npm - @etherisc/gif-next - Versions diffs - 0.0.2-7c8d286-020 → 0.0.2-7d488b3-675 - Mend

@etherisc/gif-next 0.0.2-7c8d286-020 → 0.0.2-7d488b3-675

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (358) hide show

package/artifacts/contracts/upgradeability/Versionable.sol/Versionable.dbg.json CHANGED Viewed

@@ -1,4 +1,4 @@
 {
   "_format": "hh-sol-dbg-1",
-  "buildInfo": "../../../build-info/1e3740eb2b5e9b50af8ebcfd1caf4094.json"
+  "buildInfo": "../../../build-info/ba7312f52e143c80c854005d0b113ad5.json"
 }

package/contracts/accounting/AccountingService.sol CHANGED Viewed

@@ -151,8 +151,9 @@ contract AccountingService is
         Amount feeAmount
     )
         public
-        virtual
-        restricted()
+        virtual
+        // TODO re-enable once role granting is stable and fixed
+        // restricted()
     {
         _checkNftType(poolNftId, POOL());
         _changeTargetBalance(DECREASE, instanceStore, poolNftId, amount, feeAmount);

package/contracts/authorization/AccessAdmin.sol CHANGED Viewed

@@ -5,15 +5,10 @@ import {AccessManagedUpgradeable} from "@openzeppelin/contracts-upgradeable/acce
 import {EnumerableSet} from "@openzeppelin/contracts/utils/structs/EnumerableSet.sol";
 import {ReentrancyGuardUpgradeable} from "@openzeppelin/contracts-upgradeable/utils/ReentrancyGuardUpgradeable.sol";
-import {IAccessAdmin} from "./IAccessAdmin.sol";
-import {IAuthorization} from "./IAuthorization.sol";
-import {IRegistry} from "../registry/IRegistry.sol";
-import {AccessAdminLib} from "./AccessAdminLib.sol";
 import {AccessManagerCloneable} from "./AccessManagerCloneable.sol";
 import {ContractLib} from "../shared/ContractLib.sol";
-import {NftId, NftIdLib} from "../type/NftId.sol";
-import {ObjectType} from "../type/ObjectType.sol";
+import {IAccessAdmin} from "./IAccessAdmin.sol";
+import {IRegistry} from "../registry/IRegistry.sol";
 import {RoleId, RoleIdLib, ADMIN_ROLE, PUBLIC_ROLE} from "../type/RoleId.sol";
 import {Selector, SelectorLib, SelectorSetLib} from "../type/Selector.sol";
 import {Str, StrLib} from "../type/String.sol";
@@ -39,23 +34,13 @@ contract AccessAdmin is
     string public constant ADMIN_ROLE_NAME = "AdminRole";
     string public constant PUBLIC_ROLE_NAME = "PublicRole";
-    /// @dev admin name used for logging only
-    string internal _adminName;
-    /// @dev the access manager driving the access admin contract
-    /// hold link to registry and release version
+    /// @dev the OpenZeppelin access manager driving the access admin contract
     AccessManagerCloneable internal _authority;
-    /// @dev the authorization contract used for initial access control
-    IAuthorization internal _authorization;
     /// @dev stores the deployer address and allows to create initializers
     /// that are restricted to the deployer address.
     address internal _deployer;
-    /// @dev the linked NFT ID
-    NftId internal _linkedNftId;
     /// @dev store role info per role id
     mapping(RoleId roleId => RoleInfo info) internal _roleInfo;
@@ -94,25 +79,23 @@ contract AccessAdmin is
         }
         if (msg.sender != _deployer) {
-            revert ErrorAccessAdminNotDeployer();
+            revert ErrorNotDeployer();
         }
         _;
     }
-    modifier onlyRoleMember(RoleId roleId, address account) {
+    modifier onlyRoleAdmin(RoleId roleId) {
         _checkRoleExists(roleId, false);
-        if (!hasRole(account, roleId)) {
-            revert ErrorAccessAdminNotRoleOwner(roleId, account);
+        if (!hasAdminRole(msg.sender, roleId)) {
+            revert ErrorNotAdminOfRole(_roleInfo[roleId].adminRoleId);
         }
         _;
     }
-    modifier onlyRoleAdmin(RoleId roleId, address account) {
-        _checkRoleExists(roleId, false);
-        if (!hasAdminRole(account, roleId)) {
-            revert ErrorAccessAdminNotAdminOfRole(_roleInfo[roleId].adminRoleId, account);
+    modifier onlyRoleMember(RoleId roleId) {
+        if (!hasRole(msg.sender, roleId)) {
+            revert ErrorNotRoleOwner(roleId);
         }
         _;
     }
@@ -130,7 +113,7 @@ contract AccessAdmin is
     }
     modifier onlyExistingTarget(address target) {
-        _checkTargetExists(target);
+        _checkTarget(target);
         _;
     }
@@ -141,61 +124,34 @@ contract AccessAdmin is
     /// @dev Initializes this admin with the provided accessManager (and authorization specification).
