npm - @etherisc/gif-next - Versions diffs - 0.0.2-8bdd2eb-413 → 0.0.2-8d9d4d6-542 - Mend

@etherisc/gif-next 0.0.2-8bdd2eb-413 → 0.0.2-8d9d4d6-542

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (324) hide show

package/contracts/registry/ReleaseManager.sol CHANGED Viewed

@@ -10,7 +10,7 @@ import {Math} from "@openzeppelin/contracts/utils/math/Math.sol";
 import {NftId} from "../type/NftId.sol";
 import {RoleId, ADMIN_ROLE, PUBLIC_ROLE} from "../type/RoleId.sol";
-import {ObjectType, ObjectTypeLib, zeroObjectType, RELEASE, REGISTRY, SERVICE, STAKING} from "../type/ObjectType.sol";
+import {ObjectType, ObjectTypeLib, POOL, RELEASE, REGISTRY, SERVICE, STAKING} from "../type/ObjectType.sol";
 import {Version, VersionLib, VersionPart, VersionPartLib} from "../type/Version.sol";
 import {Timestamp, TimestampLib, zeroTimestamp, ltTimestamp} from "../type/Timestamp.sol";
 import {Seconds, SecondsLib} from "../type/Seconds.sol";
@@ -26,10 +26,11 @@ import {IRegisterable} from "../shared/IRegisterable.sol";
 import {IRegistry} from "./IRegistry.sol";
 import {IRegistryLinked} from "../shared/IRegistryLinked.sol";
 import {IRegistryService} from "./IRegistryService.sol";
+import {IServiceAuthorization} from "../authorization/IServiceAuthorization.sol";
+import {IAccessAdmin} from "../authorization/IAccessAdmin.sol";
 import {RegistryAdmin} from "./RegistryAdmin.sol";
 import {Registry} from "./Registry.sol";
 import {TokenRegistry} from "./TokenRegistry.sol";
-import {ServiceAuthorizationsLib} from "./ServiceAuthorizationsLib.sol";
 contract ReleaseManager is
@@ -41,7 +42,7 @@ contract ReleaseManager is
     uint256 public constant INITIAL_GIF_VERSION = 3;
-    event LogReleaseCreation(VersionPart version, bytes32 salt, AccessManagerExtendedWithDisableInitializeable accessManager);
+    event LogReleaseCreation(VersionPart version, bytes32 salt, address authority);
     event LogReleaseActivation(VersionPart version);
     // constructor
@@ -53,13 +54,16 @@ contract ReleaseManager is
     // prepareRelease
     error ErrorReleaseManagerReleasePreparationDisallowed(StateId currentStateId);
     error ErrorReleaseManagerReleaseAlreadyPrepared(VersionPart version);
+    error ErrorReleaseManagerVersionMismatch(VersionPart expectedVersion, VersionPart providedVersion);
+    error ErrorReleaseManagerNoDomains(VersionPart version);
     // register staking
     //error ErrorReleaseManagerStakingAlreadySet(address stakingAddress);
     // registerService
     error ErrorReleaseManagerNoServiceRegistrationExpected();
     error ErrorReleaseManagerServiceRegistrationDisallowed(StateId currentStateId);
+    error ErrorReleaseManagerServiceDomainMismatch(ObjectType expectedDomain, ObjectType actualDomain);
     error ErrorReleaseManagerNotService(IService service);
     error ErrorReleaseManagerServiceAddressInvalid(IService given, address expected);
@@ -85,10 +89,6 @@ contract ReleaseManager is
     error ErrorReleaseManagerServiceSelfRegistration(IService service);
     error ErrorReleaseManagerServiceOwnerRegistered(IService service, address owner);
-    // _verifyReleaseAuthorizations
-    error ErrorReleaseManagerReleaseEmpty();
-    error ErrorReleaseManagerReleaseServiceRoleInvalid(uint serviceIdx, address service, RoleId role);
     Seconds public constant MIN_DISABLE_DELAY = Seconds.wrap(60 * 24 * 365); // 1 year
     RegistryAdmin public immutable _admin;
@@ -97,16 +97,20 @@ contract ReleaseManager is
     IRegisterable private _staking;
     address private _stakingOwner;
-    mapping(VersionPart version => AccessManagerExtendedWithDisableInitializeable accessManager) internal _releaseAccessManager;
+    // TODO remove once it's clear that release authority will always be registry authority
+    mapping(VersionPart version => address authority) internal _releaseAccessManager;
     mapping(VersionPart version => IRegistry.ReleaseInfo info) internal _releaseInfo;
     mapping(address registryService => VersionPart version) _releaseVersionByAddress;
