第九课：建立身份和规则 (Role & Rule)

在 Fluree 中，规则就等于是权限 (Permission)，规则有两类：

传统的 read/write/admin 这种权限，分别对应 query, ransact, all
另外一种是 Fluree 中独特的函数式权限，叫做 smart function，可以对数据执行特定函数式操作的权限（例如你有权限可以对数据 +1 ~ +10，而另一个人有权限可以对数据 +10 ~ +100）关于 Smart Function 后面会介绍

第一步：建立访客身份，并添加对 Event 只读权限

首先我们先建立访客身份 (Guest Role) 与对 Event 的只读权限，这边留意到 fns 部份是 smart function，由于没有使用，所以永远回传 true，而对于操作我们在 opts 给与 query，没给的他就没权限。

[
   {
      "_id":"_role",
      "id":"guestRole",
      "doc":"Guest Role",
      "rules":[
         "_rule$viewEvent"
      ]
   },
   {
      "_id":"_rule$viewEvent",
      "id":"viewEvent",
      "doc":"View event",
      "collection":"event",
      "collectionDefault":true,
      "fns":[
         [
            "_fn/name",
            "true"
         ]
      ],
      "ops":[
         "query"
      ]
   }
]

# linux
curl -H "Accept: application/json" -X POST -d '[{"_id":"_role","id":"guestRole","doc":"Guest Role","rules":["_rule$viewEvent"]},{"_id":"_rule$viewEvent","id":"viewEvent","doc":"View event","collection":"event","collectionDefault":true,"fns":[["_fn/name","true"]],"ops":["query"]}]' <http://13.114.145.25/fdb/seedao/testing/transact>
# windows
curl -H "Accept: application/json" -X POST -d "[{\\"_id\\":\\"_role\\",\\"id\\":\\"guestRole\\",\\"doc\\":\\"Guest Role\\",\\"rules\\":[\\"_rule$viewEvent\\"]},{\\"_id\\":\\"_rule$viewEvent\\",\\"id\\":\\"viewEvent\\",\\"doc\\":\\"View event\\",\\"collection\\":\\"event\\",\\"collectionDefault\\":true,\\"fns\\":[[\\"_fn/name\\",\\"true\\"]],\\"ops\\":[\\"query\\"]}]" <http://13.114.145.25/fdb/seedao/testing/transact>

接着查询一下 Roles：

[
    ...,
   {
      "_id":123145302311913,
      "_role/id":"guestRole",
      "_role/doc":"Guest Role",
      "_role/rules":[
         {
            "_id":140737488356329
         }
      ]
   }
]

第二步：将访客身份添加到访客授权中，并移除 root 身份

接着我们将访客身份添加到访客授权中，请留意这边 ID 为 auth ID：

[
   {
      "_id":[
         "_auth/id",
         "TfLceHHQZ3cHx7JJf8myf59VwuSsiH479mA"
      ],
      "roles":[
         123145302311913
      ]
   }
]

# linux
curl -H "Accept: application/json" -X POST -d '[{"_id":["_auth/_id","TfLceHHQZ3cHx7JJf8myf59VwuSsiH479mA"],"roles":[123145302311913]}]' <http://13.114.145.25/fdb/seedao/testing/transact>
# windows
curl -H "Accept: application/json" -X POST -d "[{\\"_id\\":[\\"_auth/_id\\",\\"TfLceHHQZ3cHx7JJf8myf59VwuSsiH479mA\\"],\\"roles\\":[123145302311913]}]"\\ <http://13.114.145.25/fdb/seedao/testing/transact>

接着查询一下 Auth：

[
   {
      "_id":105553116267498,
      "_auth/id":"TfLceHHQZ3cHx7JJf8myf59VwuSsiH479mA",
      "_auth/roles":[
         {
            "_id":123145302310912
         },
         {
            "_id":123145302311913
         }
      ],
      "_auth/doc":"Guest auth"
   },
   ...
   {
      "_id":105553116266496,
      "_auth/id":"Tf9Eq3paTYNbsCcNZWbFxocBDekPg81H1kp",
      "_auth/roles":[
         {
            "_id":123145302310912
         }
      ]
   }
]

会发现所有的 auth 都有 root role，那 guest auth 这边也有，我们可以把它移除掉，取消 root 身份：