CCF
Loading...
Searching...
No Matches
permissions_checks.h
Go to the documentation of this file.
1// Copyright (c) Microsoft Corporation. All rights reserved.
2// Licensed under the Apache 2.0 License.
3#pragma once
4
5#include "ccf/js/kv_access_permissions.h"
6#include "ccf/js/namespace_restrictions.h"
7#include "ccf/js/tx_access.h"
8#include "kv/kv_types.h"
9
10namespace ccf::js
11{
12 static KVAccessPermissions check_kv_map_access(
13 TxAccess execution_context, const std::string& table_name)
14 {
15 // Enforce the restrictions described in the read_write_restrictions page in
16 // the docs. Note that table is more readable, so should be considered the
17 // source of truth for these restrictions. This code is formatted to attempt
18 // to make it clear how it maps directly to that table.
19 const auto [privacy_of_table, namespace_of_table] =
20 ccf::kv::parse_map_name(table_name);
21
22 switch (privacy_of_table)
23 {
24 case (ccf::kv::SecurityDomain::PRIVATE):
25 {
26 // The only time private tables can be used, is on private application
27 // tables in an application context. Governance should neither read from
28 // nor write to private tables, and if private governance or internal
29 // tables exist then applications should not be able to read them.
30 if (
31 execution_context == TxAccess::APP_RW &&
32 namespace_of_table == ccf::kv::AccessCategory::APPLICATION)
33 {
34 return KVAccessPermissions::READ_WRITE;
35 }
36 else if (
37 execution_context == TxAccess::APP_RO &&
38 namespace_of_table == ccf::kv::AccessCategory::APPLICATION)
39 {
40 return KVAccessPermissions::READ_ONLY;
41 }
42 else
43 {
44 return KVAccessPermissions::ILLEGAL;
45 }
46 }
47
48 case (ccf::kv::SecurityDomain::PUBLIC):
49 {
50 switch (namespace_of_table)
51 {
52 case ccf::kv::AccessCategory::INTERNAL:
53 {
54 return KVAccessPermissions::READ_ONLY;
55 }
56
57 case ccf::kv::AccessCategory::GOVERNANCE:
58 {
59 if (execution_context == TxAccess::GOV_RW)
60 {
61 return KVAccessPermissions::READ_WRITE;
62 }
63 else
64 {
65 return KVAccessPermissions::READ_ONLY;
66 }
67 }
68
69 case ccf::kv::AccessCategory::APPLICATION:
70 {
71 switch (execution_context)
72 {
73 case (TxAccess::APP_RW):
74 {
75 return KVAccessPermissions::READ_WRITE;
76 }
77 case (TxAccess::APP_RO):
78 {
79 return KVAccessPermissions::READ_ONLY;
80 }
81 case (TxAccess::GOV_RW):
82 {
83 return KVAccessPermissions::WRITE_ONLY;
84 }
85 default:
86 {
87 return KVAccessPermissions::ILLEGAL;
88 }
89 }
90 }
91 }
92 }
93
94 case (ccf::kv::SecurityDomain::SECURITY_DOMAIN_MAX):
95 {
96 throw std::logic_error(fmt::format(
97 "Unexpected security domain (max) for table {}", table_name));
98 }
99 }
100 }
101 static std::string explain_kv_map_access(
102 ccf::js::KVAccessPermissions permission, ccf::js::TxAccess access)
103 {
104 char const* table_kind = permission == KVAccessPermissions::READ_ONLY ?
105 "read-only" :
106 (permission == KVAccessPermissions::WRITE_ONLY ? "write-only" :
107 "inaccessible");
108
109 char const* exec_context = "unknown";
110 switch (access)
111 {
112 case (TxAccess::APP_RW):
113 {
114 exec_context = "application";
115 break;
116 }
117 case (TxAccess::APP_RO):
118 {
119 exec_context = "read-only application";
120 break;
121 }
122 case (TxAccess::GOV_RO):
123 {
124 exec_context = "read-only governance";
125 break;
126 }
127 case (TxAccess::GOV_RW):
128 {
129 exec_context = "read-write governance";
130 break;
131 }
132 }
133
134 static constexpr char const* access_permissions_explanation_url =
135 "https://microsoft.github.io/CCF/main/audit/"
136 "read_write_restrictions.html";
137
138 return fmt::format(
139 "This table is {} in current ({}) execution context. See {} for more "
140 "detail.",
141 table_kind,
142 exec_context,
143 access_permissions_explanation_url);
144 }
145}
kv_access_permissions.h
kv_types.h
namespace_restrictions.h
ccf::js
Definition bundle.h:12
ccf::js::TxAccess
TxAccess
Definition tx_access.h:10
ccf::js::KVAccessPermissions
KVAccessPermissions
Definition kv_access_permissions.h:10
ccf::kv::SECURITY_DOMAIN_MAX
@ SECURITY_DOMAIN_MAX
Definition kv_types.h:258
ccf::kv::PRIVATE
@ PRIVATE
Definition kv_types.h:257
ccf::kv::PUBLIC
@ PUBLIC
Definition kv_types.h:256
ccf::kv::INTERNAL
@ INTERNAL
Definition kv_types.h:263
ccf::kv::APPLICATION
@ APPLICATION
Definition kv_types.h:265
ccf::kv::GOVERNANCE
@ GOVERNANCE
Definition kv_types.h:264
tx_access.h
Generated by doxygen 1.9.8