9.3.3. Permissions¶
Hyperledger Iroha uses a role-based access control system to limit actions of its users. This system greatly helps to implement use cases involving user groups having different access levels — ranging from the weak users, who can’t even receive asset transfer to the super-users. The beauty of our permission system is that you don’t have to have a super-user in your Iroha setup or use all the possible permissions: you can create segregated and lightweight roles.
Maintenance of the system involves setting up roles and permissions, that are included in the roles. This might be done at the initial step of system deployment — in genesis block, or later when Iroha network is up and running, roles can be changed (if there is a role that can do that :)
This section will help you to understand permissions and give you an idea of how to create roles including certain permissions. Each permission is provided with an example written in Python that demonstrates the way of transaction or query creation, which require specific permission. Every example uses commons.py module, which listing is available at Supplementary Sources section.
9.3.4. List of Permissions¶
9.3.5. Permissions Detailed¶
9.3.5.1. Command and Query-related permissions¶
9.3.5.1.1. All Categories¶
9.3.5.1.1.1. root¶
Allows executing all commands and queries without other permissions.
Note
This permission allows you to create and assign any roles with any permissions.
Example
9.3.5.2. Command-related permissions¶
9.3.5.2.1. Account¶
9.3.5.2.1.1. can_create_account¶
Allows creating new accounts.
Example
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 | admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
bob = commons.new_user('bob@test')
iroha = Iroha(admin['id'])
@commons.hex
def genesis_tx():
test_permissions = [primitive_pb2.can_create_account]
genesis_commands = commons.genesis_block(admin, alice, test_permissions)
tx = iroha.transaction(genesis_commands)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def create_account_tx():
tx = iroha.transaction([
iroha.command('CreateAccount', account_name='bob', domain_id='test', public_key=bob['key'])
], creator_account=alice['id'])
IrohaCrypto.sign_transaction(tx, alice['key'])
return tx
|
9.3.5.2.1.2. can_set_detail¶
Allows setting account detail.
The permission allows setting details to other accounts. Another way to set detail without can_set_detail permission is to grant can_set_my_account_detail permission to someone. In order to grant, transaction creator should have can_grant_can_set_my_account_detail permission.
Note
Transaction creator can always set detail for own account even without that permission.
Example
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 | admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
iroha = Iroha(admin['id'])
@commons.hex
def genesis_tx():
test_permissions = [primitive_pb2.can_set_detail]
genesis_commands = commons.genesis_block(admin, alice, test_permissions)
tx = iroha.transaction(genesis_commands)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def set_account_detail_tx():
tx = iroha.transaction([
iroha.command('SetAccountDetail', account_id=admin['id'], key='fav_color', value='red')
], creator_account=alice['id'])
IrohaCrypto.sign_transaction(tx, alice['key'])
return tx
|
9.3.5.2.1.3. can_set_my_account_detail¶
Hint
This is a grantable permission.
Permission that allows a specified account to set details for the another specified account.
Note
To grant the permission an account should already have a role with can_grant_can_set_my_account_detail permission.
Example
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 | admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
bob = commons.new_user('bob@test')
iroha = Iroha(admin['id'])
@commons.hex
def genesis_tx():
test_permissions = [primitive_pb2.can_grant_can_set_my_account_detail]
genesis_commands = commons.genesis_block(admin, alice, test_permissions)
genesis_commands.append(
iroha.command('CreateAccount', account_name='bob', domain_id='test',
public_key=IrohaCrypto.derive_public_key(bob['key']))
)
tx = iroha.transaction(genesis_commands)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def grant_permission_tx():
tx = iroha.transaction([
iroha.command('GrantPermission', account_id=bob['id'], permission=primitive_pb2.can_set_my_account_detail)
], creator_account=alice['id'])
IrohaCrypto.sign_transaction(tx, alice['key'])
return tx
@commons.hex
def set_detail_tx():
tx = iroha.transaction([
iroha.command('SetAccountDetail', account_id=alice['id'], key='fav_year', value='2019')
], creator_account=bob['id'])
IrohaCrypto.sign_transaction(tx, bob['key'])
return tx
|
9.3.5.2.2. Asset¶
9.3.5.2.2.1. can_create_asset¶
Allows creating new assets.
Example
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 | admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
iroha = Iroha(admin['id'])
@commons.hex
def genesis_tx():
test_permissions = [primitive_pb2.can_create_asset]
genesis_commands = commons.genesis_block(admin, alice, test_permissions)
tx = iroha.transaction(genesis_commands)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def create_asset_tx():
tx = iroha.transaction([
iroha.command('CreateAsset', asset_name='coin', domain_id='test', precision=2)
], creator_account=alice['id'])
IrohaCrypto.sign_transaction(tx, alice['key'])
return tx
|
9.3.5.2.2.2. can_receive¶
Allows account receive assets.
Example
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 | admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
bob = commons.new_user('bob@test')
iroha = Iroha(admin['id'])
@commons.hex
def genesis_tx():
test_permissions = [primitive_pb2.can_transfer, primitive_pb2.can_receive]
genesis_commands = commons.genesis_block(admin, alice, test_permissions)
genesis_commands.extend([
iroha.command('CreateAccount', account_name='bob', domain_id='test',
public_key=IrohaCrypto.derive_public_key(bob['key'])),
iroha.command('CreateAsset', asset_name='coin', domain_id='test', precision=2),
iroha.command('AddAssetQuantity', asset_id='coin#test', amount='90.00'),
iroha.command('TransferAsset',
src_account_id=admin['id'],
dest_account_id=alice['id'],
asset_id='coin#test',
description='init top up',
amount='90.00')
])
tx = iroha.transaction(genesis_commands)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def transfer_asset_tx():
tx = iroha.transaction([
iroha.command('TransferAsset',
src_account_id=alice['id'],
dest_account_id=bob['id'],
asset_id='coin#test',
description='transfer to Bob',
amount='60.00')
], creator_account=alice['id'])
IrohaCrypto.sign_transaction(tx, alice['key'])
return tx
|
9.3.5.2.2.3. can_transfer¶
Allows sending assets from an account of transaction creator.
You can transfer an asset from one domain to another, even if the other domain does not have an asset with the same name.
Note
Destination account should have can_receive permission.
1 2 3 4 5 6 7 8 9 10 | #
# Copyright Soramitsu Co., Ltd. All Rights Reserved.
# SPDX-License-Identifier: Apache-2.0
#
import can_receive
# Please see example for can_receive permission.
# By design can_receive and can_transfer permissions
# can be tested only together.
|
9.3.5.2.2.4. can_transfer_my_assets¶
Hint
This is a grantable permission.
Permission that allows a specified account to transfer assets of another specified account.
See the example (to be done) for the usage details.
