feat: generic access control

pallets/attestation/Cargo.toml

@@ -14,8 +14,7 @@ substrate-wasm-builder-runner = {version = "3.0.0"}
 
 [dev-dependencies]
 ctype = {features = ["mock"], path = "../ctype"}
-delegation = {features = ["mock"], path = "../delegation"}
-runtime-common = {default-features = false, path = "../../runtimes/common"}
+kilt-support = {features = ["mock"], path = "../../support"}
 
 pallet-balances = {branch = "polkadot-v0.9.17", default-features = false, git = "https://github.com/paritytech/substrate"}
 serde = {version = "1.0.132"}
@@ -31,9 +30,7 @@ serde = {optional = true, version = "1.0.132"}
 
 # Internal dependencies
 ctype = {default-features = false, path = "../ctype"}
-delegation = {default-features = false, path = "../delegation"}
 kilt-support = {default-features = false, path = "../../support"}
-runtime-common = {default-features = false, optional = true, path = "../../runtimes/common"}
 
 #External dependencies
 frame-benchmarking = {branch = "polkadot-v0.9.17", default-features = false, git = "https://github.com/paritytech/substrate", optional = true}
@@ -49,27 +46,24 @@ sp-std = {branch = "polkadot-v0.9.17", default-features = false, git = "https://
 [features]
 default = ["std"]
 mock = [
-  "runtime-common",
   "pallet-balances",
   "serde",
   "sp-core",
   "sp-io",
   "sp-keystore",
 ]
 runtime-benchmarks = [
-  "delegation/runtime-benchmarks",
   "frame-benchmarking",
   "frame-support/runtime-benchmarks",
   "frame-system/runtime-benchmarks",
+  "kilt-support/runtime-benchmarks",
   "sp-core",
 ]
 std = [
   "codec/std",
   "ctype/std",
-  "delegation/std",
   "frame-support/std",
   "frame-system/std",
-  "runtime-common/std",
   "kilt-support/std",
   "log/std",
   "pallet-balances/std",

pallets/attestation/src/access_control.rs

@@ -0,0 +1,105 @@
+// KILT Blockchain – https://botlabs.org
+// Copyright (C) 2019-2022 BOTLabs GmbH
+
+// The KILT Blockchain is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+
+// The KILT Blockchain is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+
+// You should have received a copy of the GNU General Public License
+// along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+// If you feel like getting in touch with us, you can do so at info@botlabs.org
+
+use frame_support::dispatch::Weight;
+use sp_runtime::DispatchError;
+
+/// Allow for more complex schemes on who can attest, revoke and remove.
+pub trait AttestationAccessControl<AttesterId, AuthorizationId, Ctype, ClaimHash> {
+	/// Decides whether the account is allowed to attest with the given
+	/// information provided by the sender (&self).
+	fn can_attest(&self, who: &AttesterId, ctype: &Ctype, claim: &ClaimHash) -> Result<Weight, DispatchError>;
+
+	/// Decides whether the account is allowed to revoke the attestation with
+	/// the `authorization_id` and the access information provided by the sender
+	/// (&self).
+	fn can_revoke(
+		&self,
+		who: &AttesterId,
+		ctype: &Ctype,
+		claim: &ClaimHash,
+		authorization_id: &AuthorizationId,
+	) -> Result<Weight, DispatchError>;
+
+	/// Decides whether the account is allowed to remove the attestation with
+	/// the `authorization_id` and the access information provided by the sender
+	/// (&self).
+	fn can_remove(
+		&self,
+		who: &AttesterId,
+		ctype: &Ctype,
+		claim: &ClaimHash,
+		authorization_id: &AuthorizationId,
+	) -> Result<Weight, DispatchError>;
+
+	/// The authorization ID that the sender provided. This will be used for new
+	/// attestations.
+	///
+	/// NOTE: This method must not read storage or do any heavy computation
+	/// since it's not covered by the weight returned by `self.weight()`.
+	fn authorization_id(&self) -> AuthorizationId;
+
+	/// The worst-case weight of `can_attest`.
+	fn can_attest_weight(&self) -> Weight;
+
+	/// The worst-case weight of `can_revoke`.
+	fn can_revoke_weight(&self) -> Weight;
+
+	/// The worst-case weight of `can_remove`.
+	fn can_remove_weight(&self) -> Weight;
+}
+
+impl<AttesterId, AuthorizationId, Ctype, ClaimHash>
+	AttestationAccessControl<AttesterId, AuthorizationId, Ctype, ClaimHash> for ()
+where
+	AuthorizationId: Default,
+{
+	fn can_attest(&self, _who: &AttesterId, _ctype: &Ctype, _claim: &ClaimHash) -> Result<Weight, DispatchError> {
+		Err(DispatchError::Other("Unimplemented"))
+	}
+	fn can_revoke(
+		&self,
+		_who: &AttesterId,
+		_ctype: &Ctype,
+		_claim: &ClaimHash,
+		_authorization_id: &AuthorizationId,
+	) -> Result<Weight, DispatchError> {
+		Err(DispatchError::Other("Unimplemented"))
+	}
+	fn can_remove(
+		&self,
+		_who: &AttesterId,
+		_ctype: &Ctype,
+		_claim: &ClaimHash,
+		_authorization_id: &AuthorizationId,
+	) -> Result<Weight, DispatchError> {
+		Err(DispatchError::Other("Unimplemented"))
+	}
+	fn authorization_id(&self) -> AuthorizationId {
+		Default::default()
+	}
+	fn can_attest_weight(&self) -> Weight {
+		0
+	}
+	fn can_revoke_weight(&self) -> Weight {
+		0
+	}
+	fn can_remove_weight(&self) -> Weight {
+		0
+	}
+}

