-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Work in Progress] add AccountPermission #5164
base: develop
Are you sure you want to change the base?
Changes from 5 commits
6bbe2ca
372cc5c
9310eae
5f5b265
15506e5
1e15774
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,92 @@ | ||
//------------------------------------------------------------------------------ | ||
/* | ||
This file is part of rippled: https://github.com/ripple/rippled | ||
Copyright (c) 2024 Ripple Labs Inc. | ||
|
||
Permission to use, copy, modify, and/or distribute this software for any | ||
purpose with or without fee is hereby granted, provided that the above | ||
copyright notice and this permission notice appear in all copies. | ||
|
||
THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES | ||
WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF | ||
MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR | ||
ANY SPECIAL , DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES | ||
WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN | ||
ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF | ||
OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | ||
*/ | ||
//============================================================================== | ||
|
||
#ifndef RIPPLE_PROTOCOL_PERMISSION_H_INCLUDED | ||
#define RIPPLE_PROTOCOL_PERMISSION_H_INCLUDED | ||
|
||
#include <xrpl/protocol/STTx.h> | ||
#include <optional> | ||
#include <string> | ||
#include <unordered_map> | ||
|
||
namespace ripple { | ||
|
||
/** | ||
* We have transaction type permissions and granular type | ||
* permissions. Since we will reuse the TransactionFormats to parse the | ||
* Transaction Permissions, we only define the GranularPermissionType here. | ||
*/ | ||
|
||
enum GranularPermissionType : std::uint32_t { | ||
TrustlineAuthorize = 65537, | ||
|
||
TrustlineFreeze = 65538, | ||
|
||
TrustlineUnfreeze = 65539, | ||
|
||
AccountDomainSet = 65540, | ||
|
||
AccountEmailHashSet = 65541, | ||
|
||
AccountMessageKeySet = 65542, | ||
|
||
AccountTransferRateSet = 65543, | ||
|
||
AccountTickSizeSet = 65544, | ||
|
||
PaymentMint = 65545, | ||
|
||
PaymentBurn = 65546, | ||
|
||
MPTokenIssuanceLock = 65547, | ||
|
||
MPTokenIssuanceUnlock = 65548, | ||
}; | ||
|
||
class Permission | ||
{ | ||
private: | ||
Permission(); | ||
|
||
std::unordered_map<std::string, GranularPermissionType> | ||
granularPermissionMap; | ||
|
||
std::unordered_map<GranularPermissionType, TxType> granularTxTypeMap; | ||
|
||
public: | ||
static Permission const& | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. How about just making all members as There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. need to access private members in the functions, for example, There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. They should be also static. There should be only one instance of those maps. |
||
getInstance(); | ||
|
||
Permission(const Permission&) = delete; | ||
Permission& | ||
operator=(const Permission&) = delete; | ||
|
||
std::optional<std::uint32_t> | ||
getGranularValue(std::string const& name) const; | ||
|
||
std::optional<TxType> | ||
getGranularTxType(GranularPermissionType const& gpType) const; | ||
|
||
bool | ||
isProhibited(std::string const& name) const; | ||
}; | ||
|
||
} // namespace ripple | ||
|
||
#endif |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,210 @@ | ||
//------------------------------------------------------------------------------ | ||
/* | ||
This file is part of rippled: https://github.com/ripple/rippled | ||
Copyright (c) 2024 Ripple Labs Inc. | ||
|
||
Permission to use, copy, modify, and/or distribute this software for any | ||
purpose with or without fee is hereby granted, provided that the above | ||
copyright notice and this permission notice appear in all copies. | ||
|
||
THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES | ||
WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF | ||
MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR | ||
ANY SPECIAL , DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES | ||
WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN | ||
ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF | ||
OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | ||
*/ | ||
//============================================================================== | ||
|
||
#ifndef RIPPLE_PROTOCOL_STTX_WRAPPER_H_INCLUDED | ||
