登录 注册
开源 企业版 高校版 私有云 Gitee AI NEW
开源项目 > 区块链 &&
扫描微信二维码支付
取消
支付完成
Watch
不关注 关注所有动态 仅关注版本发行动态 关注但不提醒动态
6 Star 46 Fork 28

Hyperledger/fabric

代码 Issues 1 Pull Requests 0 Wiki 统计 流水线
服务
加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
克隆/下载
defaultaclprovider.go 4.25 KB
一键复制 编辑 原始数据 按行查看 历史
Matthew Sykes 提交于 2018-05-21 18:35 . [FAB-10266] enable cc-2-cc policy integration test
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130
/*

Copyright IBM Corp. All Rights Reserved.



SPDX-License-Identifier: Apache-2.0

*/



package aclmgmt



import (

	"fmt"



	"github.com/hyperledger/fabric/common/policies"

	"github.com/hyperledger/fabric/core/aclmgmt/resources"

	"github.com/hyperledger/fabric/core/peer"

	"github.com/hyperledger/fabric/core/policy"

	"github.com/hyperledger/fabric/msp/mgmt"

	"github.com/hyperledger/fabric/protos/common"

	pb "github.com/hyperledger/fabric/protos/peer"

)



const (

	CHANNELREADERS = policies.ChannelApplicationReaders

	CHANNELWRITERS = policies.ChannelApplicationWriters

)



//defaultACLProvider used if resource-based ACL Provider is not provided or

//if it does not contain a policy for the named resource

type defaultACLProvider struct {

	policyChecker policy.PolicyChecker



	//peer wide policy (currently not used)

	pResourcePolicyMap map[string]string



	//channel specific policy

	cResourcePolicyMap map[string]string

}



func NewDefaultACLProvider() ACLProvider {

	d := &defaultACLProvider{}

	d.initialize()



	return d

}



func (d *defaultACLProvider) initialize() {

	d.policyChecker = policy.NewPolicyChecker(

		peer.NewChannelPolicyManagerGetter(),

		mgmt.GetLocalMSP(),

		mgmt.NewLocalMSPPrincipalGetter(),

	)



	d.pResourcePolicyMap = make(map[string]string)

	d.cResourcePolicyMap = make(map[string]string)



	//-------------- LSCC --------------

	//p resources (implemented by the chaincode currently)

	d.pResourcePolicyMap[resources.Lscc_Install] = ""

	d.pResourcePolicyMap[resources.Lscc_GetInstalledChaincodes] = ""



	//c resources

	d.cResourcePolicyMap[resources.Lscc_Deploy] = ""  //ACL check covered by PROPOSAL

	d.cResourcePolicyMap[resources.Lscc_Upgrade] = "" //ACL check covered by PROPOSAL

	d.cResourcePolicyMap[resources.Lscc_ChaincodeExists] = CHANNELREADERS

	d.cResourcePolicyMap[resources.Lscc_GetDeploymentSpec] = CHANNELREADERS

	d.cResourcePolicyMap[resources.Lscc_GetChaincodeData] = CHANNELREADERS

	d.cResourcePolicyMap[resources.Lscc_GetInstantiatedChaincodes] = CHANNELREADERS



	//-------------- QSCC --------------

	//p resources (none)



	//c resources

	d.cResourcePolicyMap[resources.Qscc_GetChainInfo] = CHANNELREADERS

	d.cResourcePolicyMap[resources.Qscc_GetBlockByNumber] = CHANNELREADERS

	d.cResourcePolicyMap[resources.Qscc_GetBlockByHash] = CHANNELREADERS

	d.cResourcePolicyMap[resources.Qscc_GetTransactionByID] = CHANNELREADERS

	d.cResourcePolicyMap[resources.Qscc_GetBlockByTxID] = CHANNELREADERS



	//--------------- CSCC resources -----------

	//p resources (implemented by the chaincode currently)

	d.pResourcePolicyMap[resources.Cscc_JoinChain] = ""

	d.pResourcePolicyMap[resources.Cscc_GetChannels] = ""



	//c resources

	d.cResourcePolicyMap[resources.Cscc_GetConfigBlock] = CHANNELREADERS

	d.cResourcePolicyMap[resources.Cscc_GetConfigTree] = CHANNELREADERS

	d.cResourcePolicyMap[resources.Cscc_SimulateConfigTreeUpdate] = CHANNELWRITERS



	//---------------- non-scc resources ------------

	//Peer resources

	d.cResourcePolicyMap[resources.Peer_Propose] = CHANNELWRITERS

	d.cResourcePolicyMap[resources.Peer_ChaincodeToChaincode] = CHANNELWRITERS



	//Event resources

	d.cResourcePolicyMap[resources.Event_Block] = CHANNELREADERS

	d.cResourcePolicyMap[resources.Event_FilteredBlock] = CHANNELREADERS

}



//this should cover an exhaustive list of everything called from the peer

func (d *defaultACLProvider) defaultPolicy(resName string, cprovider bool) string {

	var pol string

	if cprovider {

		pol = d.cResourcePolicyMap[resName]

	} else {

		pol = d.pResourcePolicyMap[resName]

	}

	return pol

}



//CheckACL provides default (v 1.0) behavior by mapping resources to their ACL for a channel

func (d *defaultACLProvider) CheckACL(resName string, channelID string, idinfo interface{}) error {

	policy := d.defaultPolicy(resName, true)

	if policy == "" {

		aclLogger.Errorf("Unmapped policy for %s", resName)

		return fmt.Errorf("Unmapped policy for %s", resName)

	}



	switch idinfo.(type) {

	case *pb.SignedProposal:

		return d.policyChecker.CheckPolicy(channelID, policy, idinfo.(*pb.SignedProposal))

	case *common.Envelope:

		sd, err := idinfo.(*common.Envelope).AsSignedData()

		if err != nil {

			return err

		}

		return d.policyChecker.CheckPolicyBySignedData(channelID, policy, sd)

	default:

		aclLogger.Errorf("Unmapped id on checkACL %s", resName)

		return fmt.Errorf("Unknown id on checkACL %s", resName)

	}

}
马建仓 AI 助手
尝试更多
代码解读
代码找茬
代码优化
1
https://gitee.com/hyperledger/fabric.git
git@gitee.com:hyperledger/fabric.git
hyperledger
fabric
fabric
v1.2.1
点此查找更多帮助

搜索帮助

Git 命令在线学习 如何在 Gitee 导入 GitHub 仓库
Git 仓库基础操作
企业版和社区版功能对比
SSH 公钥设置
如何处理代码冲突
仓库体积过大,如何减小?
如何找回被删除的仓库数据
Gitee 产品配额说明
GitHub仓库快速导入Gitee及同步更新
什么是 Release(发行版)
将 PHP 项目自动发布到 packagist.org
评论
仓库举报
回到顶部