Example
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 | admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
bob = commons.new_user('bob@test')
iroha = Iroha(admin['id'])
@commons.hex
def genesis_tx():
test_permissions = [
primitive_pb2.can_grant_can_transfer_my_assets,
primitive_pb2.can_receive,
primitive_pb2.can_transfer
]
genesis_commands = commons.genesis_block(admin, alice, test_permissions)
genesis_commands.extend([
iroha.command('CreateAccount', account_name='bob', domain_id='test',
public_key=IrohaCrypto.derive_public_key(bob['key'])),
iroha.command('CreateAsset', asset_name='coin', domain_id='test', precision=2),
iroha.command('AddAssetQuantity', asset_id='coin#test', amount='100.00'),
iroha.command('TransferAsset',
src_account_id=admin['id'],
dest_account_id=alice['id'],
asset_id='coin#test',
description='init top up',
amount='90.00')
])
tx = iroha.transaction(genesis_commands)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def grant_permission_tx():
tx = iroha.transaction([
iroha.command('GrantPermission', account_id=bob['id'], permission=primitive_pb2.can_transfer_my_assets)
], creator_account=alice['id'])
IrohaCrypto.sign_transaction(tx, alice['key'])
return tx
@commons.hex
def transfer_asset_tx():
tx = iroha.transaction([
iroha.command('TransferAsset',
src_account_id=alice['id'],
dest_account_id=admin['id'],
asset_id='coin#test',
description='transfer from Alice to Admin by Bob',
amount='60.00')
], creator_account=bob['id'])
IrohaCrypto.sign_transaction(tx, bob['key'])
return tx
|
9.3.5.2.3. Asset Quantity¶
9.3.5.2.3.1. can_add_asset_qty¶
Allows issuing assets.
The corresponding command can be executed only for an account of transaction creator and only if that account has a role with the permission.
Example
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 | admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
iroha = Iroha(admin['id'])
@commons.hex
def genesis_tx():
test_permissions = [primitive_pb2.can_add_asset_qty]
genesis_commands = commons.genesis_block(admin, alice, test_permissions)
genesis_commands.append(
iroha.command('CreateAsset', asset_name='coin', domain_id='test', precision=2))
tx = iroha.transaction(genesis_commands)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def add_asset_tx():
tx = iroha.transaction([
iroha.command('AddAssetQuantity', asset_id='coin#test', amount='5000.99')
], creator_account=alice['id'])
IrohaCrypto.sign_transaction(tx, alice['key'])
return tx
|
9.3.5.2.3.2. can_subtract_asset_qty¶
Allows burning assets.
The corresponding command can be executed only for an account of transaction creator and only if that account has a role with the permission.
Example
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 | admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
iroha = Iroha(admin['id'])
@commons.hex
def genesis_tx():
test_permissions = [primitive_pb2.can_subtract_asset_qty]
genesis_commands = commons.genesis_block(admin, alice, test_permissions)
genesis_commands.extend([
iroha.command('CreateAsset', asset_name='coin', domain_id='test', precision=2),
iroha.command('AddAssetQuantity', asset_id='coin#test', amount='1000.00'),
iroha.command('TransferAsset',
src_account_id=admin['id'],
dest_account_id=alice['id'],
asset_id='coin#test',
description='init top up',
amount='999.99')
])
tx = iroha.transaction(genesis_commands)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def subtract_asset_tx():
tx = iroha.transaction([
iroha.command('SubtractAssetQuantity', asset_id='coin#test', amount='999.99')
], creator_account=alice['id'])
IrohaCrypto.sign_transaction(tx, alice['key'])
return tx
|
9.3.5.2.3.3. can_add_domain_asset_qty¶
Allows issuing assets only in own domain.
The corresponding command can be executed only for an account of transaction creator and only if that account has a role with the permission and only for assets in creator’s domain.
1 2 3 4 5 6 7 8 9 10 | #
# Copyright Soramitsu Co., Ltd. All Rights Reserved.
# SPDX-License-Identifier: Apache-2.0
#
import can_add_asset_qty
# Please see example for can_add_asset_qty permission.
# TODO igor-egorov 21.01.2019 IR-240
|
9.3.5.2.3.4. can_subtract_domain_asset_qty¶
Allows burning assets only in own domain.
The corresponding command can be executed only for an account of transaction creator and only if that account has a role with the permission and only for assets in creator’s domain.
1 2 3 4 5 6 7 8 9 10 | #
# Copyright Soramitsu Co., Ltd. All Rights Reserved.
# SPDX-License-Identifier: Apache-2.0
#
import can_subtract_asset_qty
# Please see example for can_subtract_asset_qty permission.
# TODO igor-egorov 21.01.2019 IR-240
|
9.3.5.2.4. Domain¶
9.3.5.2.4.1. can_create_domain¶
Allows creating new domains within the system.
Example
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 | admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
iroha = Iroha(admin['id'])
@commons.hex
def genesis_tx():
test_permissions = [primitive_pb2.can_create_domain]
genesis_commands = commons.genesis_block(admin, alice, test_permissions)
tx = iroha.transaction(genesis_commands)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def create_domain_tx():
# 'test_role' was created in genesis transaction
tx = iroha.transaction([
iroha.command('CreateDomain', domain_id='another-domain', default_role='test_role')
], creator_account=alice['id'])
IrohaCrypto.sign_transaction(tx, alice['key'])
return tx
|
9.3.5.2.5. Grant¶
9.3.5.2.5.1. can_grant_can_add_my_signatory¶
Allows role owners grant can_add_my_signatory permission.
Example
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 | admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
bob = commons.new_user('bob@test')
iroha = Iroha(admin['id'])
@commons.hex
def genesis_tx():
test_permissions = [primitive_pb2.can_grant_can_add_my_signatory]
genesis_commands = commons.genesis_block(admin, alice, test_permissions)
genesis_commands.append(
iroha.command('CreateAccount', account_name='bob', domain_id='test',
public_key=IrohaCrypto.derive_public_key(bob['key'])))
tx = iroha.transaction(genesis_commands)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def grant_can_add_my_signatory_tx():
tx = iroha.transaction([
iroha.command('GrantPermission', account_id=bob['id'], permission=primitive_pb2.can_add_my_signatory)
], creator_account=alice['id'])
IrohaCrypto.sign_transaction(tx, alice['key'])
return tx
@commons.hex
def revoke_can_add_my_signatory_tx():
tx = iroha.transaction([
iroha.command('RevokePermission', account_id=bob['id'], permission=primitive_pb2.can_add_my_signatory)
], creator_account=alice['id'])
IrohaCrypto.sign_transaction(tx, alice['key'])
return tx
|
9.3.5.2.5.2. can_grant_can_remove_my_signatory¶
Allows role owners grant can_remove_my_signatory permission.
