Пример сети PII, хотите авторизовать другого участника

Question

, поэтому я использую пример сети pii. Первоначально в сети есть только один участник, который является участником, и этот член разрешает или аннулирует доступ к своей информации другим участникам.

Однако я хочу изменить это и добавить нового участника, скажем «Доктор», и участник может авторизовать или отозвать доступ к участнику «Доктор».

Проблема в том, что, когда я добавил нового участника «Доктор» и хочу его авторизовать, транзакция выполняется не в «Участнике доктора», а в участнике «Участник».

Так, кто-нибудь может мне помочь указать, что я должен изменить? это логика или определение? или что?

pii.cto

namespace org.acme.pii

concept Address {
  o String street
  o String house
  o String city
  o String county
  o String country
  o String zip
}

participant Member identified by email {
  o String email
  o String firstName
  o String lastName
  o DateTime dob optional
  o Address address optional
  o String[] authorized optional
}

participant Doctor identified by email {
  o String email
  o String firstName
  o String lastName
  o DateTime dob optional
  o Address address optional
  o String[] authorized optional
}

abstract transaction MemberTransaction {
  o String memberId
}

abstract transaction DoctorTransaction {
  o String memberId
}

transaction AuthorizeAccess extends MemberTransaction {
}

transaction RevokeAccess extends MemberTransaction {
}

event MemberEvent {
  o MemberTransaction memberTransaction
}

Logic.js

async function authorizeAccess(authorize) {  // eslint-disable-line no-unused-vars

    const me = getCurrentParticipant();
    console.log('**** AUTH: ' + me.getIdentifier() + ' granting access to ' + authorize.memberId );

    if(!me) {
        throw new Error('A participant/certificate mapping does not exist.');
    }

    // if the member is not already authorized, we authorize them
    let index = -1;

    if(!me.authorized) {
        me.authorized = [];
    }
    else {
        index = me.authorized.indexOf(authorize.memberId);
    }

    if(index < 0) {
        me.authorized.push(authorize.memberId);

        // emit an event
        const event = getFactory().newEvent('org.acme.pii', 'MemberEvent');
        event.memberTransaction = authorize;
        emit(event);

        // persist the state of the member
        const memberRegistry = await getParticipantRegistry('org.acme.pii.Member');
        await memberRegistry.update(me);
    }
}

/**
 * A Member revokes access to their record from another Member.
 * @param {org.acme.pii.RevokeAccess} revoke - the RevokeAccess to be processed
 * @transaction
 */
async function revokeAccess(revoke) {  // eslint-disable-line no-unused-vars

    const me = getCurrentParticipant();
    console.log('**** REVOKE: ' + me.getIdentifier() + ' revoking access to ' + revoke.memberId );

    if(!me) {
        throw new Error('A participant/certificate mapping does not exist.');
    }

    // if the member is authorized, we remove them
    const index = me.authorized ? me.authorized.indexOf(revoke.memberId) : -1;

    if(index>-1) {
        me.authorized.splice(index, 1);

        // emit an event
        const event = getFactory().newEvent('org.acme.pii', 'MemberEvent');
        event.memberTransaction = revoke;
        emit(event);

        // persist the state of the member
        const memberRegistry = await getParticipantRegistry('org.acme.pii.Member');
        await memberRegistry.update(me);
    }
}

permissions.acl

rule AuthorizeAccessTransaction {
    description: "Allow all participants to submit AuthorizeAccess transactions"
    participant: "ANY"
    operation: CREATE
    resource: "org.acme.pii.AuthorizeAccess"
    action: ALLOW
}

rule RevokeAccessTransaction {
    description: "Allow all participants to submit RevokeAccess transactions"
    participant: "ANY"
    operation: CREATE
    resource: "org.acme.pii.RevokeAccess"
    action: ALLOW
}

rule OwnRecordFullAccess {
    description: "Allow all participants full access to their own record"
    participant(p): "org.acme.pii.Member"
    operation: ALL
    resource(r): "org.acme.pii.Member"
    condition: (r.getIdentifier() === p.getIdentifier())
    action: ALLOW
}

rule DoctorAccess {
    description: "Allow all participants full access to their own record"
    participant(p): "org.acme.pii.Doctor"
    operation: ALL
    resource(r): "org.acme.pii.Doctor"
    condition: (r.getIdentifier() === p.getIdentifier())
    action: ALLOW
}

rule ForeignRecordConditionalAccess {
    description: "Allow participants access to other people's records if granted"
    participant(p): "org.acme.pii.Member"
    operation: ALL
    resource(r): "org.acme.pii.Member"
    condition: (r.authorized && r.authorized.indexOf(p.getIdentifier()) > -1)
    action: ALLOW
}

rule SystemACL {
    description:  "System ACL to permit all access"
    participant: "org.hyperledger.composer.system.Participant"
    operation: ALL
    resource: "org.hyperledger.composer.system.**"
    action: ALLOW
}

rule NetworkAdminUser {
    description: "Grant business network administrators full access to user resources"
    participant: "org.hyperledger.composer.system.NetworkAdmin"
    operation: ALL
    resource: "**"
    action: ALLOW
}

rule NetworkAdminSystem {
    description: "Grant business network administrators full access to system resources"
    participant: "org.hyperledger.composer.system.NetworkAdmin"
    operation: ALL
    resource: "org.hyperledger.composer.system.**"
    action: ALLOW
}

queries.qry

query selectMembers {
  description: "Select all members"
  statement:
      SELECT org.acme.pii.Member
}

Answer 1

Хорошо, я понял это. В файле acl мне просто нужно было изменить

rule ForeignRecordConditionalAccess {
    description: "Allow participants access to other people's records if granted"
    participant(p): "org.acme.pii.Doctor"
    operation: ALL
    resource(r): "org.acme.pii.Member"
    condition: (r.authorized && r.authorized.indexOf(p.getIdentifier()) > -1)
    action: ALLOW
}