9.3.3. Permissions

Hyperledger Iroha uses a role-based access control system to limit actions of its users. This system greatly helps to implement use cases involving user groups having different access levels — ranging from the weak users, who can’t even receive asset transfer to the super-users. The beauty of our permission system is that you don’t have to have a super-user in your Iroha setup or use all the possible permissions: you can create segregated and lightweight roles.

Maintenance of the system involves setting up roles and permissions, that are included in the roles. This might be done at the initial step of system deployment — in genesis block, or later when Iroha network is up and running, roles can be changed (if there is a role that can do that :)

This section will help you to understand permissions and give you an idea of how to create roles including certain permissions. Each permission is provided with an example written in Python that demonstrates the way of transaction or query creation, which require specific permission. Every example uses commons.py module, which listing is available at Supplementary Sources section.

9.3.4. List of Permissions

Permission Name	Category	Type
root	All Categories	Command and Query
can_create_account	Account	Command
can_set_detail	Account	Command
can_set_my_account_detail grantable	Account	Command
can_create_asset	Asset	Command
can_receive	Asset	Command
can_transfer	Asset	Command
can_transfer_my_assets grantable	Asset	Command
can_add_asset_qty	Asset Quantity	Command
can_subtract_asset_qty	Asset Quantity	Command
can_add_domain_asset_qty	Asset Quantity	Command
can_subtract_domain_asset_qty	Asset Quantity	Command
can_create_domain	Domain	Command
can_grant_can_add_my_signatory	Grant	Command
can_grant_can_remove_my_signatory	Grant	Command
can_grant_can_set_my_account_detail	Grant	Command
can_grant_can_set_my_quorum	Grant	Command
can_grant_can_transfer_my_assets	Grant	Command
can_add_peer	Peer	Command
can_remove_peer	Peer	Command
can_append_role	Role	Command
can_create_role	Role	Command
can_detach_role	Role	Command
can_add_my_signatory grantable	Signatory	Command
can_add_signatory	Signatory	Command
can_remove_my_signatory grantable	Signatory	Command
can_remove_signatory	Signatory	Command
can_set_my_quorum grantable	Signatory	Command
can_set_quorum	Signatory	Command
can_call_engine	Engine	Command
can_call_engine_on_my_behalf grantable	Engine	Command
can_grant_can_call_engine_on_my_behalf	Grant	Command
can_get_all_acc_detail	Account	Query
can_get_all_accounts	Account	Query
can_get_domain_acc_detail	Account	Query
can_get_domain_accounts	Account	Query
can_get_my_acc_detail	Account	Query
can_get_my_account	Account	Query
can_get_all_acc_ast	Account Asset	Query
can_get_domain_acc_ast	Account Asset	Query
can_get_my_acc_ast	Account Asset	Query
can_get_all_acc_ast_txs	Account Asset Transaction	Query
can_get_domain_acc_ast_txs	Account Asset Transaction	Query
can_get_my_acc_ast_txs	Account Asset Transaction	Query
can_get_all_acc_txs	Account Transaction	Query
can_get_domain_acc_txs	Account Transaction	Query
can_get_my_acc_txs	Account Transaction	Query
can_read_assets	Asset	Query
can_get_blocks	Block Stream	Query
can_get_roles	Role	Query
can_get_all_signatories	Signatory	Query
can_get_domain_signatories	Signatory	Query
can_get_my_signatories	Signatory	Query
can_get_all_txs	Transaction	Query
can_get_my_txs	Transaction	Query
can_get_peers	Peer	Query
can_get_my_engine_receipts	Engine receipts	Query
can_get_domain_engine_receipts	Engine receipts	Query
can_get_all_engine_receipts	Engine receipts	Query

9.3.5. Permissions Detailed

9.3.5.1. Command and Query-related permissions

9.3.5.1.1. All Categories

9.3.5.1.1.1. root

Allows executing all commands and queries without other permissions.

Note

This permission allows you to create and assign any roles with any permissions.

Example

Admin with root permission can create and assign a role with rights that he does not have.

9.3.5.2. Command-related permissions

9.3.5.2.1. Account

9.3.5.2.1.1. can_create_account

Allows creating new accounts.

Related API method: Create Account

Example

Admin creates domain “test” that contains only can_create_account permission and Alice account in that domain. Alice can create Bob account.

admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
bob = commons.new_user('bob@test')
iroha = Iroha(admin['id'])


@commons.hex
def genesis_tx():
    test_permissions = [primitive_pb2.can_create_account]
    genesis_commands = commons.genesis_block(admin, alice, test_permissions)
    tx = iroha.transaction(genesis_commands)
    IrohaCrypto.sign_transaction(tx, admin['key'])
    return tx


@commons.hex
def create_account_tx():
    tx = iroha.transaction([
        iroha.command('CreateAccount', account_name='bob', domain_id='test', public_key=bob['key'])
    ], creator_account=alice['id'])
    IrohaCrypto.sign_transaction(tx, alice['key'])
    return tx

9.3.5.2.1.2. can_set_detail

Allows setting account detail.

The permission allows setting details to other accounts. Another way to set detail without can_set_detail permission is to grant can_set_my_account_detail permission to someone. In order to grant, transaction creator should have can_grant_can_set_my_account_detail permission.

Note

Transaction creator can always set detail for own account even without that permission.

Related API method: Set Account Detail

Example

Admin creates domain “test” that contains only can_set_detail permission and Alice account in that domain. Alice can set detail for Admin account.

admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
iroha = Iroha(admin['id'])


@commons.hex
def genesis_tx():
    test_permissions = [primitive_pb2.can_set_detail]
    genesis_commands = commons.genesis_block(admin, alice, test_permissions)
    tx = iroha.transaction(genesis_commands)
    IrohaCrypto.sign_transaction(tx, admin['key'])
    return tx


@commons.hex
def set_account_detail_tx():
    tx = iroha.transaction([
        iroha.command('SetAccountDetail', account_id=admin['id'], key='fav_color', value='red')
    ], creator_account=alice['id'])
    IrohaCrypto.sign_transaction(tx, alice['key'])
    return tx

9.3.5.2.1.3. can_set_my_account_detail

Hint

This is a grantable permission.

Permission that allows a specified account to set details for the another specified account.

Note

To grant the permission an account should already have a role with can_grant_can_set_my_account_detail permission.

Related API method: Set Account Detail

Example

Admin creates domain “test” that contains only can_grant_can_set_my_account_detail permission and two accounts for Alice and Bob in that domain. Alice grants to Bob can_set_my_account_detail permission. Bob can set detail for Alice account.

admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
bob = commons.new_user('bob@test')
iroha = Iroha(admin['id'])


@commons.hex
def genesis_tx():
    test_permissions = [primitive_pb2.can_grant_can_set_my_account_detail]
    genesis_commands = commons.genesis_block(admin, alice, test_permissions)
    genesis_commands.append(
        iroha.command('CreateAccount', account_name='bob', domain_id='test',
                      public_key=IrohaCrypto.derive_public_key(bob['key']))
    )
    tx = iroha.transaction(genesis_commands)
    IrohaCrypto.sign_transaction(tx, admin['key'])
    return tx


@commons.hex
def grant_permission_tx():
    tx = iroha.transaction([
        iroha.command('GrantPermission', account_id=bob['id'], permission=primitive_pb2.can_set_my_account_detail)
    ], creator_account=alice['id'])
    IrohaCrypto.sign_transaction(tx, alice['key'])
    return tx


@commons.hex
def set_detail_tx():
    tx = iroha.transaction([
        iroha.command('SetAccountDetail', account_id=alice['id'], key='fav_year', value='2019')
    ], creator_account=bob['id'])
    IrohaCrypto.sign_transaction(tx, bob['key'])
    return tx

9.3.5.2.2. Asset

9.3.5.2.2.1. can_create_asset

Allows creating new assets.

Related API method: Create Asset

Example

Admin creates domain “test” that contains only can_create_asset permission and Alice account in that domain. Alice can create new assets.

admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
iroha = Iroha(admin['id'])


@commons.hex
def genesis_tx():
    test_permissions = [primitive_pb2.can_create_asset]
    genesis_commands = commons.genesis_block(admin, alice, test_permissions)
    tx = iroha.transaction(genesis_commands)
    IrohaCrypto.sign_transaction(tx, admin['key'])
    return tx


@commons.hex
def create_asset_tx():
    tx = iroha.transaction([
        iroha.command('CreateAsset', asset_name='coin', domain_id='test', precision=2)
    ], creator_account=alice['id'])
    IrohaCrypto.sign_transaction(tx, alice['key'])
    return tx

9.3.5.2.2.2. can_receive

Allows account receive assets.

