This repository has been archived by the owner on Aug 2, 2022. It is now read-only.
Implement links between permissions and message types #123
Comments
|
A link to a undefined permission should be prevented on creation. Removing a permission should not be possible if there are child permissions. The child permissions should be removed first. This makes "renaming" permissions very messy: create new permission, update links, remove old permission. |
nathanielhourt
added a commit
that referenced
this issue
Aug 2, 2017
Define the types documented in the issue. TODO: Implement logic
nathanielhourt
added a commit
that referenced
this issue
Aug 2, 2017
Add docs on some of the types, register the index, and implement chain_controller::lookup_minimum_permission.
nathanielhourt
added a commit
that referenced
this issue
Aug 2, 2017
The name requirepermission was too long, so I renamed it linkauth
nathanielhourt
added a commit
that referenced
this issue
Aug 2, 2017
Implement the linkauth handler in the system contract
nathanielhourt
added a commit
that referenced
this issue
Aug 2, 2017
Add an unlinkauth message type which removes a link from a message type to a required authority
|
At this point everything should be implemented, and we're down to testing |
nathanielhourt
added a commit
that referenced
this issue
Aug 3, 2017
Define the types documented in the issue. TODO: Implement logic
nathanielhourt
added a commit
that referenced
this issue
Aug 3, 2017
Add docs on some of the types, register the index, and implement chain_controller::lookup_minimum_permission.
nathanielhourt
added a commit
that referenced
this issue
Aug 3, 2017
The name requirepermission was too long, so I renamed it linkauth
nathanielhourt
added a commit
that referenced
this issue
Aug 3, 2017
Implement the linkauth handler in the system contract
nathanielhourt
added a commit
that referenced
this issue
Aug 3, 2017
Add an unlinkauth message type which removes a link from a message type to a required authority
nathanielhourt
added a commit
that referenced
this issue
Aug 3, 2017
Create and smoke test Add_Authority and Delete_Authority test helper macros
nathanielhourt
added a commit
that referenced
this issue
Aug 3, 2017
nathanielhourt
added a commit
that referenced
this issue
Aug 3, 2017
The behavior change is that I am forbidding changing a permission_object's parent until we come up with a safe way to support it. The issue is that it's possible to create loops by creating an object A with an existing parent B, then setting B's parent to A. The obvious solution is to ensure with every parent change that there is a path back to the owner authority by following parents, but to do this we need a tree depth limit. I haven't explored the implications of that, so I'm just disabling parent changes for the time being. The user can simply delete the old subtree and create a new one if he wants to move a subtree from one parent to another.
|
good |
nathanielhourt
added a commit
that referenced
this issue
Aug 8, 2017
Define the types documented in the issue. TODO: Implement logic
nathanielhourt
added a commit
that referenced
this issue
Aug 8, 2017
Add docs on some of the types, register the index, and implement chain_controller::lookup_minimum_permission.
nathanielhourt
added a commit
that referenced
this issue
Aug 8, 2017
The name requirepermission was too long, so I renamed it linkauth
nathanielhourt
added a commit
that referenced
this issue
Aug 8, 2017
Implement the linkauth handler in the system contract
nathanielhourt
added a commit
that referenced
this issue
Aug 8, 2017
Add an unlinkauth message type which removes a link from a message type to a required authority
nathanielhourt
added a commit
that referenced
this issue
Aug 8, 2017
Create and smoke test Add_Authority and Delete_Authority test helper macros
nathanielhourt
added a commit
that referenced
this issue
Aug 8, 2017
nathanielhourt
added a commit
that referenced
this issue
Aug 8, 2017
The behavior change is that I am forbidding changing a permission_object's parent until we come up with a safe way to support it. The issue is that it's possible to create loops by creating an object A with an existing parent B, then setting B's parent to A. The obvious solution is to ensure with every parent change that there is a path back to the owner authority by following parents, but to do this we need a tree depth limit. I haven't explored the implications of that, so I'm just disabling parent changes for the time being. The user can simply delete the old subtree and create a new one if he wants to move a subtree from one parent to another.
