Let us first consider a scenario that requires us to update (or upgrade) our trade chaincode. The addition of a new organization, which we just carried out in the previous section, necessitates certain changes in chaincode. As an example, let us consider the following code snippet in the acceptTrade function in chaincode/src/github.com/trade_workflow/tradeWorkflow.go:
// Accept a trade agreement func (t *TradeWorkflowChaincode) acceptTrade(stub shim.ChaincodeStubInterface, creatorOrg string, creatorCertIssuer string, args []string) pb.Response { // Access control: Only an Exporter Org member can invoke this transaction if !t.testMode && !authenticateExporterOrg(creatorOrg, creatorCertIssuer) { return shim.Error("Caller not a member of Exporter Org. Access denied.") }
The preceding access control logic dictates that only a member of the exporter's organization may accept a trade. In our earlier 4-organization network, this made sense because both the exporter and the exporter's bank were part of one organization, and we relied on further access control at higher layers to distinguish bankers from their clients for the purpose of executing chaincode operations. But now that we have added an organization to serve the exporter's needs independent of its bank (referring to the exporter now as an exporting entity), we ought to change the access control logic accordingly. And this is not the only function that requires such a modification in access control logic.
Therefore, we need to produce a new version of the chaincode. In our code repository, this can be found in chaincode/src/github.com/trade_workflow_v1/. The contents of the code, it will look almost identical to the original version except for some of these access control filter rules. Let's look at a similar code snippet in the acceptTrade function in chaincode/src/github.com/trade_workflow_v1/tradeWorkflow.go:
// Accept a trade agreement func (t *TradeWorkflowChaincode) acceptTrade(stub shim.ChaincodeStubInterface, creatorOrg string, creatorCertIssuer string, args []string) pb.Response { // Access control: Only an Exporting Entity Org member can invoke this transaction if !t.testMode && !authenticateExportingEntityOrg(creatorOrg, creatorCertIssuer) { return shim.Error("Caller not a member of Exporting Entity Org. Access denied.") }
Note that the function authenticateExporterOrg has been replaced with authenticateExportingEntityOrg. If you view the contents of the accessControlUtils.go file, you will notice that the definition for the latter function has been added.