9.3.3. Permissions¶
Hyperledger Iroha uses a role-based access control system to limit actions of its users. This system greatly helps to implement use cases involving user groups having different access levels — ranging from the weak users, who can’t even receive asset transfer to the super-users. The beauty of our permission system is that you don’t have to have a super-user in your Iroha setup or use all the possible permissions: you can create segregated and lightweight roles.
Maintenance of the system involves setting up roles and permissions, that are included in the roles. This might be done at the initial step of system deployment — in genesis block, or later when Iroha network is up and running, roles can be changed (if there is a role that can do that :)
This section will help you to understand permissions and give you an idea of how to create roles including certain permissions. Each permission is provided with an example written in Python that demonstrates the way of transaction or query creation, which require specific permission. Every example uses commons.py module, which listing is available at Supplementary Sources section.
9.3.4. List of Permissions¶
Permission Name |
Category |
Type |
|---|---|---|
All Categories |
Command and Query |
|
Account |
Command |
|
Account |
Command |
|
can_set_my_account_detail |
Account |
Command |
Asset |
Command |
|
Asset |
Command |
|
Asset |
Command |
|
can_transfer_my_assets |
Asset |
Command |
Asset Quantity |
Command |
|
Asset Quantity |
Command |
|
Asset Quantity |
Command |
|
Asset Quantity |
Command |
|
Domain |
Command |
|
Grant |
Command |
|
Grant |
Command |
|
Grant |
Command |
|
Grant |
Command |
|
Grant |
Command |
|
Peer |
Command |
|
Peer |
Command |
|
Role |
Command |
|
Role |
Command |
|
Role |
Command |
|
can_add_my_signatory |
Signatory |
Command |
Signatory |
Command |
|
can_remove_my_signatory |
Signatory |
Command |
Signatory |
Command |
|
can_set_my_quorum |
Signatory |
Command |
Signatory |
Command |
|
Engine |
Command |
|
can_call_engine_on_my_behalf |
Engine |
Command |
Grant |
Command |
|
Account |
Query |
|
Account |
Query |
|
Account |
Query |
|
Account |
Query |
|
Account |
Query |
|
Account |
Query |
|
Account Asset |
Query |
|
Account Asset |
Query |
|
Account Asset |
Query |
|
Account Asset Transaction |
Query |
|
Account Asset Transaction |
Query |
|
Account Asset Transaction |
Query |
|
Account Transaction |
Query |
|
Account Transaction |
Query |
|
Account Transaction |
Query |
|
Asset |
Query |
|
Block Stream |
Query |
|
Role |
Query |
|
Signatory |
Query |
|
Signatory |
Query |
|
Signatory |
Query |
|
Transaction |
Query |
|
Transaction |
Query |
|
Peer |
Query |
|
Engine receipts |
Query |
|
Engine receipts |
Query |
|
Engine receipts |
Query |
9.3.5. Permissions Detailed¶
9.3.5.1. Command and Query-related permissions¶
9.3.5.1.1. All Categories¶
9.3.5.1.1.1. root¶
Allows executing all commands and queries without other permissions.
Note
This permission allows you to create and assign any roles with any permissions.
Example
Admin with root permission can create and assign a role with rights that he does not have.
9.3.5.2. Command-related permissions¶
9.3.5.2.1. Account¶
9.3.5.2.1.1. can_create_account¶
Allows creating new accounts.
Related API method: Create Account
Example
Admin creates domain “test” that contains only can_create_account permission and Alice account in that domain. Alice can create Bob account.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 | admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
bob = commons.new_user('bob@test')
iroha = Iroha(admin['id'])
@commons.hex
def genesis_tx():
test_permissions = [primitive_pb2.can_create_account]
genesis_commands = commons.genesis_block(admin, alice, test_permissions)
tx = iroha.transaction(genesis_commands)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def create_account_tx():
tx = iroha.transaction([
iroha.command('CreateAccount', account_name='bob', domain_id='test', public_key=bob['key'])
], creator_account=alice['id'])
IrohaCrypto.sign_transaction(tx, alice['key'])
return tx
|
9.3.5.2.1.2. can_set_detail¶
Allows setting account detail.
The permission allows setting details to other accounts. Another way to set detail without can_set_detail permission is to grant can_set_my_account_detail permission to someone. In order to grant, transaction creator should have can_grant_can_set_my_account_detail permission.
Note
Transaction creator can always set detail for own account even without that permission.
Related API method: Set Account Detail
Example
Admin creates domain “test” that contains only can_set_detail permission and Alice account in that domain. Alice can set detail for Admin account.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 | admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
iroha = Iroha(admin['id'])
@commons.hex
def genesis_tx():
test_permissions = [primitive_pb2.can_set_detail]
genesis_commands = commons.genesis_block(admin, alice, test_permissions)
tx = iroha.transaction(genesis_commands)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def set_account_detail_tx():
tx = iroha.transaction([
iroha.command('SetAccountDetail', account_id=admin['id'], key='fav_color', value='red')
], creator_account=alice['id'])
IrohaCrypto.sign_transaction(tx, alice['key'])
return tx
|
9.3.5.2.1.3. can_set_my_account_detail¶
Hint
This is a grantable permission.
Permission that allows a specified account to set details for the another specified account.
Note
To grant the permission an account should already have a role with can_grant_can_set_my_account_detail permission.
Related API method: Set Account Detail
Example
Admin creates domain “test” that contains only can_grant_can_set_my_account_detail permission and two accounts for Alice and Bob in that domain. Alice grants to Bob can_set_my_account_detail permission. Bob can set detail for Alice account.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 | admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
bob = commons.new_user('bob@test')
iroha = Iroha(admin['id'])
@commons.hex
def genesis_tx():
test_permissions = [primitive_pb2.can_grant_can_set_my_account_detail]
genesis_commands = commons.genesis_block(admin, alice, test_permissions)
genesis_commands.append(
iroha.command('CreateAccount', account_name='bob', domain_id='test',
public_key=IrohaCrypto.derive_public_key(bob['key']))
)
tx = iroha.transaction(genesis_commands)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def grant_permission_tx():
tx = iroha.transaction([
iroha.command('GrantPermission', account_id=bob['id'], permission=primitive_pb2.can_set_my_account_detail)
], creator_account=alice['id'])
IrohaCrypto.sign_transaction(tx, alice['key'])
return tx
@commons.hex
def set_detail_tx():
tx = iroha.transaction([
iroha.command('SetAccountDetail', account_id=alice['id'], key='fav_year', value='2019')
], creator_account=bob['id'])
IrohaCrypto.sign_transaction(tx, bob['key'])
return tx
|
9.3.5.2.2. Asset¶
9.3.5.2.2.1. can_create_asset¶
Allows creating new assets.
Related API method: Create Asset
Example
Admin creates domain “test” that contains only can_create_asset permission and Alice account in that domain. Alice can create new assets.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 | admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
iroha = Iroha(admin['id'])
@commons.hex
def genesis_tx():
test_permissions = [primitive_pb2.can_create_asset]
genesis_commands = commons.genesis_block(admin, alice, test_permissions)
tx = iroha.transaction(genesis_commands)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def create_asset_tx():
tx = iroha.transaction([
iroha.command('CreateAsset', asset_name='coin', domain_id='test', precision=2)
], creator_account=alice['id'])
IrohaCrypto.sign_transaction(tx, alice['key'])
return tx
|
9.3.5.2.2.2. can_receive¶
Allows account receive assets.
Related API method: Transfer Asset
Example
Admin creates domain “test” that contains can_receive and can_transfer permissions and two accounts for Alice and Bob. Admin creates “coin” asset, adds some quantity of it and transfers the asset to Alice. Alice can transfer assets to Bob (Alice has can_transfer permission and Bob has can_receive permission).
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 | admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
bob = commons.new_user('bob@test')
iroha = Iroha(admin['id'])
@commons.hex
def genesis_tx():
test_permissions = [primitive_pb2.can_transfer, primitive_pb2.can_receive]
genesis_commands = commons.genesis_block(admin, alice, test_permissions)
genesis_commands.extend([
iroha.command('CreateAccount', account_name='bob', domain_id='test',
public_key=IrohaCrypto.derive_public_key(bob['key'])),
iroha.command('CreateAsset', asset_name='coin', domain_id='test', precision=2),
iroha.command('AddAssetQuantity', asset_id='coin#test', amount='90.00'),
iroha.command('TransferAsset',
src_account_id=admin['id'],
dest_account_id=alice['id'],
asset_id='coin#test',
description='init top up',
amount='90.00')
])
tx = iroha.transaction(genesis_commands)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def transfer_asset_tx():
tx = iroha.transaction([
iroha.command('TransferAsset',
src_account_id=alice['id'],
dest_account_id=bob['id'],
asset_id='coin#test',
description='transfer to Bob',
amount='60.00')
], creator_account=alice['id'])
IrohaCrypto.sign_transaction(tx, alice['key'])
return tx
|
9.3.5.2.2.3. can_transfer¶
Allows sending assets from an account of transaction creator.
