I'm using online Playground of Hyperledger Composer (https://composer-playground.mybluemix.net/).
I'm tring to modify acl file from "pii-network" example.
I would like to have authorized access only if participant want to authorize another member and not himself... How can I do it? I did the following change to ACL file but it does not work as I expected (it authorize/revoke anyone and not anyone without himself):
rule AuthorizeAccessTransaction {
description: "Allow all participants to submit AuthorizeAccess transactions"
participant(p): "org.acme.model.Doctor"
operation: CREATE
resource(r): "org.acme.model.AuthorizeAccess"
condition: (r.getIdentifier() != p.getIdentifier())
action: ALLOW
}
rule RevokeAccessTransaction {
description: "Allow all participants to submit RevokeAccess transactions"
participant(p): "org.acme.model.Doctor"
operation: CREATE
resource(r): "org.acme.model.RevokeAccess"
condition: (r.getIdentifier() != p.getIdentifier())
action: ALLOW
}
rule OwnRecordFullAccess {
description: "Allow all participants full access to their own record"
participant(p): "org.acme.model.Doctor"
operation: ALL
resource(r): "org.acme.model.Doctor"
condition: (r.getIdentifier() === p.getIdentifier())
action: ALLOW
}
rule ForeignRecordConditionalAccess {
description: "Allow participants access to other people's records if granted"
participant(p): "org.acme.model.Doctor"
operation: ALL
resource(r): "org.acme.model.Doctor"
condition: (r.authorized && r.authorized.indexOf(p.getIdentifier()) > -1)
action: ALLOW
}
rule SystemACL {
description: "System ACL to permit all access"
participant: "org.hyperledger.composer.system.Participant"
operation: ALL
resource: "org.hyperledger.composer.system.**"
action: ALLOW
}
I followed instruction from https://www.youtube.com/watch?v=VTX-9VyO6OU&feature=youtu.be and I changed the .acl file like I showed
Does anyone know what is the problem? What did I wrong?
I show also cto file here:
namespace org.acme.model
concept Specialization {
o String hospital
o String hospital_ward //reparto ospedaliero
o String city
o String county
o String zip
o String field //campo medico di specializzazione
}
participant Doctor identified by username {
o String username
o String firstName
o String lastName
o Specialization specialization
o DateTime dob optional
o String[] authorized optional
}
abstract transaction DoctorTransaction {
o String username
}
transaction AuthorizeAccess extends DoctorTransaction {
}
transaction RevokeAccess extends DoctorTransaction {
}
event DoctorEvent {
o DoctorTransaction doctorTransaction
}
Use relationship as datatype for your authorized users.
Then use this function to check condition in permissions.acl