9.3.3. Permissions¶
Hyperledger Iroha uses a role-based access control system to limit actions of its users. This system greatly helps to implement use cases involving user groups having different access levels — ranging from the weak users, who can’t even receive asset transfer to the super-users. The beauty of our permission system is that you don’t have to have a super-user in your Iroha setup or use all the possible permissions: you can create segregated and lightweight roles.
Maintenance of the system involves setting up roles and permissions, that are included in the roles. This might be done at the initial step of system deployment — in genesis block, or later when Iroha network is up and running, roles can be changed (if there is a role that can do that :)
This section will help you to understand permissions and give you an idea of how to create roles including certain permissions. Each permission is provided with an example written in Python that demonstrates the way of transaction or query creation, which require specific permission. Every example uses commons.py module, which listing is available at Supplementary Sources section.
9.3.4. List of Permissions¶
Permission Name |
Category |
Type |
---|---|---|
All Categories |
Command and Query |
|
Account |
Command |
|
Account |
Command |
|
can_set_my_account_detail |
Account |
Command |
Asset |
Command |
|
Asset |
Command |
|
Asset |
Command |
|
can_transfer_my_assets |
Asset |
Command |
Asset Quantity |
Command |
|
Asset Quantity |
Command |
|
Asset Quantity |
Command |
|
Asset Quantity |
Command |
|
Domain |
Command |
|
Grant |
Command |
|
Grant |
Command |
|
Grant |
Command |
|
Grant |
Command |
|
Grant |
Command |
|
Peer |
Command |
|
Peer |
Command |
|
Role |
Command |
|
Role |
Command |
|
Role |
Command |
|
can_add_my_signatory |
Signatory |
Command |
Signatory |
Command |
|
can_remove_my_signatory |
Signatory |
Command |
Signatory |
Command |
|
can_set_my_quorum |
Signatory |
Command |
Signatory |
Command |
|
Engine |
Command |
|
can_call_engine_on_my_behalf |
Engine |
Command |
Grant |
Command |
|
Account |
Query |
|
Account |
Query |
|
Account |
Query |
|
Account |
Query |
|
Account |
Query |
|
Account |
Query |
|
Account Asset |
Query |
|
Account Asset |
Query |
|
Account Asset |
Query |
|
Account Asset Transaction |
Query |
|
Account Asset Transaction |
Query |
|
Account Asset Transaction |
Query |
|
Account Transaction |
Query |
|
Account Transaction |
Query |
|
Account Transaction |
Query |
|
Asset |
Query |
|
Block Stream |
Query |
|
Role |
Query |
|
Signatory |
Query |
|
Signatory |
Query |
|
Signatory |
Query |
|
Transaction |
Query |
|
Transaction |
Query |
|
Peer |
Query |
|
Engine receipts |
Query |
|
Engine receipts |
Query |
|
Engine receipts |
Query |
9.3.5. Permissions Detailed¶
9.3.5.1. Command and Query-related permissions¶
9.3.5.1.1. All Categories¶
9.3.5.1.1.1. root¶
Allows executing all commands and queries without other permissions.
Note
This permission allows you to create and assign any roles with any permissions.
Example
9.3.5.2. Command-related permissions¶
9.3.5.2.1. Account¶
9.3.5.2.1.1. can_create_account¶
Allows creating new accounts.
Example
1admin = commons.new_user('admin@test')
2alice = commons.new_user('alice@test')
3bob = commons.new_user('bob@test')
4iroha = Iroha(admin['id'])
5
6
7@commons.hex
8def genesis_tx():
9 test_permissions = [primitive_pb2.can_create_account]
10 genesis_commands = commons.genesis_block(admin, alice, test_permissions)
11 tx = iroha.transaction(genesis_commands)
12 IrohaCrypto.sign_transaction(tx, admin['key'])
13 return tx
14
15
16@commons.hex
17def create_account_tx():
18 tx = iroha.transaction([
19 iroha.command('CreateAccount', account_name='bob', domain_id='test', public_key=bob['key'])
20 ], creator_account=alice['id'])
21 IrohaCrypto.sign_transaction(tx, alice['key'])
22 return tx
9.3.5.2.1.2. can_set_detail¶
Allows setting account detail.
The permission allows setting details to other accounts. Another way to set detail without can_set_detail permission is to grant can_set_my_account_detail permission to someone. In order to grant, transaction creator should have can_grant_can_set_my_account_detail permission.
Note
Transaction creator can always set detail for own account even without that permission.
Example
1admin = commons.new_user('admin@test')
2alice = commons.new_user('alice@test')
3iroha = Iroha(admin['id'])
4
5
6@commons.hex
7def genesis_tx():
8 test_permissions = [primitive_pb2.can_set_detail]
9 genesis_commands = commons.genesis_block(admin, alice, test_permissions)
10 tx = iroha.transaction(genesis_commands)
11 IrohaCrypto.sign_transaction(tx, admin['key'])
12 return tx
13
14
15@commons.hex
16def set_account_detail_tx():
17 tx = iroha.transaction([
18 iroha.command('SetAccountDetail', account_id=admin['id'], key='fav_color', value='red')
19 ], creator_account=alice['id'])
20 IrohaCrypto.sign_transaction(tx, alice['key'])
21 return tx
9.3.5.2.1.3. can_set_my_account_detail¶
Hint
This is a grantable permission.
Permission that allows a specified account to set details for the another specified account.
Note
To grant the permission an account should already have a role with can_grant_can_set_my_account_detail permission.
Example
1admin = commons.new_user('admin@test')
2alice = commons.new_user('alice@test')
3bob = commons.new_user('bob@test')
4iroha = Iroha(admin['id'])
5
6
7@commons.hex
8def genesis_tx():
9 test_permissions = [primitive_pb2.can_grant_can_set_my_account_detail]
10 genesis_commands = commons.genesis_block(admin, alice, test_permissions)
11 genesis_commands.append(
12 iroha.command('CreateAccount', account_name='bob', domain_id='test',
13 public_key=IrohaCrypto.derive_public_key(bob['key']))
14 )
15 tx = iroha.transaction(genesis_commands)
16 IrohaCrypto.sign_transaction(tx, admin['key'])
17 return tx
18
19
20@commons.hex
21def grant_permission_tx():
22 tx = iroha.transaction([
23 iroha.command('GrantPermission', account_id=bob['id'], permission=primitive_pb2.can_set_my_account_detail)
24 ], creator_account=alice['id'])
25 IrohaCrypto.sign_transaction(tx, alice['key'])
26 return tx
27
28
29@commons.hex
30def set_detail_tx():
31 tx = iroha.transaction([
32 iroha.command('SetAccountDetail', account_id=alice['id'], key='fav_year', value='2019')
33 ], creator_account=bob['id'])
34 IrohaCrypto.sign_transaction(tx, bob['key'])
35 return tx
9.3.5.2.2. Asset¶
9.3.5.2.2.1. can_create_asset¶
Allows creating new assets.
Example
1admin = commons.new_user('admin@test')
2alice = commons.new_user('alice@test')
3iroha = Iroha(admin['id'])
4
5
6@commons.hex
7def genesis_tx():
8 test_permissions = [primitive_pb2.can_create_asset]
9 genesis_commands = commons.genesis_block(admin, alice, test_permissions)
10 tx = iroha.transaction(genesis_commands)
11 IrohaCrypto.sign_transaction(tx, admin['key'])
12 return tx
13
14
15@commons.hex
16def create_asset_tx():
17 tx = iroha.transaction([
18 iroha.command('CreateAsset', asset_name='coin', domain_id='test', precision=2)
19 ], creator_account=alice['id'])
20 IrohaCrypto.sign_transaction(tx, alice['key'])
21 return tx
9.3.5.2.2.2. can_receive¶
Allows account receive assets.
Example
1admin = commons.new_user('admin@test')
2alice = commons.new_user('alice@test')
3bob = commons.new_user('bob@test')
4iroha = Iroha(admin['id'])
5
6
7@commons.hex
8def genesis_tx():
9 test_permissions = [primitive_pb2.can_transfer, primitive_pb2.can_receive]
10 genesis_commands = commons.genesis_block(admin, alice, test_permissions)
11 genesis_commands.extend([
12 iroha.command('CreateAccount', account_name='bob', domain_id='test',
13 public_key=IrohaCrypto.derive_public_key(bob['key'])),
14 iroha.command('CreateAsset', asset_name='coin', domain_id='test', precision=2),
15 iroha.command('AddAssetQuantity', asset_id='coin#test', amount='90.00'),
16 iroha.command('TransferAsset',
17 src_account_id=admin['id'],
18 dest_account_id=alice['id'],
19 asset_id='coin#test',
20 description='init top up',
21 amount='90.00')
22 ])
23 tx = iroha.transaction(genesis_commands)
24 IrohaCrypto.sign_transaction(tx, admin['key'])
25 return tx
26
27
28@commons.hex
29def transfer_asset_tx():
30 tx = iroha.transaction([
31 iroha.command('TransferAsset',
32 src_account_id=alice['id'],
33 dest_account_id=bob['id'],
34 asset_id='coin#test',
35 description='transfer to Bob',
36 amount='60.00')
37 ], creator_account=alice['id'])
38 IrohaCrypto.sign_transaction(tx, alice['key'])
39 return tx
9.3.5.2.2.3. can_transfer¶
Allows sending assets from an account of transaction creator.