pallets/attestation/src/attestations.rs

@@ -18,11 +18,10 @@
 
 use codec::{Decode, Encode, MaxEncodedLen};
 use ctype::CtypeHashOf;
-use delegation::DelegationNodeIdOf;
 use kilt_support::deposit::Deposit;
 use scale_info::TypeInfo;
 
-use crate::{AccountIdOf, AttesterOf, BalanceOf, Config};
+use crate::{AccountIdOf, AttesterOf, AuthorizationIdOf, BalanceOf, Config};
 
 /// An on-chain attestation written by an attester.
 #[derive(Clone, Debug, Encode, Decode, PartialEq, TypeInfo, MaxEncodedLen)]
@@ -35,10 +34,65 @@ pub struct AttestationDetails<T: Config> {
 	pub attester: AttesterOf<T>,
 	/// \[OPTIONAL\] The ID of the delegation node used to authorize the
 	/// attester.
-	pub delegation_id: Option<DelegationNodeIdOf<T>>,
+	pub authorization_id: Option<AuthorizationIdOf<T>>,
 	/// The flag indicating whether the attestation has been revoked or not.
 	pub revoked: bool,
 	/// The deposit that was taken to incentivise fair use of the on chain
 	/// storage.
 	pub deposit: Deposit<AccountIdOf<T>, BalanceOf<T>>,
 }
+
+#[cfg(test)]
+mod tests {
+	use super::*;
+	use crate::mock::*;
+
+	/// Old Attestation
+	#[derive(Clone, Debug, Encode, Decode, PartialEq, TypeInfo, MaxEncodedLen)]
+	#[scale_info(skip_type_params(T))]
+	#[codec(mel_bound())]
+	pub struct OldAttestationDetails<T: Config> {
+		/// The hash of the CType used for this attestation.
+		pub ctype_hash: CtypeHashOf<T>,
+		/// The ID of the attester.
+		pub attester: AttesterOf<T>,
+		/// \[OPTIONAL\] The ID of the delegation node used to authorize the
+		/// attester.
+		pub delegation_id: Option<[u8; 32]>,
+		/// The flag indicating whether the attestation has been revoked or not.
+		pub revoked: bool,
+		/// The deposit that was taken to incentivise fair use of the on chain
+		/// storage.
+		pub deposit: Deposit<AccountIdOf<T>, BalanceOf<T>>,
+	}
+
+	#[test]
+	fn test_no_need_to_migrate_if_none() {
+		let old = OldAttestationDetails::<Test> {
+			ctype_hash: claim_hash_from_seed(CLAIM_HASH_SEED_01),
+			attester: sr25519_did_from_seed(&ALICE_SEED),
+			delegation_id: None,
+			revoked: true,
+			deposit: Deposit {
+				owner: ACCOUNT_00,
+				amount: ATTESTATION_DEPOSIT,
+			},
+		};
+		let encoded = old.encode();
+
+		let new = AttestationDetails::<Test>::decode(&mut &encoded[..]);
+		assert_eq!(
+			new,
+			Ok(AttestationDetails::<Test> {
+				ctype_hash: claim_hash_from_seed(CLAIM_HASH_SEED_01),
+				attester: sr25519_did_from_seed(&ALICE_SEED),
+				authorization_id: None,
+				revoked: true,
+				deposit: Deposit {
+					owner: ACCOUNT_00,
+					amount: ATTESTATION_DEPOSIT,
+				},
+			})
+		);
+	}
+}