Related API method: Transfer Asset

Example

Admin creates domain “test” that contains can_receive and can_transfer permissions and two accounts for Alice and Bob. Admin creates “coin” asset, adds some quantity of it and transfers the asset to Alice. Alice can transfer assets to Bob (Alice has can_transfer permission and Bob has can_receive permission).

admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
bob = commons.new_user('bob@test')
iroha = Iroha(admin['id'])


@commons.hex
def genesis_tx():
    test_permissions = [primitive_pb2.can_transfer, primitive_pb2.can_receive]
    genesis_commands = commons.genesis_block(admin, alice, test_permissions)
    genesis_commands.extend([
        iroha.command('CreateAccount', account_name='bob', domain_id='test',
                      public_key=IrohaCrypto.derive_public_key(bob['key'])),
        iroha.command('CreateAsset', asset_name='coin', domain_id='test', precision=2),
        iroha.command('AddAssetQuantity', asset_id='coin#test', amount='90.00'),
        iroha.command('TransferAsset',
                      src_account_id=admin['id'],
                      dest_account_id=alice['id'],
                      asset_id='coin#test',
                      description='init top up',
                      amount='90.00')
    ])
    tx = iroha.transaction(genesis_commands)
    IrohaCrypto.sign_transaction(tx, admin['key'])
    return tx


@commons.hex
def transfer_asset_tx():
    tx = iroha.transaction([
        iroha.command('TransferAsset',
                      src_account_id=alice['id'],
                      dest_account_id=bob['id'],
                      asset_id='coin#test',
                      description='transfer to Bob',
                      amount='60.00')
    ], creator_account=alice['id'])
    IrohaCrypto.sign_transaction(tx, alice['key'])
    return tx

9.3.5.2.2.3. can_transfer

Allows sending assets from an account of transaction creator.

You can transfer an asset from one domain to another, even if the other domain does not have an asset with the same name.

Note

Destination account should have can_receive permission.

Related API method: Transfer Asset

#
# Copyright Soramitsu Co., Ltd. All Rights Reserved.
# SPDX-License-Identifier: Apache-2.0
#

import can_receive

# Please see example for can_receive permission.
# By design can_receive and can_transfer permissions
# can be tested only together.

9.3.5.2.2.4. can_transfer_my_assets

Hint

This is a grantable permission.

Permission that allows a specified account to transfer assets of another specified account.

See the example (to be done) for the usage details.

Related API method: Transfer Asset

Example

Admin creates domain “test” that contains can_grant_can_transfer_my_assets, can_receive, can_transfer permissions and two accounts for Alice and Bob in that domain. Admin issues some amount of “coin” asset and transfers it to Alice. Alice grants to Bob can_transfer_my_assets permission. Bob can transfer Alice’s assets to any account that has can_receive permission, for example, to Admin.

admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
bob = commons.new_user('bob@test')
iroha = Iroha(admin['id'])


@commons.hex
def genesis_tx():
    test_permissions = [
        primitive_pb2.can_grant_can_transfer_my_assets,
        primitive_pb2.can_receive,
        primitive_pb2.can_transfer
    ]
    genesis_commands = commons.genesis_block(admin, alice, test_permissions)
    genesis_commands.extend([
        iroha.command('CreateAccount', account_name='bob', domain_id='test',
                      public_key=IrohaCrypto.derive_public_key(bob['key'])),
        iroha.command('CreateAsset', asset_name='coin', domain_id='test', precision=2),
        iroha.command('AddAssetQuantity', asset_id='coin#test', amount='100.00'),
        iroha.command('TransferAsset',
                      src_account_id=admin['id'],
                      dest_account_id=alice['id'],
                      asset_id='coin#test',
                      description='init top up',
                      amount='90.00')
    ])
    tx = iroha.transaction(genesis_commands)
    IrohaCrypto.sign_transaction(tx, admin['key'])
    return tx


@commons.hex
def grant_permission_tx():
    tx = iroha.transaction([
        iroha.command('GrantPermission', account_id=bob['id'], permission=primitive_pb2.can_transfer_my_assets)
    ], creator_account=alice['id'])
    IrohaCrypto.sign_transaction(tx, alice['key'])
    return tx


@commons.hex
def transfer_asset_tx():
    tx = iroha.transaction([
        iroha.command('TransferAsset',
                      src_account_id=alice['id'],
                      dest_account_id=admin['id'],
                      asset_id='coin#test',
                      description='transfer from Alice to Admin by Bob',
                      amount='60.00')
    ], creator_account=bob['id'])
    IrohaCrypto.sign_transaction(tx, bob['key'])
    return tx

9.3.5.2.3. Asset Quantity

9.3.5.2.3.1. can_add_asset_qty

Allows issuing assets.

The corresponding command can be executed only for an account of transaction creator and only if that account has a role with the permission.

Related API method: Add Asset Quantity

Example

Admin creates domain “test” that contains only can_add_asset_qty permission and Alice account in that domain. Admin creates “coin” asset. Alice can add to own account any amount of any asset (e.g. “coin” asset).

admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
iroha = Iroha(admin['id'])


@commons.hex
def genesis_tx():
    test_permissions = [primitive_pb2.can_add_asset_qty]
    genesis_commands = commons.genesis_block(admin, alice, test_permissions)
    genesis_commands.append(
        iroha.command('CreateAsset', asset_name='coin', domain_id='test', precision=2))
    tx = iroha.transaction(genesis_commands)
    IrohaCrypto.sign_transaction(tx, admin['key'])
    return tx


@commons.hex
def add_asset_tx():
    tx = iroha.transaction([
        iroha.command('AddAssetQuantity', asset_id='coin#test', amount='5000.99')
    ], creator_account=alice['id'])
    IrohaCrypto.sign_transaction(tx, alice['key'])
    return tx

9.3.5.2.3.2. can_subtract_asset_qty

Allows burning assets.

The corresponding command can be executed only for an account of transaction creator and only if that account has a role with the permission.

Related API method: Subtract Asset Quantity

Example

Admin creates domain “test” that contains only can_subtract_asset_qty permission and Alice account in that domain. Admin issues some amount of “coin” asset and transfers some amount of “coin” asset to Alice. Alice can burn any amount of “coin” assets.

admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
iroha = Iroha(admin['id'])


@commons.hex
def genesis_tx():
    test_permissions = [primitive_pb2.can_subtract_asset_qty]
    genesis_commands = commons.genesis_block(admin, alice, test_permissions)
    genesis_commands.extend([
        iroha.command('CreateAsset', asset_name='coin', domain_id='test', precision=2),
        iroha.command('AddAssetQuantity', asset_id='coin#test', amount='1000.00'),
        iroha.command('TransferAsset',
                      src_account_id=admin['id'],
                      dest_account_id=alice['id'],
                      asset_id='coin#test',
                      description='init top up',
                      amount='999.99')
    ])
    tx = iroha.transaction(genesis_commands)
    IrohaCrypto.sign_transaction(tx, admin['key'])
    return tx


@commons.hex
def subtract_asset_tx():
    tx = iroha.transaction([
        iroha.command('SubtractAssetQuantity', asset_id='coin#test', amount='999.99')
    ], creator_account=alice['id'])
    IrohaCrypto.sign_transaction(tx, alice['key'])
    return tx

9.3.5.2.3.3. can_add_domain_asset_qty

Allows issuing assets only in own domain.

The corresponding command can be executed only for an account of transaction creator and only if that account has a role with the permission and only for assets in creator’s domain.

Related API method: Add Asset Quantity

#
# Copyright Soramitsu Co., Ltd. All Rights Reserved.
# SPDX-License-Identifier: Apache-2.0
#

import can_add_asset_qty

# Please see example for can_add_asset_qty permission.

# TODO igor-egorov 21.01.2019 IR-240

9.3.5.2.3.4. can_subtract_domain_asset_qty

Allows burning assets only in own domain.

The corresponding command can be executed only for an account of transaction creator and only if that account has a role with the permission and only for assets in creator’s domain.

Related API method: Subtract Asset Quantity

#
# Copyright Soramitsu Co., Ltd. All Rights Reserved.
# SPDX-License-Identifier: Apache-2.0
#

import can_subtract_asset_qty

# Please see example for can_subtract_asset_qty permission.

# TODO igor-egorov 21.01.2019 IR-240

9.3.5.2.4. Domain

9.3.5.2.4.1. can_create_domain

Allows creating new domains within the system.

Related API method: Create Domain

Example

Admin creates domain that contains only can_create_domain permission and Alice account in that domain. Alice can create new domains.

admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
iroha = Iroha(admin['id'])


@commons.hex
def genesis_tx():
    test_permissions = [primitive_pb2.can_create_domain]
    genesis_commands = commons.genesis_block(admin, alice, test_permissions)
    tx = iroha.transaction(genesis_commands)
    IrohaCrypto.sign_transaction(tx, admin['key'])
    return tx


@commons.hex
def create_domain_tx():
    # 'test_role' was created in genesis transaction
    tx = iroha.transaction([
        iroha.command('CreateDomain', domain_id='another-domain', default_role='test_role')
    ], creator_account=alice['id'])
    IrohaCrypto.sign_transaction(tx, alice['key'])
    return tx

9.3.5.2.5. Grant

9.3.5.2.5.1. can_grant_can_add_my_signatory

Allows role owners grant can_add_my_signatory permission.

