npm - @etherisc/gif-next - Versions diffs - 0.0.2-9e6b423-414 → 0.0.2-9f51324-299 - Mend

@etherisc/gif-next 0.0.2-9e6b423-414 → 0.0.2-9f51324-299

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (337) hide show

package/contracts/registry/RegistryAdmin.sol CHANGED Viewed

@@ -2,6 +2,7 @@
 pragma solidity ^0.8.20;
 import {IAuthorization} from "../authorization/IAuthorization.sol";
+import {IComponent} from "../shared/IComponent.sol";
 import {IRegistry} from "./IRegistry.sol";
 import {IService} from "../shared/IService.sol";
 import {IStaking} from "../staking/IStaking.sol";
@@ -9,10 +10,16 @@ import {IStaking} from "../staking/IStaking.sol";
 import {AccessAdmin} from "../authorization/AccessAdmin.sol";
 import {AccessAdminLib} from "../authorization/AccessAdminLib.sol";
 import {AccessManagerCloneable} from "../authorization/AccessManagerCloneable.sol";
-import {ObjectType, REGISTRY} from "../type/ObjectType.sol";
-import {RoleId, RoleIdLib, GIF_MANAGER_ROLE, GIF_ADMIN_ROLE} from "../type/RoleId.sol";
-import {Str} from "../type/String.sol";
-import {VersionPart} from "../type/Version.sol";
+import {ContractLib} from "../shared/ContractLib.sol";
+import {ObjectType, REGISTRY, STAKING, POOL, RELEASE} from "../type/ObjectType.sol";
+import {ReleaseRegistry} from "./ReleaseRegistry.sol";
+import {RoleId, RoleIdLib, ADMIN_ROLE, GIF_MANAGER_ROLE, GIF_ADMIN_ROLE, PUBLIC_ROLE} from "../type/RoleId.sol";
+import {Staking} from "../staking/Staking.sol";
+import {Str, StrLib} from "../type/String.sol";
+import {StakingStore} from "../staking/StakingStore.sol";
+import {TokenHandler} from "../shared/TokenHandler.sol";
+import {TokenRegistry} from "./TokenRegistry.sol";
+import {VersionPart, VersionPartLib} from "../type/Version.sol";
 /*
     1) GIF_MANAGER_ROLE
@@ -37,6 +44,14 @@ contract RegistryAdmin is
     /// @dev gif core roles
     string public constant GIF_ADMIN_ROLE_NAME = "GifAdminRole";
     string public constant GIF_MANAGER_ROLE_NAME = "GifManagerRole";
+    string public constant RELEASE_REGISTRY_ROLE_NAME = "ReleaseRegistryRole";
+    string public constant STAKING_ROLE_NAME = "StakingRole";
+    /// @dev gif roles for external contracts
+    string public constant REGISTRY_SERVICE_ROLE_NAME = "RegistryServiceRole";
+    string public constant COMPONENT_SERVICE_ROLE_NAME = "ComponentServiceRole";
+    string public constant POOL_SERVICE_ROLE_NAME = "PoolServiceRole";
+    string public constant STAKING_SERVICE_ROLE_NAME = "StakingServiceRole";
     /// @dev gif core targets
     string public constant REGISTRY_ADMIN_TARGET_NAME = "RegistryAdmin";
@@ -67,7 +82,6 @@ contract RegistryAdmin is
     function completeSetup(
         address registry,
         address authorization,
-        VersionPart release,
         address gifAdmin,
         address gifManager
     )
@@ -77,14 +91,15 @@ contract RegistryAdmin is
         onlyDeployer()
     {
         // checks
-        AccessAdminLib.checkRegistry(registry);
+        _checkRegistry(registry);
+        VersionPart release = VersionPartLib.toVersionPart(3);
         AccessManagerCloneable(
             authority()).completeSetup(
                 registry,
                 release);
-        _checkAuthorization(authorization, REGISTRY(), release, false, true);
+        _checkAuthorization(authorization, REGISTRY(), release, true);
         _registry = registry;
         _authorization = IAuthorization(authorization);
@@ -99,19 +114,19 @@ contract RegistryAdmin is
         // link nft ownability to registry
         _linkToNftOwnable(_registry);
-        // setup registry core targets
