1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105

// KILT Blockchain – https://botlabs.org
// Copyright (C) 2019-2024 BOTLabs GmbH

// The KILT Blockchain is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.

// The KILT Blockchain is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU General Public License for more details.

// You should have received a copy of the GNU General Public License
// along with this program.  If not, see <https://www.gnu.org/licenses/>.

// If you feel like getting in touch with us, you can do so at info@botlabs.org

use sp_runtime::DispatchError;
use sp_weights::Weight;

/// Allow for more complex schemes on who can attest, revoke and remove.
pub trait AttestationAccessControl<AttesterId, AuthorizationId, Ctype, ClaimHash> {
	/// Decides whether the account is allowed to attest with the given
	/// information provided by the sender (&self).
	fn can_attest(&self, who: &AttesterId, ctype: &Ctype, claim: &ClaimHash) -> Result<Weight, DispatchError>;

	/// Decides whether the account is allowed to revoke the attestation with
	/// the `authorization_id` and the access information provided by the sender
	/// (&self).
	fn can_revoke(
		&self,
		who: &AttesterId,
		ctype: &Ctype,
		claim: &ClaimHash,
		authorization_id: &AuthorizationId,
	) -> Result<Weight, DispatchError>;

	/// Decides whether the account is allowed to remove the attestation with
	/// the `authorization_id` and the access information provided by the sender
	/// (&self).
	fn can_remove(
		&self,
		who: &AttesterId,
		ctype: &Ctype,
		claim: &ClaimHash,
		authorization_id: &AuthorizationId,
	) -> Result<Weight, DispatchError>;

	/// The authorization ID that the sender provided. This will be used for new
	/// attestations.
	///
	/// NOTE: This method must not read storage or do any heavy computation
	/// since it's not covered by the weight returned by `self.weight()`.
	fn authorization_id(&self) -> AuthorizationId;

	/// The worst-case weight of `can_attest`.
	fn can_attest_weight(&self) -> Weight;

	/// The worst-case weight of `can_revoke`.
	fn can_revoke_weight(&self) -> Weight;

	/// The worst-case weight of `can_remove`.
	fn can_remove_weight(&self) -> Weight;
}

impl<AttesterId, AuthorizationId, Ctype, ClaimHash>
	AttestationAccessControl<AttesterId, AuthorizationId, Ctype, ClaimHash> for ()
where
	AuthorizationId: Default,
{
	fn can_attest(&self, _who: &AttesterId, _ctype: &Ctype, _claim: &ClaimHash) -> Result<Weight, DispatchError> {
		Err(DispatchError::Other("Unimplemented"))
	}
	fn can_revoke(
		&self,
		_who: &AttesterId,
		_ctype: &Ctype,
		_claim: &ClaimHash,
		_authorization_id: &AuthorizationId,
	) -> Result<Weight, DispatchError> {
		Err(DispatchError::Other("Unimplemented"))
	}
	fn can_remove(
		&self,
		_who: &AttesterId,
		_ctype: &Ctype,
		_claim: &ClaimHash,
		_authorization_id: &AuthorizationId,
	) -> Result<Weight, DispatchError> {
		Err(DispatchError::Other("Unimplemented"))
	}
	fn authorization_id(&self) -> AuthorizationId {
		Default::default()
	}
	fn can_attest_weight(&self) -> Weight {
		Weight::zero()
	}
	fn can_revoke_weight(&self) -> Weight {
		Weight::zero()
	}
	fn can_remove_weight(&self) -> Weight {
		Weight::zero()
	}
}