@etherisc/gif-next 0.0.2-a307d03-692 → 0.0.2-a33f6f4-689

package/contracts/authorization/AccessAdminLib.sol

@@ -0,0 +1,183 @@
+// SPDX-License-Identifier: Apache-2.0
+pragma solidity ^0.8.20;
+
+import {AccessManagedUpgradeable} from "@openzeppelin/contracts-upgradeable/access/manager/AccessManagedUpgradeable.sol";
+
+import {IAccess} from "./IAccess.sol";
+import {IAccessAdmin} from "./IAccessAdmin.sol";
+import {IAuthorization} from "./IAuthorization.sol";
+import {IRegistry} from "../registry/IRegistry.sol";
+
+import {ContractLib} from "../shared/ContractLib.sol";
+import {ObjectType} from "../type/ObjectType.sol";
+import {RoleId} from "../type/RoleId.sol";
+import {SelectorLib} from "../type/Selector.sol";
+import {Str, StrLib} from "../type/String.sol";
+import {TimestampLib} from "../type/Timestamp.sol";
+import {VersionPart} from "../type/Version.sol";
+
+
+library AccessAdminLib { // ACCESS_ADMIN_LIB
+
+    function checkRoleCreation(
+        IAccessAdmin accessAdmin,
+        RoleId roleId, 
+        IAccess.RoleInfo memory info
+    )
+        public 
+        view
+    {
+        // check role does not yet exist    // ACCESS_ADMIN_LIB role creation checks
+        if(accessAdmin.roleExists(roleId)) {
+            revert IAccessAdmin.ErrorAccessAdminRoleAlreadyCreated(
+                roleId, 
+                accessAdmin.getRoleInfo(roleId).name.toString());
+        }
+
+        // check admin role exists
+        if(!accessAdmin.roleExists(info.adminRoleId)) {
+            revert IAccessAdmin.ErrorAccessAdminRoleAdminNotExisting(info.adminRoleId);
+        }
+
+        // check role name is not empty
+        if(info.name.length() == 0) {
+            revert IAccessAdmin.ErrorAccessAdminRoleNameEmpty(roleId);
+        }
+
+        // check role name is not used for another role
+        RoleId roleIdForName = accessAdmin.getRoleForName(StrLib.toString(info.name));
+        if(roleIdForName.gtz()) {
+            revert IAccessAdmin.ErrorAccessAdminRoleNameAlreadyExists(
+                roleId, 
+                info.name.toString(),
+                roleIdForName);
+        }
+    }
+
+    function checkTargetCreation(
+        IAccessAdmin accessAdmin,
+        address target, 
+        string memory targetName, 
+        bool checkAuthority
+    )
+        public 
+        view
+    {
+        // check target does not yet exist
+        if(accessAdmin.targetExists(target)) {
+            revert IAccessAdmin.ErrorAccessAdminTargetAlreadyCreated(
+                target, 
+                accessAdmin.getTargetInfo(target).name.toString());
+        }
+
+        // check target name is not empty
+        Str name = StrLib.toStr(targetName);
+        if(name.length() == 0) {
+            revert IAccessAdmin.ErrorAccessAdminTargetNameEmpty(target);
+        }
+
+        // check target name is not used for another target
+        address targetForName = accessAdmin.getTargetForName(name);
+        if(targetForName != address(0)) {
+            revert IAccessAdmin.ErrorAccessAdminTargetNameAlreadyExists(
+                target, 
+                targetName,
+                targetForName);
+        }
+
+        // check target is an access managed contract