You can transfer an asset from one domain to another, even if the other domain does not have an asset with the same name.
Note
Destination account should have can_receive permission.
Related API method: Transfer Asset
1 2 3 4 5 6 7 8 9 10 | #
# Copyright Soramitsu Co., Ltd. All Rights Reserved.
# SPDX-License-Identifier: Apache-2.0
#
import can_receive
# Please see example for can_receive permission.
# By design can_receive and can_transfer permissions
# can be tested only together.
|
9.3.5.2.2.4. can_transfer_my_assets¶
Hint
This is a grantable permission.
Permission that allows a specified account to transfer assets of another specified account.
See the example (to be done) for the usage details.
Related API method: Transfer Asset
Example
Admin creates domain “test” that contains can_grant_can_transfer_my_assets, can_receive, can_transfer permissions and two accounts for Alice and Bob in that domain. Admin issues some amount of “coin” asset and transfers it to Alice. Alice grants to Bob can_transfer_my_assets permission. Bob can transfer Alice’s assets to any account that has can_receive permission, for example, to Admin.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 | admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
bob = commons.new_user('bob@test')
iroha = Iroha(admin['id'])
@commons.hex
def genesis_tx():
test_permissions = [
primitive_pb2.can_grant_can_transfer_my_assets,
primitive_pb2.can_receive,
primitive_pb2.can_transfer
]
genesis_commands = commons.genesis_block(admin, alice, test_permissions)
genesis_commands.extend([
iroha.command('CreateAccount', account_name='bob', domain_id='test',
public_key=IrohaCrypto.derive_public_key(bob['key'])),
iroha.command('CreateAsset', asset_name='coin', domain_id='test', precision=2),
iroha.command('AddAssetQuantity', asset_id='coin#test', amount='100.00'),
iroha.command('TransferAsset',
src_account_id=admin['id'],
dest_account_id=alice['id'],
asset_id='coin#test',
description='init top up',
amount='90.00')
])
tx = iroha.transaction(genesis_commands)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def grant_permission_tx():
tx = iroha.transaction([
iroha.command('GrantPermission', account_id=bob['id'], permission=primitive_pb2.can_transfer_my_assets)
], creator_account=alice['id'])
IrohaCrypto.sign_transaction(tx, alice['key'])
return tx
@commons.hex
def transfer_asset_tx():
tx = iroha.transaction([
iroha.command('TransferAsset',
src_account_id=alice['id'],
dest_account_id=admin['id'],
asset_id='coin#test',
description='transfer from Alice to Admin by Bob',
amount='60.00')
], creator_account=bob['id'])
IrohaCrypto.sign_transaction(tx, bob['key'])
return tx
|
9.3.5.2.3. Asset Quantity¶
9.3.5.2.3.1. can_add_asset_qty¶
Allows issuing assets.
The corresponding command can be executed only for an account of transaction creator and only if that account has a role with the permission.
Related API method: Add Asset Quantity
Example
Admin creates domain “test” that contains only can_add_asset_qty permission and Alice account in that domain. Admin creates “coin” asset. Alice can add to own account any amount of any asset (e.g. “coin” asset).
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 | admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
iroha = Iroha(admin['id'])
@commons.hex
def genesis_tx():
test_permissions = [primitive_pb2.can_add_asset_qty]
genesis_commands = commons.genesis_block(admin, alice, test_permissions)
genesis_commands.append(
iroha.command('CreateAsset', asset_name='coin', domain_id='test', precision=2))
tx = iroha.transaction(genesis_commands)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def add_asset_tx():
tx = iroha.transaction([
iroha.command('AddAssetQuantity', asset_id='coin#test', amount='5000.99')
], creator_account=alice['id'])
IrohaCrypto.sign_transaction(tx, alice['key'])
return tx
|
9.3.5.2.3.2. can_subtract_asset_qty¶
Allows burning assets.
The corresponding command can be executed only for an account of transaction creator and only if that account has a role with the permission.
Related API method: Subtract Asset Quantity
Example
Admin creates domain “test” that contains only can_subtract_asset_qty permission and Alice account in that domain. Admin issues some amount of “coin” asset and transfers some amount of “coin” asset to Alice. Alice can burn any amount of “coin” assets.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 | admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
iroha = Iroha(admin['id'])
@commons.hex
def genesis_tx():
test_permissions = [primitive_pb2.can_subtract_asset_qty]
genesis_commands = commons.genesis_block(admin, alice, test_permissions)
genesis_commands.extend([
iroha.command('CreateAsset', asset_name='coin', domain_id='test', precision=2),
iroha.command('AddAssetQuantity', asset_id='coin#test', amount='1000.00'),
iroha.command('TransferAsset',
src_account_id=admin['id'],
dest_account_id=alice['id'],
asset_id='coin#test',
description='init top up',
amount='999.99')
])
tx = iroha.transaction(genesis_commands)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def subtract_asset_tx():
tx = iroha.transaction([
iroha.command('SubtractAssetQuantity', asset_id='coin#test', amount='999.99')
], creator_account=alice['id'])
IrohaCrypto.sign_transaction(tx, alice['key'])
return tx
|
9.3.5.2.3.3. can_add_domain_asset_qty¶
Allows issuing assets only in own domain.
The corresponding command can be executed only for an account of transaction creator and only if that account has a role with the permission and only for assets in creator’s domain.
Related API method: Add Asset Quantity
1 2 3 4 5 6 7 8 9 10 | #
# Copyright Soramitsu Co., Ltd. All Rights Reserved.
# SPDX-License-Identifier: Apache-2.0
#
import can_add_asset_qty
# Please see example for can_add_asset_qty permission.
# TODO igor-egorov 21.01.2019 IR-240
|
9.3.5.2.3.4. can_subtract_domain_asset_qty¶
Allows burning assets only in own domain.
The corresponding command can be executed only for an account of transaction creator and only if that account has a role with the permission and only for assets in creator’s domain.
Related API method: Subtract Asset Quantity
1 2 3 4 5 6 7 8 9 10 | #
# Copyright Soramitsu Co., Ltd. All Rights Reserved.
# SPDX-License-Identifier: Apache-2.0
#
import can_subtract_asset_qty
# Please see example for can_subtract_asset_qty permission.
# TODO igor-egorov 21.01.2019 IR-240
|
9.3.5.2.4. Domain¶
9.3.5.2.4.1. can_create_domain¶
Allows creating new domains within the system.
Related API method: Create Domain
Example
Admin creates domain that contains only can_create_domain permission and Alice account in that domain. Alice can create new domains.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 | admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
iroha = Iroha(admin['id'])
@commons.hex
def genesis_tx():
test_permissions = [primitive_pb2.can_create_domain]
genesis_commands = commons.genesis_block(admin, alice, test_permissions)
tx = iroha.transaction(genesis_commands)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def create_domain_tx():
# 'test_role' was created in genesis transaction
tx = iroha.transaction([
iroha.command('CreateDomain', domain_id='another-domain', default_role='test_role')
], creator_account=alice['id'])
IrohaCrypto.sign_transaction(tx, alice['key'])
return tx
|
9.3.5.2.5. Grant¶
9.3.5.2.5.1. can_grant_can_add_my_signatory¶
Allows role owners grant can_add_my_signatory permission.
