问题
In my hyperledger-composer application, access control rules with a condition of the following type:
(r.someArray.indexOf(p.getIdentifier()) > -1)
do not work.
Here is an example of such an ACL-rule:
rule SuperiorsHaveReadAccessToTheirTeamMembers {
description: "Allow superiors read access to data on their team members"
participant(p): "org.comp.app.Employee"
operation: READ
resource(r): "org.comp.app.Employee"
condition: (r.superiors.indexOf(p.getIdentifier()) > -1)
action: ALLOW
}
for clarification:
participant Employee extends User {
o String company optional
--> Employee[] superiors optional
}
So the access control rule above simply states that Employee A has READ Access to Employee B if and only if Employee B's array-attribute "superiors" contains Employee A (i.e. if Employee A is the superior of Employee B).
However, it doesn't work. Employee A does not have READ access to Employee B. All the other access control rules of this kind do not work either.
Is this a bug in hyperledger-composer?
回答1:
no, its not a bug. Its, again, because you're working with an array of resource objects, as you've modeled it. indexOf works on the string Object. It works for me as follows:
rule SuperiorsHaveReadAccessToTheirTeamMembers {
description: "Allow superiors read access to data on their team members"
participant(p): "org.comp.app.Employee"
operation: READ
resource(r): "org.comp.app.Employee"
condition: (r.authorized && r.authorized.toString().indexOf(p.getIdentifier()) > -1)
action: ALLOW
}
Also, remember how indexOf works: it will 'pass' on the first match. It may be better to have an authorized field, and store shortened (string) ids in (say) a field eg. String[] authorized optional - and in this case your original rule would then work first time.
来源:https://stackoverflow.com/questions/52170395/hyperledger-composer-acl-rules-with-condition-of-type-r-somearray-indexofp-ge