Hyperledger fabric Hyperledger编写器-ACL问题
我需要一些帮助来理解访问控制登录在Composer中是如何工作的。我已经研究了所有可用的演示,我只能找到,但我仍然需要一些指导 我有以下与会者:Hyperledger fabric Hyperledger编写器-ACL问题,hyperledger-fabric,acl,blockchain,hyperledger-composer,Hyperledger Fabric,Acl,Blockchain,Hyperledger Composer,我需要一些帮助来理解访问控制登录在Composer中是如何工作的。我已经研究了所有可用的演示,我只能找到,但我仍然需要一些指导 我有以下与会者: abstract participant Business identified by email { o String email o String name o String legalEntity } participant Insurer extends Business { } 以及以下资产: asset Policy ide
abstract participant Business identified by email {
o String email
o String name
o String legalEntity
}
participant Insurer extends Business {
}
asset Policy identified by policyId {
o String policyId
o PolicyStatus status
o DateTime signDate
--> Insurer insurer
}
transaction SwitchPolicyInsurer {
--> Policy policy
--> Insurer insurer
}
async function switchPolicyInsurer(tx) {
var NS = 'org.example.mynetwork';
let policy = tx.policy;
let newInsurer = tx.insurer;
// Save the old Insurer
let oldInsurer = tx.policy.insurer;
// Update the policy with new owner
var factory = getFactory();
policy.insurer = factory.newRelationship(NS, 'Insurer', newInsurer.getIdentifier());
//Update the asset registry
let policyRegistry = await getAssetRegistry(NS + '.Policy');
await policyRegistry.update(policy);
}
rule SwitchPolicyInsurer {
description: "Can switch"
participant(m): "org.example.mynetwork.Insurer"
operation: READ, UPDATE
resource(v): "org.example.mynetwork.Policy"
condition: (v.insurer.getIdentifier() == m.getIdentifier())
action: ALLOW
}
我正在使用浏览器作为试验场。我看到保单资产现在有“保险人”字段,保险人参与者的模型已经添加 更新:您的问题是:您已经定义了其他规则,这些规则的优先级/顺序正在影响您想要限制的内容等。我建议(仅)尝试下面的这些规则,以及您在底部可能已经拥有的正常系统/网络ACL(以便正常操作可以运行)-通常,ACL就像一个金字塔——粒度越细的规则(影响“较少”的目标资源)越接近顶部——粒度越粗的规则(因为它们的本质,往往会进入规则集的底部,影响更广泛的目标资源集)
你能把保险人参与者寄出去吗?此外,在资产“保险单”中,我看不到您在此处调用的保险人字段:条件:(v.insurance.getIdentifier()==m.getIdentifier())我更正了错误,现在有一家保险人声明为参与者。我昨天尝试了这一点,但它没有限制任何内容。我可以向保险公司添加任何字符串,交易就可以进行了。例如:“保险公司”:“资源:org.example.mynetwork.insurance#sss”-我没有保险公司sss。。。有什么想法吗?见上文。这些规则对我很有用:保险公司可以更新保单(仅通过交易使用关系标识符,将其切换到另一家保险公司)。一旦完成txn,此后只有保险公司可以提交txn,该txn将对所有权(在该保单实例上)进行任何进一步的更改,正如您在TP功能中所编码的那样。此外,如果保险人_x试图(随后)提交交易,将所有权转移回“他自己”,他就不能这样做。
rule txn_rule {
description: "Access the txn resource itself"
participant: "org.example.mynetwork.Insurer"
operation: ALL
resource: "org.example.mynetwork.SwitchPolicyInsurer"
action: ALLOW
}
rule marshal_rule_via_txn_only {
description: "Marshal updates such that transacting insurer participant matches the linked/related policy"
participant(m): "org.mynetwork.trading.Insurer"
operation: READ, UPDATE
resource(v): "org.example.mynetwork.Policy"
transaction(tx): "org.example.mynetwork.SwitchPolicyInsurer"
condition: (v.insurer.getIdentifier() == m.getIdentifier() )
action: ALLOW
}
rule policyresource_rule_outside_txn {
description: "Need base access to my (insurer) policy resource outside of the transaction itself - used ALL, but could equally have READ"
participant(m): "org.example.mynetwork.Insurer"
operation: ALL
resource(v): "org.example.mynetwork.Policy"
condition: (v.insurer.getIdentifier() == m.getIdentifier())
action: ALLOW
}
rule playground_rule_so_I_can_see_identities_to_switch_and_test { // can be removed when done with testing FYI
description: "self-explanatory"
participant: "ANY"
operation: ALL
resource: "org.example.mynetwork.Insurer"
action: ALLOW
}