Should witnesses be able to exercise flexible choices?
Consider M below, traditionally I would have o as an observer on M so that either o or s could exercise AddSecret. But in one case I left it out.
template M
with
s : Party
o : Party
secrets : [Text]
where
signatory s
choice AddSecret : ContractId M
with
actor : Party
secret : Text
controller actor
do
create this with secrets = secret :: filter (/= secret) secrets
test : Script ()
test = do
let secret = "S's secret only"
[s,o] <- forA ["s", "o"] allocateParty
mId <- s `submit` do createCmd M with secrets = [], ..
-- o is not an observer, so can't be a controller via flexible controllers
o `submitMustFail` do
exerciseCmd mId AddSecret with actor = o, ..
mId2 <- s `submit` do
exerciseCmd mId AddSecret with actor = s, ..
pure ()
But what happens if o is a witness to the creation of M (via a request for example).
template Mr
with
s : Party
o : Party
where
signatory s
controller o can
CreateM : ContractId M
do create M with secrets = [], ..
test2: Script ()
test2 = do
let secret = "O can add a secret"
[s,o] <- forA ["s", "o"] allocateParty
mr <- s `submit` do createCmd Mr with ..
mId <- o `submit` do exerciseCmd mr CreateM
-- should o be able to submit this?
mId2 <- o `submit` do exerciseCmd mId AddSecret with actor = o, ..
pure ()
Currently o will be able to exercise choices, yes. However, we will deprecate that behaviour soon as it does not play well with Ledger Pruning (see #9283). I would therefore recommend against relying on this behaviour in any future applications.
Note also that o would not see the contract mId via the JSON API or Transaction Service. The only way to find out about it is via the Transaction Tree service so you need to build you applications in a specific way to even be able to do this in practice.
Thank you. My initial reaction was (and I still think that) o should not be able to do this. Glad to see that this will be removed.
