@etherisc/gif-next 0.0.2-aad7ee0-660 → 0.0.2-ab4c2da-820

package/contracts/registry/RegistryAccessManager.sol

@@ -0,0 +1,207 @@
+// SPDX-License-Identifier: UNLICENSED
+pragma solidity ^0.8.20;
+
+import {AccessManager} from "@openzeppelin/contracts/access/manager/AccessManager.sol";
+import {AccessManaged} from "@openzeppelin/contracts/access/manager/AccessManaged.sol";
+
+import {RoleId, RoleIdLib,
+        REGISTRY_SERVICE_MANAGER_ROLE,
+        REGISTRY_SERVICE_ADMIN_ROLE,
+        RELEASE_MANAGER_ROLE} from "../types/RoleId.sol";
+
+import {TokenRegistry} from "./TokenRegistry.sol";
+import {ReleaseManager} from "./ReleaseManager.sol";
+
+/*
+    3 types of roles: 
+    1) REGISTRAR roles 
+        - each one is unique
+        - always have 1 member
+        - one role is set for each function of each version of registry service
+    2) REGISTRY_SERVICE_MANAGER_ROLE aka GIF_MANAGER_ROLE
+        - can have arbitrary number of members
+        - responsible for services registrations
+        - responsible for token registration and activation
+    3) REGISTRY_SERVICE_ADMIN_ROLE aka GIF_ADMIN_ROLE
+        - admin of REGISTRY_SERVICE_MANAGER_ROLE
+        - MUST have 1 member at any time
+        - granted/revoked ONLY in transferAdminRole() -> consider lock out situations!!!
+        - responsible for release manager initialization
+        - responsible for creation and activation of each release
+
+*/
+
+contract RegistryAccessManager is AccessManaged
+{
+    error NotInitialized();
+    error AlreadyInitialized();
+
+    uint64 public constant UNIQUE_ROLE_ID_MIN = 1000000;
+    
+    AccessManager private immutable _accessManager;
+    address private _releaseManager;
+    address private _tokenRegistry;
+
+    uint64 private _idNext; // role id
+    bool private _isInitialized;
+
+    modifier onlyOnce() {
+        if(_isInitialized) {
+            revert AlreadyInitialized();
+        } 
+        _;
+        _isInitialized = true;
+    }
+
+    modifier onlyInitialized() {
+        if(!_isInitialized) {
+            revert NotInitialized();
+        }
+        _;
+    }
+
+    constructor(address manager)
+        AccessManaged(msg.sender)
+    {
+        _accessManager = new AccessManager(address(this));
+        setAuthority(address(_accessManager));
+
+        _idNext = UNIQUE_ROLE_ID_MIN;
+
+        _configureAdminRoleInitial();
+
+        address admin = msg.sender;
+        _grantRole(REGISTRY_SERVICE_ADMIN_ROLE(), admin, 0);
+        _grantRole(REGISTRY_SERVICE_MANAGER_ROLE(), manager, 0);
+    }
+
+    function initialize(address releaseManager, address tokenRegistry)
+        external 
+        restricted // GIF_ADMIN_ROLE
+        onlyOnce
+    {
+        require(ReleaseManager(releaseManager).authority() == address(_accessManager));
+        //require(tokenRegistry.authority() == address(_accessManager));
+
+        _releaseManager = releaseManager;
+        _tokenRegistry = tokenRegistry;
+
+        _configureAdminRole();
+        _configureManagerRole();
+        _configureReleaseManagerRole();
+
+        _grantRole(RELEASE_MANAGER_ROLE(), releaseManager, 0);
+    }
+
+    // set unique role for target, role forever have 1 member and never revoked
+    function setAndGrantUniqueRole(
+        address account, 
+        address target, 
+        bytes4[] memory selector
+    )
+        external
+        restricted // RELEASE_MANAGER_ROLE
+        onlyInitialized
+        returns(RoleId)
+    {
+        // TODO questionable check...
+        // target is not part of `runtime`
+        //if(
+        //    target == address(this) ||
+        //    target == address(_accessManager) || 
+        //    target == _releaseManager || 
+        //    target == _tokenRegistry)
+        //{ return TargetInvalid(); }
+
+        RoleId roleId = _getNextRoleId();
+
+        _setTargetFunctionRole(target, selector, roleId);
+        _grantRole(roleId, account, 0);
+    }
+
+    /*function transferAdmin(address to)
+        external
+        restricted // only with REGISTRY_SERVICE_ADMIN_ROLE or nft owner
+    {
+        _accessManager.revoke(REGISTRY_SERVICE_ADMIN_ROLE, );
+        _accesssManager.grant(REGISTRY_SERVICE_ADMIN_ROLE, to, 0);
+    }*/
+
+    //--- view functions ----------------------------------------------------//
+
+    function getAccessManager()
+        external
+        view
+        returns (AccessManager)
+    {
+        return _accessManager;
+    }
+
+    //--- private functions -------------------------------------------------//
+
+    function _configureAdminRoleInitial() private
+    {
+        bytes4[] memory functionSelector = new bytes4[](1);
+
+        functionSelector[0] = RegistryAccessManager.initialize.selector;
+        _setTargetFunctionRole(address(this), functionSelector, REGISTRY_SERVICE_ADMIN_ROLE());
+    }
+
+    function _configureAdminRole() private
+    {
+        bytes4[] memory functionSelector = new bytes4[](1);
+
+        // for RegistryServiceProxyManager
+        // TODO upgrading with releaseManager.upgrade()->proxy.upgrade()???
+        //functionSelector[0] = RegistryServiceManager.upgrade.selector;
+        //_setTargetFunctionRole(address(this), functionSelector, REGISTRY_SERVICE_ADMIN_ROLE());
+
+        // for TokenRegistry
+
+        // for ReleaseManager
+        functionSelector[0] = ReleaseManager.createNextRelease.selector;
+        _setTargetFunctionRole(_releaseManager, functionSelector, REGISTRY_SERVICE_ADMIN_ROLE());
+        //functionSelector[0] = ReleaseManager.activateNextRelease.selector;
+        //_setTargetFunctionRole(_releaseManager, functionSelector, REGISTRY_SERVICE_ADMIN_ROLE());
+    }
+    
+    function _configureManagerRole() private 
+    {
+        bytes4[] memory functionSelector = new bytes4[](1);
+
+        // for TokenRegistry
+        functionSelector[0] = TokenRegistry.setActive.selector;
+        _setTargetFunctionRole(address(_tokenRegistry), functionSelector, REGISTRY_SERVICE_MANAGER_ROLE());
+
+        // for ReleaseManager
+        functionSelector[0] = ReleaseManager.registerService.selector;
+        _setTargetFunctionRole(_releaseManager, functionSelector, REGISTRY_SERVICE_MANAGER_ROLE());
+
+        // set admin
+        _setRoleAdmin(REGISTRY_SERVICE_MANAGER_ROLE(), REGISTRY_SERVICE_ADMIN_ROLE());
+    }
+
+    function _configureReleaseManagerRole() private
+    {
+        bytes4[] memory functionSelector = new bytes4[](1);
+
+        functionSelector[0] = RegistryAccessManager.setAndGrantUniqueRole.selector;
+        _setTargetFunctionRole(address(this), functionSelector, RELEASE_MANAGER_ROLE());
+    }
+
+    function _setTargetFunctionRole(address target, bytes4[] memory selectors, RoleId roleId) private {
+        _accessManager.setTargetFunctionRole(target, selectors, roleId.toInt());        
+    }
+
+    function _setRoleAdmin(RoleId roleId, RoleId adminRoleId) private {
+        _accessManager.setRoleAdmin(roleId.toInt(), adminRoleId.toInt());
+    }
+
+    function _grantRole(RoleId roleId, address account, uint32 executionDelay) private {
+            _accessManager.grantRole(roleId.toInt(), account, executionDelay);
+    }
+
+    function _getNextRoleId() private returns(RoleId roleId) {
+        roleId = RoleIdLib.toRoleId(_idNext++);
+    }
+}

package/contracts/registry/RegistryService.sol

@@ -1,17 +1,13 @@
 // SPDX-License-Identifier: Apache-2.0
 pragma solidity ^0.8.20;
 
-import {IERC20Metadata} from "@openzeppelin/contracts/token/ERC20/extensions/IERC20Metadata.sol";
 import {ERC165Checker} from "@openzeppelin/contracts/utils/introspection/ERC165Checker.sol";
-import {IERC721Receiver} from "@openzeppelin/contracts/token/ERC721/IERC721Receiver.sol";
 import {AccessManagedUpgradeable} from "@openzeppelin/contracts-upgradeable/access/manager/AccessManagedUpgradeable.sol";
 
 import {IRegistry} from "./IRegistry.sol";
 import {IInstance} from "../instance/IInstance.sol";
 
 import {ContractDeployerLib} from "../shared/ContractDeployerLib.sol";
-// import {IComponent, IComponentModule} from "../../contracts/instance/module/component/IComponent.sol";
-// import {IPool} from "../../contracts/instance/module/pool/IPoolModule.sol";
 import {IBaseComponent} from "../../contracts/components/IBaseComponent.sol";
 import {IPoolComponent} from "../../contracts/components/IPoolComponent.sol";
 import {IProductComponent} from "../../contracts/components/IProductComponent.sol";
@@ -20,9 +16,10 @@ import {IDistributionComponent} from "../../contracts/components/IDistributionCo
 import {IVersionable} from "../../contracts/shared/IVersionable.sol";
 import {Versionable} from "../../contracts/shared/Versionable.sol";
 import {IRegisterable} from "../../contracts/shared/IRegisterable.sol";
+import {Registerable} from "../../contracts/shared/Registerable.sol";
 
 import {RoleId, PRODUCT_OWNER_ROLE, POOL_OWNER_ROLE, ORACLE_OWNER_ROLE} from "../../contracts/types/RoleId.sol";
-import {ObjectType, REGISTRY, TOKEN, SERVICE, PRODUCT, ORACLE, POOL, TOKEN, INSTANCE, DISTRIBUTION, POLICY, BUNDLE} from "../../contracts/types/ObjectType.sol";
+import {ObjectType, REGISTRY, SERVICE, PRODUCT, ORACLE, POOL, INSTANCE, DISTRIBUTION, POLICY, BUNDLE, STAKE} from "../../contracts/types/ObjectType.sol";
 import {StateId, ACTIVE, PAUSED} from "../../contracts/types/StateId.sol";
 import {NftId, NftIdLib, zeroNftId} from "../../contracts/types/NftId.sol";
 import {Fee, FeeLib} from "../../contracts/types/Fee.sol";
@@ -32,7 +29,6 @@ import {Service} from "../shared/Service.sol";
 import {IService} from "../shared/IService.sol";
 import {IRegistryService} from "./IRegistryService.sol";
 import {Registry} from "./Registry.sol";
-import {ChainNft} from "./ChainNft.sol";
 
 contract RegistryService is
     AccessManagedUpgradeable,
@@ -41,116 +37,12 @@ contract RegistryService is
 {
     using NftIdLib for NftId;
 
-    error SelfRegistration();
-    error NotRegistryOwner();
-
-    error NotToken();
-    error NotService();
-    error NotInstance();
-    error NotProduct();
-    error NotPool();
-    error NotDistribution();
-
-    error UnexpectedRegisterableType(ObjectType expected, ObjectType found);
-    error NotRegisterableOwner(address expectedOwner);
-    error RegisterableOwnerIsZero();   
-    error RegisterableOwnerIsRegistered();
-    error InvalidInitialOwner(address initialOwner);
-    error InvalidAddress(address registerableAddress);
-
-
-    // Initial value for constant variable has to be compile-time constant
-    // TODO define types as constants?
-    //ObjectType public constant SERVICE_TYPE = REGISTRY(); 
-    string public constant NAME = "RegistryService";
-
     // TODO update to real hash when registry is stable
     bytes32 public constant REGISTRY_CREATION_CODE_HASH = bytes32(0);
 
     address public constant NFT_LOCK_ADDRESS = address(0x1);
 
