npm - @etherisc/gif-next - Versions diffs - 0.0.2-8d9d4d6-542 → 0.0.2-8daf0fe-431 - Mend

@etherisc/gif-next 0.0.2-8d9d4d6-542 → 0.0.2-8daf0fe-431

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (333) hide show

package/contracts/authorization/Authorization.sol ADDED Viewed

@@ -0,0 +1,218 @@
+// SPDX-License-Identifier: Apache-2.0
+pragma solidity ^0.8.20;
+import {IAccess} from "./IAccess.sol";
+import {IAuthorization} from "./IAuthorization.sol";
+import {ObjectType, ObjectTypeLib} from "../type/ObjectType.sol";
+import {RoleId, RoleIdLib, ADMIN_ROLE} from "../type/RoleId.sol";
+import {SelectorLib} from "../type/Selector.sol";
+import {Str, StrLib} from "../type/String.sol";
+import {TimestampLib} from "../type/Timestamp.sol";
+import {VersionPart, VersionPartLib} from "../type/Version.sol";
+contract Authorization
+     is IAuthorization
+{
+     uint256 public constant GIF_VERSION = 3;
+     string public constant ROLE_NAME_SUFFIX = "Role";
+     string public constant SERVICE_ROLE_NAME_SUFFIX = "ServiceRole";
+     string internal _mainTargetName = "Component";
+     Str[] internal _targets;
+     mapping(Str target => RoleId roleid) internal _targetRole;
+     mapping(Str target => bool exists) internal _targetExists;
+     RoleId[] internal _roles;
+     mapping(RoleId role => RoleInfo info) internal _roleInfo;
+     mapping(Str target => RoleId[] authorizedRoles) internal _authorizedRoles;
+     mapping(Str target => mapping(RoleId authorizedRole => IAccess.FunctionInfo[] functions)) internal _authorizedFunctions;
+     constructor(string memory mainTargetName) {
+          _mainTargetName = mainTargetName;
+          _setupRoles();
+          _setupTargets();
+          _setupTargetAuthorizations();
+     }
+     function getRelease() public virtual pure returns(VersionPart release) {
+          return VersionPartLib.toVersionPart(GIF_VERSION);
+     }
+     function getRoles() external view returns(RoleId[] memory roles) {
+          return _roles;
+     }
+     function getServiceRole(ObjectType serviceDomain) public virtual pure returns (RoleId serviceRoleId) {
+          return RoleIdLib.roleForTypeAndVersion(
+               serviceDomain, getRelease());
+     }
+     function getRoleInfo(RoleId roleId) external view returns (RoleInfo memory info) {
+          return _roleInfo[roleId];
+     }
+     function roleExists(RoleId roleId) public view returns(bool exists) {
+          return _roleInfo[roleId].roleType != RoleType.Undefined;
+     }
+     function getTarget() public view returns(Str) {
+          if (_targets.length > 0) {
+               return _targets[0];
+          }
+          return StrLib.toStr("");
+     }
+     function getTargets() external view returns(Str[] memory targets) {
+          return _targets;
+     }
+     function targetExists(Str target) external view returns(bool exists) {
+          return _targetExists[target];
+     }
+     function getTargetRole(Str target) external view returns(RoleId roleId) {
+          return _targetRole[target];
+     }
+     function getAuthorizedRoles(Str target) external view returns(RoleId[] memory roleIds) {
+          return _authorizedRoles[target];
+     }
+     function getAuthorizedFunctions(Str target, RoleId roleId) external view returns(IAccess.FunctionInfo[] memory authorizatedFunctions) {
+          return _authorizedFunctions[target][roleId];
+     }
+     function getTargetName() public virtual view returns (string memory name) {
+          return _mainTargetName;
+     }
+     /// @dev Overwrite this function for a specific realease.
+     /// The first target added represents the components/module main target.
+     function _setupTargets() internal virtual { }
+     /// @dev Overwrite this function for a specific realease.
+     function _setupRoles() internal virtual {}
+     /// @dev Overwrite this function for a specific realease.
+     function _setupTargetAuthorizations() internal virtual {}
+     /// @dev Use this method to to add an authorized role.
+     function _addRole(RoleId roleId, RoleInfo memory info) internal {
+          _roles.push(roleId);
