Add support for multiple verbs in a single ACL rule (hyperledger-arch…

…ives#1040)
Ecoblockchain · May 18, 2017 · 6bc61f5 · 6bc61f5
1 parent 00fa807
commit 6bc61f5
Show file tree

Hide file tree

Showing 9 changed files with 364 additions and 154 deletions.
diff --git a/packages/composer-common/lib/acl/aclrule.js b/packages/composer-common/lib/acl/aclrule.js
@@ -76,7 +76,7 @@ class AclRule {
     process() {
         this.name = this.ast.id.name;
         this.noun = new ModelBinding(this, this.ast.noun, this.ast.nounVariable);
-        this.verb = this.ast.verb;
+        this.verbs = this.ast.verbs;
 
         this.participant = null;
         if(this.ast.participant && this.ast.participant !== 'ANY') {
@@ -109,6 +109,14 @@ class AclRule {
     validate() {
         this.noun.validate();
 
+        const foundVerbs = {};
+        this.verbs.forEach((verb) => {
+            if (foundVerbs[verb]) {
+                throw new Error(`The verb '${verb}' has been specified more than once in the ACL rule '${this.name}'`);
+            }
+            foundVerbs[verb] = true;
+        });
+
         if(this.participant) {
             this.participant.validate();
         }
@@ -145,8 +153,8 @@ class AclRule {
      *
      * @return {string} the verb
      */
-    getVerb() {
-        return this.verb;
+    getVerbs() {
+        return this.verbs;
     }
 
     /**

diff --git a/packages/composer-common/lib/acl/parser.pegjs b/packages/composer-common/lib/acl/parser.pegjs
@@ -1363,7 +1363,7 @@ SimpleRule
  = "rule" __ ruleId:RuleId __ "{" __
   	"description:" __ "\"" description:StringSequence "\"" __
     "participant:" __ "\"" participant:Participant "\"" __
-    "operation:" __ verb:Verb __
+    "operation:" __ verbs:Verbs __
     "resource:" __ "\"" noun:Noun "\"" __
     transaction:SimpleTransactionSpecification?
     "action:" __ action:Action __
@@ -1373,7 +1373,7 @@ SimpleRule
         type: "SimpleRule",
         id: ruleId,
         noun: noun,
-        verb: verb,
+        verbs: verbs,
         participant: participant,
         transaction: transaction,
         action: action,
@@ -1392,7 +1392,7 @@ VariableBinding
  = "rule" __ ruleId:RuleId __ "{" __
   	"description:" __ "\"" description:StringSequence "\"" __
     "participant" __ participantVariable:VariableBinding? __ ":" __ "\"" participant:Participant "\"" __
-    "operation:" __ verb:Verb __
+    "operation:" __ verbs:Verbs __
     "resource" __ nounVariable:VariableBinding? __ ":" __ "\"" noun:Noun "\"" __
     transaction:ConditionalTransactionSpecification?
     "condition:" __ predicate:Predicate __
@@ -1404,7 +1404,7 @@ VariableBinding
         id: ruleId,
         noun: noun,
         nounVariable: nounVariable,
-        verb: verb,
+        verbs: verbs,
         participant: participant,
         participantVariable: participantVariable,
         transaction: transaction,
@@ -1451,8 +1451,39 @@ Noun
 NounNoInstance
  = BindingNoInstance
 
-Verb
- = 'CREATE' / 'READ' / 'UPDATE' / 'ALL' / 'DELETE'
+/**
+ * A single verb.
+ */
+BasicVerb = 'CREATE' / 'READ' / 'UPDATE' / 'DELETE'
+
+/**
+ * An additional verb when specified in a list.
+ */
+AdditionalBasicVerb = __ "," __ verb:BasicVerb
+{
+    return verb
+}
+
+/**
+ * A list of verbs.
+ */
+BasicVerbList = first:BasicVerb others:(AdditionalBasicVerb)*
+{
+    return [first].concat(others);
+}
+
+/**
+ * The special "all" verb.
+ */
+AllVerb = 'ALL'
+{
+    return ['ALL']
+}
+
+/**
+ * The special "all" verb, or a list of verbs.
+ */
+Verbs = AllVerb / BasicVerbList
 
 Participant
  = 'ANY' /