Hyperledger作曲者访问控制，允许在事务中创建 [英] Hyperledger composer Access Control, allow create in transaction

问题描述

这是我要实现的:

我想允许用户(参与者的类型)创建资产，但只能在交易中进行，而在此交易之外，我想拒绝所有用户创建资产的权利.

I want to allow user(kind of participant) to create an asset, but do it only in transaction, whereas outside of this transaction I want deny all user rights to create assets.

我尝试使用功能使用规则.acl文件中的条件来解决该问题:

I tried to solve it using condition in rule .acl file using function:

rule UserCanCreateAssetOnlyInTransaction {
    description: "Deny all participants create access to all userWallets if not in transaction"
    participant(p): "com.example.User"
    operation: CREATE
    resource(r): "com.example.UserAsset"
    condition:(isInTransactionF())
    action: ALLOW 
}

然后在事务中，将变量创建为var isInTransaction = true;，并在logic.js文件中添加:

Then in transaction I create variable as var isInTransaction = true;, and in logic.js file I added:

/**
@returns {boolean} boolean true/false
*/
function isInTransactionF(){
    if(isInTransaction){
      return true; 
    }else{
      return false;
    }   
}

这是行不通的，当我调用创建访问权限应该起作用的唯一事务时，它表示用户没有创建权限来提交此事务. 我想我做错了什么，有什么办法可以解决这个问题?

It doesn't work, when I call the only transaction in which create access should work, it says that the user do not have create access to submit this transaction. I guess I'm doing something wrong, is there any way to solve this problem?

推荐答案

实现您想要的功能-您会说:

to achieve what you want in your function - you would say :

/**
@returns {boolean} boolean true/false
*/
function isInTransactionF() {
    var isInTransaction = true ;  // Boolean
    if(isInTransaction) {
    // if( Boolean(isInTransaction)) { // alternative
      return true; 
    } else{
      return false;
    }   
}

您当前的ACL将起作用.

Your current ACL would then work.

我可以调用console.log查看返回的结果

I can call console.log to see the returned result

console.log("The return result is " + isInTransactionF() );`  // true

要限制参与者仅通过某个交易类创建资产-规则应类似于(即，只能通过此类创建资产-隐含地，假设没有其他资产创建"规则，则应在其他地方拒绝该资产) ):

To restrict a participant to create an asset ONLY through a certain transaction class - the rule would look something like (ie the asset can only be created through this class - implicitly it should be denied elsewhere assuming there are no other Asset Create rules):

rule CreateAssetThruTxn {
    description: "sample""
    participant(p): "com.example.User"
    operation: CREATE
    resource(r): "com.example.UserAsset"
    transaction(tx): "com.example.AssetCreate"
    condition:(true)
    action: ALLOW 
}

如果您的ACL失败，那么您需要查看其他哪些ACL规则可能允许通过其他方式创建此资产，但我提供的规则将是控制该资产的常用方法(根据您提供的信息问题)

If your ACL is failing, then you need to see what other ACL rules could be ALLOWING the creation of this asset through another means but the rule I provided would be the usual means to control that (based on the info you provided in the question)

这篇关于Hyperledger作曲者访问控制，允许在事务中创建的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！