ACL Changes, Updates to Modelling Docs, Ongoing work on Diagnostics, …

…Change to ToC (hyperledger-archives#1606)

README.md

@@ -29,9 +29,8 @@ Suggested reading list is:
 
 - [Introduction](https://hyperledger.github.io/composer/introduction/introduction.html)
 - [Introduction Video](https://www.youtube.com/watch?v=fdFUsrsv5iw&t=23s)
-- [Quick Start](https://hyperledger.github.io/composer/installing/quickstart.html)
-- [Quick Start Video](https://www.youtube.com/watch?v=pEHBIfb_iqc&t=5s)
-- [Tutorials](https://hyperledger.github.io/composer/tutorials/tutorialindex.html)
+- [Quick Start](https://hyperledger.github.io/composer/installing/installing-index.html)
+- [Tutorials](https://hyperledger.github.io/composer/tutorials/tutorials.html)
 
 # Getting in touch
 

packages/composer-website/jekylldocs/_includes/sidebars/accordion-toc0.md

@@ -3,9 +3,9 @@
 {% if page.index-order %}
 {% capture mods %}{{ page.index-order | modulo:100 }}{% endcapture %}
 {% if mods == "0" %}
-- [{{ page.title }}]({{site.url}}{{page.url}}.html)
+- [{{ page.title }}](../{{page.url}}.html)
 {% elsif mods != "0" %}
-  - [{{page.title}}]({{site.url}}{{page.url}}.html)
+  - [{{page.title}}](../{{page.url}}.html)
 {% endif %}
 {% endif %}
 {% endfor %}

packages/composer-website/jekylldocs/business-network/bnd-deploy.md

@@ -22,7 +22,7 @@ For example:
 
 To update the definition of an already deployed business network use the `composer network update` CLI command.
 
-## Deploying business networks to {{site.data.conrefs.hlf_full}} v1.0 RC 1
+## Deploying business networks to {{site.data.conrefs.hlf_full}} RC 1
 
 In {{site.data.conrefs.hlf_full}} v1.0 RC 1 peers now enforce the concepts of admins and members. Admin user's identities and crypto material must be available to the peer at deployment. To make that identity and its crypto material available, your must import it to your local `keyValStore` directory before deploying the business network. To import the identity, use the [`composer identity import` command](../reference/composer.identity.import.html). When importing an identity, you do not assign it a secret, however the `composer network deploy` command requires a secret. If you are using an imported identity, you can enter any value for the secret.
 
@@ -34,6 +34,7 @@ Due to many breaking API changes between {{site.data.conrefs.hlf_full}} alpha 1
 
 When deploying a business network to {{site.data.conrefs.hlf_full}} v1.0 RC 1 using the Playground locally, you must follow the process above to connect using the peer admin identity. However, in order to create identities and interact with your business network in the Playground, you must use the certificate authority admin identity.
 
+
 ## References
 
 * [**Composer CLI commands**](../reference/commands.html)

packages/composer-website/jekylldocs/managing/connector-information.md

@@ -0,0 +1,17 @@
+---
+layout: default
+title: Connector Specific Information
+category: tasks
+section: managing
+sidebar: sidebars/accordion-toc0.md
+excerpt:
+---
+
+# Connector Specific Information
+
+{{site.data.conrefs.composer_full}} is designed to be platform-agnostic
+
+
+## {{site.data.conrefs.hlf_full}}
+
+There are several cases where information specific to {{site.data.conrefs.hlf_full}} must be included in {{site.data.conrefs.composer_full}} commands, including `composer network deploy`, and `composer identity issue`.

packages/composer-website/jekylldocs/problems/diagnostics.md

@@ -10,13 +10,41 @@ index-order: 800
 
 # Diagnosing Problems
 
+Composer uses the Winston logging module by default - and will use the Config module to look for any configuration information. If none is found, then a set of defaults will be used.
+
+The config module does write out a warning, if there are no configuration files set. Eg. `WARNING: No configurations found in configuration directory`. This can be suppressed with an environment variable if you are happy with the defaults and don't wish to use config in your application. See more information [here](https://github.com/lorenwest/node-config/wiki/Environment-Variables#suppress_no_config_warning).
+
+<!--
+## User Applications - Dan
+## Business Networks - Liam/Matthew
+## CLI - David
+
+- `DEBUG=composer:* composer network deploy` <-- debugs the command. dumps soem debug info to console. tracefile written to logs directory of CurrentWorkingDir. sort by date and look for recent.
+
+## Rest Server - Simon
+## Playground - Caroline
+
+
+## Composer Runtime - David
+
+- logLevel -> network deploy and loglevel designed for doing this shit.
+- docker command to get logs out `docker logs <chaincode container>` <-- this gets more complex. chaincode names dev-<businessnetworkname><composerruntimeversion>
+
+- composer runtime < should loglevel be here. (mebs next week)
+- advice: set loglevel to debug on deploy because if deploy breaks you want the logs.
+
+
+## {{site.data.conrefs.hlf_full}} RC1 - David
+
+
+-->
+# Diagnosing Problems
+
 If something should ever go wrong with an application, what should you do about getting diagnostics?
 