+    mapping(VersionPart version => IServiceAuthorization authz) internal _serviceAuthorization;
     VersionPart immutable internal _initial;// first active version
     VersionPart internal _latest; // latest active version
     VersionPart internal _next; // version to create and activate
     StateId internal _state; // current state of release manager
-    uint256 internal _awaitingRegistration; // "services left to register" counter
+    uint256 internal _registeredServices;
+    uint256 internal _servicesToRegister;
     // deployer of this contract must be gif admin
     constructor(Registry registry)
@@ -143,32 +147,55 @@ contract ReleaseManager is
         }
         _next = VersionPartLib.toVersionPart(_next.toInt() + 1);
-        _awaitingRegistration = 0;
+        _servicesToRegister = 0;
+        _registeredServices = 0;
         _state = SCHEDULED();
         return _next;
     }
-    // TODO order of events
     function prepareNextRelease(
-        address[] memory addresses,
-        string[] memory names,
-        RoleId[][] memory serviceRoles,
-        string[][] memory serviceRoleNames,
-        RoleId[][] memory functionRoles,
-        string[][] memory functionRoleNames,
-        bytes4[][][] memory selectors,
+        IServiceAuthorization serviceAuthorization,
         bytes32 salt
     )
         external
         restricted() // GIF_MANAGER_ROLE
         returns(
-            address releaseAccessManagerAddress,
+            address authority,
             VersionPart version,
             bytes32 releaseSalt
         )
     {
-        version = getNextVersion();
+        // verify release manager is in proper state to start deploying a next release
+        if (!isValidTransition(RELEASE(), _state, DEPLOYING())) {
+            revert ErrorReleaseManagerReleasePreparationDisallowed(_state);
+        }
+        // verify prepareNextRelease is only called once per release
+        if(_servicesToRegister > 0) {
+            revert ErrorReleaseManagerReleaseAlreadyPrepared(version);
+        }
+        // verify authorizaion contract release matches with expected version
+        VersionPart releaseVersion = serviceAuthorization.getRelease();
+        if (releaseVersion != _next) {
+            revert ErrorReleaseManagerVersionMismatch(_next, releaseVersion);
+        }
+        // sanity check to ensure service domain list is not empty
+        uint256 serviceDomainsCount = serviceAuthorization.getServiceDomains().length;
+        if (serviceDomainsCount == 0) {
+            revert ErrorReleaseManagerNoDomains(_next);
+        }
+        _state = DEPLOYING();
+        _servicesToRegister = serviceDomainsCount;
+        // store release specific service authorization
+        authority = _admin.authority();
+        _serviceAuthorization[_next] = serviceAuthorization;
+        // TODO refactor: authority no longer release specific
+        _releaseAccessManager[_next] = authority;
         // ensures unique salt
         releaseSalt = keccak256(
@@ -176,34 +203,7 @@ contract ReleaseManager is
                 bytes32(version.toInt()),
                 salt));
-        releaseAccessManagerAddress = Clones.cloneDeterministic(_releaseAccessManagerCodeAddress, releaseSalt);
-        AccessManagerExtendedWithDisableInitializeable releaseAccessManager = AccessManagerExtendedWithDisableInitializeable(releaseAccessManagerAddress);
-        releaseAccessManager.initialize(address(this), version);
-        if (!isValidTransition(RELEASE(), _state, DEPLOYING())) {
-            revert ErrorReleaseManagerReleasePreparationDisallowed(_state);
-        }
-        _verifyReleaseAuthorizations(addresses, serviceRoles, functionRoles, selectors);
-        if(_awaitingRegistration > 0) {
-            revert ErrorReleaseManagerReleaseAlreadyPrepared(version);
-        }
-        // TODO instead of copying just set ServiceAuthorizationsLib for release and array of domains???