You can transfer an asset from one domain to another, even if the other domain does not have an asset with the same name.
Note
Destination account should have can_receive permission.
1#
2# Copyright Soramitsu Co., Ltd. All Rights Reserved.
3# SPDX-License-Identifier: Apache-2.0
4#
5
6import can_receive
7
8# Please see example for can_receive permission.
9# By design can_receive and can_transfer permissions
10# can be tested only together.
9.3.5.2.2.4. can_transfer_my_assets¶
Hint
This is a grantable permission.
Permission that allows a specified account to transfer assets of another specified account.
See the example (to be done) for the usage details.
Example
1admin = commons.new_user('admin@test')
2alice = commons.new_user('alice@test')
3bob = commons.new_user('bob@test')
4iroha = Iroha(admin['id'])
5
6
7@commons.hex
8def genesis_tx():
9 test_permissions = [
10 primitive_pb2.can_grant_can_transfer_my_assets,
11 primitive_pb2.can_receive,
12 primitive_pb2.can_transfer
13 ]
14 genesis_commands = commons.genesis_block(admin, alice, test_permissions)
15 genesis_commands.extend([
16 iroha.command('CreateAccount', account_name='bob', domain_id='test',
17 public_key=IrohaCrypto.derive_public_key(bob['key'])),
18 iroha.command('CreateAsset', asset_name='coin', domain_id='test', precision=2),
19 iroha.command('AddAssetQuantity', asset_id='coin#test', amount='100.00'),
20 iroha.command('TransferAsset',
21 src_account_id=admin['id'],
22 dest_account_id=alice['id'],
23 asset_id='coin#test',
24 description='init top up',
25 amount='90.00')
26 ])
27 tx = iroha.transaction(genesis_commands)
28 IrohaCrypto.sign_transaction(tx, admin['key'])
29 return tx
30
31
32@commons.hex
33def grant_permission_tx():
34 tx = iroha.transaction([
35 iroha.command('GrantPermission', account_id=bob['id'], permission=primitive_pb2.can_transfer_my_assets)
36 ], creator_account=alice['id'])
37 IrohaCrypto.sign_transaction(tx, alice['key'])
38 return tx
39
40
41@commons.hex
42def transfer_asset_tx():
43 tx = iroha.transaction([
44 iroha.command('TransferAsset',
45 src_account_id=alice['id'],
46 dest_account_id=admin['id'],
47 asset_id='coin#test',
48 description='transfer from Alice to Admin by Bob',
49 amount='60.00')
50 ], creator_account=bob['id'])
51 IrohaCrypto.sign_transaction(tx, bob['key'])
52 return tx
9.3.5.2.3. Asset Quantity¶
9.3.5.2.3.1. can_add_asset_qty¶
Allows issuing assets.
The corresponding command can be executed only for an account of transaction creator and only if that account has a role with the permission.
Example
1admin = commons.new_user('admin@test')
2alice = commons.new_user('alice@test')
3iroha = Iroha(admin['id'])
4
5
6@commons.hex
7def genesis_tx():
8 test_permissions = [primitive_pb2.can_add_asset_qty]
9 genesis_commands = commons.genesis_block(admin, alice, test_permissions)
10 genesis_commands.append(
11 iroha.command('CreateAsset', asset_name='coin', domain_id='test', precision=2))
12 tx = iroha.transaction(genesis_commands)
13 IrohaCrypto.sign_transaction(tx, admin['key'])
14 return tx
15
16
17@commons.hex
18def add_asset_tx():
19 tx = iroha.transaction([
20 iroha.command('AddAssetQuantity', asset_id='coin#test', amount='5000.99')
21 ], creator_account=alice['id'])
22 IrohaCrypto.sign_transaction(tx, alice['key'])
23 return tx
9.3.5.2.3.2. can_subtract_asset_qty¶
Allows burning assets.
The corresponding command can be executed only for an account of transaction creator and only if that account has a role with the permission.
Example
1admin = commons.new_user('admin@test')
2alice = commons.new_user('alice@test')
3iroha = Iroha(admin['id'])
4
5
6@commons.hex
7def genesis_tx():
8 test_permissions = [primitive_pb2.can_subtract_asset_qty]
9 genesis_commands = commons.genesis_block(admin, alice, test_permissions)
10 genesis_commands.extend([
11 iroha.command('CreateAsset', asset_name='coin', domain_id='test', precision=2),
12 iroha.command('AddAssetQuantity', asset_id='coin#test', amount='1000.00'),
13 iroha.command('TransferAsset',
14 src_account_id=admin['id'],
15 dest_account_id=alice['id'],
16 asset_id='coin#test',
17 description='init top up',
18 amount='999.99')
19 ])
20 tx = iroha.transaction(genesis_commands)
21 IrohaCrypto.sign_transaction(tx, admin['key'])
22 return tx
23
24
25@commons.hex
26def subtract_asset_tx():
27 tx = iroha.transaction([
28 iroha.command('SubtractAssetQuantity', asset_id='coin#test', amount='999.99')
29 ], creator_account=alice['id'])
30 IrohaCrypto.sign_transaction(tx, alice['key'])
31 return tx
9.3.5.2.3.3. can_add_domain_asset_qty¶
Allows issuing assets only in own domain.
The corresponding command can be executed only for an account of transaction creator and only if that account has a role with the permission and only for assets in creator’s domain.
1#
2# Copyright Soramitsu Co., Ltd. All Rights Reserved.
3# SPDX-License-Identifier: Apache-2.0
4#
5
6import can_add_asset_qty
7
8# Please see example for can_add_asset_qty permission.
9
10# TODO igor-egorov 21.01.2019 IR-240
9.3.5.2.3.4. can_subtract_domain_asset_qty¶
Allows burning assets only in own domain.
The corresponding command can be executed only for an account of transaction creator and only if that account has a role with the permission and only for assets in creator’s domain.
1#
2# Copyright Soramitsu Co., Ltd. All Rights Reserved.
3# SPDX-License-Identifier: Apache-2.0
4#
5
6import can_subtract_asset_qty
7
8# Please see example for can_subtract_asset_qty permission.
9
10# TODO igor-egorov 21.01.2019 IR-240
9.3.5.2.4. Domain¶
9.3.5.2.4.1. can_create_domain¶
Allows creating new domains within the system.
Example
1admin = commons.new_user('admin@test')
2alice = commons.new_user('alice@test')
3iroha = Iroha(admin['id'])
4
5
6@commons.hex
7def genesis_tx():
8 test_permissions = [primitive_pb2.can_create_domain]
9 genesis_commands = commons.genesis_block(admin, alice, test_permissions)
10 tx = iroha.transaction(genesis_commands)
11 IrohaCrypto.sign_transaction(tx, admin['key'])
12 return tx
13
14
15@commons.hex
16def create_domain_tx():
17 # 'test_role' was created in genesis transaction
18 tx = iroha.transaction([
19 iroha.command('CreateDomain', domain_id='another-domain', default_role='test_role')
20 ], creator_account=alice['id'])
21 IrohaCrypto.sign_transaction(tx, alice['key'])
22 return tx
9.3.5.2.5. Grant¶
9.3.5.2.5.1. can_grant_can_add_my_signatory¶
Allows role owners grant can_add_my_signatory permission.
Example
1admin = commons.new_user('admin@test')
2alice = commons.new_user('alice@test')
3bob = commons.new_user('bob@test')
4iroha = Iroha(admin['id'])
5
6
7@commons.hex
8def genesis_tx():
9 test_permissions = [primitive_pb2.can_grant_can_add_my_signatory]
10 genesis_commands = commons.genesis_block(admin, alice, test_permissions)
11 genesis_commands.append(
12 iroha.command('CreateAccount', account_name='bob', domain_id='test',
13 public_key=IrohaCrypto.derive_public_key(bob['key'])))
14 tx = iroha.transaction(genesis_commands)
15 IrohaCrypto.sign_transaction(tx, admin['key'])
16 return tx
17
18
19@commons.hex
20def grant_can_add_my_signatory_tx():
21 tx = iroha.transaction([
22 iroha.command('GrantPermission', account_id=bob['id'], permission=primitive_pb2.can_add_my_signatory)
23 ], creator_account=alice['id'])
24 IrohaCrypto.sign_transaction(tx, alice['key'])
25 return tx
26
27
28@commons.hex
29def revoke_can_add_my_signatory_tx():
30 tx = iroha.transaction([
31 iroha.command('RevokePermission', account_id=bob['id'], permission=primitive_pb2.can_add_my_signatory)
32 ], creator_account=alice['id'])
33 IrohaCrypto.sign_transaction(tx, alice['key'])
34 return tx
9.3.5.2.5.2. can_grant_can_remove_my_signatory¶
Allows role owners grant can_remove_my_signatory permission.