Related API methods: Grant Permission, Revoke Permission
Example
Admin creates domain that contains only can_grant_can_add_my_signatory permission and two accounts for Alice and Bob in that domain. Alice can grant to Bob and revoke can_add_my_signatory permission.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 | admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
bob = commons.new_user('bob@test')
iroha = Iroha(admin['id'])
@commons.hex
def genesis_tx():
test_permissions = [primitive_pb2.can_grant_can_add_my_signatory]
genesis_commands = commons.genesis_block(admin, alice, test_permissions)
genesis_commands.append(
iroha.command('CreateAccount', account_name='bob', domain_id='test',
public_key=IrohaCrypto.derive_public_key(bob['key'])))
tx = iroha.transaction(genesis_commands)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def grant_can_add_my_signatory_tx():
tx = iroha.transaction([
iroha.command('GrantPermission', account_id=bob['id'], permission=primitive_pb2.can_add_my_signatory)
], creator_account=alice['id'])
IrohaCrypto.sign_transaction(tx, alice['key'])
return tx
@commons.hex
def revoke_can_add_my_signatory_tx():
tx = iroha.transaction([
iroha.command('RevokePermission', account_id=bob['id'], permission=primitive_pb2.can_add_my_signatory)
], creator_account=alice['id'])
IrohaCrypto.sign_transaction(tx, alice['key'])
return tx
|
9.3.5.2.5.2. can_grant_can_remove_my_signatory¶
Allows role owners grant can_remove_my_signatory permission.
Related API methods: Grant Permission, Revoke Permission
Example
Admin creates domain that contains only can_grant_can_remove_my_signatory permission and two accounts for Alice and Bob in that domain. Alice can grant to Bob and revoke can_remove_my_signatory permission.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 | admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
bob = commons.new_user('bob@test')
iroha = Iroha(admin['id'])
@commons.hex
def genesis_tx():
test_permissions = [primitive_pb2.can_grant_can_remove_my_signatory]
genesis_commands = commons.genesis_block(admin, alice, test_permissions)
genesis_commands.append(
iroha.command('CreateAccount', account_name='bob', domain_id='test',
public_key=IrohaCrypto.derive_public_key(bob['key'])))
tx = iroha.transaction(genesis_commands)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def grant_can_remove_my_signatory_tx():
tx = iroha.transaction([
iroha.command('GrantPermission', account_id=bob['id'], permission=primitive_pb2.can_remove_my_signatory)
], creator_account=alice['id'])
IrohaCrypto.sign_transaction(tx, alice['key'])
return tx
@commons.hex
def revoke_can_remove_my_signatory_tx():
tx = iroha.transaction([
iroha.command('RevokePermission', account_id=bob['id'], permission=primitive_pb2.can_remove_my_signatory)
], creator_account=alice['id'])
IrohaCrypto.sign_transaction(tx, alice['key'])
return tx
|
9.3.5.2.5.3. can_grant_can_set_my_account_detail¶
Allows role owners grant can_set_my_account_detail permission.
Related API methods: Grant Permission, Revoke Permission
Example
Admin creates domain that contains only can_grant_can_set_my_account_detail permission and two accounts for Alice and Bob in that domain. Alice can grant to Bob and revoke can_set_my_account_detail permission.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 | admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
bob = commons.new_user('bob@test')
iroha = Iroha(admin['id'])
@commons.hex
def genesis_tx():
test_permissions = [primitive_pb2.can_grant_can_set_my_account_detail]
genesis_commands = commons.genesis_block(admin, alice, test_permissions)
genesis_commands.append(
iroha.command('CreateAccount', account_name='bob', domain_id='test',
public_key=IrohaCrypto.derive_public_key(bob['key'])))
tx = iroha.transaction(genesis_commands)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def grant_can_set_my_account_detail_tx():
tx = iroha.transaction([
iroha.command('GrantPermission', account_id=bob['id'], permission=primitive_pb2.can_set_my_account_detail)
], creator_account=alice['id'])
IrohaCrypto.sign_transaction(tx, alice['key'])
return tx
@commons.hex
def revoke_can_set_my_account_detail_tx():
tx = iroha.transaction([
iroha.command('RevokePermission', account_id=bob['id'], permission=primitive_pb2.can_set_my_account_detail)
], creator_account=alice['id'])
IrohaCrypto.sign_transaction(tx, alice['key'])
return tx
|
9.3.5.2.5.4. can_grant_can_set_my_quorum¶
Allows role owners grant can_set_my_quorum permission.
Related API methods: Grant Permission, Revoke Permission
Example
Admin creates domain that contains only can_grant_can_set_my_quorum permission and two accounts for Alice and Bob in that domain. Alice can grant to Bob and revoke can_set_my_quorum permission.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 | admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
bob = commons.new_user('bob@test')
iroha = Iroha(admin['id'])
@commons.hex
def genesis_tx():
test_permissions = [primitive_pb2.can_grant_can_set_my_quorum]
genesis_commands = commons.genesis_block(admin, alice, test_permissions)
genesis_commands.append(
iroha.command('CreateAccount', account_name='bob', domain_id='test',
public_key=IrohaCrypto.derive_public_key(bob['key']))
)
tx = iroha.transaction(genesis_commands)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def grant_can_set_my_quorum_tx():
tx = iroha.transaction([
iroha.command('GrantPermission', account_id=bob['id'], permission=primitive_pb2.can_set_my_quorum)
], creator_account=alice['id'])
IrohaCrypto.sign_transaction(tx, alice['key'])
return tx
@commons.hex
def revoke_can_set_my_quorum_tx():
tx = iroha.transaction([
iroha.command('RevokePermission', account_id=bob['id'], permission=primitive_pb2.can_set_my_quorum)
], creator_account=alice['id'])
IrohaCrypto.sign_transaction(tx, alice['key'])
return tx
|
9.3.5.2.5.5. can_grant_can_transfer_my_assets¶
Allows role owners grant can_transfer_my_assets permission.
Related API methods: Grant Permission, Revoke Permission
Example
Admin creates domain that contains only can_grant_can_transfer_my_assets permission and two accounts for Alice and Bob in that domain. Alice can grant to Bob and revoke can_transfer_my_assets permission.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 | admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
bob = commons.new_user('bob@test')
iroha = Iroha(admin['id'])
@commons.hex
def genesis_tx():
test_permissions = [
primitive_pb2.can_grant_can_transfer_my_assets,
primitive_pb2.can_receive,
primitive_pb2.can_transfer
]
genesis_commands = commons.genesis_block(admin, alice, test_permissions)
genesis_commands.extend([
iroha.command('CreateAccount', account_name='bob', domain_id='test',
public_key=IrohaCrypto.derive_public_key(bob['key'])),
iroha.command('CreateAsset', asset_name='coin', domain_id='test', precision=2),
iroha.command('AddAssetQuantity', asset_id='coin#test', amount='100.00'),
iroha.command('TransferAsset',
src_account_id=admin['id'],
dest_account_id=alice['id'],
asset_id='coin#test',
description='init top up',
amount='90.00')
])
tx = iroha.transaction(genesis_commands)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def grant_can_transfer_my_assets_tx():
tx = iroha.transaction([
iroha.command('GrantPermission', account_id=bob['id'], permission=primitive_pb2.can_transfer_my_assets)
], creator_account=alice['id'])
IrohaCrypto.sign_transaction(tx, alice['key'])
return tx
@commons.hex
def revoke_can_transfer_my_assets_tx():
tx = iroha.transaction([
iroha.command('RevokePermission', account_id=bob['id'], permission=primitive_pb2.can_transfer_my_assets)
], creator_account=alice['id'])
IrohaCrypto.sign_transaction(tx, alice['key'])
return tx
|
9.3.5.2.6. Peer¶
9.3.5.2.6.1. can_add_peer¶
Allows adding peers to the network.
A new peer will be a valid participant in the next consensus round after an agreement on transaction containing “addPeer” command.
Related API method: Add Peer
Example
Admin creates domain that contains only can_add_peer permission and Alice account in that domain. Alice can add new peers.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 | admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
iroha = Iroha(admin['id'])
@commons.hex
def genesis_tx():
test_permissions = [primitive_pb2.can_add_peer]
genesis_commands = commons.genesis_block(admin, alice, test_permissions)
tx = iroha.transaction(genesis_commands)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def add_peer_tx():
peer_key = IrohaCrypto.private_key()
peer = primitive_pb2.Peer()
peer.address = '192.168.10.10:50541'
peer.peer_key = IrohaCrypto.derive_public_key(peer_key)
tx = iroha.transaction([
iroha.command('AddPeer', peer=peer)
], creator_account=alice['id'])
IrohaCrypto.sign_transaction(tx, alice['key'])
return tx
|
9.3.5.2.6.2. can_remove_peer¶
Allows removing peers from the network.
Removed peer will not participate in the next consensus round after an agreement on transaction containing “removePeer” command.
