CN114969788A - Service contract authority control method, device and equipment - Google Patents
Service contract authority control method, device and equipment Download PDFInfo
- Publication number
- CN114969788A CN114969788A CN202210612276.XA CN202210612276A CN114969788A CN 114969788 A CN114969788 A CN 114969788A CN 202210612276 A CN202210612276 A CN 202210612276A CN 114969788 A CN114969788 A CN 114969788A
- Authority
- CN
- China
- Prior art keywords
- target
- contract
- function
- authority
- committee
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 55
- 238000004590 computer program Methods 0.000 claims description 3
- 230000008569 process Effects 0.000 abstract description 15
- 230000008859 change Effects 0.000 abstract description 7
- 238000010586 diagram Methods 0.000 description 8
- 238000005516 engineering process Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000000903 blocking effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2149—Restricted operating environment
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Automation & Control Theory (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
Description
技术领域technical field
本申请涉及互联网技术领域,具体涉及一种业务合约权限控制方法、装置及设备。The present application relates to the field of Internet technologies, and in particular, to a method, device and device for controlling the authority of a business contract.
背景技术Background technique
随着区块链智能合约业务的日益丰富,越来越多的智能合约引入了权限控制,如此能够满足业务的安全性要求。例如,一些函数应仅由有函数使用权限的用户来调用。With the increasing enrichment of blockchain smart contract business, more and more smart contracts have introduced permission control, which can meet the security requirements of the business. For example, some functions should only be called by users who have permission to use the function.
目前,可设置一个权限参数表,通过权限参数表来确定用户所能访问的业务合约中的函数。进而,将权限检查代码嵌入到业务合约中。当用户调用区块链业务合约上的某个函数时,执行业务合约中的权限检查代码,基于权限参数表来判断此用户是否具有调用该函数的权限,从而实现权限控制。At present, a permission parameter table can be set, and the functions in the business contract that the user can access can be determined through the permission parameter table. Furthermore, the permission checking code is embedded in the business contract. When a user calls a function on the blockchain business contract, the permission check code in the business contract is executed, and based on the permission parameter table, it is judged whether the user has the permission to call the function, so as to realize permission control.
但是,由于权限检查代码嵌入到了业务合约中,每次需要更改用户权限关系时,都需要更改业务合约,使得权限变动时用户权限的更改过程较为繁琐且效率较低。However, since the permission checking code is embedded in the business contract, every time the user permission relationship needs to be changed, the business contract needs to be changed, which makes the process of changing the user permission when the permission is changed is cumbersome and inefficient.
发明内容SUMMARY OF THE INVENTION
有鉴于此,本申请实施例提供一种业务合约权限控制方法、装置及设备,能够简化用户权限关系的更新过程。In view of this, the embodiments of the present application provide a method, device, and device for controlling the authority of a service contract, which can simplify the updating process of the user authority relationship.
为解决上述问题,本申请实施例提供的技术方案如下:In order to solve the above problems, the technical solutions provided by the embodiments of the present application are as follows:
本申请实施例提供了一种业务合约权限控制方法,所述方法应用于目标委员会成员节点上,包括:The embodiment of the present application provides a business contract authority control method, and the method is applied to a target committee member node, including:
调用权限合约以创建所述权限合约中的目标权限控制组;所述权限合约部署于区块链的各个节点上;所述目标权限控制组包括成员列表和函数列表;所述目标权限控制组的成员列表中的成员具有调用所述目标权限控制组的函数列表中的函数的权限;所述权限合约的合约地址会随所述成员列表中的成员或所述函数列表中的函数的变动而更新;Call the authority contract to create the target authority control group in the authority contract; the authority contract is deployed on each node of the blockchain; the target authority control group includes a member list and a function list; the target authority control group's The members in the member list have the right to call the functions in the function list of the target permission control group; the contract address of the permission contract will be updated with the changes of the members in the member list or the functions in the function list ;
调用权限合约以将目标成员添加到目标权限控制组的成员列表中;Call the permission contract to add the target member to the member list of the target permission control group;
调用权限合约以将目标业务合约的目标函数添加到所述目标权限控制组的函数列表中,以使所述目标成员具有调用所述目标业务合约的目标函数的权限;所述目标业务合约部署于所述区块链的各个节点上;所述目标业务合约中嵌入有所述权限合约的合约地址。Call the authority contract to add the target function of the target business contract to the function list of the target authority control group, so that the target member has the authority to call the target function of the target business contract; the target business contract is deployed in On each node of the blockchain; the target business contract is embedded with the contract address of the permission contract.
可选地,所述权限合约包括成立委员会函数,所述成立委员会函数用于被权限合约部署节点调用,以成立委员会并生成投票通过阈值以及所述委员会的委员会成员节点信息;所述委员会的委员会成员节点信息包括所述委员会成员节点的成员名、所述委员会成员节点的账户地址以及所述委员会成员节点的投票权重;所述目标委员会成员节点为预先成立的委员会中的一个成员节点。Optionally, the authority contract includes a committee establishment function, and the committee establishment function is used to be called by the authority contract deployment node to establish a committee and generate a voting pass threshold and committee member node information of the committee; the committee of the committee. The member node information includes the member name of the committee member node, the account address of the committee member node, and the voting weight of the committee member node; the target committee member node is a member node in a pre-established committee.
可选地,所述权限合约还包括申请事项函数、委员会成员投票函数以及执行事项函数。Optionally, the authority contract further includes an application item function, a committee member voting function, and an execution item function.
可选地,所述申请事项函数包括申请创建组函数,所述执行事项函数包括执行创建组函数,所述调用权限合约以创建所述权限合约中的目标权限控制组,包括:Optionally, the application item function includes an application creation group function, the execution item function includes an execution creation group function, and the invocation of a permission contract to create a target permission control group in the permission contract includes:
调用所述申请创建组函数,以生成第一请求;所述第一请求为申请创建目标权限控制组的请求;Calling the application creation group function to generate a first request; the first request is a request for an application to create a target authority control group;
调用所述委员会成员投票函数,以使委员会中的每个委员会成员节点均对所述第一请求进行投票;calling the committee member voting function so that each committee member node in the committee votes on the first request;
当所述第一请求对应的投票结果大于投票通过阈值时,调用所述执行创建组函数,以创建所述权限合约中的目标权限控制组。When the voting result corresponding to the first request is greater than the voting pass threshold, the execute and create group function is called to create the target permission control group in the permission contract.
可选地,所述申请事项函数包括申请成员添加进组函数,所述执行事项函数包括执行成员添加进组函数,所述调用权限合约以将目标成员添加到目标权限控制组的成员列表中,包括:Optionally, the application item function includes an application member adding function to a group, the execution item function includes an execution member adding a group function, and the calling authority contract is used to add the target member to the member list of the target authority control group, include:
调用所述申请成员添加进组函数,以生成第二请求;所述第二请求为申请将目标成员添加到目标权限控制组的成员列表中的请求;Calling the application member adding function to generate a second request; the second request is a request for applying to add the target member to the member list of the target authority control group;
调用所述委员会成员投票函数,以使委员会中的每个委员会成员节点均对所述第二请求进行投票;calling the committee member voting function so that each committee member node in the committee votes on the second request;
当所述第二请求对应的投票结果大于投票通过阈值时,调用所述执行成员添加进组函数,以将所述目标成员添加到所述目标权限控制组中。When the voting result corresponding to the second request is greater than the voting pass threshold, the execution member adding into group function is called to add the target member to the target permission control group.
可选地,所述申请事项函数包括申请函数添加进组函数,所述执行事项函数包括执行函数添加进组函数,所述调用权限合约以将目标业务合约的目标函数添加到所述目标权限控制组的函数列表中,包括:Optionally, the application item function includes an application function add-in-group function, the execution-item function includes an execution function addition-in-group function, and the calling authority contract is used to add the target function of the target business contract to the target authority control. The group's list of functions includes:
调用所述申请函数添加进组函数,以生成第三请求;所述第三请求为申请将目标业务合约的目标函数添加到所述目标权限控制组的函数列表中的请求;Calling the application function to add a function to the group to generate a third request; the third request is a request to apply for adding the target function of the target business contract to the function list of the target authority control group;
调用所述委员会成员投票函数,以使委员会中的每个委员会成员节点均对所述第三请求进行投票;calling the committee member voting function so that each committee member node in the committee votes on the third request;
当所述第三请求对应的投票结果大于投票通过阈值时,调用所述执行函数添加进组函数,以将所述目标业务合约的目标函数添加到所述目标权限控制组的函数列表中。When the voting result corresponding to the third request is greater than the voting pass threshold, the execution function is called to add a group function to add the target function of the target business contract to the function list of the target authority control group.
可选地,所述第三请求对应的投票结果是根据所述委员会中的每个委员会成员节点对所述第三请求的投票情况以及所述每个委员会成员节点的投票权重得到的。Optionally, the voting result corresponding to the third request is obtained according to the voting situation of each committee member node in the committee on the third request and the voting weight of each committee member node.
