storacha · gobengo · Mar 7, 2023 · Mar 7, 2023 · Mar 7, 2023 · Mar 7, 2023
diff --git a/packages/access-api/src/service/index.js b/packages/access-api/src/service/index.js
@@ -24,12 +24,6 @@ import { providerAddProvider } from './provider-add.js'
  * }
  */
 export function service(ctx) {
-  /**
-   * @param {Ucanto.DID<'key'>} uri
-   */
-  const hasStorageProvider = async (uri) => {
-    return Boolean(await ctx.models.spaces.get(uri))
-  }
   return {
     store: uploadApi.createStoreProxy(ctx),
     upload: uploadApi.createUploadProxy(ctx),
@@ -53,7 +47,19 @@ export function service(ctx) {
         }
         return accessDelegateProvider({
           delegations: ctx.models.delegations,
-          hasStorageProvider,
+          hasStorageProvider: async (space) => {
+            /** @type {import('./access-delegate.js').HasStorageProvider} */
+            const registeredViaVoucherRedeem = async (space) =>
+              Boolean(await ctx.models.spaces.get(space))
+            /** @type {import('./access-delegate.js').HasStorageProvider} */
+            // eslint-disable-next-line unicorn/consistent-function-scoping
+            const registeredViaProviderAdd = (space) =>
+              ctx.models.provisions.hasStorageProvider(space)
+            return Boolean(
+              (await registeredViaProviderAdd(space)) ||
+                (await registeredViaVoucherRedeem(space))
+            )
+          },
         })(...args)
       },
     },

diff --git a/packages/access-api/test/provider-add.test.js b/packages/access-api/test/provider-add.test.js
@@ -64,9 +64,11 @@ for (const accessApiVariant of /** @type {const} */ ([
       /** @type {{to:string, url:string}[]} */
       const emails = []
       const email = createEmail(emails)
+      const features = new Set(['provider/add', 'access/delegate'])
       return {
         spaceWithStorageProvider,
         emails,
+        features,
         ...createTesterFromContext(
           () =>
             context({
@@ -97,6 +99,100 @@ for (const accessApiVariant of /** @type {const} */ ([
       })
     })
   })
+
+  if (
+    ['provider/add', 'access/delegate'].every((f) =>
+      accessApiVariant.features.has(f)
+    )
+  ) {
+    it('provider/add allows for access/delegate', async () => {
+      const space = await principal.ed25519.generate()
+      const issuer = await accessApiVariant.issuer
+      const service = await accessApiVariant.audience
+      const accountDid = /** @type {const} */ ('did:mailto:example.com:foo')
+      const serviceSessionAttest = await ucanto.delegate({
+        issuer: service,
+        audience: issuer,
+        capabilities: [
+          {
+            can: 'provider/add',
+            with: accountDid,
+          },
+          {
+            can: 'access/delegate',
+            with: space.did(),
+          },
+        ],
+      })
+      const sessionProofs = [
+        await ucanto.delegate({
+          issuer: service,
+          audience: issuer,
+          capabilities: [
+            {
+              can: 'ucan/attest',
+              with: accountDid,
+              nb: {
+                // note: whole delegation is also included in 'proofs'
+                proof: serviceSessionAttest.cid,
+              },
+            },
+          ],
+        }),
+        serviceSessionAttest,
+      ]
+      const addStorageProvider = await ucanto
+        .invoke({
+          issuer,
+          audience: service,
+          capability: {
+            can: 'provider/add',
+            with: accountDid,
+            nb: {
+              provider: 'did:web:web3.storage:providers:w3up-alpha',
+              consumer: space.did(),
+            },
+          },
+          proofs: [
+            // space says issuer can provider/add with this account
+            await ucanto.delegate({
+              issuer: space,
+              audience: issuer,
+              capabilities: [
+                {
+                  can: 'provider/add',
+                  with: accountDid,
+                },
+              ],
+            }),
+            ...sessionProofs,
+          ],
+        })
+        .delegate()
+      const addStorageProviderResult = await accessApiVariant.invoke(
+        addStorageProvider
+      )
+      assertNotError(addStorageProviderResult)
+
+      // storage provider added. So we should be able to delegate now
+      const accessDelegate = await ucanto
+        .invoke({
+          issuer,
+          audience: service,
+          capability: {
+            can: 'access/delegate',
+            with: space.did(),
+            nb: {
+              delegations: {},
+            },
+          },
+          proofs: [...sessionProofs],
+        })
+        .delegate()
+      const accessDelegateResult = await accessApiVariant.invoke(accessDelegate)
+      assertNotError(accessDelegateResult)
+    })
+  }
 }
 
 /**