-        _createCoreTargets(_authorization.getMainTargetName());
+        _setupRegistry(_registry);
-        // setup non-contract roles
+        // setup authorization for registry and supporting contracts
         _createRoles(_authorization);
         _grantRoleToAccount(GIF_ADMIN_ROLE(), gifAdmin);
         _grantRoleToAccount(GIF_MANAGER_ROLE(), gifManager);
-        // authorize functions of registry and staking contracts
+        _createTargets(_authorization);
         _createTargetAuthorizations(_authorization);
     }
     function grantServiceRoleForAllVersions(
         IService service,
         ObjectType domain
@@ -120,53 +135,83 @@ contract RegistryAdmin is
         restricted()
     {
         _grantRoleToAccount(
-            RoleIdLib.toGenericServiceRoleId(domain),
+            RoleIdLib.roleForTypeAndAllVersions(domain),
             address(service));
     }
     //--- view functions ----------------------------------------------------//
-    function getGifAdminRole() external pure returns (RoleId) {
+    function getGifAdminRole() external view returns (RoleId) {
         return GIF_ADMIN_ROLE();
     }
-    function getGifManagerRole() external pure returns (RoleId) {
+    function getGifManagerRole() external view returns (RoleId) {
         return GIF_MANAGER_ROLE();
     }
     //--- private initialization functions -------------------------------------------//
+    // create registry role and target
+    function _setupRegistry(address registry) internal {
+        // create registry role
+        RoleId roleId = _authorization.getTargetRole(
+            _authorization.getMainTarget());
+        _createRole(
+            roleId,
+            _authorization.getRoleInfo(roleId));
+        // create registry target
+        _createTarget(
+            registry,
+            _authorization.getMainTargetName(),
+            true, // checkAuthority
+            false); // custom
+        // assign registry role to registry
+        _grantRoleToAccount(
+            roleId,
+            registry);
+    }
     function _createRoles(IAuthorization authorization)
         internal
     {
         RoleId[] memory roles = authorization.getRoles();
+        RoleId mainTargetRoleId = authorization.getTargetRole(
+            authorization.getMainTarget());
+        RoleId roleId;
+        RoleInfo memory roleInfo;
         for(uint256 i = 0; i < roles.length; i++) {
-            RoleId roleId = roles[i];
-            RoleInfo memory roleInfo = authorization.getRoleInfo(roleId);
-            // create role if not exists
-            if (!roleExists(roleInfo.name.toString())) {
+            roleId = roles[i];
+            // skip main target role, create role if not exists
+            if (roleId != mainTargetRoleId && !roleExists(roleId)) {
                 _createRole(
                     roleId,
-                    roleInfo);
+                    authorization.getRoleInfo(roleId));
             }
         }
     }
-    function _createCoreTargets(string memory registryTargetName)
+    function _createTargets(IAuthorization authorization)
         internal
     {
         // registry
-        _createUncheckedTarget(_registry, registryTargetName, TargetType.Core);
-        _createUncheckedTarget(address(this), REGISTRY_ADMIN_TARGET_NAME, TargetType.Core);
-        _createUncheckedTarget(_releaseRegistry, RELEASE_REGISTRY_TARGET_NAME, TargetType.Core);
-        _createUncheckedTarget(_tokenRegistry, TOKEN_REGISTRY_TARGET_NAME, TargetType.Core);
+        _createTargetWithRole(address(this), REGISTRY_ADMIN_TARGET_NAME, authorization.getTargetRole(StrLib.toStr(REGISTRY_ADMIN_TARGET_NAME)));