+        if (!ContractLib.isAccessManaged(target)) {
+            revert IAccessAdmin.ErrorAccessAdminTargetNotAccessManaged(target);
+        }
+
+        // check target shares authority with this contract
+        if (checkAuthority) {
+            address targetAuthority = AccessManagedUpgradeable(target).authority();
+            if (targetAuthority != accessAdmin.authority()) {
+                revert IAccessAdmin.ErrorAccessAdminTargetAuthorityMismatch(accessAdmin.authority(), targetAuthority);
+            }
+        }
+
+    }
+
+
+    function checkAuthorization( 
+        address authorizationOld,
+        address authorization,
+        ObjectType expectedDomain, 
+        VersionPart expectedRelease,
+        bool checkAlreadyInitialized
+    )
+        public
+        view
+    {
+        // checks
+        // check not yet initialized
+        if (checkAlreadyInitialized && authorizationOld != address(0)) {
+            revert IAccessAdmin.ErrorAccessAdminAlreadyInitialized(authorizationOld);
+        }
+
+        // check contract type matches
+        if (!ContractLib.supportsInterface(authorization, type(IAuthorization).interfaceId)) {  
+            revert IAccessAdmin.ErrorAccessAdminNotAuthorization(authorization);
+        }
+
+        // check domain matches
+        ObjectType domain = IAuthorization(authorization).getDomain();
+        if (domain != expectedDomain) {
+            revert IAccessAdmin.ErrorAccessAdminDomainMismatch(authorization, expectedDomain, domain);
+        }
+
+        // check release matches
+        VersionPart authorizationRelease = IAuthorization(authorization).getRelease();
+        if (authorizationRelease != expectedRelease) {
+            revert IAccessAdmin.ErrorAccessAdminReleaseMismatch(authorization, expectedRelease, authorizationRelease);
+        }
+    }
+
+
+    function checkIsRegistered( 
+        address registry,
+        address target,
+        ObjectType expectedType
+    )
+        public
+        view 
+    {
+        ObjectType tagetType = IRegistry(registry).getObjectInfo(target).objectType;
+        if (tagetType.eqz()) {
+            revert IAccessAdmin.ErrorAccessAdminNotRegistered(target);
+        }
+
+        if (tagetType != expectedType) {
+            revert IAccessAdmin.ErrorAccessAdminTargetTypeMismatch(target, expectedType, tagetType);
+        }
+    }
+
+    function toRole(RoleId adminRoleId, IAccessAdmin.RoleType roleType, uint32 maxMemberCount, string memory name)
+        public 
+        view 
+        returns (IAccess.RoleInfo memory)
+    { 
+        return IAccess.RoleInfo({
+            name: StrLib.toStr(name),
+            adminRoleId: adminRoleId,
+            roleType: roleType,
+            maxMemberCount: maxMemberCount,
+            createdAt: TimestampLib.blockTimestamp(),
+            pausedAt: TimestampLib.max()
+        });
+    }
+
+    function toFunction(bytes4 selector, string memory name) 
+        public 
+        view 
+        returns (IAccess.FunctionInfo memory) 
+    { 
+        return IAccess.FunctionInfo({
+            name: StrLib.toStr(name),
+            selector: SelectorLib.toSelector(selector),
+            createdAt: TimestampLib.blockTimestamp()});
+    }
+
+}

