Add isEncryptionAuthorized() method to Coordinator contract to call u…

…nderlying IEncryptionAuthorizer for a specific ritual. Added tests to ensure result is the same as calling allow list contract directly.
nucypher · Sep 13, 2023 · 6f1bee4 · 6f1bee4
1 parent 9126abb
commit 6f1bee4
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 0 deletions.
diff --git a/contracts/contracts/coordination/Coordinator.sol b/contracts/contracts/coordination/Coordinator.sol
@@ -56,6 +56,7 @@ contract Coordinator is AccessControlDefaultAdminRules, FlatRateFeeModel {
     }
 
     struct Ritual {
+        // NOTE: changing the order here affects nucypher/nucypher: CoordinatorAgent
         address initiator;
         uint32 initTimestamp;
         uint32 endTimestamp;
@@ -405,6 +406,15 @@ contract Coordinator is AccessControlDefaultAdminRules, FlatRateFeeModel {
         return getParticipantFromProvider(rituals[ritualId], provider);
     }
 
+    function isEncryptionAuthorized(
+        uint32 ritualId,
+        bytes memory evidence,
+        bytes memory ciphertextHeader
+    ) external view returns (bool) {
+        Ritual storage ritual = rituals[ritualId];
+        return ritual.accessController.isAuthorized(ritualId, evidence, ciphertextHeader);
+    }
+
     function processRitualPayment(
         uint32 ritualId,
         address[] calldata providers,

diff --git a/tests/test_coordinator.py b/tests/test_coordinator.py
@@ -385,6 +385,7 @@ def test_authorize_using_global_allow_list(
 
     # Not authorized
     assert not global_allow_list.isAuthorized(0, bytes(signature), bytes(digest))
+    assert not coordinator.isEncryptionAuthorized(0, bytes(signature), bytes(digest))
 
     # Negative test cases for authorization
     with ape.reverts("Only ritual authority is permitted"):
@@ -411,15 +412,20 @@ def test_authorize_using_global_allow_list(
 
     # Authorized
     assert global_allow_list.isAuthorized(0, bytes(signature), bytes(data))
+    assert coordinator.isEncryptionAuthorized(0, bytes(signature), bytes(data))
 
     # Deauthorize
     global_allow_list.deauthorize(0, [deployer.address], sender=initiator)
     assert not global_allow_list.isAuthorized(0, bytes(signature), bytes(data))
+    assert not coordinator.isEncryptionAuthorized(0, bytes(signature), bytes(data))
 
     # Reauthorize in batch
     addresses_to_authorize = [deployer.address, initiator.address]
     global_allow_list.authorize(0, addresses_to_authorize, sender=initiator)
     signed_digest = w3.eth.account.sign_message(signable_message, private_key=initiator.private_key)
     initiator_signature = signed_digest.signature
     assert global_allow_list.isAuthorized(0, bytes(initiator_signature), bytes(data))
+    assert coordinator.isEncryptionAuthorized(0, bytes(initiator_signature), bytes(data))
+
     assert global_allow_list.isAuthorized(0, bytes(signature), bytes(data))
+    assert coordinator.isEncryptionAuthorized(0, bytes(signature), bytes(data))