Example
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 | admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
bob = commons.new_user('bob@test')
iroha = Iroha(admin['id'])
@commons.hex
def genesis_tx():
test_permissions = [primitive_pb2.can_grant_can_remove_my_signatory]
genesis_commands = commons.genesis_block(admin, alice, test_permissions)
genesis_commands.append(
iroha.command('CreateAccount', account_name='bob', domain_id='test',
public_key=IrohaCrypto.derive_public_key(bob['key'])))
tx = iroha.transaction(genesis_commands)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def grant_can_remove_my_signatory_tx():
tx = iroha.transaction([
iroha.command('GrantPermission', account_id=bob['id'], permission=primitive_pb2.can_remove_my_signatory)
], creator_account=alice['id'])
IrohaCrypto.sign_transaction(tx, alice['key'])
return tx
@commons.hex
def revoke_can_remove_my_signatory_tx():
tx = iroha.transaction([
iroha.command('RevokePermission', account_id=bob['id'], permission=primitive_pb2.can_remove_my_signatory)
], creator_account=alice['id'])
IrohaCrypto.sign_transaction(tx, alice['key'])
return tx
|
9.3.5.2.5.3. can_grant_can_set_my_account_detail¶
Allows role owners grant can_set_my_account_detail permission.
Example
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 | admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
bob = commons.new_user('bob@test')
iroha = Iroha(admin['id'])
@commons.hex
def genesis_tx():
test_permissions = [primitive_pb2.can_grant_can_set_my_account_detail]
genesis_commands = commons.genesis_block(admin, alice, test_permissions)
genesis_commands.append(
iroha.command('CreateAccount', account_name='bob', domain_id='test',
public_key=IrohaCrypto.derive_public_key(bob['key'])))
tx = iroha.transaction(genesis_commands)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def grant_can_set_my_account_detail_tx():
tx = iroha.transaction([
iroha.command('GrantPermission', account_id=bob['id'], permission=primitive_pb2.can_set_my_account_detail)
], creator_account=alice['id'])
IrohaCrypto.sign_transaction(tx, alice['key'])
return tx
@commons.hex
def revoke_can_set_my_account_detail_tx():
tx = iroha.transaction([
iroha.command('RevokePermission', account_id=bob['id'], permission=primitive_pb2.can_set_my_account_detail)
], creator_account=alice['id'])
IrohaCrypto.sign_transaction(tx, alice['key'])
return tx
|
9.3.5.2.5.4. can_grant_can_set_my_quorum¶
Allows role owners grant can_set_my_quorum permission.
Example
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 | admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
bob = commons.new_user('bob@test')
iroha = Iroha(admin['id'])
@commons.hex
def genesis_tx():
test_permissions = [primitive_pb2.can_grant_can_set_my_quorum]
genesis_commands = commons.genesis_block(admin, alice, test_permissions)
genesis_commands.append(
iroha.command('CreateAccount', account_name='bob', domain_id='test',
public_key=IrohaCrypto.derive_public_key(bob['key']))
)
tx = iroha.transaction(genesis_commands)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def grant_can_set_my_quorum_tx():
tx = iroha.transaction([
iroha.command('GrantPermission', account_id=bob['id'], permission=primitive_pb2.can_set_my_quorum)
], creator_account=alice['id'])
IrohaCrypto.sign_transaction(tx, alice['key'])
return tx
@commons.hex
def revoke_can_set_my_quorum_tx():
tx = iroha.transaction([
iroha.command('RevokePermission', account_id=bob['id'], permission=primitive_pb2.can_set_my_quorum)
], creator_account=alice['id'])
IrohaCrypto.sign_transaction(tx, alice['key'])
return tx
|
9.3.5.2.5.5. can_grant_can_transfer_my_assets¶
Allows role owners grant can_transfer_my_assets permission.
Example
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 | admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
bob = commons.new_user('bob@test')
iroha = Iroha(admin['id'])
@commons.hex
def genesis_tx():
test_permissions = [
primitive_pb2.can_grant_can_transfer_my_assets,
primitive_pb2.can_receive,
primitive_pb2.can_transfer
]
genesis_commands = commons.genesis_block(admin, alice, test_permissions)
genesis_commands.extend([
iroha.command('CreateAccount', account_name='bob', domain_id='test',
public_key=IrohaCrypto.derive_public_key(bob['key'])),
iroha.command('CreateAsset', asset_name='coin', domain_id='test', precision=2),
iroha.command('AddAssetQuantity', asset_id='coin#test', amount='100.00'),
iroha.command('TransferAsset',
src_account_id=admin['id'],
dest_account_id=alice['id'],
asset_id='coin#test',
description='init top up',
amount='90.00')
])
tx = iroha.transaction(genesis_commands)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def grant_can_transfer_my_assets_tx():
tx = iroha.transaction([
iroha.command('GrantPermission', account_id=bob['id'], permission=primitive_pb2.can_transfer_my_assets)
], creator_account=alice['id'])
IrohaCrypto.sign_transaction(tx, alice['key'])
return tx
@commons.hex
def revoke_can_transfer_my_assets_tx():
tx = iroha.transaction([
iroha.command('RevokePermission', account_id=bob['id'], permission=primitive_pb2.can_transfer_my_assets)
], creator_account=alice['id'])
IrohaCrypto.sign_transaction(tx, alice['key'])
return tx
|
9.3.5.2.6. Peer¶
9.3.5.2.6.1. can_add_peer¶
Allows adding peers to the network.
A new peer will be a valid participant in the next consensus round after an agreement on transaction containing “addPeer” command.
Example
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 | admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
iroha = Iroha(admin['id'])
@commons.hex
def genesis_tx():
test_permissions = [primitive_pb2.can_add_peer]
genesis_commands = commons.genesis_block(admin, alice, test_permissions)
tx = iroha.transaction(genesis_commands)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def add_peer_tx():
peer_key = IrohaCrypto.private_key()
peer = primitive_pb2.Peer()
peer.address = '192.168.10.10:50541'
peer.peer_key = IrohaCrypto.derive_public_key(peer_key)
tx = iroha.transaction([
iroha.command('AddPeer', peer=peer)
], creator_account=alice['id'])
IrohaCrypto.sign_transaction(tx, alice['key'])
return tx
|
9.3.5.2.6.2. can_remove_peer¶
Allows removing peers from the network.
Removed peer will not participate in the next consensus round after an agreement on transaction containing “removePeer” command.
Example
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 | admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
iroha = Iroha(admin['id'])
peer_key = IrohaCrypto.private_key()
peer = primitive_pb2.Peer()
peer.address = '192.168.10.10:50541'
peer.peer_key = IrohaCrypto.derive_public_key(peer_key)
@commons.hex
def genesis_tx():
test_permissions = [primitive_pb2.can_remove_peer]
genesis_commands = commons.genesis_block(admin, alice, test_permissions)
genesis_commands.append(Iroha.command('AddPeer', peer=peer))
tx = iroha.transaction(genesis_commands)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def remove_peer_tx():
peer_key = IrohaCrypto.private_key()
tx = iroha.transaction([
iroha.command('RemovePeer', public_key=peer.peer_key)
], creator_account=alice['id'])
IrohaCrypto.sign_transaction(tx, alice['key'])
return tx
|
9.3.5.2.7. Role¶
9.3.5.2.7.1. can_append_role¶
Allows appending roles to another account.
