我正在尝试向参与者颁发新的身份,创建一个composer card并将其导入。
我的base.cto文件是
namespace com.algorythmix.base
participant Department identified by departmentId {
o String departmentId
}
我发布身份的功能
const initIdentities = () => {
return new Promise(async function(resolve, reject) {
try {
const businessNetworkConnection = new BusinessNetworkConnection();
await businessNetworkConnection.connect(adminCardName);
let departmentRegistry = await businessNetworkConnection.getParticipantRegistry(`${BASE_NS}.Department`);
let departmentOne = await departmentRegistry.get('departmentOne');
let deptOne = await businessNetworkConnection.issueIdentity(`${BASE_NS}.Department#${departmentOne.departmentId}`, 'departmentOne');
console.log(`userID = ${deptOne.userID}`);
console.log(`userSecret = ${deptOne.userSecret}`);
let departmentTwo = await departmentRegistry.get('departmentTwo');
let deptTwo = await businessNetworkConnection.issueIdentity(`${BASE_NS}.Department#${departmentTwo.departmentId}`, 'departmentTwo');
console.log(`userID = ${deptTwo.userID}`);
console.log(`userSecret = ${deptTwo.userSecret}`);
const adminConnection = new AdminConnection(); // { cardStore: $SOME_PATH_VARIABLE } to change def2ault card storage path
await adminConnection.connect(adminCardName); // Confirm this
console.log('connected');
const cardOne = new IdCard({
userName: 'departmentOne',
version: 1,
enrollmentSecret: deptOne.userSecret,
businessNetwork: 'chips'
}, connectionProfile);
const cardTwo = new IdCard({
userName: 'departmentTwo',
version: 1,
enrollmentSecret: deptTwo.userSecret,
businessNetwork: 'chips'
}, connectionProfile);
console.log('importing card one');
await adminConnection.importCard('departmentOne', cardOne);
await adminConnection.importCard('departmentTwo', cardTwo);
console.log('imported card two');
await businessNetworkConnection.disconnect();
await adminConnection.disconnect();
resolve();
} catch (e) {
reject(e);
};
});
};
adminCardName是根据https://hyperledger.github.io/composer/latest/tutorials/deploy-to-fabric-single-org此处提供的基本教程使用composer network start命令生成的内容。
connectionProfile也取自上一页。我已经仔细检查了admin@chips卡所使用的连接配置文件,而我使用的连接配置文件则完全相同。
运行该功能后,在composer card list中,将列出一张名为departmentOne和departmentTwo的卡,其业务网络显示为chips(如预期)。
现在,当我运行composer network ping -c departmentOne时,我得到了错误消息
Error: 2 UNKNOWN: error executing chaincode: transaction returned with failure: AccessException: Participant 'com.algorythmix.base.Department#departmentOne' does not have 'READ' access to resource 'org.hyperledger.composer.system.Network#chips@0.2.0'
Command failed
我有
1)删除了permissions.acl,根据文档,这导致每个人都拥有完全访问权限
2)用于以下permissions.acl文件
rule Default {
description: "Allow all participants access to all resources"
participant: "com.algorythmix.base.Department"
operation: ALL
resource: "org.hyperledger.composer.system.Network"
action: ALLOW
}
rule NetworkAdminUser {
description: "Grant business network administrators full access to user resources"
participant: "org.hyperledger.composer.system.NetworkAdmin"
operation: ALL
resource: "**"
action: ALLOW
}
rule NetworkAdminSystem {
description: "Grant business network administrators full access to system resources"
participant: "org.hyperledger.composer.system.NetworkAdmin"
operation: ALL
resource: "org.hyperledger.composer.system.**"
action: ALLOW
}
专门授予参加者访问网络的权限。我还已经将.bna上传到composer-playground,并且可以按预期在那工作。
有人可以指导我关于我做错了什么吗? 信息: Ubuntu-16.0.4 面料-1.1 作曲家-0.19.11 节点-8.9.1
答案 0 :(得分:1)
错误'org.hyperledger.composer.system.Network#chips@0.2.0'表明底层参与者对实际业务网络没有最小的READ访问权限。
我建议这样的规则(规则2):
rule ReadNetwork {
description: "Allow all participants to read network"
participant: "org.hyperledger.composer.system.Participant"
operation: READ
resource: "org.hyperledger.composer.system.Network"
action: ALLOW
}
答案 1 :(得分:0)
@Varun Agarwal。 我遇到了同样的问题,并通过更改package.json文件中的版本来解决,任何更新此问题的原因