-        _releaseInfo[version].version = version;
-        _releaseInfo[version].salt = releaseSalt;
-        _releaseInfo[version].addresses = addresses;
-        _releaseInfo[version].names = names;
-        _releaseInfo[version].serviceRoles = serviceRoles;
-        _releaseInfo[version].serviceRoleNames = serviceRoleNames;
-        _releaseInfo[version].functionRoles = functionRoles;
-        _releaseInfo[version].functionRoleNames = functionRoleNames;
-        _releaseInfo[version].selectors = selectors;
-        _awaitingRegistration = addresses.length;
-        _state = DEPLOYING();
-        _releaseAccessManager[version] = releaseAccessManager;
-        emit LogReleaseCreation(version, releaseSalt, releaseAccessManager);
+        emit LogReleaseCreation(version, releaseSalt, authority);
     }
@@ -212,59 +212,52 @@ contract ReleaseManager is
         restricted // GIF_MANAGER_ROLE
         returns(NftId nftId)
     {
+        // TODO is it usefull to check transition from A to A?
         if (!isValidTransition(RELEASE(), _state, DEPLOYING())) {
             revert ErrorReleaseManagerServiceRegistrationDisallowed(_state);
         }
+        if (_servicesToRegister == _registeredServices) {
+            revert ErrorReleaseManagerNoServiceRegistrationExpected();
+        }
         (
             IRegistry.ObjectInfo memory info,
             ObjectType domain,
             VersionPart version
         ) = _verifyService(service);
-        // redundant with state var
-        if (_awaitingRegistration == 0) {
-            revert ErrorReleaseManagerNoServiceRegistrationExpected();
+        ObjectType expectedDomain = _serviceAuthorization[version].getServiceDomains()[_registeredServices];
+        if (service.getDomain() != expectedDomain) {
+            revert ErrorReleaseManagerServiceDomainMismatch(expectedDomain, service.getDomain());
         }
-        uint serviceIdx = _awaitingRegistration - 1;
-        address serviceAddress = _releaseInfo[version].addresses[serviceIdx];
-        // TODO temp, while typescript addresses computation is not implemented
-        /*if(address(service) != serviceAddress) {
-            revert ErrorReleaseManagerServiceAddressInvalid(service, serviceAddress);
-        }*/
-        _setServiceAuthorizations(
-            _releaseAccessManager[version],
-            // TODO temp, while typescript addresses computation is not implemented
-            address(service),//serviceAddress,
-            _releaseInfo[version].names[serviceIdx],
-            _releaseInfo[version].serviceRoles[serviceIdx],
-            _releaseInfo[version].serviceRoleNames[serviceIdx],
-            _releaseInfo[version].functionRoles[serviceIdx],
-            _releaseInfo[version].functionRoleNames[serviceIdx],
-            _releaseInfo[version].selectors[serviceIdx]);
-        // TODO decide for one of the approaches
-        // // service to service authorization
-        // ServiceAuthorizationsLib.ServiceAuthorization memory authz = ServiceAuthorizationsLib.getAuthorizations(domain);
-        // for(uint8 idx = 0; idx < authz.authorizedRole.length; idx++) {
-        //     _accessManager.setTargetFunctionRole(
-        //         address(service),
-        //         authz.authorizedSelectors[idx],
-        //         authz.authorizedRole[idx]);
-        // }
-        _awaitingRegistration = serviceIdx;
-        // TODO end state depends on (_awaitingRegistration == 0)
-        _state = DEPLOYING();
         // checked in registry
         _releaseInfo[version].domains.push(domain);
+        // register service with registry
         nftId = _registry.registerService(info, version, domain);
+        _registeredServices++;
         service.linkToRegisteredNftId();
+        // setup service authorization
+        _admin.authorizeService(
+            _serviceAuthorization[version],
+            service);
+        // TODO consider to extend this to REGISTRY
+        // special roles for registry/staking/pool service
+        if (domain == STAKING() || domain == POOL()) {
+            // TODO rename to grantServiceDomainRole()
+            _admin.grantServiceRoleForAllVersions(service, domain);
+        }
+        if (_registeredServices < _servicesToRegister) {
+            _state = DEPLOYING();
+        } else {
