author is present on the ledger
if auth_constraint.sig_count > 0 and not auth_constraint.off_ledger_signature and author_role is None:
return False, "sender's DID {} is not found in the Ledger".format(
request.identifier)
# 3. Check that the Author signed the transaction in case of multi-sig
if auth_constraint.sig_count > 0 and request.signatures and request.identifier not in request.signatures:
return False, "Author must sign the transaction"
# 4. Check that there are enough signatures of the needed role
if not self.is_sig_count_accepted(request, auth_constraint):
role = Roles(auth_constraint.role
).name if auth_constraint.role != '*' else '*'
return False, "Not enough {} signatures".format(role)
return True, ""
def authorize(self,
request: Request,
auth_constraint: AuthConstraint,
auth_action: AbstractAuthAction = None):
if self.get_role(request) is None:
return False, "sender's DID {} is not found in the Ledger".format(
request.identifier)
if not self.is_sig_count_accepted(request, auth_constraint):
return False, "Not enough {} signatures".format(
Roles(auth_constraint.role).name)
if not self.is_owner_accepted(auth_constraint, auth_action):
if auth_action.field != '*':
return False, "{} can not touch {} field since only the owner can modify it".\
format(self.get_named_role_from_req(request),
auth_action.field)
else:
return False, "{} can not edit {} txn since only owner can modify it".\
format(self.get_named_role_from_req(request),
IndyTransactions.get_name_from_code(auth_action.txn_type))
return True, ""
def test_get_name_from_code():
assert IndyTransactions.get_name_from_code(IndyTransactions.NODE.value) == "NODE"
assert IndyTransactions.get_name_from_code(IndyTransactions.NYM.value) == "NYM"
assert IndyTransactions.get_name_from_code(IndyTransactions.ATTRIB.value) == "ATTRIB"
assert IndyTransactions.get_name_from_code(IndyTransactions.SCHEMA.value) == "SCHEMA"
assert IndyTransactions.get_name_from_code(IndyTransactions.CLAIM_DEF.value) == "CLAIM_DEF"
assert IndyTransactions.get_name_from_code(IndyTransactions.DISCLO.value) == "DISCLO"
assert IndyTransactions.get_name_from_code(IndyTransactions.GET_ATTR.value) == "GET_ATTR"
assert IndyTransactions.get_name_from_code(IndyTransactions.GET_NYM.value) == "GET_NYM"
assert IndyTransactions.get_name_from_code(IndyTransactions.GET_TXNS.value) == "GET_TXNS"
assert IndyTransactions.get_name_from_code(IndyTransactions.GET_SCHEMA.value) == "GET_SCHEMA"
assert IndyTransactions.get_name_from_code(IndyTransactions.GET_CLAIM_DEF.value) == "GET_CLAIM_DEF"
assert IndyTransactions.get_name_from_code(IndyTransactions.POOL_UPGRADE.value) == "POOL_UPGRADE"
assert IndyTransactions.get_name_from_code(IndyTransactions.NODE_UPGRADE.value) == "NODE_UPGRADE"
assert IndyTransactions.get_name_from_code(IndyTransactions.POOL_CONFIG.value) == "POOL_CONFIG"
assert IndyTransactions.get_name_from_code(IndyTransactions.POOL_RESTART.value) == "POOL_RESTART"
assert IndyTransactions.get_name_from_code(IndyTransactions.CHANGE_KEY.value) == "CHANGE_KEY"
assert IndyTransactions.get_name_from_code(IndyTransactions.REVOC_REG_DEF.value) == "REVOC_REG_DEF"
assert IndyTransactions.get_name_from_code(IndyTransactions.REVOC_REG_ENTRY.value) == "REVOC_REG_ENTRY"
assert IndyTransactions.get_name_from_code(IndyTransactions.GET_REVOC_REG_DEF.value) == "GET_REVOC_REG_DEF"
assert IndyTransactions.get_name_from_code(IndyTransactions.GET_REVOC_REG.value) == "GET_REVOC_REG"
assert IndyTransactions.get_name_from_code(IndyTransactions.GET_REVOC_REG_DELTA.value) == "GET_REVOC_REG_DELTA"
assert IndyTransactions.get_name_from_code(IndyTransactions.VALIDATOR_INFO.value) == "VALIDATOR_INFO"