Example
1admin = commons.new_user('admin@test')
2alice = commons.new_user('alice@test')
3bob = commons.new_user('bob@test')
4iroha = Iroha(admin['id'])
5
6
7@commons.hex
8def genesis_tx():
9 test_permissions = [primitive_pb2.can_grant_can_remove_my_signatory]
10 genesis_commands = commons.genesis_block(admin, alice, test_permissions)
11 genesis_commands.append(
12 iroha.command('CreateAccount', account_name='bob', domain_id='test',
13 public_key=IrohaCrypto.derive_public_key(bob['key'])))
14 tx = iroha.transaction(genesis_commands)
15 IrohaCrypto.sign_transaction(tx, admin['key'])
16 return tx
17
18
19@commons.hex
20def grant_can_remove_my_signatory_tx():
21 tx = iroha.transaction([
22 iroha.command('GrantPermission', account_id=bob['id'], permission=primitive_pb2.can_remove_my_signatory)
23 ], creator_account=alice['id'])
24 IrohaCrypto.sign_transaction(tx, alice['key'])
25 return tx
26
27
28@commons.hex
29def revoke_can_remove_my_signatory_tx():
30 tx = iroha.transaction([
31 iroha.command('RevokePermission', account_id=bob['id'], permission=primitive_pb2.can_remove_my_signatory)
32 ], creator_account=alice['id'])
33 IrohaCrypto.sign_transaction(tx, alice['key'])
34 return tx
9.3.5.2.5.3. can_grant_can_set_my_account_detail¶
Allows role owners grant can_set_my_account_detail permission.
Example
1admin = commons.new_user('admin@test')
2alice = commons.new_user('alice@test')
3bob = commons.new_user('bob@test')
4iroha = Iroha(admin['id'])
5
6
7@commons.hex
8def genesis_tx():
9 test_permissions = [primitive_pb2.can_grant_can_set_my_account_detail]
10 genesis_commands = commons.genesis_block(admin, alice, test_permissions)
11 genesis_commands.append(
12 iroha.command('CreateAccount', account_name='bob', domain_id='test',
13 public_key=IrohaCrypto.derive_public_key(bob['key'])))
14 tx = iroha.transaction(genesis_commands)
15 IrohaCrypto.sign_transaction(tx, admin['key'])
16 return tx
17
18
19@commons.hex
20def grant_can_set_my_account_detail_tx():
21 tx = iroha.transaction([
22 iroha.command('GrantPermission', account_id=bob['id'], permission=primitive_pb2.can_set_my_account_detail)
23 ], creator_account=alice['id'])
24 IrohaCrypto.sign_transaction(tx, alice['key'])
25 return tx
26
27
28@commons.hex
29def revoke_can_set_my_account_detail_tx():
30 tx = iroha.transaction([
31 iroha.command('RevokePermission', account_id=bob['id'], permission=primitive_pb2.can_set_my_account_detail)
32 ], creator_account=alice['id'])
33 IrohaCrypto.sign_transaction(tx, alice['key'])
34 return tx
9.3.5.2.5.4. can_grant_can_set_my_quorum¶
Allows role owners grant can_set_my_quorum permission.
Example
1admin = commons.new_user('admin@test')
2alice = commons.new_user('alice@test')
3bob = commons.new_user('bob@test')
4iroha = Iroha(admin['id'])
5
6
7@commons.hex
8def genesis_tx():
9 test_permissions = [primitive_pb2.can_grant_can_set_my_quorum]
10 genesis_commands = commons.genesis_block(admin, alice, test_permissions)
11 genesis_commands.append(
12 iroha.command('CreateAccount', account_name='bob', domain_id='test',
13 public_key=IrohaCrypto.derive_public_key(bob['key']))
14 )
15 tx = iroha.transaction(genesis_commands)
16 IrohaCrypto.sign_transaction(tx, admin['key'])
17 return tx
18
19
20@commons.hex
21def grant_can_set_my_quorum_tx():
22 tx = iroha.transaction([
23 iroha.command('GrantPermission', account_id=bob['id'], permission=primitive_pb2.can_set_my_quorum)
24 ], creator_account=alice['id'])
25 IrohaCrypto.sign_transaction(tx, alice['key'])
26 return tx
27
28
29@commons.hex
30def revoke_can_set_my_quorum_tx():
31 tx = iroha.transaction([
32 iroha.command('RevokePermission', account_id=bob['id'], permission=primitive_pb2.can_set_my_quorum)
33 ], creator_account=alice['id'])
34 IrohaCrypto.sign_transaction(tx, alice['key'])
35 return tx
9.3.5.2.5.5. can_grant_can_transfer_my_assets¶
Allows role owners grant can_transfer_my_assets permission.
Example
1admin = commons.new_user('admin@test')
2alice = commons.new_user('alice@test')
3bob = commons.new_user('bob@test')
4iroha = Iroha(admin['id'])
5
6
7@commons.hex
8def genesis_tx():
9 test_permissions = [
10 primitive_pb2.can_grant_can_transfer_my_assets,
11 primitive_pb2.can_receive,
12 primitive_pb2.can_transfer
13 ]
14 genesis_commands = commons.genesis_block(admin, alice, test_permissions)
15 genesis_commands.extend([
16 iroha.command('CreateAccount', account_name='bob', domain_id='test',
17 public_key=IrohaCrypto.derive_public_key(bob['key'])),
18 iroha.command('CreateAsset', asset_name='coin', domain_id='test', precision=2),
19 iroha.command('AddAssetQuantity', asset_id='coin#test', amount='100.00'),
20 iroha.command('TransferAsset',
21 src_account_id=admin['id'],
22 dest_account_id=alice['id'],
23 asset_id='coin#test',
24 description='init top up',
25 amount='90.00')
26 ])
27 tx = iroha.transaction(genesis_commands)
28 IrohaCrypto.sign_transaction(tx, admin['key'])
29 return tx
30
31
32@commons.hex
33def grant_can_transfer_my_assets_tx():
34 tx = iroha.transaction([
35 iroha.command('GrantPermission', account_id=bob['id'], permission=primitive_pb2.can_transfer_my_assets)
36 ], creator_account=alice['id'])
37 IrohaCrypto.sign_transaction(tx, alice['key'])
38 return tx
39
40
41@commons.hex
42def revoke_can_transfer_my_assets_tx():
43 tx = iroha.transaction([
44 iroha.command('RevokePermission', account_id=bob['id'], permission=primitive_pb2.can_transfer_my_assets)
45 ], creator_account=alice['id'])
46 IrohaCrypto.sign_transaction(tx, alice['key'])
47 return tx
9.3.5.2.6. Peer¶
9.3.5.2.6.1. can_add_peer¶
Allows adding peers to the network.
A new peer will be a valid participant in the next consensus round after an agreement on transaction containing “addPeer” command.
Example
1admin = commons.new_user('admin@test')
2alice = commons.new_user('alice@test')
3iroha = Iroha(admin['id'])
4
5
6@commons.hex
7def genesis_tx():
8 test_permissions = [primitive_pb2.can_add_peer]
9 genesis_commands = commons.genesis_block(admin, alice, test_permissions)
10 tx = iroha.transaction(genesis_commands)
11 IrohaCrypto.sign_transaction(tx, admin['key'])
12 return tx
13
14
15@commons.hex
16def add_peer_tx():
17 peer_key = IrohaCrypto.private_key()
18 peer = primitive_pb2.Peer()
19 peer.address = '192.168.10.10:50541'
20 peer.peer_key = IrohaCrypto.derive_public_key(peer_key)
21 tx = iroha.transaction([
22 iroha.command('AddPeer', peer=peer)
23 ], creator_account=alice['id'])
24 IrohaCrypto.sign_transaction(tx, alice['key'])
25 return tx
9.3.5.2.6.2. can_remove_peer¶
Allows removing peers from the network.
Removed peer will not participate in the next consensus round after an agreement on transaction containing “removePeer” command.
