@startuml storage node ape
!pragma teoz true

participant "Administrator" as administrator
participant "Client" as client

box "Storage node" #Green
  participant "Object service" as obj
  participant "Control service" as control
end box

box "Access Policy Engine" #LightGreen
  participant "Local override storage" as localOverrides
  participant "Chain Router" as chainRouter
  participant "Morph rule storage" as morphRuleStorage
end box

group Set local override
  client -> control: Add local override
  control -> localOverrides: Save override in DB
  localOverrides -> control: OK
  control -> client: OK
end

group Update state in Policy contract
  administrator -> morphRuleStorage: Add chain
  morphRuleStorage -> administrator: OK
end

group Perform a request A
  client -> obj : Sending a request
  obj -> chainRouter: Check if APE allows the request
  note over chainRouter : Fetches local overrides and rules defined for a target/targets and looks for a match
  chainRouter -> obj: APE returns status: "ACCESS DENIED"
  obj -> client: Response: "the request is denied"
end

group Perform a request B
  client -> obj : Sending a request
  obj -> chainRouter: Check if APE allows the request
  note over chainRouter : Fetches local overrides and rules defined for a target/targets and looks for a match
  chainRouter -> obj: APE returns status: "ALLOW"
  obj -> client: Response: "OK"
end

@enduml