This repository was archived by the owner on Nov 25, 2020. It is now read-only.
This repository was archived by the owner on Nov 25, 2020. It is now read-only.
Testing invocation permissions based on certificate attributes #39
Description
I'd like to be able to test access control to chaincode invocations based on whether or not the fabric client's certificate has the required attributes. Here is some example chaincode. I don't see any built-in functionality for mocking the cert coming from stub. Am I missing something? Thanks in advance.
/////////////////////////////////////////////////////////
// ROLE-BASED ACCESS CONTROL EXAMPLE
//
// The following chaincode demonstrates how to prevent
// unauthorized clients from invoking chaincode methods.
/////////////////////////////////////////////////////////
'use strict';
const shim = require('fabric-shim');
/////////////////////////////////////////////////////////
// requireRole
//
// This method will throw an error if the calling client
// does not have the specified role.
/////////////////////////////////////////////////////////
async function requireRole(stub, role) {
const ClientIdentity = shim.ClientIdentity;
let cid = new ClientIdentity(stub);
if (!cid.assertAttributeValue('role', role))
throw new Error(`Unauthorized access: ${role} required`);
}
let Chaincode = class {
async Init(stub) {
console.info('============= Init called =============');
return shim.success();
}
async Invoke(stub) {
console.info('============= Invoke called =============');
// ensure client has admin role before proceeding
try {
await requireRole(stub, 'admin');
} catch(err) {
// log failed access attempt and return
console.error("Error during Invoke: ", err);
return shim.error(err.message || err);
}
// client has the expected role, so continue
console.info('SUCCESS!')
return shim.success();
}
}
shim.start(new Chaincode());