/
permissions.acl
188 lines (163 loc) · 6 KB
/
permissions.acl
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
/**
* Access control rules for BBS
*/
//Owners to have access only to their own account
rule OwnerAccessOwnRecord {
description: "Allow owners to access only their profile"
participant(p): "org.decentralized.resource.network.Owner"
operation: READ, UPDATE, DELETE
resource(r): "org.decentralized.resource.network.Owner"
condition: (r.getIdentifier() === p.getIdentifier())
action: ALLOW
}
//Owners to have read only access to other Owners
rule OwnerReadAccessOwners {
description: "Allow owners read access to other owners"
participant: "org.decentralized.resource.network.Owner"
operation: READ
resource: "org.decentralized.resource.network.Owner"
action: ALLOW
}
//Owners to have read only access to other Banks
rule OwnerReadAccessBanks {
description: "Allow owners read access to other banks"
participant: "org.decentralized.resource.network.Owner"
operation: READ
resource: "org.decentralized.resource.network.Bank"
action: ALLOW
}
//Owners to have read only access to other Companies
rule OwnerReadAccessCompanies {
description: "Allow owners read access to other companies"
participant: "org.decentralized.resource.network.Owner"
operation: READ
resource: "org.decentralized.resource.network.Company"
action: ALLOW
}
//Owners to have read access to all coins assets
rule OwnerAccessCoinsRecord {
description: "Allow owners read access to all coins assets"
participant: "org.decentralized.resource.network.Owner"
operation: READ
resource: "org.decentralized.resource.network.Coins"
action: ALLOW
}
//Owners to have read access to all resource assets
rule OwnerAccessResourceRecord {
description: "Allow owners read access to all resource assets"
participant: "org.decentralized.resource.network.Owner"
operation: READ
resource: "org.decentralized.resource.network.Resource"
action: ALLOW
}
//Owners to have read access to all cash assets
rule OwnerAccessCashRecord {
description: "Allow owners read access to all cash assets"
participant: "org.decentralized.resource.network.Owner"
operation: READ
resource: "org.decentralized.resource.network.Cash"
action: ALLOW
}
//Banks to have access to their own account
rule BankAccessOwnRecord {
description: "Allow banks to access only their profile"
participant(p): "org.decentralized.resource.network.Bank"
operation: READ, UPDATE, DELETE
resource(r): "org.decentralized.resource.network.Bank"
condition: (r.getIdentifier() === p.getIdentifier())
action: ALLOW
}
//Banks to have read only access to other Banks
rule BankReadAccessBanks {
description: "Allow banks read access to other Banks"
participant: "org.decentralized.resource.network.Bank"
operation: READ
resource: "org.decentralized.resource.network.Bank"
action: ALLOW
}
//Banks to have read only access to other Owners
rule BankReadAccessOwners {
description: "Allow banks read access to other Owners"
participant: "org.decentralized.resource.network.Bank"
operation: READ
resource: "org.decentralized.resource.network.Owner"
action: ALLOW
}
//Banks to have read access to all coins assets
rule BankAccessCoinsRecord {
description: "Allow banks read access to all coins assets"
participant: "org.decentralized.resource.network.Bank"
operation: READ
resource: "org.decentralized.resource.network.Coins"
action: ALLOW
}
//Banks to have read/update access to all cash assets
rule BankAccessCashRecord {
description: "Allow banks read access to all cash assets"
participant: "org.decentralized.resource.network.Bank"
operation: READ
resource: "org.decentralized.resource.network.Cash"
action: ALLOW
}
//Companies to have access to their own account
rule CompanyAccessOwnRecord {
description: "Allow company to access only their profile"
participant(p): "org.decentralized.resource.network.Company"
operation: READ, UPDATE, DELETE
resource(r): "org.decentralized.resource.network.Company"
condition: (r.getIdentifier() === p.getIdentifier())
action: ALLOW
}
//Companies to have read only access to other Companies
rule CompanyReadAccessCompanies {
description: "Allow companies read access to other Companies"
participant: "org.decentralized.resource.network.Company"
operation: READ
resource: "org.decentralized.resource.network.Company"
action: ALLOW
}
//Companies to have read only access to other Owners
rule CompanyReadAccessOwners {
description: "Allow companies read access to other Owners"
participant: "org.decentralized.resource.network.Company"
operation: READ
resource: "org.decentralized.resource.network.Owner"
action: ALLOW
}
//Companies to have read access to all coins assets
rule CompanyAccessCoinsRecord {
description: "Allow companies read access to all coins assets"
participant: "org.decentralized.resource.network.Company"
operation: READ
resource: "org.decentralized.resource.network.Coins"
action: ALLOW
}
//Companies to have read/update access to all resource assets
rule CompanyAccessResourceRecord {
description: "Allow companies read access to all resource assets"
participant: "org.decentralized.resource.network.Company"
operation: READ
resource: "org.decentralized.resource.network.Resource"
action: ALLOW
}
rule SystemACL {
description: "System ACL to permit all access"
participant: "org.hyperledger.composer.system.Participant"
operation: ALL
resource: "org.hyperledger.composer.system.**"
action: ALLOW
}
rule NetworkAdminUser {
description: "Grant business network administrators full access to user resources"
participant: "org.hyperledger.composer.system.NetworkAdmin"
operation: ALL
resource: "**"
action: ALLOW
}
rule NetworkAdminSystem {
description: "Grant business network administrators full access to system resources"
participant: "org.hyperledger.composer.system.NetworkAdmin"
operation: ALL
resource: "org.hyperledger.composer.system.**"
action: ALLOW
}