npm - @etherisc/gif-next - Versions diffs - 0.0.2-8d9d4d6-542 → 0.0.2-8daf0fe-431 - Mend

@etherisc/gif-next 0.0.2-8d9d4d6-542 → 0.0.2-8daf0fe-431

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (333) hide show

package/contracts/authorization/AccessAdmin.sol CHANGED Viewed

@@ -1,12 +1,12 @@
 // SPDX-License-Identifier: UNLICENSED
 pragma solidity ^0.8.20;
-import {AccessManager} from "@openzeppelin/contracts/access/manager/AccessManager.sol";
 import {AccessManagedUpgradeable} from "@openzeppelin/contracts-upgradeable/access/manager/AccessManagedUpgradeable.sol";
 import {EnumerableSet} from "@openzeppelin/contracts/utils/structs/EnumerableSet.sol";
+import {AccessManagerCloneable} from "./AccessManagerCloneable.sol";
 import {IAccessAdmin} from "./IAccessAdmin.sol";
-import {RoleId, RoleIdLib} from "../type/RoleId.sol";
+import {RoleId, RoleIdLib, ADMIN_ROLE, PUBLIC_ROLE} from "../type/RoleId.sol";
 import {Selector, SelectorLib, SelectorSetLib} from "../type/Selector.sol";
 import {Str, StrLib} from "../type/String.sol";
 import {Timestamp, TimestampLib} from "../type/Timestamp.sol";
@@ -26,19 +26,13 @@ contract AccessAdmin is
     string public constant ADMIN_ROLE_NAME = "AdminRole";
     string public constant PUBLIC_ROLE_NAME = "PublicRole";
-    uint64 public constant MANAGER_ROLE = type(uint64).min + 1;
-    string public constant MANAGER_ROLE_NAME = "ManagerRole";
     /// @dev the OpenZeppelin access manager driving the access admin contract
-    AccessManager internal _authority;
+    AccessManagerCloneable internal _authority;
     /// @dev stores the deployer address and allows to create initializers
     /// that are restricted to the deployer address.
     address internal _deployer;
-    /// @dev required role for state changes to this contract
-    RoleId internal _managerRoleId;
     /// @dev store role info per role id
     mapping(RoleId roleId => RoleInfo info) internal _roleInfo;
@@ -87,7 +81,7 @@ contract AccessAdmin is
             revert ErrorRoleUnknown(roleId);
         }
-        if (!hasRole(msg.sender, _roleInfo[roleId].adminRoleId)) {
+        if (!hasAdminRole(msg.sender, roleId)) {
             revert ErrorNotAdminOfRole(_roleInfo[roleId].adminRoleId);
         }
         _;
@@ -112,128 +106,15 @@ contract AccessAdmin is
     constructor() {
         _deployer = msg.sender;
-        _authority = new AccessManager(address(this));
-        _setAuthority(address(_authority));
-        _createInitialRoleSetup();
+        _authority = new AccessManagerCloneable();
+        _authority.initialize(address(this));
+        _setAuthority(address(_authority)); // set authority for oz access managed
+        _createAdminAndPublicRoles();
         _disableInitializers();
     }
-    //--- role management functions -----------------------------------------//
-    function setRoleDisabled(
-        RoleId roleId,
-        bool disabled
-    )
-        external
-        virtual
-        restricted()
-    {
-        _setRoleDisabled(roleId, disabled);
-    }
-    function grantRole(
-        address account,
-        RoleId roleId
-    )
-        external
-        virtual
-        onlyRoleAdmin(roleId)
-        restricted()
-    {
-        _grantRoleToAccount(roleId, account);
-    }
-    function revokeRole(
-        address account,
-        RoleId roleId
-    )
-        external
-        virtual
-        onlyRoleAdmin(roleId)
-        restricted()
-    {
-        _revokeRoleFromAccount(roleId, account);
-    }
-    function renounceRole(
-        RoleId roleId
-    )
-        external
-        virtual
-        onlyRoleMember(roleId)
-        restricted()
-    {
-        _revokeRoleFromAccount(roleId, msg.sender);