You can append only that role that has lesser or the same set of privileges as transaction creator.
Example
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 | admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
bob = commons.new_user('bob@test')
iroha = Iroha(admin['id'])
@commons.hex
def genesis_tx():
test_permissions = [primitive_pb2.can_append_role, primitive_pb2.can_add_peer]
second_role_permissions = [primitive_pb2.can_add_peer]
genesis_commands = commons.genesis_block(admin, alice, test_permissions)
genesis_commands.extend([
iroha.command('CreateRole', role_name='second_role', permissions=second_role_permissions),
iroha.command('CreateAccount', account_name='bob', domain_id='test',
public_key=IrohaCrypto.derive_public_key(bob['key'])),
iroha.command('AppendRole', account_id=alice['id'], role_name='second_role')
])
tx = iroha.transaction(genesis_commands)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def append_role_tx():
# Note that you can append only that role that has
# lesser or the same set of permissions as transaction creator.
tx = iroha.transaction([
iroha.command('AppendRole', account_id=bob['id'], role_name='second_role')
], creator_account=alice['id'])
IrohaCrypto.sign_transaction(tx, alice['key'])
return tx
|
9.3.5.2.7.2. can_create_role¶
Allows creating a new role within a system.
Possible set of permissions for a new role is limited to those permissions that transaction creator has.
Example
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 | admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
iroha = Iroha(admin['id'])
@commons.hex
def genesis_tx():
test_permissions = [primitive_pb2.can_create_role, primitive_pb2.can_create_domain]
genesis_commands = commons.genesis_block(admin, alice, test_permissions)
tx = iroha.transaction(genesis_commands)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def create_role_tx():
# You can pick only those permissions that
# already belong to account of transaction creator.
role_permissions = [primitive_pb2.can_create_domain]
tx = iroha.transaction([
iroha.command('CreateRole', role_name='newrole', permissions=role_permissions)
], creator_account=alice['id'])
IrohaCrypto.sign_transaction(tx, alice['key'])
return tx
|
9.3.5.2.7.3. can_detach_role¶
Allows revoking a role from a user.
Note
Due to a known issue the permission allows to detach any role without limitations https://soramitsu.atlassian.net/browse/IR-1468
Example
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 | admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
iroha = Iroha(admin['id'])
@commons.hex
def genesis_tx():
test_permissions = [primitive_pb2.can_detach_role]
genesis_commands = commons.genesis_block(admin, alice, test_permissions)
tx = iroha.transaction(genesis_commands)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def detach_role_tx():
tx = iroha.transaction([
iroha.command('DetachRole', account_id=admin['id'], role_name='test_role')
], creator_account=alice['id'])
IrohaCrypto.sign_transaction(tx, alice['key'])
return tx
|
9.3.5.2.8. Signatory¶
9.3.5.2.8.1. can_add_my_signatory¶
Hint
This is a grantable permission.
Permission that allows a specified account to add an extra public key to the another specified account.
Example
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 | admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
bob = commons.new_user('bob@test')
iroha = Iroha(admin['id'])
@commons.hex
def genesis_tx():
test_permissions = [primitive_pb2.can_grant_can_add_my_signatory]
genesis_commands = commons.genesis_block(admin, alice, test_permissions)
genesis_commands.append(
iroha.command('CreateAccount', account_name='bob', domain_id='test',
public_key=IrohaCrypto.derive_public_key(bob['key'])))
tx = iroha.transaction(genesis_commands)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def grant_can_add_my_signatory_tx():
tx = iroha.transaction([
iroha.command('GrantPermission', account_id=bob['id'], permission=primitive_pb2.can_add_my_signatory)
], creator_account=alice['id'])
IrohaCrypto.sign_transaction(tx, alice['key'])
return tx
@commons.hex
def add_signatory_tx():
extra_key = IrohaCrypto.private_key()
tx = iroha.transaction([
iroha.command('AddSignatory', account_id=alice['id'],
public_key=IrohaCrypto.derive_public_key(extra_key))
], creator_account=bob['id'])
IrohaCrypto.sign_transaction(tx, bob['key'])
return tx
|
9.3.5.2.8.2. can_add_signatory¶
Allows linking additional public keys to account.
The corresponding command can be executed only for an account of transaction creator and only if that account has a role with the permission.
Example
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 | admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
iroha = Iroha(admin['id'])
@commons.hex
def genesis_tx():
test_permissions = [primitive_pb2.can_add_signatory]
genesis_commands = commons.genesis_block(admin, alice, test_permissions)
tx = iroha.transaction(genesis_commands)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def add_signatory_tx():
extra_key = IrohaCrypto.private_key()
tx = iroha.transaction([
iroha.command('AddSignatory', account_id=alice['id'],
public_key=IrohaCrypto.derive_public_key(extra_key))
], creator_account=alice['id'])
IrohaCrypto.sign_transaction(tx, alice['key'])
return tx
|
9.3.5.2.8.3. can_remove_my_signatory¶
Hint
This is a grantable permission.
Permission that allows a specified account remove public key from the another specified account.
See the example (to be done) for the usage details.
Example
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 | admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
bob = commons.new_user('bob@test')
iroha = Iroha(admin['id'])
@commons.hex
def genesis_tx():
test_permissions = [
primitive_pb2.can_grant_can_remove_my_signatory,
primitive_pb2.can_add_signatory
]
genesis_commands = commons.genesis_block(admin, alice, test_permissions)
genesis_commands.append(
iroha.command('CreateAccount', account_name='bob', domain_id='test',
public_key=IrohaCrypto.derive_public_key(bob['key']))
)
tx = iroha.transaction(genesis_commands)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def grant_can_remove_my_signatory_tx():
extra_key = IrohaCrypto.private_key()
tx = iroha.transaction([
iroha.command('GrantPermission', account_id=bob['id'], permission=primitive_pb2.can_remove_my_signatory),
iroha.command('AddSignatory', account_id=alice['id'],
public_key=IrohaCrypto.derive_public_key(extra_key))
], creator_account=alice['id'])
IrohaCrypto.sign_transaction(tx, alice['key'])
return tx
@commons.hex
def remove_signatory_tx():
tx = iroha.transaction([
iroha.command('RemoveSignatory', account_id=alice['id'],
public_key=IrohaCrypto.derive_public_key(alice['key']))
], creator_account=bob['id'])
IrohaCrypto.sign_transaction(tx, bob['key'])
return tx
|
9.3.5.2.8.4. can_remove_signatory¶
Allows unlinking additional public keys from an account.
The corresponding command can be executed only for an account of transaction creator and only if that account has a role with the permission.
