PII网络样本,想授权另一个参与者
PII network sample, want to authorize another participant
所以我正在使用 pii 样本网络。并且最初,该网络只有一个参与者,即会员,该会员授权或撤销其信息对其他会员的访问。
但是,我想更改它并添加一个新的参与者,比如 'Doctor',并且该成员可以授权或撤销对 Doctor 参与者的访问权限。
问题是,当我添加一个新的Doctor参与者并想要授权时,交易没有在Doctor Participant中搜索,而是在Member参与者中搜索。
所以,谁能帮我指出我应该更改什么?是逻辑还是定义?或者什么?
pii.cto
namespace org.acme.pii
concept Address {
o String street
o String house
o String city
o String county
o String country
o String zip
}
participant Member identified by email {
o String email
o String firstName
o String lastName
o DateTime dob optional
o Address address optional
o String[] authorized optional
}
participant Doctor identified by email {
o String email
o String firstName
o String lastName
o DateTime dob optional
o Address address optional
o String[] authorized optional
}
abstract transaction MemberTransaction {
o String memberId
}
abstract transaction DoctorTransaction {
o String memberId
}
transaction AuthorizeAccess extends MemberTransaction {
}
transaction RevokeAccess extends MemberTransaction {
}
event MemberEvent {
o MemberTransaction memberTransaction
}
Logic.js
async function authorizeAccess(authorize) { // eslint-disable-line no-unused-vars
const me = getCurrentParticipant();
console.log('**** AUTH: ' + me.getIdentifier() + ' granting access to ' + authorize.memberId );
if(!me) {
throw new Error('A participant/certificate mapping does not exist.');
}
// if the member is not already authorized, we authorize them
let index = -1;
if(!me.authorized) {
me.authorized = [];
}
else {
index = me.authorized.indexOf(authorize.memberId);
}
if(index < 0) {
me.authorized.push(authorize.memberId);
// emit an event
const event = getFactory().newEvent('org.acme.pii', 'MemberEvent');
event.memberTransaction = authorize;
emit(event);
// persist the state of the member
const memberRegistry = await getParticipantRegistry('org.acme.pii.Member');
await memberRegistry.update(me);
}
}
/**
* A Member revokes access to their record from another Member.
* @param {org.acme.pii.RevokeAccess} revoke - the RevokeAccess to be processed
* @transaction
*/
async function revokeAccess(revoke) { // eslint-disable-line no-unused-vars
const me = getCurrentParticipant();
console.log('**** REVOKE: ' + me.getIdentifier() + ' revoking access to ' + revoke.memberId );
if(!me) {
throw new Error('A participant/certificate mapping does not exist.');
}
// if the member is authorized, we remove them
const index = me.authorized ? me.authorized.indexOf(revoke.memberId) : -1;
if(index>-1) {
me.authorized.splice(index, 1);
// emit an event
const event = getFactory().newEvent('org.acme.pii', 'MemberEvent');
event.memberTransaction = revoke;
emit(event);
// persist the state of the member
const memberRegistry = await getParticipantRegistry('org.acme.pii.Member');
await memberRegistry.update(me);
}
}
permissions.acl
rule AuthorizeAccessTransaction {
description: "Allow all participants to submit AuthorizeAccess transactions"
participant: "ANY"
operation: CREATE
resource: "org.acme.pii.AuthorizeAccess"
action: ALLOW
}
rule RevokeAccessTransaction {
description: "Allow all participants to submit RevokeAccess transactions"
participant: "ANY"
operation: CREATE
resource: "org.acme.pii.RevokeAccess"
action: ALLOW
}
rule OwnRecordFullAccess {
description: "Allow all participants full access to their own record"
participant(p): "org.acme.pii.Member"
operation: ALL
resource(r): "org.acme.pii.Member"
condition: (r.getIdentifier() === p.getIdentifier())
action: ALLOW
}
rule DoctorAccess {
description: "Allow all participants full access to their own record"
participant(p): "org.acme.pii.Doctor"
operation: ALL
resource(r): "org.acme.pii.Doctor"
condition: (r.getIdentifier() === p.getIdentifier())
action: ALLOW
}
rule ForeignRecordConditionalAccess {
description: "Allow participants access to other people's records if granted"
participant(p): "org.acme.pii.Member"
operation: ALL
resource(r): "org.acme.pii.Member"
condition: (r.authorized && r.authorized.indexOf(p.getIdentifier()) > -1)
action: ALLOW
}
rule SystemACL {
description: "System ACL to permit all access"
participant: "org.hyperledger.composer.system.Participant"
operation: ALL
resource: "org.hyperledger.composer.system.**"
action: ALLOW
}
rule NetworkAdminUser {
description: "Grant business network administrators full access to user resources"
participant: "org.hyperledger.composer.system.NetworkAdmin"
operation: ALL
resource: "**"
action: ALLOW
}
rule NetworkAdminSystem {
description: "Grant business network administrators full access to system resources"
participant: "org.hyperledger.composer.system.NetworkAdmin"
operation: ALL
resource: "org.hyperledger.composer.system.**"
action: ALLOW
}
queries.qry
query selectMembers {
description: "Select all members"
statement:
SELECT org.acme.pii.Member
}
好的,我明白了。
在 acl 文件中,我只需要它来更改
rule ForeignRecordConditionalAccess {
description: "Allow participants access to other people's records if granted"
participant(p): "org.acme.pii.Doctor"
operation: ALL
resource(r): "org.acme.pii.Member"
condition: (r.authorized && r.authorized.indexOf(p.getIdentifier()) > -1)
action: ALLOW
}
所以我正在使用 pii 样本网络。并且最初,该网络只有一个参与者,即会员,该会员授权或撤销其信息对其他会员的访问。
但是,我想更改它并添加一个新的参与者,比如 'Doctor',并且该成员可以授权或撤销对 Doctor 参与者的访问权限。
问题是,当我添加一个新的Doctor参与者并想要授权时,交易没有在Doctor Participant中搜索,而是在Member参与者中搜索。
所以,谁能帮我指出我应该更改什么?是逻辑还是定义?或者什么?