+          _roleInfo[roleId] = info;
+     }
+     /// @dev Add a contract role for the provided role id and name.
+     function _addContractRole(RoleId roleId, string memory name) internal {
+          _addRole(
+               roleId,
+               _toRoleInfo(
+                    ADMIN_ROLE(),
+                    RoleType.Contract,
+                    1,
+                    name));
+     }
+     /// @dev Add the versioned service role for the specified service domain
+     function _addServiceRole(ObjectType serviceDomain) internal {
+          _addContractRole(
+               getServiceRole(serviceDomain),
+               ObjectTypeLib.toVersionedName(
+                    ObjectTypeLib.toName(serviceDomain),
+                    SERVICE_ROLE_NAME_SUFFIX,
+                    getRelease().toInt()));
+     }
+     function _addComponentTargetWithRole(ObjectType componentType) internal {
+          _addTargetWithRole(
+               getTargetName(),
+               RoleIdLib.toComponentRoleId(componentType, 0),
+               _toTargetRoleName(
+                    getTargetName()));
+     }
+     /// @dev Add a contract role for the provided role id and name.
+     function _addCustomRole(RoleId roleId, RoleId adminRoleId, uint32 maxMemberCount, string memory name) internal {
+          _addRole(
+               roleId,
+               _toRoleInfo(
+                    adminRoleId,
+                    RoleType.Custom,
+                    maxMemberCount,
+                    name));
+     }
+     /// @dev Use this method to to add an authorized target together with its target role.
+     function _addTargetWithRole(
+          string memory targetName,
+          RoleId roleId,
+          string memory roleName
+     )
+          internal
+     {
+          // add target
+          Str target = StrLib.toStr(targetName);
+          _targets.push(target);
+          _targetExists[target] = true;
+          // link role to target if defined
+          if (roleId != RoleIdLib.zero()) {
+               // add role if new
+               if (!roleExists(roleId)) {
+                    _addContractRole(roleId, roleName);
+               }
+               // link target to role
+               _targetRole[target] = roleId;
+          }
+     }
+     /// @dev Use this method to to add an authorized target.
+     function _addTarget(string memory name) internal {
+          _addTargetWithRole(name, RoleIdLib.zero(), "");
+     }
+     /// @dev Use this method to authorize the specified role to access the target.
+     function _authorizeForTarget(string memory target, RoleId authorizedRoleId)
+          internal
+          returns (IAccess.FunctionInfo[] storage authorizatedFunctions)
+     {
+          Str targetStr = StrLib.toStr(target);
+          _authorizedRoles[targetStr].push(authorizedRoleId);
+          return _authorizedFunctions[targetStr][authorizedRoleId];
+     }
+     /// @dev Use this method to authorize a specific function authorization
+     function _authorize(IAccess.FunctionInfo[] storage functions, bytes4 selector, string memory name) internal {
+          functions.push(
+               IAccess.FunctionInfo({
+                    selector: SelectorLib.toSelector(selector),
+                    name: StrLib.toStr(name),
+                    createdAt: TimestampLib.blockTimestamp()}));
+     }
+     function _toTargetRoleName(string memory targetName) internal view returns (string memory) {
+          return string(
+               abi.encodePacked(
+                    targetName,
+                    ROLE_NAME_SUFFIX));
+     }
+     /// @dev creates a role info object from the provided parameters
+     function _toRoleInfo(RoleId adminRoleId, RoleType roleType, uint32 maxMemberCount, string memory name) internal view returns (RoleInfo memory info) {
+          return RoleInfo({
+               name: StrLib.toStr(name),
+               adminRoleId: adminRoleId,
+               roleType: roleType,
+               maxMemberCount: maxMemberCount,
+               createdAt: TimestampLib.blockTimestamp()});
+     }
+}