本申请实施例还提供了一种业务合约权限控制装置,所述装置应用于目标委员会成员节点,包括:The embodiment of the present application also provides a service contract authority control device, and the device is applied to a target committee member node, including:
第一调用单元,用于调用权限合约以创建所述权限合约中的目标权限控制组;所述权限合约部署于区块链的各个节点上;所述目标权限控制组包括成员列表和函数列表;所述目标权限控制组的成员列表中的成员具有调用所述目标权限控制组的函数列表中的函数的权限;所述权限合约的合约地址会随所述成员列表中的成员或所述函数列表中的函数的变动而更新;The first calling unit is used to call the authority contract to create a target authority control group in the authority contract; the authority contract is deployed on each node of the blockchain; the target authority control group includes a member list and a function list; The members in the member list of the target authority control group have the authority to call the functions in the function list of the target authority control group; the contract address of the authority contract will follow the members in the member list or the function list. updated with changes in the function in;
第二调用单元,用于调用权限合约以将目标成员添加到目标权限控制组的成员列表中;The second calling unit is used to call the permission contract to add the target member to the member list of the target permission control group;
第三调用单元,用于调用权限合约以将目标业务合约的目标函数添加到所述目标权限控制组的函数列表中,以使所述目标成员具有调用所述目标业务合约的目标函数的权限;所述目标业务合约部署于所述区块链的各个节点上;所述目标业务合约中嵌入有所述权限合约的合约地址。a third calling unit, configured to call the authority contract to add the target function of the target business contract to the function list of the target authority control group, so that the target member has the authority to call the target function of the target business contract; The target business contract is deployed on each node of the blockchain; the target business contract is embedded with the contract address of the authority contract.
本申请实施例还提供了一种电子设备,包括:The embodiment of the present application also provides an electronic device, including:
一个或多个处理器;one or more processors;
存储装置,其上存储有一个或多个程序,a storage device on which one or more programs are stored,
当所述一个或多个程序被所述一个或多个处理器执行,使得所述一个或多个处理器实现如上述任一所述的业务合约权限控制方法。When the one or more programs are executed by the one or more processors, the one or more processors implement the service contract permission control method described in any of the above.
本申请实施例还提供了一种计算机可读介质,其上存储有计算机程序,其中,所述程序被处理器执行时实现如上述任一所述的业务合约权限控制。Embodiments of the present application further provide a computer-readable medium on which a computer program is stored, wherein when the program is executed by a processor, any one of the foregoing business contract authority control is implemented.
由此可见,本申请实施例具有如下有益效果:It can be seen that the embodiments of the present application have the following beneficial effects:
本申请实施例提供了一种业务合约权限控制方法、装置及设备,该方法应用于目标委员会成员节点上。目标委员会成员节点调用权限合约以创建目标权限控制组。其中,权限合约部署于区块链的各个节点上。目标权限控制组包括成员列表和函数列表,目标权限控制组的成员列表中的成员具有调用目标权限控制组的函数列表中的函数的权限。权限合约的合约地址会随成员列表中的成员或函数列表中的函数的变动而更新。进而,目标委员会成员节点调用权限合约以将目标成员添加到目标权限控制组的成员列表中,并调用权限合约以将目标业务合约的目标函数添加到目标权限控制组的函数列表中。由此,目标成员具有调用目标业务合约的目标函数的权限。其中,目标业务合约也部署于区块链的各个节点上,且目标业务合约中嵌入有权限合约的合约地址。The embodiments of the present application provide a method, device, and device for controlling the authority of a business contract, and the method is applied to a target committee member node. The target committee member nodes call the permission contract to create the target permission control group. Among them, the permission contract is deployed on each node of the blockchain. The target authority control group includes a member list and a function list, and members in the member list of the target authority control group have the right to call functions in the function list of the target authority control group. The contract address of the permission contract will be updated with the changes of members in the member list or functions in the function list. Further, the target committee member node calls the permission contract to add the target member to the member list of the target permission control group, and calls the permission contract to add the target function of the target business contract to the function list of the target permission control group. Thus, the target member has the right to call the target function of the target business contract. Among them, the target business contract is also deployed on each node of the blockchain, and the contract address of the permission contract is embedded in the target business contract.
由此可知,本申请实施例将权限合约和目标业务合约相互独立出来,当成员列表中的成员或函数列表中的函数变动时,表示用户权限关系发生了变化,权限合约的合约地址会相应地发生变动。在此基础上,只需将目标业务合约中嵌入的权限合约的合约地址进行更新即可,无需更改业务合约。如此,简化了用户权限关系的更新过程。It can be seen from this that the embodiment of the present application separates the authority contract and the target business contract from each other. When a member in the member list or a function in the function list changes, it means that the user authority relationship has changed, and the contract address of the authority contract will correspond accordingly. changes. On this basis, it is only necessary to update the contract address of the permission contract embedded in the target business contract, without changing the business contract. In this way, the updating process of the user authority relationship is simplified.
附图说明Description of drawings
图1为本申请实施例提供的一种示例性应用场景的框架示意图;FIG. 1 is a schematic framework diagram of an exemplary application scenario provided by an embodiment of the present application;
图2为本申请实施例提供的一种业务合约权限控制方法的流程图;FIG. 2 is a flowchart of a method for controlling service contract authority provided by an embodiment of the present application;
图3为本申请实施例提供的另一种示例性应用场景的框架示意图;FIG. 3 is a schematic framework diagram of another exemplary application scenario provided by an embodiment of the present application;
图4为本申请实施例提供的一种业务合约权限控制装置的结构示意图。FIG. 4 is a schematic structural diagram of a service contract authority control apparatus according to an embodiment of the present application.
具体实施方式Detailed ways
为使本申请的上述目的、特征和优点能够更加明显易懂,下面结合附图和具体实施方式对本申请实施例作进一步详细的说明。In order to make the above objects, features and advantages of the present application more clearly understood, the embodiments of the present application will be described in further detail below with reference to the accompanying drawings and specific implementation manners.
为了便于理解和解释本申请实施例提供的技术方案,先对本申请实施例中所涉及到的背景技术进行介绍。In order to facilitate understanding and explanation of the technical solutions provided by the embodiments of the present application, the background technologies involved in the embodiments of the present application are first introduced.
随着区块链智能合约业务的日益丰富,越来越多的智能合约引入了权限控制,如此能够满足业务的安全性要求。例如,存证场景中,除了上传存证的函数外,还有许多专供审核人员调用的函数。需要对这些函数设置权限拦截逻辑,使得这些函数应仅由审核人员来使用。否则,会存在数据安全风险。With the increasing enrichment of blockchain smart contract business, more and more smart contracts have introduced permission control, which can meet the security requirements of the business. For example, in the certificate deposit scenario, in addition to the function for uploading the deposit certificate, there are many functions specially called by auditors. Permission blocking logic needs to be set up on these functions so that these functions should only be used by auditors. Otherwise, there will be data security risks.
目前,可设置一个权限参数表,通过权限参数表来确定用户所能访问的业务合约中的函数。进而,将权限检查代码嵌入到业务合约中。当用户调用区块链业务合约上的某个函数时,执行业务合约中的权限检查代码,基于权限参数表来判断此用户是否具有调用该函数的权限,从而实现权限控制。At present, a permission parameter table can be set, and the functions in the business contract that the user can access can be determined through the permission parameter table. Furthermore, the permission checking code is embedded in the business contract. When a user calls a function on the blockchain business contract, the permission check code in the business contract is executed, and based on the permission parameter table, it is judged whether the user has the permission to call the function, so as to realize permission control.
但是,由于权限检查代码嵌入到了业务合约中,每次需要更改用户权限关系时,都需要更改业务合约,使得权限变动时用户权限的更改过程较为繁琐且效率较低。而且,权限参数表的变更仅由管理员模式的管理者这一方决定,没有体现区块链多方协作的特点。However, since the permission checking code is embedded in the business contract, every time the user permission relationship needs to be changed, the business contract needs to be changed, which makes the process of changing the user permission when the permission is changed is cumbersome and inefficient. Moreover, the change of the permission parameter table is only determined by the administrator of the administrator mode, which does not reflect the characteristics of multi-party cooperation of the blockchain.