Example
1admin = commons.new_user('admin@test')
2alice = commons.new_user('alice@test')
3iroha = Iroha(admin['id'])
4
5peer_key = IrohaCrypto.private_key()
6peer = primitive_pb2.Peer()
7peer.address = '192.168.10.10:50541'
8peer.peer_key = IrohaCrypto.derive_public_key(peer_key)
9
10
11@commons.hex
12def genesis_tx():
13 test_permissions = [primitive_pb2.can_remove_peer]
14 genesis_commands = commons.genesis_block(admin, alice, test_permissions)
15 genesis_commands.append(Iroha.command('AddPeer', peer=peer))
16 tx = iroha.transaction(genesis_commands)
17 IrohaCrypto.sign_transaction(tx, admin['key'])
18 return tx
19
20
21@commons.hex
22def remove_peer_tx():
23 peer_key = IrohaCrypto.private_key()
24 tx = iroha.transaction([
25 iroha.command('RemovePeer', public_key=peer.peer_key)
26 ], creator_account=alice['id'])
27 IrohaCrypto.sign_transaction(tx, alice['key'])
28 return tx
9.3.5.2.7. Role¶
9.3.5.2.7.1. can_append_role¶
Allows appending roles to another account.
You can append only that role that has lesser or the same set of privileges as transaction creator.
Example
1admin = commons.new_user('admin@test')
2alice = commons.new_user('alice@test')
3bob = commons.new_user('bob@test')
4iroha = Iroha(admin['id'])
5
6
7@commons.hex
8def genesis_tx():
9 test_permissions = [primitive_pb2.can_append_role, primitive_pb2.can_add_peer]
10 second_role_permissions = [primitive_pb2.can_add_peer]
11 genesis_commands = commons.genesis_block(admin, alice, test_permissions)
12 genesis_commands.extend([
13 iroha.command('CreateRole', role_name='second_role', permissions=second_role_permissions),
14 iroha.command('CreateAccount', account_name='bob', domain_id='test',
15 public_key=IrohaCrypto.derive_public_key(bob['key'])),
16 iroha.command('AppendRole', account_id=alice['id'], role_name='second_role')
17 ])
18 tx = iroha.transaction(genesis_commands)
19 IrohaCrypto.sign_transaction(tx, admin['key'])
20 return tx
21
22
23@commons.hex
24def append_role_tx():
25 # Note that you can append only that role that has
26 # lesser or the same set of permissions as transaction creator.
27 tx = iroha.transaction([
28 iroha.command('AppendRole', account_id=bob['id'], role_name='second_role')
29 ], creator_account=alice['id'])
30 IrohaCrypto.sign_transaction(tx, alice['key'])
31 return tx
9.3.5.2.7.2. can_create_role¶
Allows creating a new role within a system.
Possible set of permissions for a new role is limited to those permissions that transaction creator has.
Example
1admin = commons.new_user('admin@test')
2alice = commons.new_user('alice@test')
3iroha = Iroha(admin['id'])
4
5
6@commons.hex
7def genesis_tx():
8 test_permissions = [primitive_pb2.can_create_role, primitive_pb2.can_create_domain]
9 genesis_commands = commons.genesis_block(admin, alice, test_permissions)
10 tx = iroha.transaction(genesis_commands)
11 IrohaCrypto.sign_transaction(tx, admin['key'])
12 return tx
13
14
15@commons.hex
16def create_role_tx():
17 # You can pick only those permissions that
18 # already belong to account of transaction creator.
19 role_permissions = [primitive_pb2.can_create_domain]
20 tx = iroha.transaction([
21 iroha.command('CreateRole', role_name='newrole', permissions=role_permissions)
22 ], creator_account=alice['id'])
23 IrohaCrypto.sign_transaction(tx, alice['key'])
24 return tx
9.3.5.2.7.3. can_detach_role¶
Allows revoking a role from a user.
Note
Due to a known issue the permission allows to detach any role without limitations https://soramitsu.atlassian.net/browse/IR-1468
Example
1admin = commons.new_user('admin@test')
2alice = commons.new_user('alice@test')
3iroha = Iroha(admin['id'])
4
5
6@commons.hex
7def genesis_tx():
8 test_permissions = [primitive_pb2.can_detach_role]
9 genesis_commands = commons.genesis_block(admin, alice, test_permissions)
10 tx = iroha.transaction(genesis_commands)
11 IrohaCrypto.sign_transaction(tx, admin['key'])
12 return tx
13
14
15@commons.hex
16def detach_role_tx():
17 tx = iroha.transaction([
18 iroha.command('DetachRole', account_id=admin['id'], role_name='test_role')
19 ], creator_account=alice['id'])
20 IrohaCrypto.sign_transaction(tx, alice['key'])
21 return tx
9.3.5.2.8. Signatory¶
9.3.5.2.8.1. can_add_my_signatory¶
Hint
This is a grantable permission.
Permission that allows a specified account to add an extra public key to the another specified account.
Example
1admin = commons.new_user('admin@test')
2alice = commons.new_user('alice@test')
3bob = commons.new_user('bob@test')
4iroha = Iroha(admin['id'])
5
6
7@commons.hex
8def genesis_tx():
9 test_permissions = [primitive_pb2.can_grant_can_add_my_signatory]
10 genesis_commands = commons.genesis_block(admin, alice, test_permissions)
11 genesis_commands.append(
12 iroha.command('CreateAccount', account_name='bob', domain_id='test',
13 public_key=IrohaCrypto.derive_public_key(bob['key'])))
14 tx = iroha.transaction(genesis_commands)
15 IrohaCrypto.sign_transaction(tx, admin['key'])
16 return tx
17
18
19@commons.hex
20def grant_can_add_my_signatory_tx():
21 tx = iroha.transaction([
22 iroha.command('GrantPermission', account_id=bob['id'], permission=primitive_pb2.can_add_my_signatory)
23 ], creator_account=alice['id'])
24 IrohaCrypto.sign_transaction(tx, alice['key'])
25 return tx
26
27
28@commons.hex
29def add_signatory_tx():
30 extra_key = IrohaCrypto.private_key()
31 tx = iroha.transaction([
32 iroha.command('AddSignatory', account_id=alice['id'],
33 public_key=IrohaCrypto.derive_public_key(extra_key))
34 ], creator_account=bob['id'])
35 IrohaCrypto.sign_transaction(tx, bob['key'])
36 return tx
9.3.5.2.8.2. can_add_signatory¶
Allows linking additional public keys to account.
The corresponding command can be executed only for an account of transaction creator and only if that account has a role with the permission.
Example
1admin = commons.new_user('admin@test')
2alice = commons.new_user('alice@test')
3iroha = Iroha(admin['id'])
4
5
6@commons.hex
7def genesis_tx():
8 test_permissions = [primitive_pb2.can_add_signatory]
9 genesis_commands = commons.genesis_block(admin, alice, test_permissions)
10 tx = iroha.transaction(genesis_commands)
11 IrohaCrypto.sign_transaction(tx, admin['key'])
12 return tx
13
14
15@commons.hex
16def add_signatory_tx():
17 extra_key = IrohaCrypto.private_key()
18 tx = iroha.transaction([
19 iroha.command('AddSignatory', account_id=alice['id'],
20 public_key=IrohaCrypto.derive_public_key(extra_key))
21 ], creator_account=alice['id'])
22 IrohaCrypto.sign_transaction(tx, alice['key'])
23 return tx
9.3.5.2.8.3. can_remove_my_signatory¶
Hint
This is a grantable permission.
Permission that allows a specified account remove public key from the another specified account.
See the example (to be done) for the usage details.
Example
1admin = commons.new_user('admin@test')
2alice = commons.new_user('alice@test')
3bob = commons.new_user('bob@test')
4iroha = Iroha(admin['id'])
5
6
7@commons.hex
8def genesis_tx():
9 test_permissions = [
10 primitive_pb2.can_grant_can_remove_my_signatory,
11 primitive_pb2.can_add_signatory
12 ]
13 genesis_commands = commons.genesis_block(admin, alice, test_permissions)
14 genesis_commands.append(
15 iroha.command('CreateAccount', account_name='bob', domain_id='test',
16 public_key=IrohaCrypto.derive_public_key(bob['key']))
17 )
18 tx = iroha.transaction(genesis_commands)
19 IrohaCrypto.sign_transaction(tx, admin['key'])
20 return tx
21
22
23@commons.hex
24def grant_can_remove_my_signatory_tx():
25 extra_key = IrohaCrypto.private_key()
26 tx = iroha.transaction([
27 iroha.command('GrantPermission', account_id=bob['id'], permission=primitive_pb2.can_remove_my_signatory),
28 iroha.command('AddSignatory', account_id=alice['id'],
29 public_key=IrohaCrypto.derive_public_key(extra_key))
30 ], creator_account=alice['id'])
31 IrohaCrypto.sign_transaction(tx, alice['key'])
32 return tx
33
34
35@commons.hex
36def remove_signatory_tx():
37 tx = iroha.transaction([
38 iroha.command('RemoveSignatory', account_id=alice['id'],
39 public_key=IrohaCrypto.derive_public_key(alice['key']))
40 ], creator_account=bob['id'])
41 IrohaCrypto.sign_transaction(tx, bob['key'])
42 return tx
9.3.5.2.8.4. can_remove_signatory¶
Allows unlinking additional public keys from an account.