Related API methods: Grant Permission, Revoke Permission

Example

Admin creates domain that contains only can_grant_can_add_my_signatory permission and two accounts for Alice and Bob in that domain. Alice can grant to Bob and revoke can_add_my_signatory permission.

admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
bob = commons.new_user('bob@test')
iroha = Iroha(admin['id'])


@commons.hex
def genesis_tx():
    test_permissions = [primitive_pb2.can_grant_can_add_my_signatory]
    genesis_commands = commons.genesis_block(admin, alice, test_permissions)
    genesis_commands.append(
        iroha.command('CreateAccount', account_name='bob', domain_id='test',
                      public_key=IrohaCrypto.derive_public_key(bob['key'])))
    tx = iroha.transaction(genesis_commands)
    IrohaCrypto.sign_transaction(tx, admin['key'])
    return tx


@commons.hex
def grant_can_add_my_signatory_tx():
    tx = iroha.transaction([
        iroha.command('GrantPermission', account_id=bob['id'], permission=primitive_pb2.can_add_my_signatory)
    ], creator_account=alice['id'])
    IrohaCrypto.sign_transaction(tx, alice['key'])
    return tx


@commons.hex
def revoke_can_add_my_signatory_tx():
    tx = iroha.transaction([
        iroha.command('RevokePermission', account_id=bob['id'], permission=primitive_pb2.can_add_my_signatory)
    ], creator_account=alice['id'])
    IrohaCrypto.sign_transaction(tx, alice['key'])
    return tx

9.3.5.2.5.2. can_grant_can_remove_my_signatory

Allows role owners grant can_remove_my_signatory permission.

Related API methods: Grant Permission, Revoke Permission

Example

Admin creates domain that contains only can_grant_can_remove_my_signatory permission and two accounts for Alice and Bob in that domain. Alice can grant to Bob and revoke can_remove_my_signatory permission.

admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
bob = commons.new_user('bob@test')
iroha = Iroha(admin['id'])


@commons.hex
def genesis_tx():
    test_permissions = [primitive_pb2.can_grant_can_remove_my_signatory]
    genesis_commands = commons.genesis_block(admin, alice, test_permissions)
    genesis_commands.append(
        iroha.command('CreateAccount', account_name='bob', domain_id='test',
                      public_key=IrohaCrypto.derive_public_key(bob['key'])))
    tx = iroha.transaction(genesis_commands)
    IrohaCrypto.sign_transaction(tx, admin['key'])
    return tx


@commons.hex
def grant_can_remove_my_signatory_tx():
    tx = iroha.transaction([
        iroha.command('GrantPermission', account_id=bob['id'], permission=primitive_pb2.can_remove_my_signatory)
    ], creator_account=alice['id'])
    IrohaCrypto.sign_transaction(tx, alice['key'])
    return tx


@commons.hex
def revoke_can_remove_my_signatory_tx():
    tx = iroha.transaction([
        iroha.command('RevokePermission', account_id=bob['id'], permission=primitive_pb2.can_remove_my_signatory)
    ], creator_account=alice['id'])
    IrohaCrypto.sign_transaction(tx, alice['key'])
    return tx

9.3.5.2.5.3. can_grant_can_set_my_account_detail

Allows role owners grant can_set_my_account_detail permission.

Related API methods: Grant Permission, Revoke Permission

Example

Admin creates domain that contains only can_grant_can_set_my_account_detail permission and two accounts for Alice and Bob in that domain. Alice can grant to Bob and revoke can_set_my_account_detail permission.

admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
bob = commons.new_user('bob@test')
iroha = Iroha(admin['id'])


@commons.hex
def genesis_tx():
    test_permissions = [primitive_pb2.can_grant_can_set_my_account_detail]
    genesis_commands = commons.genesis_block(admin, alice, test_permissions)
    genesis_commands.append(
        iroha.command('CreateAccount', account_name='bob', domain_id='test',
                      public_key=IrohaCrypto.derive_public_key(bob['key'])))
    tx = iroha.transaction(genesis_commands)
    IrohaCrypto.sign_transaction(tx, admin['key'])
    return tx


@commons.hex
def grant_can_set_my_account_detail_tx():
    tx = iroha.transaction([
        iroha.command('GrantPermission', account_id=bob['id'], permission=primitive_pb2.can_set_my_account_detail)
    ], creator_account=alice['id'])
    IrohaCrypto.sign_transaction(tx, alice['key'])
    return tx


@commons.hex
def revoke_can_set_my_account_detail_tx():
    tx = iroha.transaction([
        iroha.command('RevokePermission', account_id=bob['id'], permission=primitive_pb2.can_set_my_account_detail)
    ], creator_account=alice['id'])
    IrohaCrypto.sign_transaction(tx, alice['key'])
    return tx

9.3.5.2.5.4. can_grant_can_set_my_quorum

Allows role owners grant can_set_my_quorum permission.

Related API methods: Grant Permission, Revoke Permission

Example

Admin creates domain that contains only can_grant_can_set_my_quorum permission and two accounts for Alice and Bob in that domain. Alice can grant to Bob and revoke can_set_my_quorum permission.

admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
bob = commons.new_user('bob@test')
iroha = Iroha(admin['id'])


@commons.hex
def genesis_tx():
    test_permissions = [primitive_pb2.can_grant_can_set_my_quorum]
    genesis_commands = commons.genesis_block(admin, alice, test_permissions)
    genesis_commands.append(
        iroha.command('CreateAccount', account_name='bob', domain_id='test',
                      public_key=IrohaCrypto.derive_public_key(bob['key']))
    )
    tx = iroha.transaction(genesis_commands)
    IrohaCrypto.sign_transaction(tx, admin['key'])
    return tx


@commons.hex
def grant_can_set_my_quorum_tx():
    tx = iroha.transaction([
        iroha.command('GrantPermission', account_id=bob['id'], permission=primitive_pb2.can_set_my_quorum)
    ], creator_account=alice['id'])
    IrohaCrypto.sign_transaction(tx, alice['key'])
    return tx


@commons.hex
def revoke_can_set_my_quorum_tx():
    tx = iroha.transaction([
        iroha.command('RevokePermission', account_id=bob['id'], permission=primitive_pb2.can_set_my_quorum)
    ], creator_account=alice['id'])
    IrohaCrypto.sign_transaction(tx, alice['key'])
    return tx

9.3.5.2.5.5. can_grant_can_transfer_my_assets

Allows role owners grant can_transfer_my_assets permission.

Related API methods: Grant Permission, Revoke Permission

Example

Admin creates domain that contains only can_grant_can_transfer_my_assets permission and two accounts for Alice and Bob in that domain. Alice can grant to Bob and revoke can_transfer_my_assets permission.

admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
bob = commons.new_user('bob@test')
iroha = Iroha(admin['id'])


@commons.hex
def genesis_tx():
    test_permissions = [
        primitive_pb2.can_grant_can_transfer_my_assets,
        primitive_pb2.can_receive,
        primitive_pb2.can_transfer
    ]
    genesis_commands = commons.genesis_block(admin, alice, test_permissions)
    genesis_commands.extend([
        iroha.command('CreateAccount', account_name='bob', domain_id='test',
                      public_key=IrohaCrypto.derive_public_key(bob['key'])),
        iroha.command('CreateAsset', asset_name='coin', domain_id='test', precision=2),
        iroha.command('AddAssetQuantity', asset_id='coin#test', amount='100.00'),
        iroha.command('TransferAsset',
                      src_account_id=admin['id'],
                      dest_account_id=alice['id'],
                      asset_id='coin#test',
                      description='init top up',
                      amount='90.00')
    ])
    tx = iroha.transaction(genesis_commands)
    IrohaCrypto.sign_transaction(tx, admin['key'])
    return tx


@commons.hex
def grant_can_transfer_my_assets_tx():
    tx = iroha.transaction([
        iroha.command('GrantPermission', account_id=bob['id'], permission=primitive_pb2.can_transfer_my_assets)
    ], creator_account=alice['id'])
    IrohaCrypto.sign_transaction(tx, alice['key'])
    return tx


@commons.hex
def revoke_can_transfer_my_assets_tx():
    tx = iroha.transaction([
        iroha.command('RevokePermission', account_id=bob['id'], permission=primitive_pb2.can_transfer_my_assets)
    ], creator_account=alice['id'])
    IrohaCrypto.sign_transaction(tx, alice['key'])
    return tx

9.3.5.2.6. Peer

9.3.5.2.6.1. can_add_peer

Allows adding peers to the network.

A new peer will be a valid participant in the next consensus round after an agreement on transaction containing “addPeer” command.

Related API method: Add Peer

Example

Admin creates domain that contains only can_add_peer permission and Alice account in that domain. Alice can add new peers.

admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
iroha = Iroha(admin['id'])


@commons.hex
def genesis_tx():
    test_permissions = [primitive_pb2.can_add_peer]
    genesis_commands = commons.genesis_block(admin, alice, test_permissions)
    tx = iroha.transaction(genesis_commands)
    IrohaCrypto.sign_transaction(tx, admin['key'])
    return tx


@commons.hex
def add_peer_tx():
    peer_key = IrohaCrypto.private_key()
    peer = primitive_pb2.Peer()
    peer.address = '192.168.10.10:50541'
    peer.peer_key = IrohaCrypto.derive_public_key(peer_key)
    tx = iroha.transaction([
        iroha.command('AddPeer', peer=peer)
    ], creator_account=alice['id'])
    IrohaCrypto.sign_transaction(tx, alice['key'])
    return tx

9.3.5.2.6.2. can_remove_peer

Allows removing peers from the network.

