Access Management
The AccessStore smart contract is used to manage access rights to documents and groups.
enum AccessLevel { NoAccess, Owner, Admin, Read }
enum AccessKind { NoKind, Doc, DocGroup, UserGroup }
mapping(bytes32 => Access[]) accessStore; // accessID -> Access[]
struct Access {
AccessKind kind;
bytes32 idHash;
bytes idEncr; // id encrypted by access key
bytes keyEncr; // access key encrypted by user private key
AccessLevel level;
}
The keys of the access table can be of arbitrary form. But currently the keys are calculated as follows:
accessID = Keccak256(subjectIdHash + accessKind)
Thus an array of objects of the specified type belonging to the given subject can be grouped under this key. For each object the access level is indicated. Basic levels are owner
, admin
, read
.
When adding or changing access rights to a subject, the smart contract checks the access rights level of the person making the request. For the request to succeed, the requestor's access level must be admin
or owner
.
Last updated