Example
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 | admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
iroha = Iroha(admin['id'])
@commons.hex
def genesis_tx():
test_permissions = [primitive_pb2.can_remove_signatory]
extra_key = IrohaCrypto.private_key()
genesis_commands = commons.genesis_block(admin, alice, test_permissions)
genesis_commands.append(
iroha.command('AddSignatory', account_id=alice['id'],
public_key=IrohaCrypto.derive_public_key(extra_key))
)
tx = iroha.transaction(genesis_commands)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def remove_signatory_tx():
tx = iroha.transaction([
iroha.command('RemoveSignatory', account_id=alice['id'],
public_key=IrohaCrypto.derive_public_key(alice['key']))
], creator_account=alice['id'])
IrohaCrypto.sign_transaction(tx, alice['key'])
return tx
|
9.3.5.2.8.5. can_set_my_quorum¶
Hint
This is a grantable permission.
Permission that allows a specified account to set quorum for the another specified account.
Account should have greater or equal amount of keys than quorum.
Example
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 | admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
bob = commons.new_user('bob@test')
iroha = Iroha(admin['id'])
@commons.hex
def genesis_tx():
test_permissions = [
primitive_pb2.can_grant_can_set_my_quorum,
primitive_pb2.can_add_signatory
]
genesis_commands = commons.genesis_block(admin, alice, test_permissions)
genesis_commands.append(
iroha.command('CreateAccount', account_name='bob', domain_id='test',
public_key=IrohaCrypto.derive_public_key(bob['key']))
)
tx = iroha.transaction(genesis_commands)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def grant_can_set_my_quorum_tx():
extra_key = IrohaCrypto.private_key()
tx = iroha.transaction([
iroha.command('GrantPermission', account_id=bob['id'], permission=primitive_pb2.can_set_my_quorum),
iroha.command('AddSignatory', account_id=alice['id'],
public_key=IrohaCrypto.derive_public_key(extra_key))
], creator_account=alice['id'])
IrohaCrypto.sign_transaction(tx, alice['key'])
return tx
@commons.hex
def set_quorum_tx():
tx = iroha.transaction([
iroha.command('SetAccountQuorum', account_id=alice['id'], quorum=2)
], creator_account=bob['id'])
IrohaCrypto.sign_transaction(tx, bob['key'])
return tx
|
9.3.5.2.8.6. can_set_quorum¶
Allows setting quorum.
At least the same number (or more) of public keys should be already linked to an account.
Example
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 | admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
iroha = Iroha(admin['id'])
@commons.hex
def genesis_tx():
test_permissions = [primitive_pb2.can_set_quorum]
extra_key = IrohaCrypto.private_key()
genesis_commands = commons.genesis_block(admin, alice, test_permissions)
genesis_commands.append(
iroha.command('AddSignatory', account_id=alice['id'],
public_key=IrohaCrypto.derive_public_key(extra_key))
)
tx = iroha.transaction(genesis_commands)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def set_quorum_tx():
# Quourum cannot be greater than amount of keys linked to an account
tx = iroha.transaction([
iroha.command('SetAccountQuorum', account_id=alice['id'], quorum=2)
], creator_account=alice['id'])
IrohaCrypto.sign_transaction(tx, alice['key'])
return tx
|
9.3.5.2.9. Engine¶
9.3.5.2.9.1. can_call_engine¶
Allows to use Burrow EMV to run Solidity smart-contracts
Example
9.3.5.2.9.2. can_call_engine_on_my_behalf¶
Hint
This is a grantable permission.
Permission that allows a specified account to use Burrow EVM for the another specified account.
Example
9.3.5.2.10. Grant¶
9.3.5.2.10.1. can_grant_can_call_engine_on_my_behalf¶
Allows role owners grant can_call_engine_on_my_behalf permission.
Example
9.3.5.3. Query-related permissions¶
9.3.5.3.1. Account¶
9.3.5.3.1.1. can_get_all_acc_detail¶
Allows getting all the details set to any account within the system.
Example
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 | admin = commons.new_user('admin@first')
alice = commons.new_user('alice@second')
iroha = Iroha(admin['id'])
@commons.hex
def genesis_tx():
test_permissions = [primitive_pb2.can_get_all_acc_detail]
genesis_commands = commons.genesis_block(admin, alice, test_permissions, multidomain=True)
tx = iroha.transaction(genesis_commands)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def account_detail_query():
query = iroha.query('GetAccountDetail', creator_account=alice['id'], account_id=admin['id'])
IrohaCrypto.sign_query(query, alice['key'])
return query
|
9.3.5.3.1.2. can_get_all_accounts¶
Allows getting account information: quorum and all the details related to the account.
With this permission, query creator can get information about any account within a system.
All the details (set by the account owner or owners of other accounts) will be returned.
Example
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 | admin = commons.new_user('admin@first')
alice = commons.new_user('alice@second')
iroha = Iroha(admin['id'])
@commons.hex
def genesis_tx():
test_permissions = [primitive_pb2.can_get_all_accounts]
genesis_commands = commons.genesis_block(admin, alice, test_permissions, multidomain=True)
tx = iroha.transaction(genesis_commands)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def account_query():
query = iroha.query('GetAccount', creator_account=alice['id'], account_id=admin['id'])
IrohaCrypto.sign_query(query, alice['key'])
return query
|
9.3.5.3.1.3. can_get_domain_acc_detail¶
Allows getting all the details set to any account within the same domain as a domain of query creator account.
Example
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 | admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
iroha = Iroha(admin['id'])
@commons.hex
def genesis_tx():
test_permissions = [primitive_pb2.can_get_domain_acc_detail]
genesis_commands = commons.genesis_block(admin, alice, test_permissions)
tx = iroha.transaction(genesis_commands)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def account_detail_query():
query = iroha.query('GetAccountDetail', creator_account=alice['id'], account_id=admin['id'])
IrohaCrypto.sign_query(query, alice['key'])
return query
|
9.3.5.3.1.4. can_get_domain_accounts¶
Allows getting account information: quorum and all the details related to the account.
With this permission, query creator can get information only about accounts from the same domain.
All the details (set by the account owner or owners of other accounts) will be returned.
Example
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 | admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
iroha = Iroha(admin['id'])
@commons.hex
def genesis_tx():
test_permissions = [primitive_pb2.can_get_domain_accounts]
genesis_commands = commons.genesis_block(admin, alice, test_permissions)
tx = iroha.transaction(genesis_commands)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def account_query():
query = iroha.query('GetAccount', creator_account=alice['id'], account_id=admin['id'])
IrohaCrypto.sign_query(query, alice['key'])
return query
|
9.3.5.3.1.5. can_get_my_acc_detail¶
Allows getting all the details set to the account of query creator.
Example
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 | admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
iroha = Iroha(admin['id'])
@commons.hex
def genesis_tx():
test_permissions = [primitive_pb2.can_get_my_acc_detail]
genesis_commands = commons.genesis_block(admin, alice, test_permissions)
tx = iroha.transaction(genesis_commands)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def account_detail_query():
query = iroha.query('GetAccountDetail', creator_account=alice['id'], account_id=alice['id'])
IrohaCrypto.sign_query(query, alice['key'])
return query
|
9.3.5.3.1.6. can_get_my_account¶
Allows getting account information: quorum and all the details related to the account.
