Implements per-ritual customization of authorization contract, new ri…

…tuals use a default authorization contract deployemnt (AllowList).

Co-authored-by: James Campbell <james.campbell@tanti.org.uk>
Co-authored-by: Kieran Prasch <kieranprasch@gmail.com>

contracts/contracts/coordination/AllowList.sol

@@ -1,37 +1,40 @@
 pragma solidity ^0.8.0;
-import "@openzeppelin/contracts/access/AccessControl.sol";
+import "@openzeppelin/contracts/access/AccessControlDefaultAdminRules.sol";
 import "./IAccessController.sol";
 import "./Coordinator.sol";
 
-contract AllowList is AccessControl, IAccessController {
+
+contract AllowList is AccessControlDefaultAdminRules, IAccessController {
     Coordinator public coordinator;
 
     // mapp
     mapping(uint256 => mapping(address => bool)) public rituals;
 
-    constructor(Coordinator _coordinator) {
+    constructor(
+        Coordinator _coordinator,
+        address _admin
+    ) AccessControlDefaultAdminRules(0, _admin) {
         coordinator = _coordinator;
     }
 
-    function bytesToAddress(bytes memory bys) private pure returns (address addr) {
-        assembly {
-            addr := mload(add(bys, 20))
-        }
+    function setCoordinator(Coordinator _coordinator) public {
+        require(hasRole(DEFAULT_ADMIN_ROLE, msg.sender), "Only admin can set coordinator");
+        coordinator = _coordinator;
     }
 
     function isEnricoAuthorized(
         uint256 ritualID,
         bytes memory evidence,
         bytes memory ciphertextHash
     ) public view override returns(bool) {
-        enricoAddress = address(uint160(bytes20(evidence)));
+        address enricoAddress = address(uint160(bytes20(evidence)));
         return rituals[ritualID][enricoAddress];
     }
 
     function authorize(uint256 ritualID, address[] calldata addresses) public {
         require(coordinator.rituals(ritualId).authority == msg.sender,
             "Only ritual authority is permitted");
-        require(coordinator.getRitualStatus(ritualId) == RitualStatus.ACTIVE,
+        require(coordinator.getRitualStatus(ritualId) == RitualStatus.FINALIZED,
             "Only active rituals can add authorizations");
         for (uint i=0; i<addresses.length; i++) {
             rituals[ritualID][addresses[i]] = true;
@@ -41,7 +44,7 @@ contract AllowList is AccessControl, IAccessController {
     function deauthorize(uint256 ritualID, address[] calldata addresses) public {
         require(coordinator.rituals(ritualId).authority == msg.sender,
             "Only ritual authority is permitted");
-        require(coordinator.getRitualStatus(ritualId) == RitualStatus.ACTIVE,
+        require(coordinator.getRitualStatus(ritualId) == RitualStatus.FINALIZED,
             "Only active rituals can add authorizations");
         for (uint i=0; i<addresses.length; i++) {
             rituals[ritualID][addresses[i]] = false;

contracts/contracts/coordination/Coordinator.sol

@@ -56,6 +56,7 @@ contract Coordinator is AccessControlDefaultAdminRules {
         address authority;
         uint16 dkgSize;
         bool aggregationMismatch;
+        address accessController;
         BLS12381.G1Point publicKey;
         bytes aggregatedTranscript;
         Participant[] participant;
@@ -89,6 +90,8 @@ contract Coordinator is AccessControlDefaultAdminRules {
         timeout = _timeout;
         maxDkgSize = _maxDkgSize;
         feeModel = IFeeModel(_feeModel);
+
+        defaultAccessController = _defaultAccessController;
     }
 
     function getRitualState(uint256 ritualId) external view returns (RitualState){
@@ -144,6 +147,13 @@ contract Coordinator is AccessControlDefaultAdminRules {
         // TODO: Events
     }
 
+    function setRitualAuthority(uint32 ritualId, address authority) external {
+        Ritual storage ritual = rituals[ritualId];
+        require(getRitualState(ritualId) == RitualState.FINALIZED, "Ritual not finalized");
+        require(msg.sender == ritual.authority, "Sender not ritual authority");
+        ritual.authority = authority;
+    }
+
     function numberOfRituals() external view returns(uint256) {
         return rituals.length;
     }
@@ -153,11 +163,15 @@ contract Coordinator is AccessControlDefaultAdminRules {
         return ritual.participant;
     }
 
-    function initiateRitual(
+    function _initiateRitual(
         address[] calldata providers,
         address authority,
-        uint32 duration
-    ) external returns (uint32) {
+        uint32 duration,
+        address accessController
+    ) internal returns (uint32) {
+
+        require(authority =! address(0), "Invalid authority");
+
         require(
             isInitiationPublic || hasRole(INITIATOR_ROLE, msg.sender),
             "Sender can't initiate ritual"
@@ -177,6 +191,7 @@ contract Coordinator is AccessControlDefaultAdminRules {
         ritual.dkgSize = uint16(length);
         ritual.initTimestamp = uint32(block.timestamp);
         ritual.endTimestamp = ritual.initTimestamp + duration;
+        ritual.accessController = accessController;
 
         address previous = address(0);
         for(uint256 i=0; i < length; i++){
@@ -200,6 +215,23 @@ contract Coordinator is AccessControlDefaultAdminRules {
         return id;
     }
 
+    function initiateRitual(
+        address[] calldata providers,
+        address authority,
+        uint32 duration,
+        address accessController
+    ) external returns (uint32) {
+        return _initiateRitual(providers, authority, duration, accessController);
+    }
+
+    function initiateRitual(
+        address[] calldata providers,
+        address authority,
+        uint32 duration
+    ) external returns (uint32) {
+        return _initiateRitual(providers, authority, duration, defaultAccessController);
+    }
+
     function cohortFingerprint(address[] calldata nodes) public pure returns(bytes32) {
         return keccak256(abi.encode(nodes));
     }