The corresponding command can be executed only for an account of transaction creator and only if that account has a role with the permission.
Example
1admin = commons.new_user('admin@test')
2alice = commons.new_user('alice@test')
3iroha = Iroha(admin['id'])
4
5
6@commons.hex
7def genesis_tx():
8 test_permissions = [primitive_pb2.can_remove_signatory]
9 extra_key = IrohaCrypto.private_key()
10 genesis_commands = commons.genesis_block(admin, alice, test_permissions)
11 genesis_commands.append(
12 iroha.command('AddSignatory', account_id=alice['id'],
13 public_key=IrohaCrypto.derive_public_key(extra_key))
14 )
15 tx = iroha.transaction(genesis_commands)
16 IrohaCrypto.sign_transaction(tx, admin['key'])
17 return tx
18
19
20@commons.hex
21def remove_signatory_tx():
22 tx = iroha.transaction([
23 iroha.command('RemoveSignatory', account_id=alice['id'],
24 public_key=IrohaCrypto.derive_public_key(alice['key']))
25 ], creator_account=alice['id'])
26 IrohaCrypto.sign_transaction(tx, alice['key'])
27 return tx
9.3.5.2.8.5. can_set_my_quorum¶
Hint
This is a grantable permission.
Permission that allows a specified account to set quorum for the another specified account.
Account should have greater or equal amount of keys than quorum.
Example
1admin = commons.new_user('admin@test')
2alice = commons.new_user('alice@test')
3bob = commons.new_user('bob@test')
4iroha = Iroha(admin['id'])
5
6
7@commons.hex
8def genesis_tx():
9 test_permissions = [
10 primitive_pb2.can_grant_can_set_my_quorum,
11 primitive_pb2.can_add_signatory
12 ]
13 genesis_commands = commons.genesis_block(admin, alice, test_permissions)
14 genesis_commands.append(
15 iroha.command('CreateAccount', account_name='bob', domain_id='test',
16 public_key=IrohaCrypto.derive_public_key(bob['key']))
17 )
18 tx = iroha.transaction(genesis_commands)
19 IrohaCrypto.sign_transaction(tx, admin['key'])
20 return tx
21
22
23@commons.hex
24def grant_can_set_my_quorum_tx():
25 extra_key = IrohaCrypto.private_key()
26 tx = iroha.transaction([
27 iroha.command('GrantPermission', account_id=bob['id'], permission=primitive_pb2.can_set_my_quorum),
28 iroha.command('AddSignatory', account_id=alice['id'],
29 public_key=IrohaCrypto.derive_public_key(extra_key))
30 ], creator_account=alice['id'])
31 IrohaCrypto.sign_transaction(tx, alice['key'])
32 return tx
33
34
35@commons.hex
36def set_quorum_tx():
37 tx = iroha.transaction([
38 iroha.command('SetAccountQuorum', account_id=alice['id'], quorum=2)
39 ], creator_account=bob['id'])
40 IrohaCrypto.sign_transaction(tx, bob['key'])
41 return tx
9.3.5.2.8.6. can_set_quorum¶
Allows setting quorum.
At least the same number (or more) of public keys should be already linked to an account.
Example
1admin = commons.new_user('admin@test')
2alice = commons.new_user('alice@test')
3iroha = Iroha(admin['id'])
4
5
6@commons.hex
7def genesis_tx():
8 test_permissions = [primitive_pb2.can_set_quorum]
9 extra_key = IrohaCrypto.private_key()
10 genesis_commands = commons.genesis_block(admin, alice, test_permissions)
11 genesis_commands.append(
12 iroha.command('AddSignatory', account_id=alice['id'],
13 public_key=IrohaCrypto.derive_public_key(extra_key))
14 )
15 tx = iroha.transaction(genesis_commands)
16 IrohaCrypto.sign_transaction(tx, admin['key'])
17 return tx
18
19
20@commons.hex
21def set_quorum_tx():
22 # Quourum cannot be greater than amount of keys linked to an account
23 tx = iroha.transaction([
24 iroha.command('SetAccountQuorum', account_id=alice['id'], quorum=2)
25 ], creator_account=alice['id'])
26 IrohaCrypto.sign_transaction(tx, alice['key'])
27 return tx
9.3.5.2.9. Engine¶
9.3.5.2.9.1. can_call_engine¶
Allows to use Burrow EMV to run Solidity smart-contracts
Example
9.3.5.2.9.2. can_call_engine_on_my_behalf¶
Hint
This is a grantable permission.
Permission that allows a specified account to use Burrow EVM for the another specified account.
Example
9.3.5.2.10. Grant¶
9.3.5.2.10.1. can_grant_can_call_engine_on_my_behalf¶
Allows role owners grant can_call_engine_on_my_behalf permission.
Example
9.3.5.3. Query-related permissions¶
9.3.5.3.1. Account¶
9.3.5.3.1.1. can_get_all_acc_detail¶
Allows getting all the details set to any account within the system.
Example
1admin = commons.new_user('admin@first')
2alice = commons.new_user('alice@second')
3iroha = Iroha(admin['id'])
4
5
6@commons.hex
7def genesis_tx():
8 test_permissions = [primitive_pb2.can_get_all_acc_detail]
9 genesis_commands = commons.genesis_block(admin, alice, test_permissions, multidomain=True)
10 tx = iroha.transaction(genesis_commands)
11 IrohaCrypto.sign_transaction(tx, admin['key'])
12 return tx
13
14
15@commons.hex
16def account_detail_query():
17 query = iroha.query('GetAccountDetail', creator_account=alice['id'], account_id=admin['id'])
18 IrohaCrypto.sign_query(query, alice['key'])
19 return query
9.3.5.3.1.2. can_get_all_accounts¶
Allows getting account information: quorum and all the details related to the account.
With this permission, query creator can get information about any account within a system.
All the details (set by the account owner or owners of other accounts) will be returned.
Example
1admin = commons.new_user('admin@first')
2alice = commons.new_user('alice@second')
3iroha = Iroha(admin['id'])
4
5
6@commons.hex
7def genesis_tx():
8 test_permissions = [primitive_pb2.can_get_all_accounts]
9 genesis_commands = commons.genesis_block(admin, alice, test_permissions, multidomain=True)
10 tx = iroha.transaction(genesis_commands)
11 IrohaCrypto.sign_transaction(tx, admin['key'])
12 return tx
13
14
15@commons.hex
16def account_query():
17 query = iroha.query('GetAccount', creator_account=alice['id'], account_id=admin['id'])
18 IrohaCrypto.sign_query(query, alice['key'])
19 return query
9.3.5.3.1.3. can_get_domain_acc_detail¶
Allows getting all the details set to any account within the same domain as a domain of query creator account.
Example
1admin = commons.new_user('admin@test')
2alice = commons.new_user('alice@test')
3iroha = Iroha(admin['id'])
4
5
6@commons.hex
7def genesis_tx():
8 test_permissions = [primitive_pb2.can_get_domain_acc_detail]
9 genesis_commands = commons.genesis_block(admin, alice, test_permissions)
10 tx = iroha.transaction(genesis_commands)
11 IrohaCrypto.sign_transaction(tx, admin['key'])
12 return tx
13
14
15@commons.hex
16def account_detail_query():
17 query = iroha.query('GetAccountDetail', creator_account=alice['id'], account_id=admin['id'])
18 IrohaCrypto.sign_query(query, alice['key'])
19 return query
9.3.5.3.1.4. can_get_domain_accounts¶
Allows getting account information: quorum and all the details related to the account.
With this permission, query creator can get information only about accounts from the same domain.
All the details (set by the account owner or owners of other accounts) will be returned.
Example
1admin = commons.new_user('admin@test')
2alice = commons.new_user('alice@test')
3iroha = Iroha(admin['id'])
4
5
6@commons.hex
7def genesis_tx():
8 test_permissions = [primitive_pb2.can_get_domain_accounts]
9 genesis_commands = commons.genesis_block(admin, alice, test_permissions)
10 tx = iroha.transaction(genesis_commands)
11 IrohaCrypto.sign_transaction(tx, admin['key'])
12 return tx
13
14
15@commons.hex
16def account_query():
17 query = iroha.query('GetAccount', creator_account=alice['id'], account_id=admin['id'])
18 IrohaCrypto.sign_query(query, alice['key'])
19 return query
9.3.5.3.1.5. can_get_my_acc_detail¶
Allows getting all the details set to the account of query creator.