Removed peer will not participate in the next consensus round after an agreement on transaction containing “removePeer” command.

Related API method: Remove Peer

Example

Admin creates domain that contains only can_remove_peer permission and Alice account in that domain. Admin adds a second peer. Alice can remove existing peers.

admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
iroha = Iroha(admin['id'])

peer_key = IrohaCrypto.private_key()
peer = primitive_pb2.Peer()
peer.address = '192.168.10.10:50541'
peer.peer_key = IrohaCrypto.derive_public_key(peer_key)


@commons.hex
def genesis_tx():
    test_permissions = [primitive_pb2.can_remove_peer]
    genesis_commands = commons.genesis_block(admin, alice, test_permissions)
    genesis_commands.append(Iroha.command('AddPeer', peer=peer))
    tx = iroha.transaction(genesis_commands)
    IrohaCrypto.sign_transaction(tx, admin['key'])
    return tx


@commons.hex
def remove_peer_tx():
    peer_key = IrohaCrypto.private_key()
    tx = iroha.transaction([
        iroha.command('RemovePeer', public_key=peer.peer_key)
    ], creator_account=alice['id'])
    IrohaCrypto.sign_transaction(tx, alice['key'])
    return tx

9.3.5.2.7. Role

9.3.5.2.7.1. can_append_role

Allows appending roles to another account.

You can append only that role that has lesser or the same set of privileges as transaction creator.

Related API method: Append Role

Example

Admin creates domain that contains can_append_role and can_add_peer permissions and two accounts for Alice and Bob in that domain. Admin creates the second role that contains only can_add_peer permission. Alice can append role to Bob.

admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
bob = commons.new_user('bob@test')
iroha = Iroha(admin['id'])


@commons.hex
def genesis_tx():
    test_permissions = [primitive_pb2.can_append_role, primitive_pb2.can_add_peer]
    second_role_permissions = [primitive_pb2.can_add_peer]
    genesis_commands = commons.genesis_block(admin, alice, test_permissions)
    genesis_commands.extend([
        iroha.command('CreateRole', role_name='second_role', permissions=second_role_permissions),
        iroha.command('CreateAccount', account_name='bob', domain_id='test',
                      public_key=IrohaCrypto.derive_public_key(bob['key'])),
        iroha.command('AppendRole', account_id=alice['id'], role_name='second_role')
    ])
    tx = iroha.transaction(genesis_commands)
    IrohaCrypto.sign_transaction(tx, admin['key'])
    return tx


@commons.hex
def append_role_tx():
    # Note that you can append only that role that has
    # lesser or the same set of permissions as transaction creator.
    tx = iroha.transaction([
        iroha.command('AppendRole', account_id=bob['id'], role_name='second_role')
    ], creator_account=alice['id'])
    IrohaCrypto.sign_transaction(tx, alice['key'])
    return tx

9.3.5.2.7.2. can_create_role

Allows creating a new role within a system.

Possible set of permissions for a new role is limited to those permissions that transaction creator has.

Related API method: Create Role

Example

Admin creates domain that contains only can_create_role permission and Alice account in that domain. Alice can create new roles.

admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
iroha = Iroha(admin['id'])


@commons.hex
def genesis_tx():
    test_permissions = [primitive_pb2.can_create_role, primitive_pb2.can_create_domain]
    genesis_commands = commons.genesis_block(admin, alice, test_permissions)
    tx = iroha.transaction(genesis_commands)
    IrohaCrypto.sign_transaction(tx, admin['key'])
    return tx


@commons.hex
def create_role_tx():
    # You can pick only those permissions that
    # already belong to account of transaction creator.
    role_permissions = [primitive_pb2.can_create_domain]
    tx = iroha.transaction([
        iroha.command('CreateRole', role_name='newrole', permissions=role_permissions)
    ], creator_account=alice['id'])
    IrohaCrypto.sign_transaction(tx, alice['key'])
    return tx

9.3.5.2.7.3. can_detach_role

Allows revoking a role from a user.

Note

Due to a known issue the permission allows to detach any role without limitations https://soramitsu.atlassian.net/browse/IR-1468

Related API method: Detach Role

Example

Admin creates domain that contains only can_detach_role permission and creates Alice account in that domain. Admin has two roles test_role and admin_role. Alice can detach test_role from Admin account.

admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
iroha = Iroha(admin['id'])


@commons.hex
def genesis_tx():
    test_permissions = [primitive_pb2.can_detach_role]
    genesis_commands = commons.genesis_block(admin, alice, test_permissions)
    tx = iroha.transaction(genesis_commands)
    IrohaCrypto.sign_transaction(tx, admin['key'])
    return tx


@commons.hex
def detach_role_tx():
    tx = iroha.transaction([
        iroha.command('DetachRole', account_id=admin['id'], role_name='test_role')
    ], creator_account=alice['id'])
    IrohaCrypto.sign_transaction(tx, alice['key'])
    return tx

9.3.5.2.8. Signatory

9.3.5.2.8.1. can_add_my_signatory

Hint

This is a grantable permission.

Permission that allows a specified account to add an extra public key to the another specified account.

Related API method: Add Signatory

Example

Admin creates domain that contains only can_grant_can_add_my_signatory permission and two accounts for Alice and Bob in that domain. Alice can grant to Bob can_add_my_signatory permission. Bob can add an extra key to Alice account.

admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
bob = commons.new_user('bob@test')
iroha = Iroha(admin['id'])


@commons.hex
def genesis_tx():
    test_permissions = [primitive_pb2.can_grant_can_add_my_signatory]
    genesis_commands = commons.genesis_block(admin, alice, test_permissions)
    genesis_commands.append(
        iroha.command('CreateAccount', account_name='bob', domain_id='test',
                      public_key=IrohaCrypto.derive_public_key(bob['key'])))
    tx = iroha.transaction(genesis_commands)
    IrohaCrypto.sign_transaction(tx, admin['key'])
    return tx


@commons.hex
def grant_can_add_my_signatory_tx():
    tx = iroha.transaction([
        iroha.command('GrantPermission', account_id=bob['id'], permission=primitive_pb2.can_add_my_signatory)
    ], creator_account=alice['id'])
    IrohaCrypto.sign_transaction(tx, alice['key'])
    return tx


@commons.hex
def add_signatory_tx():
    extra_key = IrohaCrypto.private_key()
    tx = iroha.transaction([
        iroha.command('AddSignatory', account_id=alice['id'],
                      public_key=IrohaCrypto.derive_public_key(extra_key))
    ], creator_account=bob['id'])
    IrohaCrypto.sign_transaction(tx, bob['key'])
    return tx

9.3.5.2.8.2. can_add_signatory

Allows linking additional public keys to account.

The corresponding command can be executed only for an account of transaction creator and only if that account has a role with the permission.

Related API method: Add Signatory

Example

Admin creates domain that contains only can_add_signatory permission and Alice account in that domain. Alice can add to own account additional keys.

admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
iroha = Iroha(admin['id'])


@commons.hex
def genesis_tx():
    test_permissions = [primitive_pb2.can_add_signatory]
    genesis_commands = commons.genesis_block(admin, alice, test_permissions)
    tx = iroha.transaction(genesis_commands)
    IrohaCrypto.sign_transaction(tx, admin['key'])
    return tx


@commons.hex
def add_signatory_tx():
    extra_key = IrohaCrypto.private_key()
    tx = iroha.transaction([
        iroha.command('AddSignatory', account_id=alice['id'],
                      public_key=IrohaCrypto.derive_public_key(extra_key))
    ], creator_account=alice['id'])
    IrohaCrypto.sign_transaction(tx, alice['key'])
    return tx

9.3.5.2.8.3. can_remove_my_signatory

Hint

This is a grantable permission.

Permission that allows a specified account remove public key from the another specified account.

See the example (to be done) for the usage details.

Related API method: Remove Signatory

Example

Admin creates domain that contains can_add_signatory and can_grant_can_remove_my_signatory permissions and two accounts for Alice and Bob. Alice grants can_remove_my_signatory permission to Bob and adds additional key to own account. Bob can remove one of Alice’s keys.

admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
bob = commons.new_user('bob@test')
iroha = Iroha(admin['id'])


@commons.hex
def genesis_tx():
    test_permissions = [
        primitive_pb2.can_grant_can_remove_my_signatory,
        primitive_pb2.can_add_signatory
    ]
    genesis_commands = commons.genesis_block(admin, alice, test_permissions)
    genesis_commands.append(
        iroha.command('CreateAccount', account_name='bob', domain_id='test',
                      public_key=IrohaCrypto.derive_public_key(bob['key']))
    )
    tx = iroha.transaction(genesis_commands)
    IrohaCrypto.sign_transaction(tx, admin['key'])
    return tx


@commons.hex
def grant_can_remove_my_signatory_tx():
    extra_key = IrohaCrypto.private_key()
    tx = iroha.transaction([
        iroha.command('GrantPermission', account_id=bob['id'], permission=primitive_pb2.can_remove_my_signatory),
        iroha.command('AddSignatory', account_id=alice['id'],
                      public_key=IrohaCrypto.derive_public_key(extra_key))
    ], creator_account=alice['id'])
    IrohaCrypto.sign_transaction(tx, alice['key'])
    return tx


@commons.hex
def remove_signatory_tx():
    tx = iroha.transaction([
        iroha.command('RemoveSignatory', account_id=alice['id'],
                      public_key=IrohaCrypto.derive_public_key(alice['key']))
    ], creator_account=bob['id'])
    IrohaCrypto.sign_transaction(tx, bob['key'])
    return tx

9.3.5.2.8.4. can_remove_signatory

Allows unlinking additional public keys from an account.