基于此,本申请实施例提供了一种业务合约权限控制方法、装置及设备,该方法应用于目标委员会成员节点上。目标委员会成员节点调用权限合约以创建目标权限控制组。其中,权限合约部署于区块链的各个节点上。目标权限控制组包括成员列表和函数列表,目标权限控制组的成员列表中的成员具有调用目标权限控制组的函数列表中的函数的权限。权限合约的合约地址会随成员列表中的成员或函数列表中的函数的变动而更新。进而,目标委员会成员节点调用权限合约以将目标成员添加到目标权限控制组的成员列表中,并调用权限合约以将目标业务合约的目标函数添加到目标权限控制组的函数列表中。由此,目标成员具有调用目标业务合约的目标函数的权限。其中,目标业务合约也部署于区块链的各个节点上,且目标业务合约中嵌入有权限合约的合约地址。Based on this, the embodiments of the present application provide a method, device, and device for controlling permissions of a business contract, and the method is applied to a target committee member node. The target committee member nodes call the permission contract to create the target permission control group. Among them, the permission contract is deployed on each node of the blockchain. The target authority control group includes a member list and a function list, and members in the member list of the target authority control group have the right to call functions in the function list of the target authority control group. The contract address of the permission contract will be updated with the changes of members in the member list or functions in the function list. Further, the target committee member node calls the permission contract to add the target member to the member list of the target permission control group, and calls the permission contract to add the target function of the target business contract to the function list of the target permission control group. Thus, the target member has the right to call the target function of the target business contract. Among them, the target business contract is also deployed on each node of the blockchain, and the contract address of the permission contract is embedded in the target business contract.
为了便于理解本申请实施例提供的业务合约权限控制方法,下面结合图1所示的场景示例进行说明。参见图1所示,该图为本申请实施例提供的示例性应用场景的框架示意图。该业务合约权限控制方法应用于目标委员会成员节点上。可以理解的是,目标委员会成员节点为区块链上的一个节点。In order to facilitate the understanding of the service contract authority control method provided by the embodiment of the present application, the following description is made with reference to the scenario example shown in FIG. 1 . Referring to FIG. 1 , this figure is a schematic frame diagram of an exemplary application scenario provided by an embodiment of the present application. The business contract permission control method is applied to the target committee member nodes. It can be understood that the target committee member node is a node on the blockchain.
如图1所示,角色层包括普通用户和治理者。合约层包括业务合约和权限合约。权限层包括权限控制组。其中,治理者能够操作权限合约,治理者包括目标委员会成员节点。权限合约包含权限控制组。As shown in Figure 1, the role layer includes ordinary users and managers. The contract layer includes business contracts and permission contracts. The permission layer includes permission control groups. Among them, the governor can operate the authority contract, and the governor includes the target committee member nodes. Permission contracts contain permission control groups.
在实际应用中,若普通用户想要调用业务合约中的函数时,需要向权限合约发送鉴权请求,权限合约需要判断普通用户是否有调用业务合约中的函数的权限。In practical applications, if an ordinary user wants to call a function in a business contract, he needs to send an authentication request to the permission contract, and the permission contract needs to determine whether the ordinary user has the permission to call the function in the business contract.
在本申请实施例中,目标委员会成员节点调用权限合约以创建目标权限控制组。其中,权限合约部署于区块链的各个节点上。目标权限控制组包括成员列表和函数列表,目标权限控制组的成员列表中的成员具有调用目标权限控制组的函数列表中的函数的权限。权限合约的合约地址会随成员列表中的成员或函数列表中的函数的变动而更新。In the embodiment of the present application, the target committee member node invokes the authority contract to create the target authority control group. Among them, the permission contract is deployed on each node of the blockchain. The target authority control group includes a member list and a function list, and members in the member list of the target authority control group have the right to call functions in the function list of the target authority control group. The contract address of the permission contract will be updated with the changes of members in the member list or functions in the function list.
进而,目标委员会成员节点调用权限合约以将目标成员添加到目标权限控制组的成员列表中,并调用权限合约以将目标业务合约的目标函数添加到目标权限控制组的函数列表中。Further, the target committee member node calls the permission contract to add the target member to the member list of the target permission control group, and calls the permission contract to add the target function of the target business contract to the function list of the target permission control group.
由此,目标成员具有调用目标业务合约的目标函数的权限。其中,目标业务合约也部署于区块链的各个节点上,且目标业务合约中嵌入有权限合约的合约地址。Thus, the target member has the right to call the target function of the target business contract. Among them, the target business contract is also deployed on each node of the blockchain, and the contract address of the permission contract is embedded in the target business contract.
基于上述内容,当权限合约判断普通用户是否有调用业务合约中的函数的权限时,可以判断普通用户是否在权限控制组中的用户列表中且业务合约中的函数是否在同一权限控制组的函数列表中,若均在,则该普通用户具有调用业务合约中的函数的权限。Based on the above, when the permission contract determines whether the ordinary user has the permission to call the function in the business contract, it can determine whether the ordinary user is in the user list in the permission control group and whether the function in the business contract is in the same permission control group. If all are in the list, the ordinary user has the right to call the function in the business contract.
本领域技术人员可以理解,图1所示的框架示意图仅是本申请的实施方式可以在其中得以实现的一个示例。本申请实施方式的适用范围不受到该框架任何方面的限制。Those skilled in the art can understand that the schematic diagram of the framework shown in FIG. 1 is only an example in which the embodiments of the present application can be implemented. The scope of application of the embodiments of the present application is not limited by any aspect of this framework.
为了便于理解本申请,下面结合附图对本申请实施例提供的一种业务合约权限控制方法进行说明。In order to facilitate the understanding of the present application, a business contract authority control method provided by the embodiments of the present application will be described below with reference to the accompanying drawings.
参见图2所示,该图为本申请实施例提供的一种业务合约权限控制方法的流程图。该方法可应用于上述实施例的目标委员会成员节点上。如图2所示,该方法可以包括S201-S203:Referring to FIG. 2 , this figure is a flowchart of a method for controlling permission of a service contract provided by an embodiment of the present application. This method can be applied to the target committee member nodes of the above embodiments. As shown in Figure 2, the method may include S201-S203:
S201:调用权限合约以创建权限合约中的目标权限控制组;权限合约部署于区块链的各个节点上;目标权限控制组包括成员列表和函数列表;目标权限控制组的成员列表中的成员具有调用目标权限控制组的函数列表中的函数的权限;权限合约的合约地址会随成员列表中的成员或函数列表中的函数的变动而更新。S201: Call the permission contract to create the target permission control group in the permission contract; the permission contract is deployed on each node of the blockchain; the target permission control group includes a member list and a function list; the members in the member list of the target permission control group have The permission to call the function in the function list of the target permission control group; the contract address of the permission contract will be updated with the changes of members in the member list or functions in the function list.
在实际应用中,先编写权限合约,权限合约包括成立委员会函数、申请事项函数、委员会成员投票函数以及执行事项函数等。编写权限合约完成之后,权限合约部署节点将权限合约部署到区块链的各个节点上,并获得权限合约的合约地址。权限合约部署节点为区块链上的节点。In practical applications, the permission contract is written first. The permission contract includes the establishment of the committee function, the application item function, the committee member voting function, and the execution item function. After writing the permission contract, the permission contract deployment node deploys the permission contract to each node of the blockchain and obtains the contract address of the permission contract. The permission contract deployment node is the node on the blockchain.
其中,成立委员会函数用于被权限合约部署节点调用,以成立委员会并生成投票通过阈值以及委员会的委员会成员节点信息。委员会的委员会成员节点信息包括委员会成员节点的成员名、委员会成员节点的账户地址以及委员会成员节点的投票权重等。另外,委员会成员节点可用于权限合约的委员会成员投票函数被调用时,对一些事项进行投票,具体请见下文A1-A3、B1-B3、C1-C3等。Among them, the establishment committee function is used to be called by the permission contract deployment node to establish the committee and generate the voting threshold and the committee member node information of the committee. The committee member node information of the committee includes the member name of the committee member node, the account address of the committee member node, and the voting weight of the committee member node. In addition, the committee member node can vote on some matters when the committee member voting function of the permission contract is called. For details, please refer to A1-A3, B1-B3, C1-C3, etc. below.
在本申请实施例中,目标委员会成员节点为预先成立的委员会中的一个成员节点。目标委员会成员节点调用权限合约以创建权限合约中的目标权限控制组。目标权限控制组包括成员列表和函数列表。成员列表中存储有成员的成员名,函数列表中存储有函数名以及函数名所属业务合约的合约地址。可以理解的是,除目标权限控制组以外,还可根据实际情况建立其他的权限控制组。例如,创建权限控制组A和权限控制组B。权限控制组A的成员列表中的成员为用户A和用户B,权限控制组A的函数列表中存储有函数1、函数2、函数3以及各个函数所属的业务合约的合约地址。权限控制组A的成员列表中的成员同为用户A和用户B,权限控制组A的函数列表中存储有函数4、函数5以及各个函数所属的业务合约的合约地址。In this embodiment of the present application, the target committee member node is a member node in a pre-established committee. The target committee member node calls the permission contract to create the target permission control group in the permission contract. The target permission control group includes a member list and a function list. The member list stores the member name of the member, and the function list stores the function name and the contract address of the business contract to which the function name belongs. It can be understood that, in addition to the target permission control group, other permission control groups can also be established according to actual conditions. For example, create permission control group A and permission control group B. The members in the member list of authority control group A are user A and user B, and the function list of authority control group A stores function 1, function 2, function 3 and the contract addresses of the business contracts to which each function belongs. The members in the member list of permission control group A are both user A and user B, and the function list of permission control group A stores function 4, function 5 and the contract address of the business contract to which each function belongs.