assert IndyTransactions.get_name_from_code(IndyTransactions.SET_CONTEXT.value) == "SET_CONTEXT"
assert IndyTransactions.get_name_from_code(IndyTransactions.GET_CONTEXT.value) == "GET_CONTEXT"
assert IndyTransactions.get_name_from_code(IndyTransactions.SET_RS_SCHEMA.value) == "SET_RS_SCHEMA"
assert IndyTransactions.get_name_from_code(IndyTransactions.GET_RS_SCHEMA.value) == "GET_RS_SCHEMA"
assert IndyTransactions.get_name_from_code("some_unexpected_code") == "Unknown_transaction_type"
def test_get_name_from_code():
assert IndyTransactions.get_name_from_code(
IndyTransactions.NODE.value) == "NODE"
assert IndyTransactions.get_name_from_code(
IndyTransactions.NYM.value) == "NYM"
assert IndyTransactions.get_name_from_code(
IndyTransactions.ATTRIB.value) == "ATTRIB"
assert IndyTransactions.get_name_from_code(
IndyTransactions.SCHEMA.value) == "SCHEMA"
assert IndyTransactions.get_name_from_code(
IndyTransactions.CLAIM_DEF.value) == "CLAIM_DEF"
assert IndyTransactions.get_name_from_code(
IndyTransactions.DISCLO.value) == "DISCLO"
assert IndyTransactions.get_name_from_code(
IndyTransactions.GET_ATTR.value) == "GET_ATTR"
assert IndyTransactions.get_name_from_code(
IndyTransactions.GET_NYM.value) == "GET_NYM"
assert IndyTransactions.get_name_from_code(
IndyTransactions.GET_TXNS.value) == "GET_TXNS"
assert IndyTransactions.get_name_from_code(
IndyTransactions.GET_SCHEMA.value) == "GET_SCHEMA"
assert IndyTransactions.get_name_from_code(
IndyTransactions.GET_CLAIM_DEF.value) == "GET_CLAIM_DEF"
assert IndyTransactions.get_name_from_code(
IndyTransactions.POOL_UPGRADE.value) == "POOL_UPGRADE"
assert IndyTransactions.get_name_from_code(
IndyTransactions.NODE_UPGRADE.value) == "NODE_UPGRADE"
assert IndyTransactions.get_name_from_code(
IndyTransactions.POOL_CONFIG.value) == "POOL_CONFIG"
assert IndyTransactions.get_name_from_code(
IndyTransactions.POOL_RESTART.value) == "POOL_RESTART"
assert IndyTransactions.get_name_from_code(
IndyTransactions.CHANGE_KEY.value) == "CHANGE_KEY"
assert IndyTransactions.get_name_from_code(
IndyTransactions.REVOC_REG_DEF.value) == "REVOC_REG_DEF"
assert IndyTransactions.get_name_from_code(
IndyTransactions.REVOC_REG_ENTRY.value) == "REVOC_REG_ENTRY"
assert IndyTransactions.get_name_from_code(
IndyTransactions.GET_REVOC_REG_DEF.value) == "GET_REVOC_REG_DEF"
assert IndyTransactions.get_name_from_code(
IndyTransactions.GET_REVOC_REG.value) == "GET_REVOC_REG"
assert IndyTransactions.get_name_from_code(
IndyTransactions.GET_REVOC_REG_DELTA.value) == "GET_REVOC_REG_DELTA"
assert IndyTransactions.get_name_from_code(
IndyTransactions.VALIDATOR_INFO.value) == "VALIDATOR_INFO"
assert IndyTransactions.get_name_from_code(
IndyTransactions.JSON_LD_CONTEXT.value) == "JSON_LD_CONTEXT"
assert IndyTransactions.get_name_from_code(
IndyTransactions.RICH_SCHEMA.value) == "RICH_SCHEMA"
assert IndyTransactions.get_name_from_code(
IndyTransactions.RICH_SCHEMA_ENCODING.value) == "RICH_SCHEMA_ENCODING"
assert IndyTransactions.get_name_from_code(
IndyTransactions.RICH_SCHEMA_MAPPING.value) == "RICH_SCHEMA_MAPPING"
assert IndyTransactions.get_name_from_code(
IndyTransactions.RICH_SCHEMA_CRED_DEF.value) == "RICH_SCHEMA_CRED_DEF"
assert IndyTransactions.get_name_from_code(
IndyTransactions.RICH_SCHEMA_PRES_DEF.value) == "RICH_SCHEMA_PRES_DEF"
assert IndyTransactions.get_name_from_code(
IndyTransactions.GET_RICH_SCHEMA_OBJECT_BY_ID.value
) == "GET_RICH_SCHEMA_OBJECT_BY_ID"
assert IndyTransactions.get_name_from_code(
IndyTransactions.GET_RICH_SCHEMA_OBJECT_BY_METADATA.value
) == "GET_RICH_SCHEMA_OBJECT_BY_METADATA"
assert IndyTransactions.get_name_from_code(
"some_unexpected_code") == "Unknown_transaction_type"