The corresponding command can be executed only for an account of transaction creator and only if that account has a role with the permission.

Related API method: Remove Signatory

Example

Admin creates domain that contains can_remove_signatory permission and Alice account in that domain. Admin adds an extra key to Alice account. Alice can remove one of the keys.

admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
iroha = Iroha(admin['id'])


@commons.hex
def genesis_tx():
    test_permissions = [primitive_pb2.can_remove_signatory]
    extra_key = IrohaCrypto.private_key()
    genesis_commands = commons.genesis_block(admin, alice, test_permissions)
    genesis_commands.append(
        iroha.command('AddSignatory', account_id=alice['id'],
                      public_key=IrohaCrypto.derive_public_key(extra_key))
    )
    tx = iroha.transaction(genesis_commands)
    IrohaCrypto.sign_transaction(tx, admin['key'])
    return tx


@commons.hex
def remove_signatory_tx():
    tx = iroha.transaction([
        iroha.command('RemoveSignatory', account_id=alice['id'],
                      public_key=IrohaCrypto.derive_public_key(alice['key']))
    ], creator_account=alice['id'])
    IrohaCrypto.sign_transaction(tx, alice['key'])
    return tx

9.3.5.2.8.5. can_set_my_quorum

Hint

This is a grantable permission.

Permission that allows a specified account to set quorum for the another specified account.

Account should have greater or equal amount of keys than quorum.

Related API method: Set Account Quorum

Example

Admin creates domain that contains can_grant_can_set_my_quorum and can_add_signatory permissions and create two accounts for Alice and Bob in that domain. Alice grants to Bob can_set_my_quorum permission and adds an extra key to account. Bob can set quorum for Alice.

admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
bob = commons.new_user('bob@test')
iroha = Iroha(admin['id'])


@commons.hex
def genesis_tx():
    test_permissions = [
        primitive_pb2.can_grant_can_set_my_quorum,
        primitive_pb2.can_add_signatory
    ]
    genesis_commands = commons.genesis_block(admin, alice, test_permissions)
    genesis_commands.append(
        iroha.command('CreateAccount', account_name='bob', domain_id='test',
                      public_key=IrohaCrypto.derive_public_key(bob['key']))
    )
    tx = iroha.transaction(genesis_commands)
    IrohaCrypto.sign_transaction(tx, admin['key'])
    return tx


@commons.hex
def grant_can_set_my_quorum_tx():
    extra_key = IrohaCrypto.private_key()
    tx = iroha.transaction([
        iroha.command('GrantPermission', account_id=bob['id'], permission=primitive_pb2.can_set_my_quorum),
        iroha.command('AddSignatory', account_id=alice['id'],
                      public_key=IrohaCrypto.derive_public_key(extra_key))
    ], creator_account=alice['id'])
    IrohaCrypto.sign_transaction(tx, alice['key'])
    return tx


@commons.hex
def set_quorum_tx():
    tx = iroha.transaction([
        iroha.command('SetAccountQuorum', account_id=alice['id'], quorum=2)
    ], creator_account=bob['id'])
    IrohaCrypto.sign_transaction(tx, bob['key'])
    return tx

9.3.5.2.8.6. can_set_quorum

Allows setting quorum.

At least the same number (or more) of public keys should be already linked to an account.

Related API method: Set Account Quorum

Example

Admin creates domain that contains only can_set_quorum permission and creates Alice account in that domain. Admin adds an extra key for Alice account. Alice can set quorum equals two.

admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
iroha = Iroha(admin['id'])


@commons.hex
def genesis_tx():
    test_permissions = [primitive_pb2.can_set_quorum]
    extra_key = IrohaCrypto.private_key()
    genesis_commands = commons.genesis_block(admin, alice, test_permissions)
    genesis_commands.append(
        iroha.command('AddSignatory', account_id=alice['id'],
                      public_key=IrohaCrypto.derive_public_key(extra_key))
    )
    tx = iroha.transaction(genesis_commands)
    IrohaCrypto.sign_transaction(tx, admin['key'])
    return tx


@commons.hex
def set_quorum_tx():
    # Quourum cannot be greater than amount of keys linked to an account
    tx = iroha.transaction([
        iroha.command('SetAccountQuorum', account_id=alice['id'], quorum=2)
    ], creator_account=alice['id'])
    IrohaCrypto.sign_transaction(tx, alice['key'])
    return tx

9.3.5.2.9. Engine

9.3.5.2.9.1. can_call_engine

Allows to use Burrow EMV to run Solidity smart-contracts

Related API method: Call Engine

Example

Admin creates domain that contains only can_call_engine permission and Alice account in that domain. Alice can send Solidity smart contracts to Burrow EVM by using Call Engine command.

9.3.5.2.9.2. can_call_engine_on_my_behalf

Hint

This is a grantable permission.

Permission that allows a specified account to use Burrow EVM for the another specified account.

Related API method: Call Engine

Example

Admin creates domain that contains only can_grant_can_call_engine permission and two accounts for Alice and Bob in that domain. Alice can grant to Bob and revoke can_call_engine_on_my_behalf permission.

9.3.5.2.10. Grant

9.3.5.2.10.1. can_grant_can_call_engine_on_my_behalf

Allows role owners grant can_call_engine_on_my_behalf permission.

Related API method: Call Engine

Example

Admin creates domain that contains only can_grant_can_call_engine permission and two accounts for Alice and Bob in that domain. Alice can grant to Bob and revoke can_call_engine_on_my_behalf permission.

9.3.5.3. Query-related permissions

9.3.5.3.1. Account

9.3.5.3.1.1. can_get_all_acc_detail

Allows getting all the details set to any account within the system.

Related API method: Get Account Detail

Example

Admin creates Alice account in a different domain that has only can_get_all_acc_detail permission. Alice can access details set to Admin account.

admin = commons.new_user('admin@first')
alice = commons.new_user('alice@second')
iroha = Iroha(admin['id'])


@commons.hex
def genesis_tx():
    test_permissions = [primitive_pb2.can_get_all_acc_detail]
    genesis_commands = commons.genesis_block(admin, alice, test_permissions, multidomain=True)
    tx = iroha.transaction(genesis_commands)
    IrohaCrypto.sign_transaction(tx, admin['key'])
    return tx


@commons.hex
def account_detail_query():
    query = iroha.query('GetAccountDetail', creator_account=alice['id'], account_id=admin['id'])
    IrohaCrypto.sign_query(query, alice['key'])
    return query

9.3.5.3.1.2. can_get_all_accounts

Allows getting account information: quorum and all the details related to the account.

With this permission, query creator can get information about any account within a system.

All the details (set by the account owner or owners of other accounts) will be returned.

Related API method: Get Account

Example

Admin creates Alice account in a different domain that has only can_get_all_accounts permission. Alice can access account information of Admin.

admin = commons.new_user('admin@first')
alice = commons.new_user('alice@second')
iroha = Iroha(admin['id'])


@commons.hex
def genesis_tx():
    test_permissions = [primitive_pb2.can_get_all_accounts]
    genesis_commands = commons.genesis_block(admin, alice, test_permissions, multidomain=True)
    tx = iroha.transaction(genesis_commands)
    IrohaCrypto.sign_transaction(tx, admin['key'])
    return tx


@commons.hex
def account_query():
    query = iroha.query('GetAccount', creator_account=alice['id'], account_id=admin['id'])
    IrohaCrypto.sign_query(query, alice['key'])
    return query

9.3.5.3.1.3. can_get_domain_acc_detail

Allows getting all the details set to any account within the same domain as a domain of query creator account.

Related API method: Get Account Detail

Example

Admin creates Alice account in the same domain that has only can_get_domain_acc_detail permission. Alice can get details set to Admin account.

admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
iroha = Iroha(admin['id'])


@commons.hex
def genesis_tx():
    test_permissions = [primitive_pb2.can_get_domain_acc_detail]
    genesis_commands = commons.genesis_block(admin, alice, test_permissions)
    tx = iroha.transaction(genesis_commands)
    IrohaCrypto.sign_transaction(tx, admin['key'])
    return tx


@commons.hex
def account_detail_query():
    query = iroha.query('GetAccountDetail', creator_account=alice['id'], account_id=admin['id'])
    IrohaCrypto.sign_query(query, alice['key'])
    return query

9.3.5.3.1.4. can_get_domain_accounts

Allows getting account information: quorum and all the details related to the account.

With this permission, query creator can get information only about accounts from the same domain.

All the details (set by the account owner or owners of other accounts) will be returned.