Related API method: Remove Peer
Example
Admin creates domain that contains only can_remove_peer permission and Alice account in that domain. Admin adds a second peer. Alice can remove existing peers.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 | admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
iroha = Iroha(admin['id'])
peer_key = IrohaCrypto.private_key()
peer = primitive_pb2.Peer()
peer.address = '192.168.10.10:50541'
peer.peer_key = IrohaCrypto.derive_public_key(peer_key)
@commons.hex
def genesis_tx():
test_permissions = [primitive_pb2.can_remove_peer]
genesis_commands = commons.genesis_block(admin, alice, test_permissions)
genesis_commands.append(Iroha.command('AddPeer', peer=peer))
tx = iroha.transaction(genesis_commands)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def remove_peer_tx():
peer_key = IrohaCrypto.private_key()
tx = iroha.transaction([
iroha.command('RemovePeer', public_key=peer.peer_key)
], creator_account=alice['id'])
IrohaCrypto.sign_transaction(tx, alice['key'])
return tx
|
9.3.5.2.7. Role¶
9.3.5.2.7.1. can_append_role¶
Allows appending roles to another account.
You can append only that role that has lesser or the same set of privileges as transaction creator.
Related API method: Append Role
Example
Admin creates domain that contains can_append_role and can_add_peer permissions and two accounts for Alice and Bob in that domain. Admin creates the second role that contains only can_add_peer permission. Alice can append role to Bob.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 | admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
bob = commons.new_user('bob@test')
iroha = Iroha(admin['id'])
@commons.hex
def genesis_tx():
test_permissions = [primitive_pb2.can_append_role, primitive_pb2.can_add_peer]
second_role_permissions = [primitive_pb2.can_add_peer]
genesis_commands = commons.genesis_block(admin, alice, test_permissions)
genesis_commands.extend([
iroha.command('CreateRole', role_name='second_role', permissions=second_role_permissions),
iroha.command('CreateAccount', account_name='bob', domain_id='test',
public_key=IrohaCrypto.derive_public_key(bob['key'])),
iroha.command('AppendRole', account_id=alice['id'], role_name='second_role')
])
tx = iroha.transaction(genesis_commands)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def append_role_tx():
# Note that you can append only that role that has
# lesser or the same set of permissions as transaction creator.
tx = iroha.transaction([
iroha.command('AppendRole', account_id=bob['id'], role_name='second_role')
], creator_account=alice['id'])
IrohaCrypto.sign_transaction(tx, alice['key'])
return tx
|
9.3.5.2.7.2. can_create_role¶
Allows creating a new role within a system.
Possible set of permissions for a new role is limited to those permissions that transaction creator has.
Related API method: Create Role
Example
Admin creates domain that contains only can_create_role permission and Alice account in that domain. Alice can create new roles.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 | admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
iroha = Iroha(admin['id'])
@commons.hex
def genesis_tx():
test_permissions = [primitive_pb2.can_create_role, primitive_pb2.can_create_domain]
genesis_commands = commons.genesis_block(admin, alice, test_permissions)
tx = iroha.transaction(genesis_commands)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def create_role_tx():
# You can pick only those permissions that
# already belong to account of transaction creator.
role_permissions = [primitive_pb2.can_create_domain]
tx = iroha.transaction([
iroha.command('CreateRole', role_name='newrole', permissions=role_permissions)
], creator_account=alice['id'])
IrohaCrypto.sign_transaction(tx, alice['key'])
return tx
|
9.3.5.2.7.3. can_detach_role¶
Allows revoking a role from a user.
Note
Due to a known issue the permission allows to detach any role without limitations https://soramitsu.atlassian.net/browse/IR-1468
Related API method: Detach Role
Example
Admin creates domain that contains only can_detach_role permission and creates Alice account in that domain. Admin has two roles test_role and admin_role. Alice can detach test_role from Admin account.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 | admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
iroha = Iroha(admin['id'])
@commons.hex
def genesis_tx():
test_permissions = [primitive_pb2.can_detach_role]
genesis_commands = commons.genesis_block(admin, alice, test_permissions)
tx = iroha.transaction(genesis_commands)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def detach_role_tx():
tx = iroha.transaction([
iroha.command('DetachRole', account_id=admin['id'], role_name='test_role')
], creator_account=alice['id'])
IrohaCrypto.sign_transaction(tx, alice['key'])
return tx
|
9.3.5.2.8. Signatory¶
9.3.5.2.8.1. can_add_my_signatory¶
Hint
This is a grantable permission.
Permission that allows a specified account to add an extra public key to the another specified account.
Related API method: Add Signatory
Example
Admin creates domain that contains only can_grant_can_add_my_signatory permission and two accounts for Alice and Bob in that domain. Alice can grant to Bob can_add_my_signatory permission. Bob can add an extra key to Alice account.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 | admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
bob = commons.new_user('bob@test')
iroha = Iroha(admin['id'])
@commons.hex
def genesis_tx():
test_permissions = [primitive_pb2.can_grant_can_add_my_signatory]
genesis_commands = commons.genesis_block(admin, alice, test_permissions)
genesis_commands.append(
iroha.command('CreateAccount', account_name='bob', domain_id='test',
public_key=IrohaCrypto.derive_public_key(bob['key'])))
tx = iroha.transaction(genesis_commands)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def grant_can_add_my_signatory_tx():
tx = iroha.transaction([
iroha.command('GrantPermission', account_id=bob['id'], permission=primitive_pb2.can_add_my_signatory)
], creator_account=alice['id'])
IrohaCrypto.sign_transaction(tx, alice['key'])
return tx
@commons.hex
def add_signatory_tx():
extra_key = IrohaCrypto.private_key()
tx = iroha.transaction([
iroha.command('AddSignatory', account_id=alice['id'],
public_key=IrohaCrypto.derive_public_key(extra_key))
], creator_account=bob['id'])
IrohaCrypto.sign_transaction(tx, bob['key'])
return tx
|
9.3.5.2.8.2. can_add_signatory¶
Allows linking additional public keys to account.
The corresponding command can be executed only for an account of transaction creator and only if that account has a role with the permission.
Related API method: Add Signatory
Example
Admin creates domain that contains only can_add_signatory permission and Alice account in that domain. Alice can add to own account additional keys.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 | admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
iroha = Iroha(admin['id'])
@commons.hex
def genesis_tx():
test_permissions = [primitive_pb2.can_add_signatory]
genesis_commands = commons.genesis_block(admin, alice, test_permissions)
tx = iroha.transaction(genesis_commands)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def add_signatory_tx():
extra_key = IrohaCrypto.private_key()
tx = iroha.transaction([
iroha.command('AddSignatory', account_id=alice['id'],
public_key=IrohaCrypto.derive_public_key(extra_key))
], creator_account=alice['id'])
IrohaCrypto.sign_transaction(tx, alice['key'])
return tx
|
9.3.5.2.8.3. can_remove_my_signatory¶
Hint
This is a grantable permission.
Permission that allows a specified account remove public key from the another specified account.
See the example (to be done) for the usage details.
Related API method: Remove Signatory
Example
Admin creates domain that contains can_add_signatory and can_grant_can_remove_my_signatory permissions and two accounts for Alice and Bob. Alice grants can_remove_my_signatory permission to Bob and adds additional key to own account. Bob can remove one of Alice’s keys.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 | admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
bob = commons.new_user('bob@test')
iroha = Iroha(admin['id'])
@commons.hex
def genesis_tx():
test_permissions = [
primitive_pb2.can_grant_can_remove_my_signatory,
primitive_pb2.can_add_signatory
]
genesis_commands = commons.genesis_block(admin, alice, test_permissions)
genesis_commands.append(
iroha.command('CreateAccount', account_name='bob', domain_id='test',
public_key=IrohaCrypto.derive_public_key(bob['key']))
)
tx = iroha.transaction(genesis_commands)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def grant_can_remove_my_signatory_tx():
extra_key = IrohaCrypto.private_key()
tx = iroha.transaction([
iroha.command('GrantPermission', account_id=bob['id'], permission=primitive_pb2.can_remove_my_signatory),
iroha.command('AddSignatory', account_id=alice['id'],
public_key=IrohaCrypto.derive_public_key(extra_key))
], creator_account=alice['id'])
IrohaCrypto.sign_transaction(tx, alice['key'])
return tx
@commons.hex
def remove_signatory_tx():
tx = iroha.transaction([
iroha.command('RemoveSignatory', account_id=alice['id'],
public_key=IrohaCrypto.derive_public_key(alice['key']))
], creator_account=bob['id'])
IrohaCrypto.sign_transaction(tx, bob['key'])
return tx
|
9.3.5.2.8.4. can_remove_signatory¶
Allows unlinking additional public keys from an account.
