Hyperledger-Composer:条件类型 (r.someArray.indexOf(p.getIdentifier()) > -1) 的 ACL 规则不起作用 [英] Hyperledger-Composer: ACL-rules with condition of type (r.someArray.indexOf(p.getIdentifier()) > -1) not working
问题描述
在我的 hyperledger-composer 应用程序中,具有以下类型条件的访问控制规则:
In my hyperledger-composer application, access control rules with a condition of the following type:
(r.someArray.indexOf(p.getIdentifier()) > -1)
不工作.
以下是此类 ACL 规则的示例:
Here is an example of such an ACL-rule:
rule SuperiorsHaveReadAccessToTheirTeamMembers {
description: "Allow superiors read access to data on their team members"
participant(p): "org.comp.app.Employee"
operation: READ
resource(r): "org.comp.app.Employee"
condition: (r.superiors.indexOf(p.getIdentifier()) > -1)
action: ALLOW
}
<小时>
澄清:
participant Employee extends User {
o String company optional
--> Employee[] superiors optional
}
<小时>
所以上面的访问控制规则简单地指出,当且仅当员工 B 的数组属性上级"包含员工 A(即,如果员工 A 是员工 B 的上级),员工 A 对员工 B 具有读取权限.
So the access control rule above simply states that Employee A has READ Access to Employee B if and only if Employee B's array-attribute "superiors" contains Employee A (i.e. if Employee A is the superior of Employee B).
然而,它不起作用.员工 A 没有员工 B 的 READ 访问权限.所有其他此类访问控制规则也不起作用.
However, it doesn't work. Employee A does not have READ access to Employee B. All the other access control rules of this kind do not work either.
这是 hyperledger-composer 中的错误吗?
Is this a bug in hyperledger-composer?
推荐答案
不,这不是错误.再次,因为您正在处理一组资源对象,正如您对它建模的那样.indexOf
作用于字符串对象.它适用于我如下:
no, its not a bug. Its, again, because you're working with an array of resource objects, as you've modeled it. indexOf
works on the string Object. It works for me as follows:
rule SuperiorsHaveReadAccessToTheirTeamMembers {
description: "Allow superiors read access to data on their team members"
participant(p): "org.comp.app.Employee"
operation: READ
resource(r): "org.comp.app.Employee"
condition: (r.authorized && r.authorized.toString().indexOf(p.getIdentifier()) > -1)
action: ALLOW
}
另外,记住 indexOf
是如何工作的:它会在第一场比赛中通过".最好有一个 authorized
字段,并将缩短的(字符串)id 存储在(比如说)一个字段中,例如.String[] 授权可选
- 在这种情况下,您的原始规则将第一次生效.
Also, remember how indexOf
works: it will 'pass' on the first match. It may be better to have an authorized
field, and store shortened (string) ids in (say) a field eg. String[] authorized optional
- and in this case your original rule would then work first time.
这篇关于Hyperledger-Composer:条件类型 (r.someArray.indexOf(p.getIdentifier()) > -1) 的 ACL 规则不起作用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!