给CA增加权限属性,链码内部获取后进行权限识别
sdk部分代码:
FabricUser user = getUser(orgName, userName);
RegistrationRequest request = new RegistrationRequest(userName, orgName.toLowerCase() + AFFILIATION);
request.setSecret(pwd);
//开始设置值
request.addAttribute(new Attribute("org","org1"));
request.addAttribute(new Attribute("peer","peer0.org1.example.com"));
request.addAttribute(new Attribute("user", "fang"));
request.addAttribute(new Attribute("dept", "test"));
EnrollmentRequest req = new EnrollmentRequest();
req.addAttrReq(); // empty ensure no attributes.
user.setEnrollmentSecret(ca.register(request, admin));
if (!user.getEnrollmentSecret().equals(pwd)) {
throw new RuntimeException("设置密码异常,您设置的密码与系统返回的密码不一致:yourPwd:" + pwd + ", system:" + user.getEnrollmentSecret());
}
user.setEnrollment(ca.enroll(userName, pwd, req));
//测试
user.setMspId(orgName + "MSP");
client.setUserContext(user);
链码内部获取代码:
logger.Info("begin to read userInfo")
sinfo, err := cid.New(stub)
if err != nil {
logger.Error(fmt.Sprintf("get submitter of the transaction: %s", sinfo))
return shim.Error(err.Error())
}
id, _ := sinfo.GetID()
logger.Info(fmt.Sprintf("get clientIdentityId: %s", id))
mspId, _ := sinfo.GetMSPID()
logger.Info(fmt.Sprintf("get clientIdentityMSPId: %s", mspId))
//读取dept的相关值
dv, df, err := sinfo.GetAttributeValue("dept")
if err != nil {
logger.Error(fmt.Sprintf("get deptAttrVal err: %s", err.Error()))
} else {
if df {
logger.Info(fmt.Sprintf("get deptAttrVal: %s", dv))
} else {
logger.Debug(fmt.Sprintf("not found deptAttrbute"))
}
}
//读取org
ov, of, err := sinfo.GetAttributeValue("org")
if err != nil {
logger.Error(fmt.Sprintf("get orgAttrVal err: %s", err.Error()))
} else {
if of {
logger.Info(fmt.Sprintf("got orgAttrVal: %s", ov))
} else {
logger.Debug(fmt.Sprintf("not found orgAttrbute"))
}
}
//读取peer
pv, pf, err := sinfo.GetAttributeValue("peer")
if err != nil {
logger.Error(fmt.Sprintf("get peerAttrVal err: %s", err.Error()))
} else {
if pf {
logger.Info(fmt.Sprintf("got peerAttrVal: %s", pv))
} else {
logger.Debug(fmt.Sprintf("not found peerAttrbute"))
}
}
//读取user
uv, uf, err := sinfo.GetAttributeValue("user")
if err != nil {
logger.Error(fmt.Sprintf("get userAttrVal err: %s", err.Error()))
} else {
if uf {
logger.Info(fmt.Sprintf("got userAttrVal: %s", uv))
} else {
logger.Debug(fmt.Sprintf("not found userAttrbute"))
}
}
调用结果:
获取这些信息后,就可以根据自定义的字段属性值进行权限判定。