Related API method: Get Account

Example

Admin creates Alice account in the same domain that has only can_get_domain_accounts. Alice can access account information of Admin.

admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
iroha = Iroha(admin['id'])


@commons.hex
def genesis_tx():
    test_permissions = [primitive_pb2.can_get_domain_accounts]
    genesis_commands = commons.genesis_block(admin, alice, test_permissions)
    tx = iroha.transaction(genesis_commands)
    IrohaCrypto.sign_transaction(tx, admin['key'])
    return tx


@commons.hex
def account_query():
    query = iroha.query('GetAccount', creator_account=alice['id'], account_id=admin['id'])
    IrohaCrypto.sign_query(query, alice['key'])
    return query

9.3.5.3.1.5. can_get_my_acc_detail

Allows getting all the details set to the account of query creator.

Related API method: Get Account Detail

Example

Admin creates Alice account in the domain that has only can_get_my_acc_detail permission. Alice can get details set to own account.

admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
iroha = Iroha(admin['id'])


@commons.hex
def genesis_tx():
    test_permissions = [primitive_pb2.can_get_my_acc_detail]
    genesis_commands = commons.genesis_block(admin, alice, test_permissions)
    tx = iroha.transaction(genesis_commands)
    IrohaCrypto.sign_transaction(tx, admin['key'])
    return tx


@commons.hex
def account_detail_query():
    query = iroha.query('GetAccountDetail', creator_account=alice['id'], account_id=alice['id'])
    IrohaCrypto.sign_query(query, alice['key'])
    return query

9.3.5.3.1.6. can_get_my_account

Allows getting account information: quorum and all the details related to the account.

With this permission, query creator can get information only about own account.

All the details (set by the account owner or owners of other accounts) will be returned.

Related API method: Get Account

Example

Admin creates Alice account in the domain that has only can_get_my_account permission. Alice can access own account information.

admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
iroha = Iroha(admin['id'])


@commons.hex
def genesis_tx():
    test_permissions = [primitive_pb2.can_get_my_account]
    genesis_commands = commons.genesis_block(admin, alice, test_permissions)
    tx = iroha.transaction(genesis_commands)
    IrohaCrypto.sign_transaction(tx, admin['key'])
    return tx


@commons.hex
def account_query():
    query = iroha.query('GetAccount', creator_account=alice['id'], account_id=alice['id'])
    IrohaCrypto.sign_query(query, alice['key'])
    return query

9.3.5.3.2. Account Asset

9.3.5.3.2.1. can_get_all_acc_ast

Allows getting a balance of assets on any account within the system.

Query response will contain information about all the assets that ever been assigned to an account.

Related API method: Get Account Assets

Example

Admin creates Alice account in a different domain that has only can_get_all_acc_ast permission. Alice can access assets balance on Admin account.

admin = commons.new_user('admin@first')
alice = commons.new_user('alice@second')
iroha = Iroha(admin['id'])


@commons.hex
def genesis_tx():
    test_permissions = [primitive_pb2.can_get_all_acc_ast]
    genesis_commands = commons.genesis_block(admin, alice, test_permissions, multidomain=True)
    tx = iroha.transaction(genesis_commands)
    IrohaCrypto.sign_transaction(tx, admin['key'])
    return tx


@commons.hex
def account_assets_query():
    query = iroha.query('GetAccountAssets', creator_account=alice['id'], account_id=admin['id'])
    IrohaCrypto.sign_query(query, alice['key'])
    return query

9.3.5.3.2.2. can_get_domain_acc_ast

Allows getting a balance of specified asset on any account within the same domain as a domain of query creator account.

Query response will contain information about all the assets that ever been assigned to an account.

Related API method: Get Account Assets

Example

Admin creates Alice account in the same domain that has only can_get_domain_acc_ast permission. Alice can access assets balance on Admin account.

admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
iroha = Iroha(admin['id'])


@commons.hex
def genesis_tx():
    test_permissions = [primitive_pb2.can_get_domain_acc_ast]
    genesis_commands = commons.genesis_block(admin, alice, test_permissions)
    tx = iroha.transaction(genesis_commands)
    IrohaCrypto.sign_transaction(tx, admin['key'])
    return tx


@commons.hex
def account_assets_query():
    query = iroha.query('GetAccountAssets', account_id=admin['id'], creator_account=alice['id'])
    IrohaCrypto.sign_query(query, alice['key'])
    return query

9.3.5.3.2.3. can_get_my_acc_ast

Allows getting a balance of specified asset on account of query creator.

Query response will contain information about all the assets that ever been assigned to an account.

Related API method: Get Account Assets

Example

Admin creates Alice account in a domain that has only can_get_my_acc_ast permission. Alice can access assets balance on own account.

admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
iroha = Iroha(admin['id'])


@commons.hex
def genesis_tx():
    test_permissions = [primitive_pb2.can_get_my_acc_ast]
    genesis_commands = commons.genesis_block(admin, alice, test_permissions)
    tx = iroha.transaction(genesis_commands)
    IrohaCrypto.sign_transaction(tx, admin['key'])
    return tx


@commons.hex
def account_assets_query():
    query = iroha.query('GetAccountAssets', creator_account=alice['id'], account_id=alice['id'])
    IrohaCrypto.sign_query(query, alice['key'])
    return query

9.3.5.3.3. Account Asset Transaction

9.3.5.3.3.1. can_get_all_acc_ast_txs

Allows getting transactions associated with a specified asset and any account within the system.

Note

Incoming asset transfers will also appear in the query response.

Related API method: Get Account Asset Transactions

Example

Admin creates Alice account in a different domain that has can_get_all_acc_ast_txs, can_receive and can_transfer permissions. Admin issues some amount of coins and transfers them to Alice. Alice can query all transactions related to coins and Admin account.

admin = commons.new_user('admin@first')
alice = commons.new_user('alice@second')
iroha = Iroha(admin['id'])


@commons.hex
def genesis_tx():
    test_permissions = [
        primitive_pb2.can_get_all_acc_ast_txs,
        primitive_pb2.can_receive,
        primitive_pb2.can_transfer
    ]
    genesis_commands = commons.genesis_block(admin, alice, test_permissions, multidomain=True)
    genesis_commands.extend([
        iroha.command('CreateAsset', asset_name='coin', domain_id='first', precision=2),
        iroha.command('AddAssetQuantity', asset_id='coin#first', amount='300.00'),
        iroha.command('TransferAsset',
                      src_account_id=admin['id'],
                      dest_account_id=alice['id'],
                      asset_id='coin#first',
                      description='top up',
                      amount='200.00')
    ])
    tx = iroha.transaction(genesis_commands)
    IrohaCrypto.sign_transaction(tx, admin['key'])
    return tx


@commons.hex
def account_asset_transactions_query():
    query = iroha.query('GetAccountAssetTransactions', creator_account=alice['id'], page_size=10,
                        account_id=admin['id'], asset_id='coin#first')
    IrohaCrypto.sign_query(query, alice['key'])
    return query

9.3.5.3.3.2. can_get_domain_acc_ast_txs

Allows getting transactions associated with a specified asset and an account from the same domain as query creator.

Note

Incoming asset transfers will also appear in the query response.

Related API method: Get Account Asset Transactions

Example

Admin creates Alice in the same domain that has only can_get_domain_acc_ast_txs permission. Admin issues some amount of coins and transfers them to Alice. Alice can query all transactions related to coins and Admin account.

admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
iroha = Iroha(admin['id'])


@commons.hex
def genesis_tx():
    test_permissions = [primitive_pb2.can_get_domain_acc_ast_txs]
    genesis_commands = commons.genesis_block(admin, alice, test_permissions)
    genesis_commands.extend([
        iroha.command('CreateAsset', asset_name='coin', domain_id='test', precision=2),
        iroha.command('AddAssetQuantity', asset_id='coin#test', amount='500.69'),
        iroha.command('TransferAsset',
                      src_account_id=admin['id'],
                      dest_account_id=alice['id'],
                      asset_id='coin#test',
                      description='top up',
                      amount='10.00')
    ])
    tx = iroha.transaction(genesis_commands)
    IrohaCrypto.sign_transaction(tx, admin['key'])
    return tx


@commons.hex
def account_asset_transactions_query():
    query = iroha.query('GetAccountAssetTransactions', account_id=admin['id'],
                        asset_id='coin#test', creator_account=alice['id'], page_size=10)
    IrohaCrypto.sign_query(query, alice['key'])
    return query

9.3.5.3.3.3. can_get_my_acc_ast_txs

Allows getting transactions associated with the account of query creator and specified asset.

Note

Incoming asset transfers will also appear in the query response.

Related API method: Get Account Asset Transactions

Example

Admin creates Alice account in a domain that has only can_get_my_acc_ast_txs permission. Admin issues some amount of coins and transfers them to Alice. Alice can query all transactions related to coins and own account.

admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
iroha = Iroha(admin['id'])


@commons.hex
def genesis_tx():
    test_permissions = [primitive_pb2.can_get_my_acc_ast_txs]
    genesis_commands = commons.genesis_block(admin, alice, test_permissions)
    genesis_commands.extend([
        iroha.command('CreateAsset', asset_name='coin', domain_id='test', precision=2),
        iroha.command('AddAssetQuantity', asset_id='coin#test', amount='500.69'),
        iroha.command('TransferAsset',
                      src_account_id=admin['id'],
                      dest_account_id=alice['id'],
                      asset_id='coin#test',
                      description='top up',
                      amount='10.00')
    ])
    tx = iroha.transaction(genesis_commands)
    IrohaCrypto.sign_transaction(tx, admin['key'])
    return tx


@commons.hex
def account_asset_transactions_query():
    query = iroha.query('GetAccountAssetTransactions', creator_account=alice['id'], account_id=alice['id'],
                        asset_id='coin#test', page_size=10)
    IrohaCrypto.sign_query(query, alice['key'])
    return query

9.3.5.3.4. Account Transaction

9.3.5.3.4.1. can_get_all_acc_txs

Allows getting all transactions issued by any account within the system.