目标权限控制组的成员列表中的成员具有调用目标权限控制组的函数列表中的函数的权限。在成员列表和函数列表初始建成时,成员列表和函数列表中为空的。由此,可在成员函数列表中添加成员,在函数列表中添加函数,以使权限控制组的成员列表中的成员能够调用同一权限控制组的函数列表中的函数。Members in the member list of the target permission control group have permission to call functions in the function list of the target permission control group. When the member list and function list are initially constructed, the member list and function list are empty. Thus, members can be added to the member function list, and functions can be added to the function list, so that members in the member list of the authority control group can call functions in the function list of the same authority control group.
需要说明的是,权限合约的合约地址会随成员列表中的成员或函数列表中的函数的变动而更新。当成员列表中新增或删除某个/些成员时,或者当函数列表中新增或删除某个/些函数时,都会导致权限合约的代码变动,使得权限合约的合约地址变动。It should be noted that the contract address of the permission contract will be updated with the changes of members in the member list or functions in the function list. When a member/members are added or deleted from the member list, or when a function/functions are added or deleted from the function list, the code of the permission contract will change, and the contract address of the permission contract will change.
可以理解的是,本申请实施例通过权限合约来管理业务合约中的函数使用权限。权限控制组的目的在于提供权限控制功能,从而实现非法调用业务合约函数的拦截。It can be understood that, in this embodiment of the present application, the permission contract is used to manage the function usage permission in the business contract. The purpose of the permission control group is to provide permission control functions, so as to realize the interception of illegal calls to business contract functions.
在一种可能的实现方式中,本申请实施例提供了一种调用权限合约以创建权限合约中的目标权限控制组的具体实施方式,具体请见下文A1-A3。In a possible implementation manner, the embodiment of the present application provides a specific implementation manner of invoking a permission contract to create a target permission control group in the permission contract. For details, please refer to A1-A3 below.
S202:调用权限合约以将目标成员添加到目标权限控制组的成员列表中。S202: Invoke the permission contract to add the target member to the member list of the target permission control group.
在创建目标权限控制组之后,目标委员会成员节点便可调用权限合约以将目标成员添加到目标权限控制组的成员列表中。在本申请实施例中,目标成员为目标成员节点,简称为目标成员。After the target permission control group is created, the target committee member node can call the permission contract to add the target member to the member list of the target permission control group. In this embodiment of the present application, the target member is a target member node, which is referred to as a target member for short.
在一种可能的实现方式中,本申请实施例提供了一种调用权限合约以将目标成员添加到目标权限控制组的成员列表中的具体实施方式,具体请见下文B1-B3。In a possible implementation manner, the embodiment of the present application provides a specific implementation manner of invoking a permission contract to add a target member to the member list of the target permission control group, for details, please refer to B1-B3 below.
S203:调用权限合约以将目标业务合约的目标函数添加到目标权限控制组的函数列表中,以使目标成员具有调用目标业务合约的目标函数的权限;目标业务合约部署于区块链的各个节点上;目标业务合约中嵌入有权限合约的合约地址。S203: Call the authority contract to add the target function of the target business contract to the function list of the target authority control group, so that the target member has the authority to call the target function of the target business contract; the target business contract is deployed on each node of the blockchain Above; the contract address of the permission contract embedded in the target business contract.
编写目标业务合约,在目标业务合约中加入权限合约的合约地址,以将目标业务合约和权限合约进行关联,这表示目标业务合约受权限合约的控制。编写目标业务合约完成后,将目标业务合约部署于区块链的各个节点上,并获取目标业务合约的合约地址。作为一种可选示例,目标业务合约的合约地址用于目标用户在调用目标业务合约中的目标函数时,先调用目标业务合约的合约地址。Write the target business contract and add the contract address of the permission contract to the target business contract to associate the target business contract with the permission contract, which means that the target business contract is controlled by the permission contract. After writing the target business contract, deploy the target business contract on each node of the blockchain, and obtain the contract address of the target business contract. As an optional example, the contract address of the target business contract is used for the target user to call the contract address of the target business contract first when calling the target function in the target business contract.
在创建目标权限控制组之后,目标委员会成员节点便可调用权限合约以将目标业务合约的目标函数添加到目标权限控制组的函数列表中。具体实施时,还需将目标业务合约的合约地址和目标函数一同添加到目标权限控制组的函数列表中。如此,目标权限控制组的成员列表中的目标成员便具有调用目标权限控制组的函数列表中目标业务合约的目标函数的权限。After the target permission control group is created, the target committee member node can call the permission contract to add the target function of the target business contract to the function list of the target permission control group. During specific implementation, the contract address of the target business contract and the target function need to be added to the function list of the target permission control group. In this way, the target member in the member list of the target authority control group has the authority to call the target function of the target business contract in the function list of the target authority control group.
可以理解的是,当权限合约的合约地址变动时,更新目标业务合约中嵌入的权限合约的合约地址。It can be understood that when the contract address of the permission contract changes, the contract address of the permission contract embedded in the target business contract is updated.
在一种可能的实现方式中,本申请实施例提供了一种S203中调用权限合约以将目标业务合约的目标函数添加到目标权限控制组的函数列表中的具体实施方式,具体请见下文C1-C3。In a possible implementation manner, the embodiment of the present application provides a specific implementation manner of calling the authority contract in S203 to add the target function of the target business contract to the function list of the target authority control group. For details, please refer to C1 below. -C3.
在将目标成员添加到目标权限控制组的成员列表中并且将目标业务合约的目标函数添加到目标权限控制组的函数列表中之后,可以对目标成员进行测试。采用目标成员的账户地址调用目标业务合约的业务地址,以调用目标业务合约中的目标函数,生成鉴权请求发送给权限合约。权限合约基于判断各个权限控制组的成员列表中是否存储有目标成员,以及判断各个权限控制组的函数列表中是否存储有目标函数。当成员列表中存储有目标成员、函数列表中存储有目标函数且成员列表和函数列表属于同一权限控制组,即目标权限控制组时,确定目标成员具有调用目标业务合约的目标函数的权限。基于此,结果为调用成功。否则,当任一权限控制组的成员列表中没有存储有目标成员、任一权限控制组的函数列表中没有存储有目标函数、存储有目标成员的成员列表和存储有目标函数的函数列表未属于同一权限控制组这三种情况中的一种情况发生时,调用失败。After the target member is added to the member list of the target authority control group and the target function of the target business contract is added to the function list of the target authority control group, the target member can be tested. Use the account address of the target member to call the business address of the target business contract to call the target function in the target business contract, generate an authentication request and send it to the authority contract. The permission contract is based on judging whether the target member is stored in the member list of each permission control group, and whether the target function is stored in the function list of each permission control group. When the target member is stored in the member list, the target function is stored in the function list, and the member list and the function list belong to the same authority control group, that is, the target authority control group, it is determined that the target member has the authority to call the target function of the target business contract. Based on this, the result is that the call succeeded. Otherwise, when there is no target member stored in the member list of any permission control group, the target function is not stored in the function list of any permission control group, the member list that stores the target member, and the function list that stores the target function does not belong to The call fails when one of these three conditions occurs for the same permission control group.
基于S201-S203的内容可知,本申请实施例的基本流程包含有权限合约的编写和部署、权限合约的调用、目标业务合约和权限合约关联、目标业务合约的部署、权限合约的调用、测试等。可以理解的是,权限合约和目标业务合约相互独立,如果权限合约有变动,只需要修改目标业务合约中引入的权限合约的合约地址即可实现对不同角色的接口权限控制,从而拦截非法函数调用。如此,简化了用户权限关系的更新过程。Based on the contents of S201-S203, it can be seen that the basic process of the embodiment of the present application includes the writing and deployment of the authority contract, the invocation of the authority contract, the association between the target business contract and the authority contract, the deployment of the target business contract, the invocation of the authority contract, testing, etc. . It is understandable that the permission contract and the target business contract are independent of each other. If the permission contract changes, you only need to modify the contract address of the permission contract introduced in the target business contract to realize the interface permission control for different roles, thereby intercepting illegal function calls. . In this way, the updating process of the user authority relationship is simplified.
