hyperledger composer-检测到循环API

时间:2018-07-18 12:19:46

标签: hyperledger-composer

我正在尝试在composer上以多用户模式实现权限,为此,我的ACL文件如下所示:

rule R1 {
  description: "..."
  participant(p): "org.example.SampleParticipantOne"
  operation: ALL
  resource(d): "org.example.SampleParticipantThree"         // resource is of participant type
  condition: (p.sampleRelation.getIdentifier() === d.sampleRelation.getIdentifier())
  action: ALLOW
}

rule R2 {
  description: "..."
  participant(p): "org.example.SampleParticipantOne"
  operation: ALL
  resource(d): "org.example.SampleParticipantThree"
  condition: (!(p.sampleRelation.getIdentifier() === d.sampleRelation.getIdentifier()))
  action: DENY
}

rule SystemACL {
  description:  "System ACL to permit all access"
  participant: "org.hyperledger.composer.system.Participant"
  operation: ALL
  resource: "org.hyperledger.composer.system.**"
  action: ALLOW
}

rule NetworkAdminUser {
  description: "Grant business network administrators full access to user resources"
  participant: "org.hyperledger.composer.system.NetworkAdmin"
  operation: ALL
  resource: "**"
  action: ALLOW
}

rule NetworkAdminSystem {
  description: "Grant business network administrators full access to system resources"
  participant: "org.hyperledger.composer.system.NetworkAdmin"
  operation: ALL
  resource: "org.hyperledger.composer.system.**"
  action: ALLOW
}

rule AllowAll {
  description: "..."
  participant: "org.example.**"
  operation: ALL
  resource: "org.example.**"
  action: ALLOW
}

和基础模型如下:

namespace org.example

participant SampleParticipantOne identified by id {
  o String id
  --> SampleParticipantTwo sampleRelation
  o string someMoreFields
}

participant SampleParticipantTwo identified by id {
  o String id
  o string someMoreFields
}

participant SampleParticipantThree identified by id {
  o String id
  --> SampleParticipantTwo sampleRelation
  o string someMoreFields
}

但是当我尝试携带SampleParticipantOne卡时尝试获取SampleParticipantThree时,它将返回空数组,并且对等方的docker日志显示类似以下错误:

ERROR :AccessController :checkRule() Error: Cyclic ACL Rule detected, rule condition is invoking the same rule

有人可以帮我吗?

1 个答案:

答案 0 :(得分:0)

您应该删除规则R2,因为当permissions.acl文件中有规则时,所有内容都会被阻止,那么您将获得权限,因此您已经允许参与者SimpleParticipantOne访问{{1} }资源。

我还删除了SampleParticipantThree规则。这也与SystemACL冲突。

尝试一下:

NetworkAdminSystem
相关问题
最新问题