forked from hyperledger/fabric
-
Notifications
You must be signed in to change notification settings - Fork 0
/
aclmgmtimpl.go
46 lines (37 loc) · 1.53 KB
/
aclmgmtimpl.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
/*
Copyright IBM Corp. All Rights Reserved.
SPDX-License-Identifier: Apache-2.0
*/
package aclmgmt
import (
"github.com/hyperledger/fabric/common/flogging"
)
var aclMgmtLogger = flogging.MustGetLogger("aclmgmt")
type aclMethod func(resName string, channelID string, idinfo interface{}) error
//implementation of aclMgmt. CheckACL calls in fabric result in the following flow
// if resourceProvider[resourceName]
// return resourceProvider[resourceName].CheckACL(...)
// else
// return defaultProvider[resourceName].CheckACL(...)
//with rescfgProvider encapsulating resourceProvider and defaultProvider
type aclMgmtImpl struct {
//resource provider gets resource information from config
rescfgProvider ACLProvider
}
//CheckACL checks the ACL for the resource for the channel using the
//idinfo. idinfo is an object such as SignedProposal from which an
//id can be extracted for testing against a policy
func (am *aclMgmtImpl) CheckACL(resName string, channelID string, idinfo interface{}) error {
//use the resource based config provider (which will in turn default to 1.0 provider)
return am.rescfgProvider.CheckACL(resName, channelID, idinfo)
}
//ACLProvider consists of two providers, supplied one and a default one (1.0 ACL management
//using ChannelReaders and ChannelWriters). If supplied provider is nil, a resource based
//ACL provider is created.
func newACLMgmt(prov ACLProvider) ACLProvider {
rp := prov
if rp == nil {
rp = newResourceProvider(nil, newDefaultACLProvider())
}
return &aclMgmtImpl{rescfgProvider: rp}
}