 Let's look at the `digitalproperty-app` sample, and use that to explain how to get diagnostics out of the framework.
 
->Please note: This is a framework - so your application will need to have it's own logging framework. Also, your application could also have configuration information to control {{site.data.conrefs.composer_full}}'s own logging. Composer uses the Winston logging module by default - and will use the Config module to look for any configuration information. If none is found, then a set of defaults will be used.
-
-The config module does write out a warning, if there are no configuration files set. Eg. `WARNING: No configurations found in configuration directory`. This can be suppressed with an environment variable if you are happy with the defaults and don't wish to use config in your application. See more information [here](https://github.com/lorenwest/node-config/wiki/Environment-Variables#suppress_no_config_warning).
+>Please note: This is a framework - so your application will need to have it's own logging framework. Also, your application could also have configuration information to control {{site.data.conrefs.composer_full}}'s own logging.
 
 There are two containers that are relevant to logging;
 
@@ -129,3 +157,4 @@ cat ~/.composer-connection-profiles/defaultProfile/connection.json
 };
 ```
 By inspection, the ids match for the carauction-network therefore we know now which chaincode container is which.
+-->

packages/composer-website/jekylldocs/reference/acl_language.md

@@ -13,13 +13,92 @@ excerpt: The [**Hyperledger Composer access control language**](./acl_language.h
 
 {{site.data.conrefs.composer_full}} includes an access control language (ACL) that provides declarative access control over the elements of the domain model. By defining ACL rules you can determine which users/roles are permitted to create, read, update or delete elements in a business network's domain model.
 
-### Evaluation of Access Control Rules
+## Network Access Control
+
+{{site.data.conrefs.composer_full}} differentiates between access control for resources within a business network (business access control) and access control for network administrative changes (network access control). Business access control and network access control are both defined in the access control file (`.acl`) for a business network.
+
+Network access control uses the system namespace, which is implicitly extended by all resources in a business network; and grants or denies access to specific actions as defined below, and is intended to allow for more nuanced access to certain network-level operations.
+
+### What does network access control allow or disallow?
+
+Network access control affects the following CLI commands:
+
+
+#### Composer Network
+
+**composer network deploy**
+
+Network access is required to use the CREATE operation for registries and networks.
+
+**composer network download**
+
+Network access is required to use the READ operation for registries and networks.
+
+**composer network list**
+
+Network access is required to use the READ operation for registries and networks.
+
+**composer network logLevel**
+
+Network access is required to use the UPDATE operation for networks.
+
+**composer network ping**
+
+Network access is required to use the READ operation on registries and networks.
+
+**composer network undeploy**
+
+Network access is required to use the DELETE operation on registries and networks.
+
+**composer network update**
+
+Network access is required to use the UPDATE or CREATE operation on registries, or the UPDATE operation on networks.
+
+
+#### Composer Identity
+
+**composer network import**
+
+Network access is required to use the UPDATE operation on identity registries or the CREATE operation on identities.
+
+**composer network issue**
+
+Network access is required to use the UPDATE operation on identity registries or the CREATE operation on identities.
+
+**composer network revoke**
+
+Network access is required to use the UPDATE operation on identity registries or the DELETE operation on identities.
+
+#### Composer Participant
+
+**composer network add**
+
+Network access is required to use the CREATE operation on participants or the UPDATE operation on participant registries.
+
+### Granting network access control
+
+Network access is granted using the system namespace. The system namespace is always `org.hyperledger.composer.system`.
+
+The following access control rule will give all participants access to all operations and commands in the business network, including network access and business access.
+
+```
+rule AllAccess {
+  description: "AllAccess - grant everything to everybody"
+  participant: "org.hyperledger.composer.system.Participant"
+  operation: ALL
+  resource: "org.hyperledger.composer.system.**"
+  action: ALLOW
+}
+```
+
+
+## Evaluation of Access Control Rules
 
 Access control for a business network is defined by an ordered set of ACL rules. The rules are evaluated in order, and the first rule whose condition matches determines whether access is granted or denied. If no rule match then access is **denied**.
 
 ACL rules are defined in a file called `permissions.acl` in the root of the business network. If this file is missing from the business network then all access is **permitted**.
 
-### Access Control Rule Grammar
+## Access Control Rule Grammar
 
 There are two types of ACL rules: simple ACL rules and conditional ACL rules. Simple rules are used to control access to a namespace, asset or property of an asset by a participant type or participant instance.
 
@@ -71,6 +150,7 @@ Multiple ACL rules may be defined that conceptually define a decision table. The
 **Resource** defines the things that the ACL rule applies to. This can be a class, all classes within a namespace, or all classes under a namespace. It can also be an instance of a class.
 
 Resource Examples:
+
 - Namespace: org.example.*
 - Namespace (recursive): org.example.**
 - Class in namespace: org.example.Car
@@ -86,7 +166,7 @@ Resource Examples:
 
 **Action** identifies the action of the rule. It must be one of: ALLOW, DENY.
 
-### Examples
+## Examples
 
 Example ACL rules (in evaluation order):