+        _createTargetWithRole(_releaseRegistry, RELEASE_REGISTRY_TARGET_NAME, authorization.getTargetRole(StrLib.toStr(RELEASE_REGISTRY_TARGET_NAME)));
+        _createTargetWithRole(_tokenRegistry, TOKEN_REGISTRY_TARGET_NAME, authorization.getTargetRole(StrLib.toStr(TOKEN_REGISTRY_TARGET_NAME)));
         // staking
-        _createUncheckedTarget(_staking, STAKING_TARGET_NAME, TargetType.Core);
-        _createUncheckedTarget(_stakingStore, STAKING_STORE_TARGET_NAME, TargetType.Core);
+        _createTargetWithRole(_staking, STAKING_TARGET_NAME, authorization.getTargetRole(StrLib.toStr(STAKING_TARGET_NAME)));
+        _createTarget(_stakingStore, STAKING_STORE_TARGET_NAME, true, false);
+        _createTarget(address(IComponent(_staking).getTokenHandler()), STAKING_TH_TARGET_NAME, true, false);
     }
@@ -179,10 +224,35 @@ contract RegistryAdmin is
         for(uint256 i = 0; i < targets.length; i++) {
             target = targets[i];
             RoleId[] memory authorizedRoles = authorization.getAuthorizedRoles(target);
+            RoleId authorizedRole;
             for(uint256 j = 0; j < authorizedRoles.length; j++) {
-                _authorizeFunctions(authorization, target, authorizedRoles[j]);
+                authorizedRole = authorizedRoles[j];
+                _authorizeTargetFunctions(
+                    getTargetForName(target),
+                    authorizedRole,
+                    authorization.getAuthorizedFunctions(
+                        target,
+                        authorizedRole));
             }
         }
     }
+    function _createTargets(address authorization)
+        private
+        onlyInitializing()
+    {
+        IStaking staking = IStaking(_staking);
+        address tokenHandler = address(staking.getTokenHandler());
+        _createTarget(address(this), REGISTRY_ADMIN_TARGET_NAME, false, false);
+        _createTarget(_registry, REGISTRY_TARGET_NAME, true, false);
+        _createTarget(_releaseRegistry, RELEASE_REGISTRY_TARGET_NAME, true, false);
+        _createTarget(_staking, STAKING_TARGET_NAME, true, false);
+        _createTarget(_stakingStore, STAKING_STORE_TARGET_NAME, true, false);
+        _createTarget(_tokenRegistry, TOKEN_REGISTRY_TARGET_NAME, true, false);
+        _createTarget(tokenHandler, TOKEN_HANDLER_TARGET_NAME, true, false);
+    }
 }

package/contracts/registry/RegistryAuthorization.sol CHANGED Viewed

@@ -14,7 +14,6 @@ import {RoleIdLib, ADMIN_ROLE, GIF_ADMIN_ROLE, GIF_MANAGER_ROLE} from "../type/R
 import {StakingStore} from "../staking/StakingStore.sol";
 import {TokenHandler} from "../shared/TokenHandler.sol";
 import {TokenRegistry} from "../registry/TokenRegistry.sol";
-import {VersionPartLib} from "../type/Version.sol";
 contract RegistryAuthorization
@@ -40,48 +39,39 @@ contract RegistryAuthorization
      string public constant TOKEN_REGISTRY_TARGET_NAME = "TokenRegistry";
      string public constant STAKING_TARGET_NAME = "Staking";
-     string public constant STAKING_TH_TARGET_NAME = "StakingTh";
+     string public constant STAKING_TH_TARGET_NAME = "StakingTH";
      string public constant STAKING_STORE_TARGET_NAME = "StakingStore";
-     constructor(string memory commitHash)
-          Authorization(
-               REGISTRY_TARGET_NAME,
-               REGISTRY(),
-               3,
-               commitHash,
-               false, // isComponent
-               false) // includeTokenHandler
+     constructor()
+          Authorization(REGISTRY_TARGET_NAME, REGISTRY(), false, false)
      { }
      /// @dev Sets up the GIF admin and manager roles.
