Restore Peer_Propose ACL resource and remove ACL capability gates

Commit c948ab2 removed all ACL resource constants and default policy
mappings, but fabric-smart-client's fabricx membership service still
depends on:

  - resources.Peer_Propose constant ("peer/Propose")
  - default ACL mapping Peer_Propose → CHANNELWRITERS
  - aclmgmt.ACLProvider / aclmgmt.NewACLProvider

Without these, FSC fails to compile and CheckACL would hit
"Unmapped policy" at runtime.

Additionally, remove the capability gate that rejected ACLs when the
application capability version was below V1_2. In Fabric-X, ACLs are
always allowed regardless of capability version.

Changes:
  - core/aclmgmt/resources/resources.go: restore Peer_Propose constant
  - core/aclmgmt/defaultaclprovider.go: restore Peer_Propose → CHANNELWRITERS mapping
  - common/capabilities/application.go: ACLs() always returns true
  - common/channelconfig/application.go: remove capability validation gate
  - Update tests for always-allowed ACLs
Signed-off-by: Senthilnathan <cendhu@gmail.com>

Author: cendhu

common/capabilities/application.go

@@ -69,9 +69,10 @@ func (ap *ApplicationProvider) Type() string {
 	return applicationTypeName
 }
 
-// ACLs returns whether ACLs may be specified in the channel application config
+// ACLs returns whether ACLs may be specified in the channel application config.
+// In Fabric-X, ACLs are always allowed regardless of capability version.
 func (ap *ApplicationProvider) ACLs() bool {
-	return ap.v12 || ap.v13 || ap.v142 || ap.v20 || ap.v25
+	return true
 }
 
 // ForbidDuplicateTXIdInBlock specifies whether two transactions with the same TXId are permitted

common/capabilities/application_test.go

@@ -16,6 +16,8 @@ import (
 func TestApplicationV10(t *testing.T) {
 	ap := NewApplicationProvider(map[string]*cb.Capability{})
 	require.NoError(t, ap.Supported())
+	// ACLs are always enabled in Fabric-X, regardless of capability version
+	require.True(t, ap.ACLs())
 }
 
 func TestApplicationV11(t *testing.T) {
@@ -25,6 +27,8 @@ func TestApplicationV11(t *testing.T) {
 	require.NoError(t, ap.Supported())
 	require.True(t, ap.ForbidDuplicateTXIdInBlock())
 	require.True(t, ap.V1_1Validation())
+	// ACLs are always enabled in Fabric-X, regardless of capability version
+	require.True(t, ap.ACLs())
 }
 
 func TestApplicationV12(t *testing.T) {

common/channelconfig/application.go

@@ -45,12 +45,6 @@ func NewApplicationConfig(appGroup *cb.ConfigGroup, mspConfig *MSPConfigHandler)
 		return nil, errors.Wrap(err, "failed to deserialize values")
 	}
 
-	if !ac.Capabilities().ACLs() {
-		if _, ok := appGroup.Values[ACLsKey]; ok {
-			return nil, errors.New("ACLs may not be specified without the required capability")
-		}
-	}
-
 	var err error
 	for orgName, orgGroup := range appGroup.Groups {
 		ac.applicationOrgs[orgName], err = NewApplicationOrgConfig(orgName, orgGroup, mspConfig)

common/channelconfig/application_test.go

@@ -46,10 +46,10 @@ func TestACL(t *testing.T) {
 		g.Expect(err).NotTo(HaveOccurred())
 	})
 
-	t.Run("MissingCapability", func(t *testing.T) {
+	t.Run("ACLsAllowedWithoutCapability", func(t *testing.T) {
 		cg := proto.Clone(cgt).(*cb.ConfigGroup)
 		delete(cg.Values, CapabilitiesKey)
 		_, err := NewApplicationConfig(cg, nil)
-		g.Expect(err).To(MatchError("ACLs may not be specified without the required capability"))
+		g.Expect(err).NotTo(HaveOccurred())
 	})
 }

core/aclmgmt/defaultaclprovider.go

@@ -13,6 +13,7 @@ import (
 	pb "github.com/hyperledger/fabric-protos-go-apiv2/peer"
 
 	"github.com/hyperledger/fabric-x-common/common/policies"
+	"github.com/hyperledger/fabric-x-common/core/aclmgmt/resources"
 	"github.com/hyperledger/fabric-x-common/core/policy"
 	"github.com/hyperledger/fabric-x-common/protoutil"
 )
@@ -46,6 +47,9 @@ func newDefaultACLProvider(policyChecker policy.PolicyChecker) defaultACLProvide
 		cResourcePolicyMap: map[string]string{},
 	}
 
+	// Peer resources
+	d.cResourcePolicyMap[resources.Peer_Propose] = CHANNELWRITERS
+
 	return d
 }
 

core/aclmgmt/resources/resources.go

@@ -6,3 +6,8 @@ SPDX-License-Identifier: Apache-2.0
 
 // Package resources contains resource names used in fabric for ACL checks.
 package resources
+
+const (
+	// Peer resources
+	Peer_Propose = "peer/Propose"
+)