#define RIPPLE_PROTOCOL_STTX_WRAPPER_H_INCLUDED | ||
|
||
#include <xrpl/protocol/STAccount.h> | ||
#include <xrpl/protocol/STTx.h> | ||
#include <functional> | ||
|
||
namespace ripple { | ||
|
||
// This class is a wrapper to deal with delegating in AccountPermission | ||
// amendment. It wraps STTx, and delegates to STTx methods. The key change is | ||
// getAccountID and operator[]. We need to first check if the transaction is | ||
// delegated by another account by checking if the sfOnBehalfOf field is | ||
// present. If it is present, we need to return the sfOnBehalfOf field as the | ||
// account when calling getAccountID(sfAccount) and tx[sfAccount]. | ||
class STTxWr | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. How about renaming to |
||
{ | ||
private: | ||
const STTx& tx_; // Wrap an instance of STTx | ||
bool isDelegated_; // if the transaction is delegated by another account | ||
|
||
public: | ||
explicit STTxWr(STTx const& tx, bool isDelegated) | ||
: tx_(tx), isDelegated_(isDelegated) | ||
{ | ||
} | ||
|
||
STTx | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Should be |
||
getTx() const | ||
{ | ||
return tx_; | ||
} | ||
|
||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I think it also makes sense to add implicit conversion operator to There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. And perhaps change getTx() to something else, maybe getSTTx? tx.getTx() doesn't look right. |
||
bool | ||
isDelegated() const | ||
{ | ||
return isDelegated_; | ||
} | ||
|
||
AccountID | ||
getAccountID(SField const& field) const | ||
{ | ||
if (field == sfAccount) | ||
return tx_.isFieldPresent(sfOnBehalfOf) ? *tx_[~sfOnBehalfOf] | ||
: tx_[sfAccount]; | ||
return tx_.getAccountID(field); | ||
} | ||
|
||
template <class T> | ||
typename std::enable_if< | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Should use |
||
!std::is_same<TypedField<T>, SF_ACCOUNT>::value, | ||
typename T::value_type>::type | ||
operator[](TypedField<T> const& f) const | ||
{ | ||
return tx_[f]; | ||
} | ||
|
||
// When Type is SF_ACCOUNT and also field name is sfAccount, we need to | ||
// check if the transaction is delegated by another account. If it is, | ||
// return sfOnBehalfOf field instead. | ||
template <class T> | ||
typename std::enable_if< | ||
std::is_same<TypedField<T>, SF_ACCOUNT>::value, | ||
AccountID>::type | ||
operator[](TypedField<T> const& f) const | ||
{ | ||
if (f == sfAccount) | ||
return tx_.isFieldPresent(sfOnBehalfOf) ? *tx_[~sfOnBehalfOf] | ||
: tx_[sfAccount]; | ||
return tx_[f]; | ||
} | ||
|
||
template <class T> | ||
std::optional<std::decay_t<typename T::value_type>> | ||
operator[](OptionaledField<T> const& of) const | ||
{ | ||
return tx_[of]; | ||
} | ||
|
||
uint256 | ||
getTransactionID() const | ||
{ | ||
return tx_.getTransactionID(); | ||
} | ||
|
||
TxType | ||
getTxnType() const | ||
{ | ||
return tx_.getTxnType(); | ||
} | ||
|
||
std::uint32_t | ||
getFlags() const | ||
{ | ||
return tx_.getFlags(); | ||
} | ||
|
||
bool | ||
isFieldPresent(SField const& field) const | ||
{ | ||
return tx_.isFieldPresent(field); | ||
} | ||
|
||
Json::Value | ||
getJson(JsonOptions options) const | ||
{ | ||
return tx_.getJson(options); | ||
} | ||
|
||
void | ||
add(Serializer& s) const | ||
{ | ||
tx_.add(s); | ||
} | ||
|
||
unsigned char | ||
getFieldU8(SField const& field) const | ||
{ | ||
return tx_.getFieldU8(field); | ||
} | ||
|
||
std::uint32_t | ||
getFieldU32(SField const& field) const | ||
{ | ||
return tx_.getFieldU32(field); | ||
} | ||
|
||
uint256 | ||
getFieldH256(SField const& field) const | ||
{ | ||
return tx_.getFieldH256(field); | ||
} | ||
|
||
Blob | ||
getFieldVL(SField const& field) const | ||
{ | ||
return tx_.getFieldVL(field); | ||
} | ||
|
||
STAmount const& | ||
getFieldAmount(SField const& field) const | ||
{ | ||
return tx_.getFieldAmount(field); | ||
} | ||
|
||
STPathSet const& | ||
getFieldPathSet(SField const& field) const | ||
{ | ||
return tx_.getFieldPathSet(field); | ||
} | ||
|
||
const STVector256& | ||
getFieldV256(SField const& field) const | ||
{ | ||
return tx_.getFieldV256(field); | ||
} | ||
|
||
const STArray& | ||
getFieldArray(SField const& field) const | ||
{ | ||
return tx_.getFieldArray(field); | ||
} | ||
|
||
Blob | ||
getSigningPubKey() const | ||
{ | ||
return tx_.getSigningPubKey(); | ||
} | ||
|
||
Blob | ||
getSignature() const | ||
{ | ||
return tx_.getSignature(); | ||
} | ||
|
||
bool | ||