+            // TODO end state depends on (_awaitingRegistration == 0)
+        }
     }
@@ -276,20 +269,18 @@ contract ReleaseManager is
             revert ErrorReleaseManagerReleaseActivationDisallowed(_state);
         }
+        // release fully deployed
         VersionPart version = _next;
-        address service = _registry.getServiceAddress(REGISTRY(), version);
+        if(_registeredServices < _servicesToRegister) {
+            revert ErrorReleaseManagerReleaseRegistrationNotFinished(version, _servicesToRegister - _registeredServices);
+        }
-        // release exists, registry service is a MUST
-        //if(_releaseAccessManager[version] == address(0)) {
+        // release exists, registry service MUST exist
+        address service = _registry.getServiceAddress(REGISTRY(), version);
         if(service == address(0)) {
             revert ErrorReleaseManagerReleaseNotCreated(version);
         }
-        // release fully deployed
-        if(_awaitingRegistration > 0) {
-            revert ErrorReleaseManagerReleaseRegistrationNotFinished(version, _awaitingRegistration);
-        }
         // release is not activated
         if(_releaseInfo[version].activatedAt.gtz()) {
             revert ErrorReleaseManagerReleaseAlreadyActivated(version);
@@ -321,7 +312,8 @@ contract ReleaseManager is
         disableDelay = SecondsLib.toSeconds(Math.max(disableDelay.toInt(), MIN_DISABLE_DELAY.toInt()));
-        _releaseAccessManager[version].disable(disableDelay);
+        // TODO come up with a substitute
+        // _releaseAccessManager[version].disable(disableDelay);
         _releaseInfo[version].disabledAt = TimestampLib.blockTimestamp().addSeconds(disableDelay);
     }
@@ -336,7 +328,8 @@ contract ReleaseManager is
         //}
         // reverts if disable delay expired
-        _releaseAccessManager[version].enable();
+        // TODO come up with a substitute
+        // _releaseAccessManager[version].enable();
         _releaseInfo[version].disabledAt = zeroTimestamp();
     }
@@ -381,13 +374,23 @@ contract ReleaseManager is
     }
     function getRemainingServicesToRegister() external view returns (uint256 services) {
-        return _awaitingRegistration;
+        return _servicesToRegister - _registeredServices;
     }
+    // TODO cleanup
     function getReleaseAccessManager(VersionPart version) external view returns(AccessManagerExtendedWithDisableInitializeable) {
-        return _releaseAccessManager[version];
+        // return _releaseAccessManager[version];
+    }
+    function getServiceAuthorization(VersionPart version)
+        external
+        view
+        returns (IServiceAuthorization serviceAuthorization)
+    {
+        return _serviceAuthorization[version];
     }
-    // TODO tokenr registry knows nothing about adfmin, only registry
+    // TODO token registry knows nothing about adfmin, only registry
     function getRegistryAdmin() external view returns (address) {
         return address(_admin);
     }
@@ -424,6 +427,7 @@ contract ReleaseManager is
         if (fromId == DEPLOYING() && toId == SCHEDULED()) { return true; }
         if (fromId == DEPLOYING() && toId == DEPLOYING()) { return true; }
         if (fromId == DEPLOYING() && toId == ACTIVE()) { return true; }
+        // TODO active -> scheduled missing, add tests to cover this and more scenarios (#358)
         return false;
     }
@@ -506,81 +510,7 @@ contract ReleaseManager is
         }
     }
-    function _verifyReleaseAuthorizations(
-        address[] memory serviceAddress,
-        RoleId[][] memory serviceRoles,
-        RoleId[][] memory functionRoles,
-        bytes4[][][] memory selectors
-    )
-        internal
-        pure
-    {
-        if(serviceAddress.length == 0) {
-            revert ErrorReleaseManagerReleaseEmpty();
-        }
-        for(uint serviceIdx = 0; serviceIdx < serviceAddress.length; serviceIdx++)
-        {
-            for(uint roleIdx = 0; roleIdx < serviceRoles[serviceIdx].length; roleIdx++)
-            {
-                RoleId role = serviceRoles[serviceIdx][roleIdx];
-                if(role == ADMIN_ROLE() || role == PUBLIC_ROLE()) {
-                    revert ErrorReleaseManagerReleaseServiceRoleInvalid(serviceIdx, serviceAddress[serviceIdx], role);
-                }
-            }
-        }
-        // TODO no duplicate service "domain" role per release