package/contracts/authorization/IAccess.sol CHANGED Viewed

@@ -8,19 +8,19 @@ import {Timestamp} from "../type/Timestamp.sol";
 interface IAccess {
+    enum RoleType {
+        Undefined, // no role must have this type
+        Contract, // roles assigned to contracts, cannot be revoked
+        Gif, // framework roles that may be freely assigned and revoked
+        Custom // use case specific rules for components
+    }
     struct RoleInfo {
         RoleId adminRoleId;
+        RoleType roleType;
+        uint32 maxMemberCount;
         Str name;
-        bool isCustom;
-        uint256 maxMemberCount;
-        bool memberRemovalDisabled;
         Timestamp createdAt;
-        Timestamp disabledAt;
-    }
-    struct RoleNameInfo {
-        RoleId roleId;
-        bool exists;
     }
     struct TargetInfo {
@@ -29,15 +29,20 @@ interface IAccess {
         Timestamp createdAt;
     }
-    struct TargeNameInfo {
-        address target;
-        Timestamp createdAt;
-    }
     struct FunctionInfo {
-        Selector selector; // function selector
         Str name; // function name
+        Selector selector; // function selector
         Timestamp createdAt;
     }
+    struct RoleNameInfo {
+        RoleId roleId;
+        bool exists;
+    }
+    struct TargeNameInfo {
+        address target;
+        bool exists;
+    }
 }

package/contracts/authorization/IAccessAdmin.sol CHANGED Viewed

@@ -15,8 +15,7 @@ interface IAccessAdmin is
 {
     // roles
-    event LogRoleCreated(RoleId roleId, RoleId roleAdminId, string name);
-    event LogRoleDisabled(RoleId roleId, bool disabled, Timestamp disabledAtOld);
+    event LogRoleCreated(RoleId roleId, RoleType roleType, RoleId roleAdminId, string name);
     event LogTargetCreated(address target, string name);
     event LogFunctionCreated(address target, Selector selector, string name);
@@ -66,50 +65,56 @@ interface IAccessAdmin is
     /// Role disabling only prevents the role from being granted to new accounts.
     /// Existing role members may still execute functions that are authorized for that role.
     /// Permissioned: the caller must have the manager role (getManagerRole).
-    function setRoleDisabled(RoleId roleId, bool disabled) external;
+    // TODO move to instance admin
+    // function setRoleDisabled(RoleId roleId, bool disabled) external;
     /// @dev Grant the specified account the provided role.
     /// Permissioned: the caller must have the roles admin role.
-    function grantRole(address account, RoleId roleId) external;
+    // TODO move to instance admin
+    // function grantRole(address account, RoleId roleId) external;
     /// @dev Revoke the provided role from the specified account.
     /// Permissioned: the caller must have the roles admin role.
-    function revokeRole(address account, RoleId roleId) external;
+    // TODO move to instance admin
+    // function revokeRole(address account, RoleId roleId) external;
     /// @dev Removes the provided role from the caller
-    function renounceRole(RoleId roleId) external;
+    // TODO move to instance admin
+    // function renounceRole(RoleId roleId) external;
     /// @dev Set the locked status of the speicified contract.
     /// IMPORTANT: using this function the AccessManager might itself be put into locked state from which it cannot be unlocked again.
     /// Overwrite this function if a different use case specific behaviour is required.
     /// Alternatively, add specific function to just unlock this contract without a restricted() modifier.
     /// Permissioned: the caller must have the manager role (getManagerRole).
-    function setTargetLocked(address target, bool locked) external;
+    // TODO move to instance admin
+    // function setTargetLocked(address target, bool locked) external;
     /// @dev Specifies which functions of the target can be accessed by the provided role.
     /// Previously existing authorizations will be overwritten.
     /// Authorizing the admin role is not allowed, use function unauthorizedFunctions for this.
     /// Permissioned: the caller must have the manager role (getManagerRole).
-    function authorizeFunctions(address target, RoleId roleId, FunctionInfo[] memory functions) external;
+    // TODO move to instance admin
+    // function authorizeFunctions(address target, RoleId roleId, FunctionInfo[] memory functions) external;
     /// @dev Specifies for which functionss to remove any previous authorization
     /// Permissioned: the caller must have the manager role (getManagerRole).
-    function unauthorizeFunctions(address target, FunctionInfo[] memory functions) external;
+    // TODO move to instance admin
+    // function unauthorizeFunctions(address target, FunctionInfo[] memory functions) external;
     //--- view functions ----------------------------------------------------//
     function roles() external view returns (uint256 numberOfRoles);
     function getRoleId(uint256 idx) external view returns (RoleId roleId);
     function getAdminRole() external view returns (RoleId roleId);
-    function getManagerRole() external view returns (RoleId roleId);
     function getPublicRole() external view returns (RoleId roleId);
     function roleExists(RoleId roleId) external view returns (bool exists);
-    function isRoleDisabled(RoleId roleId) external view returns (bool roleIsActive);
     function getRoleInfo(RoleId roleId) external view returns (RoleInfo memory roleInfo);
     function getRoleForName(Str name) external view returns (RoleNameInfo memory);
     function hasRole(address account, RoleId roleId) external view returns (bool);
+    function hasAdminRole(address account, RoleId roleId) external view returns (bool);
     function roleMembers(RoleId roleId) external view returns (uint256 numberOfMembers);
     function getRoleMember(RoleId roleId, uint256 idx) external view returns (address account);
@@ -124,6 +129,7 @@ interface IAccessAdmin is
     function getAuthorizedFunction(address target, uint256 idx) external view returns (FunctionInfo memory func, RoleId roleId);
     function canCall(address caller, address target, Selector selector) external view returns (bool can);
+    function toRole(RoleId adminRoleId, RoleType roleType, uint32 maxMemberCount, string memory name) external view returns (RoleInfo memory);
     function toFunction(bytes4 selector, string memory name) external view returns (FunctionInfo memory);
     function isAccessManaged(address target) external view returns (bool);
     function deployer() external view returns (address);

