Hyperledger-Composer:条件类型为(r.someArray.indexOf(p.getIdentifier())> -1)的ACL规则不起作用 [英] Hyperledger-Composer: ACL-rules with condition of type (r.someArray.indexOf(p.getIdentifier()) > -1) not working
问题描述
在我的hyperledger-composer应用程序中,条件为以下类型的访问控制规则:
In my hyperledger-composer application, access control rules with a condition of the following type:
(r.someArray.indexOf(p.getIdentifier()) > -1)
不起作用。
以下是此类ACL规则的示例:
Here is an example of such an ACL-rule:
rule SuperiorsHaveReadAccessToTheirTeamMembers {
description: "Allow superiors read access to data on their team members"
participant(p): "org.comp.app.Employee"
operation: READ
resource(r): "org.comp.app.Employee"
condition: (r.superiors.indexOf(p.getIdentifier()) > -1)
action: ALLOW
}
为了澄清:
for clarification:
participant Employee extends User {
o String company optional
--> Employee[] superiors optional
}
因此,上面的访问控制规则仅声明,当且仅当雇员B的数组属性上级包含雇员A(即,如果雇员A是雇员B的上级)时,雇员A才对雇员B具有读取访问权限。
So the access control rule above simply states that Employee A has READ Access to Employee B if and only if Employee B's array-attribute "superiors" contains Employee A (i.e. if Employee A is the superior of Employee B).
但是,它不起作用。员工A对员工B没有读取权限。所有其他此类访问控制规则也不起作用。
However, it doesn't work. Employee A does not have READ access to Employee B. All the other access control rules of this kind do not work either.
这是hyperledger-composer中的错误吗?
Is this a bug in hyperledger-composer?
推荐答案
不,这不是错误。同样,这是因为您正在使用建模的资源对象数组。 indexOf
对字符串Object起作用。它对我的作用如下:
no, its not a bug. Its, again, because you're working with an array of resource objects, as you've modeled it. indexOf
works on the string Object. It works for me as follows:
rule SuperiorsHaveReadAccessToTheirTeamMembers {
description: "Allow superiors read access to data on their team members"
participant(p): "org.comp.app.Employee"
operation: READ
resource(r): "org.comp.app.Employee"
condition: (r.authorized && r.authorized.toString().indexOf(p.getIdentifier()) > -1)
action: ALLOW
}
另外,请记住 indexOf
可行:它将在第一场比赛中通过。最好有一个 authorized
字段,并将缩短的(字符串)ID存储在(例如)一个字段中。 String []授权为可选-在这种情况下,您的原始规则将在第一时间生效。
Also, remember how indexOf
works: it will 'pass' on the first match. It may be better to have an authorized
field, and store shortened (string) ids in (say) a field eg. String[] authorized optional
- and in this case your original rule would then work first time.
这篇关于Hyperledger-Composer:条件类型为(r.someArray.indexOf(p.getIdentifier())> -1)的ACL规则不起作用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!