nathanielhourt
added a commit
that referenced
this issue
Aug 8, 2017
nathanielhourt
added a commit
that referenced
this issue
Aug 8, 2017
Add macros for Link_Authority and Unlink_Authority, write some initial tests of these operations, and fix a bug (unlinkauth didn't require any authority)
nathanielhourt
added a commit
that referenced
this issue
Aug 15, 2017
Test that a fully validated transaction to transfer money requires the linked authority, or a parent, but not a child.
nathanielhourt
added a commit
that referenced
this issue
Aug 15, 2017
Test that the default authority for a contract is accepted when there is no more specific authority set
nathanielhourt
added a commit
that referenced
this issue
Aug 15, 2017
The previous test was somewhat convoluted. It's simpler now, and it also tests that the default authority for a contract is not accepted when a specific link for the message type is present.
This was referenced Aug 15, 2017
ljrprocc
pushed a commit
to bithacks-tech/myeosio
that referenced
this issue
Jul 4, 2018
merge from eosio master
NorseGaud
pushed a commit
that referenced
this issue
Jul 30, 2019
# This is the 1st commit message: various improvements # This is the commit message #2: new hash # This is the commit message #3: fix for script path # This is the commit message #4: fixes # This is the commit message #5: fixes # This is the commit message #6: fixes # This is the commit message #7: fixes # This is the commit message #8: fixes # This is the commit message #9: fixes # This is the commit message #10: fixes # This is the commit message #11: fixes # This is the commit message #12: fixes # This is the commit message #13: fixes # This is the commit message #14: fixes # This is the commit message #15: fixes # This is the commit message #16: fixes # This is the commit message #17: fixes # This is the commit message #18: fixes # This is the commit message #19: fixes # This is the commit message #20: fixes # This is the commit message #21: fixes # This is the commit message #22: fixes # This is the commit message #23: fixes # This is the commit message #24: fixes # This is the commit message #25: fixes # This is the commit message #26: testing # This is the commit message #27: testing # This is the commit message #28: testing # This is the commit message #29: testing # This is the commit message #30: testing # This is the commit message #31: testing # This is the commit message #32: testing # This is the commit message #33: testing # This is the commit message #34: testing # This is the commit message #35: testing # This is the commit message #36: testing # This is the commit message #37: testing # This is the commit message #38: testing # This is the commit message #39: testing # This is the commit message #40: testing # This is the commit message #41: testing # This is the commit message #42: testing # This is the commit message #43: testing # This is the commit message #44: fixes # This is the commit message #45: fixes # This is the commit message #46: fixes # This is the commit message #47: fixes # This is the commit message #48: fixes # This is the commit message #49: fixes # This is the commit message #50: fixes # This is the commit message #51: fixes # This is the commit message #52: fixes # This is the commit message #53: fixes # This is the commit message #54: fixes # This is the commit message #55: fixes # This is the commit message #56: fixes # This is the commit message #57: fixes # This is the commit message #58: fixes # This is the commit message #59: fixes # This is the commit message #60: fixes # This is the commit message #61: fixes # This is the commit message #62: fixes # This is the commit message #63: fixes # This is the commit message #64: fixes # This is the commit message #65: fixes # This is the commit message #66: fixes # This is the commit message #67: fixes # This is the commit message #68: fixes # This is the commit message #69: fixes # This is the commit message #70: fixes # This is the commit message #71: fixes # This is the commit message #72: fixes # This is the commit message #73: fixes # This is the commit message #74: fixes # This is the commit message #75: fixes # This is the commit message #76: fixes # This is the commit message #77: fixes # This is the commit message #78: fixes # This is the commit message #79: more testing # This is the commit message #80: testing # This is the commit message #81: fixes # This is the commit message #82: fixes # This is the commit message #83: fixes # This is the commit message #84: fixes # This is the commit message #85: fixes # This is the commit message #86: fixes # This is the commit message #87: fixes # This is the commit message #88: fixes # This is the commit message #89: fixes # This is the commit message #90: fixes # This is the commit message #91: fixes # This is the commit message #92: fixes # This is the commit message #93: propagate-environment for buildkite-agent # This is the commit message #94: propagate-environment for buildkite-agent # This is the commit message #95: propagate-environment for buildkite-agent # This is the commit message #96: propagate-environment for