Fix chaincode client identity resolution for mint and transfer.
Some checks failed
CI/CD Pipeline / Solidity Contracts (push) Failing after 1m28s
CI/CD Pipeline / Security Scanning (push) Successful in 2m34s
CI/CD Pipeline / Lint and Format (push) Failing after 54s
CI/CD Pipeline / Terraform Validation (push) Failing after 25s
CI/CD Pipeline / Kubernetes Validation (push) Successful in 27s
Validation / validate-genesis (push) Successful in 31s
Validation / validate-terraform (push) Failing after 28s
Validation / validate-kubernetes (push) Failing after 12s
Validation / validate-smart-contracts (push) Failing after 13s
Validation / validate-security (push) Failing after 1m22s
Validation / validate-documentation (push) Failing after 20s
Some checks failed
CI/CD Pipeline / Solidity Contracts (push) Failing after 1m28s
CI/CD Pipeline / Security Scanning (push) Successful in 2m34s
CI/CD Pipeline / Lint and Format (push) Failing after 54s
CI/CD Pipeline / Terraform Validation (push) Failing after 25s
CI/CD Pipeline / Kubernetes Validation (push) Successful in 27s
Validation / validate-genesis (push) Successful in 31s
Validation / validate-terraform (push) Failing after 28s
Validation / validate-kubernetes (push) Failing after 12s
Validation / validate-smart-contracts (push) Failing after 13s
Validation / validate-security (push) Failing after 1m22s
Validation / validate-documentation (push) Failing after 20s
Use a shared getClientID helper so SolaceNet capability checks and transfer authorization handle identity errors consistently. Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
@@ -114,13 +114,16 @@ func (s *TokenizedAssetContract) MintToken(ctx contractapi.TransactionContextInt
|
||||
|
||||
// Check SolaceNet capability (would integrate with SolaceNet service)
|
||||
// This is a placeholder - in production, call SolaceNet API
|
||||
clientID := ctx.GetClientIdentity()
|
||||
canMint, err := s.checkSolaceNetCapability(ctx, clientID.GetID(), "tokenization.mint")
|
||||
callerID, err := getClientID(ctx)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
canMint, err := s.checkSolaceNetCapability(ctx, callerID, "tokenization.mint")
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to check SolaceNet capability: %v", err)
|
||||
}
|
||||
if !canMint {
|
||||
return fmt.Errorf("client %s does not have tokenization.mint capability", clientID.GetID())
|
||||
return fmt.Errorf("client %s does not have tokenization.mint capability", callerID)
|
||||
}
|
||||
|
||||
// Create tokenized asset
|
||||
@@ -181,18 +184,21 @@ func (s *TokenizedAssetContract) TransferToken(ctx contractapi.TransactionContex
|
||||
}
|
||||
|
||||
// Verify sender has permission
|
||||
clientID := ctx.GetClientIdentity()
|
||||
if asset.Issuer != clientID.GetID() && request.From != clientID.GetID() {
|
||||
return fmt.Errorf("client %s is not authorized to transfer this token", clientID.GetID())
|
||||
callerID, err := getClientID(ctx)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if asset.Issuer != callerID && request.From != callerID {
|
||||
return fmt.Errorf("client %s is not authorized to transfer this token", callerID)
|
||||
}
|
||||
|
||||
// Check SolaceNet capability
|
||||
canTransfer, err := s.checkSolaceNetCapability(ctx, clientID.GetID(), "tokenization.transfer")
|
||||
canTransfer, err := s.checkSolaceNetCapability(ctx, callerID, "tokenization.transfer")
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to check SolaceNet capability: %v", err)
|
||||
}
|
||||
if !canTransfer {
|
||||
return fmt.Errorf("client %s does not have tokenization.transfer capability", clientID.GetID())
|
||||
return fmt.Errorf("client %s does not have tokenization.transfer capability", callerID)
|
||||
}
|
||||
|
||||
// Verify amounts (simplified - in production, use proper decimal handling)
|
||||
@@ -271,13 +277,16 @@ func (s *TokenizedAssetContract) RedeemToken(ctx contractapi.TransactionContextI
|
||||
}
|
||||
|
||||
// Check SolaceNet capability
|
||||
clientID := ctx.GetClientIdentity()
|
||||
canRedeem, err := s.checkSolaceNetCapability(ctx, clientID.GetID(), "tokenization.redeem")
|
||||
callerID, err := getClientID(ctx)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
canRedeem, err := s.checkSolaceNetCapability(ctx, callerID, "tokenization.redeem")
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to check SolaceNet capability: %v", err)
|
||||
}
|
||||
if !canRedeem {
|
||||
return fmt.Errorf("client %s does not have tokenization.redeem capability", clientID.GetID())
|
||||
return fmt.Errorf("client %s does not have tokenization.redeem capability", callerID)
|
||||
}
|
||||
|
||||
// Verify amounts
|
||||
@@ -367,17 +376,27 @@ func (s *TokenizedAssetContract) GetAllTokens(ctx contractapi.TransactionContext
|
||||
return assets, nil
|
||||
}
|
||||
|
||||
// getClientID returns the submitting client's MSP identity ID.
|
||||
func getClientID(ctx contractapi.TransactionContextInterface) (string, error) {
|
||||
id, err := ctx.GetClientIdentity().GetID()
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("failed to get client identity: %v", err)
|
||||
}
|
||||
return id, nil
|
||||
}
|
||||
|
||||
// checkSolaceNetCapability checks if a client has a SolaceNet capability
|
||||
// In production, this would call SolaceNet API or use chaincode-to-chaincode invocation
|
||||
func (s *TokenizedAssetContract) checkSolaceNetCapability(ctx contractapi.TransactionContextInterface, clientID, capability string) (bool, error) {
|
||||
// Placeholder implementation
|
||||
// Placeholder implementation — parameters reserved for SolaceNet integration.
|
||||
_ = ctx
|
||||
_ = clientID
|
||||
_ = capability
|
||||
|
||||
// In production, this would:
|
||||
// 1. Call SolaceNet API via external service
|
||||
// 2. Or use chaincode-to-chaincode invocation if SolaceNet is on same network
|
||||
// 3. Or use Cacti to bridge to SolaceNet service
|
||||
|
||||
// For now, return true for testing
|
||||
// In production, implement actual SolaceNet integration
|
||||
return true, nil
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user