With this permission, query creator can get information only about own account.
All the details (set by the account owner or owners of other accounts) will be returned.
Example
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 | admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
iroha = Iroha(admin['id'])
@commons.hex
def genesis_tx():
test_permissions = [primitive_pb2.can_get_my_account]
genesis_commands = commons.genesis_block(admin, alice, test_permissions)
tx = iroha.transaction(genesis_commands)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def account_query():
query = iroha.query('GetAccount', creator_account=alice['id'], account_id=alice['id'])
IrohaCrypto.sign_query(query, alice['key'])
return query
|
9.3.5.3.2. Account Asset¶
9.3.5.3.2.1. can_get_all_acc_ast¶
Allows getting a balance of assets on any account within the system.
Query response will contain information about all the assets that ever been assigned to an account.
Example
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 | admin = commons.new_user('admin@first')
alice = commons.new_user('alice@second')
iroha = Iroha(admin['id'])
@commons.hex
def genesis_tx():
test_permissions = [primitive_pb2.can_get_all_acc_ast]
genesis_commands = commons.genesis_block(admin, alice, test_permissions, multidomain=True)
tx = iroha.transaction(genesis_commands)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def account_assets_query():
query = iroha.query('GetAccountAssets', creator_account=alice['id'], account_id=admin['id'])
IrohaCrypto.sign_query(query, alice['key'])
return query
|
9.3.5.3.2.2. can_get_domain_acc_ast¶
Allows getting a balance of specified asset on any account within the same domain as a domain of query creator account.
Query response will contain information about all the assets that ever been assigned to an account.
Example
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 | admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
iroha = Iroha(admin['id'])
@commons.hex
def genesis_tx():
test_permissions = [primitive_pb2.can_get_domain_acc_ast]
genesis_commands = commons.genesis_block(admin, alice, test_permissions)
tx = iroha.transaction(genesis_commands)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def account_assets_query():
query = iroha.query('GetAccountAssets', account_id=admin['id'], creator_account=alice['id'])
IrohaCrypto.sign_query(query, alice['key'])
return query
|
9.3.5.3.2.3. can_get_my_acc_ast¶
Allows getting a balance of specified asset on account of query creator.
Query response will contain information about all the assets that ever been assigned to an account.
Example
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 | admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
iroha = Iroha(admin['id'])
@commons.hex
def genesis_tx():
test_permissions = [primitive_pb2.can_get_my_acc_ast]
genesis_commands = commons.genesis_block(admin, alice, test_permissions)
tx = iroha.transaction(genesis_commands)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def account_assets_query():
query = iroha.query('GetAccountAssets', creator_account=alice['id'], account_id=alice['id'])
IrohaCrypto.sign_query(query, alice['key'])
return query
|
9.3.5.3.3. Account Asset Transaction¶
9.3.5.3.3.1. can_get_all_acc_ast_txs¶
Allows getting transactions associated with a specified asset and any account within the system.
Note
Incoming asset transfers will also appear in the query response.
Example
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 | admin = commons.new_user('admin@first')
alice = commons.new_user('alice@second')
iroha = Iroha(admin['id'])
@commons.hex
def genesis_tx():
test_permissions = [
primitive_pb2.can_get_all_acc_ast_txs,
primitive_pb2.can_receive,
primitive_pb2.can_transfer
]
genesis_commands = commons.genesis_block(admin, alice, test_permissions, multidomain=True)
genesis_commands.extend([
iroha.command('CreateAsset', asset_name='coin', domain_id='first', precision=2),
iroha.command('AddAssetQuantity', asset_id='coin#first', amount='300.00'),
iroha.command('TransferAsset',
src_account_id=admin['id'],
dest_account_id=alice['id'],
asset_id='coin#first',
description='top up',
amount='200.00')
])
tx = iroha.transaction(genesis_commands)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def account_asset_transactions_query():
query = iroha.query('GetAccountAssetTransactions', creator_account=alice['id'], page_size=10,
account_id=admin['id'], asset_id='coin#first')
IrohaCrypto.sign_query(query, alice['key'])
return query
|
9.3.5.3.3.2. can_get_domain_acc_ast_txs¶
Allows getting transactions associated with a specified asset and an account from the same domain as query creator.
Note
Incoming asset transfers will also appear in the query response.
Example
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 | admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
iroha = Iroha(admin['id'])
@commons.hex
def genesis_tx():
test_permissions = [primitive_pb2.can_get_domain_acc_ast_txs]
genesis_commands = commons.genesis_block(admin, alice, test_permissions)
genesis_commands.extend([
iroha.command('CreateAsset', asset_name='coin', domain_id='test', precision=2),
iroha.command('AddAssetQuantity', asset_id='coin#test', amount='500.69'),
iroha.command('TransferAsset',
src_account_id=admin['id'],
dest_account_id=alice['id'],
asset_id='coin#test',
description='top up',
amount='10.00')
])
tx = iroha.transaction(genesis_commands)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def account_asset_transactions_query():
query = iroha.query('GetAccountAssetTransactions', account_id=admin['id'],
asset_id='coin#test', creator_account=alice['id'], page_size=10)
IrohaCrypto.sign_query(query, alice['key'])
return query
|
9.3.5.3.3.3. can_get_my_acc_ast_txs¶
Allows getting transactions associated with the account of query creator and specified asset.
Note
Incoming asset transfers will also appear in the query response.
Example
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 | admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
iroha = Iroha(admin['id'])
@commons.hex
def genesis_tx():
test_permissions = [primitive_pb2.can_get_my_acc_ast_txs]
genesis_commands = commons.genesis_block(admin, alice, test_permissions)
genesis_commands.extend([
iroha.command('CreateAsset', asset_name='coin', domain_id='test', precision=2),
iroha.command('AddAssetQuantity', asset_id='coin#test', amount='500.69'),
iroha.command('TransferAsset',
src_account_id=admin['id'],
dest_account_id=alice['id'],
asset_id='coin#test',
description='top up',
amount='10.00')
])
tx = iroha.transaction(genesis_commands)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def account_asset_transactions_query():
query = iroha.query('GetAccountAssetTransactions', creator_account=alice['id'], account_id=alice['id'],
asset_id='coin#test', page_size=10)
IrohaCrypto.sign_query(query, alice['key'])
return query
|
9.3.5.3.4. Account Transaction¶
9.3.5.3.4.1. can_get_all_acc_txs¶
Allows getting all transactions issued by any account within the system.
Note
Incoming asset transfer inside a transaction would NOT lead to an appearance of the transaction in the command output.
