I am currently working on a model that uses role membership contracts and multi-party submission.
template IncomeRoleMembership with admin: Party user: Party where signatory admin ensure admin /= user key (admin, user) : (Party,Party) maintainer key._1 observer user choice RemoveIncomeUser: () with actingParty: Party controller actingParty do role <- lookupByKey @AdminMembership (admin, actingParty) assertMsg "User not permissioned as Admin." (isSome role) return ()
As we have choices not limited to certain controllers we are checking for said membership contracts in order to make sure that the user acting belongs to the current assigned department:
choice ProposeArchival: ContractId ArchivalProposal with reason: Text timeStamp:Text actingParty: Party controller actingParty do assertMsg "Only Income can propose an archival" (assignee == income) role <- lookupByKey @IncomeRoleMembership (admin, actingParty) assertMsg "User not permissioned as Income" (isSome role)
Apart from this we have our IAM system managing token readAs and actAs claims.
Getting to the point: currently onboarding users is a two-step process, first the IAM role is assigned and the readAs filled with the department the user works for, and secondly an Admin user has to create this membership contract so that the user can actually act on contracts assigned to his department.
Is there a way to somehow transform this into one-step process? or perhaps automate the membership contract creation based on the token payload?