Distinguish Banker From Client for Access Control

[VRamakrishnaSG]

In the organization structure of the initial version of the network, a single organization encompasses banker and client for the importing as well as the exporting side (thereby conflating the role of Importer and ImporterBank, and Exporter and ExporterBank, respectively.)

Currently, the access control mechanisms that have been built cannot distinguish these two roles, neither in chaincode nor in the application.

There are two ways to fix this. We probably should implement both:

1. Have the organization MSP issue certificates with different attributes to banker and client. Then change chaincode logic to check for the right attributes before executing the transaction.
2. Have the web service (in application) associate different user IDs with different roles, and control access to chaincode functions at that level. We could also consider adding a role parameter to the chaincode arguments list (we would have to augment the chaincode too.)

Anyone want to take a shot at this? I don't think this is very urgent, as we can discuss access control theoretically in the book and even leave the implementation as a reader exercise. In an case, the code can have a (parallel) life of its own, independent of the book. We'll just need to make clear what version of the code the book is referring to.

[solithejunior]

respectly i wanna from you all that participating in logistic and solve many issues to deploy it with your experience,
so if you honour me my email is [email protected]