作为一种可选示例,申请事项函数包括申请创建组函数,执行事项函数包括执行创建组函数。基于此,在一种可能的实现方式中,本申请实施例提供了一种S201中调用权限合约以创建权限合约中的目标权限控制组的具体实施方式,包括:As an optional example, the application item function includes the application creation group function, and the execution item function includes the execution creation group function. Based on this, in a possible implementation manner, the embodiment of the present application provides a specific implementation manner of invoking the authority contract in S201 to create a target authority control group in the authority contract, including:
A1:调用申请创建组函数,以生成第一请求;第一请求为申请创建目标权限控制组的请求。A1: Call the application creation group function to generate the first request; the first request is the request to apply for the creation of the target permission control group.
目标委员会成员节点提出创建权限控制组的申请,并通过调用权限合约中的申请创建组函数来生成第一请求。第一请求即为申请创建目标权限控制组的请求。The target committee member node submits an application to create a permission control group, and generates the first request by calling the application creation group function in the permission contract. The first request is a request for creating a target permission control group.
A2:调用委员会成员投票函数,以使委员会中的每个委员会成员节点均对第一请求进行投票。A2: Call the committee member voting function so that each committee member node in the committee votes on the first request.
进而,目标委员会成员节点调用委员会成员投票函数,以使委员会中的每个委员会成员节点均对第一请求进行投票,得到各个委员会成员节点对第一请求的投票情况。例如,委员会成员节点对第一请求的投票情况为1或0,1表示同意创建权限合约中的目标权限控制组,0表示不同意创建权限合约中的目标权限控制组。Furthermore, the target committee member node invokes the committee member voting function, so that each committee member node in the committee votes on the first request, and obtains the voting status of each committee member node on the first request. For example, the voting status of the committee member nodes for the first request is 1 or 0. 1 indicates that they agree to create the target permission control group in the permission contract, and 0 indicates that they do not agree to create the target permission control group in the permission contract.
A3:当第一请求对应的投票结果大于投票通过阈值时,调用执行创建组函数,以创建权限合约中的目标权限控制组。A3: When the voting result corresponding to the first request is greater than the voting pass threshold, call and execute the create group function to create the target permission control group in the permission contract.
在一种可能的实现方式中,第一请求对应的投票结果是根据委员会中的每个委员会成员对第一请求的投票情况以及每个委员会成员的投票权重得到的。具体地,可将委员会成员对第一请求的投票情况与委员会成员的投票权重进行加权求和,获得第一请求对应的投票结果。In a possible implementation manner, the voting result corresponding to the first request is obtained according to the voting status of each committee member in the committee on the first request and the voting weight of each committee member. Specifically, the voting results of the committee members on the first request and the voting weights of the committee members may be weighted and summed to obtain a voting result corresponding to the first request.
可以理解的是,投票通过阈值是预先设置的,本申请实施例不限定投票通过阈值的具体数值。It can be understood that the threshold for passing the vote is preset, and the embodiment of the present application does not limit the specific value of the threshold for passing the vote.
作为一种可选示例,当第一请求对应的投票结果大于投票通过阈值时,由目标委员会成员节点调用执行创建组函数,以创建权限合约中的目标权限控制组。As an optional example, when the voting result corresponding to the first request is greater than the voting pass threshold, the target committee member node calls and executes the create group function to create the target permission control group in the permission contract.
作为另一种可选示例,在得到各个委员会成员节点对第一请求的投票情况之后,可自动判断第一请求对应的投票结果是否大于投票通过阈值,当第一请求对应的投票结果大于投票通过阈值时,自动调用执行创建组函数,以创建权限合约中的目标权限控制组。即,将A2和A3步骤进行合并。As another optional example, after obtaining the voting status of each committee member node for the first request, it can be automatically determined whether the voting result corresponding to the first request is greater than the voting pass threshold, and when the voting result corresponding to the first request is greater than the voting passing threshold When the threshold is reached, the execute group creation function is automatically called to create the target permission control group in the permission contract. That is, the A2 and A3 steps are combined.
基于A1-A3的内容可知,在本申请实施例中,权限合约中的目标权限控制组的创建并不是由一方决定,而是由委员会的各个委员会成员节点决定,只有委员会投票数超过投票通过阈值时,才执行创建目标权限控制组的操作,符合区块链多方共识的思想。Based on the contents of A1-A3, in the embodiment of the present application, the creation of the target authority control group in the authority contract is not decided by one party, but by each committee member node of the committee. Only the committee votes exceed the voting pass threshold. The operation of creating the target authority control group is performed only when the target permission control group is created, which is in line with the idea of multi-party consensus in the blockchain.
作为一种可选示例,申请事项函数包括申请成员添加进组函数,执行事项函数包括执行成员添加进组函数。基于此,在一种可能的实现方式中,本申请实施例提供了一种S202中调用权限合约以将目标成员添加到目标权限控制组的成员列表中的具体实施方式,包括:As an optional example, the application item function includes the function of applying for adding a member into the group, and the execution item function includes the executing member adding into the group function. Based on this, in a possible implementation manner, the embodiment of the present application provides a specific implementation manner of invoking the authority contract in S202 to add the target member to the member list of the target authority control group, including:
B1:调用申请成员添加进组函数,以生成第二请求;第二请求为申请将目标成员添加到目标权限控制组的成员列表中的请求。B1: Call the function for adding an application member to a group to generate a second request; the second request is a request for applying for adding the target member to the member list of the target authority control group.
目标委员会成员节点提出将目标成员添加到目标权限控制组的成员列表中的申请,并通过调用权限合约中的申请成员添加进组函数来生成第二请求。第二请求即为申请将目标成员添加到目标权限控制组的成员列表中的请求。The target committee member node submits an application for adding the target member to the member list of the target authority control group, and generates a second request by calling the application member add-in group function in the authority contract. The second request is a request for adding the target member to the member list of the target authority control group.
B2:调用委员会成员投票函数,以使委员会中的每个委员会成员节点均对第二请求进行投票。B2: Call the committee member voting function so that each committee member node in the committee votes on the second request.
进而,目标委员会成员节点调用委员会成员投票函数,以使委员会中的每个委员会成员节点均对第二请求进行投票,得到各个委员会成员节点对第二请求的投票情况。例如,委员会成员节点对第二请求的投票情况为1或0,1表示同意将目标成员添加到目标权限控制组的成员列表中,0表示不同意将目标成员添加到目标权限控制组的成员列表中。Furthermore, the target committee member node invokes the committee member voting function, so that each committee member node in the committee votes on the second request, and obtains the voting status of each committee member node on the second request. For example, the voting status of the committee member nodes for the second request is 1 or 0, 1 indicates that the target member is agreed to be added to the member list of the target authority control group, and 0 indicates that the target member is not agreed to be added to the member list of the target authority control group middle.
B3:当第二请求对应的投票结果大于投票通过阈值时,调用执行成员添加进组函数,以将目标成员添加到目标权限控制组中。B3: When the voting result corresponding to the second request is greater than the voting pass threshold, call the execution member adding function to add the target member to the target authority control group.
在一种可能的实现方式中,第二请求对应的投票结果是根据委员会中的每个委员会成员对第二请求的投票情况以及每个委员会成员的投票权重得到的。具体地,可将委员会成员对第二请求的投票情况与委员会成员的投票权重进行加权求和,获得第二请求对应的投票结果。In a possible implementation manner, the voting result corresponding to the second request is obtained according to the voting status of each committee member in the committee on the second request and the voting weight of each committee member. Specifically, the voting results of the committee members on the second request and the voting weights of the committee members may be weighted and summed to obtain a voting result corresponding to the second request.
作为一种可选示例,当第二请求对应的投票结果大于投票通过阈值时,由目标委员会成员节点调用执行成员添加进组函数,以将目标成员添加到目标权限控制组中。As an optional example, when the voting result corresponding to the second request is greater than the voting pass threshold, the target committee member node invokes the executive member add-in-group function to add the target member to the target permission control group.
作为另一种可选示例,在得到各个委员会成员节点对第二请求的投票情况之后,可自动判断第二请求对应的投票结果是否大于投票通过阈值,当第二请求对应的投票结果大于投票通过阈值时,自动调用执行成员添加进组函数,以将目标成员添加到目标权限控制组的成员列表中。即,将B2和B3步骤进行合并。As another optional example, after obtaining the voting status of each committee member node on the second request, it can be automatically determined whether the voting result corresponding to the second request is greater than the voting pass threshold, and when the voting result corresponding to the second request is greater than the voting passing threshold When the threshold is reached, the function of adding members to the group is automatically called to add the target member to the member list of the target permission control group. That is, the B2 and B3 steps are combined.
基于B1-B3的内容可知,在本申请实施例中,目标权限控制组的成员列表的成员变化不是由一方决定,而是由委员会的各个委员会成员节点决定,只有委员会投票数超过投票通过阈值时,才能执行将目标成员添加到目标权限控制组中的操作,符合区块链多方共识的思想。Based on the contents of B1-B3, in the embodiment of the present application, the member change of the member list of the target authority control group is not determined by one party, but determined by each committee member node of the committee. Only when the number of committee votes exceeds the voting pass threshold , in order to perform the operation of adding the target member to the target authority control group, which is in line with the idea of multi-party consensus in the blockchain.