package/contracts/authorization/AccessManagerCloneable.sol

@@ -2,12 +2,11 @@
 pragma solidity ^0.8.20;
 
 import {AccessManagerUpgradeable} from "@openzeppelin/contracts-upgradeable/access/manager/AccessManagerUpgradeable.sol";
-import {IAccessManaged} from "@openzeppelin/contracts/access/manager/IAccessManaged.sol";
 import {IAccessManager} from "@openzeppelin/contracts/access/manager/IAccessManager.sol";
 
 import {InitializableERC165} from "../shared/InitializableERC165.sol";
 import {RegistryLinked} from "../shared/RegistryLinked.sol";
-import {VersionPart, VersionLib} from "../type/Version.sol";
+import {VersionPart} from "../type/Version.sol";
 
 
 /// @dev An AccessManager based on OpenZeppelin that is cloneable and has a central lock property.
@@ -28,6 +27,7 @@ contract AccessManagerCloneable is
     VersionPart private _release;
     bool private _isLocked;
 
+
     modifier onlyAdminRole() {
         (bool isMember, ) = hasRole(ADMIN_ROLE, msg.sender);
         if(!isMember) {
@@ -36,12 +36,14 @@ contract AccessManagerCloneable is
         _;
     }
 
+
     function initialize(address admin)
-        external
+        public
         initializer()
     {
+        __ERC165_init();
         __AccessManager_init(admin);
-        _initializeERC165();
+
         _registerInterface(type(IAccessManager).interfaceId);
     }
 
@@ -56,22 +58,27 @@ contract AccessManagerCloneable is
         onlyAdminRole
         reinitializer(uint64(release.toInt()))
     {
-        _completeSetup(registry, release, true);
+        _checkAndSetRegistry(registry);
+        _checkAndSetRelease(release);
     }
 
-    /// @dev Completes the setup of the access manager.
-    /// Links the access manager to the registry and sets the release version.
-    function completeSetup(
-        address registry, 
-        VersionPart release,
-        bool verifyRelease
-    )
-        public
-        onlyAdminRole
-        reinitializer(uint64(release.toInt()))
-    {
-        _completeSetup(registry, release, verifyRelease);
-    }
+    // /// @dev Completes the setup of the access manager.
+    // /// Links the access manager to the registry and sets the release version.
+    // function completeSetup(
+    //     address registry, 
+    //     VersionPart release,
+    //     bool verifyRelease
+    // )
+    //     public
+    //     onlyAdminRole
+    //     reinitializer(uint64(release.toInt()))
+    // {
+    //     _checkAndSetRegistry(registry);
+
+    //     if (verifyRelease) {
+    //         _checkAndSetRelease(release);
+    //     }
+    // }
 
     /// @dev Returns true if the caller is authorized to call the target with the given selector and the manager lock is not set to locked.
     /// Feturn values as in OpenZeppelin AccessManager.
@@ -89,12 +96,12 @@ contract AccessManagerCloneable is
             uint32 delay
         ) 
     {
-        (immediate, delay) = super.canCall(caller, target, selector);
-
         // locking of all contracts under control of this access manager
-        if (isLocked()) {
+        if (_isLocked) {
             revert ErrorAccessManagerTargetAdminLocked(target);
         }
+
+        (immediate, delay) = super.canCall(caller, target, selector);
     }
 
 
@@ -126,11 +133,18 @@ contract AccessManagerCloneable is
     }
 
 
-    function _completeSetup(
-        address registry,
-        VersionPart release,
-        bool verifyRelease
-    )
+    function _checkAndSetRelease(VersionPart release)
+        internal
+    {
+        if (!release.isValidRelease()) {
+            revert ErrorAccessManagerInvalidRelease(release);
+        }
+
+        _release = release;
+    }
+
+
+    function _checkAndSetRegistry(address registry)
         internal
     {
         // checks
@@ -138,12 +152,7 @@ contract AccessManagerCloneable is
             revert ErrorAccessManagerRegistryAlreadySet(address(getRegistry()) );
         }
 
-        if (verifyRelease && !release.isValidRelease()) {
-            revert ErrorAccessManagerInvalidRelease(release);
-        }
-
         // effects
         __RegistryLinked_init(registry);
-        _release = release;
     }
 }

package/contracts/authorization/Authorization.sol

@@ -3,27 +3,32 @@ pragma solidity ^0.8.20;
 
 import {IAccess} from "./IAccess.sol";
 import {IAuthorization} from "./IAuthorization.sol";
-import {ObjectType, ObjectTypeLib, PRODUCT, ORACLE, DISTRIBUTION, POOL} from "../type/ObjectType.sol";
+
+import {InitializableERC165} from "../shared/InitializableERC165.sol";
+import {ObjectType, ObjectTypeLib} from "../type/ObjectType.sol";
 import {RoleId, RoleIdLib, ADMIN_ROLE} from "../type/RoleId.sol";
 import {SelectorLib} from "../type/Selector.sol";
 import {Str, StrLib} from "../type/String.sol";
 import {TimestampLib} from "../type/Timestamp.sol";
 import {VersionPart, VersionPartLib} from "../type/Version.sol";
 