-        // TODO no duplicate service roles per service
-        // TODO no duplicate service function roles per service
-        // TODO no duplicate service function selectors per service
-    }
-    function _setServiceAuthorizations(
-        AccessManagerExtendedWithDisableInitializeable accessManager, // release access manager
-        address serviceAddress,
-        string memory serviceName,
-        RoleId[] memory serviceRoles,
-        string[] memory serviceRoleNames,
-        RoleId[] memory functionRoles,
-        string[] memory functionRoleNames,
-        bytes4[][] memory selectors
-    )
-        internal
-    {
-        accessManager.createTarget(serviceAddress, serviceName);
-        for(uint idx = 0; idx < functionRoles.length; idx++)
-        {
-            uint64 roleInt = functionRoles[idx].toInt();
-            if(!accessManager.isRoleExists(roleInt)) {
-                accessManager.createRole(roleInt, functionRoleNames[idx]);
-            }
-            accessManager.setTargetFunctionRole(
-                serviceAddress,
-                selectors[idx],
-                functionRoles[idx].toInt());
-        }
-        for(uint idx = 0; idx < serviceRoles.length; idx++)
-        {
-            uint64 roleInt = serviceRoles[idx].toInt();
-            if(!accessManager.isRoleExists(roleInt)) {
-                accessManager.createRole(roleInt, serviceRoleNames[idx]);
-            }
-            accessManager.grantRole(
-                serviceRoles[idx].toInt(),
-                serviceAddress,
-                0);
-        }
-    }
-    // returns true iff a the address passes some simple proxy tests.
+    /// @dev returns true iff a the address passes some simple proxy tests.
     function _isRegistry(address registryAddress) internal view returns (bool) {
         // zero address is certainly not registry

package/contracts/registry/ServiceAuthorizationV3.sol ADDED Viewed

@@ -0,0 +1,200 @@
+// SPDX-License-Identifier: Apache-2.0
+pragma solidity ^0.8.20;
+import {
+     ALL, REGISTRY, SERVICE, PRODUCT, ORACLE, POOL, INSTANCE, COMPONENT, DISTRIBUTION, DISTRIBUTOR, APPLICATION, POLICY, CLAIM, BUNDLE, STAKE, STAKING, PRICE
+} from "../../contracts/type/ObjectType.sol";
+import {ComponentService} from "../shared/ComponentService.sol";
+import {IAccess} from "../authorization/IAccess.sol";
+import {IBundleService} from "../pool/IBundleService.sol";
+import {IDistributionService} from "../distribution/IDistributionService.sol";
+import {InstanceService} from "../instance/InstanceService.sol";
+import {IInstanceService} from "../instance/IInstanceService.sol";
+import {IPoolService} from "../pool/IPoolService.sol";
+import {IStakingService} from "../staking/IStakingService.sol";
+import {IRegistryService} from "./IRegistryService.sol";
+import {ServiceAuthorization} from "../authorization/ServiceAuthorization.sol";
+contract ServiceAuthorizationV3
+     is ServiceAuthorization
+{
+     constructor(string memory commitHash)
+          ServiceAuthorization(commitHash)
+     {}
+     function _setupDomains()
+          internal
+          override
+     {
+          _authorizeDomain(REGISTRY(), address(1));
+          _authorizeDomain(STAKING(), address(2));
+          _authorizeDomain(INSTANCE(), address(3));
+          _authorizeDomain(COMPONENT(), address(4));
+          _authorizeDomain(DISTRIBUTION(), address(5));
+          _authorizeDomain(PRICE(), address(6));
+          _authorizeDomain(BUNDLE(), address(7));
+          _authorizeDomain(POOL(), address(8));
+          _authorizeDomain(ORACLE(), address(9));
+          _authorizeDomain(PRODUCT(), address(10));
+          _authorizeDomain(CLAIM(), address(11));
+          _authorizeDomain(APPLICATION(), address(12));
+          _authorizeDomain(POLICY(), address(13));
+     }
+     function _setupDomainAuthorizations()
+          internal
+          override
+     {
+          _setupIRegistryServiceAuthorization();
+          _setupStakingServiceAuthorization();
+          _setupInstanceServiceAuthorization();
+          _setupComponentServiceAuthorization();
+          _setupDistributionServiceAuthorization();
+          _setupPoolServiceAuthorization();
+          _setupBundleServiceAuthorization();
+     }
+     /// @dev registry service authorization.