     /// Internally initializes access manager with this admin and creates basic role setup.
     function initialize(
-        address authority,
-        string memory adminName
+        AccessManagerCloneable authority
     )
         public
         initializer()
     {
-        __AccessAdmin_init(authority, adminName);
+        __AccessAdmin_init(authority);
     }
     function __AccessAdmin_init(
-        address authority,
-        string memory adminName
+        AccessManagerCloneable authority
     )
         internal
         onlyInitializing()
-        onlyDeployer()
+        onlyDeployer() // initializes deployer if not initialized yet
     {
-        // checks
-        // check authority is contract
-        if (!ContractLib.isContract(authority)) {
-            revert ErrorAccessAdminAuthorityNotContract(authority);
-        }
+        authority.initialize(address(this));
-        // check name not empty
-        if (bytes(adminName).length == 0) {
-            revert ErrorAccessAdminAccessManagerEmptyName();
-        }
-        _authority = AccessManagerCloneable(authority);
-        _authority.initialize(address(this));
-        // delayed additional check for authority after its initialization
-        if (!ContractLib.isAuthority(authority)) {
-            revert ErrorAccessAdminAccessManagerNotAccessManager(authority);
-        }
-        // effects
         // set and initialize this access manager contract as
         // the admin (ADMIN_ROLE) of the provided authority
-        __AccessManaged_init(authority);
-        // set name for logging
-        _adminName = adminName;
-        // set initial linked NFT ID to zero
-        _linkedNftId = NftIdLib.zero();
+        __AccessManaged_init(address(authority));
+        _authority = authority;
         // create admin and public roles
         _initializeAdminAndPublicRoles();
-    }
-    function getRelease() public view virtual returns (VersionPart release) {
-        return _authority.getRelease();
+        // additional use case specific initialization
+        _initializeCustom();
     }
@@ -204,24 +160,46 @@ contract AccessAdmin is
     }
-    function getLinkedNftId() external view returns (NftId linkedNftId) {
-        return _linkedNftId;
+    function getRelease() public view returns (VersionPart release) {
+        return _authority.getRelease();
     }
-    function getLinkedOwner() external view returns (address linkedOwner) {
-        return getRegistry().ownerOf(_linkedNftId);
-    }
+    function _initializeAdminAndPublicRoles()
+        internal
+        virtual
+        onlyInitializing()
+    {
+        RoleId adminRoleId = RoleIdLib.toRoleId(_authority.ADMIN_ROLE());
+        // setup admin role
+        _createRoleUnchecked(
+            ADMIN_ROLE(),
+            toRole({
+                adminRoleId: ADMIN_ROLE(),
+                roleType: RoleType.Contract,
+                maxMemberCount: 1,
+                name: ADMIN_ROLE_NAME}));
+        // add this contract as admin role member
+        _roleMembers[adminRoleId].add(address(this));
-    function getAuthorization() public view returns (IAuthorization authorization) {
-        return _authorization;
+        // setup public role
+        _createRoleUnchecked(
+            PUBLIC_ROLE(),
+            toRole({
+                adminRoleId: ADMIN_ROLE(),
+                roleType: RoleType.Gif,
+                maxMemberCount: type(uint32).max,
+                name: PUBLIC_ROLE_NAME}));
     }
-    function isLocked() public view returns (bool locked) {
-        return _authority.isLocked();
-    }
+    function _initializeCustom()
+        internal
+        virtual
+        onlyInitializing()
+    { }
     //--- view functions for roles ------------------------------------------//
@@ -245,14 +223,14 @@ contract AccessAdmin is
         return _roleInfo[roleId].createdAt.gtz();
     }
-    function getRoleForName(string memory name) external view returns (RoleId roleId) {
-        return _roleForName[StrLib.toStr(name)].roleId;
-    }
     function getRoleInfo(RoleId roleId) external view returns (RoleInfo memory) {
         return _roleInfo[roleId];
     }
+    function getRoleForName(Str name) external view returns (RoleNameInfo memory) {