作为一种可选示例,申请事项函数包括申请函数添加进组函数,执行事项函数包括执行函数添加进组函数。基于此,在一种可能的实现方式中,本申请实施例提供了一种S203中调用权限合约以将目标业务合约的目标函数添加到目标权限控制组的函数列表中的具体实施方式,包括:As an optional example, the application item function includes an application function adding a group function, and the execution item function includes an execution function adding a group function. Based on this, in a possible implementation manner, the embodiment of the present application provides a specific implementation manner of invoking the authority contract in S203 to add the target function of the target business contract to the function list of the target authority control group, including:
C1:调用申请函数添加进组函数,以生成第三请求;第三请求为申请将目标业务合约的目标函数添加到目标权限控制组的函数列表中的请求。C1: Call the application function to add the function into the group to generate a third request; the third request is a request to apply for adding the target function of the target business contract to the function list of the target authority control group.
目标委员会成员节点提出将目标业务合约的目标函数添加到目标权限控制组的函数列表中的申请,并通过调用权限合约中的申请函数添加进组函数来生成第三请求。第三请求即为申请将目标业务合约的目标函数添加到目标权限控制组的函数列表中的请求。The target committee member node submits an application for adding the target function of the target business contract to the function list of the target authority control group, and generates a third request by calling the application function in the authority contract to add the function to the group. The third request is a request for adding the target function of the target business contract to the function list of the target authority control group.
C2:调用委员会成员投票函数,以使委员会中的每个委员会成员节点均对第三请求进行投票。C2: Call the committee member voting function so that every committee member node in the committee votes on the third request.
进而,目标委员会成员节点调用委员会成员投票函数,以使委员会中的每个委员会成员节点均对第三请求进行投票,得到各个委员会成员节点对第三请求的投票情况。例如,委员会成员节点对第三请求的投票情况为1或0,1表示同意将目标业务合约的目标函数添加到目标权限控制组的函数列表中的请求,0表示不同意将目标业务合约的目标函数添加到目标权限控制组的函数列表中的请求。Furthermore, the target committee member node calls the committee member voting function, so that each committee member node in the committee votes on the third request, and obtains the voting status of each committee member node on the third request. For example, the voting status of the committee member nodes for the third request is 1 or 0, 1 indicates that they agree to the request to add the target function of the target business contract to the function list of the target authority control group, and 0 indicates that they do not agree to add the target function of the target business contract to the function list of the target authority control group. A request for a function to be added to the target permission control group's list of functions.
C3:当第三请求对应的投票结果大于投票通过阈值时,调用执行函数添加进组函数,以将目标业务合约的目标函数添加到目标权限控制组的函数列表中。C3: When the voting result corresponding to the third request is greater than the voting pass threshold, call the execution function to add the group function to add the target function of the target business contract to the function list of the target permission control group.
在一种可能的实现方式中,第三请求对应的投票结果是根据委员会中的每个委员会成员节点对第三请求的投票情况以及每个委员会成员节点的投票权重得到的。具体地,可将委员会成员对第三请求的投票情况与委员会成员的投票权重进行加权求和,获得第三请求对应的投票结果。In a possible implementation manner, the voting result corresponding to the third request is obtained according to the voting status of each committee member node in the committee on the third request and the voting weight of each committee member node. Specifically, the voting results of the committee members on the third request and the voting weights of the committee members may be weighted and summed to obtain a voting result corresponding to the third request.
作为一种可选示例,当第三请求对应的投票结果大于投票通过阈值时,由目标委员会成员节点调用执行函数添加进组函数,以将目标业务合约的目标函数添加到目标权限控制组的函数列表中。As an optional example, when the voting result corresponding to the third request is greater than the voting pass threshold, the member node of the target committee calls the execution function to add the group function to add the target function of the target business contract to the function of the target permission control group List.
作为另一种可选示例,在得到各个委员会成员节点对第三请求的投票情况之后,可自动判断第三请求对应的投票结果是否大于投票通过阈值,当第三请求对应的投票结果大于投票通过阈值时,自动调用执行函数添加进组函数,以将目标业务合约的目标函数添加到目标权限控制组的函数列表中。即,将C2和C3步骤进行合并。As another optional example, after obtaining the voting status of each committee member node for the third request, it can be automatically determined whether the voting result corresponding to the third request is greater than the voting pass threshold, and when the voting result corresponding to the third request is greater than the voting passing threshold When the threshold is reached, the execution function is automatically called to add the group function to add the target function of the target business contract to the function list of the target permission control group. That is, the C2 and C3 steps are combined.
基于C1-C3的内容可知,在本申请实施例中,目标权限控制组的函数列表的函数变化不是由一方决定,而是由委员会的各个委员会成员节点决定,只有委员会投票数超过投票通过阈值时,才能执行将目标业务合约的目标函数添加到目标权限控制组的函数列表中,符合区块链多方共识的思想。Based on the contents of C1-C3, in this embodiment of the present application, the function change of the function list of the target authority control group is not determined by one party, but by each committee member node of the committee. Only when the number of committee votes exceeds the voting pass threshold , in order to execute adding the target function of the target business contract to the function list of the target authority control group, which is in line with the idea of multi-party consensus in the blockchain.
为了便于理解本申请实施例提供的业务合约权限控制方法的整体流程,参见图3,图3为本申请实施例提供的另一种示例性应用场景的框架示意图。In order to facilitate understanding of the overall process of the business contract authority control method provided by the embodiment of the present application, refer to FIG. 3 , which is a schematic framework diagram of another exemplary application scenario provided by the embodiment of the present application.
如图3所示,先编写权限合约,权限合约包括成立委员会函数、申请事项函数、委员会成员投票函数以及执行事项函数。编写权限合约完成之后,由权限合约部署节点将权限合约部署到区块链的各个节点上,并获得权限合约的合约地址。As shown in Figure 3, first write the permission contract. The permission contract includes the establishment committee function, the application item function, the committee member voting function and the execution item function. After writing the permission contract, the permission contract deployment node deploys the permission contract to each node of the blockchain and obtains the contract address of the permission contract.
进而,再由权限合约部署节点调用权限合约中的成立委员会函数以成立委员会并生成投票通过阈值以及委员会的委员会成员节点信息。Furthermore, the authority contract deployment node calls the establishment committee function in the authority contract to establish the committee and generate the voting threshold and the committee member node information of the committee.
在上述内容基础上,委员会成员节点便可调用权限合约以创建权限控制组。创建权限控制组的过程包括申请、投票和执行三步。具体地,可参考A1-A3,这里不再赘述。On the basis of the above content, the committee member nodes can call the permission contract to create the permission control group. The process of creating an access control group includes three steps: application, voting and execution. Specifically, reference may be made to A1-A3, which will not be repeated here.
权限控制组包括成员列表和函数列表。在权限控制组创建成功时,成员列表和函数列表中为空。此时,委员会成员节点便可调用权限合约以将成员添加进组,即将成员添加进权限控制组的成员列表中。具体地,将成员添加进组的过程包括申请、投票和执行三步。具体地,可参考B1-B3,这里不再赘述。A permission control group includes a member list and a function list. When the permission control group is successfully created, the member list and function list are empty. At this point, the committee member node can call the permission contract to add the member to the group, that is, add the member to the member list of the permission control group. Specifically, the process of adding members to a group includes three steps: application, voting and execution. Specifically, reference may be made to B1-B3, which will not be repeated here.
在完成业务合约的编写并将业务合约部署到区块链的各个节点上之后,若想将业务合约中的函数添加进权限控制组的函数列表中。需要先建立业务合约和权限合约的联系,即将权限合约的合约地址加入业务合约中。进而,委员会成员节点便可调用权限合约以将业务合约中的函数添加进组,即将业务合约中的函数添加进权限控制组的函数列表中。具体地,将业务合约中的函数添加进组的过程包括申请、投票和执行三步。具体地,可参考C1-C3,这里不再赘述。After completing the writing of the business contract and deploying the business contract to each node of the blockchain, if you want to add the functions in the business contract to the function list of the permission control group. The connection between the business contract and the permission contract needs to be established first, that is, the contract address of the permission contract is added to the business contract. Furthermore, the committee member node can call the permission contract to add the function in the business contract to the group, that is, add the function in the business contract to the function list of the permission control group. Specifically, the process of adding a function in a business contract into a group includes three steps: application, voting and execution. Specifically, reference may be made to C1-C3, which will not be repeated here.
由此,组中的成员可以调用业务合约中的函数。From this, members of the group can call functions in the business contract.
本领域技术人员可以理解,图3所示的框架示意图仅是本申请的实施方式可以在其中得以实现的一个示例。本申请实施方式的适用范围不受到该框架任何方面的限制。Those skilled in the art can understand that the schematic diagram of the framework shown in FIG. 3 is only an example in which the embodiments of the present application can be implemented. The scope of application of the embodiments of the present application is not limited by any aspect of this framework.