pii.cto
namespace org.acme.pii
concept Address {
o String street
o String house
o String city
o String county
o String country
o String zip
}
participant Member identified by email {
o String email
o String firstName
o String lastName
o DateTime dob optional
o Address address optional
o String[] authorized optional
}
participant Doctor identified by email {
o String email
o String firstName
o String lastName
o DateTime dob optional
o Address address optional
o String[] authorized optional
}
abstract transaction MemberTransaction {
o String memberId
}
abstract transaction DoctorTransaction {
o String memberId
}
transaction AuthorizeAccess extends MemberTransaction {
}
transaction RevokeAccess extends MemberTransaction {
}
event MemberEvent {
o MemberTransaction memberTransaction
}
Logic.js
async function authorizeAccess(authorize) { // eslint-disable-line no-unused-vars
const me = getCurrentParticipant();
console.log('**** AUTH: ' + me.getIdentifier() + ' granting access to ' + authorize.memberId );
if(!me) {
throw new Error('A participant/certificate mapping does not exist.');
}
// if the member is not already authorized, we authorize them
let index = -1;
if(!me.authorized) {
me.authorized = [];
}
else {
index = me.authorized.indexOf(authorize.memberId);
}
if(index < 0) {
me.authorized.push(authorize.memberId);
// emit an event
const event = getFactory().newEvent('org.acme.pii', 'MemberEvent');
event.memberTransaction = authorize;
emit(event);
// persist the state of the member
const memberRegistry = await getParticipantRegistry('org.acme.pii.Member');
await memberRegistry.update(me);
}
}
/**
* A Member revokes access to their record from another Member.
* @param {org.acme.pii.RevokeAccess} revoke - the RevokeAccess to be processed
* @transaction
*/
async function revokeAccess(revoke) { // eslint-disable-line no-unused-vars
const me = getCurrentParticipant();
console.log('**** REVOKE: ' + me.getIdentifier() + ' revoking access to ' + revoke.memberId );
if(!me) {
throw new Error('A participant/certificate mapping does not exist.');
}
// if the member is authorized, we remove them
const index = me.authorized ? me.authorized.indexOf(revoke.memberId) : -1;
if(index>-1) {
me.authorized.splice(index, 1);
// emit an event
const event = getFactory().newEvent('org.acme.pii', 'MemberEvent');
event.memberTransaction = revoke;
emit(event);
// persist the state of the member
const memberRegistry = await getParticipantRegistry('org.acme.pii.Member');
await memberRegistry.update(me);
}
}
permissions.acl
rule AuthorizeAccessTransaction {
description: "Allow all participants to submit AuthorizeAccess transactions"
participant: "ANY"
operation: CREATE
resource: "org.acme.pii.AuthorizeAccess"
action: ALLOW
}
rule RevokeAccessTransaction {
description: "Allow all participants to submit RevokeAccess transactions"
participant: "ANY"
operation: CREATE
resource: "org.acme.pii.RevokeAccess"
action: ALLOW
}
rule OwnRecordFullAccess {
description: "Allow all participants full access to their own record"
participant(p): "org.acme.pii.Member"
operation: ALL
resource(r): "org.acme.pii.Member"
condition: (r.getIdentifier() === p.getIdentifier())
action: ALLOW
}
rule DoctorAccess {
description: "Allow all participants full access to their own record"
participant(p): "org.acme.pii.Doctor"
operation: ALL
resource(r): "org.acme.pii.Doctor"
condition: (r.getIdentifier() === p.getIdentifier())
action: ALLOW
}
rule ForeignRecordConditionalAccess {
description: "Allow participants access to other people's records if granted"
participant(p): "org.acme.pii.Member"
operation: ALL
resource(r): "org.acme.pii.Member"
condition: (r.authorized && r.authorized.indexOf(p.getIdentifier()) > -1)
action: ALLOW
}
rule SystemACL {
description: "System ACL to permit all access"
participant: "org.hyperledger.composer.system.Participant"
operation: ALL
resource: "org.hyperledger.composer.system.**"
action: ALLOW
}
rule NetworkAdminUser {
description: "Grant business network administrators full access to user resources"
participant: "org.hyperledger.composer.system.NetworkAdmin"
operation: ALL
resource: "**"
action: ALLOW
}
rule NetworkAdminSystem {
description: "Grant business network administrators full access to system resources"
participant: "org.hyperledger.composer.system.NetworkAdmin"
operation: ALL
resource: "org.hyperledger.composer.system.**"
action: ALLOW
}
queries.qry
query selectMembers {
description: "Select all members"
statement:
SELECT org.acme.pii.Member
}
好的,我明白了。 在 acl 文件中,我只需要它来更改
rule ForeignRecordConditionalAccess {
description: "Allow participants access to other people's records if granted"
participant(p): "org.acme.pii.Doctor"
operation: ALL
resource(r): "org.acme.pii.Member"
condition: (r.authorized && r.authorized.indexOf(p.getIdentifier()) > -1)
action: ALLOW
}