1. 技术文章
  2. Hyperledger Composer - ACL Rule with function in condition

Hyperledger Composer - ACL Rule with function in condition

拜拜、爱过 提交于 2019-12-02 18:54:39

问题


I'm trying to write a little complexer logic in the condition of an ACL Rule as always the p.getIdentifier() == r.getIdentifier(), because in my fault it isn't possible.

These are my models:

participant Customer identified by customerID {
  o String  customerID
  o String  name
  ...
}

asset A identified by aID {
  o String       aID
  --> Customer   customer
}

asset B identified by bID {
  o String  bID
  --> A     a
}

Now I want to give the Customer access to see all B assets, but only where the relationship to A references to an asset, which have a relatinship to the actual participant of Customer, who is "logged in".

Summarized logic: From asset B to A, and then from A to Customer.

So in this case I can't compare the identifiers of Customer and B directly and have to go over A. Therefore I wanted to evaulate the access with a function which is called in the script.js file:

rule CustomerAccessCustomer {
  description: "The customer should see all B assets, but only when he have a relationship in asset A "
  participant(p): "org.xxx.test.participant.Customer"
  operation: READ
  resource(r): "org.xxx.test.asset.B"
  condition: (evaluateAccess(p,r))
  action: ALLOW
}

Here is the function of the script.js:

async function evaluateAccess(p,r) {
  try {
    const bRegistry = await getAssetRegistry('org.xxx.test.asset.B');
    const b = await bRegistry.get(r.getIdentifier());

    const aRegistry = await getAssetRegistry('org.xxx.test.asset.A');
    const a = await aRegistry.get(b.a.getIdentifier());

    if (p.getIdentifier() === a.customer.getIdentifier()) {
        return true;
    }
  } catch (error) {
    console.log(error);
  }
}

But I get an error Error: The runtime API is not available.

Do I think the wrong way, isn't it possible to evaluate access with a function? How did you handle access rule if you can't just compare the identifiers?


回答1:


you should just be able to do:

rule CustomerAccessCustomer {
  description: "The customer should see all B assets, but only when he have a relationship in asset A "
  participant(p): "org.xxx.test.participant.Customer"
  operation: READ
  resource(r): "org.xxx.test.asset.B"
  condition: ( (p.getIdentifier() === r.a.customer.getIdentifier()) 
  action: ALLOW
}

but p would also need READ access already to be able to 'read' Asset resource 'A' (to check the identifier etc) in the first place :-)




回答2:


The customer should be participant not asset:

participant Customer identified by customerID {
  o String  customerID
  o String  name
}


来源:https://stackoverflow.com/questions/50423437/hyperledger-composer-acl-rule-with-function-in-condition

标签
hyperledger-fabric
hyperledger
hyperledger-composer
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!