基于上述方法实施例提供的一种业务合约权限控制方法,本申请实施例还提供了一种业务合约权限控制装置,下面将结合附图对业务合约权限控制装置进行说明。Based on the business contract authority control method provided by the above method embodiments, the embodiments of the present application further provide a business contract authority control device, which will be described below with reference to the accompanying drawings.
参见图4所示,该图为本申请实施例提供的一种业务合约权限控制装置的结构示意图,该装置应用于目标委员会成员节点中。如图4所示,该业务合约权限控制装置包括:Referring to FIG. 4 , which is a schematic structural diagram of a service contract authority control apparatus provided by an embodiment of the present application, the apparatus is applied to a target committee member node. As shown in Figure 4, the service contract authority control device includes:
第一调用单元401,用于调用权限合约以创建所述权限合约中的目标权限控制组;所述权限合约部署于区块链的各个节点上;所述目标权限控制组包括成员列表和函数列表;所述目标权限控制组的成员列表中的成员具有调用所述目标权限控制组的函数列表中的函数的权限;所述权限合约的合约地址会随所述成员列表中的成员或所述函数列表中的函数的变动而更新;The
第二调用单元402,用于调用权限合约以将目标成员添加到目标权限控制组的成员列表中;The
第三调用单元403,用于调用权限合约以将目标业务合约的目标函数添加到所述目标权限控制组的函数列表中,以使所述目标成员具有调用所述目标业务合约的目标函数的权限;所述目标业务合约部署于所述区块链的各个节点上;所述目标业务合约中嵌入有所述权限合约的合约地址。The
在一种可能的实现方式中,所述权限合约包括成立委员会函数,所述成立委员会函数用于被权限合约部署节点调用,以成立委员会并生成投票通过阈值以及所述委员会的委员会成员节点信息;所述委员会的委员会成员节点信息包括所述委员会成员节点的成员名、所述委员会成员节点的账户地址以及所述委员会成员节点的投票权重;所述目标委员会成员节点为预先成立的委员会中的一个成员节点。In a possible implementation manner, the authority contract includes a committee establishment function, and the committee establishment function is used to be called by the authority contract deployment node to establish a committee and generate a voting pass threshold and committee member node information of the committee; The committee member node information of the committee includes the member name of the committee member node, the account address of the committee member node, and the voting weight of the committee member node; the target committee member node is one of the pre-established committees member node.
在一种可能的实现方式中,所述权限合约还包括申请事项函数、委员会成员投票函数以及执行事项函数。In a possible implementation manner, the permission contract further includes an application item function, a committee member voting function, and an execution item function.
在一种可能的实现方式中,所述申请事项函数包括申请创建组函数,所述执行事项函数包括执行创建组函数,所述第一调用单元401,包括:In a possible implementation manner, the application item function includes an application creation group function, the execution item function includes an execution creation group function, and the
第一调用子单元,用于调用所述申请创建组函数,以生成第一请求;所述第一请求为申请创建目标权限控制组的请求;a first calling subunit, used for calling the application creation group function to generate a first request; the first request is a request for applying to create a target authority control group;
第二调用子单元,用于调用所述委员会成员投票函数,以使委员会中的每个委员会成员节点均对所述第一请求进行投票;a second calling subunit for calling the committee member voting function, so that each committee member node in the committee votes on the first request;
第三调用子单元,用于当所述第一请求对应的投票结果大于投票通过阈值时,调用所述执行创建组函数,以创建所述权限合约中的目标权限控制组。The third calling subunit is configured to call the execute and create group function to create the target permission control group in the permission contract when the voting result corresponding to the first request is greater than the voting pass threshold.
在一种可能的实现方式中,所述申请事项函数包括申请成员添加进组函数,所述执行事项函数包括执行成员添加进组函数,所述第二调用单元402,包括:In a possible implementation manner, the application matter function includes an application member adding function to a group, the execution matter function includes an executing member adding a group function, and the
第四调用子单元,用于调用所述申请成员添加进组函数,以生成第二请求;所述第二请求为申请将目标成员添加到目标权限控制组的成员列表中的请求;The fourth calling subunit is used to call the application member adding function to generate a second request; the second request is a request for applying to add the target member to the member list of the target authority control group;
第五调用子单元,用于调用所述委员会成员投票函数,以使委员会中的每个委员会成员节点均对所述第二请求进行投票;a fifth calling subunit, used to call the committee member voting function, so that each committee member node in the committee votes on the second request;
第六调用子单元,用于当所述第二请求对应的投票结果大于投票通过阈值时,调用所述执行成员添加进组函数,以将所述目标成员添加到所述目标权限控制组中。The sixth calling subunit is configured to call the executive member adding function to add the target member to the target authority control group when the voting result corresponding to the second request is greater than the voting pass threshold.
在一种可能的实现方式中,所述申请事项函数包括申请函数添加进组函数,所述执行事项函数包括执行函数添加进组函数,所述第三调用单元403,包括:In a possible implementation manner, the application item function includes an application function adding function to a group, the execution item function includes an execution function adding a group function, and the
第七调用子单元,用于调用所述申请函数添加进组函数,以生成第三请求;所述第三请求为申请将目标业务合约的目标函数添加到所述目标权限控制组的函数列表中的请求;The seventh calling subunit is used to call the application function to add the function into the group to generate a third request; the third request is to apply for adding the target function of the target business contract to the function list of the target authority control group request;
第八调用子单元,用于调用所述委员会成员投票函数,以使委员会中的每个委员会成员节点均对所述第三请求进行投票;an eighth calling subunit, configured to call the committee member voting function, so that each committee member node in the committee votes on the third request;
第九调用子单元,用于当所述第三请求对应的投票结果大于投票通过阈值时,调用所述执行函数添加进组函数,以将所述目标业务合约的目标函数添加到所述目标权限控制组的函数列表中。The ninth calling subunit is used to call the execution function to add the group function when the voting result corresponding to the third request is greater than the voting pass threshold, so as to add the target function of the target business contract to the target authority in the list of functions for the control group.
在一种可能的实现方式中,所述第三请求对应的投票结果是根据所述委员会中的每个委员会成员节点对所述第三请求的投票情况以及所述每个委员会成员节点的投票权重得到的。In a possible implementation manner, the voting result corresponding to the third request is based on the voting status of each committee member node in the committee on the third request and the voting weight of each committee member node owned.
另外,本申请实施例还提供了一种电子设备,包括:In addition, the embodiment of the present application also provides an electronic device, including:
一个或多个处理器;one or more processors;
存储装置,其上存储有一个或多个程序,a storage device on which one or more programs are stored,
当所述一个或多个程序被所述一个或多个处理器执行,使得所述一个或多个处理器实现如上述任一实施例所述的业务合约权限控制方法。When the one or more programs are executed by the one or more processors, the one or more processors implement the service contract permission control method described in any of the foregoing embodiments.
另外,本申请实施例还提供了一种计算机可读介质,其上存储有计算机程序,其中,所述程序被处理器执行时实现如上述任一实施例所述的业务合约权限控制。In addition, an embodiment of the present application further provides a computer-readable medium on which a computer program is stored, wherein when the program is executed by a processor, the service contract authority control described in any of the foregoing embodiments is implemented.
本申请实施例提供了一种业务合约权限控制装置及设备,该装置应用于目标委员会成员节点上。目标委员会成员节点调用权限合约以创建目标权限控制组。其中,权限合约部署于区块链的各个节点上。目标权限控制组包括成员列表和函数列表,目标权限控制组的成员列表中的成员具有调用目标权限控制组的函数列表中的函数的权限。权限合约的合约地址会随成员列表中的成员或函数列表中的函数的变动而更新。进而,目标委员会成员节点调用权限合约以将目标成员添加到目标权限控制组的成员列表中,并调用权限合约以将目标业务合约的目标函数添加到目标权限控制组的函数列表中。由此,目标成员具有调用目标业务合约的目标函数的权限。其中,目标业务合约也部署于区块链的各个节点上,且目标业务合约中嵌入有权限合约的合约地址。The embodiments of the present application provide a service contract authority control apparatus and equipment, and the apparatus is applied to a target committee member node. The target committee member nodes call the permission contract to create the target permission control group. Among them, the permission contract is deployed on each node of the blockchain. The target authority control group includes a member list and a function list, and members in the member list of the target authority control group have the right to call functions in the function list of the target authority control group. The contract address of the permission contract will be updated with the changes of members in the member list or functions in the function list. Further, the target committee member node calls the permission contract to add the target member to the member list of the target permission control group, and calls the permission contract to add the target function of the target business contract to the function list of the target permission control group. Thus, the target member has the right to call the target function of the target business contract. Among them, the target business contract is also deployed on each node of the blockchain, and the contract address of the permission contract is embedded in the target business contract.