-    }
-    //--- target management functions ---------------------------------------//
-    function setTargetLocked(
-        address target,
-        bool locked
-    )
-        external
-        virtual
-        onlyExistingTarget(target)
-        restricted()
-    {
-        _authority.setTargetClosed(target, locked);
-        // implizit logging: rely on OpenZeppelin log TargetClosed
-    }
-    function authorizeFunctions(
-        address target,
-        RoleId roleId,
-        FunctionInfo[] memory functions
-    )
-        external
-        virtual
-        onlyExistingTarget(target)
-        onlyExistingRole(roleId)
-        restricted()
-    {
-        _authorizeTargetFunctions(target, roleId, functions);
-    }
-    function unauthorizeFunctions(
-        address target,
-        FunctionInfo[] memory functions
-    )
-        external
-        virtual
-        restricted()
-    {
-        _unauthorizeTargetFunctions(target, functions);
-    }
-    function authorizedFunctions(address target) external view returns (uint256 numberOfFunctions) {
-        return SelectorSetLib.size(_targetFunctions[target]);
-    }
-    function getAuthorizedFunction(
-        address target,
-        uint256 idx
-    )
-        external
-        view
-        returns (
-            FunctionInfo memory func,
-            RoleId roleId
-        )
-    {
-        Selector selector = SelectorSetLib.at(_targetFunctions[target], idx);
-        func = _functionInfo[target][selector];
-        roleId = RoleIdLib.toRoleId(
-            _authority.getTargetFunctionRole(
-                target,
-                selector.toBytes4()));
-    }
-    //--- view functions ----------------------------------------------------//
+    //--- view functions for roles ------------------------------------------//
     function roles() external view returns (uint256 numberOfRoles) {
         return _roleIds.length;
@@ -251,18 +132,10 @@ contract AccessAdmin is
         return RoleId.wrap(_authority.PUBLIC_ROLE());
     }
-    function getManagerRole() public view returns (RoleId roleId) {
-        return _managerRoleId;
-    }
     function roleExists(RoleId roleId) public view returns (bool exists) {
         return _roleInfo[roleId].createdAt.gtz();
     }
-    function isRoleDisabled(RoleId roleId) public view returns (bool isActive) {
-        return _roleInfo[roleId].disabledAt <= TimestampLib.blockTimestamp();
-    }
     function getRoleInfo(RoleId roleId) external view returns (RoleInfo memory) {
         return _roleInfo[roleId];
     }
@@ -271,6 +144,14 @@ contract AccessAdmin is
         return _roleForName[name];
     }
+    function roleMembers(RoleId roleId) external view returns (uint256 numberOfMembers) {
+        return _roleMembers[roleId].length();
+    }
+    function getRoleMember(RoleId roleId, uint256 idx) external view returns (address account) {
+        return _roleMembers[roleId].at(idx);
+    }
     function hasRole(address account, RoleId roleId) public view returns (bool) {
         (bool isMember, ) = _authority.hasRole(
             RoleId.unwrap(roleId),
@@ -278,22 +159,21 @@ contract AccessAdmin is
         return isMember;
     }
-    function roleMembers(RoleId roleId) external view returns (uint256 numberOfMembers) {
-        return _roleMembers[roleId].length();
+    function hasAdminRole(address account, RoleId roleId)
+        public
+        virtual
+        view
+        returns (bool)
+    {
+        return hasRole(account, _roleInfo[roleId].adminRoleId);
     }
-    function getRoleMember(RoleId roleId, uint256 idx) external view returns (address account) {
-        return _roleMembers[roleId].at(idx);