+     /// authorized functions MUST be implemented with a restricted modifier
+     function _setupIRegistryServiceAuthorization()
+          internal
+     {
+          IAccess.FunctionInfo[] storage functions;
+          functions = _authorizeForService(REGISTRY(), APPLICATION());
+          _authorize(functions, IRegistryService.registerPolicy.selector, "registerPolicy");
+          functions = _authorizeForService(REGISTRY(), POOL());
+          _authorize(functions, IRegistryService.registerPool.selector, "registerPool");
+          functions = _authorizeForService(REGISTRY(), BUNDLE());
+          _authorize(functions, IRegistryService.registerBundle.selector, "registerBundle");
+          functions = _authorizeForService(REGISTRY(), DISTRIBUTION());
+          _authorize(functions, IRegistryService.registerDistribution.selector, "registerDistribution");
+          _authorize(functions, IRegistryService.registerDistributor.selector, "registerDistributor");
+          functions = _authorizeForService(REGISTRY(), COMPONENT());
+          _authorize(functions, IRegistryService.registerComponent.selector, "registerComponent");
+          functions = _authorizeForService(REGISTRY(), INSTANCE());
+          _authorize(functions, IRegistryService.registerInstance.selector, "registerInstance");
+          functions = _authorizeForService(REGISTRY(), STAKING());
+          _authorize(functions, IRegistryService.registerStake.selector, "registerStake");
+          functions = _authorizeForService(REGISTRY(), PRODUCT());
+          _authorize(functions, IRegistryService.registerProduct.selector, "registerProduct");
+     }
+     /// @dev staking service authorization.
+     /// authorized functions MUST be implemented with a restricted modifier
+     function _setupStakingServiceAuthorization()
+          internal
+     {
+          IAccess.FunctionInfo[] storage functions;
+          functions = _authorizeForService(STAKING(), INSTANCE());
+          _authorize(functions, IStakingService.createInstanceTarget.selector, "createInstanceTarget");
+          _authorize(functions, IStakingService.setInstanceLockingPeriod.selector, "setInstanceLockingPeriod");
+          _authorize(functions, IStakingService.setInstanceRewardRate.selector, "setInstanceRewardRate");
+          _authorize(functions, IStakingService.refillInstanceRewardReserves.selector, "refillInstanceRewardReserves");
+          _authorize(functions, IStakingService.withdrawInstanceRewardReserves.selector, "withdrawInstanceRewardReserves");
+          functions = _authorizeForService(STAKING(), ALL());
+          _authorize(functions, IStakingService.create.selector, "create");
+          _authorize(functions, IStakingService.stake.selector, "stake");
+          _authorize(functions, IStakingService.restakeToNewTarget.selector, "restakeToNewTarget");
+          _authorize(functions, IStakingService.updateRewards.selector, "updateRewards");
+          _authorize(functions, IStakingService.claimRewards.selector, "claimRewards");
+          _authorize(functions, IStakingService.unstake.selector, "unstake");
+     }
+     /// @dev Instance service function authorization.
+     function _setupInstanceServiceAuthorization()
+          internal
+     {
+          IAccess.FunctionInfo[] storage functions;
+          functions = _authorizeForService(INSTANCE(), COMPONENT());
+          _authorize(functions, IInstanceService.createComponentTarget.selector, "createComponentTarget");
+     }
+     /// @dev Component service function authorization.
+     function _setupComponentServiceAuthorization()
+          internal
+     {
+          // authz.authorizations = new DomainAuthorization[](4);
+          // authz.authorizations[0].domain = POLICY();
+          // _functions = new IAccessAdmin.Function[](1);
+          // __authorize(ComponentService.increaseProductFees.selector, "increaseProductFees"));
+          // authz.authorizations[0].functions = _functions;
+          // authz.authorizations[1].domain = DISTRIBUTION();
+          // _functions = new IAccessAdmin.Function[](1);
+          // __authorize(ComponentService.increaseDistributionBalance.selector, "increaseDistributionBalance"));
+          // authz.authorizations[1].functions = _functions;
+          // authz.authorizations[2].domain = POOL();
+          // _functions = new IAccessAdmin.Function[](1);
+          // __authorize(ComponentService.increasePoolBalance.selector, "increasePoolBalance"));
+          // authz.authorizations[2].functions = _functions;
+          // authz.authorizations[3].domain = BUNDLE();
+          // _functions = new IAccessAdmin.Function[](1);
+          // __authorize(ComponentService.increaseBundleBalance.selector, "increaseBundleBalance"));
+          // authz.authorizations[3].functions = _functions;
+     }
+     /// @dev Distribution service function authorization.
