Hyperledger-Composer：条件类型为（r.someArray.indexOf（p.getIdentifier（））> -1）的ACL规则不起作用 [英] Hyperledger-Composer: ACL-rules with condition of type (r.someArray.indexOf(p.getIdentifier()) > -1) not working

问题描述

在我的hyperledger-composer应用程序中，条件为以下类型的访问控制规则：

In my hyperledger-composer application, access control rules with a condition of the following type:

(r.someArray.indexOf(p.getIdentifier()) > -1)

不起作用。

以下是此类ACL规则的示例：

Here is an example of such an ACL-rule:

rule SuperiorsHaveReadAccessToTheirTeamMembers {
    description: "Allow superiors read access to data on their team members"
    participant(p): "org.comp.app.Employee"
    operation: READ
    resource(r): "org.comp.app.Employee"
    condition: (r.superiors.indexOf(p.getIdentifier()) > -1)
    action: ALLOW
}

---

为了澄清：

---

for clarification:

participant Employee extends User {
  o String company optional
  --> Employee[] superiors optional
}

---

因此，上面的访问控制规则仅声明，当且仅当雇员B的数组属性上级包含雇员A（即，如果雇员A是雇员B的上级）时，雇员A才对雇员B具有读取访问权限。

---

So the access control rule above simply states that Employee A has READ Access to Employee B if and only if Employee B's array-attribute "superiors" contains Employee A (i.e. if Employee A is the superior of Employee B).

但是，它不起作用。员工A对员工B没有读取权限。所有其他此类访问控制规则也不起作用。

However, it doesn't work. Employee A does not have READ access to Employee B. All the other access control rules of this kind do not work either.

这是hyperledger-composer中的错误吗？

Is this a bug in hyperledger-composer?

推荐答案

不，这不是错误。同样，这是因为您正在使用建模的资源对象数组。 indexOf 对字符串Object起作用。它对我的作用如下：

no, its not a bug. Its, again, because you're working with an array of resource objects, as you've modeled it. indexOf works on the string Object. It works for me as follows:

rule SuperiorsHaveReadAccessToTheirTeamMembers {
    description: "Allow superiors read access to data on their team members"
    participant(p): "org.comp.app.Employee"
    operation: READ
    resource(r): "org.comp.app.Employee"
    condition: (r.authorized &&    r.authorized.toString().indexOf(p.getIdentifier()) > -1)
    action: ALLOW

}

另外，请记住 indexOf 可行：它将在第一场比赛中通过。最好有一个 authorized 字段，并将缩短的（字符串）ID存储在（例如）一个字段中。 String []授权为可选-在这种情况下，您的原始规则将在第一时间生效。

Also, remember how indexOf works: it will 'pass' on the first match. It may be better to have an authorized field, and store shortened (string) ids in (say) a field eg. String[] authorized optional - and in this case your original rule would then work first time.

这篇关于Hyperledger-Composer：条件类型为（r.someArray.indexOf（p.getIdentifier（））> -1）的ACL规则不起作用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！