我在我的model.cto文件中有这个结构:
namespace org.gov.budget
asset Tax identified by Id{
o String Id
--> TaxPayer payer
o Double amount
o Integer year
o Boolean processed
}
asset BudgetAccount identified by Id{
o String Id
o Double amount
}
participant Government identified by Id{
o String Id
--> BudgetAccount account
}
participant TaxPayer identified by PANID{
o String PANID
o String name
o Double income
o Integer taxSlab
}
transaction PayTax{
-->Tax tax
-->Government gov
}
Here is the implementation for the transaction.
async function payTax(tax){
tax.tax.amount = tax.tax.payer.income*tax.tax.payer.taxSlab*0.05;
tax.gov.account.amount+=tax.tax.amount;
tax.tax.processed = true;
let assetRegistry = await getAssetRegistry('org.gov.budget.BudgetAccount');
await assetRegistry.update(tax.gov.account);
assetRegistry = await getAssetRegistry('org.gov.budget.Tax');
await assetRegistry.update(tax.tax);
}
现在,当我尝试提交以TaxPayer参与者(而不是管理员)身份登录的PayTax交易时,我遇到了所有这些问题,即TaxPayer没有对交易中涉及的资源的READ访问权限。我必须添加以下两条规则,以便删除有关政府实体的第一个READ访问问题,说'G1',但在此之后它会抛出一个错误,说TaxPayer没有READ访问类型BugdetAccount'B1'链接到'G1' ”。我是否需要为复合类型内访问的每个资产/参与者/类型提供读取访问权限,如政府内的BudgetAccount?如果有很多复合实体相互链接,它会变得非常复杂吗?
rule abc{
description: "Grant business network administrators full access to system resources"
participant: "org.gov.budget.TaxPayer"
operation: READ
resource: "org.hyperledger.composer.system.ParticipantRegistry"
action: ALLOW
}
rule abc4{
description: "Grant business network administrators full access to system resources"
participant: "org.gov.budget.TaxPayer"
operation: READ
resource: "org.gov.budget.Government"
action: ALLOW
}
是的,Composer分散系统非常紧张,因此您需要授予每个参与者特定角色的权限。它使您的网络安全。
如果您想为TaxPayer进行交易,您应该授予执行交易的必要权利,例如:READ税,政府,UPDATE政府,税和创税......