The corresponding command can be executed only for an account of transaction creator and only if that account has a role with the permission.
Related API method: Remove Signatory
Example
Admin creates domain that contains can_remove_signatory permission and Alice account in that domain. Admin adds an extra key to Alice account. Alice can remove one of the keys.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 | admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
iroha = Iroha(admin['id'])
@commons.hex
def genesis_tx():
test_permissions = [primitive_pb2.can_remove_signatory]
extra_key = IrohaCrypto.private_key()
genesis_commands = commons.genesis_block(admin, alice, test_permissions)
genesis_commands.append(
iroha.command('AddSignatory', account_id=alice['id'],
public_key=IrohaCrypto.derive_public_key(extra_key))
)
tx = iroha.transaction(genesis_commands)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def remove_signatory_tx():
tx = iroha.transaction([
iroha.command('RemoveSignatory', account_id=alice['id'],
public_key=IrohaCrypto.derive_public_key(alice['key']))
], creator_account=alice['id'])
IrohaCrypto.sign_transaction(tx, alice['key'])
return tx
|
9.3.5.2.8.5. can_set_my_quorum¶
Hint
This is a grantable permission.
Permission that allows a specified account to set quorum for the another specified account.
Account should have greater or equal amount of keys than quorum.
Related API method: Set Account Quorum
Example
Admin creates domain that contains can_grant_can_set_my_quorum and can_add_signatory permissions and create two accounts for Alice and Bob in that domain. Alice grants to Bob can_set_my_quorum permission and adds an extra key to account. Bob can set quorum for Alice.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 | admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
bob = commons.new_user('bob@test')
iroha = Iroha(admin['id'])
@commons.hex
def genesis_tx():
test_permissions = [
primitive_pb2.can_grant_can_set_my_quorum,
primitive_pb2.can_add_signatory
]
genesis_commands = commons.genesis_block(admin, alice, test_permissions)
genesis_commands.append(
iroha.command('CreateAccount', account_name='bob', domain_id='test',
public_key=IrohaCrypto.derive_public_key(bob['key']))
)
tx = iroha.transaction(genesis_commands)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def grant_can_set_my_quorum_tx():
extra_key = IrohaCrypto.private_key()
tx = iroha.transaction([
iroha.command('GrantPermission', account_id=bob['id'], permission=primitive_pb2.can_set_my_quorum),
iroha.command('AddSignatory', account_id=alice['id'],
public_key=IrohaCrypto.derive_public_key(extra_key))
], creator_account=alice['id'])
IrohaCrypto.sign_transaction(tx, alice['key'])
return tx
@commons.hex
def set_quorum_tx():
tx = iroha.transaction([
iroha.command('SetAccountQuorum', account_id=alice['id'], quorum=2)
], creator_account=bob['id'])
IrohaCrypto.sign_transaction(tx, bob['key'])
return tx
|
9.3.5.2.8.6. can_set_quorum¶
Allows setting quorum.
At least the same number (or more) of public keys should be already linked to an account.
Related API method: Set Account Quorum
Example
Admin creates domain that contains only can_set_quorum permission and creates Alice account in that domain. Admin adds an extra key for Alice account. Alice can set quorum equals two.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 | admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
iroha = Iroha(admin['id'])
@commons.hex
def genesis_tx():
test_permissions = [primitive_pb2.can_set_quorum]
extra_key = IrohaCrypto.private_key()
genesis_commands = commons.genesis_block(admin, alice, test_permissions)
genesis_commands.append(
iroha.command('AddSignatory', account_id=alice['id'],
public_key=IrohaCrypto.derive_public_key(extra_key))
)
tx = iroha.transaction(genesis_commands)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def set_quorum_tx():
# Quourum cannot be greater than amount of keys linked to an account
tx = iroha.transaction([
iroha.command('SetAccountQuorum', account_id=alice['id'], quorum=2)
], creator_account=alice['id'])
IrohaCrypto.sign_transaction(tx, alice['key'])
return tx
|
9.3.5.2.9. Engine¶
9.3.5.2.9.1. can_call_engine¶
Allows to use Burrow EMV to run Solidity smart-contracts
Related API method: Call Engine
Example
Admin creates domain that contains only can_call_engine permission and Alice account in that domain. Alice can send Solidity smart contracts to Burrow EVM by using Call Engine command.
9.3.5.2.9.2. can_call_engine_on_my_behalf¶
Hint
This is a grantable permission.
Permission that allows a specified account to use Burrow EVM for the another specified account.
Related API method: Call Engine
Example
Admin creates domain that contains only can_grant_can_call_engine permission and two accounts for Alice and Bob in that domain. Alice can grant to Bob and revoke can_call_engine_on_my_behalf permission.
9.3.5.2.10. Grant¶
9.3.5.2.10.1. can_grant_can_call_engine_on_my_behalf¶
Allows role owners grant can_call_engine_on_my_behalf permission.
Related API method: Call Engine
Example
Admin creates domain that contains only can_grant_can_call_engine permission and two accounts for Alice and Bob in that domain. Alice can grant to Bob and revoke can_call_engine_on_my_behalf permission.
9.3.5.3. Query-related permissions¶
9.3.5.3.1. Account¶
9.3.5.3.1.1. can_get_all_acc_detail¶
Allows getting all the details set to any account within the system.
Related API method: Get Account Detail
Example
Admin creates Alice account in a different domain that has only can_get_all_acc_detail permission. Alice can access details set to Admin account.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 | admin = commons.new_user('admin@first')
alice = commons.new_user('alice@second')
iroha = Iroha(admin['id'])
@commons.hex
def genesis_tx():
test_permissions = [primitive_pb2.can_get_all_acc_detail]
genesis_commands = commons.genesis_block(admin, alice, test_permissions, multidomain=True)
tx = iroha.transaction(genesis_commands)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def account_detail_query():
query = iroha.query('GetAccountDetail', creator_account=alice['id'], account_id=admin['id'])
IrohaCrypto.sign_query(query, alice['key'])
return query
|
9.3.5.3.1.2. can_get_all_accounts¶
Allows getting account information: quorum and all the details related to the account.
With this permission, query creator can get information about any account within a system.
All the details (set by the account owner or owners of other accounts) will be returned.
Related API method: Get Account
Example
Admin creates Alice account in a different domain that has only can_get_all_accounts permission. Alice can access account information of Admin.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 | admin = commons.new_user('admin@first')
alice = commons.new_user('alice@second')
iroha = Iroha(admin['id'])
@commons.hex
def genesis_tx():
test_permissions = [primitive_pb2.can_get_all_accounts]
genesis_commands = commons.genesis_block(admin, alice, test_permissions, multidomain=True)
tx = iroha.transaction(genesis_commands)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def account_query():
query = iroha.query('GetAccount', creator_account=alice['id'], account_id=admin['id'])
IrohaCrypto.sign_query(query, alice['key'])
return query
|
9.3.5.3.1.3. can_get_domain_acc_detail¶
Allows getting all the details set to any account within the same domain as a domain of query creator account.
Related API method: Get Account Detail
Example
Admin creates Alice account in the same domain that has only can_get_domain_acc_detail permission. Alice can get details set to Admin account.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 | admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
iroha = Iroha(admin['id'])
@commons.hex
def genesis_tx():
test_permissions = [primitive_pb2.can_get_domain_acc_detail]
genesis_commands = commons.genesis_block(admin, alice, test_permissions)
tx = iroha.transaction(genesis_commands)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def account_detail_query():
query = iroha.query('GetAccountDetail', creator_account=alice['id'], account_id=admin['id'])
IrohaCrypto.sign_query(query, alice['key'])
return query
|
9.3.5.3.1.4. can_get_domain_accounts¶
Allows getting account information: quorum and all the details related to the account.
With this permission, query creator can get information only about accounts from the same domain.
All the details (set by the account owner or owners of other accounts) will be returned.
Related API method: Get Account
Example
Admin creates Alice account in the same domain that has only can_get_domain_accounts. Alice can access account information of Admin.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 | admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
iroha = Iroha(admin['id'])
@commons.hex
def genesis_tx():
test_permissions = [primitive_pb2.can_get_domain_accounts]
genesis_commands = commons.genesis_block(admin, alice, test_permissions)
tx = iroha.transaction(genesis_commands)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def account_query():
query = iroha.query('GetAccount', creator_account=alice['id'], account_id=admin['id'])
IrohaCrypto.sign_query(query, alice['key'])
return query
|
9.3.5.3.1.5. can_get_my_acc_detail¶
Allows getting all the details set to the account of query creator.