-contract Authorization
-    is IAuthorization
+contract Authorization is
+    InitializableERC165,
+    IAuthorization
 {
     uint256 public constant GIF_RELEASE = 3;
 
     string public constant ROLE_NAME_SUFFIX = "Role";
     string public constant SERVICE_ROLE_NAME_SUFFIX = "ServiceRole";
 
+    uint64 internal _nextGifContractRoleId;
     ObjectType[] internal _serviceDomains;
     mapping(ObjectType domain => Str target) internal _serviceTarget;
 
     string internal _mainTargetName = "Component";
     string internal _tokenHandlerName = "ComponentTH";
 
+    ObjectType internal _domain;
     Str internal _mainTarget;
     Str internal _tokenHandlerTarget;
     Str[] internal _targets;
@@ -40,7 +45,9 @@ contract Authorization
 
     constructor(
         string memory mainTargetName, 
-        ObjectType targetDomain
+        ObjectType targetDomain, 
+        bool isComponent,
+        bool includeTokenHandler
     )
     {
         // checks
@@ -48,45 +55,52 @@ contract Authorization
             revert ErrorAuthorizationMainTargetNameEmpty();
         }
 
-        if (targetDomain.eqz()) {
+        if (targetDomain == ObjectTypeLib.zero()) {
             revert ErrorAuthorizationTargetDomainZero();
         }
 
         // effects
-        // setup main target, main role id and main role info
+        _initializeERC165();
+
+        _domain = targetDomain;
         _mainTargetName = mainTargetName;
-        _tokenHandlerName = string(abi.encodePacked(mainTargetName, "TH"));
+        _mainTarget = StrLib.toStr(mainTargetName);
+        _nextGifContractRoleId = 10;
 
-        RoleId mainRoleId = RoleIdLib.toComponentRoleId(targetDomain, 0);
-        string memory mainRolName = _toTargetRoleName(mainTargetName);
+        if (isComponent) {
+            if (targetDomain.eqz()) {
+                revert ErrorAuthorizationTargetDomainZero();
+            }
 
-        _addTargetWithRole(
-            _mainTargetName, 
-            mainRoleId,
-            mainRolName);
+            RoleId mainRoleId = RoleIdLib.toComponentRoleId(targetDomain, 0);
+            string memory mainRolName = _toTargetRoleName(_mainTargetName);
 
-        _mainTarget = StrLib.toStr(mainTargetName);
-        _targetRole[_mainTarget] = mainRoleId;
-
-        // add token handler target for components
-        if (targetDomain == PRODUCT() 
-            || targetDomain == DISTRIBUTION()
-            || targetDomain == ORACLE()
-            || targetDomain == POOL()
-        ) {
-            _addTarget(_tokenHandlerName);
+            _addTargetWithRole(
+                _mainTargetName, 
+                mainRoleId,
+                mainRolName);
+        } else {
+            _addGifContractTarget(_mainTargetName);
         }
-
-        // setup token handler target
-        _tokenHandlerTarget = StrLib.toStr(_tokenHandlerName);
-
         // setup use case specific parts
         _setupServiceTargets();
         _setupRoles(); // not including main target role
         _setupTargets(); // not including main target (and token handler target)
-
-        _setupTokenHandlerAuthorizations();
         _setupTargetAuthorizations(); // not including token handler target
+
+        // setup component token handler 
+        if (includeTokenHandler) {
+            _tokenHandlerName = string(abi.encodePacked(mainTargetName, "TH"));
+            _tokenHandlerTarget = StrLib.toStr(_tokenHandlerName);
+            _addTarget(_tokenHandlerName);
+            _setupTokenHandlerAuthorizations();
+        }
+
+        _registerInterfaceNotInitializing(type(IAuthorization).interfaceId);
+    }
+
+    function getDomain() external view returns(ObjectType targetDomain) {
+        return _domain;
     }
 
     function getServiceDomains() external view returns(ObjectType[] memory serviceDomains) {
@@ -147,7 +161,7 @@ contract Authorization
         return target == _mainTarget || _targetExists[target];
     }
 
