diff --git a/nucypher/policy/policies.py b/nucypher/policy/policies.py index 573ff089c..48a278021 100644 --- a/nucypher/policy/policies.py +++ b/nucypher/policy/policies.py @@ -302,6 +302,22 @@ class Policy(ABC): """ return self.publish_treasure_map(network_middleware=network_middleware) + def credential(self, with_treasure_map=True): + """ + Creates a PolicyCredential for portable access to the policy via + Alice or Bob. By default, it will include the treasure_map for the + policy unless `with_treasure_map` is False. + """ + from nucypher.policy.collections import PolicyCredential + + treasure_map = self.treasure_map + if not with_treasure_map: + treasure_map = None + + return PolicyCredential(self.alice.stamp, self.label, self.expiration, + self.public_key, treasure_map) + + def __assign_kfrags(self) -> Generator[Arrangement, None, None]: if len(self._accepted_arrangements) < self.n: diff --git a/tests/characters/test_alice_can_grant_and_revoke.py b/tests/characters/test_alice_can_grant_and_revoke.py index 44655c20f..e77ce9089 100644 --- a/tests/characters/test_alice_can_grant_and_revoke.py +++ b/tests/characters/test_alice_can_grant_and_revoke.py @@ -71,6 +71,17 @@ def test_decentralized_grant(blockchain_alice, blockchain_bob, agency): assert kfrag == retrieved_kfrag + # Check that the PolicyCredential is consistent to the new policy + credential = policy.credential() + assert credential.alice_verifying_key == policy.alice.stamp + assert credential.label == policy.label + assert credential.expiration == policy.expiration + assert credential.policy_pubkey == policy.public_key + assert credential.treasure_map == policy.treasure_map + + credential = policy.credential(with_treasure_map=False) + assert credential.treasure_map is None + @pytest.mark.usefixtures('federated_ursulas') def test_federated_grant(federated_alice, federated_bob):