+        return _roleForName[name];
+    }
     function roleMembers(RoleId roleId) external view returns (uint256 numberOfMembers) {
         return _roleMembers[roleId].length();
     }
@@ -327,60 +305,34 @@ contract AccessAdmin is
                 selector.toBytes4()));
     }
-    function deployer() public view returns (address) {
-        return _deployer;
+    function canCall(address caller, address target, Selector selector) external virtual view returns (bool can) {
+        (can, ) = _authority.canCall(caller, target, selector.toBytes4());
     }
-    //--- internal/private functions -------------------------------------------------//
-    function _linkToNftOwnable(address registerable) internal {
-        if (!getRegistry().isRegistered(registerable)) {
-            revert ErrorAccessAdminNotRegistered(registerable);
-        }
-        _linkedNftId = getRegistry().getNftIdForAddress(registerable);
+    function toRole(RoleId adminRoleId, RoleType roleType, uint32 maxMemberCount, string memory name) public view returns (RoleInfo memory) {
+        return RoleInfo({
+            name: StrLib.toStr(name),
+            adminRoleId: adminRoleId,
+            roleType: roleType,
+            maxMemberCount: maxMemberCount,
+            createdAt: TimestampLib.blockTimestamp(),
+            pausedAt: TimestampLib.max()
+        });
     }
-    function _initializeAdminAndPublicRoles()
-        internal
-        virtual
-        onlyInitializing()
-    {
-        RoleId adminRoleId = RoleIdLib.toRoleId(_authority.ADMIN_ROLE());
-        // setup admin role
-        _createRoleUnchecked(
-            ADMIN_ROLE(),
-            AccessAdminLib.toRole({
-                adminRoleId: ADMIN_ROLE(),
-                roleType: RoleType.Contract,
-                maxMemberCount: 1,
-                name: ADMIN_ROLE_NAME}));
-        // add this contract as admin role member
-        _roleMembers[adminRoleId].add(address(this));
-        // setup public role
-        _createRoleUnchecked(
-            PUBLIC_ROLE(),
-            AccessAdminLib.toRole({
-                adminRoleId: ADMIN_ROLE(),
-                roleType: RoleType.Gif,
-                maxMemberCount: type(uint32).max,
-                name: PUBLIC_ROLE_NAME}));
+    function toFunction(bytes4 selector, string memory name) public view returns (FunctionInfo memory) {
+        return FunctionInfo({
+            name: StrLib.toStr(name),
+            selector: SelectorLib.toSelector(selector),
+            createdAt: TimestampLib.blockTimestamp()});
     }
-    function _createTargetWithRole(
-        address target,
-        string memory targetName,
-        RoleId targetRoleId
-    )
-        internal
-    {
-        _createTarget(target, targetName, true, false);
-        _grantRoleToAccount(targetRoleId, target);
+    function deployer() public view returns (address) {
+        return _deployer;
     }
+    //--- internal/private functions -------------------------------------------------//
     function _authorizeTargetFunctions(
         address target,
         RoleId roleId,
@@ -389,7 +341,7 @@ contract AccessAdmin is
         internal
     {
         if (roleId == getAdminRole()) {
-            revert ErrorAccessAdminAuthorizeForAdminRoleInvalid(target);
+            revert ErrorAuthorizeForAdminRoleInvalid(target);
         }
         (
@@ -478,15 +430,13 @@ contract AccessAdmin is
             functionSelectors,
             RoleId.unwrap(roleId));
-        // log function grantings
         for (uint256 i = 0; i < functionSelectors.length; i++) {
             emit LogAccessAdminFunctionGranted(
-                _adminName,
                 target,
-                string(abi.encodePacked(
-                    functionNames[i],
-                    "(): ",
-                    _getRoleName(roleId))));
+                // _getAccountName(target),
+                // string(abi.encodePacked("", functionSelectors[i])),
+                functionNames[i],
+                _getRoleName(roleId));
         }
     }
@@ -498,7 +448,7 @@ contract AccessAdmin is
     {
         // check max role members will not be exceeded
         if (_roleMembers[roleId].length() >= _roleInfo[roleId].maxMemberCount) {