package/contracts/authorization/IAuthorization.sol ADDED Viewed

@@ -0,0 +1,54 @@
+// SPDX-License-Identifier: Apache-2.0
+pragma solidity ^0.8.20;
+import {IAccess} from "../authorization/IAccess.sol";
+import {ObjectType} from "../type/ObjectType.sol";
+import {RoleId} from "../type/RoleId.sol";
+import {Str} from "../type/String.sol";
+import {VersionPart} from "../type/Version.sol";
+interface IAuthorization is
+     IAccess
+{
+     /// @dev Returns the release (VersionPart) for which the authorizations are defined by this contract.
+     /// Matches with the release returned by the linked service authorization.
+     function getRelease() external view returns(VersionPart release);
+     /// @dev Returns the list of involved roles.
+     function getRoles() external view returns(RoleId[] memory roles);
+     /// @dev Returns the service role for the specified service domain.
+     function getServiceRole(ObjectType serviceDomain) external pure returns (RoleId serviceRoleId);
+     /// @dev Returns the name for the provided role id.
+     function getRoleInfo(RoleId roleId) external view returns (RoleInfo memory roleInfo);
+     /// @dev Returns true iff the specified role id exists.
+     function roleExists(RoleId roleId) external view returns(bool exists);
+     /// @dev Returns the main target id name as string.
+     /// This name is used to derive the target id and a corresponding target role name
+     /// Overwrite this function to change the basic pool target name.
+     function getTargetName() external view returns (string memory name);
+     /// @dev Returns the main target.
+     function getTarget() external view returns(Str target);
+     /// @dev Returns the complete list of targets.
+     function getTargets() external view returns(Str[] memory targets);
+     /// @dev Returns true iff the specified target exists.
+     function targetExists(Str target) external view returns(bool exists);
+     /// @dev Returns the role id associated with the target.
+     /// If no role is associated with the target the zero role id is returned.
+     function getTargetRole(Str target) external view returns(RoleId roleId);
+     /// @dev For the given target the list of authorized role ids is returned
+     function getAuthorizedRoles(Str target) external view returns(RoleId[] memory roleIds);
+     /// @dev For the given target and role id the list of authorized functions is returned
+     function getAuthorizedFunctions(Str target, RoleId roleId) external view returns(FunctionInfo[] memory authorizatedFunctions);
+}

