Hyperledger-Composer:条件类型 (r.someArray.indexOf(p.getIdentifier()) > -1) 的 ACL 规则不起作用 [英] Hyperledger-Composer: ACL-rules with condition of type (r.someArray.indexOf(p.getIdentifier()) > -1) not working

问题描述

在我的 hyperledger-composer 应用程序中，具有以下类型条件的访问控制规则:

In my hyperledger-composer application, access control rules with a condition of the following type:

(r.someArray.indexOf(p.getIdentifier()) > -1)

不工作.

以下是此类 ACL 规则的示例:

Here is an example of such an ACL-rule:

rule SuperiorsHaveReadAccessToTheirTeamMembers {
    description: "Allow superiors read access to data on their team members"
    participant(p): "org.comp.app.Employee"
    operation: READ
    resource(r): "org.comp.app.Employee"
    condition: (r.superiors.indexOf(p.getIdentifier()) > -1)
    action: ALLOW
}

<小时>

澄清:

participant Employee extends User {
  o String company optional
  --> Employee[] superiors optional
}

<小时>

所以上面的访问控制规则简单地指出，当且仅当员工 B 的数组属性上级"包含员工 A(即，如果员工 A 是员工 B 的上级)，员工 A 对员工 B 具有读取权限.

---

So the access control rule above simply states that Employee A has READ Access to Employee B if and only if Employee B's array-attribute "superiors" contains Employee A (i.e. if Employee A is the superior of Employee B).

然而，它不起作用.员工 A 没有员工 B 的 READ 访问权限.所有其他此类访问控制规则也不起作用.

However, it doesn't work. Employee A does not have READ access to Employee B. All the other access control rules of this kind do not work either.

这是 hyperledger-composer 中的错误吗?

Is this a bug in hyperledger-composer?

推荐答案

不，这不是错误.再次，因为您正在处理一组资源对象，正如您对它建模的那样.indexOf 作用于字符串对象.它适用于我如下:

no, its not a bug. Its, again, because you're working with an array of resource objects, as you've modeled it. indexOf works on the string Object. It works for me as follows:

rule SuperiorsHaveReadAccessToTheirTeamMembers {
    description: "Allow superiors read access to data on their team members"
    participant(p): "org.comp.app.Employee"
    operation: READ
    resource(r): "org.comp.app.Employee"
    condition: (r.authorized &&    r.authorized.toString().indexOf(p.getIdentifier()) > -1)
    action: ALLOW

}

另外，记住 indexOf 是如何工作的:它会在第一场比赛中通过".最好有一个 authorized 字段，并将缩短的(字符串)id 存储在(比如说)一个字段中，例如.String[] 授权可选 - 在这种情况下，您的原始规则将第一次生效.

Also, remember how indexOf works: it will 'pass' on the first match. It may be better to have an authorized field, and store shortened (string) ids in (say) a field eg. String[] authorized optional - and in this case your original rule would then work first time.

这篇关于Hyperledger-Composer:条件类型 (r.someArray.indexOf(p.getIdentifier()) > -1) 的 ACL 规则不起作用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！