isFlag(std::uint32_t f) const | ||
{ | ||
return tx_.isFlag(f); | ||
} | ||
|
||
SeqProxy | ||
getSeqProxy() const | ||
{ | ||
return tx_.getSeqProxy(); | ||
} | ||
}; | ||
|
||
} // namespace ripple | ||
|
||
#endif |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -436,3 +436,16 @@ LEDGER_ENTRY(ltCREDENTIAL, 0x0081, Credential, ({ | |
{sfPreviousTxnID, soeREQUIRED}, | ||
{sfPreviousTxnLgrSeq, soeREQUIRED}, | ||
})) | ||
|
||
/** A ledger object representing permissions an account has delegated to another account. | ||
|
||
\sa keylet::accountPermission | ||
*/ | ||
LEDGER_ENTRY(ltACCOUNT_PERMISSION, 0x0082, AccountPermission, ({ | ||
{sfAccount, soeREQUIRED}, | ||
{sfAuthorize, soeREQUIRED}, | ||
{sfPermissions, soeREQUIRED}, | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Does it make sense to make this optional since it could be empty? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Since being empty means deleting all the permissions, can we keep it as required? So that the user won't delete the permissions by accident when they mistakenly leave out the Permissions field. Giving an empty field is more clear that they want to delete all the permissions. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This is an on-ledger object, not the transaction. It's empty if there is no permissions so it could be optional. Can save a bit of space this way, right? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. yes. make sense. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. @gregtatcam when there's no permissions, can we erase the SLE? so that we can still keep There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Do you mean delete SLE? I don't think we should delete it if there is no permissions. There is a transaction for this. Do you see a problem with making it optional? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I think it's easier to just delete the ledger entry if there's no permission between two accounts. Is there any reason why should we keep it and just leave out the permissions field? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I don't think there is a precedent for this, is there? A transaction is used to delete a ledger entry. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I don't think there is a hard requirement that a specific txn is needed to delete an object. Ex. unfunded offers can be cancelled implicitly, associated NFT offers are automatically deleted when the NFT itself is deleted (see #4346) There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Can delete it then. |
||
{sfOwnerNode, soeREQUIRED}, | ||
{sfPreviousTxnID, soeREQUIRED}, | ||
{sfPreviousTxnLgrSeq, soeREQUIRED}, | ||
})) |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -447,6 +447,12 @@ TRANSACTION(ttCREDENTIAL_DELETE, 60, CredentialDelete, ({ | |
{sfCredentialType, soeREQUIRED}, | ||
})) | ||
|
||
/** This transaction type delegates authorized account specified permissions */ | ||
TRANSACTION(ttACCOUNT_PERMISSION_SET, 61, AccountPermissionSet, ({ | ||
{sfAuthorize, soeREQUIRED}, | ||
{sfPermissions, soeREQUIRED}, | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Does it make sense to make it optional since it could be empty? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Being empty means deleting all the permissions, so that the user won't delete the permissions by accident when they mistakenly leave out the Permissions field. So I think it's better to keep it as soeREQUIRED here in the transaction. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. But it's a required field in the transaction, isn't it? It could be an empty array of permissions when it's set. So if it's empty then we delete it from the ledger object. The optional field has to be handled appropriately but it's used in a very few places. So if a user can make the permissions array empty then why is it a problem deleting it from the ledger object? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. It's kept required in the transaction but optional in the on-ledger object. |
||
})) | ||
|
||
|
||
/** This system-generated transaction type is used to update the status of the various amendments. | ||
|
||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
should probably delete copy and copy assignment constructors
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
does this still needs to be done?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
just added