-            revert ErrorAccessAdminRoleMembersLimitReached(roleId, _roleInfo[roleId].maxMemberCount);
+            revert ErrorRoleMembersLimitReached(roleId, _roleInfo[roleId].maxMemberCount);
         }
         // check account is contract for contract role
@@ -506,7 +456,7 @@ contract AccessAdmin is
             _roleInfo[roleId].roleType == RoleType.Contract &&
             !ContractLib.isContract(account) // will fail in account's constructor
         ) {
-            revert ErrorAccessAdminRoleMemberNotContract(roleId, account);
+            revert ErrorRoleMemberNotContract(roleId, account);
         }
         // TODO check account already have roleId
@@ -516,7 +466,7 @@ contract AccessAdmin is
             account,
             0);
-        emit LogAccessAdminRoleGranted(_adminName, account, _getRoleName(roleId));
+        emit LogAccessAdminRoleGranted(account, _getRoleName(roleId));
     }
     /// @dev revoke the specified role from the provided account
@@ -527,7 +477,7 @@ contract AccessAdmin is
         // check role removal is permitted
         if (_roleInfo[roleId].roleType == RoleType.Contract) {
-            revert ErrorAccessAdminRoleMemberRemovalDisabled(roleId, account);
+            revert ErrorRoleMemberRemovalDisabled(roleId, account);
         }
         // TODO check account have roleId?
@@ -536,7 +486,7 @@ contract AccessAdmin is
             RoleId.unwrap(roleId),
             account);
-        emit LogAccessAdminRoleRevoked(_adminName, account, _roleInfo[roleId].name.toString());
+        emit LogAccessAdminRoleRevoked(account, _roleInfo[roleId].name.toString());
     }
@@ -548,21 +498,32 @@ contract AccessAdmin is
     )
         internal
     {
-        AccessAdminLib.checkRoleCreation(this, roleId, info);
-        _createRoleUnchecked(roleId, info);
-    }
+        // check role does not yet exist
+        if(roleExists(roleId)) {
+            revert ErrorRoleAlreadyCreated(
+                roleId,
+                _roleInfo[roleId].name.toString());
+        }
+        // check admin role exists
+        if(!roleExists(info.adminRoleId)) {
+            revert ErrorRoleAdminNotExisting(info.adminRoleId);
+        }
-    function _createTarget(
-        address target,
-        string memory targetName,
-        bool checkAuthority,
-        bool custom
-    )
-        internal
-    {
-        AccessAdminLib.checkTargetCreation(this, target, targetName, checkAuthority);
-        _createTargetUnchecked(target, targetName, custom);
+        // check role name is not empty
+        if(info.name.length() == 0) {
+            revert ErrorRoleNameEmpty(roleId);
+        }
+        // check role name is not used for another role
+        if(_roleForName[info.name].exists) {
+            revert ErrorRoleNameAlreadyExists(
+                roleId,
+                info.name.toString(),
+                _roleForName[info.name].roleId);
+        }
+        _createRoleUnchecked(roleId, info);
     }
@@ -584,19 +545,53 @@ contract AccessAdmin is
         // add role to list of roles
         _roleIds.push(roleId);
-        emit LogAccessAdminRoleCreated(_adminName, roleId, info.roleType, info.adminRoleId, info.name.toString());
+        emit LogAccessAdminRoleCreated(roleId, info.roleType, info.adminRoleId, info.name.toString());
     }
-    function _createTargetUnchecked(
+    function _createTarget(
         address target,
         string memory targetName,
+        bool checkAuthority,
         bool custom
     )
         internal
     {
-        // create target info
+        // check target does not yet exist
+        if(targetExists(target)) {
+            revert ErrorTargetAlreadyCreated(
+                target,
+                _targetInfo[target].name.toString());
+        }
+        // check target name is not empty
         Str name = StrLib.toStr(targetName);
+        if(name.length() == 0) {
+            revert ErrorTargetNameEmpty(target);
+        }
+        // check target name is not used for another target
+        if( _targetForName[name] != address(0)) {
+            revert ErrorTargetNameAlreadyExists(
+                target,
+                targetName,
+                _targetForName[name]);
