-
Notifications
You must be signed in to change notification settings - Fork 32
/
permissions.acl
135 lines (120 loc) · 4.16 KB
/
permissions.acl
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
/**
* New access control file
*/
rule SystemACL {
description: "System ACL to permit all access"
participant: "org.hyperledger.composer.system.Participant"
operation: ALL
resource: "org.hyperledger.composer.system.**"
action: ALLOW
}
rule NetworkAdminUser {
description: "Grant business network administrators full access to user resources"
participant: "org.hyperledger.composer.system.NetworkAdmin"
operation: ALL
resource: "**"
action: ALLOW
}
rule NetworkAdminSystem {
description: "Grant business network administrators full access to system resources"
participant: "org.hyperledger.composer.system.NetworkAdmin"
operation: ALL
resource: "org.hyperledger.composer.system.**"
action: ALLOW
}
rule ReadCommodity {
description: "All participants can read its own goods"
participant(m): "org.hcsc.network.*"
operation: READ
resource(v): "org.hcsc.network.Commodity"
condition: (v.owner.getIdentifier() == m.getIdentifier())
action: ALLOW
}
rule VenderReadPO {
description: "All participants can read its own PO"
participant(m): "org.hcsc.network.*"
operation: READ
resource(v): "org.hcsc.network.PO"
condition: (v.vender.getIdentifier() == m.getIdentifier())
action: ALLOW
}
rule ordererReadPO {
description: "All participants can read its own PO"
participant(m): "org.hcsc.network.*"
operation: READ
resource(v): "org.hcsc.network.PO"
condition: (v.orderer.getIdentifier() == m.getIdentifier())
action: ALLOW
}
rule RuleWithTransaction {
description: "Allow all paticipants to access TransferCommodity transaction"
participant: "org.hcsc.network.*"
operation: CREATE
resource: "org.hcsc.network.TransferCommodity"
action: ALLOW
}
rule ConditionRuleWithTransaction {
description:"Allow all paticipants to transfer its own commodity only by TransferCommodity"
participant(m): "org.hcsc.network.*"
operation: UPDATE
resource(v): "org.hcsc.network.*"
transaction(tx): "org.hcsc.network.TransferCommodity"
condition: (v.owner.getIdentifier() == m.getIdentifier())
action: ALLOW
}
rule ConditionalRuleWithTransaction2 {
description:"Grant all paticipants to read its own transaction records"
participant(m): "org.hcsc.network.*"
operation: READ
resource(v): "org.hcsc.network.TransferCommodity"
condition: (v.issuer.getIdentifier() == m.getIdentifier())
action: ALLOW
}
rule ConditionalRuleWithTransaction3 {
description:"Grant all participants to read its own transaction records"
participant(m): "org.hcsc.network.*"
operation: READ
resource(v): "org.hcsc.network.TransferCommodity"
condition: (v.newOwner.getIdentifier() == m.getIdentifier())
action: ALLOW
}
rule ConditionalRuleWithCreation {
description: "Grant all participants can create its own resource"
participant(m): "org.hcsc.network.*"
operation: CREATE
resource(v): "org.hcsc.network.Commodity"
condition: (v.owner.getIdentifier() == m.getIdentifier())
action: ALLOW
}
rule ConditionalRulewithCreationOfPO {
description:"Allow all paticipants to initiate PO"
participant(m): "org.hcsc.network.*"
operation: CREATE
resource(v): "org.hcsc.network.PO"
transaction(tx): "org.hcsc.network.InitiatePO"
condition: (v.orderer.getIdentifier() == m.getIdentifier())
action: ALLOW
}
rule RuleWithInitiatePOTransaction {
description: "Allow all paticipants to access Initiate PO transaction"
participant: "org.hcsc.network.*"
operation: CREATE
resource: "org.hcsc.network.InitiatePO"
action: ALLOW
}
rule VenderCanReadTransaction {
description:"Grant all paticipants to read its own transaction records"
participant(m): "org.hcsc.network.*"
operation: READ
resource(v): "org.hcsc.network.InitiatePO"
condition: (v.vender.getIdentifier() == m.getIdentifier())
action: ALLOW
}
rule OrdererCanReadTransaction {
description:"Grant all participants to read its own transaction records"
participant(m): "org.hcsc.network.*"
operation: READ
resource(v): "org.hcsc.network.InitiatePO"
condition: (v.orderer.getIdentifier() == m.getIdentifier())
action: ALLOW
}