buildkite-agent # This is the commit message #97: fixes # This is the commit message #98: fixes # This is the commit message #99: fixes # This is the commit message #100: fixes # This is the commit message #101: fixes # This is the commit message #102: fixes # This is the commit message #103: fixes # This is the commit message #104: fixes # This is the commit message #105: fixes # This is the commit message #106: fixes # This is the commit message #107: fixes # This is the commit message #108: fixes # This is the commit message #109: fixes # This is the commit message #110: fixes # This is the commit message #111: fixes # This is the commit message #112: fixes # This is the commit message #113: fixes # This is the commit message #114: fixes # This is the commit message #115: fixes # This is the commit message #116: fixes # This is the commit message #117: fixes # This is the commit message #118: fixes # This is the commit message #119: fixes # This is the commit message #120: fixes # This is the commit message #121: fixes # This is the commit message #122: fixes # This is the commit message #123: fixes # This is the commit message #124: fixes # This is the commit message #125: fixes # This is the commit message #126: fixes # This is the commit message #127: fixes # This is the commit message #128: fixes # This is the commit message #129: fixes # This is the commit message #130: fixes # This is the commit message #131: fixes # This is the commit message #132: fixes # This is the commit message #133: fixes # This is the commit message #134: fixes # This is the commit message #135: fixes # This is the commit message #136: fixes # This is the commit message #137: fixes # This is the commit message #138: fixes # This is the commit message #139: fixes # This is the commit message #140: fixes # This is the commit message #141: fixes # This is the commit message #142: fixes # This is the commit message #143: fixes # This is the commit message #144: fixes # This is the commit message #145: fixes # This is the commit message #146: fixes # This is the commit message #147: fixes # This is the commit message #148: fixes # This is the commit message #149: fixes # This is the commit message #150: fixes # This is the commit message #151: fixes # This is the commit message #152: fixes # This is the commit message #153: testing # This is the commit message #154: fixes # This is the commit message #155: fixes # This is the commit message #156: fixes # This is the commit message #157: fixes # This is the commit message #158: fixes # This is the commit message #159: fixes # This is the commit message #160: fixes # This is the commit message #161: fixes # This is the commit message #162: fixes # This is the commit message #163: fixes # This is the commit message #164: fixes # This is the commit message #165: fixes # This is the commit message #166: fixes # This is the commit message #167: fixes # This is the commit message #168: fixes # This is the commit message #169: fixes # This is the commit message #170: fixes # This is the commit message #171: fixes # This is the commit message #172: fixes # This is the commit message #173: fixes # This is the commit message #174: fixes # This is the commit message #175: fixes # This is the commit message #176: fixes # This is the commit message #177: fixes # This is the commit message #178: fixes # This is the commit message #179: fixes # This is the commit message #180: fixes # This is the commit message #181: fixes # This is the commit message #182: fixes # This is the commit message #183: fixes # This is the commit message #184: fixes # This is the commit message #185: fixes # This is the commit message #186: fixes
oldcold
pushed a commit
to eosiosg/eos
that referenced
this issue
Sep 24, 2019
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
The only component of transaction authorization which is still missing is the links between the user's permissions (
permission_objects) and message types ({code account, message type}). The contracts need to be written that allow the user to specify these links, and thenchain_controller::lookup_minimum_permissionmust be updated to use these links to determine the minimum permission required for a given account to execute a message of a given type.I propose adding these messages to the system contract:
In the above,
accountwill require the permission named inrequirementin order to send messages oftypeto thecodecontract.I propose adding a new object type:
The object shall be indexed on
{account, code, message_type}so thatchain_controller::lookup_minimum_permissioncan map these values torequired_permission, then use{account, required_permission}to look up thepermission_objectcontaining the authorityaccountrequires to invoke such messages.Question: What happens if the user defines a
permission_linkwith a validrequired_permissionname, but then removes or renames that permission? Options that come to mind are to forbid it (require the user to remove the link, rename the permission, and recreate the link?), or to automatically rename/delete the link. Thoughts?The text was updated successfully, but these errors were encountered: