Hi,
I am currently working on a model that uses role membership contracts and multi-party submission.
template IncomeRoleMembership
with
admin: Party
user: Party
where
signatory admin
ensure admin /= user
key (admin, user) : (Party,Party)
maintainer key._1
observer user
choice RemoveIncomeUser: ()
with
actingParty: Party
controller actingParty
do
role <- lookupByKey @AdminMembership (admin, actingParty)
assertMsg "User not permissioned as Admin." (isSome role)
return ()
As we have choices not limited to certain controllers we are checking for said membership contracts in order to make sure that the user acting belongs to the current assigned department:
choice ProposeArchival: ContractId ArchivalProposal
with
reason: Text
timeStamp:Text
actingParty: Party
controller actingParty
do
assertMsg "Only Income can propose an archival" (assignee == income)
role <- lookupByKey @IncomeRoleMembership (admin, actingParty)
assertMsg "User not permissioned as Income" (isSome role)
Apart from this we have our IAM system managing token readAs and actAs claims.
Getting to the point: currently onboarding users is a two-step process, first the IAM role is assigned and the readAs filled with the department the user works for, and secondly an Admin user has to create this membership contract so that the user can actually act on contracts assigned to his department.
Is there a way to somehow transform this into one-step process? or perhaps automate the membership contract creation based on the token payload?