Hyperledger Composer - How to prevent a participant from changing certain attributes of their resource if they have UPDATE permission in acl?

Hyperledger Composer - How to prevent a participant from changing certain attributes of their resource if they have UPDATE permission in acl?

I coded an article submission system in the hyperledger composer that should basically allow an "Author" type participant to create an "Article" asset that should be reviewed by a reviewer (another "Author" attribute isReview = true).

I coded an article submission system in the hyperledger composer that should basically allow an "Author" type participant to create an "Article" asset that should be reviewed by a reviewer (another "Author" attribute isReview = true).

The question is that following the logic of ACL, the Author can change their data and this includes the attribute that determines whether or not they are a reviewer. This should not be allowed because the author only becomes a reviewer when he publishes an article successfully.

My question is whether I need to restrict this in some way in the javascript logic of hyperledger or if I can mask this in the client application, if it can be done on the client, could a hacker make use of this "gap"?

I know I can do this in the client application, but I do not know the implications of this kind of approach, since the system should be all worked on the back end, because of security issues.

.cto

participant Author identified by email {
  o String authorId optional
  o String email
  o String firstName
  o String lastName
  o Boolean isReviewer default=false
  o Double points default=0.0
  o Double reputation default=0.0
}

.acl

  rule AuthorCanUpdateData {
      description: "Allow all author access to all resources"
      participant(m): "org.dasp.net.Author"
      operation: ALL
      resource(v): "org.dasp.net.Author"
      condition: (v.getIdentifier() == m.getIdentifier())
      action: ALLOW
  }

I hoped to be able to determine which feature attribute the participant can change or not. but I did not find any of this, just READ, UPDATE, CREATE AND ALL

Angular 9 Tutorial: Learn to Build a CRUD Angular App Quickly

What's new in Bootstrap 5 and when Bootstrap 5 release date?

Brave, Chrome, Firefox, Opera or Edge: Which is Better and Faster?

How to Build Progressive Web Apps (PWA) using Angular 9

What is new features in Javascript ES2020 ECMAScript 2020

how tampering of data (already added block's data) in blockchain or worldstate is detected in blockchain and hyperledger fabric?

I have a couple of question regarding the tamper proof mechanism of the blockchain.

Blockchain (Hyperledger sawtooth) data management

When you think about designing a blockchain network using Hyperledger sawtooth, It’s important to consider how your data will grow and amplify as your business. Being familiar with on-chain and off-chain data there are certain questions that popped up in terms of data management.

Deploy and expose chaincode as REST api on amazon managed blockchain hyperledger fabric 1.2

I have configured amazon managed blockchain setup with Hyperledger 1.2. The network is prepared with a single member and a single peer node. Hyperledger Fabric Client setup is with Golang 1.10.3. I have installed, Instantiated, Queried and Invoked mycc chaincode example given in AWS tutorial