Example
1admin = commons.new_user('admin@test')
2alice = commons.new_user('alice@test')
3iroha = Iroha(admin['id'])
4
5
6@commons.hex
7def genesis_tx():
8 test_permissions = [primitive_pb2.can_get_my_acc_detail]
9 genesis_commands = commons.genesis_block(admin, alice, test_permissions)
10 tx = iroha.transaction(genesis_commands)
11 IrohaCrypto.sign_transaction(tx, admin['key'])
12 return tx
13
14
15@commons.hex
16def account_detail_query():
17 query = iroha.query('GetAccountDetail', creator_account=alice['id'], account_id=alice['id'])
18 IrohaCrypto.sign_query(query, alice['key'])
19 return query
9.3.5.3.1.6. can_get_my_account¶
Allows getting account information: quorum and all the details related to the account.
With this permission, query creator can get information only about own account.
All the details (set by the account owner or owners of other accounts) will be returned.
Example
1admin = commons.new_user('admin@test')
2alice = commons.new_user('alice@test')
3iroha = Iroha(admin['id'])
4
5
6@commons.hex
7def genesis_tx():
8 test_permissions = [primitive_pb2.can_get_my_account]
9 genesis_commands = commons.genesis_block(admin, alice, test_permissions)
10 tx = iroha.transaction(genesis_commands)
11 IrohaCrypto.sign_transaction(tx, admin['key'])
12 return tx
13
14
15@commons.hex
16def account_query():
17 query = iroha.query('GetAccount', creator_account=alice['id'], account_id=alice['id'])
18 IrohaCrypto.sign_query(query, alice['key'])
19 return query
9.3.5.3.2. Account Asset¶
9.3.5.3.2.1. can_get_all_acc_ast¶
Allows getting a balance of assets on any account within the system.
Query response will contain information about all the assets that ever been assigned to an account.
Example
1admin = commons.new_user('admin@first')
2alice = commons.new_user('alice@second')
3iroha = Iroha(admin['id'])
4
5
6@commons.hex
7def genesis_tx():
8 test_permissions = [primitive_pb2.can_get_all_acc_ast]
9 genesis_commands = commons.genesis_block(admin, alice, test_permissions, multidomain=True)
10 tx = iroha.transaction(genesis_commands)
11 IrohaCrypto.sign_transaction(tx, admin['key'])
12 return tx
13
14
15@commons.hex
16def account_assets_query():
17 query = iroha.query('GetAccountAssets', creator_account=alice['id'], account_id=admin['id'])
18 IrohaCrypto.sign_query(query, alice['key'])
19 return query
9.3.5.3.2.2. can_get_domain_acc_ast¶
Allows getting a balance of specified asset on any account within the same domain as a domain of query creator account.
Query response will contain information about all the assets that ever been assigned to an account.
Example
1admin = commons.new_user('admin@test')
2alice = commons.new_user('alice@test')
3iroha = Iroha(admin['id'])
4
5
6@commons.hex
7def genesis_tx():
8 test_permissions = [primitive_pb2.can_get_domain_acc_ast]
9 genesis_commands = commons.genesis_block(admin, alice, test_permissions)
10 tx = iroha.transaction(genesis_commands)
11 IrohaCrypto.sign_transaction(tx, admin['key'])
12 return tx
13
14
15@commons.hex
16def account_assets_query():
17 query = iroha.query('GetAccountAssets', account_id=admin['id'], creator_account=alice['id'])
18 IrohaCrypto.sign_query(query, alice['key'])
19 return query
9.3.5.3.2.3. can_get_my_acc_ast¶
Allows getting a balance of specified asset on account of query creator.
Query response will contain information about all the assets that ever been assigned to an account.
Example
1admin = commons.new_user('admin@test')
2alice = commons.new_user('alice@test')
3iroha = Iroha(admin['id'])
4
5
6@commons.hex
7def genesis_tx():
8 test_permissions = [primitive_pb2.can_get_my_acc_ast]
9 genesis_commands = commons.genesis_block(admin, alice, test_permissions)
10 tx = iroha.transaction(genesis_commands)
11 IrohaCrypto.sign_transaction(tx, admin['key'])
12 return tx
13
14
15@commons.hex
16def account_assets_query():
17 query = iroha.query('GetAccountAssets', creator_account=alice['id'], account_id=alice['id'])
18 IrohaCrypto.sign_query(query, alice['key'])
19 return query
9.3.5.3.3. Account Asset Transaction¶
9.3.5.3.3.1. can_get_all_acc_ast_txs¶
Allows getting transactions associated with a specified asset and any account within the system.
Note
Incoming asset transfers will also appear in the query response.
Example
1admin = commons.new_user('admin@first')
2alice = commons.new_user('alice@second')
3iroha = Iroha(admin['id'])
4
5
6@commons.hex
7def genesis_tx():
8 test_permissions = [
9 primitive_pb2.can_get_all_acc_ast_txs,
10 primitive_pb2.can_receive,
11 primitive_pb2.can_transfer
12 ]
13 genesis_commands = commons.genesis_block(admin, alice, test_permissions, multidomain=True)
14 genesis_commands.extend([
15 iroha.command('CreateAsset', asset_name='coin', domain_id='first', precision=2),
16 iroha.command('AddAssetQuantity', asset_id='coin#first', amount='300.00'),
17 iroha.command('TransferAsset',
18 src_account_id=admin['id'],
19 dest_account_id=alice['id'],
20 asset_id='coin#first',
21 description='top up',
22 amount='200.00')
23 ])
24 tx = iroha.transaction(genesis_commands)
25 IrohaCrypto.sign_transaction(tx, admin['key'])
26 return tx
27
28
29@commons.hex
30def account_asset_transactions_query():
31 query = iroha.query('GetAccountAssetTransactions', creator_account=alice['id'], page_size=10,
32 account_id=admin['id'], asset_id='coin#first')
33 IrohaCrypto.sign_query(query, alice['key'])
34 return query
9.3.5.3.3.2. can_get_domain_acc_ast_txs¶
Allows getting transactions associated with a specified asset and an account from the same domain as query creator.
Note
Incoming asset transfers will also appear in the query response.
Example
1admin = commons.new_user('admin@test')
2alice = commons.new_user('alice@test')
3iroha = Iroha(admin['id'])
4
5
6@commons.hex
7def genesis_tx():
8 test_permissions = [primitive_pb2.can_get_domain_acc_ast_txs]
9 genesis_commands = commons.genesis_block(admin, alice, test_permissions)
10 genesis_commands.extend([
11 iroha.command('CreateAsset', asset_name='coin', domain_id='test', precision=2),
12 iroha.command('AddAssetQuantity', asset_id='coin#test', amount='500.69'),
13 iroha.command('TransferAsset',
14 src_account_id=admin['id'],
15 dest_account_id=alice['id'],
16 asset_id='coin#test',
17 description='top up',
18 amount='10.00')
19 ])
20 tx = iroha.transaction(genesis_commands)
21 IrohaCrypto.sign_transaction(tx, admin['key'])
22 return tx
23
24
25@commons.hex
26def account_asset_transactions_query():
27 query = iroha.query('GetAccountAssetTransactions', account_id=admin['id'],
28 asset_id='coin#test', creator_account=alice['id'], page_size=10)
29 IrohaCrypto.sign_query(query, alice['key'])
30 return query
9.3.5.3.3.3. can_get_my_acc_ast_txs¶
Allows getting transactions associated with the account of query creator and specified asset.
Note
Incoming asset transfers will also appear in the query response.
Example
1admin = commons.new_user('admin@test')
2alice = commons.new_user('alice@test')
3iroha = Iroha(admin['id'])
4
5
6@commons.hex
7def genesis_tx():
8 test_permissions = [primitive_pb2.can_get_my_acc_ast_txs]
9 genesis_commands = commons.genesis_block(admin, alice, test_permissions)
10 genesis_commands.extend([
11 iroha.command('CreateAsset', asset_name='coin', domain_id='test', precision=2),
12 iroha.command('AddAssetQuantity', asset_id='coin#test', amount='500.69'),
13 iroha.command('TransferAsset',
14 src_account_id=admin['id'],
15 dest_account_id=alice['id'],
16 asset_id='coin#test',
17 description='top up',
18 amount='10.00')
19 ])
20 tx = iroha.transaction(genesis_commands)
21 IrohaCrypto.sign_transaction(tx, admin['key'])
22 return tx
23
24
25@commons.hex
26def account_asset_transactions_query():
27 query = iroha.query('GetAccountAssetTransactions', creator_account=alice['id'], account_id=alice['id'],
28 asset_id='coin#test', page_size=10)
29 IrohaCrypto.sign_query(query, alice['key'])
30 return query
9.3.5.3.4. Account Transaction¶
9.3.5.3.4.1. can_get_all_acc_txs¶
Allows getting all transactions issued by any account within the system.
