In my hyperledger-composer application, access control rules with a condition of the following type:
(r.someArray.indexOf(p.getIdentifier()) > -1)
do not work.
Here is an example of such an ACL-rule:
rule SuperiorsHaveReadAccessToTheirTeamMembers {
description: "Allow superiors read access to data on their team members"
participant(p): "org.comp.app.Employee"
operation: READ
resource(r): "org.comp.app.Employee"
condition: (r.superiors.indexOf(p.getIdentifier()) > -1)
action: ALLOW
}
for clarification:
participant Employee extends User {
o String company optional
--> Employee[] superiors optional
}
So the access control rule above simply states that Employee A has READ Access to Employee B if and only if Employee B's array-attribute "superiors" contains Employee A (i.e. if Employee A is the superior of Employee B).
However, it doesn't work. Employee A does not have READ access to Employee B. All the other access control rules of this kind do not work either.
Is this a bug in hyperledger-composer?
no, its not a bug. Its, again, because you're working with an array of resource objects, as you've modeled it.
indexOf
works on the string Object. It works for me as follows:}
Also, remember how
indexOf
works: it will 'pass' on the first match. It may be better to have anauthorized
field, and store shortened (string) ids in (say) a field eg.String[] authorized optional
- and in this case your original rule would then work first time.