package/contracts/authorization/IModuleAuthorization.sol CHANGED Viewed

@@ -1,27 +1,21 @@
 // SPDX-License-Identifier: Apache-2.0
 pragma solidity ^0.8.20;
-import {IAccess} from "../authorization/IAccess.sol";
+import {IAccess} from "./IAccess.sol";
+import {IAuthorization} from "./IAuthorization.sol";
+import {ObjectType} from "../type/ObjectType.sol";
 import {RoleId} from "../type/RoleId.sol";
 import {Str} from "../type/String.sol";
-import {VersionPart} from "../type/Version.sol";
-interface IModuleAuthorization {
+interface IModuleAuthorization is
+     IAccess,
+     IAuthorization
+{
-     /// @dev Returns the release (VersionPart) for which the instance authorizations are defined by this contract.
-     /// Matches with the release returned by the linked service authorization.
-     function getRelease() external view returns(VersionPart release);
+     /// @dev Returns the list of service targets.
+     function getServiceDomains() external view returns(ObjectType[] memory serviceDomains);
-     /// @dev Returns the list of module targets.
-     function getTargets() external view returns(Str[] memory targets);
-     /// @dev Returns the list of involved roles.
-     function getRoles() external view returns(RoleId[] memory roles);
-     /// @dev For the given target the list of authorized role ids is returned
-     function getAuthorizedRoles(Str target) external view returns(RoleId[] memory roleIds);
-     /// @dev For the given target and role id the list of authorized functions is returned
-     function getAuthorizedFunctions(Str target, RoleId roleId) external view returns(IAccess.FunctionInfo[] memory authorizatedFunctions);
+     /// @dev Returns the service target for the specified domain.
+     function getServiceTarget(ObjectType serviceDomain) external view returns(Str serviceTarget);
 }

