hyperledger composer之权限控制

最新推荐文章于 2022-12-16 13:45:23 发布

卡布达HH

最新推荐文章于 2022-12-16 13:45:23 发布

阅读量278

点赞数

分类专栏：学习笔记

本文链接：https://blog.csdn.net/hehui0316/article/details/105293150

版权

学习笔记专栏收录该内容

76 篇文章 3 订阅

订阅专栏

participant(参与者)NetworkControl拥有使用网络命令的所有操作的权限

rule NetworkControlPermission {
  description:  "NetworkControl can access network commands"
  participant: "org.example.basic.NetworkControl"
  operation: ALL
  resource: "org.hyperledger.composer.system.Network"
  action: ALLOW
}

所有的participant(参与者)拥有使用网络命令的所有操作的权限

rule AllAccess {
  description: "AllAccess - grant everything to everybody"
  participant: "org.hyperledger.composer.system.Participant"
  operation: ALL
  resource: "org.hyperledger.composer.system.**"
  action: ALLOW
}

participant(参与者)SampleParticipant拥有对asset(资产)SampleAsset使用网络命令的所有操作的权限

rule SimpleRule {
    description: "Description of the ACL rule"
    participant: "org.example.SampleParticipant"
    operation: ALL
    resource: "org.example.SampleAsset"
    action: ALLOW
}

如果participant(参与者)是asset(资产)的所有者，participant(参与者)SampleParticipant拥有对asset(资产)SampleAsset使用网络命令的所有操作的权限

rule SampleConditionalRule {
    description: "Description of the ACL rule"
    participant(m): "org.example.SampleParticipant"
    operation: ALL
    resource(v): "org.example.SampleAsset"
    condition: (v.owner.getIdentifier() == m.getIdentifier())
    action: ALLOW
}

如果participant(参与者)是asset(资产)的所有者，以及participant(参与者)提交了transaction （交易）org.example.SampleTransaction，participant(参与者)SampleParticipant拥有对asset(资产)SampleAsset使用网络命令的所有操作的权限

rule SampleConditionalRuleWithTransaction {
    description: "Description of the ACL rule"
    participant(m): "org.example.SampleParticipant"
    operation: READ, CREATE, UPDATE
    resource(v): "org.example.SampleAsset"
    transaction(tx): "org.example.SampleTransaction"
    condition: (v.owner.getIdentifier() == m.getIdentifier())
    action: ALLOW
}

//参与者Fred拥有对资产ABC123的删除权限
rule R1 {
    description: "Fred can DELETE the car ABC123"
    participant: "org.example.Driver#Fred"
    operation: DELETE
    resource: "org.example.Car#ABC123"
    action: ALLOW
}

//如果资产Car的所有者是参与者Bill，则参与者Bill拥有对资产Car的更新权限
rule R2 {
    description: "regulator with ID Bill can not update a Car if they own it"
    participant(r): "org.example.Regulator#Bill"
    operation: UPDATE
    resource(c): "org.example.Car"
    condition: (c.owner == r)
    action: DENY
}

//所有的参与者Regulator拥有对资产Car的所有权限
rule R3 {
    description: "regulators can perform all operations on Cars"
    participant: "org.example.Regulator"
    operation: ALL
    resource: "org.example.Car"
    action: ALLOW
}

//任何人可读取org.example namespace资产
rule R4 {
    description: "Everyone can read all resources in the org.example namespace"
    participant: "ANY"
    operation: READ
    resource: "org.example.*"
    action: ALLOW
}

//任何人可读取org.example namespace资产
rule R5 {
    description: "Everyone can read all resources under the org.example namespace"
    participant: "ANY"
    operation: READ
    resource: "org.example.**"
    action: ALLOW
}