      function _setupRoles() internal override {
-          // max number of versioned contracts per generic service
-          uint32 maxReleases = uint32(VersionPartLib.releaseMax().toInt());
-          // service roles (for all releases)
+          // service roles (for all versions)
           _addRole(
-               RoleIdLib.toGenericServiceRoleId(REGISTRY()),
+               RoleIdLib.roleForTypeAndAllVersions(REGISTRY()),
                _toRoleInfo({
                     adminRoleId: ADMIN_ROLE(),
-                    roleType: RoleType.Core,
-                    maxMemberCount: maxReleases,
+                    roleType: RoleType.Gif,
+                    maxMemberCount: 999, // max member count = max
                     name: REGISTRY_SERVICE_ROLE_NAME}));
           _addRole(
-               RoleIdLib.toGenericServiceRoleId(STAKING()),
+               RoleIdLib.roleForTypeAndAllVersions(STAKING()),
                _toRoleInfo({
                     adminRoleId: ADMIN_ROLE(),
-                    roleType: RoleType.Core,
-                    maxMemberCount: maxReleases,
+                    roleType: RoleType.Gif,
+                    maxMemberCount: 999, // max member count = max
                     name: STAKING_SERVICE_ROLE_NAME}));
           _addRole(
-               RoleIdLib.toGenericServiceRoleId(POOL()),
+               RoleIdLib.roleForTypeAndAllVersions(POOL()),
                _toRoleInfo({
                     adminRoleId: ADMIN_ROLE(),
-                    roleType: RoleType.Core,
-                    maxMemberCount: maxReleases,
+                    roleType: RoleType.Gif,
+                    maxMemberCount: 999, // max member count = max
                     name: POOL_SERVICE_ROLE_NAME}));
           // gif admin role
@@ -89,7 +79,7 @@ contract RegistryAuthorization
                GIF_ADMIN_ROLE(),
                _toRoleInfo({
                     adminRoleId: ADMIN_ROLE(),
-                    roleType: RoleType.Core,
+                    roleType: RoleType.Gif,
                     maxMemberCount: 2, // TODO decide on max member count
                     name: GIF_ADMIN_ROLE_NAME}));
@@ -98,7 +88,7 @@ contract RegistryAuthorization
                GIF_MANAGER_ROLE(),
                _toRoleInfo({
                     adminRoleId: ADMIN_ROLE(),
-                    roleType: RoleType.Core,
+                    roleType: RoleType.Gif,
                     maxMemberCount: 1, // TODO decide on max member count
                     name: GIF_MANAGER_ROLE_NAME}));
@@ -106,13 +96,13 @@ contract RegistryAuthorization
      /// @dev Sets up the relevant (non-service) targets for the registry.
      function _setupTargets() internal override {
-          _addGifTarget(REGISTRY_ADMIN_TARGET_NAME);
-          _addGifTarget(RELEASE_REGISTRY_TARGET_NAME);
-          _addGifTarget(TOKEN_REGISTRY_TARGET_NAME);
+          _addGifContractTarget(REGISTRY_ADMIN_TARGET_NAME);
+          _addGifContractTarget(RELEASE_REGISTRY_TARGET_NAME);
+          _addGifContractTarget(TOKEN_REGISTRY_TARGET_NAME);
-          _addGifTarget(STAKING_TARGET_NAME);
-          _addGifTarget(STAKING_TH_TARGET_NAME);
-          _addGifTarget(STAKING_STORE_TARGET_NAME);
+          _addGifContractTarget(STAKING_TARGET_NAME);
+          _addGifContractTarget(STAKING_TH_TARGET_NAME);
+          _addTarget(STAKING_STORE_TARGET_NAME);
      }
@@ -144,7 +134,7 @@ contract RegistryAuthorization
           // registry service role
           functions = _authorizeForTarget(
                REGISTRY_TARGET_NAME,
-               RoleIdLib.toGenericServiceRoleId(REGISTRY()));
+               RoleIdLib.roleForTypeAndAllVersions(REGISTRY()));
           _authorize(functions, IRegistry.register.selector, "register");
           _authorize(functions, IRegistry.registerWithCustomType.selector, "registerWithCustomType");
@@ -211,7 +201,7 @@ contract RegistryAuthorization
           // staking service role
           functions = _authorizeForTarget(
                STAKING_TARGET_NAME,
-               RoleIdLib.toGenericServiceRoleId(STAKING()));
+               RoleIdLib.roleForTypeAndAllVersions(STAKING()));
           _authorize(functions, IStaking.registerTarget.selector, "registerTarget");
           _authorize(functions, IStaking.setLockingPeriod.selector, "setLockingPeriod");
@@ -229,7 +219,7 @@ contract RegistryAuthorization
