Hyperledger作曲者访问控制,允许在事务中创建 [英] Hyperledger composer Access Control, allow create in transaction
问题描述
这是我要实现的:
我想允许用户(参与者的类型)创建资产,但只能在交易中进行,而在此交易之外,我想拒绝所有用户创建资产的权利.
I want to allow user(kind of participant) to create an asset, but do it only in transaction, whereas outside of this transaction I want deny all user rights to create assets.
我尝试使用功能使用规则.acl文件中的条件来解决该问题:
I tried to solve it using condition in rule .acl file using function:
rule UserCanCreateAssetOnlyInTransaction {
description: "Deny all participants create access to all userWallets if not in transaction"
participant(p): "com.example.User"
operation: CREATE
resource(r): "com.example.UserAsset"
condition:(isInTransactionF())
action: ALLOW
}
然后在事务中,将变量创建为var isInTransaction = true;
,并在logic.js
文件中添加:
Then in transaction I create variable as var isInTransaction = true;
, and in logic.js
file I added:
/**
@returns {boolean} boolean true/false
*/
function isInTransactionF(){
if(isInTransaction){
return true;
}else{
return false;
}
}
这是行不通的,当我调用创建访问权限应该起作用的唯一事务时,它表示用户没有创建权限来提交此事务. 我想我做错了什么,有什么办法可以解决这个问题?
It doesn't work, when I call the only transaction in which create access should work, it says that the user do not have create access to submit this transaction. I guess I'm doing something wrong, is there any way to solve this problem?
推荐答案
实现您想要的功能-您会说:
to achieve what you want in your function - you would say :
/**
@returns {boolean} boolean true/false
*/
function isInTransactionF() {
var isInTransaction = true ; // Boolean
if(isInTransaction) {
// if( Boolean(isInTransaction)) { // alternative
return true;
} else{
return false;
}
}
您当前的ACL将起作用.
Your current ACL would then work.
我可以调用console.log查看返回的结果
I can call console.log to see the returned result
console.log("The return result is " + isInTransactionF() );` // true
要限制参与者仅通过某个交易类创建资产-规则应类似于(即,只能通过此类创建资产-隐含地,假设没有其他资产创建"规则,则应在其他地方拒绝该资产) ):
To restrict a participant to create an asset ONLY through a certain transaction class - the rule would look something like (ie the asset can only be created through this class - implicitly it should be denied elsewhere assuming there are no other Asset Create rules):
rule CreateAssetThruTxn {
description: "sample""
participant(p): "com.example.User"
operation: CREATE
resource(r): "com.example.UserAsset"
transaction(tx): "com.example.AssetCreate"
condition:(true)
action: ALLOW
}
如果您的ACL失败,那么您需要查看其他哪些ACL规则可能允许通过其他方式创建此资产,但我提供的规则将是控制该资产的常用方法(根据您提供的信息问题)
If your ACL is failing, then you need to see what other ACL rules could be ALLOWING the creation of this asset through another means but the rule I provided would be the usual means to control that (based on the info you provided in the question)
这篇关于Hyperledger作曲者访问控制,允许在事务中创建的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!