+        }
+        // check target is an access managed contract
+        if (!_isAccessManaged(target)) {
+            revert ErrorTargetNotAccessManaged(target);
+        }
+        // check target shares authority with this contract
+        if (checkAuthority) {
+            address targetAuthority = AccessManagedUpgradeable(target).authority();
+            if (targetAuthority != authority()) {
+                revert ErrorTargetAuthorityMismatch(authority(), targetAuthority);
+            }
+        }
+        // create target info
         _targetInfo[target] = TargetInfo({
             name: name,
             isCustom: custom,
@@ -609,17 +604,47 @@ contract AccessAdmin is
         // add role to list of roles
         _targets.push(target);
-        emit LogAccessAdminTargetCreated(_adminName, target, targetName);
+        emit LogAccessAdminTargetCreated(target, targetName);
     }
-    function _setTargetLocked(address target, bool locked)
+    function _isAccessManaged(address target)
         internal
-        onlyExistingTarget(target)
+        view
+        returns (bool)
     {
+        if (!ContractLib.isContract(target)) {
+            return false;
+        }
+        (bool success, ) = target.staticcall(
+            abi.encodeWithSelector(
+                IAccessManagedChecker.authority.selector));
+        return success;
+    }
+    function _setTargetClosed(address target, bool locked)
+        internal
+    {
+        _checkTarget(target);
+        // target locked/unlocked already
+        if(_authority.isTargetClosed(target) == locked) {
+            revert ErrorTargetAlreadyLocked(target, locked);
+        }
         _authority.setTargetClosed(target, locked);
     }
+    function _getAccountName(address account) internal view returns (string memory) {
+        if (targetExists(account)) {
+            return _targetInfo[account].name.toString();
+        }
+        return "<unknown-account>";
+    }
     function _getRoleName(RoleId roleId) internal view returns (string memory) {
         if (roleExists(roleId)) {
@@ -629,25 +654,7 @@ contract AccessAdmin is
     }
-    function _checkAuthorization(
-        address authorization,
-        ObjectType expectedDomain,
-        VersionPart expectedRelease,
-        bool checkAlreadyInitialized
-    )
-        internal
-        view
-    {
-        AccessAdminLib.checkAuthorization(
-            address(_authorization),
-            authorization,
-            expectedDomain,
-            expectedRelease,
-            checkAlreadyInitialized);
-    }
-    function _checkRoleExists(
+    function _checkRoleExists(
         RoleId roleId,
         bool onlyActiveRole
     )
@@ -655,50 +662,28 @@ contract AccessAdmin is
         view
     {
         if (!roleExists(roleId)) {
-            revert ErrorAccessAdminRoleUnknown(roleId);
+            revert ErrorRoleUnknown(roleId);
         }
         uint64 roleIdInt = RoleId.unwrap(roleId);
         if (roleIdInt == _authority.ADMIN_ROLE()) {
-            revert ErrorAccessAdminRoleIsLocked(roleId);
+            revert ErrorRoleIsLocked(roleId);
         }
         // check if role is disabled
         if (onlyActiveRole && _roleInfo[roleId].pausedAt <= TimestampLib.blockTimestamp()) {
-            revert ErrorAccessAdminRoleIsPaused(roleId);
+            revert ErrorRoleIsPaused(roleId);
         }
     }
     /// @dev check if target exists and reverts if it doesn't
-    function _checkTargetExists(
-        address target
-    )
+    function _checkTarget(address target)
         internal
         view
     {
-        // check not yet created
         if (!targetExists(target)) {
-            revert ErrorAccessAdminTargetNotCreated(target);
-        }
-    }
-    function _checkIsRegistered(
-        address registry,
-        address target,
-        ObjectType expectedType
-    )
-        internal
-        view
-    {
-        AccessAdminLib.checkIsRegistered(registry, target, expectedType);
-    }
-    function _checkRegistry(address registry) internal view {
-        if (!ContractLib.isRegistry(registry)) {
-            revert ErrorAccessAdminNotRegistry(registry);
+            revert ErrorTargetUnknown(target);
         }
     }
 }