CCF
Loading...
Searching...
No Matches
permissions_checks.h
Go to the documentation of this file.
1// Copyright (c) Microsoft Corporation. All rights reserved.
2// Licensed under the Apache 2.0 License.
3#pragma once
4
5#include "ccf/js/kv_access_permissions.h"
6#include "ccf/js/namespace_restrictions.h"
7#include "ccf/js/tx_access.h"
8#include "kv/kv_types.h"
9
10namespace ccf::js
11{
12 static KVAccessPermissions check_kv_map_access(
13 TxAccess execution_context, const std::string& table_name)
14 {
15 // Enforce the restrictions described in the read_write_restrictions page in
16 // the docs. Note that table is more readable, so should be considered the
17 // source of truth for these restrictions. This code is formatted to attempt
18 // to make it clear how it maps directly to that table.
19 const auto [privacy_of_table, namespace_of_table] =
20 ccf::kv::parse_map_name(table_name);
21
22 switch (privacy_of_table)
23 {
24 case (ccf::kv::SecurityDomain::PRIVATE):
25 {
26 // The only time private tables can be used, is on private application
27 // tables in an application context. Governance should neither read from
28 // nor write to private tables, and if private governance or internal
29 // tables exist then applications should not be able to read them.
30 if (
31 execution_context == TxAccess::APP_RW &&
32 namespace_of_table == ccf::kv::AccessCategory::APPLICATION)
33 {
34 return KVAccessPermissions::READ_WRITE;
35 }
36
37 if (
38 execution_context == TxAccess::APP_RO &&
39 namespace_of_table == ccf::kv::AccessCategory::APPLICATION)
40 {
41 return KVAccessPermissions::READ_ONLY;
42 }
43
44 return KVAccessPermissions::ILLEGAL;
45 }
46
47 case (ccf::kv::SecurityDomain::PUBLIC):
48 {
49 switch (namespace_of_table)
50 {
51 case ccf::kv::AccessCategory::INTERNAL:
52 {
53 return KVAccessPermissions::READ_ONLY;
54 }
55
56 case ccf::kv::AccessCategory::GOVERNANCE:
57 {
58 if (execution_context == TxAccess::GOV_RW)
59 {
60 return KVAccessPermissions::READ_WRITE;
61 }
62
63 return KVAccessPermissions::READ_ONLY;
64 }
65
66 case ccf::kv::AccessCategory::APPLICATION:
67 {
68 switch (execution_context)
69 {
70 case (TxAccess::APP_RW):
71 {
72 return KVAccessPermissions::READ_WRITE;
73 }
74 case (TxAccess::APP_RO):
75 {
76 return KVAccessPermissions::READ_ONLY;
77 }
78 case (TxAccess::GOV_RW):
79 {
80 return KVAccessPermissions::WRITE_ONLY;
81 }
82 default:
83 {
84 return KVAccessPermissions::ILLEGAL;
85 }
86 }
87 }
88 }
89 }
90
91 case (ccf::kv::SecurityDomain::SECURITY_DOMAIN_MAX):
92 {
93 throw std::logic_error(fmt::format(
94 "Unexpected security domain (max) for table {}", table_name));
95 }
96 }
97 }
98 static std::string explain_kv_map_access(
99 ccf::js::KVAccessPermissions permission, ccf::js::TxAccess access)
100 {
101 char const* table_kind = permission == KVAccessPermissions::READ_ONLY ?
102 "read-only" :
103 (permission == KVAccessPermissions::WRITE_ONLY ? "write-only" :
104 "inaccessible");
105
106 char const* exec_context = nullptr;
107 switch (access)
108 {
109 case (TxAccess::APP_RW):
110 {
111 exec_context = "application";
112 break;
113 }
114 case (TxAccess::APP_RO):
115 {
116 exec_context = "read-only application";
117 break;
118 }
119 case (TxAccess::GOV_RO):
120 {
121 exec_context = "read-only governance";
122 break;
123 }
124 case (TxAccess::GOV_RW):
125 {
126 exec_context = "read-write governance";
127 break;
128 }
129 default:
130 {
131 exec_context = "unknown";
132 break;
133 }
134 }
135
136 static constexpr char const* access_permissions_explanation_url =
137 "https://microsoft.github.io/CCF/main/audit/"
138 "read_write_restrictions.html";
139
140 return fmt::format(
141 "This table is {} in current ({}) execution context. See {} for more "
142 "detail.",
143 table_kind,
144 exec_context,
145 access_permissions_explanation_url);
146 }
147}
kv_access_permissions.h
kv_types.h
namespace_restrictions.h
ccf::js
Definition bundle.h:12
ccf::js::KVAccessPermissions
KVAccessPermissions
Definition kv_access_permissions.h:10
ccf::js::TxAccess
TxAccess
Definition tx_access.h:10
ccf::kv::INTERNAL
@ INTERNAL
Definition kv_types.h:224
ccf::kv::APPLICATION
@ APPLICATION
Definition kv_types.h:226
ccf::kv::GOVERNANCE
@ GOVERNANCE
Definition kv_types.h:225
ccf::kv::SECURITY_DOMAIN_MAX
@ SECURITY_DOMAIN_MAX
Definition kv_types.h:219
ccf::kv::PRIVATE
@ PRIVATE
Definition kv_types.h:218
ccf::kv::PUBLIC
@ PUBLIC
Definition kv_types.h:217
tx_access.h
Generated by doxygen 1.9.8