           // pool service role
           functions = _authorizeForTarget(
                STAKING_TARGET_NAME,
-               RoleIdLib.toGenericServiceRoleId(POOL()));
+               RoleIdLib.roleForTypeAndAllVersions(POOL()));
           _authorize(functions, IStaking.increaseTotalValueLocked.selector, "increaseTotalValueLocked");
           _authorize(functions, IStaking.decreaseTotalValueLocked.selector, "decreaseTotalValueLocked");
@@ -242,7 +232,7 @@ contract RegistryAuthorization
           // staking service role
           functions = _authorizeForTarget(
                STAKING_TH_TARGET_NAME,
-               RoleIdLib.toGenericServiceRoleId(STAKING()));
+               RoleIdLib.roleForTypeAndAllVersions(STAKING()));
           _authorize(functions, TokenHandler.approve.selector, "approve");
           _authorize(functions, TokenHandler.pullToken.selector, "pullToken");

package/contracts/registry/ReleaseAdmin.sol CHANGED Viewed

@@ -1,20 +1,16 @@
 // SPDX-License-Identifier: Apache-2.0
 pragma solidity ^0.8.20;
-import {IAccess} from "../authorization/IAccess.sol";
-import {IAuthorization} from "../authorization/IAuthorization.sol";
-import {IService} from "../shared/IService.sol";
-import {IServiceAuthorization} from "../authorization/IServiceAuthorization.sol";
 import {AccessAdmin} from "../authorization/AccessAdmin.sol";
 import {AccessAdminLib} from "../authorization/AccessAdminLib.sol";
 import {AccessManagerCloneable} from "../authorization/AccessManagerCloneable.sol";
-import {ObjectType, ObjectTypeLib, RELEASE} from "../type/ObjectType.sol";
-import {RoleId, ADMIN_ROLE, RELEASE_REGISTRY_ROLE} from "../type/RoleId.sol";
-import {Str} from "../type/String.sol";
+import {IAccess} from "../authorization/IAccess.sol";
+import {IService} from "../shared/IService.sol";
+import {IServiceAuthorization} from "../authorization/IServiceAuthorization.sol";
+import {ObjectType, ObjectTypeLib, ALL} from "../type/ObjectType.sol";
+import {RoleId, RoleIdLib, ADMIN_ROLE, RELEASE_REGISTRY_ROLE, PUBLIC_ROLE} from "../type/RoleId.sol";
 import {VersionPart} from "../type/Version.sol";
 /// @dev The ReleaseAdmin contract implements the central authorization for the services of a specific release.
 /// There is one ReleaseAdmin contract per major GIF release.
 /// Locking/unlocking of all services of a release is implemented in function setReleaseLocked.
@@ -29,13 +25,11 @@ contract ReleaseAdmin is
     error ErrorReleaseAdminReleaseLockAlreadySetTo(bool locked);
     /// @dev release core roles
-    string public constant RELEASE_REGISTRY_ROLE_NAME = "ReleaseRegistry_Role";
+    string public constant RELEASE_REGISTRY_ROLE_NAME = "ReleaseRegistryRole";
     /// @dev release core targets
     string public constant RELEASE_ADMIN_TARGET_NAME = "ReleaseAdmin";
-    IServiceAuthorization internal _serviceAuthorization;
     modifier onlyReleaseRegistry() {
         (bool isMember, ) = _authority.hasRole(RELEASE_REGISTRY_ROLE().toInt(), msg.sender);
@@ -45,7 +39,6 @@ contract ReleaseAdmin is
         _;
     }
     // @dev Only used for master release admin
     constructor(address accessManager) {
         initialize(
@@ -56,40 +49,32 @@ contract ReleaseAdmin is
     function completeSetup(
         address registry,
-        address authorization,
-        VersionPart release,
-        address releaseRegistry
+        address releaseRegistry,
+        VersionPart release
     )
         external
         reinitializer(uint64(release.toInt()))
     {
         // checks
-        AccessAdminLib.checkRegistry(registry);
+        _checkRegistry(registry);
         AccessManagerCloneable(
             authority()).completeSetup(
                 registry,
-                release);
-        IServiceAuthorization serviceAuthorization = IServiceAuthorization(authorization);
-        _checkAuthorization(address(serviceAuthorization), RELEASE(), release, true, true);
-        _serviceAuthorization = serviceAuthorization;
+                release);
         // link nft ownability to registry
         _linkToNftOwnable(registry);
-        // setup release contract
         _setupReleaseRegistry(releaseRegistry);
-        // relase services will be authorized one by one via authorizeService()
     }
     /// @dev Sets up authorizaion for specified service.
     /// For all authorized services its authorized functions are enabled.