Related API method: Get Account Detail
Example
Admin creates Alice account in the domain that has only can_get_my_acc_detail permission. Alice can get details set to own account.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 | admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
iroha = Iroha(admin['id'])
@commons.hex
def genesis_tx():
test_permissions = [primitive_pb2.can_get_my_acc_detail]
genesis_commands = commons.genesis_block(admin, alice, test_permissions)
tx = iroha.transaction(genesis_commands)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def account_detail_query():
query = iroha.query('GetAccountDetail', creator_account=alice['id'], account_id=alice['id'])
IrohaCrypto.sign_query(query, alice['key'])
return query
|
9.3.5.3.1.6. can_get_my_account¶
Allows getting account information: quorum and all the details related to the account.
With this permission, query creator can get information only about own account.
All the details (set by the account owner or owners of other accounts) will be returned.
Related API method: Get Account
Example
Admin creates Alice account in the domain that has only can_get_my_account permission. Alice can access own account information.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 | admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
iroha = Iroha(admin['id'])
@commons.hex
def genesis_tx():
test_permissions = [primitive_pb2.can_get_my_account]
genesis_commands = commons.genesis_block(admin, alice, test_permissions)
tx = iroha.transaction(genesis_commands)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def account_query():
query = iroha.query('GetAccount', creator_account=alice['id'], account_id=alice['id'])
IrohaCrypto.sign_query(query, alice['key'])
return query
|
9.3.5.3.2. Account Asset¶
9.3.5.3.2.1. can_get_all_acc_ast¶
Allows getting a balance of assets on any account within the system.
Query response will contain information about all the assets that ever been assigned to an account.
Related API method: Get Account Assets
Example
Admin creates Alice account in a different domain that has only can_get_all_acc_ast permission. Alice can access assets balance on Admin account.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 | admin = commons.new_user('admin@first')
alice = commons.new_user('alice@second')
iroha = Iroha(admin['id'])
@commons.hex
def genesis_tx():
test_permissions = [primitive_pb2.can_get_all_acc_ast]
genesis_commands = commons.genesis_block(admin, alice, test_permissions, multidomain=True)
tx = iroha.transaction(genesis_commands)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def account_assets_query():
query = iroha.query('GetAccountAssets', creator_account=alice['id'], account_id=admin['id'])
IrohaCrypto.sign_query(query, alice['key'])
return query
|
9.3.5.3.2.2. can_get_domain_acc_ast¶
Allows getting a balance of specified asset on any account within the same domain as a domain of query creator account.
Query response will contain information about all the assets that ever been assigned to an account.
Related API method: Get Account Assets
Example
Admin creates Alice account in the same domain that has only can_get_domain_acc_ast permission. Alice can access assets balance on Admin account.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 | admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
iroha = Iroha(admin['id'])
@commons.hex
def genesis_tx():
test_permissions = [primitive_pb2.can_get_domain_acc_ast]
genesis_commands = commons.genesis_block(admin, alice, test_permissions)
tx = iroha.transaction(genesis_commands)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def account_assets_query():
query = iroha.query('GetAccountAssets', account_id=admin['id'], creator_account=alice['id'])
IrohaCrypto.sign_query(query, alice['key'])
return query
|
9.3.5.3.2.3. can_get_my_acc_ast¶
Allows getting a balance of specified asset on account of query creator.
Query response will contain information about all the assets that ever been assigned to an account.
Related API method: Get Account Assets
Example
Admin creates Alice account in a domain that has only can_get_my_acc_ast permission. Alice can access assets balance on own account.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 | admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
iroha = Iroha(admin['id'])
@commons.hex
def genesis_tx():
test_permissions = [primitive_pb2.can_get_my_acc_ast]
genesis_commands = commons.genesis_block(admin, alice, test_permissions)
tx = iroha.transaction(genesis_commands)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def account_assets_query():
query = iroha.query('GetAccountAssets', creator_account=alice['id'], account_id=alice['id'])
IrohaCrypto.sign_query(query, alice['key'])
return query
|
9.3.5.3.3. Account Asset Transaction¶
9.3.5.3.3.1. can_get_all_acc_ast_txs¶
Allows getting transactions associated with a specified asset and any account within the system.
Note
Incoming asset transfers will also appear in the query response.
Related API method: Get Account Asset Transactions
Example
Admin creates Alice account in a different domain that has can_get_all_acc_ast_txs, can_receive and can_transfer permissions. Admin issues some amount of coins and transfers them to Alice. Alice can query all transactions related to coins and Admin account.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 | admin = commons.new_user('admin@first')
alice = commons.new_user('alice@second')
iroha = Iroha(admin['id'])
@commons.hex
def genesis_tx():
test_permissions = [
primitive_pb2.can_get_all_acc_ast_txs,
primitive_pb2.can_receive,
primitive_pb2.can_transfer
]
genesis_commands = commons.genesis_block(admin, alice, test_permissions, multidomain=True)
genesis_commands.extend([
iroha.command('CreateAsset', asset_name='coin', domain_id='first', precision=2),
iroha.command('AddAssetQuantity', asset_id='coin#first', amount='300.00'),
iroha.command('TransferAsset',
src_account_id=admin['id'],
dest_account_id=alice['id'],
asset_id='coin#first',
description='top up',
amount='200.00')
])
tx = iroha.transaction(genesis_commands)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def account_asset_transactions_query():
query = iroha.query('GetAccountAssetTransactions', creator_account=alice['id'], page_size=10,
account_id=admin['id'], asset_id='coin#first')
IrohaCrypto.sign_query(query, alice['key'])
return query
|
9.3.5.3.3.2. can_get_domain_acc_ast_txs¶
Allows getting transactions associated with a specified asset and an account from the same domain as query creator.
Note
Incoming asset transfers will also appear in the query response.
Related API method: Get Account Asset Transactions
Example
Admin creates Alice in the same domain that has only can_get_domain_acc_ast_txs permission. Admin issues some amount of coins and transfers them to Alice. Alice can query all transactions related to coins and Admin account.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 | admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
iroha = Iroha(admin['id'])
@commons.hex
def genesis_tx():
test_permissions = [primitive_pb2.can_get_domain_acc_ast_txs]
genesis_commands = commons.genesis_block(admin, alice, test_permissions)
genesis_commands.extend([
iroha.command('CreateAsset', asset_name='coin', domain_id='test', precision=2),
iroha.command('AddAssetQuantity', asset_id='coin#test', amount='500.69'),
iroha.command('TransferAsset',
src_account_id=admin['id'],
dest_account_id=alice['id'],
asset_id='coin#test',
description='top up',
amount='10.00')
])
tx = iroha.transaction(genesis_commands)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def account_asset_transactions_query():
query = iroha.query('GetAccountAssetTransactions', account_id=admin['id'],
asset_id='coin#test', creator_account=alice['id'], page_size=10)
IrohaCrypto.sign_query(query, alice['key'])
return query
|
9.3.5.3.3.3. can_get_my_acc_ast_txs¶
Allows getting transactions associated with the account of query creator and specified asset.
Note
Incoming asset transfers will also appear in the query response.
Related API method: Get Account Asset Transactions
Example
Admin creates Alice account in a domain that has only can_get_my_acc_ast_txs permission. Admin issues some amount of coins and transfers them to Alice. Alice can query all transactions related to coins and own account.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 | admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
iroha = Iroha(admin['id'])
@commons.hex
def genesis_tx():
test_permissions = [primitive_pb2.can_get_my_acc_ast_txs]
genesis_commands = commons.genesis_block(admin, alice, test_permissions)
genesis_commands.extend([
iroha.command('CreateAsset', asset_name='coin', domain_id='test', precision=2),
iroha.command('AddAssetQuantity', asset_id='coin#test', amount='500.69'),
iroha.command('TransferAsset',
src_account_id=admin['id'],
dest_account_id=alice['id'],
asset_id='coin#test',
description='top up',
amount='10.00')
])
tx = iroha.transaction(genesis_commands)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def account_asset_transactions_query():
query = iroha.query('GetAccountAssetTransactions', creator_account=alice['id'], account_id=alice['id'],
asset_id='coin#test', page_size=10)
IrohaCrypto.sign_query(query, alice['key'])
return query
|
9.3.5.3.4. Account Transaction¶
9.3.5.3.4.1. can_get_all_acc_txs¶
Allows getting all transactions issued by any account within the system.