package/contracts/authorization/ModuleAuthorization.sol CHANGED Viewed

@@ -1,100 +1,70 @@
 // SPDX-License-Identifier: Apache-2.0
 pragma solidity ^0.8.20;
-import {IAccess} from "../authorization/IAccess.sol";
+import {Authorization} from "./Authorization.sol";
+import {IAccess} from "./IAccess.sol";
 import {IModuleAuthorization} from "./IModuleAuthorization.sol";
 import {ObjectType, ObjectTypeLib} from "../type/ObjectType.sol";
-import {RoleId, RoleIdLib} from "../type/RoleId.sol";
+import {RoleId, RoleIdLib, ADMIN_ROLE} from "../type/RoleId.sol";
 import {SelectorLib} from "../type/Selector.sol";
 import {Str, StrLib} from "../type/String.sol";
 import {TimestampLib} from "../type/Timestamp.sol";
 import {VersionPart} from "../type/Version.sol";
-contract ModuleAuthorization
-     is IModuleAuthorization
+contract ModuleAuthorization is
+     Authorization,
+     IModuleAuthorization
 {
-     Str[] internal _targets;
-     RoleId[] internal _roles;
-     mapping(RoleId role => Str name) internal _roleName;
+     ObjectType[] internal _serviceDomains;
+     mapping(ObjectType domain => Str target) internal _serviceTarget;
-     mapping(Str target => RoleId[] authorizedRoles) internal _authorizedRoles;
-     mapping(Str target => mapping(RoleId authorizedRole => IAccess.FunctionInfo[] functions)) internal _authorizedFunctions;
+     constructor(string memory moduleName)
+          Authorization(moduleName)
+     { }
-     constructor() {
-          _setupTargets();
-          _setupRoles();
-          _setupTargetAuthorizations();
+     function getServiceDomains() external view returns(ObjectType[] memory serviceDomains) {
+          return _serviceDomains;
      }
-     function getRelease() public virtual view returns(VersionPart release) { }
-     function getTargets() external view returns(Str[] memory targets) {
-          return _targets;
-     }
-     function getRoles() external view returns(RoleId[] memory roles) {
-          return _roles;
-     }
-     function getRoleName(RoleId roleId) external view returns (Str name) {
-          return _roleName[roleId];
-     }
-     function getAuthorizedRoles(Str target) external view returns(RoleId[] memory roleIds) {
-          return _authorizedRoles[target];
+     function getServiceTarget(ObjectType serviceDomain) external view returns(Str serviceTarget) {
+          return _serviceTarget[serviceDomain];
      }
-     function getAuthorizedFunctions(Str target, RoleId roleId) external view returns(IAccess.FunctionInfo[] memory authorizatedFunctions) {
-          return _authorizedFunctions[target][roleId];
+     /// @dev Add a GIF role for the provided role id and name.
+     function _addGifRole(RoleId roleId, string memory name) internal returns (RoleInfo memory info) {
+          _addRole(
+               roleId,
+               _toRoleInfo(
+                    ADMIN_ROLE(),
+                    RoleType.Gif,
+                    type(uint32).max,
+                    name));
      }
-     /// @dev Overwrite this function for a specific realease.
-     function _setupTargets() internal virtual {}
-     /// @dev Overwrite this function for a specific realease.
-     function _setupRoles() internal virtual {}
+     /// @dev Add the service target role for the specified service domain
+     function _addServiceTargetWithRole(ObjectType serviceDomain) internal {
+          // add service domain
+          _serviceDomains.push(serviceDomain);
-     /// @dev Overwrite this function for a specific realease.
-     function _setupTargetAuthorizations() internal virtual {}
+          // get versioned target name
+          string memory serviceTargetName = ObjectTypeLib.toVersionedName(
+                    ObjectTypeLib.toName(serviceDomain),
+                    "Service",
+                    getRelease().toInt());
-     /// @dev Use this method to to add an authorized target.
-     function _addTarget(string memory name) internal {
-          _targets.push(StrLib.toStr(name));
-     }
+          _serviceTarget[serviceDomain] = StrLib.toStr(serviceTargetName);
-     function _addServiceRole(ObjectType serviceDomain) internal {
-          _addRole(
-               _getServiceRoleId(serviceDomain),
-               ObjectTypeLib.toVersionedName(
+          RoleId serviceRoleId = getServiceRole(serviceDomain);
+          string memory serviceRoleName = ObjectTypeLib.toVersionedName(
                     ObjectTypeLib.toName(serviceDomain),
                     "ServiceRole",
-                    getRelease().toInt()));
-     }
-     /// @dev Use this method to to add an authorized role.
-     function _addRole(RoleId roleId, string memory name) internal {
-          _roles.push(roleId);
-          _roleName[roleId] = StrLib.toStr(name);
-     }
+                    getRelease().toInt());
-     /// @dev Use this method to authorize the specified role to access the target.
-     function _authorizeForTarget(string memory target, RoleId authorizedRoleId)
-          internal
-          returns (IAccess.FunctionInfo[] storage authorizatedFunctions)
-     {
-          Str targetStr = StrLib.toStr(target);
-          _authorizedRoles[targetStr].push(authorizedRoleId);
-          return _authorizedFunctions[targetStr][authorizedRoleId];
-     }
-     /// @dev Use this method to authorize a specific function authorization
-     function _authorize(IAccess.FunctionInfo[] storage functions, bytes4 selector, string memory name) internal {
-          functions.push(
-               IAccess.FunctionInfo({
-                    selector: SelectorLib.toSelector(selector),
-                    name: StrLib.toStr(name),
-                    createdAt: TimestampLib.blockTimestamp()}));
+          _addTargetWithRole(
+               serviceTargetName,
+               serviceRoleId,
+               serviceRoleName);
      }
      /// @dev role id for targets registry, staking and instance
@@ -104,13 +74,5 @@ contract ModuleAuthorization
      {
           return RoleIdLib.roleForType(targetDomain);
      }
-     function _getServiceRoleId(ObjectType serviceDomain)
-          internal
-          returns (RoleId serviceRoleId)
-     {
-          return RoleIdLib.roleForTypeAndVersion(
-               serviceDomain, getRelease());
-     }
 }