     /// Permissioned function: Access is restricted to release registry.
     function authorizeService(
+        IServiceAuthorization serviceAuthorization,
         IService service,
         ObjectType serviceDomain,
         VersionPart release
@@ -98,20 +83,9 @@ contract ReleaseAdmin is
         restricted()
     {
         _createServiceTargetAndRole(service, serviceDomain, release);
-        // authorize functions of service
-        Str serviceTarget = _serviceAuthorization.getServiceTarget(serviceDomain);
-        RoleId[] memory authorizedRoles = _serviceAuthorization.getAuthorizedRoles(serviceTarget);
-        for (uint256 i = 0; i < authorizedRoles.length; i++) {
-            _authorizeFunctions(
-                IAuthorization(address(_serviceAuthorization)),
-                serviceTarget,
-                authorizedRoles[i]);
-        }
+        _authorizeServiceFunctions(serviceAuthorization, service, serviceDomain, release);
     }
     /// @dev Locks/unlocks all release targets.
     /// For all authorized services of release its authorized functions are disabled/enabled.
     /// Permissioned function: Access is restricted to release registry.
@@ -132,7 +106,6 @@ contract ReleaseAdmin is
         emit LogReleaseAdminReleaseLockChanged(getRelease(), locked);
     }
     /// @dev Lock/unlock specific service of release.
     /// Permissioned function: Access is restricted to release registry.
     function setServiceLocked(IService service, bool locked)
@@ -150,6 +123,13 @@ contract ReleaseAdmin is
         emit LogReleaseAdminServiceLockChanged(service.getRelease(), address(service), locked);
     }
+    //--- view functions ----------------------------------------------------//
+/*
+    function getReleaseAdminRole() external view returns (RoleId) {
+        return GIF_ADMIN_ROLE();
+    }
+*/
     //--- private functions -------------------------------------------------//
     function _createServiceTargetAndRole(
@@ -165,7 +145,85 @@ contract ReleaseAdmin is
         string memory serviceTargetName = ObjectTypeLib.toVersionedName(
             baseName, "Service", release);
-        _createUncheckedTarget(address(service), serviceTargetName, TargetType.Service);
+        _createTarget(
+            address(service),
+            serviceTargetName,
+            true,
+            false);
+        // create service role
+        RoleId serviceRoleId = RoleIdLib.roleForTypeAndVersion(
+            serviceDomain,
+            release);
+        if(!roleExists(serviceRoleId)) {
+            _createRole(
+                serviceRoleId,
+                AccessAdminLib.toRole({
+                    adminRoleId: ADMIN_ROLE(),
+                    roleType: RoleType.Contract,
+                    maxMemberCount: 1,
+                    name: ObjectTypeLib.toVersionedName(
+                        baseName,
+                        "ServiceRole",
+                        release)}));
+        }
+        _grantRoleToAccount(
+            serviceRoleId,
+            address(service));
+    }
+    function _authorizeServiceFunctions(
+        IServiceAuthorization serviceAuthorization,
+        IService service,
+        ObjectType serviceDomain,
+        VersionPart release
+    )
+        private
+    {
+        ObjectType authorizedDomain;
+        RoleId authorizedRoleId;
+        ObjectType[] memory authorizedDomains = serviceAuthorization.getAuthorizedDomains(serviceDomain);
+        for (uint256 i = 0; i < authorizedDomains.length; i++) {
+            authorizedDomain = authorizedDomains[i];
+            // derive authorized role from authorized domain
+            if (authorizedDomain == ALL()) {
+                authorizedRoleId = PUBLIC_ROLE();
+            } else {
+                authorizedRoleId = RoleIdLib.roleForTypeAndVersion(
+                authorizedDomain,
+                release);
+            }
+            if(!roleExists(authorizedRoleId)) {
+                // create role for authorized domain
+                _createRole(
+                    authorizedRoleId,
+                    AccessAdminLib.toRole({
+                        adminRoleId: ADMIN_ROLE(),
+                        roleType: RoleType.Contract,
+                        maxMemberCount: 1,
+                        name: ObjectTypeLib.toVersionedName(
+                            ObjectTypeLib.toName(authorizedDomain),
+                            "Role",
+                            release)}));
+            }