+     function _setupDistributionServiceAuthorization()
+          internal
+     {
+          IAccess.FunctionInfo[] storage functions;
+          functions = _authorizeForService(DISTRIBUTION(), POLICY());
+          _authorize(functions, IDistributionService.processSale.selector, "processSale");
+     }
+     /// @dev Pool service function authorization.
+     function _setupPoolServiceAuthorization()
+          internal
+     {
+          IAccess.FunctionInfo[] storage functions;
+          functions = _authorizeForService(POOL(), POLICY());
+          _authorize(functions, IPoolService.lockCollateral.selector, "lockCollateral");
+          _authorize(functions, IPoolService.releaseCollateral.selector, "releaseCollateral");
+          _authorize(functions, IPoolService.reduceCollateral.selector, "reduceCollateral");
+          _authorize(functions, IPoolService.processSale.selector, "processSale");
+          functions = _authorizeForService(POOL(), CLAIM());
+          _authorize(functions, IPoolService.reduceCollateral.selector, "reduceCollateral");
+     }
+     /// @dev Instance service function authorization.
+     function _setupBundleServiceAuthorization()
+          internal
+     {
+          IAccess.FunctionInfo[] storage functions;
+          functions = _authorizeForService(BUNDLE(), POOL());
+          _authorize(functions, IBundleService.create.selector, "create");
+          _authorize(functions, IBundleService.close.selector, "close");
+          _authorize(functions, IBundleService.lockCollateral.selector, "lockCollateral");
+          _authorize(functions, IBundleService.releaseCollateral.selector, "releaseCollateral");
+          _authorize(functions, IBundleService.unlinkPolicy.selector, "unlinkPolicy");
+     }
+}

package/contracts/shared/AccessManagerCustom.sol CHANGED Viewed

@@ -17,7 +17,12 @@ import {Initializable} from "@openzeppelin/contracts-upgradeable/proxy/utils/Ini
     2. _getAdminRestrictions() private view -> internal virtual view
     3. _checkSelector() private pure -> internal pure
 */
-abstract contract AccessManagerCustom is Initializable, ContextUpgradeable, MulticallUpgradeable, IAccessManager {
+abstract contract AccessManagerCustom is
+    Initializable,
+    ContextUpgradeable,
+    MulticallUpgradeable,
+    IAccessManager
+{
     using Time for *;
     // Structure that stores the details for a target contract.

package/contracts/shared/AccessManagerExtended.sol CHANGED Viewed

@@ -13,7 +13,10 @@ import {Timestamp, TimestampLib} from "../type/Timestamp.sol";
 // IMPORTANT: check role/target for existance before using return value of getter
-contract AccessManagerExtended is AccessManagerCustom, IAccessManagerExtended {
+contract AccessManagerExtended is
+    AccessManagerCustom,
+    IAccessManagerExtended
+{
     using EnumerableSet for EnumerableSet.AddressSet;
     string constant private ADMIN_ROLE_NAME = "Admin";
@@ -76,6 +79,14 @@ contract AccessManagerExtended is AccessManagerCustom, IAccessManagerExtended {
         return $._targetAddressForName[name] != address(0);
     }
+    function getTargets() public view returns (uint256 numberOfTargets) {
+        return _getAccessManagerExtendedStorage()._targetAddresses.length;
+    }
+    function getTarget(uint256 idx) public view returns (address target) {
+        return _getAccessManagerExtendedStorage()._targetAddresses[idx];
+    }
     function getTargetAddress(string memory name) public view returns(address targetAddress) {
         AccessManagerExtendedStorage storage $ = _getAccessManagerExtendedStorage();
         return $._targetAddressForName[name];