PII网络示例,希望授权其他参与者
PII网络示例,希望授权其他参与者
提问于 2018-04-30 22:44:04
所以我使用的是pii样本网络。最初,网络只有一个参与者,即成员,成员授权或撤销对其他成员的信息访问。
但是,我想要改变这一点,并添加一个新的参与者,例如“医生”,并且成员可以授权或撤销对博士参与者的访问。
问题是,当我添加了一个新的医生参与者并想授权它时,事务并不是搜索博士参与者,而是在成员参与者中搜索。
所以,有人能帮我指出我应该改变什么吗?这是逻辑,还是定义?不然呢?
pii.cto
namespace org.acme.pii
concept Address {
o String street
o String house
o String city
o String county
o String country
o String zip
}
participant Member identified by email {
o String email
o String firstName
o String lastName
o DateTime dob optional
o Address address optional
o String[] authorized optional
}
participant Doctor identified by email {
o String email
o String firstName
o String lastName
o DateTime dob optional
o Address address optional
o String[] authorized optional
}
abstract transaction MemberTransaction {
o String memberId
}
abstract transaction DoctorTransaction {
o String memberId
}
transaction AuthorizeAccess extends MemberTransaction {
}
transaction RevokeAccess extends MemberTransaction {
}
event MemberEvent {
o MemberTransaction memberTransaction
}Logic.js
async function authorizeAccess(authorize) { // eslint-disable-line no-unused-vars
const me = getCurrentParticipant();
console.log('**** AUTH: ' + me.getIdentifier() + ' granting access to ' + authorize.memberId );
if(!me) {
throw new Error('A participant/certificate mapping does not exist.');
}
// if the member is not already authorized, we authorize them
let index = -1;
if(!me.authorized) {
me.authorized = [];
}
else {
index = me.authorized.indexOf(authorize.memberId);
}
if(index < 0) {
me.authorized.push(authorize.memberId);
// emit an event
const event = getFactory().newEvent('org.acme.pii', 'MemberEvent');
event.memberTransaction = authorize;
emit(event);
// persist the state of the member
const memberRegistry = await getParticipantRegistry('org.acme.pii.Member');
await memberRegistry.update(me);
}
}
/**
* A Member revokes access to their record from another Member.
* @param {org.acme.pii.RevokeAccess} revoke - the RevokeAccess to be processed
* @transaction
*/
async function revokeAccess(revoke) { // eslint-disable-line no-unused-vars
const me = getCurrentParticipant();
console.log('**** REVOKE: ' + me.getIdentifier() + ' revoking access to ' + revoke.memberId );
if(!me) {
throw new Error('A participant/certificate mapping does not exist.');
}
// if the member is authorized, we remove them
const index = me.authorized ? me.authorized.indexOf(revoke.memberId) : -1;
if(index>-1) {
me.authorized.splice(index, 1);
// emit an event
const event = getFactory().newEvent('org.acme.pii', 'MemberEvent');
event.memberTransaction = revoke;
emit(event);
// persist the state of the member
const memberRegistry = await getParticipantRegistry('org.acme.pii.Member');
await memberRegistry.update(me);
}
}permissions.acl
rule AuthorizeAccessTransaction {
description: "Allow all participants to submit AuthorizeAccess transactions"
participant: "ANY"
operation: CREATE
resource: "org.acme.pii.AuthorizeAccess"
action: ALLOW
}
rule RevokeAccessTransaction {
description: "Allow all participants to submit RevokeAccess transactions"
participant: "ANY"
operation: CREATE
resource: "org.acme.pii.RevokeAccess"
action: ALLOW
}
rule OwnRecordFullAccess {
description: "Allow all participants full access to their own record"
participant(p): "org.acme.pii.Member"
operation: ALL
resource(r): "org.acme.pii.Member"
condition: (r.getIdentifier() === p.getIdentifier())
action: ALLOW
}
rule DoctorAccess {
description: "Allow all participants full access to their own record"
participant(p): "org.acme.pii.Doctor"
operation: ALL
resource(r): "org.acme.pii.Doctor"
condition: (r.getIdentifier() === p.getIdentifier())
action: ALLOW
}
rule ForeignRecordConditionalAccess {
description: "Allow participants access to other people's records if granted"
participant(p): "org.acme.pii.Member"
operation: ALL
resource(r): "org.acme.pii.Member"
condition: (r.authorized && r.authorized.indexOf(p.getIdentifier()) > -1)
action: ALLOW
}
rule SystemACL {
description: "System ACL to permit all access"
participant: "org.hyperledger.composer.system.Participant"
operation: ALL
resource: "org.hyperledger.composer.system.**"
action: ALLOW
}
rule NetworkAdminUser {
description: "Grant business network administrators full access to user resources"
participant: "org.hyperledger.composer.system.NetworkAdmin"
operation: ALL
resource: "**"
action: ALLOW
}
rule NetworkAdminSystem {
description: "Grant business network administrators full access to system resources"
participant: "org.hyperledger.composer.system.NetworkAdmin"
operation: ALL
resource: "org.hyperledger.composer.system.**"
action: ALLOW
}queries.qry
query selectMembers {
description: "Select all members"
statement:
SELECT org.acme.pii.Member
}回答 1
Stack Overflow用户
回答已采纳
发布于 2018-04-30 23:01:01
好吧,我想出来了。在acl文件中,我只需要修改
rule ForeignRecordConditionalAccess {
description: "Allow participants access to other people's records if granted"
participant(p): "org.acme.pii.Doctor"
operation: ALL
resource(r): "org.acme.pii.Member"
condition: (r.authorized && r.authorized.indexOf(p.getIdentifier()) > -1)
action: ALLOW
}页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/50109177
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号