+            // get authorized functions for authorized domain
+            IAccess.FunctionInfo[] memory authorizatedFunctions = serviceAuthorization.getAuthorizedFunctions(
+                serviceDomain,
+                authorizedDomain);
+            _authorizeTargetFunctions(
+                    address(service),
+                    authorizedRoleId,
+                    authorizatedFunctions);
+        }
     }
     //--- private initialization functions -------------------------------------------//
@@ -174,7 +232,7 @@ contract ReleaseAdmin is
         private
         onlyInitializing()
     {
-        _createManagedTarget(address(this), RELEASE_ADMIN_TARGET_NAME, IAccess.TargetType.Core);
+        _createTarget(address(this), RELEASE_ADMIN_TARGET_NAME, false, false);
         _createRole(
             RELEASE_REGISTRY_ROLE(),
@@ -188,7 +246,7 @@ contract ReleaseAdmin is
         functions = new FunctionInfo[](2);
         functions[0] = AccessAdminLib.toFunction(ReleaseAdmin.authorizeService.selector, "authorizeService");
         functions[1] = AccessAdminLib.toFunction(ReleaseAdmin.setServiceLocked.selector, "setServiceLocked");
-        _authorizeTargetFunctions(address(this), RELEASE_REGISTRY_ROLE(), functions, true);
+        _authorizeTargetFunctions(address(this), RELEASE_REGISTRY_ROLE(), functions);
         _grantRoleToAccount(RELEASE_REGISTRY_ROLE(), releaseRegistry);
     }

package/contracts/registry/ReleaseRegistry.sol CHANGED Viewed

@@ -150,7 +150,7 @@ contract ReleaseRegistry is
         uint256 serviceDomainsCount = _verifyServiceAuthorization(serviceAuthorization, releaseVersion, salt);
         // create and initialize release admin
-        releaseAdmin = _cloneNewReleaseAdmin(serviceAuthorization, releaseVersion);
+        releaseAdmin = _cloneNewReleaseAdmin(releaseVersion);
         releaseSalt = salt;
         // ensures unique salt
@@ -182,8 +182,8 @@ contract ReleaseRegistry is
         checkTransition(_releaseInfo[releaseVersion].state, RELEASE(), DEPLOYING(), DEPLOYED());
         address releaseAuthority = ReleaseAdmin(_releaseInfo[releaseVersion].releaseAdmin).authority();
-        IServiceAuthorization releaseAuthz = _releaseInfo[releaseVersion].auth;
-        ObjectType expectedDomain = releaseAuthz.getServiceDomain(_registeredServices);
+        IServiceAuthorization releaseAuth = _releaseInfo[releaseVersion].auth;
+        ObjectType expectedDomain = releaseAuth.getServiceDomain(_registeredServices);
         // service can work with release registry and release version
         (
@@ -216,6 +216,7 @@ contract ReleaseRegistry is
         ReleaseAdmin releaseAdmin = ReleaseAdmin(_releaseInfo[releaseVersion].releaseAdmin);
         releaseAdmin.setReleaseLocked(false);
         releaseAdmin.authorizeService(
+            releaseAuth,
             service,
             serviceDomain,
             releaseVersion);
@@ -366,10 +367,7 @@ contract ReleaseRegistry is
             _releaseInfo[release].releaseAdmin).setReleaseLocked(locked);
     }
-    function _cloneNewReleaseAdmin(
-        IServiceAuthorization serviceAuthorization,
-        VersionPart release
-    )
+    function _cloneNewReleaseAdmin(VersionPart release)
         private
         returns (ReleaseAdmin clonedAdmin)
     {
@@ -379,7 +377,7 @@ contract ReleaseRegistry is
         string memory releaseAdminName = string(
             abi.encodePacked(
-                "ReleaseAdminV",
+                "ReleaseAdmin_v",
                 release.toString()));
         clonedAdmin.initialize(
@@ -388,9 +386,8 @@ contract ReleaseRegistry is
         clonedAdmin.completeSetup(
             address(_registry),
-            address(serviceAuthorization),
-            release,
-            address(this)); // release registry (this contract)
+            address(this), // release registry (this contract)
+            release);
         // lock release (remains locked until activation)
         clonedAdmin.setReleaseLocked(true);
@@ -415,7 +412,7 @@ contract ReleaseRegistry is
         returns (uint256 serviceDomainsCount)
     {
         // authorization contract supports IServiceAuthorization interface
-        if(!ContractLib.supportsInterface(address(serviceAuthorization), type(IServiceAuthorization).interfaceId)) {
+        if(!serviceAuthorization.supportsInterface(type(IServiceAuthorization).interfaceId)) {
             revert ErrorReleaseRegistryNotServiceAuth(address(serviceAuthorization));
         }