From 5a90e4b2b71d1af1c2f2479c20e30201944d97c4 Mon Sep 17 00:00:00 2001 From: David Date: Wed, 14 Dec 2016 15:16:17 -0500 Subject: [PATCH] protect against deletion --- chaincode/lib_marbles.go | 10 ++++++++-- utils/marbles_cc_lib/marbles.js | 13 ++++++++----- utils/websocket_server_side.js | 9 +++++---- 3 files changed, 21 insertions(+), 11 deletions(-) diff --git a/chaincode/lib_marbles.go b/chaincode/lib_marbles.go index d9ca74cd6..0fe3bfddc 100644 --- a/chaincode/lib_marbles.go +++ b/chaincode/lib_marbles.go @@ -86,11 +86,12 @@ func get_complete_marble_index(stub shim.ChaincodeStubInterface) ([]string, erro func delete_marble(stub shim.ChaincodeStubInterface, args []string) ([]byte, error) { fmt.Println("starting delete_marble") - if len(args) != 1 { - return nil, errors.New("Incorrect number of arguments. Expecting 1") + if len(args) != 2 { + return nil, errors.New("Incorrect number of arguments. Expecting 2") } name := args[0] + authed_by_company := args[1] //get the marble marble, err := get_marble(stub, name) @@ -99,6 +100,11 @@ func delete_marble(stub shim.ChaincodeStubInterface, args []string) ([]byte, err return nil, err } + //check authorizing company + if marble.Owner.Company != authed_by_company{ + return nil, errors.New("The company '" + authed_by_company + "' cannot authorize deletion for '" + marble.Owner.Company + "'.") + } + //remove the marble err = stub.DelState(name) //remove the key from chaincode state if err != nil { diff --git a/utils/marbles_cc_lib/marbles.js b/utils/marbles_cc_lib/marbles.js index 41c3f8a0e..5500a64de 100644 --- a/utils/marbles_cc_lib/marbles.js +++ b/utils/marbles_cc_lib/marbles.js @@ -25,7 +25,7 @@ module.exports = function (chain, chaincode_id, logger) { function (results) { var proposalResponses = results[0]; var proposal = results[1]; - if (proposalResponses[0].response.status === 200) { + if (proposalResponses && proposalResponses[0] && proposalResponses[0].response && proposalResponses[0].response.status === 200) { console.log('Successfully obtained transaction endorsement.' + JSON.stringify(proposalResponses)); if(ws) ws.send(JSON.stringify({msg: 'tx_step', state: 'ordering'})); return webUser.sendTransaction(proposalResponses, proposal); @@ -158,13 +158,13 @@ module.exports = function (chain, chaincode_id, logger) { function (results) { var proposalResponses = results[0]; var proposal = results[1]; - if (proposalResponses[0] && proposalResponses[0].response && proposalResponses[0].response.status === 200) { + if (proposalResponses && proposalResponses[0] && proposalResponses[0].response && proposalResponses[0].response.status === 200) { console.log('Successfully obtained transaction endorsement.' + JSON.stringify(proposalResponses)); if(ws) ws.send(JSON.stringify({msg: 'tx_step', state: 'ordering'})); return webUser.sendTransaction(proposalResponses, proposal); } else { - console.log('Failed to obtain transaction endorsement. Error msg: ', proposalResponses[0]); + console.log('Failed to obtain transaction endorsement', proposalResponses); if(ws) ws.send(JSON.stringify({msg: 'tx_step', state: 'endorsing_failed'})); throw common.format_error_msg(proposalResponses[0]); } @@ -218,13 +218,14 @@ module.exports = function (chain, chaincode_id, logger) { function (results) { var proposalResponses = results[0]; var proposal = results[1]; - if (proposalResponses[0].response.status === 200) { + if (proposalResponses && proposalResponses[0] && proposalResponses[0].response && proposalResponses[0].response.status === 200) { console.log('Successfully obtained transaction endorsement.' + JSON.stringify(proposalResponses)); if(ws) ws.send(JSON.stringify({msg: 'tx_step', state: 'ordering'})); return webUser.sendTransaction(proposalResponses, proposal); } else { - console.log('Failed to obtain transaction endorsement. Error code: ' + proposalResponses[0].response.status); + console.log('Failed to obtain transaction endorsement', proposalResponses); + if(ws) ws.send(JSON.stringify({msg: 'tx_step', state: 'endorsing_failed'})); throw common.format_error_msg(proposalResponses[0]); } } @@ -237,6 +238,7 @@ module.exports = function (chain, chaincode_id, logger) { } else { console.log('Failed to order the endorsement of the transaction.'); + if(ws) ws.send(JSON.stringify({msg: 'tx_step', state: 'ordering_failed'})); throw response; } } @@ -245,6 +247,7 @@ module.exports = function (chain, chaincode_id, logger) { console.log('error in catch block', typeof err, err); var e = null; if(typeof err === 'string'){ //only pass these errors until we fix it + if(err.indexOf('cannot authorize')) e = err; if(err.indexOf('Marble does not exist')) e = err; if(err.indexOf('Incorrect number of arguments')) e = err; if(err.indexOf('Owner does not exist')) e = err; diff --git a/utils/websocket_server_side.js b/utils/websocket_server_side.js index 25bb37c96..bd82514e0 100644 --- a/utils/websocket_server_side.js +++ b/utils/websocket_server_side.js @@ -34,8 +34,8 @@ module.exports = function (checkPerodically, marbles_lib, logger) { if(data.type == 'create'){ console.log('[ws] create marbles req'); options = [data.name, data.color, data.size, data.username, data.company]; - marbles_lib.create_a_marble(webUser, [hfc.getPeer(helper.getPeersUrl(0))], ws, options, function(){ - + marbles_lib.create_a_marble(webUser, [hfc.getPeer(helper.getPeersUrl(0))], ws, options, function(err, resp){ + if(err != null) send_err(err, data); }); } @@ -58,8 +58,9 @@ module.exports = function (checkPerodically, marbles_lib, logger) { //delete marble else if(data.type == 'delete_marble'){ console.log('[ws] delete marble req'); - marbles_lib.delete_marble(webUser, [hfc.getPeer(helper.getPeersUrl(0))], ws, [data.name], function(err, resp){ - + options = [data.name, process.env.marble_company]; + marbles_lib.delete_marble(webUser, [hfc.getPeer(helper.getPeersUrl(0))], ws, options, function(err, resp){ + if(err != null) send_err(err, data); }); }