-    function getTargetRole(Str target) external view returns(RoleId roleId) {
+    function getTargetRole(Str target) public view returns(RoleId roleId) {
         return _targetRole[target];
     }
 
@@ -183,6 +197,20 @@ contract Authorization
     /// Overwrite this function for use case specific authorizations.
     function _setupTargetAuthorizations() internal virtual {}
 
+    function _addGifContractTarget(string memory contractName) internal {
+
+        RoleId contractRoleId = RoleIdLib.toRoleId(_nextGifContractRoleId++);
+        string memory contractRoleName = string(
+            abi.encodePacked(
+                contractName,
+                ROLE_NAME_SUFFIX));
+
+        _addTargetWithRole(
+            contractName,
+            contractRoleId,
+            contractRoleName);
+    }
+
     /// @dev Add the service target role for the specified service domain
     function _addServiceTargetWithRole(ObjectType serviceDomain) internal {
         // add service domain
@@ -192,7 +220,7 @@ contract Authorization
         string memory serviceTargetName = ObjectTypeLib.toVersionedName(
                 ObjectTypeLib.toName(serviceDomain), 
                 "Service", 
-                getRelease().toInt());
+                getRelease());
 
         _serviceTarget[serviceDomain] = StrLib.toStr(serviceTargetName);
 
@@ -200,7 +228,7 @@ contract Authorization
         string memory serviceRoleName = ObjectTypeLib.toVersionedName(
                 ObjectTypeLib.toName(serviceDomain), 
                 "ServiceRole", 
-                getRelease().toInt());
+                getRelease());
 
         _addTargetWithRole(
             serviceTargetName,
@@ -235,7 +263,7 @@ contract Authorization
             ObjectTypeLib.toVersionedName(
                 ObjectTypeLib.toName(serviceDomain), 
                 SERVICE_ROLE_NAME_SUFFIX, 
-                getRelease().toInt()));
+                getRelease()));
     }
 
 

package/contracts/authorization/IAccessAdmin.sol

@@ -4,7 +4,12 @@ pragma solidity ^0.8.20;
 import {IAccessManaged} from "@openzeppelin/contracts/access/manager/IAccessManaged.sol";
 
 import {IAccess} from "./IAccess.sol";
+import {IAuthorization} from "./IAuthorization.sol";
 import {IRegistryLinked} from "../shared/IRegistryLinked.sol";
+import {IRelease} from "../registry/IRelease.sol";
+
+import {NftId} from "../type/NftId.sol";
+import {ObjectType} from "../type/ObjectType.sol";
 import {RoleId} from "../type/RoleId.sol";
 import {Selector} from "../type/Selector.sol";
 import {Str} from "../type/String.sol";
@@ -13,59 +18,80 @@ import {VersionPart} from "../type/Version.sol";
 interface IAccessAdmin is 
     IAccessManaged,
     IAccess,
-    IRegistryLinked
+    IRegistryLinked,
+    IRelease
 {
 
     // roles, targets and functions
-    event LogAccessAdminRoleCreated(RoleId roleId, RoleType roleType, RoleId roleAdminId, string name);
-    event LogAccessAdminTargetCreated(address target, string name);
+    event LogAccessAdminRoleCreated(string admin, RoleId roleId, RoleType roleType, RoleId roleAdminId, string name);
+    event LogAccessAdminTargetCreated(string admin, address target, string name);
 