Note

Incoming asset transfer inside a transaction would NOT lead to an appearance of the transaction in the command output.

Related API method: Get Account Transactions

Example

Admin creates Alice account in a different domain that has only can_get_all_acc_txs permission. Alice can request all the transactions issues by Admin.

admin = commons.new_user('admin@first')
alice = commons.new_user('alice@second')
iroha = Iroha(admin['id'])


@commons.hex
def genesis_tx():
    test_permissions = [primitive_pb2.can_get_all_acc_txs]
    genesis_commands = commons.genesis_block(admin, alice, test_permissions, multidomain=True)
    tx = iroha.transaction(genesis_commands)
    IrohaCrypto.sign_transaction(tx, admin['key'])
    return tx


@commons.hex
def account_transactions_query():
    query = iroha.query('GetAccountTransactions', creator_account=alice['id'], account_id=admin['id'], page_size=10)
    IrohaCrypto.sign_query(query, alice['key'])
    return query

9.3.5.3.4.2. can_get_domain_acc_txs

Allows getting all transactions issued by any account from the same domain as query creator.

Note

Incoming asset transfer inside a transaction would NOT lead to an appearance of the transaction in the command output.

Related API method: Get Account Transactions

Example

Admin creates Alice account in the same domain that has only can_get_domain_acc_txs permission. Alice can request all the transactions issued by Admin.

admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
iroha = Iroha(admin['id'])


@commons.hex
def genesis_tx():
    test_permissions = [primitive_pb2.can_get_domain_acc_txs]
    genesis_commands = commons.genesis_block(admin, alice, test_permissions)
    tx = iroha.transaction(genesis_commands)
    IrohaCrypto.sign_transaction(tx, admin['key'])
    return tx


@commons.hex
def account_transactions_query():
    query = iroha.query('GetAccountTransactions', creator_account=alice['id'], account_id=admin['id'], page_size=10)
    IrohaCrypto.sign_query(query, alice['key'])
    return query

9.3.5.3.4.3. can_get_my_acc_txs

Allows getting all transactions issued by an account of query creator.

Note

Incoming asset transfer inside a transaction would NOT lead to an appearance of the transaction in the command output.

Related API method: Get Account Transactions

Example

Admin creates Alice account in a domain that has only can_get_my_acc_txs permission. Alice can get all transactions issued by own account.

admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
iroha = Iroha(admin['id'])


@commons.hex
def genesis_tx():
    test_permissions = [primitive_pb2.can_get_my_acc_txs]
    genesis_commands = commons.genesis_block(admin, alice, test_permissions)
    tx = iroha.transaction(genesis_commands)
    IrohaCrypto.sign_transaction(tx, admin['key'])
    return tx


@commons.hex
def account_transactions_query():
    query = iroha.query('GetAccountTransactions', creator_account=alice['id'], account_id=alice['id'], page_size=10)
    IrohaCrypto.sign_query(query, alice['key'])
    return query

9.3.5.3.5. Asset

9.3.5.3.5.1. can_read_assets

Allows getting information about asset precision.

Related API method: Get Asset Info

Example

Admin creates Alice account in a domain that has can_read_assets permissions. Alice can query information about any asset.

admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
iroha = Iroha(admin['id'])


@commons.hex
def genesis_tx():
    test_permissions = [primitive_pb2.can_read_assets]
    genesis_commands = commons.genesis_block(admin, alice, test_permissions)
    genesis_commands.append(
        iroha.command('CreateAsset', asset_name='coin', domain_id='test', precision=2)
    )
    tx = iroha.transaction(genesis_commands)
    IrohaCrypto.sign_transaction(tx, admin['key'])
    return tx


@commons.hex
def get_asset_query():
    query = iroha.query('GetAssetInfo', asset_id='coin#test', creator_account=alice['id'])
    IrohaCrypto.sign_query(query, alice['key'])
    return query

9.3.5.3.6. Block Stream

9.3.5.3.6.1. can_get_blocks

Allows reading blocks. Allows subscription to the stream of accepted blocks.

Related API methods: Get Block, Fetchcommits

9.3.5.3.7. Role

9.3.5.3.7.1. can_get_roles

Allows getting a list of roles within the system. Allows getting a list of permissions associated with a role.

Related API methods: Get Roles, Get Role Permissions

Example

Admin creates Alice account in a domain that has can_get_roles permission. Alice can query list of all existing roles. Alice can query list of permissions contained in any role.

admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
iroha = Iroha(admin['id'])


@commons.hex
def genesis_tx():
    test_permissions = [primitive_pb2.can_get_roles]
    genesis_commands = commons.genesis_block(admin, alice, test_permissions)
    tx = iroha.transaction(genesis_commands)
    IrohaCrypto.sign_transaction(tx, admin['key'])
    return tx


@commons.hex
def get_system_roles_query():
    query = iroha.query('GetRoles', creator_account=alice['id'])
    IrohaCrypto.sign_query(query, alice['key'])
    return query


@commons.hex
def get_role_permissions_query():
    query = iroha.query('GetRolePermissions', creator_account=alice['id'], counter=2, role_id='admin_role')
    IrohaCrypto.sign_query(query, alice['key'])
    return query

9.3.5.3.8. Signatory

9.3.5.3.8.1. can_get_all_signatories

Allows getting a list of public keys linked to an account within the system.

Related API method: Get Signatories

Example

Admin creates Alice account in a different domain that has only can_get_all_signatories permission. Alice can query a list of public keys related to Admin account.

admin = commons.new_user('admin@first')
alice = commons.new_user('alice@second')
iroha = Iroha(admin['id'])


@commons.hex
def genesis_tx():
    test_permissions = [primitive_pb2.can_get_all_signatories]
    genesis_commands = commons.genesis_block(admin, alice, test_permissions, multidomain=True)
    tx = iroha.transaction(genesis_commands)
    IrohaCrypto.sign_transaction(tx, admin['key'])
    return tx


@commons.hex
def signatories_query():
    query = iroha.query('GetSignatories', creator_account=alice['id'], account_id=admin['id'])
    IrohaCrypto.sign_query(query, alice['key'])
    return query

9.3.5.3.8.2. can_get_domain_signatories

Allows getting a list of public keys of any account within the same domain as the domain of query creator account.

Related API method: Get Signatories

Example

Admin creates Alice account in the same domain that has only can_get_domain_signatories permission. Alice can query a list of public keys related to Admin account.

admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
iroha = Iroha(admin['id'])


@commons.hex
def genesis_tx():
    test_permissions = [primitive_pb2.can_get_domain_signatories]
    genesis_commands = commons.genesis_block(admin, alice, test_permissions)
    tx = iroha.transaction(genesis_commands)
    IrohaCrypto.sign_transaction(tx, admin['key'])
    return tx


@commons.hex
def signatories_query():
    query = iroha.query('GetSignatories', creator_account=alice['id'], account_id=admin['id'])
    IrohaCrypto.sign_query(query, alice['key'])
    return query

9.3.5.3.8.3. can_get_my_signatories

Allows getting a list of public keys of query creator account.

Related API method: Get Signatories

Example

Admin creates Alice account in a domain that has only can_get_my_signatories permission. Alice can query a list of public keys related to own account.

admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
iroha = Iroha(admin['id'])


@commons.hex
def genesis_tx():
    test_permissions = [primitive_pb2.can_get_my_signatories]
    genesis_commands = commons.genesis_block(admin, alice, test_permissions)
    tx = iroha.transaction(genesis_commands)
    IrohaCrypto.sign_transaction(tx, admin['key'])
    return tx


@commons.hex
def signatories_query():
    query = iroha.query('GetSignatories', creator_account=alice['id'], account_id=alice['id'])
    IrohaCrypto.sign_query(query, alice['key'])
    return query

9.3.5.3.9. Transaction

9.3.5.3.9.1. can_get_all_txs

Allows getting any transaction by hash.