-    }
+    //--- view functions for targets ----------------------------------------//
     function targetExists(address target) public view returns (bool exists) {
         return _targetInfo[target].createdAt.gtz();
     }
-    function isTargetLocked(address target) public view returns (bool locked) {
-        return _authority.isTargetClosed(target);
-    }
     function targets() external view returns (uint256 numberOfTargets) {
         return _targets.length;
     }
@@ -306,10 +186,37 @@ contract AccessAdmin is
         return _targetInfo[target];
     }
-    function getTargetForName(Str name) external view returns (address target) {
+    function getTargetForName(Str name) public view returns (address target) {
         return _targetForName[name];
     }
+    function isTargetLocked(address target) public view returns (bool locked) {
+        return _authority.isTargetClosed(target);
+    }
+    function authorizedFunctions(address target) external view returns (uint256 numberOfFunctions) {
+        return SelectorSetLib.size(_targetFunctions[target]);
+    }
+    function getAuthorizedFunction(
+        address target,
+        uint256 idx
+    )
+        external
+        view
+        returns (
+            FunctionInfo memory func,
+            RoleId roleId
+        )
+    {
+        Selector selector = SelectorSetLib.at(_targetFunctions[target], idx);
+        func = _functionInfo[target][selector];
+        roleId = RoleIdLib.toRoleId(
+            _authority.getTargetFunctionRole(
+                target,
+                selector.toBytes4()));
+    }
     function isAccessManaged(address target) public view returns (bool) {
         if (!_isContract(target)) {
             return false;
@@ -326,17 +233,27 @@ contract AccessAdmin is
         (can, ) = _authority.canCall(caller, target, selector.toBytes4());
     }
-    function deployer() public view returns (address) {
-        return _deployer;
+    function toRole(RoleId adminRoleId, RoleType roleType, uint32 maxMemberCount, string memory name) public view returns (RoleInfo memory) {
+        return RoleInfo({
+            name: StrLib.toStr(name),
+            adminRoleId: adminRoleId,
+            roleType: roleType,
+            maxMemberCount: maxMemberCount,
+            createdAt: TimestampLib.blockTimestamp()
+        });
     }
     function toFunction(bytes4 selector, string memory name) public view returns (FunctionInfo memory) {
         return FunctionInfo({
-            selector: SelectorLib.toSelector(selector),
             name: StrLib.toStr(name),
+            selector: SelectorLib.toSelector(selector),
             createdAt: TimestampLib.blockTimestamp()});
     }
+    function deployer() public view returns (address) {
+        return _deployer;
+    }
     //--- internal/private functions -------------------------------------------------//
     function _authorizeTargetFunctions(
@@ -411,81 +328,47 @@ contract AccessAdmin is
             revert ErrorAuthorityAlreadySet();
         }
-        _authority = AccessManager(authorityAddress);
-        if(!hasRole(address(this), RoleId.wrap(_authority.ADMIN_ROLE()))) {
-            revert ErrorAdminRoleMissing();
-        }
+        _authority = AccessManagerCloneable(authorityAddress);
         __AccessManaged_init(address(_authority));
     }
-    function _initializeRoleSetup()
+    function _initializeAdminAndPublicRoles()
         internal
         virtual
         onlyInitializing()
     {
-        _createInitialRoleSetup();
+        _createAdminAndPublicRoles();
     }
     /// @dev internal setup function that can be used in both constructor and initializer.