Note
Incoming asset transfer inside a transaction would NOT lead to an appearance of the transaction in the command output.
Example
1admin = commons.new_user('admin@first')
2alice = commons.new_user('alice@second')
3iroha = Iroha(admin['id'])
4
5
6@commons.hex
7def genesis_tx():
8 test_permissions = [primitive_pb2.can_get_all_acc_txs]
9 genesis_commands = commons.genesis_block(admin, alice, test_permissions, multidomain=True)
10 tx = iroha.transaction(genesis_commands)
11 IrohaCrypto.sign_transaction(tx, admin['key'])
12 return tx
13
14
15@commons.hex
16def account_transactions_query():
17 query = iroha.query('GetAccountTransactions', creator_account=alice['id'], account_id=admin['id'], page_size=10)
18 IrohaCrypto.sign_query(query, alice['key'])
19 return query
9.3.5.3.4.2. can_get_domain_acc_txs¶
Allows getting all transactions issued by any account from the same domain as query creator.
Note
Incoming asset transfer inside a transaction would NOT lead to an appearance of the transaction in the command output.
Example
1admin = commons.new_user('admin@test')
2alice = commons.new_user('alice@test')
3iroha = Iroha(admin['id'])
4
5
6@commons.hex
7def genesis_tx():
8 test_permissions = [primitive_pb2.can_get_domain_acc_txs]
9 genesis_commands = commons.genesis_block(admin, alice, test_permissions)
10 tx = iroha.transaction(genesis_commands)
11 IrohaCrypto.sign_transaction(tx, admin['key'])
12 return tx
13
14
15@commons.hex
16def account_transactions_query():
17 query = iroha.query('GetAccountTransactions', creator_account=alice['id'], account_id=admin['id'], page_size=10)
18 IrohaCrypto.sign_query(query, alice['key'])
19 return query
9.3.5.3.4.3. can_get_my_acc_txs¶
Allows getting all transactions issued by an account of query creator.
Note
Incoming asset transfer inside a transaction would NOT lead to an appearance of the transaction in the command output.
Example
1admin = commons.new_user('admin@test')
2alice = commons.new_user('alice@test')
3iroha = Iroha(admin['id'])
4
5
6@commons.hex
7def genesis_tx():
8 test_permissions = [primitive_pb2.can_get_my_acc_txs]
9 genesis_commands = commons.genesis_block(admin, alice, test_permissions)
10 tx = iroha.transaction(genesis_commands)
11 IrohaCrypto.sign_transaction(tx, admin['key'])
12 return tx
13
14
15@commons.hex
16def account_transactions_query():
17 query = iroha.query('GetAccountTransactions', creator_account=alice['id'], account_id=alice['id'], page_size=10)
18 IrohaCrypto.sign_query(query, alice['key'])
19 return query
9.3.5.3.5. Asset¶
9.3.5.3.5.1. can_read_assets¶
Allows getting information about asset precision.
Example
1admin = commons.new_user('admin@test')
2alice = commons.new_user('alice@test')
3iroha = Iroha(admin['id'])
4
5
6@commons.hex
7def genesis_tx():
8 test_permissions = [primitive_pb2.can_read_assets]
9 genesis_commands = commons.genesis_block(admin, alice, test_permissions)
10 genesis_commands.append(
11 iroha.command('CreateAsset', asset_name='coin', domain_id='test', precision=2)
12 )
13 tx = iroha.transaction(genesis_commands)
14 IrohaCrypto.sign_transaction(tx, admin['key'])
15 return tx
16
17
18@commons.hex
19def get_asset_query():
20 query = iroha.query('GetAssetInfo', asset_id='coin#test', creator_account=alice['id'])
21 IrohaCrypto.sign_query(query, alice['key'])
22 return query
9.3.5.3.6. Block Stream¶
9.3.5.3.6.1. can_get_blocks¶
Allows reading blocks. Allows subscription to the stream of accepted blocks.
9.3.5.3.7. Role¶
9.3.5.3.7.1. can_get_roles¶
Allows getting a list of roles within the system. Allows getting a list of permissions associated with a role.
Example
1admin = commons.new_user('admin@test')
2alice = commons.new_user('alice@test')
3iroha = Iroha(admin['id'])
4
5
6@commons.hex
7def genesis_tx():
8 test_permissions = [primitive_pb2.can_get_roles]
9 genesis_commands = commons.genesis_block(admin, alice, test_permissions)
10 tx = iroha.transaction(genesis_commands)
11 IrohaCrypto.sign_transaction(tx, admin['key'])
12 return tx
13
14
15@commons.hex
16def get_system_roles_query():
17 query = iroha.query('GetRoles', creator_account=alice['id'])
18 IrohaCrypto.sign_query(query, alice['key'])
19 return query
20
21
22@commons.hex
23def get_role_permissions_query():
24 query = iroha.query('GetRolePermissions', creator_account=alice['id'], counter=2, role_id='admin_role')
25 IrohaCrypto.sign_query(query, alice['key'])
26 return query
9.3.5.3.8. Signatory¶
9.3.5.3.8.1. can_get_all_signatories¶
Allows getting a list of public keys linked to an account within the system.
Example
1admin = commons.new_user('admin@first')
2alice = commons.new_user('alice@second')
3iroha = Iroha(admin['id'])
4
5
6@commons.hex
7def genesis_tx():
8 test_permissions = [primitive_pb2.can_get_all_signatories]
9 genesis_commands = commons.genesis_block(admin, alice, test_permissions, multidomain=True)
10 tx = iroha.transaction(genesis_commands)
11 IrohaCrypto.sign_transaction(tx, admin['key'])
12 return tx
13
14
15@commons.hex
16def signatories_query():
17 query = iroha.query('GetSignatories', creator_account=alice['id'], account_id=admin['id'])
18 IrohaCrypto.sign_query(query, alice['key'])
19 return query
9.3.5.3.8.2. can_get_domain_signatories¶
Allows getting a list of public keys of any account within the same domain as the domain of query creator account.
Example
1admin = commons.new_user('admin@test')
2alice = commons.new_user('alice@test')
3iroha = Iroha(admin['id'])
4
5
6@commons.hex
7def genesis_tx():
8 test_permissions = [primitive_pb2.can_get_domain_signatories]
9 genesis_commands = commons.genesis_block(admin, alice, test_permissions)
10 tx = iroha.transaction(genesis_commands)
11 IrohaCrypto.sign_transaction(tx, admin['key'])
12 return tx
13
14
15@commons.hex
16def signatories_query():
17 query = iroha.query('GetSignatories', creator_account=alice['id'], account_id=admin['id'])
18 IrohaCrypto.sign_query(query, alice['key'])
19 return query
9.3.5.3.8.3. can_get_my_signatories¶
Allows getting a list of public keys of query creator account.
Example
1admin = commons.new_user('admin@test')
2alice = commons.new_user('alice@test')
3iroha = Iroha(admin['id'])
4
5
6@commons.hex
7def genesis_tx():
8 test_permissions = [primitive_pb2.can_get_my_signatories]
9 genesis_commands = commons.genesis_block(admin, alice, test_permissions)
10 tx = iroha.transaction(genesis_commands)
11 IrohaCrypto.sign_transaction(tx, admin['key'])
12 return tx
13
14
15@commons.hex
16def signatories_query():
17 query = iroha.query('GetSignatories', creator_account=alice['id'], account_id=alice['id'])
18 IrohaCrypto.sign_query(query, alice['key'])
19 return query
9.3.5.3.9. Transaction¶
9.3.5.3.9.1. can_get_all_txs¶
Allows getting any transaction by hash.
Example
1admin = commons.new_user('admin@first')
2alice = commons.new_user('alice@second')
3iroha = Iroha(admin['id'])
4
5admin_tx1_hash = None
6admin_tx2_hash = None
7
8
9@commons.hex
10def genesis_tx():
11 test_permissions = [primitive_pb2.can_get_all_txs]
12 genesis_commands = commons.genesis_block(admin, alice, test_permissions, multidomain=True)
13 tx = iroha.transaction(genesis_commands)
14 IrohaCrypto.sign_transaction(tx, admin['key'])
15 return tx
16
17
18@commons.hex
19def admin_action_1_tx():
20 global admin_tx1_hash
21 tx = iroha.transaction([
22 iroha.command('CreateAsset', asset_name='coin', domain_id='second', precision=2)
23 ])
24 admin_tx1_hash = IrohaCrypto.hash(tx)
25 IrohaCrypto.sign_transaction(tx, admin['key'])
26 return tx
27
28
29@commons.hex
30def admin_action_2_tx():
31 global admin_tx2_hash
32 tx = iroha.transaction([
33 iroha.command('SetAccountDetail', account_id=admin['id'], key='hyperledger', value='iroha')
34 ])
35 admin_tx2_hash = IrohaCrypto.hash(tx)
36 IrohaCrypto.sign_transaction(tx, admin['key'])
37 return tx
38
39
40@commons.hex
41def transactions_query():
42 hashes = [
43 binascii.hexlify(admin_tx1_hash),
44 binascii.hexlify(admin_tx2_hash)
45 ]
46 query = iroha.query('GetTransactions', tx_hashes=hashes, creator_account=alice['id'])
47 IrohaCrypto.sign_query(query, alice['key'])
48 return query
9.3.5.3.9.2. can_get_my_txs¶
Allows getting transaction (that was issued by query creator) by hash.
