github.com/true-sqn/fabric@v2.1.1+incompatible/core/common/privdata/membershipinfo.go (about) 1 /* 2 Copyright IBM Corp. All Rights Reserved. 3 4 SPDX-License-Identifier: Apache-2.0 5 */ 6 7 package privdata 8 9 import ( 10 "github.com/hyperledger/fabric-protos-go/peer" 11 "github.com/hyperledger/fabric/common/flogging" 12 "github.com/hyperledger/fabric/msp" 13 "github.com/hyperledger/fabric/protoutil" 14 ) 15 16 var logger = flogging.MustGetLogger("common.privdata") 17 18 // MembershipProvider can be used to check whether a peer is eligible to a collection or not 19 type MembershipProvider struct { 20 mspID string 21 selfSignedData protoutil.SignedData 22 IdentityDeserializerFactory func(chainID string) msp.IdentityDeserializer 23 } 24 25 // NewMembershipInfoProvider returns MembershipProvider 26 func NewMembershipInfoProvider(mspID string, selfSignedData protoutil.SignedData, identityDeserializerFunc func(chainID string) msp.IdentityDeserializer) *MembershipProvider { 27 return &MembershipProvider{selfSignedData: selfSignedData, IdentityDeserializerFactory: identityDeserializerFunc} 28 } 29 30 // AmMemberOf checks whether the current peer is a member of the given collection config. 31 // If getPolicy returns an error, it will drop the error and return false - same as a RejectAll policy. 32 // It is used when a chaincode is upgraded to see if the peer's org has become eligible after a collection 33 // change. 34 func (m *MembershipProvider) AmMemberOf(channelName string, collectionPolicyConfig *peer.CollectionPolicyConfig) (bool, error) { 35 deserializer := m.IdentityDeserializerFactory(channelName) 36 37 // Do a simple check to see if the mspid matches any principal identities in the SignaturePolicy - FAB-17059 38 if collectionPolicyConfig.GetSignaturePolicy() != nil { 39 memberOrgs := getMemberOrgs(collectionPolicyConfig.GetSignaturePolicy().GetIdentities(), deserializer) 40 41 if _, ok := memberOrgs[m.mspID]; ok { 42 return true, nil 43 } 44 } 45 46 // Fall back to default access policy evaluation otherwise 47 accessPolicy, err := getPolicy(collectionPolicyConfig, deserializer) 48 if err != nil { 49 // drop the error and return false - same as reject all policy 50 logger.Errorf("Reject all due to error getting policy: %s", err) 51 return false, nil 52 } 53 if err := accessPolicy.EvaluateSignedData([]*protoutil.SignedData{&m.selfSignedData}); err != nil { 54 return false, nil 55 } 56 57 return true, nil 58 }