-    function _createInitialRoleSetup()
+    function _createAdminAndPublicRoles()
         internal
     {
-        bool isCustom = false;
         RoleId adminRoleId = RoleIdLib.toRoleId(_authority.ADMIN_ROLE());
         FunctionInfo[] memory functions;
         // setup admin role
         _createRoleUnchecked(
-            adminRoleId,
-            adminRoleId,
-            StrLib.toStr(ADMIN_ROLE_NAME),
-            isCustom,
-            1,
-            true);
+            ADMIN_ROLE(),
+            toRole({
+                adminRoleId: ADMIN_ROLE(),
+                roleType: RoleType.Contract,
+                maxMemberCount: 1,
+                name: ADMIN_ROLE_NAME}));
         // add this contract as admin role member
         _roleMembers[adminRoleId].add(address(this));
         // setup public role
         _createRoleUnchecked(
-            RoleIdLib.toRoleId(_authority.PUBLIC_ROLE()),
-            adminRoleId,
-            StrLib.toStr(PUBLIC_ROLE_NAME),
-            isCustom,
-            type(uint256).max,
-            true);
-        // setup manager role
-        _managerRoleId = RoleIdLib.toRoleId(MANAGER_ROLE);
-        _createRole(
-            _managerRoleId,
-            adminRoleId,
-            MANAGER_ROLE_NAME,
-            isCustom,
-            3, // TODO think about max member count
-            false);
-        // grant public role access to grant and revoke, renounce
-        functions = new FunctionInfo[](3);
-        functions[0] = toFunction(IAccessAdmin.grantRole.selector, "grantRole");
-        functions[1] = toFunction(IAccessAdmin.revokeRole.selector, "revokeRole");
-        functions[2] = toFunction(IAccessAdmin.renounceRole.selector, "renounceRole");
-        _authorizeTargetFunctions(address(this), getPublicRole(), functions);
-        // grant manager role access to the specified functions
-        functions = new FunctionInfo[](4);
-        // TODO cleanup
-        // functions[0] = toFunction(IAccessAdmin.createRole.selector, "createRole");
-        functions[0] = toFunction(IAccessAdmin.setRoleDisabled.selector, "setRoleDisabled");
-        // functions[1] = toFunction(IAccessAdmin.createTarget.selector, "createTarget");
-        functions[1] = toFunction(IAccessAdmin.setTargetLocked.selector, "setTargetLocked");
-        functions[2] = toFunction(IAccessAdmin.authorizeFunctions.selector, "authorizeFunctions");
-        functions[3] = toFunction(IAccessAdmin.unauthorizeFunctions.selector, "unauthorizeFunctions");
-        _authorizeTargetFunctions(address(this), getManagerRole(), functions);
+            PUBLIC_ROLE(),
+            toRole({
+                adminRoleId: ADMIN_ROLE(),
+                roleType: RoleType.Gif,
+                maxMemberCount: type(uint32).max,
+                name: PUBLIC_ROLE_NAME}));
     }
     /// @dev check if target exists and reverts if it doesn't
@@ -518,13 +401,17 @@ contract AccessAdmin is
         internal
     {
         _checkRoleId(roleId);
-        _checkRoleIsActive(roleId);
         // check max role members will not be exceeded
         if (_roleMembers[roleId].length() >= _roleInfo[roleId].maxMemberCount) {
             revert ErrorRoleMembersLimitReached(roleId, _roleInfo[roleId].maxMemberCount);
         }
+        // check account is contract for contract role
+        // TODO implement
+        if (_roleInfo[roleId].roleType == RoleType.Contract) {
+        }
         _roleMembers[roleId].add(account);
         _authority.grantRole(
             RoleId.unwrap(roleId),
@@ -541,7 +428,7 @@ contract AccessAdmin is
         _checkRoleId(roleId);
         // check role removal is permitted
-        if (_roleInfo[roleId].memberRemovalDisabled) {
+        if (_roleInfo[roleId].roleType == RoleType.Contract) {
             revert ErrorRoleRemovalDisabled(roleId);
         }
@@ -569,23 +456,11 @@ contract AccessAdmin is
         }
     }
-    function _checkRoleIsActive(RoleId roleId)
-        internal
-    {
-        if (isRoleDisabled(roleId)) {
-            revert ErrorRoleIsDisabled(roleId);
-        }
-    }
+    /// @dev Creates a role based on the provided parameters.
+    /// Checks that the provided role and role id and role name not already used.