Example
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 | admin = commons.new_user('admin@first')
alice = commons.new_user('alice@second')
iroha = Iroha(admin['id'])
@commons.hex
def genesis_tx():
test_permissions = [primitive_pb2.can_get_all_acc_txs]
genesis_commands = commons.genesis_block(admin, alice, test_permissions, multidomain=True)
tx = iroha.transaction(genesis_commands)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def account_transactions_query():
query = iroha.query('GetAccountTransactions', creator_account=alice['id'], account_id=admin['id'], page_size=10)
IrohaCrypto.sign_query(query, alice['key'])
return query
|
9.3.5.3.4.2. can_get_domain_acc_txs¶
Allows getting all transactions issued by any account from the same domain as query creator.
Note
Incoming asset transfer inside a transaction would NOT lead to an appearance of the transaction in the command output.
Example
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 | admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
iroha = Iroha(admin['id'])
@commons.hex
def genesis_tx():
test_permissions = [primitive_pb2.can_get_domain_acc_txs]
genesis_commands = commons.genesis_block(admin, alice, test_permissions)
tx = iroha.transaction(genesis_commands)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def account_transactions_query():
query = iroha.query('GetAccountTransactions', creator_account=alice['id'], account_id=admin['id'], page_size=10)
IrohaCrypto.sign_query(query, alice['key'])
return query
|
9.3.5.3.4.3. can_get_my_acc_txs¶
Allows getting all transactions issued by an account of query creator.
Note
Incoming asset transfer inside a transaction would NOT lead to an appearance of the transaction in the command output.
Example
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 | admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
iroha = Iroha(admin['id'])
@commons.hex
def genesis_tx():
test_permissions = [primitive_pb2.can_get_my_acc_txs]
genesis_commands = commons.genesis_block(admin, alice, test_permissions)
tx = iroha.transaction(genesis_commands)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def account_transactions_query():
query = iroha.query('GetAccountTransactions', creator_account=alice['id'], account_id=alice['id'], page_size=10)
IrohaCrypto.sign_query(query, alice['key'])
return query
|
9.3.5.3.5. Asset¶
9.3.5.3.5.1. can_read_assets¶
Allows getting information about asset precision.
Example
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 | admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
iroha = Iroha(admin['id'])
@commons.hex
def genesis_tx():
test_permissions = [primitive_pb2.can_read_assets]
genesis_commands = commons.genesis_block(admin, alice, test_permissions)
genesis_commands.append(
iroha.command('CreateAsset', asset_name='coin', domain_id='test', precision=2)
)
tx = iroha.transaction(genesis_commands)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def get_asset_query():
query = iroha.query('GetAssetInfo', asset_id='coin#test', creator_account=alice['id'])
IrohaCrypto.sign_query(query, alice['key'])
return query
|
9.3.5.3.6. Block Stream¶
9.3.5.3.6.1. can_get_blocks¶
Allows reading blocks. Allows subscription to the stream of accepted blocks.
9.3.5.3.7. Role¶
9.3.5.3.7.1. can_get_roles¶
Allows getting a list of roles within the system. Allows getting a list of permissions associated with a role.
Example
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 | admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
iroha = Iroha(admin['id'])
@commons.hex
def genesis_tx():
test_permissions = [primitive_pb2.can_get_roles]
genesis_commands = commons.genesis_block(admin, alice, test_permissions)
tx = iroha.transaction(genesis_commands)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def get_system_roles_query():
query = iroha.query('GetRoles', creator_account=alice['id'])
IrohaCrypto.sign_query(query, alice['key'])
return query
@commons.hex
def get_role_permissions_query():
query = iroha.query('GetRolePermissions', creator_account=alice['id'], counter=2, role_id='admin_role')
IrohaCrypto.sign_query(query, alice['key'])
return query
|
9.3.5.3.8. Signatory¶
9.3.5.3.8.1. can_get_all_signatories¶
Allows getting a list of public keys linked to an account within the system.
Example
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 | admin = commons.new_user('admin@first')
alice = commons.new_user('alice@second')
iroha = Iroha(admin['id'])
@commons.hex
def genesis_tx():
test_permissions = [primitive_pb2.can_get_all_signatories]
genesis_commands = commons.genesis_block(admin, alice, test_permissions, multidomain=True)
tx = iroha.transaction(genesis_commands)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def signatories_query():
query = iroha.query('GetSignatories', creator_account=alice['id'], account_id=admin['id'])
IrohaCrypto.sign_query(query, alice['key'])
return query
|
9.3.5.3.8.2. can_get_domain_signatories¶
Allows getting a list of public keys of any account within the same domain as the domain of query creator account.
Example
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 | admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
iroha = Iroha(admin['id'])
@commons.hex
def genesis_tx():
test_permissions = [primitive_pb2.can_get_domain_signatories]
genesis_commands = commons.genesis_block(admin, alice, test_permissions)
tx = iroha.transaction(genesis_commands)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def signatories_query():
query = iroha.query('GetSignatories', creator_account=alice['id'], account_id=admin['id'])
IrohaCrypto.sign_query(query, alice['key'])
return query
|
9.3.5.3.8.3. can_get_my_signatories¶
Allows getting a list of public keys of query creator account.
Example
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 | admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
iroha = Iroha(admin['id'])
@commons.hex
def genesis_tx():
test_permissions = [primitive_pb2.can_get_my_signatories]
genesis_commands = commons.genesis_block(admin, alice, test_permissions)
tx = iroha.transaction(genesis_commands)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def signatories_query():
query = iroha.query('GetSignatories', creator_account=alice['id'], account_id=alice['id'])
IrohaCrypto.sign_query(query, alice['key'])
return query
|
9.3.5.3.9. Transaction¶
9.3.5.3.9.1. can_get_all_txs¶
Allows getting any transaction by hash.
Example
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 | admin = commons.new_user('admin@first')
alice = commons.new_user('alice@second')
iroha = Iroha(admin['id'])
admin_tx1_hash = None
admin_tx2_hash = None
@commons.hex
def genesis_tx():
test_permissions = [primitive_pb2.can_get_all_txs]
genesis_commands = commons.genesis_block(admin, alice, test_permissions, multidomain=True)
tx = iroha.transaction(genesis_commands)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def admin_action_1_tx():
global admin_tx1_hash
tx = iroha.transaction([
iroha.command('CreateAsset', asset_name='coin', domain_id='second', precision=2)
])
admin_tx1_hash = IrohaCrypto.hash(tx)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def admin_action_2_tx():
global admin_tx2_hash
tx = iroha.transaction([
iroha.command('SetAccountDetail', account_id=admin['id'], key='hyperledger', value='iroha')
])
admin_tx2_hash = IrohaCrypto.hash(tx)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def transactions_query():
hashes = [
binascii.hexlify(admin_tx1_hash),
binascii.hexlify(admin_tx2_hash)
]
query = iroha.query('GetTransactions', tx_hashes=hashes, creator_account=alice['id'])
IrohaCrypto.sign_query(query, alice['key'])
return query
|
9.3.5.3.9.2. can_get_my_txs¶
Allows getting transaction (that was issued by query creator) by hash.
