Coordinator agent handles access controller call forwarding for on-chain authorizations

2023-09-12 12:43:57 +02:00 · 2023-09-12 12:43:57 +02:00 · 9c78d599f7
parent b362b4fc79
commit 9c78d599f7
2 changed files with 25 additions and 8 deletions
--- a/nucypher/blockchain/eth/agents.py
+++ b/nucypher/blockchain/eth/agents.py
@ -782,6 +782,30 @@ class CoordinatorAgent(EthereumContractAgent):
        )
        return participant

+    @contract_api(CONTRACT_CALL)
+    def is_encryption_authorized(
+            self, ritual_id: int, evidence: bytes, digest: bytes
+    ) -> bool:
+        """
+        This contract read is relayed through coordinator to the access controller
+        contract associated with a given ritual.
+        """
+
+        # look up the access controller address for the ritual
+        ritual = self.get_ritual(ritual_id)
+        access_controller_address = ritual.access_controller
+
+        # instantiate a web3 contract object using the interface ABI
+        access_controller_contract = self.blockchain.w3.eth.contract(
+            address=access_controller_address,
+            abi=ENCRYPTION_AUTHORIZER_ABI
+        )
+
+        # call the isAuthorized function on the access controller contract
+        is_authorized = access_controller_contract.functions.isAuthorized
+        result = is_authorized(ritual_id, evidence, digest).call()
+        return result
+
    @contract_api(TRANSACTION)
    def set_provider_public_key(
        self, public_key: FerveoPublicKey, transacting_power: TransactingPower
@ -878,13 +902,6 @@ class CoordinatorAgent(EthereumContractAgent):

        return ritual.public_key.to_dkg_public_key()

-    def is_encryption_authorized(
-        self, ritual_id: int, evidence: bytes, digest: bytes
-    ) -> bool:
-        # TODO: actually call contract.
-        # get ritual -> get access controller -> call isAuthorized(ritualId, evidence, digest)
-        return True
-

 class ContractAgency:
    """Where agents live and die."""
--- a/nucypher/network/server.py
+++ b/nucypher/network/server.py
@ -166,7 +166,7 @@ def _make_rest_app(this_node, log: Logger) -> Flask:

        ciphertext_header = decryption_request.ciphertext_header

-        # check whether enrico is authorized - AllowLogic
+        # check whether enrico is authorized
        authorization = decryption_request.acp.authorization
        ciphertext_header_hash = keccak_digest(bytes(ciphertext_header))
        if not this_node.coordinator_agent.is_encryption_authorized(