-
Notifications
You must be signed in to change notification settings - Fork 0
/
permissions.acl
34 lines (31 loc) · 1.26 KB
/
permissions.acl
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
rule UserCanReadOwnAccounts {
description: "Allow all participants to see all accounts"
participant (p): "org.riksbanken.ekrona.Person"
operation: READ
resource (r): "org.riksbanken.ekrona.Account"
condition: (r.owner.getIdentifier() === p.getIdentifier())
action: ALLOW
}
rule UserCanUpdateAccountsIfDuringTransactions {
description: "Allow participant to update their own account and the receiving account if part of a valid AccountTransaction."
participant: "org.riksbanken.ekrona.Person"
operation: UPDATE, READ
resource: "org.riksbanken.ekrona.Account"
transaction: "org.riksbanken.ekrona.AccountTransaction"
action: ALLOW
}
rule EverybodyCanSubmitAccountTransactions {
description: "Allow all participants to submit transactions from their own accounts"
participant(p): "org.riksbanken.ekrona.Person"
operation: CREATE
resource(r): "org.riksbanken.ekrona.AccountTransaction"
condition: (r.from.owner.getIdentifier() === p.getIdentifier() && r.amount > 0 && r.from.accountId !== r.to.accountId)
action: ALLOW
}
rule SystemACL {
description: "System ACL to permit all access"
participant: "org.hyperledger.composer.system.Participant"
operation: ALL
resource: "org.hyperledger.composer.system.**"
action: ALLOW
}