Note
Incoming asset transfer inside a transaction would NOT lead to an appearance of the transaction in the command output.
Related API method: Get Account Transactions
Example
Admin creates Alice account in a different domain that has only can_get_all_acc_txs permission. Alice can request all the transactions issues by Admin.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 | admin = commons.new_user('admin@first')
alice = commons.new_user('alice@second')
iroha = Iroha(admin['id'])
@commons.hex
def genesis_tx():
test_permissions = [primitive_pb2.can_get_all_acc_txs]
genesis_commands = commons.genesis_block(admin, alice, test_permissions, multidomain=True)
tx = iroha.transaction(genesis_commands)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def account_transactions_query():
query = iroha.query('GetAccountTransactions', creator_account=alice['id'], account_id=admin['id'], page_size=10)
IrohaCrypto.sign_query(query, alice['key'])
return query
|
9.3.5.3.4.2. can_get_domain_acc_txs¶
Allows getting all transactions issued by any account from the same domain as query creator.
Note
Incoming asset transfer inside a transaction would NOT lead to an appearance of the transaction in the command output.
Related API method: Get Account Transactions
Example
Admin creates Alice account in the same domain that has only can_get_domain_acc_txs permission. Alice can request all the transactions issued by Admin.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 | admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
iroha = Iroha(admin['id'])
@commons.hex
def genesis_tx():
test_permissions = [primitive_pb2.can_get_domain_acc_txs]
genesis_commands = commons.genesis_block(admin, alice, test_permissions)
tx = iroha.transaction(genesis_commands)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def account_transactions_query():
query = iroha.query('GetAccountTransactions', creator_account=alice['id'], account_id=admin['id'], page_size=10)
IrohaCrypto.sign_query(query, alice['key'])
return query
|
9.3.5.3.4.3. can_get_my_acc_txs¶
Allows getting all transactions issued by an account of query creator.
Note
Incoming asset transfer inside a transaction would NOT lead to an appearance of the transaction in the command output.
Related API method: Get Account Transactions
Example
Admin creates Alice account in a domain that has only can_get_my_acc_txs permission. Alice can get all transactions issued by own account.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 | admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
iroha = Iroha(admin['id'])
@commons.hex
def genesis_tx():
test_permissions = [primitive_pb2.can_get_my_acc_txs]
genesis_commands = commons.genesis_block(admin, alice, test_permissions)
tx = iroha.transaction(genesis_commands)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def account_transactions_query():
query = iroha.query('GetAccountTransactions', creator_account=alice['id'], account_id=alice['id'], page_size=10)
IrohaCrypto.sign_query(query, alice['key'])
return query
|
9.3.5.3.5. Asset¶
9.3.5.3.5.1. can_read_assets¶
Allows getting information about asset precision.
Related API method: Get Asset Info
Example
Admin creates Alice account in a domain that has can_read_assets permissions. Alice can query information about any asset.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 | admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
iroha = Iroha(admin['id'])
@commons.hex
def genesis_tx():
test_permissions = [primitive_pb2.can_read_assets]
genesis_commands = commons.genesis_block(admin, alice, test_permissions)
genesis_commands.append(
iroha.command('CreateAsset', asset_name='coin', domain_id='test', precision=2)
)
tx = iroha.transaction(genesis_commands)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def get_asset_query():
query = iroha.query('GetAssetInfo', asset_id='coin#test', creator_account=alice['id'])
IrohaCrypto.sign_query(query, alice['key'])
return query
|
9.3.5.3.6. Block Stream¶
9.3.5.3.6.1. can_get_blocks¶
Allows reading blocks. Allows subscription to the stream of accepted blocks.
Related API methods: Get Block, Fetchcommits
9.3.5.3.7. Role¶
9.3.5.3.7.1. can_get_roles¶
Allows getting a list of roles within the system. Allows getting a list of permissions associated with a role.
Related API methods: Get Roles, Get Role Permissions
Example
Admin creates Alice account in a domain that has can_get_roles permission. Alice can query list of all existing roles. Alice can query list of permissions contained in any role.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 | admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
iroha = Iroha(admin['id'])
@commons.hex
def genesis_tx():
test_permissions = [primitive_pb2.can_get_roles]
genesis_commands = commons.genesis_block(admin, alice, test_permissions)
tx = iroha.transaction(genesis_commands)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def get_system_roles_query():
query = iroha.query('GetRoles', creator_account=alice['id'])
IrohaCrypto.sign_query(query, alice['key'])
return query
@commons.hex
def get_role_permissions_query():
query = iroha.query('GetRolePermissions', creator_account=alice['id'], counter=2, role_id='admin_role')
IrohaCrypto.sign_query(query, alice['key'])
return query
|
9.3.5.3.8. Signatory¶
9.3.5.3.8.1. can_get_all_signatories¶
Allows getting a list of public keys linked to an account within the system.
Related API method: Get Signatories
Example
Admin creates Alice account in a different domain that has only can_get_all_signatories permission. Alice can query a list of public keys related to Admin account.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 | admin = commons.new_user('admin@first')
alice = commons.new_user('alice@second')
iroha = Iroha(admin['id'])
@commons.hex
def genesis_tx():
test_permissions = [primitive_pb2.can_get_all_signatories]
genesis_commands = commons.genesis_block(admin, alice, test_permissions, multidomain=True)
tx = iroha.transaction(genesis_commands)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def signatories_query():
query = iroha.query('GetSignatories', creator_account=alice['id'], account_id=admin['id'])
IrohaCrypto.sign_query(query, alice['key'])
return query
|
9.3.5.3.8.2. can_get_domain_signatories¶
Allows getting a list of public keys of any account within the same domain as the domain of query creator account.
Related API method: Get Signatories
Example
Admin creates Alice account in the same domain that has only can_get_domain_signatories permission. Alice can query a list of public keys related to Admin account.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 | admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
iroha = Iroha(admin['id'])
@commons.hex
def genesis_tx():
test_permissions = [primitive_pb2.can_get_domain_signatories]
genesis_commands = commons.genesis_block(admin, alice, test_permissions)
tx = iroha.transaction(genesis_commands)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def signatories_query():
query = iroha.query('GetSignatories', creator_account=alice['id'], account_id=admin['id'])
IrohaCrypto.sign_query(query, alice['key'])
return query
|
9.3.5.3.8.3. can_get_my_signatories¶
Allows getting a list of public keys of query creator account.
Related API method: Get Signatories
Example
Admin creates Alice account in a domain that has only can_get_my_signatories permission. Alice can query a list of public keys related to own account.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 | admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
iroha = Iroha(admin['id'])
@commons.hex
def genesis_tx():
test_permissions = [primitive_pb2.can_get_my_signatories]
genesis_commands = commons.genesis_block(admin, alice, test_permissions)
tx = iroha.transaction(genesis_commands)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def signatories_query():
query = iroha.query('GetSignatories', creator_account=alice['id'], account_id=alice['id'])
IrohaCrypto.sign_query(query, alice['key'])
return query
|
9.3.5.3.9. Transaction¶
9.3.5.3.9.1. can_get_all_txs¶
Allows getting any transaction by hash.
Related API method: Get Transactions
Example
Admin issues several transactions and creates Alice account in a different domain that has only can_get_all_txs permission. Alice (knowing transactions hashes) can query transactions issued by Admin Account.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 | admin = commons.new_user('admin@first')
alice = commons.new_user('alice@second')
iroha = Iroha(admin['id'])
admin_tx1_hash = None
admin_tx2_hash = None
@commons.hex
def genesis_tx():
test_permissions = [primitive_pb2.can_get_all_txs]
genesis_commands = commons.genesis_block(admin, alice, test_permissions, multidomain=True)
tx = iroha.transaction(genesis_commands)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def admin_action_1_tx():
global admin_tx1_hash
tx = iroha.transaction([
iroha.command('CreateAsset', asset_name='coin', domain_id='second', precision=2)
])
admin_tx1_hash = IrohaCrypto.hash(tx)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def admin_action_2_tx():
global admin_tx2_hash
tx = iroha.transaction([
iroha.command('SetAccountDetail', account_id=admin['id'], key='hyperledger', value='iroha')
])
admin_tx2_hash = IrohaCrypto.hash(tx)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def transactions_query():
hashes = [
binascii.hexlify(admin_tx1_hash),
binascii.hexlify(admin_tx2_hash)
]
query = iroha.query('GetTransactions', tx_hashes=hashes, creator_account=alice['id'])
IrohaCrypto.sign_query(query, alice['key'])
return query
|
9.3.5.3.9.2. can_get_my_txs¶
Allows getting transaction (that was issued by query creator) by hash.
