protect against deletion

dshuffma-ibm · dshuffma-ibm · commit 5a90e4b2b71d · 2016-12-14T15:16:17.000-05:00
diff --git a/chaincode/lib_marbles.go b/chaincode/lib_marbles.go
@@ -86,11 +86,12 @@ func get_complete_marble_index(stub shim.ChaincodeStubInterface) ([]string, erro
 func delete_marble(stub shim.ChaincodeStubInterface, args []string) ([]byte, error) {
 	fmt.Println("starting delete_marble")
 
-	if len(args) != 1 {
-		return nil, errors.New("Incorrect number of arguments. Expecting 1")
+	if len(args) != 2 {
+		return nil, errors.New("Incorrect number of arguments. Expecting 2")
 	}
 
 	name := args[0]
+	authed_by_company := args[1]
 
 	//get the marble
 	marble, err := get_marble(stub, name)
@@ -99,6 +100,11 @@ func delete_marble(stub shim.ChaincodeStubInterface, args []string) ([]byte, err
 		return nil, err
 	}
 
+	//check authorizing company
+	if marble.Owner.Company != authed_by_company{
+		return nil, errors.New("The company '" + authed_by_company + "' cannot authorize deletion for '" + marble.Owner.Company + "'.")
+	}
+
 	//remove the marble
 	err = stub.DelState(name) //remove the key from chaincode state
 	if err != nil {
diff --git a/utils/marbles_cc_lib/marbles.js b/utils/marbles_cc_lib/marbles.js
@@ -25,7 +25,7 @@ module.exports = function (chain, chaincode_id, logger) {
 			function (results) {
 				var proposalResponses = results[0];
 				var proposal = results[1];
-				if (proposalResponses[0].response.status === 200) {
+				if (proposalResponses && proposalResponses[0] && proposalResponses[0].response && proposalResponses[0].response.status === 200) {
 					console.log('Successfully obtained transaction endorsement.' + JSON.stringify(proposalResponses));
 					if(ws) ws.send(JSON.stringify({msg: 'tx_step', state: 'ordering'}));
 					return webUser.sendTransaction(proposalResponses, proposal);
@@ -158,13 +158,13 @@ module.exports = function (chain, chaincode_id, logger) {
 			function (results) {
 				var proposalResponses = results[0];
 				var proposal = results[1];
-				if (proposalResponses[0] && proposalResponses[0].response && proposalResponses[0].response.status === 200) {
+				if (proposalResponses && proposalResponses[0] && proposalResponses[0].response && proposalResponses[0].response.status === 200) {
 					console.log('Successfully obtained transaction endorsement.' + JSON.stringify(proposalResponses));
 					if(ws) ws.send(JSON.stringify({msg: 'tx_step', state: 'ordering'}));
 					return webUser.sendTransaction(proposalResponses, proposal);
 				}
 				else {
-					console.log('Failed to obtain transaction endorsement. Error msg: ', proposalResponses[0]);
+					console.log('Failed to obtain transaction endorsement', proposalResponses);
 					if(ws) ws.send(JSON.stringify({msg: 'tx_step', state: 'endorsing_failed'}));
 					throw common.format_error_msg(proposalResponses[0]);
 				}
@@ -218,13 +218,14 @@ module.exports = function (chain, chaincode_id, logger) {
 			function (results) {
 				var proposalResponses = results[0];
 				var proposal = results[1];
-				if (proposalResponses[0].response.status === 200) {
+				if (proposalResponses && proposalResponses[0] && proposalResponses[0].response && proposalResponses[0].response.status === 200) {
 					console.log('Successfully obtained transaction endorsement.' + JSON.stringify(proposalResponses));
 					if(ws) ws.send(JSON.stringify({msg: 'tx_step', state: 'ordering'}));
 					return webUser.sendTransaction(proposalResponses, proposal);
 				}
 				else {
-					console.log('Failed to obtain transaction endorsement. Error code: ' + proposalResponses[0].response.status);
+					console.log('Failed to obtain transaction endorsement', proposalResponses);
+					if(ws) ws.send(JSON.stringify({msg: 'tx_step', state: 'endorsing_failed'}));
 					throw common.format_error_msg(proposalResponses[0]);
 				}
 			}
@@ -237,6 +238,7 @@ module.exports = function (chain, chaincode_id, logger) {
 				}
 				else {
 					console.log('Failed to order the endorsement of the transaction.');
+					if(ws) ws.send(JSON.stringify({msg: 'tx_step', state: 'ordering_failed'}));
 					throw response;
 				}
 			}
@@ -245,6 +247,7 @@ module.exports = function (chain, chaincode_id, logger) {
 				console.log('error in catch block', typeof err, err);
 				var e = null;
 				if(typeof err === 'string'){								//only pass these errors until we fix it
+					if(err.indexOf('cannot authorize')) e = err;
 					if(err.indexOf('Marble does not exist')) e = err;
 					if(err.indexOf('Incorrect number of arguments')) e = err;
 					if(err.indexOf('Owner does not exist')) e = err;
diff --git a/utils/websocket_server_side.js b/utils/websocket_server_side.js
@@ -34,8 +34,8 @@ module.exports = function (checkPerodically, marbles_lib, logger) {
 		if(data.type == 'create'){
 			console.log('[ws] create marbles req');
 			options = [data.name, data.color, data.size, data.username, data.company];
-			marbles_lib.create_a_marble(webUser, [hfc.getPeer(helper.getPeersUrl(0))], ws, options, function(){
-
+			marbles_lib.create_a_marble(webUser, [hfc.getPeer(helper.getPeersUrl(0))], ws, options, function(err, resp){
+				if(err != null) send_err(err, data);
 			});
 		}
 
@@ -58,8 +58,9 @@ module.exports = function (checkPerodically, marbles_lib, logger) {
 		//delete marble
 		else if(data.type == 'delete_marble'){
 			console.log('[ws] delete marble req');
-			marbles_lib.delete_marble(webUser, [hfc.getPeer(helper.getPeersUrl(0))], ws, [data.name], function(err, resp){
-
+			options = [data.name, process.env.marble_company];
+			marbles_lib.delete_marble(webUser, [hfc.getPeer(helper.getPeersUrl(0))], ws, options, function(err, resp){
+				if(err != null) send_err(err, data);
 			});
 		}
 