-    event LogAccessAdminRoleGranted(address account, string roleName);
-    event LogAccessAdminRoleRevoked(address account, string roleName);
-    event LogAccessAdminFunctionGranted(address target, string functionName, string roleName);
+    event LogAccessAdminRoleGranted(string admin, address account, string roleName);
+    event LogAccessAdminRoleRevoked(string admin, address account, string roleName);
+    event LogAccessAdminFunctionGranted(string admin, address target, string func);
 
     // only deployer modifier
-    error ErrorNotDeployer();
+    error ErrorAccessAdminNotDeployer();
 
     // only role admin modifier
-    error ErrorNotAdminOfRole(RoleId adminRoleId);
+    error ErrorAccessAdminNotAdminOfRole(RoleId adminRoleId, address account);
 
     // only role owner modifier
-    error ErrorNotRoleOwner(RoleId roleId);
+    error ErrorAccessAdminNotRoleOwner(RoleId roleId, address account);
+
+    // initialization
+    error ErrorAccessAdminNotRegistry(address registry);
+    error ErrorAccessAdminAuthorityNotContract(address authority);
+    error ErrorAccessAdminAccessManagerNotAccessManager(address authority);
+    error ErrorAccessAdminAccessManagerEmptyName();
+
+    // check target
+    error ErrorAccessAdminTargetNotCreated(address target);
+    error ErrorAccessAdminTargetNotRegistered(address target);
+    error ErrorAccessAdminTargetTypeMismatch(address target, ObjectType expectedType, ObjectType actualType);
+
+    // check authorization
+    error ErrorAccessAdminAlreadyInitialized(address authorization);
+    error ErrorAccessAdminNotAuthorization(address authorization);
+    error ErrorAccessAdminDomainMismatch(address authorization, ObjectType expectedDomain, ObjectType actualDomain);
+    error ErrorAccessAdminReleaseMismatch(address authorization, VersionPart expectedRelease, VersionPart actualRelease);
+
+    // link to nft
+    error ErrorAccessAdminNotRegistered(address registerable);
 
     // initialize authority
-    error ErrorAdminRoleMissing();
+    error ErrorAccessAdminAdminRoleMissing();
 
     // create role
-    error ErrorRoleAlreadyCreated(RoleId roleId, string name);
-    error ErrorRoleAdminNotExisting(RoleId adminRoleId);
-    error ErrorRoleNameEmpty(RoleId roleId);
-    error ErrorRoleNameAlreadyExists(RoleId roleId, string name, RoleId existingRoleId);
+    error ErrorAccessAdminRoleAlreadyCreated(RoleId roleId, string name);
+    error ErrorAccessAdminRoleAdminNotExisting(RoleId adminRoleId);
+    error ErrorAccessAdminRoleNameEmpty(RoleId roleId);
+    error ErrorAccessAdminRoleNameAlreadyExists(RoleId roleId, string name, RoleId existingRoleId);
 
     // grant/revoke/renounce role
-    error ErrorRoleUnknown(RoleId roleId);
-    error ErrorRoleIsLocked(RoleId roleId);
-    error ErrorRoleIsPaused(RoleId roleId);
-    error ErrorRoleMembersLimitReached(RoleId roleId, uint256 memberCountLimit);
-    error ErrorRoleMemberNotContract(RoleId roleId, address notContract);
-    error ErrorRoleMemberRemovalDisabled(RoleId roleId, address expectedMember);
+    error ErrorAccessAdminRoleUnknown(RoleId roleId);
+    error ErrorAccessAdminRoleIsLocked(RoleId roleId);
+    error ErrorAccessAdminRoleIsPaused(RoleId roleId);
+    error ErrorAccessAdminRoleMembersLimitReached(RoleId roleId, uint256 memberCountLimit);
+    error ErrorAccessAdminRoleMemberNotContract(RoleId roleId, address notContract);
+    error ErrorAccessAdminRoleMemberRemovalDisabled(RoleId roleId, address expectedMember);
 
