{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 Viruses. 的问题《Hyperledger composer Access Control, allow create》','https://www.manongdao.com/q-909963.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
Here is what I want to implement:
I want to allow user(kind of participant) to create an asset, but do it only in transaction, whereas outside of this transaction I want deny all user rights to create assets.
I tried to solve it using condition in rule .acl file using function:
rule UserCanCreateAssetOnlyInTransaction {
description: "Deny all participants create access to all userWallets if not in transaction"
participant(p): "com.example.User"
operation: CREATE
resource(r): "com.example.UserAsset"
condition:(isInTransactionF())
action: ALLOW
}
Then in transaction I create variable as var isInTransaction = true;, and in logic.js file I added:
/**
@returns {boolean} boolean true/false
*/
function isInTransactionF(){
if(isInTransaction){
return true;
}else{
return false;
}
}
It doesn't work, when I call the only transaction in which create access should work, it says that the user do not have create access to submit this transaction. I guess I'm doing something wrong, is there any way to solve this problem?
to achieve what you want in your function - you would say :
Your current ACL would then work.
I can call console.log to see the returned result
To restrict a participant to create an asset ONLY through a certain transaction class - the rule would look something like (ie the asset can only be created through this class - implicitly it should be denied elsewhere assuming there are no other Asset Create rules):
If your ACL is failing, then you need to see what other ACL rules could be ALLOWING the creation of this asset through another means but the rule I provided would be the usual means to control that (based on the info you provided in the question)