在ACL条件下包括功能 [英] Includes function in ACL condition

问题描述

我有一个称为MedicalFile的资产，其中包含对组织的引用.参加者HealthCareProfessional也属于一个组织.

I have an asset called MedicalFile which contains a reference to an organization. The participant HealthCareProfessional also belongs to an organization.

现在，我想定义一个ACL规则，该规则限制医疗保健专业人员仅查看MedicalFile与其组织有关的医疗文件.

Now I'd like to define an ACL rule which limits the health care professional to only view medical files which MedicalFile's are connected to his organisation.

我想出了以下规则:

rule OrganisationMedicalFilePermission {
    description: "An organisation may updates a medical file which they have permission from"
    participant(h): "nl.epd.blockchain.HealthCareProfessional"
    operation: ALL
    resource(m): "nl.epd.blockchain.MedicalFile"
    condition: (m.organisations.includes(h.organisation))
    action: ALLOW

}

一旦我使用Loopback调用RESTful API，这将导致一个空数组.我已通过医疗保健专业认证.

This results in an empty array once I invoke the RESTful API with Loopback. I'm authenticated as a health care professional.

资产&参加者:

asset Organisation identified by id {
      o String id
      o String name
      o String city
      o String zipCode
      o String street
      o String houseNumber
      o String houseNumberExtra optional
      o OrganisationType organisationType
}

asset MedicalFile identified by bsn {
  o String                 bsn
  --> Patient              owner
  --> Patient[]            mentors optional
  --> Organisation[]       organisations optional
  o Visit[]                visits optional
  o String[]               allergies optional
  o Treatment[]            treatments optional
  o Medicine[]             medicine optional
}

participant HealthCareProfessional identified by bsn {
  o String bsn
  o String firstName
  o String namePrefix optional
  o String lastName
  --> Organisation organisation
}

我的问题是是否有可能创建一个验证此问题的条件.如果没有，我有什么选择?

My question is if it's possible to create a condition which validates this problem. If not, what are my options?

推荐答案

这是一个很好的问题；下面有一个更新的ACL，我已经使用在线游乐场进行了测试.

It's a good question; there's an updated ACL below that I've tested using the online playground.

这是更新的规则:

rule LimitAccess {
   description: "An organisation may updates a medical file which they have permission from"
   participant(h): "nl.epd.blockchain.HealthCareProfessional"
   operation: ALL
   resource(m): "nl.epd.blockchain.MedicalFile"
   condition: (
     m.organisations.some(function (organisation) {
        return organisation.getIdentifier() === h.organisation.getIdentifier();  
        } )
   )
   action: ALLOW
}

some函数在这里是扫描关系数组的关键.还请注意，还应使用getIdentifier()函数，而不要尝试直接访问该标识符.

The some function is the critical piece here to scan the array of relationships. Also note the use of the getIdentifier() function as well rather than trying to access the identifier directly.

这篇关于在ACL条件下包括功能的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！