     // create target
-    error ErrorTargetAlreadyCreated(address target, string name);
-    error ErrorTargetNameEmpty(address target);
-    error ErrorTargetNameAlreadyExists(address target, string name, address existingTarget);
-    error ErrorTargetNotAccessManaged(address target);
-    error ErrorTargetAuthorityMismatch(address expectedAuthority, address actualAuthority);
+    error ErrorAccessAdminTargetAlreadyCreated(address target, string name);
+    error ErrorAccessAdminTargetNameEmpty(address target);
+    error ErrorAccessAdminTargetNameAlreadyExists(address target, string name, address existingTarget);
+    error ErrorAccessAdminTargetNotAccessManaged(address target);
+    error ErrorAccessAdminTargetAuthorityMismatch(address expectedAuthority, address actualAuthority);
 
     // lock target
-    error ErrorTagetNotLockable();
-    error ErrorTargetAlreadyLocked(address target, bool isLocked);
+    error ErrorAccessAdminTagetNotLockable();
+    error ErrorAccessAdminTargetAlreadyLocked(address target, bool isLocked);
 
     // authorize target functions
-    error ErrorAuthorizeForAdminRoleInvalid(address target);
+    error ErrorAccessAdminAuthorizeForAdminRoleInvalid(address target);
 
     // check target
-    error ErrorTargetUnknown(address target);
+    error ErrorAccessAdminTargetUnknown(address target);
 
     /// @dev Set the disabled status of the speicified role.
     /// Role disabling only prevents the role from being granted to new accounts.
@@ -110,7 +136,11 @@ interface IAccessAdmin is
 
     //--- view functions ----------------------------------------------------//
 
-    function getRelease() external view returns (VersionPart release);
+    function getAuthorization() external view returns (IAuthorization authorization);
+    function getLinkedNftId() external view returns (NftId linkedNftId);
+    function getLinkedOwner() external view returns (address linkedOwner);
+
+    function isLocked() external view returns (bool locked);
 
     function roles() external view returns (uint256 numberOfRoles);
     function getRoleId(uint256 idx) external view returns (RoleId roleId);
@@ -118,8 +148,8 @@ interface IAccessAdmin is
     function getPublicRole() external view returns (RoleId roleId);
 
     function roleExists(RoleId roleId) external view returns (bool exists); 
+    function getRoleForName(string memory name) external view returns (RoleId roleId);
     function getRoleInfo(RoleId roleId) external view returns (RoleInfo memory roleInfo);
-    function getRoleForName(Str name) external view returns (RoleNameInfo memory);
 
     function hasRole(address account, RoleId roleId) external view returns (bool);
     function hasAdminRole(address account, RoleId roleId) external view returns (bool);
@@ -127,17 +157,14 @@ interface IAccessAdmin is
     function getRoleMember(RoleId roleId, uint256 idx) external view returns (address account);
 
     function targetExists(address target) external view returns (bool exists);
-    function isTargetLocked(address target) external view returns (bool locked);
+    function getTargetForName(Str name) external view returns (address target);
     function targets() external view returns (uint256 numberOfTargets);
     function getTargetAddress(uint256 idx) external view returns (address target);
     function getTargetInfo(address target) external view returns (TargetInfo memory targetInfo);
-    function getTargetForName(Str name) external view returns (address target);
+    function isTargetLocked(address target) external view returns (bool locked);
 
     function authorizedFunctions(address target) external view returns (uint256 numberOfFunctions);
     function getAuthorizedFunction(address target, uint256 idx) external view returns (FunctionInfo memory func, RoleId roleId);
-    function canCall(address caller, address target, Selector selector) external view returns (bool can);
 
-    function toRole(RoleId adminRoleId, RoleType roleType, uint32 maxMemberCount, string memory name) external view returns (RoleInfo memory);
-    function toFunction(bytes4 selector, string memory name) external view returns (FunctionInfo memory);
     function deployer() external view returns (address);
 }