允许参与者查看他们提交的交易
Allow participants to view transactions they submitted
我已经使用 hyperledger composer 建立了一个业务网络。我正在尝试设置权限,以便参与者只能查看他们提交的交易。
尝试通过向 composer REST API 发送 GET 请求或使用客户端 API 访问交易(称为 TradeInstrument),当以管理员身份调用时可以正常工作。这是可以理解的,因为我已允许管理员访问所有资源。但是,当我作为参与者发出请求时,返回一个空数组。为我想要实现的目标设置权限的正确方法是什么?
这是我的模型和权限文件:
model.cto
namespace org.example.cashbalance
participant Portfolio identified by portfolioNumber {
o String portfolioNumber
o String portfolioName
}
transaction TradeInstrument {
--> Portfolio participant
o Double settlementAmountBase
}
permissions.acl
rule ParticipantCanSeeOwnTransactions {
description: "Allow participants to view transactions they have submitted"
participant(t): "org.example.cashbalance.Portfolio"
operation: ALL
resource(v): "org.example.cashbalance.TradeInstrument"
condition: (v.participantInvoking.getIdentifier() == t.getIdentifier())
action: ALLOW
}
rule NetworkAdminUser {
description: "Grant business network administrators full access to user resources"
participant: "org.hyperledger.composer.system.NetworkAdmin"
operation: ALL
resource: "**"
action: ALLOW
}
rule NetworkAdminSystem {
description: "Grant business network administrators full access to system resources"
participant: "org.hyperledger.composer.system.NetworkAdmin"
operation: ALL
resource: "org.hyperledger.composer.system.**"
action: ALLOW
}
rule SystemACL {
description: "System ACL to permit all access"
participant: "ANY"
operation: ALL
resource: "org.hyperledger.composer.system.**"
action: ALLOW
}
你说的是历史交易(已经提交),所以你需要限制那个注册表,例如。
rule PortfolioParticipantSeesOwnHistoryOnly {
description: "See history of their own transactions only"
participant(t): "org.example.cashbalance.Portfolio"
operation: READ
resource(v): "org.hyperledger.composer.system.HistorianRecord"
condition: (v.participantInvoking.getIdentifier() != t.getIdentifier())
action: DENY
}
我认为下面的规则不会有任何作用(participantInvoking 是 'HistorianRecord' 的一个属性)
rule ParticipantCanSeeOwnTransactions {
description: "Allow participants to view transactions they have submitted"
participant(t): "org.example.cashbalance.Portfolio"
operation: ALL
resource(v): "org.example.cashbalance.TradeInstrument"
condition: (v.participantInvoking.getIdentifier() == t.getIdentifier())
action: ALLOW
}
我已经使用 hyperledger composer 建立了一个业务网络。我正在尝试设置权限,以便参与者只能查看他们提交的交易。
尝试通过向 composer REST API 发送 GET 请求或使用客户端 API 访问交易(称为 TradeInstrument),当以管理员身份调用时可以正常工作。这是可以理解的,因为我已允许管理员访问所有资源。但是,当我作为参与者发出请求时,返回一个空数组。为我想要实现的目标设置权限的正确方法是什么?
这是我的模型和权限文件:
model.cto
namespace org.example.cashbalance
participant Portfolio identified by portfolioNumber {
o String portfolioNumber
o String portfolioName
}
transaction TradeInstrument {
--> Portfolio participant
o Double settlementAmountBase
}
permissions.acl
rule ParticipantCanSeeOwnTransactions {
description: "Allow participants to view transactions they have submitted"
participant(t): "org.example.cashbalance.Portfolio"
operation: ALL
resource(v): "org.example.cashbalance.TradeInstrument"
condition: (v.participantInvoking.getIdentifier() == t.getIdentifier())
action: ALLOW
}
rule NetworkAdminUser {
description: "Grant business network administrators full access to user resources"
participant: "org.hyperledger.composer.system.NetworkAdmin"
operation: ALL
resource: "**"
action: ALLOW
}
rule NetworkAdminSystem {
description: "Grant business network administrators full access to system resources"
participant: "org.hyperledger.composer.system.NetworkAdmin"
operation: ALL
resource: "org.hyperledger.composer.system.**"
action: ALLOW
}
rule SystemACL {
description: "System ACL to permit all access"
participant: "ANY"
operation: ALL
resource: "org.hyperledger.composer.system.**"
action: ALLOW
}
你说的是历史交易(已经提交),所以你需要限制那个注册表,例如。
rule PortfolioParticipantSeesOwnHistoryOnly {
description: "See history of their own transactions only"
participant(t): "org.example.cashbalance.Portfolio"
operation: READ
resource(v): "org.hyperledger.composer.system.HistorianRecord"
condition: (v.participantInvoking.getIdentifier() != t.getIdentifier())
action: DENY
}
我认为下面的规则不会有任何作用(participantInvoking 是 'HistorianRecord' 的一个属性)
rule ParticipantCanSeeOwnTransactions {
description: "Allow participants to view transactions they have submitted"
participant(t): "org.example.cashbalance.Portfolio"
operation: ALL
resource(v): "org.example.cashbalance.TradeInstrument"
condition: (v.participantInvoking.getIdentifier() == t.getIdentifier())
action: ALLOW
}