由此可知,本申请实施例将权限合约和目标业务合约相互独立出来,当成员列表中的成员或函数列表中的函数变动时,表示用户权限关系发生了变化,权限合约的合约地址会相应地发生变动。在此基础上,只需将目标业务合约中嵌入的权限合约的合约地址进行更新即可,无需更改业务合约。如此,简化了用户权限关系的更新过程。It can be seen from this that the embodiment of the present application separates the authority contract and the target business contract from each other. When a member in the member list or a function in the function list changes, it means that the user authority relationship has changed, and the contract address of the authority contract will correspond accordingly. changes. On this basis, it is only necessary to update the contract address of the permission contract embedded in the target business contract, without changing the business contract. In this way, the updating process of the user authority relationship is simplified.
需要说明的是,本申请提供的一种业务合约权限控制方法、装置及设备可用于区块链领域。上述仅为示例,并不对本申请提供的一种业务合约权限控制方法、装置及设备的应用领域进行限定。It should be noted that a business contract authority control method, device and device provided by this application can be used in the blockchain field. The above is only an example, and does not limit the application field of a business contract authority control method, device and device provided by the present application.
通过以上的实施方式的描述可知,本领域的技术人员可以清楚地了解到上述实施例方法中的全部或部分步骤可借助软件加必需的通用硬件平台的方式来实现。基于这样的理解,本申请的技术方案本质上或者说对现有技术做出贡献的部分可以以软件产品的形式体现出来,该计算机软件产品可以存储在存储介质中,如ROM/RAM、磁碟、光盘等,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者诸如媒体网关等网络通信设备,等等)执行本申请各个实施例或者实施例的某些部分所述的方法。From the description of the above embodiments, those skilled in the art can clearly understand that all or part of the steps in the methods of the above embodiments can be implemented by means of software plus a necessary general hardware platform. Based on this understanding, the technical solutions of the present application can be embodied in the form of software products in essence or the parts that make contributions to the prior art, and the computer software products can be stored in storage media, such as ROM/RAM, magnetic disks , CD, etc., including several instructions for causing a computer device (which may be a personal computer, a server, or a network communication device such as a media gateway, etc.) to execute the various embodiments or parts of the embodiments of the present application. method.
需要说明的是,本说明书中各个实施例采用递进的方式描述,每个实施例重点说明的都是与其他实施例的不同之处,各个实施例之间相同相似部分互相参见即可。对于实施例公开的方法而言,由于其与实施例公开的系统相对应,所以描述的比较简单,相关之处参见系统部分说明即可。It should be noted that the various embodiments in this specification are described in a progressive manner, and each embodiment focuses on the differences from other embodiments, and the same and similar parts between the various embodiments may be referred to each other. For the method disclosed in the embodiment, since it corresponds to the system disclosed in the embodiment, the description is relatively simple, and the relevant part can be referred to the description of the system.
还需要说明的是,在本文中,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、物品或者设备不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、物品或者设备所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括所述要素的过程、方法、物品或者设备中还存在另外的相同要素。It should also be noted that, herein, the terms "comprising", "comprising" or any other variation thereof are intended to encompass a non-exclusive inclusion such that a process, method, article or device comprising a series of elements includes not only those elements , but also other elements not expressly listed or inherent to such a process, method, article or apparatus. Without further limitation, an element qualified by the phrase "comprising a..." does not preclude the presence of additional identical elements in a process, method, article or apparatus that includes the element.
对所公开的实施例的上述说明,使本领域专业技术人员能够实现或使用本申请。对这些实施例的多种修改对本领域的专业技术人员来说将是显而易见的,本文中所定义的一般原理可以在不脱离本申请的精神或范围的情况下,在其它实施例中实现。因此,本申请将不会被限制于本文所示的这些实施例,而是要符合与本文所公开的原理和新颖特点相一致的最宽的范围。The above description of the disclosed embodiments enables any person skilled in the art to make or use the present application. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be implemented in other embodiments without departing from the spirit or scope of the present application. Therefore, this application is not intended to be limited to the embodiments shown herein, but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (10)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210612276.XA CN114969788B (en) | 2022-05-31 | 2022-05-31 | A business contract authority control method, device and equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210612276.XA CN114969788B (en) | 2022-05-31 | 2022-05-31 | A business contract authority control method, device and equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114969788A true CN114969788A (en) | 2022-08-30 |
| CN114969788B CN114969788B (en) | 2024-11-26 |
Family
ID=82956842
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210612276.XA Active CN114969788B (en) | 2022-05-31 | 2022-05-31 | A business contract authority control method, device and equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114969788B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110474865A (en) * | 2018-05-11 | 2019-11-19 | 北京轻信科技有限公司 | Block chain user right system and implementation method |
| CN110851127A (en) * | 2019-10-28 | 2020-02-28 | 杭州趣链科技有限公司 | Universal evidence storage method based on block chain |
| CN110941679A (en) * | 2019-12-05 | 2020-03-31 | 腾讯科技(深圳)有限公司 | Contract data processing method, related equipment and medium |
| KR20200065507A (en) * | 2018-11-30 | 2020-06-09 | 고려대학교 산학협력단 | Systems for regulating authority of the private key in blockchain and method thereof |
| CN112700246A (en) * | 2020-12-31 | 2021-04-23 | iCALC控股有限公司 | Data processing method, device and equipment based on block chain and readable storage medium |
-
2022
- 2022-05-31 CN CN202210612276.XA patent/CN114969788B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110474865A (en) * | 2018-05-11 | 2019-11-19 | 北京轻信科技有限公司 | Block chain user right system and implementation method |
| KR20200065507A (en) * | 2018-11-30 | 2020-06-09 | 고려대학교 산학협력단 | Systems for regulating authority of the private key in blockchain and method thereof |
| CN110851127A (en) * | 2019-10-28 | 2020-02-28 | 杭州趣链科技有限公司 | Universal evidence storage method based on block chain |
| CN110941679A (en) * | 2019-12-05 | 2020-03-31 | 腾讯科技(深圳)有限公司 | Contract data processing method, related equipment and medium |
| CN113032490A (en) * | 2019-12-05 | 2021-06-25 | 腾讯科技(深圳)有限公司 | Contract data processing method, related equipment and medium |
| CN112700246A (en) * | 2020-12-31 | 2021-04-23 | iCALC控股有限公司 | Data processing method, device and equipment based on block chain and readable storage medium |
Non-Patent Citations (2)
| Title |
|---|
| ZHENG RUI: "Cryptocurrency Mining Malware Detection Based on Behavior Pattern and Graph Neural Network", 《SECURITY AND COMMUNICATION NETWORKS》, 26 March 2022 (2022-03-26) * |
| 林诗意;张磊;刘德胜: "基于区块链智能合约的应用研究综述", 《计算机应用研究》, 30 June 2021 (2021-06-30) * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114969788B (en) | 2024-11-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11848982B2 (en) | Access services in hybrid cloud computing systems | |
| CN112136291B (en) | Method and system for validation of blockchain | |
| JP5702477B2 (en) | Powerful rights management for computing application functions | |
| CN109691015B (en) | Dynamic access control method and system on block chain | |
| JP7228322B2 (en) | Auto-commit transaction management in blockchain networks | |
| US10225253B2 (en) | Usage tracking in hybrid cloud computing systems | |
| US20120210443A1 (en) | Securing and managing apps on a device | |
| JP2021500651A (en) | Computer automation methods, computer programs, and systems to support managing applications for clients | |
| CN103268438B (en) | Based on Android right management method and the system of call chain | |
| CN109493072B (en) | Privacy contract protection method based on alliance block chain | |
| TW201935383A (en) | Asset management method and apparatus, and electronic device | |
| US20200242251A1 (en) | Providing application security, validation and profiling to an application | |
| US7386885B1 (en) | Constraint-based and attribute-based security system for controlling software component interaction | |
| CN109240837A (en) | A kind of construction method of general cloud storage service API | |
| CN102902911A (en) | Method for running third-party codes safely in Java virtual computer | |
| CN115658085A (en) | Deployment method of cloud native application | |
| CN114417278A (en) | Interface unified management system and platform interface management system | |
| CN114928499A (en) | Access control method based on block chain and trust system | |
| Shaqrah | Cloud CRM: State-of-the-art and security challenges | |
| CN114969788A (en) | Service contract authority control method, device and equipment | |
| US20090320089A1 (en) | Policy-based user brokered authorization | |
| CN112580112A (en) | Intelligent contract implementation method and device based on full-chain consensus and local deployment | |
| Al-Lawati et al. | The impact of cloud computing IT departments: A case study of Oman's financial institutions | |
| Varun et al. | Decentralized authorization in web services using public blockchain | |
| US11736525B1 (en) | Generating access control policies using static analysis |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |