CORDA-4110 startFlowDynamicWithClientId permissions (#6857)

2025-01-31 00:24:59 +00:00 · 2021-02-05 16:05:55 +00:00 · 2021-02-05 16:05:55 +00:00 · 4e437ace2a
commit 4e437ace2a
parent b421f0daa0
2 changed files with 43 additions and 0 deletions
--- a/node/src/integration-test/kotlin/net/corda/node/flows/FlowWithClientIdTest.kt
+++ b/node/src/integration-test/kotlin/net/corda/node/flows/FlowWithClientIdTest.kt
@ -61,6 +61,38 @@ class FlowWithClientIdTest {
        }
    }

+    @Test(timeout = 300_000)
+    fun `start flow with client id permissions`() {
+        val user = User("TonyStark", "I AM IRONMAN", setOf("StartFlow.net.corda.node.flows.FlowWithClientIdTest\$ResultFlow"))
+        driver(DriverParameters(startNodesInProcess = true, cordappsForAllNodes = emptySet())) {
+            val nodeA = startNode(rpcUsers = listOf(user)).getOrThrow()
+            nodeA.rpc.startFlowWithClientId(UUID.randomUUID().toString(), ::ResultFlow, 5).returnValue.getOrThrow(20.seconds)
+            nodeA.rpc.startFlowDynamicWithClientId(
+                UUID.randomUUID().toString(),
+                ResultFlow::class.java,
+                5
+            ).returnValue.getOrThrow(20.seconds)
+        }
+    }
+
+    @Test(timeout = 300_000)
+    fun `start flow with client id without permissions`() {
+        val user = User("TonyStark", "I AM IRONMAN", setOf())
+        driver(DriverParameters(startNodesInProcess = true, cordappsForAllNodes = emptySet())) {
+            val nodeA = startNode(rpcUsers = listOf(user)).getOrThrow()
+            assertFailsWith<PermissionException> {
+                nodeA.rpc.startFlowWithClientId(UUID.randomUUID().toString(), ::ResultFlow, 5).returnValue.getOrThrow(20.seconds)
+            }
+            assertFailsWith<PermissionException> {
+                nodeA.rpc.startFlowDynamicWithClientId(
+                    UUID.randomUUID().toString(),
+                    ResultFlow::class.java,
+                    5
+                ).returnValue.getOrThrow(20.seconds)
+            }
+        }
+    }
+
    @Test(timeout = 300_000)
    fun `remove client id`() {
        val clientId = UUID.randomUUID().toString()
--- a/node/src/main/kotlin/net/corda/node/internal/rpc/proxies/AuthenticatedRpcOpsProxy.kt
+++ b/node/src/main/kotlin/net/corda/node/internal/rpc/proxies/AuthenticatedRpcOpsProxy.kt
@ -5,6 +5,7 @@ import net.corda.core.flows.FlowLogic
 import net.corda.core.internal.messaging.InternalCordaRPCOps
 import net.corda.core.messaging.CordaRPCOps
 import net.corda.core.internal.utilities.InvocationHandlerTemplate
+import net.corda.core.messaging.FlowHandleWithClientId
 import net.corda.node.services.rpc.RpcAuthContext
 import net.corda.node.services.rpc.rpcContext
 import java.lang.reflect.Method
@ -32,6 +33,16 @@ internal class AuthenticatedRpcOpsProxy(private val delegate: InternalCordaRPCOp
        delegate.startTrackedFlowDynamic(logicType, *args)
    }

+    // Need overriding to pass additional `listOf(logicType)` argument for polymorphic `startFlow` permissions.
+    @Suppress("SpreadOperator")
+    override fun <T> startFlowDynamicWithClientId(
+        clientId: String,
+        logicType: Class<out FlowLogic<T>>,
+        vararg args: Any?
+    ): FlowHandleWithClientId<T>  = guard("startFlowDynamic", listOf(logicType), ::rpcContext) {
+        delegate.startFlowDynamicWithClientId(clientId, logicType, *args)
+    }
+
    private companion object {
        private fun proxy(delegate: InternalCordaRPCOps, context: () -> RpcAuthContext): InternalCordaRPCOps {
            val handler = PermissionsEnforcingInvocationHandler(delegate, context)