Example
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 | admin = commons.new_user('admin@first')
alice = commons.new_user('alice@second')
iroha = Iroha(admin['id'])
alice_tx1_hash = None
alice_tx2_hash = None
@commons.hex
def genesis_tx():
test_permissions = [
primitive_pb2.can_get_my_txs,
primitive_pb2.can_add_asset_qty,
primitive_pb2.can_create_asset
]
genesis_commands = commons.genesis_block(admin, alice, test_permissions, multidomain=True)
tx = iroha.transaction(genesis_commands)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def alice_action_1_tx():
global alice_tx1_hash
tx = iroha.transaction([
iroha.command('CreateAsset', asset_name='coin', domain_id='first', precision=2)
], creator_account=alice['id'])
alice_tx1_hash = IrohaCrypto.hash(tx)
IrohaCrypto.sign_transaction(tx, alice['key'])
return tx
@commons.hex
def alice_action_2_tx():
global alice_tx2_hash
tx = iroha.transaction([
iroha.command('AddAssetQuantity', asset_id='coin#first', amount='600.30')
], creator_account=alice['id'])
alice_tx2_hash = IrohaCrypto.hash(tx)
IrohaCrypto.sign_transaction(tx, alice['key'])
return tx
@commons.hex
def transactions_query():
hashes = [
binascii.hexlify(alice_tx1_hash),
binascii.hexlify(alice_tx2_hash)
]
query = iroha.query('GetTransactions', creator_account=alice['id'], tx_hashes=hashes)
IrohaCrypto.sign_query(query, alice['key'])
return query
|
9.3.5.3.10. Peer¶
9.3.5.3.10.1. can_get_peers¶
Allows to request the list of peers in the Iroha network.
Example
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 | admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
iroha = Iroha(admin['id'])
@commons.hex
def genesis_tx():
test_permissions = [primitive_pb2.can_get_peers]
genesis_commands = commons.genesis_block(admin, alice, test_permissions)
tx = iroha.transaction(genesis_commands)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def get_system_peers_query():
query = iroha.query('GetPeers', creator_account=alice['id'])
IrohaCrypto.sign_query(query, alice['key'])
return query
|
9.3.5.3.11. Engine receipts¶
9.3.5.3.11.1. can_get_my_engine_receipts¶
Allows getting Engine Receipts (result from EVM) on account of query creator.
Example
9.3.5.3.11.2. can_get_domain_engine_receipts¶
Allows getting Engine Receipts (results from EVM) associated with a specified transaction from the same domain as query creator.
Example
9.3.5.3.11.3. can_get_all_engine_receipts¶
Allows getting all Engine Receipts (results from EVM) issued by any account within the system.
Example
9.3.5.4. Supplementary Sources¶
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 | #
# Copyright Soramitsu Co., Ltd. All Rights Reserved.
# SPDX-License-Identifier: Apache-2.0
#
from iroha import primitive_pb2
from iroha import Iroha, IrohaCrypto
import binascii
from time import time
command = Iroha.command
def now():
return int(time() * 1000)
def all_permissions():
return [
primitive_pb2.can_append_role,
primitive_pb2.can_create_role,
primitive_pb2.can_detach_role,
primitive_pb2.can_add_asset_qty,
primitive_pb2.can_subtract_asset_qty,
primitive_pb2.can_add_peer,
primitive_pb2.can_add_signatory,
primitive_pb2.can_remove_signatory,
primitive_pb2.can_set_quorum,
primitive_pb2.can_create_account,
primitive_pb2.can_set_detail,
primitive_pb2.can_create_asset,
primitive_pb2.can_transfer,
primitive_pb2.can_receive,
primitive_pb2.can_create_domain,
primitive_pb2.can_read_assets,
primitive_pb2.can_get_roles,
primitive_pb2.can_get_my_account,
primitive_pb2.can_get_all_accounts,
primitive_pb2.can_get_domain_accounts,
primitive_pb2.can_get_my_signatories,
primitive_pb2.can_get_all_signatories,
primitive_pb2.can_get_domain_signatories,
primitive_pb2.can_get_my_acc_ast,
primitive_pb2.can_get_all_acc_ast,
primitive_pb2.can_get_domain_acc_ast,
primitive_pb2.can_get_my_acc_detail,
primitive_pb2.can_get_all_acc_detail,
primitive_pb2.can_get_domain_acc_detail,
primitive_pb2.can_get_my_acc_txs,
primitive_pb2.can_get_all_acc_txs,
primitive_pb2.can_get_domain_acc_txs,
primitive_pb2.can_get_my_acc_ast_txs,
primitive_pb2.can_get_all_acc_ast_txs,
primitive_pb2.can_get_domain_acc_ast_txs,
primitive_pb2.can_get_my_txs,
primitive_pb2.can_get_all_txs,
primitive_pb2.can_get_blocks,
primitive_pb2.can_grant_can_set_my_quorum,
primitive_pb2.can_grant_can_add_my_signatory,
primitive_pb2.can_grant_can_remove_my_signatory,
primitive_pb2.can_grant_can_transfer_my_assets,
primitive_pb2.can_grant_can_set_my_account_detail
]
def genesis_block(admin, alice, test_permissions, multidomain=False):
"""
Compose a set of common for all tests' genesis block transactions
:param admin: dict of id and private key of admin
:param alice: dict of id and private key of alice
:param test_permissions: permissions for users in test domain
:param multidomain: admin and alice accounts will be created in
different domains and the first domain users will have admin right
by default if True
:return: a list of Iroha.command's
"""
peer = primitive_pb2.Peer()
peer.address = '127.0.0.1:50541'
peer.peer_key = IrohaCrypto.derive_public_key(admin['key'])
commands = [
command('AddPeer', peer=peer),
command('CreateRole', role_name='admin_role', permissions=all_permissions()),
command('CreateRole', role_name='test_role', permissions=test_permissions)]
if multidomain:
commands.append(command('CreateDomain', domain_id='first', default_role='admin_role'))
commands.extend([
command('CreateDomain',
domain_id='second' if multidomain else 'test',
default_role='test_role'),
command('CreateAccount',
account_name='admin',
domain_id='first' if multidomain else 'test',
public_key=IrohaCrypto.derive_public_key(admin['key'])),
command('CreateAccount',
account_name='alice',
domain_id='second' if multidomain else 'test',
public_key=IrohaCrypto.derive_public_key(alice['key']))
])
if not multidomain:
commands.append(command('AppendRole', account_id=admin['id'], role_name='admin_role'))
return commands
def new_user(user_id):
private_key = IrohaCrypto.private_key()
if user_id.lower().startswith('admin'):
print('K{}'.format(private_key.decode('utf-8')))
return {
'id': user_id,
'key': private_key
}
def hex(generator):
"""
Decorator for transactions' and queries generators.
Allows preserving the type of binaries for Binary Testing Framework.
"""
prefix = 'T' if generator.__name__.lower().endswith('tx') else 'Q'
print('{}{}'.format(prefix, binascii.hexlify(generator().SerializeToString()).decode('utf-8')))
|