ExternalVendorCode/corda
1
0
Fork 0
mirror of https://github.com/corda/corda.git synced 2025-06-18 15:18:16 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Remove unused class DefaultCordaRpcPermissions (#2328)

Browse Source
This commit is contained in:
igor nitto
2018-01-11 10:45:33 +00:00
committed by GitHub
parent d846011cc4
commit 8b5ad9d5c0
4 changed files with 6 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
node/src/main/kotlin/net/corda/node/internal/DefaultCordaRpcPermissions.kt
View File

@ -1,25 +0,0 @@
package net.corda.node.internal
import net.corda.core.flows.FlowLogic
import net.corda.core.messaging.CordaRPCOps
import net.corda.node.services.Permissions.Companion.all
import net.corda.node.services.Permissions.Companion.startFlow
import net.corda.node.services.Permissions.Companion.invokeRpc
import kotlin.reflect.KVisibility
import kotlin.reflect.full.declaredMemberFunctions
object DefaultCordaRpcPermissions {
private val invokePermissions = CordaRPCOps::class.declaredMemberFunctions.filter { it.visibility == KVisibility.PUBLIC }.associate { it.name to setOf(invokeRpc(it), all()) }
private val startFlowPermissions = setOf("startFlow", "startFlowDynamic", "startTrackedFlow", "startTrackedFlowDynamic").associate { it to this::startFlowPermission }
fun permissionsAllowing(methodName: String, args: List<Any?>): Set<String> {
val invoke = invokePermissions[methodName] ?: emptySet()
val start = startFlowPermissions[methodName]?.invoke(args)
return if (start != null) invoke + start else invoke
}
@Suppress("UNCHECKED_CAST")
private fun startFlowPermission(args: List<Any?>): String = if (args[0] is Class<*>) startFlow(args[0] as Class<FlowLogic<*>>) else startFlow(args[0] as String)
}

2
node/src/main/kotlin/net/corda/node/internal/RpcAuthorisationProxy.kt
View File

@ -19,7 +19,7 @@ import java.io.InputStream
import java.security.PublicKey import java.security.PublicKey
// TODO change to KFunction reference after Kotlin fixes https://youtrack.jetbrains.com/issue/KT-12140 // TODO change to KFunction reference after Kotlin fixes https://youtrack.jetbrains.com/issue/KT-12140
class RpcAuthorisationProxy(private val implementation: CordaRPCOps, private val context: () -> RpcAuthContext, private val permissionsAllowing: (methodName: String, args: List<Any?>) -> Set<String>) : CordaRPCOps { class RpcAuthorisationProxy(private val implementation: CordaRPCOps, private val context: () -> RpcAuthContext) : CordaRPCOps {
override fun uploadAttachmentWithMetadata(jar: InputStream, uploader: String, filename: String): SecureHash = guard("uploadAttachmentWithMetadata") { override fun uploadAttachmentWithMetadata(jar: InputStream, uploader: String, filename: String): SecureHash = guard("uploadAttachmentWithMetadata") {
implementation.uploadAttachmentWithMetadata(jar, uploader, filename) implementation.uploadAttachmentWithMetadata(jar, uploader, filename)

2
node/src/main/kotlin/net/corda/node/internal/SecureCordaRPCOps.kt
View File

@ -14,7 +14,7 @@ class SecureCordaRPCOps(services: ServiceHubInternal,
smm: StateMachineManager, smm: StateMachineManager,
database: CordaPersistence, database: CordaPersistence,
flowStarter: FlowStarter, flowStarter: FlowStarter,
val unsafe: CordaRPCOps = CordaRPCOpsImpl(services, smm, database, flowStarter)) : CordaRPCOps by RpcAuthorisationProxy(unsafe, ::rpcContext, DefaultCordaRpcPermissions::permissionsAllowing) { val unsafe: CordaRPCOps = CordaRPCOpsImpl(services, smm, database, flowStarter)) : CordaRPCOps by RpcAuthorisationProxy(unsafe, ::rpcContext) {
/** /**
* Returns the RPC protocol version, which is the same the node's Platform Version. Exists since version 1 so guaranteed * Returns the RPC protocol version, which is the same the node's Platform Version. Exists since version 1 so guaranteed

9
node/src/main/kotlin/net/corda/node/internal/security/RPCSecurityManagerImpl.kt
View File

@ -103,7 +103,7 @@ class RPCSecurityManagerImpl(config: AuthServiceConfig) : RPCSecurityManager {
} }
} }
/** /*
* Provide a representation of RPC permissions based on Apache Shiro permissions framework. * Provide a representation of RPC permissions based on Apache Shiro permissions framework.
* A permission represents a set of actions: for example, the set of all RPC invocations, or the set * A permission represents a set of actions: for example, the set of all RPC invocations, or the set
* of RPC invocations acting on a given class of Flows in input. A permission `implies` another one if * of RPC invocations acting on a given class of Flows in input. A permission `implies` another one if
@ -128,7 +128,7 @@ private class RPCPermission : DomainPermission {
constructor() : super() constructor() : super()
} }
/** /*
* A [org.apache.shiro.authz.permission.PermissionResolver] implementation for RPC permissions. * A [org.apache.shiro.authz.permission.PermissionResolver] implementation for RPC permissions.
* Provides a method to construct an [RPCPermission] instance from its string representation * Provides a method to construct an [RPCPermission] instance from its string representation
* in the form used by a Node admin. * in the form used by a Node admin.
@ -141,7 +141,6 @@ private class RPCPermission : DomainPermission {
* *
* - `StartFlow.$FlowClassName`: allowing to call a `startFlow*` RPC method targeting a Flow instance * - `StartFlow.$FlowClassName`: allowing to call a `startFlow*` RPC method targeting a Flow instance
* of a given class * of a given class
*
*/ */
private object RPCPermissionResolver : PermissionResolver { private object RPCPermissionResolver : PermissionResolver {
@ -253,7 +252,7 @@ private class NodeJdbcRealm(config: SecurityConfiguration.AuthService.DataSource
private typealias ShiroCache<K, V> = org.apache.shiro.cache.Cache<K, V> private typealias ShiroCache<K, V> = org.apache.shiro.cache.Cache<K, V>
/** /*
* Adapts a [com.google.common.cache.Cache] to a [org.apache.shiro.cache.Cache] implementation. * Adapts a [com.google.common.cache.Cache] to a [org.apache.shiro.cache.Cache] implementation.
*/ */
private fun <K, V> Cache<K, V>.toShiroCache(name: String) = object : ShiroCache<K, V> { private fun <K, V> Cache<K, V>.toShiroCache(name: String) = object : ShiroCache<K, V> {
@ -285,7 +284,7 @@ private fun <K, V> Cache<K, V>.toShiroCache(name: String) = object : ShiroCache<
override fun toString() = "Guava cache adapter [$impl]" override fun toString() = "Guava cache adapter [$impl]"
} }
/** /*
* Implementation of [org.apache.shiro.cache.CacheManager] based on * Implementation of [org.apache.shiro.cache.CacheManager] based on
* cache implementation in [com.google.common.cache] * cache implementation in [com.google.common.cache]
*/ */