     function _createRole(
         RoleId roleId,
-        RoleId adminRoleId,
-        string memory roleName,
-        bool isCustom,
-        uint256 maxMemberCount,
-        bool memberRemovalDisabled
+        RoleInfo memory info
     )
         internal
     {
@@ -597,93 +472,55 @@ contract AccessAdmin is
         }
         // check admin role exists
-        if(!roleExists(adminRoleId)) {
-            revert ErrorRoleAdminNotExisting(adminRoleId);
+        if(!roleExists(info.adminRoleId)) {
+            revert ErrorRoleAdminNotExisting(info.adminRoleId);
         }
         // check role name is not empty
-        Str name = StrLib.toStr(roleName);
-        if(name.length() == 0) {
+        if(info.name.length() == 0) {
             revert ErrorRoleNameEmpty(roleId);
         }
         // check role name is not used for another role
-        if(_roleForName[name].exists) {
+        if(_roleForName[info.name].exists) {
             revert ErrorRoleNameAlreadyExists(
                 roleId,
-                roleName,
-                _roleForName[name].roleId);
+                info.name.toString(),
+                _roleForName[info.name].roleId);
         }
-        _createRoleUnchecked(
-            roleId, adminRoleId,
-            name,
-            isCustom,
-            maxMemberCount,
-            memberRemovalDisabled);
-    }
-    function _setRoleDisabled(
-        RoleId roleId,
-        bool disabled
-    )
-        internal
-    {
-        _checkRoleId(roleId);
-        Timestamp disabledAtOld = _roleInfo[roleId].disabledAt;
-        if (disabled) {
-            _roleInfo[roleId].disabledAt = TimestampLib.blockTimestamp();
-        } else {
-            _roleInfo[roleId].disabledAt = TimestampLib.max();
-        }
-        emit LogRoleDisabled(roleId, disabled, disabledAtOld);
+        _createRoleUnchecked(roleId, info);
     }
     function _createRoleUnchecked(
         RoleId roleId,
-        RoleId adminRoleId,
-        Str name,
-        bool custom,
-        uint256 maxMemberCount,
-        bool memberRemovalDisabled
+        RoleInfo memory info
     )
         private
     {
         // create role info
-        _roleInfo[roleId] = RoleInfo({
-            adminRoleId: adminRoleId,
-            name: name,
-            isCustom: custom,
-            maxMemberCount: maxMemberCount,
-            memberRemovalDisabled: memberRemovalDisabled,
-            createdAt: TimestampLib.blockTimestamp(),
-            disabledAt: TimestampLib.max()});
+        info.createdAt = TimestampLib.blockTimestamp();
+        _roleInfo[roleId] = info;
         // create role name info
-        _roleForName[name] = RoleNameInfo({
+        _roleForName[info.name] = RoleNameInfo({
             roleId: roleId,
             exists: true});
         // add role to list of roles
         _roleIds.push(roleId);
-        emit LogRoleCreated(roleId, adminRoleId, name.toString());
-    }
-    function _createTarget(address target, string memory targetName)
-        internal
-    {
-        _createTarget(target, targetName, false);
+        emit LogRoleCreated(roleId, info.roleType, info.adminRoleId, info.name.toString());
     }
-    function _createTarget(address target, string memory targetName, bool custom)
+    function _createTarget(
+        address target,
+        string memory targetName,
+        bool checkAuthority,
+        bool custom
+    )
         internal
     {
         // check target does not yet exist
@@ -699,7 +536,7 @@ contract AccessAdmin is
             revert ErrorTargetNameEmpty(target);
         }
-        // check target name is not used for another role
+        // check target name is not used for another target
         if( _targetForName[name] != address(0)) {
             revert ErrorTargetNameAlreadyExists(
                 target,
@@ -713,9 +550,11 @@ contract AccessAdmin is
         }
         // check target shares authority with this contract
-        address targetAuthority = AccessManagedUpgradeable(target).authority();
-        if (targetAuthority != authority()) {
-            revert ErrorTargetAuthorityMismatch(authority(), targetAuthority);
+        if (checkAuthority) {
+            address targetAuthority = AccessManagedUpgradeable(target).authority();
+            if (targetAuthority != authority()) {
+                revert ErrorTargetAuthorityMismatch(authority(), targetAuthority);
+            }
         }
         // create target info

package/contracts/authorization/AccessManagerCloneable.sol ADDED Viewed

@@ -0,0 +1,16 @@
+// SPDX-License-Identifier: UNLICENSED
+pragma solidity ^0.8.20;
+import {AccessManagerUpgradeable} from "@openzeppelin/contracts-upgradeable/access/manager/AccessManagerUpgradeable.sol";
+contract AccessManagerCloneable is
+    AccessManagerUpgradeable
+{
+    function initialize(address initialAdmin)
+        external
+        initializer()
+    {
+        __AccessManager_init(initialAdmin);
+    }
+}