0

So i got this problem with with authorization. I made a small voting system that contains an amount of actors contracts that are given in scenario (see actor template below). I need every party that I have defined in my yaml file to be able to see these contracts. However only the party that created the contract, can see it. DAML is built around authorization so only those specified are able to see and use a contract (party is signatory or observer). But then how would i make every contract of a certain template visible to all parties? I can't specify them as a observer. Is it maybe possible to define a template containing a observer list that has all parties inputted and i can forward to every actor contract instance as observer? 

template Actor
  with 
    created_by  : Party
    username    : Text
    name        : Text
    email       : Text
    bankIban    : Text
    role        : Text
  where 
    signatory created_by
Sjoerd1234
  • 148
  • 1
  • 2
  • 11

2 Answers2

1

I think the idiomatic way to achieve this is not to model it within DAML itself.

You instead codify this logic in an external auth system by hooking it up to something like auth0 as explained in https://blog.daml.com/daml-driven/easy-authentication-for-your-distributed-app-with-daml-and-auth0. Eg think how you'd normally do it in a RDBMS. You'd have users table, they have a role, a role can have permissions etc.

You can then introduce a generic party called ActorAccess (Role) and make it an observer of the Actor contract. You then configure auth0 to give Alice and Bob this grant to actAs this party or something like this.

https://docs.daml.com/app-dev/authentication.html, has a couple of fields in the token called readAs, actAs which achieve different goals based on the table in the docs.

auth0 will then issue a JWT token with these details and you can subscribe to the ledger api event stream and observe the events by this template type now that Alice and Bob are stakeholders of whatever contracts have ActorAccess party on it.

No idea if that is correct but worth a go.

reversebind
  • 1,216
  • 1
  • 14
  • 18
  • Yeah I kind of thought that as well. I needed a working prototype that included this, which is fine now. It's for research purposes so further development on this will be noted but is not necessary at the time, thanks for replying though, it might help someone someday! – Sjoerd1234 Mar 24 '20 at 17:40
0

So i figured it out. For those struggling with this in the future. My suggestion for possible solution worked. I created a template Observer which i inputted the parties in scenario. I then created another template called Create_actor allowing to create an Actor template with a choice inputting the observer template as datatype and referencing to observer:

template Observers
  with 
    superuser : Party
    observers : Set Party
  where 
    signatory superuser

template Create_Actor
  with 
    current_login  : Party
    username    : Text
    name        : Text
    email       : Text
    bankIban    : Text
    role        : Text
    observers_list_id : ContractId Observers
  where 
    signatory current_login
    choice Load_all_actor_observers : ContractId Actor 
      controller current_login
      do
        observers_list <- fetch observers_list_id
        create Actor with created_by = current_login; username = username; name = name; email = email; observers_list_id = observers_list_id; observers = observers_list.observers, bankIban = bankIban; role = role

template Actor
  with 
    created_by  : Party
    username    : Text
    name        : Text
    email       : Text
    bankIban    : Text
    role        : Text
    observers_list_id : ContractId Observers
    observers   : Set Party
  where 
    signatory created_by
    observer observers
Sjoerd1234
  • 148
  • 1
  • 2
  • 11