go_study/fabric-main/core/aclmgmt/aclmgmtimpl.go

48 lines
1.8 KiB
Go

/*
Copyright IBM Corp. All Rights Reserved.
SPDX-License-Identifier: Apache-2.0
*/
package aclmgmt
import "github.com/hyperledger/fabric/core/policy"
// implementation of aclMgmt. CheckACL calls in fabric result in the following flow
//
// if resourceProvider[resourceName]
// return resourceProvider[resourceName].CheckACL(...)
// else
// return defaultProvider[resourceName].CheckACL(...)
//
// with rescfgProvider encapsulating resourceProvider and defaultProvider
type aclMgmtImpl struct {
// resource provider gets resource information from config
rescfgProvider ACLProvider
}
// CheckACL checks the ACL for the resource for the channel using the
// idinfo. idinfo is an object such as SignedProposal from which an
// id can be extracted for testing against a policy
func (am *aclMgmtImpl) CheckACL(resName string, channelID string, idinfo interface{}) error {
// use the resource based config provider (which will in turn default to 1.0 provider)
return am.rescfgProvider.CheckACL(resName, channelID, idinfo)
}
// CheckACLNoChannel checks the ACL for the resource for the local MSP
// using the idinfo. idinfo is an object such as SignedProposal
// from which an id can be extracted for testing against a policy.
func (am *aclMgmtImpl) CheckACLNoChannel(resName string, idinfo interface{}) error {
// use the resource based config provider (which will in turn default to 1.0 provider)
return am.rescfgProvider.CheckACLNoChannel(resName, idinfo)
}
// ACLProvider consists of two providers, supplied one and a default one (1.0 ACL management
// using ChannelReaders and ChannelWriters). If supplied provider is nil, a resource based
// ACL provider is created.
func NewACLProvider(rg ResourceGetter, policyChecker policy.PolicyChecker) ACLProvider {
return &aclMgmtImpl{
rescfgProvider: newResourceProvider(rg, newDefaultACLProvider(policyChecker)),
}
}