@@ -88,7 +88,7 @@ var CreateUserDir = transactions.Transaction{
8888var ReadUserDir = transactions.Transaction {
8989 Tag : "readUserDir" ,
9090 Label : "Read User Directory" ,
91- Description : "Read a User Directory by its publicKeyHash" ,
91+ Description : "Read a User Directory by its publicKeyHash with authentication " ,
9292 Method : "GET" ,
9393 Callers : []accesscontrol.Caller {
9494 {
@@ -104,22 +104,36 @@ var ReadUserDir = transactions.Transaction{
104104 {
105105 Tag : "uuid" ,
106106 Label : "UUID" ,
107- Description : "UUID of the Digital Asset to read" ,
107+ Description : "UUID of the User Directory to read" ,
108+ DataType : "string" ,
109+ Required : true ,
110+ },
111+ {
112+ Tag : "certHash" ,
113+ Label : "Certificate Hash" ,
114+ Description : "Certificate hash for ownership verification" ,
108115 DataType : "string" ,
109116 Required : true ,
110117 },
111118 },
112119
113120 Routine : func (stub * sw.StubWrapper , req map [string ]interface {}) ([]byte , errors.ICCError ) {
114121 uuid , _ := req ["uuid" ].(string )
122+ certHash , _ := req ["certHash" ].(string )
115123
116124 key := assets.Key {
117125 "@key" : "userdir:" + uuid ,
118126 }
119127
120128 asset , err := key .Get (stub )
121129 if err != nil {
122- return nil , errors .WrapErrorWithStatus (err , "Error user directory entry from blockchain" , err .Status ())
130+ return nil , errors .WrapErrorWithStatus (err , "Error reading user directory entry from blockchain" , err .Status ())
131+ }
132+
133+ // Verify ownership - only the owner can read their own directory
134+ storedCertHash := asset .GetProp ("certHash" ).(string )
135+ if storedCertHash != certHash {
136+ return nil , errors .NewCCError ("Unauthorized: Certificate hash mismatch" , 403 )
123137 }
124138
125139 assetJSON , nerr := json .Marshal (asset )
0 commit comments