Related API method: Get Transactions
Example
Admin creates Alice account in a different domain. Alice (knowing transactions hashes) issues several transactions. Alice can query own transactions.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 | admin = commons.new_user('admin@first')
alice = commons.new_user('alice@second')
iroha = Iroha(admin['id'])
alice_tx1_hash = None
alice_tx2_hash = None
@commons.hex
def genesis_tx():
test_permissions = [
primitive_pb2.can_get_my_txs,
primitive_pb2.can_add_asset_qty,
primitive_pb2.can_create_asset
]
genesis_commands = commons.genesis_block(admin, alice, test_permissions, multidomain=True)
tx = iroha.transaction(genesis_commands)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def alice_action_1_tx():
global alice_tx1_hash
tx = iroha.transaction([
iroha.command('CreateAsset', asset_name='coin', domain_id='first', precision=2)
], creator_account=alice['id'])
alice_tx1_hash = IrohaCrypto.hash(tx)
IrohaCrypto.sign_transaction(tx, alice['key'])
return tx
@commons.hex
def alice_action_2_tx():
global alice_tx2_hash
tx = iroha.transaction([
iroha.command('AddAssetQuantity', asset_id='coin#first', amount='600.30')
], creator_account=alice['id'])
alice_tx2_hash = IrohaCrypto.hash(tx)
IrohaCrypto.sign_transaction(tx, alice['key'])
return tx
@commons.hex
def transactions_query():
hashes = [
binascii.hexlify(alice_tx1_hash),
binascii.hexlify(alice_tx2_hash)
]
query = iroha.query('GetTransactions', creator_account=alice['id'], tx_hashes=hashes)
IrohaCrypto.sign_query(query, alice['key'])
return query
|
9.3.5.3.10. Peer¶
9.3.5.3.10.1. can_get_peers¶
Allows to request the list of peers in the Iroha network.
Related API method: Get Peers
Example
Admin creates Alice account in any domain that has can_get_peers. Alice can now request the list of peers in the system.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 | admin = commons.new_user('admin@test')
alice = commons.new_user('alice@test')
iroha = Iroha(admin['id'])
@commons.hex
def genesis_tx():
test_permissions = [primitive_pb2.can_get_peers]
genesis_commands = commons.genesis_block(admin, alice, test_permissions)
tx = iroha.transaction(genesis_commands)
IrohaCrypto.sign_transaction(tx, admin['key'])
return tx
@commons.hex
def get_system_peers_query():
query = iroha.query('GetPeers', creator_account=alice['id'])
IrohaCrypto.sign_query(query, alice['key'])
return query
|
9.3.5.3.11. Engine receipts¶
9.3.5.3.11.1. can_get_my_engine_receipts¶
Allows getting Engine Receipts (result from EVM) on account of query creator.
Related API method: Engine Receipts
Example
Admin creates Alice account in a domain that has only can_get_my_engine_receipts permission. Alice can get all transactions issued by own account.
9.3.5.3.11.2. can_get_domain_engine_receipts¶
Allows getting Engine Receipts (results from EVM) associated with a specified transaction from the same domain as query creator.
Related API method: Engine Receipts
Example
Admin creates Alice account in the same domain that has only can_get_domain_engine_receipts permission. Alice can request all the transactions issued by Admin.
9.3.5.3.11.3. can_get_all_engine_receipts¶
Allows getting all Engine Receipts (results from EVM) issued by any account within the system.
Related API method: Engine Receipts
Example
Admin creates Alice account in a different domain that has only can_get_all_engine_receipts permission. Alice can request all the transactions issues by Admin.
9.3.5.4. Supplementary Sources¶
commons.py¶
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 | #
# Copyright Soramitsu Co., Ltd. All Rights Reserved.
# SPDX-License-Identifier: Apache-2.0
#
from iroha import primitive_pb2
from iroha import Iroha, IrohaCrypto
import binascii
from time import time
command = Iroha.command
def now():
return int(time() * 1000)
def all_permissions():
return [
primitive_pb2.can_append_role,
primitive_pb2.can_create_role,
primitive_pb2.can_detach_role,
primitive_pb2.can_add_asset_qty,
primitive_pb2.can_subtract_asset_qty,
primitive_pb2.can_add_peer,
primitive_pb2.can_add_signatory,
primitive_pb2.can_remove_signatory,
primitive_pb2.can_set_quorum,
primitive_pb2.can_create_account,
primitive_pb2.can_set_detail,
primitive_pb2.can_create_asset,
primitive_pb2.can_transfer,
primitive_pb2.can_receive,
primitive_pb2.can_create_domain,
primitive_pb2.can_read_assets,
primitive_pb2.can_get_roles,
primitive_pb2.can_get_my_account,
primitive_pb2.can_get_all_accounts,
primitive_pb2.can_get_domain_accounts,
primitive_pb2.can_get_my_signatories,
primitive_pb2.can_get_all_signatories,
primitive_pb2.can_get_domain_signatories,
primitive_pb2.can_get_my_acc_ast,
primitive_pb2.can_get_all_acc_ast,
primitive_pb2.can_get_domain_acc_ast,
primitive_pb2.can_get_my_acc_detail,
primitive_pb2.can_get_all_acc_detail,
primitive_pb2.can_get_domain_acc_detail,
primitive_pb2.can_get_my_acc_txs,
primitive_pb2.can_get_all_acc_txs,
primitive_pb2.can_get_domain_acc_txs,
primitive_pb2.can_get_my_acc_ast_txs,
primitive_pb2.can_get_all_acc_ast_txs,
primitive_pb2.can_get_domain_acc_ast_txs,
primitive_pb2.can_get_my_txs,
primitive_pb2.can_get_all_txs,
primitive_pb2.can_get_blocks,
primitive_pb2.can_grant_can_set_my_quorum,
primitive_pb2.can_grant_can_add_my_signatory,
primitive_pb2.can_grant_can_remove_my_signatory,
primitive_pb2.can_grant_can_transfer_my_assets,
primitive_pb2.can_grant_can_set_my_account_detail
]
def genesis_block(admin, alice, test_permissions, multidomain=False):
"""
Compose a set of common for all tests' genesis block transactions
:param admin: dict of id and private key of admin
:param alice: dict of id and private key of alice
:param test_permissions: permissions for users in test domain
:param multidomain: admin and alice accounts will be created in
different domains and the first domain users will have admin right
by default if True
:return: a list of Iroha.command's
"""
peer = primitive_pb2.Peer()
peer.address = '127.0.0.1:50541'
peer.peer_key = IrohaCrypto.derive_public_key(admin['key'])
commands = [
command('AddPeer', peer=peer),
command('CreateRole', role_name='admin_role', permissions=all_permissions()),
command('CreateRole', role_name='test_role', permissions=test_permissions)]
if multidomain:
commands.append(command('CreateDomain', domain_id='first', default_role='admin_role'))
commands.extend([
command('CreateDomain',
domain_id='second' if multidomain else 'test',
default_role='test_role'),
command('CreateAccount',
account_name='admin',
domain_id='first' if multidomain else 'test',
public_key=IrohaCrypto.derive_public_key(admin['key'])),
command('CreateAccount',
account_name='alice',
domain_id='second' if multidomain else 'test',
public_key=IrohaCrypto.derive_public_key(alice['key']))
])
if not multidomain:
commands.append(command('AppendRole', account_id=admin['id'], role_name='admin_role'))
return commands
def new_user(user_id):
private_key = IrohaCrypto.private_key()
if user_id.lower().startswith('admin'):
print('K{}'.format(private_key.decode('utf-8')))
return {
'id': user_id,
'key': private_key
}
def hex(generator):
"""
Decorator for transactions' and queries generators.
Allows preserving the type of binaries for Binary Testing Framework.
"""
prefix = 'T' if generator.__name__.lower().endswith('tx') else 'Q'
print('{}{}'.format(prefix, binascii.hexlify(generator().SerializeToString()).decode('utf-8')))
|