Related API method: Get Transactions

Example

Admin issues several transactions and creates Alice account in a different domain that has only can_get_all_txs permission. Alice (knowing transactions hashes) can query transactions issued by Admin Account.

admin = commons.new_user('admin@first')
alice = commons.new_user('alice@second')
iroha = Iroha(admin['id'])

admin_tx1_hash = None
admin_tx2_hash = None


@commons.hex
def genesis_tx():
    test_permissions = [primitive_pb2.can_get_all_txs]
    genesis_commands = commons.genesis_block(admin, alice, test_permissions, multidomain=True)
    tx = iroha.transaction(genesis_commands)
    IrohaCrypto.sign_transaction(tx, admin['key'])
    return tx


@commons.hex
def admin_action_1_tx():
    global admin_tx1_hash
    tx = iroha.transaction([
        iroha.command('CreateAsset', asset_name='coin', domain_id='second', precision=2)
    ])
    admin_tx1_hash = IrohaCrypto.hash(tx)
    IrohaCrypto.sign_transaction(tx, admin['key'])
    return tx


@commons.hex
def admin_action_2_tx():
    global admin_tx2_hash
    tx = iroha.transaction([
        iroha.command('SetAccountDetail', account_id=admin['id'], key='hyperledger', value='iroha')
    ])
    admin_tx2_hash = IrohaCrypto.hash(tx)
    IrohaCrypto.sign_transaction(tx, admin['key'])
    return tx


@commons.hex
def transactions_query():
    hashes = [
        binascii.hexlify(admin_tx1_hash),
        binascii.hexlify(admin_tx2_hash)
    ]
    query = iroha.query('GetTransactions', tx_hashes=hashes, creator_account=alice['id'])
    IrohaCrypto.sign_query(query, alice['key'])
    return query

9.3.5.3.9.2. can_get_my_txs

Allows getting transaction (that was issued by query creator) by hash.

Related API method: Get Transactions

Example

Admin creates Alice account in a different domain. Alice (knowing transactions hashes) issues several transactions. Alice can query own transactions.

admin = commons.new_user('admin@first')
alice = commons.new_user('alice@second')
iroha = Iroha(admin['id'])

alice_tx1_hash = None
alice_tx2_hash = None


@commons.hex
def genesis_tx():
    test_permissions = [
        primitive_pb2.can_get_my_txs,
        primitive_pb2.can_add_asset_qty,
        primitive_pb2.can_create_asset
    ]
    genesis_commands = commons.genesis_block(admin, alice, test_permissions, multidomain=True)
    tx = iroha.transaction(genesis_commands)
    IrohaCrypto.sign_transaction(tx, admin['key'])
    return tx


@commons.hex
def alice_action_1_tx():
    global alice_tx1_hash
    tx = iroha.transaction([
        iroha.command('CreateAsset', asset_name='coin', domain_id='first', precision=2)
    ], creator_account=alice['id'])
    alice_tx1_hash = IrohaCrypto.hash(tx)
    IrohaCrypto.sign_transaction(tx, alice['key'])
    return tx


@commons.hex
def alice_action_2_tx():
    global alice_tx2_hash
    tx = iroha.transaction([
        iroha.command('AddAssetQuantity', asset_id='coin#first', amount='600.30')
    ], creator_account=alice['id'])
    alice_tx2_hash = IrohaCrypto.hash(tx)
    IrohaCrypto.sign_transaction(tx, alice['key'])
    return tx


@commons.hex
def transactions_query():
    hashes = [
        binascii.hexlify(alice_tx1_hash),
        binascii.hexlify(alice_tx2_hash)
    ]
    query = iroha.query('GetTransactions', creator_account=alice['id'], tx_hashes=hashes)
    IrohaCrypto.sign_query(query, alice['key'])
    return query

9.3.5.3.10. Peer

9.3.5.3.10.1. can_get_peers

Allows to request the list of peers in the Iroha network.

Related API method: Get Peers

Example

Admin creates Alice account in any domain that has can_get_peers. Alice can now request the list of peers in the system.

admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
iroha = Iroha(admin['id'])


@commons.hex
def genesis_tx():
    test_permissions = [primitive_pb2.can_get_peers]
    genesis_commands = commons.genesis_block(admin, alice, test_permissions)
    tx = iroha.transaction(genesis_commands)
    IrohaCrypto.sign_transaction(tx, admin['key'])
    return tx


@commons.hex
def get_system_peers_query():
    query = iroha.query('GetPeers', creator_account=alice['id'])
    IrohaCrypto.sign_query(query, alice['key'])
    return query

9.3.5.3.11. Engine receipts

9.3.5.3.11.1. can_get_my_engine_receipts

Allows getting Engine Receipts (result from EVM) on account of query creator.

Related API method: Engine Receipts

Example

Admin creates Alice account in a domain that has only can_get_my_engine_receipts permission. Alice can get all transactions issued by own account.

9.3.5.3.11.2. can_get_domain_engine_receipts

Allows getting Engine Receipts (results from EVM) associated with a specified transaction from the same domain as query creator.

Related API method: Engine Receipts

Example

Admin creates Alice account in the same domain that has only can_get_domain_engine_receipts permission. Alice can request all the transactions issued by Admin.

9.3.5.3.11.3. can_get_all_engine_receipts

Allows getting all Engine Receipts (results from EVM) issued by any account within the system.

Related API method: Engine Receipts

Example

Admin creates Alice account in a different domain that has only can_get_all_engine_receipts permission. Alice can request all the transactions issues by Admin.

9.3.5.4. Supplementary Sources

commons.py

#
# Copyright Soramitsu Co., Ltd. All Rights Reserved.
# SPDX-License-Identifier: Apache-2.0
#

from iroha import primitive_pb2
from iroha import Iroha, IrohaCrypto
import binascii
from time import time

command = Iroha.command


def now():
    return int(time() * 1000)


def all_permissions():
    return [
        primitive_pb2.can_append_role,
        primitive_pb2.can_create_role,
        primitive_pb2.can_detach_role,
        primitive_pb2.can_add_asset_qty,
        primitive_pb2.can_subtract_asset_qty,
        primitive_pb2.can_add_peer,
        primitive_pb2.can_add_signatory,
        primitive_pb2.can_remove_signatory,
        primitive_pb2.can_set_quorum,
        primitive_pb2.can_create_account,
        primitive_pb2.can_set_detail,
        primitive_pb2.can_create_asset,
        primitive_pb2.can_transfer,
        primitive_pb2.can_receive,
        primitive_pb2.can_create_domain,
        primitive_pb2.can_read_assets,
        primitive_pb2.can_get_roles,
        primitive_pb2.can_get_my_account,
        primitive_pb2.can_get_all_accounts,
        primitive_pb2.can_get_domain_accounts,
        primitive_pb2.can_get_my_signatories,
        primitive_pb2.can_get_all_signatories,
        primitive_pb2.can_get_domain_signatories,
        primitive_pb2.can_get_my_acc_ast,
        primitive_pb2.can_get_all_acc_ast,
        primitive_pb2.can_get_domain_acc_ast,
        primitive_pb2.can_get_my_acc_detail,
        primitive_pb2.can_get_all_acc_detail,
        primitive_pb2.can_get_domain_acc_detail,
        primitive_pb2.can_get_my_acc_txs,
        primitive_pb2.can_get_all_acc_txs,
        primitive_pb2.can_get_domain_acc_txs,
        primitive_pb2.can_get_my_acc_ast_txs,
        primitive_pb2.can_get_all_acc_ast_txs,
        primitive_pb2.can_get_domain_acc_ast_txs,
        primitive_pb2.can_get_my_txs,
        primitive_pb2.can_get_all_txs,
        primitive_pb2.can_get_blocks,
        primitive_pb2.can_grant_can_set_my_quorum,
        primitive_pb2.can_grant_can_add_my_signatory,
        primitive_pb2.can_grant_can_remove_my_signatory,
        primitive_pb2.can_grant_can_transfer_my_assets,
        primitive_pb2.can_grant_can_set_my_account_detail
    ]


def genesis_block(admin, alice, test_permissions, multidomain=False):
    """
    Compose a set of common for all tests' genesis block transactions
    :param admin: dict of id and private key of admin
    :param alice: dict of id and private key of alice
    :param test_permissions: permissions for users in test domain
    :param multidomain: admin and alice accounts will be created in
    different domains and the first domain users will have admin right
    by default if True
    :return: a list of Iroha.command's
    """
    peer = primitive_pb2.Peer()
    peer.address = '127.0.0.1:50541'
    peer.peer_key = IrohaCrypto.derive_public_key(admin['key'])
    commands = [
        command('AddPeer', peer=peer),
        command('CreateRole', role_name='admin_role', permissions=all_permissions()),
        command('CreateRole', role_name='test_role', permissions=test_permissions)]
    if multidomain:
        commands.append(command('CreateDomain', domain_id='first', default_role='admin_role'))
    commands.extend([
        command('CreateDomain',
                domain_id='second' if multidomain else 'test',
                default_role='test_role'),
        command('CreateAccount',
                account_name='admin',
                domain_id='first' if multidomain else 'test',
                public_key=IrohaCrypto.derive_public_key(admin['key'])),
        command('CreateAccount',
                account_name='alice',
                domain_id='second' if multidomain else 'test',
                public_key=IrohaCrypto.derive_public_key(alice['key']))
    ])
    if not multidomain:
        commands.append(command('AppendRole', account_id=admin['id'], role_name='admin_role'))
    return commands


def new_user(user_id):
    private_key = IrohaCrypto.private_key()
    if user_id.lower().startswith('admin'):
        print('K{}'.format(private_key.decode('utf-8')))
    return {
        'id': user_id,
        'key': private_key
    }


def hex(generator):
    """
    Decorator for transactions' and queries generators.

    Allows preserving the type of binaries for Binary Testing Framework.
    """
    prefix = 'T' if generator.__name__.lower().endswith('tx') else 'Q'
    print('{}{}'.format(prefix, binascii.hexlify(generator().SerializeToString()).decode('utf-8')))