github.com/adnan-c/fabric_e2e_couchdb@v0.6.1-preview.0.20170228180935-21ce6b23cf91/examples/chaincode/go/asset_management/README.md

github.com/adnan-c/fabric_e2e_couchdb@v0.6.1-preview.0.20170228180935-21ce6b23cf91/examples/chaincode/go/asset_management/README.md (about)

     1  # Hyperledger Fabric - Asset Management
     2  
     3  ## Overview
     4  
     5  The *asset management* chaincode (*asset_management.go*) is a very simple chaincode designed to show how to exercise *access control* at the chaincode level as described in this document: [https://github.com/hyperledger/fabric/blob/master/docs/tech/application-ACL.md](https://github.com/hyperledger/fabric/blob/master/docs/tech/application-ACL.md)
     6  
     7  The chaincode exposes the following functions:
     8  
     9  1. *init(user)*: Initialize the chaincode assigning to *user* the role of *administrator*;
    10  2. *assign(asset, user)*: Assigns the ownership of *asset* to *user*. 
    11  Notice that, this function can be invoked only by an administrator;
    12  3. *transfer(asset, user)*: Transfer the ownership of *asset* to *user*
    13  Notice that this function ca be invoked only by the owner of *asset*;
    14  4. *query(asset)*: Returns the identifier of the owner of *asset*
    15  
    16  In the following subsections, we will describe in more detail each function.
    17  
    18  ## *init(user)*
    19  
    20  This function initialize the chaincode by assigning to *user* the role of administrator. The function is invoked automatically at deploy time.
    21  
    22  When generating the deploy transaction, the chaincode deployer must specify the administrator of the chaincode by setting the transaction metadata to 
    23  the DER (Distinguished Encoding Rules) certificate encoding of one of the administrator ECert/TCert. 
    24  
    25  For simplicity, there is only one administrator.
    26  
    27  A possible work-flow could be the following:
    28  
    29  1. Alice is the deployer of the chaincode;
    30  2. Alice wants to assign the administrator role to Bob;
    31  3. Alice obtains, via an out-of-band channel, a TCert of Bob, let us call this certificate *BobCert*;
    32  4. Alice constructs a deploy transaction, as described in *application-ACL.md*,  setting the transaction metadata to *BobCert*.
    33  5. Alice submits the transaction to the fabric network.
    34  
    35  Notice that Alice can assign to herself the role of administrator.
    36  
    37  ## *assign(asset, user)*
    38  
    39  This function assigns the ownership of *asset* to *user*. For simplicity, *asset* can be any string (the identifier of the asset, for example) and *user* is a TCert/ECert of the party the ownership of *asset* is assigned to.
    40  
    41  Notice that, this function can only be invoked by the administrator of the chaincode that has been defined at deploy time during the chaincode initialization.
    42  
    43  A possible work-flow could be the following:
    44  
    45  1. Bob is the administrator of the chaincode;
    46  2. Bob wants to assign the asset 'Picasso' to Charlie;
    47  3. Bob obtains, via an out-of-band channel, a TCert of Charlie, let us call this certificate *CharlieCert*;
    48  4. Bob constructs an invoke transaction, as described in *application-ACL.md*, to invoke the *assign* function passing as parameters *('Picasso', Base64(DER(CharlieCert)))*. 
    49  5. Bob submits the transaction to the fabric network.
    50  
    51  ## *transfer(asset, user)*
    52  
    53  This function transfers the ownership of *asset* to *user*. As for the *assign* function, *asset* is a string representing the asset and *user* is an ECert/TCert of the party the ownership of *asset* is assigned to.
    54  
    55  Notice that, this function can only be invoked by the owner of *asset* who obtained the ownership via ans *assign* call or via a chain of *assign* and *transfer* calls.
    56  
    57  A possible work-flow could be the following:
    58  
    59  1. Charlie is the owner of 'Picasso';
    60  2. Charlie wants to transfer the ownership of 'Picasso' to Dave;
    61  3. Charlie obtains, via an out-of-band channel, a TCert of Dave, let us call this certificate *DaveCert*;
    62  4. Charlie constructs an invoke transaction, as described in *application-ACL.md*, to invoke the *transfer* function passing as parameters *('Picasso', Base64(DER(DaveCert)))*. 
    63  5. Charlie submits the transaction to the fabric network.
    64  
    65  ## *query(asset)*
    66  
    67  This function returns the owner of *asset* as the DER certificate encoding of his certificate the ownership was acquired with.
    68  
    69  Notice that, this function can be invoked by anyone. No access control is in place in this example. No one forbids to enhance the chaincode to have access control also for *query* function.