Hyperledger Composer v0.19在ACL中隐藏Historian

Question

我想问一下如何在v0.19中隐藏Historian //事务日志？

我从一个例子中尝试过这个 - ＆gt;

    rule hideHistorianAccess{
    description: "Deny access to Historian"
    participant: "org.blockknowhow.com.Users"
    operation: READ
    resource: "org.hyperledger.composer.system.HistorianRecord"
    action: DENY
    }

    rule historianAccess{
    description: "Only allow members to read historian records referencing transactions they submitted."
    participant(p): "org.blockknowhow.com.Users"
    operation: READ
    resource(r): "org.hyperledger.composer.system.HistorianRecord"
    condition: (r.participantInvoking.getIdentifier() == p.getIdentifier())
    action: ALLOW
    }

但这似乎都不起作用，我想隐藏主要添加新参与者，但如果不可能，我想隐藏完整的事务日志。我在参与者字段中有个人详细信息，我不想公开访问。

Answer 1

我认为不需要第一条规则。如果您的ALLOW规则仅适用于严格条件下的特定参与者，则不符合条件的所有其他参与者将获得拒绝的操作。

我发现您找到了ALLOW规则in the docs，这看起来也不错，我不会采用不同的方法。但为了让它运行，请尝试删除第一条规则。如果不能解决问题，我建议您在Github上的composer处创建一个问题。

Answer 2

正如david_k所提到的 - 你需要知道你为什么看到你所做的事情，你需要在权限.acl中关于所有规则的规则（上面）的上下文。

从Rocketchat对话中可以看出，这个问题与规则集中规则的ORDER有关，即更多的一般性问题＆＃39;规则是在特定的＆＃39;之前评估的。在词法规则评估中进行规则，并找到匹配（因此后续的特定规则未被评估，因此您最初看到这些结果的原因）。

一个例子如下所示：

＆＃39;正确的订单＆＃39;

// specifically allow users to see historian records they invoked
rule historianAccess{
  description: "Only allow members to read historian records referencing transactions they submitted."
  participant(p): "org.blockknowhow.com.Users"
  operation: READ
  resource(r): "org.hyperledger.composer.system.HistorianRecord"
  condition: (r.participantInvoking.getIdentifier() == p.getIdentifier())
  action: ALLOW
}

// prevent users from seeing historian records
rule hidehistorianAccess{
  description: "Deny access to Historian"
  participant: "org.blockknowhow.com.Users"
  operation: READ
  resource: "org.hyperledger.composer.system.HistorianRecord"
  action: DENY
}

vs ＆＃39; INCORRECT ORDER＆＃39; ：

rule hidehistorianAccess{
  description: "Deny access to Historian"
  participant: "org.blockknowhow.com.Users"
  operation: READ
  resource: "org.hyperledger.composer.system.HistorianRecord"
  action: DENY
}

rule historianAccess{
  description: "Only allow members to read historian records referencing transactions they submitted."
  participant(p): "org.blockknowhow.com.Users"
  operation: READ
  resource(r): "org.hyperledger.composer.system.HistorianRecord"
  condition: (r.participantInvoking.getIdentifier() == p.getIdentifier())
  action: ALLOW

}