Example
1admin = commons.new_user('admin@first')
2alice = commons.new_user('alice@second')
3iroha = Iroha(admin['id'])
4
5alice_tx1_hash = None
6alice_tx2_hash = None
7
8
9@commons.hex
10def genesis_tx():
11 test_permissions = [
12 primitive_pb2.can_get_my_txs,
13 primitive_pb2.can_add_asset_qty,
14 primitive_pb2.can_create_asset
15 ]
16 genesis_commands = commons.genesis_block(admin, alice, test_permissions, multidomain=True)
17 tx = iroha.transaction(genesis_commands)
18 IrohaCrypto.sign_transaction(tx, admin['key'])
19 return tx
20
21
22@commons.hex
23def alice_action_1_tx():
24 global alice_tx1_hash
25 tx = iroha.transaction([
26 iroha.command('CreateAsset', asset_name='coin', domain_id='first', precision=2)
27 ], creator_account=alice['id'])
28 alice_tx1_hash = IrohaCrypto.hash(tx)
29 IrohaCrypto.sign_transaction(tx, alice['key'])
30 return tx
31
32
33@commons.hex
34def alice_action_2_tx():
35 global alice_tx2_hash
36 tx = iroha.transaction([
37 iroha.command('AddAssetQuantity', asset_id='coin#first', amount='600.30')
38 ], creator_account=alice['id'])
39 alice_tx2_hash = IrohaCrypto.hash(tx)
40 IrohaCrypto.sign_transaction(tx, alice['key'])
41 return tx
42
43
44@commons.hex
45def transactions_query():
46 hashes = [
47 binascii.hexlify(alice_tx1_hash),
48 binascii.hexlify(alice_tx2_hash)
49 ]
50 query = iroha.query('GetTransactions', creator_account=alice['id'], tx_hashes=hashes)
51 IrohaCrypto.sign_query(query, alice['key'])
52 return query
9.3.5.3.10. Peer¶
9.3.5.3.10.1. can_get_peers¶
Allows to request the list of peers in the Iroha network.
Example
1admin = commons.new_user('admin@test')
2alice = commons.new_user('alice@test')
3iroha = Iroha(admin['id'])
4
5
6@commons.hex
7def genesis_tx():
8 test_permissions = [primitive_pb2.can_get_peers]
9 genesis_commands = commons.genesis_block(admin, alice, test_permissions)
10 tx = iroha.transaction(genesis_commands)
11 IrohaCrypto.sign_transaction(tx, admin['key'])
12 return tx
13
14
15@commons.hex
16def get_system_peers_query():
17 query = iroha.query('GetPeers', creator_account=alice['id'])
18 IrohaCrypto.sign_query(query, alice['key'])
19 return query
9.3.5.3.11. Engine receipts¶
9.3.5.3.11.1. can_get_my_engine_receipts¶
Allows getting Engine Receipts (result from EVM) on account of query creator.
Example
9.3.5.3.11.2. can_get_domain_engine_receipts¶
Allows getting Engine Receipts (results from EVM) associated with a specified transaction from the same domain as query creator.
Example
9.3.5.3.11.3. can_get_all_engine_receipts¶
Allows getting all Engine Receipts (results from EVM) issued by any account within the system.
Example
9.3.5.4. Supplementary Sources¶
1#
2# Copyright Soramitsu Co., Ltd. All Rights Reserved.
3# SPDX-License-Identifier: Apache-2.0
4#
5
6from iroha import primitive_pb2
7from iroha import Iroha, IrohaCrypto
8import binascii
9from time import time
10
11command = Iroha.command
12
13
14def now():
15 return int(time() * 1000)
16
17
18def all_permissions():
19 return [
20 primitive_pb2.can_append_role,
21 primitive_pb2.can_create_role,
22 primitive_pb2.can_detach_role,
23 primitive_pb2.can_add_asset_qty,
24 primitive_pb2.can_subtract_asset_qty,
25 primitive_pb2.can_add_peer,
26 primitive_pb2.can_add_signatory,
27 primitive_pb2.can_remove_signatory,
28 primitive_pb2.can_set_quorum,
29 primitive_pb2.can_create_account,
30 primitive_pb2.can_set_detail,
31 primitive_pb2.can_create_asset,
32 primitive_pb2.can_transfer,
33 primitive_pb2.can_receive,
34 primitive_pb2.can_create_domain,
35 primitive_pb2.can_read_assets,
36 primitive_pb2.can_get_roles,
37 primitive_pb2.can_get_my_account,
38 primitive_pb2.can_get_all_accounts,
39 primitive_pb2.can_get_domain_accounts,
40 primitive_pb2.can_get_my_signatories,
41 primitive_pb2.can_get_all_signatories,
42 primitive_pb2.can_get_domain_signatories,
43 primitive_pb2.can_get_my_acc_ast,
44 primitive_pb2.can_get_all_acc_ast,
45 primitive_pb2.can_get_domain_acc_ast,
46 primitive_pb2.can_get_my_acc_detail,
47 primitive_pb2.can_get_all_acc_detail,
48 primitive_pb2.can_get_domain_acc_detail,
49 primitive_pb2.can_get_my_acc_txs,
50 primitive_pb2.can_get_all_acc_txs,
51 primitive_pb2.can_get_domain_acc_txs,
52 primitive_pb2.can_get_my_acc_ast_txs,
53 primitive_pb2.can_get_all_acc_ast_txs,
54 primitive_pb2.can_get_domain_acc_ast_txs,
55 primitive_pb2.can_get_my_txs,
56 primitive_pb2.can_get_all_txs,
57 primitive_pb2.can_get_blocks,
58 primitive_pb2.can_grant_can_set_my_quorum,
59 primitive_pb2.can_grant_can_add_my_signatory,
60 primitive_pb2.can_grant_can_remove_my_signatory,
61 primitive_pb2.can_grant_can_transfer_my_assets,
62 primitive_pb2.can_grant_can_set_my_account_detail
63 ]
64
65
66def genesis_block(admin, alice, test_permissions, multidomain=False):
67 """
68 Compose a set of common for all tests' genesis block transactions
69 :param admin: dict of id and private key of admin
70 :param alice: dict of id and private key of alice
71 :param test_permissions: permissions for users in test domain
72 :param multidomain: admin and alice accounts will be created in
73 different domains and the first domain users will have admin right
74 by default if True
75 :return: a list of Iroha.command's
76 """
77 peer = primitive_pb2.Peer()
78 peer.address = '127.0.0.1:50541'
79 peer.peer_key = IrohaCrypto.derive_public_key(admin['key'])
80 commands = [
81 command('AddPeer', peer=peer),
82 command('CreateRole', role_name='admin_role', permissions=all_permissions()),
83 command('CreateRole', role_name='test_role', permissions=test_permissions)]
84 if multidomain:
85 commands.append(command('CreateDomain', domain_id='first', default_role='admin_role'))
86 commands.extend([
87 command('CreateDomain',
88 domain_id='second' if multidomain else 'test',
89 default_role='test_role'),
90 command('CreateAccount',
91 account_name='admin',
92 domain_id='first' if multidomain else 'test',
93 public_key=IrohaCrypto.derive_public_key(admin['key'])),
94 command('CreateAccount',
95 account_name='alice',
96 domain_id='second' if multidomain else 'test',
97 public_key=IrohaCrypto.derive_public_key(alice['key']))
98 ])
99 if not multidomain:
100 commands.append(command('AppendRole', account_id=admin['id'], role_name='admin_role'))
101 return commands
102
103
104def new_user(user_id):
105 private_key = IrohaCrypto.private_key()
106 if user_id.lower().startswith('admin'):
107 print('K{}'.format(private_key.decode('utf-8')))
108 return {
109 'id': user_id,
110 'key': private_key
111 }
112
113
114def hex(generator):
115 """
116 Decorator for transactions' and queries generators.
117
118 Allows preserving the type of binaries for Binary Testing Framework.
119 """
120 prefix = 'T' if generator.__name__.lower().endswith('tx') else 'Q'
121 print('{}{}'.format(prefix, binascii.hexlify(generator().SerializeToString()).decode('utf-8')))