-    /// @dev 
-    //  msg.sender - ONLY registry owner
-    //      CAN NOT register itself
-    //      CAN NOT register IRegisterable address
-    //      CAN register ONLY valid object-parent types combinations for TOKEN
-    // IMPORTANT: MUST NOT call untrusted contract inbetween calls to registry/instance (trusted contracts)
-    // motivation: registry/instance state may change during external call
-    // TODO it may be usefull to have transferable token nft in order to delist token, make it invalid for new beginings
-    // TODO: MUST prohibit registration of precompiles addresses
-    function registerToken(address tokenAddress)
-        external 
-        returns(NftId nftId) 
-    {
-        if(msg.sender == tokenAddress) {
-            revert SelfRegistration();
-        }    
-
-        // MUST not revert if no ERC165 support
-        if(tokenAddress.code.length == 0 ||
-            ERC165Checker.supportsInterface(tokenAddress, type(IRegisterable).interfaceId)) {
-            revert NotToken();
-        }
-
-        NftId registryNftId = _registry.getNftId(address(_registry));
-
-        if(msg.sender != _registry.ownerOf(registryNftId)) {
-            revert NotRegistryOwner();
-        }
-
-        IRegistry.ObjectInfo memory info = IRegistry.ObjectInfo(
-            zeroNftId(), // any value
-            registryNftId, // parent nft id
-            TOKEN(),
-            false, // isInterceptor
-            tokenAddress,
-            NFT_LOCK_ADDRESS,
-            "" // any value
-        );
-
-        nftId = _registry.register(info);
-    }
-
-    /// @dev 
-    //  msg.sender - ONLY registry owner
-    //      CAN NOT register itself
-    //      CAN register ONLY valid object-parent types combinations for SERVICE
-    //      CAN register ONLY IRegisterable address he owns
-    // IMPORTANT: MUST NOT check owner before calling external contract
-    function registerService(IService service)
-        external
-        // TODO restrict access - registryService.registerService must use accessmanager for checking permissions as 
-        // services are not always owned by registry owner - actually only registry service is owned by registry owner
-
-        returns(
-            IRegistry.ObjectInfo memory info,
-            bytes memory data
-        ) 
-    {
-
-        // CAN revert if no ERC165 support -> will revert with empty message 
-        if(!service.supportsInterface(type(IService).interfaceId)) {
-            revert NotService();
-        }
-
-        (
-            info, 
-            data
-        ) = _getAndVerifyContractInfo(service, SERVICE(), msg.sender);
 
-        info.nftId = _registry.register(info);
-        service.linkToRegisteredNftId();
-        return (
-            info,
-            data
-        );
-    }
-
-    // If msg.sender is approved service: 
-    // 1) add owner arg (service MUST pass it's msg.sender as owner)
-    // 2) check service allowance 
-    // 3) comment self registrstion check
-    //function registerInstance(IRegisterable instance, address owner)
     function registerInstance(IRegisterable instance)
         external
         returns(
@@ -162,18 +54,12 @@ contract RegistryService is
             revert NotInstance();
         }
 
-        (
-            info, 
-            data
-        ) = _getAndVerifyContractInfo(instance, INSTANCE(), msg.sender);
+        (info, data) = _getAndVerifyContractInfo(instance, INSTANCE(), msg.sender);
 
         info.nftId = _registry.register(info);
         instance.linkToRegisteredNftId(); // asume safe
         
-        return (
-            info,
-            data            
-        );
+        return (info, data);
     }
 
     function registerProduct(IBaseComponent product, address owner)
@@ -189,21 +75,13 @@ contract RegistryService is
             revert NotProduct();
         }
 
-        (
-            info, 
-            data
-        ) = _getAndVerifyContractInfo(product, PRODUCT(), owner);
-
-        NftId serviceNftId = _registry.getNftId(msg.sender);
+        (info, data) = _getAndVerifyContractInfo(product, PRODUCT(), owner);
 
         info.nftId = _registry.register(info);
         // TODO unsafe, let component or its owner derive nftId latter, when state assumptions and modifications of GIF contracts are finished  
         product.linkToRegisteredNftId();
 
-        return (
-            info,
-            data
-        );  
+        return (info, data);  
     }
 
     function registerPool(IBaseComponent pool, address owner)
@@ -218,20 +96,12 @@ contract RegistryService is
             revert NotPool();
         }
 
-        (
-            info, 
-            data
-        ) = _getAndVerifyContractInfo(pool, POOL(), owner);
-
-        NftId serviceNftId = _registry.getNftId(msg.sender);
+        (info, data) = _getAndVerifyContractInfo(pool, POOL(), owner);
 
         info.nftId = _registry.register(info);
         pool.linkToRegisteredNftId();
 
-        return (
-            info,
-            data
-        );  
+        return (info, data);  
     }
 
     function registerDistribution(IBaseComponent distribution, address owner)
@@ -246,20 +116,12 @@ contract RegistryService is
             revert NotDistribution();
         }
 
-        (
-            info, 
-            data
-        ) = _getAndVerifyContractInfo(distribution, DISTRIBUTION(), owner);
-
-        NftId serviceNftId = _registry.getNftId(msg.sender);
+        (info, data) = _getAndVerifyContractInfo(distribution, DISTRIBUTION(), owner);
 
         info.nftId = _registry.register(info); 
         distribution.linkToRegisteredNftId();
 
-        return (
-            info,
-            data
-        );  
+        return (info, data);  
     }
 
     function registerPolicy(IRegistry.ObjectInfo memory info)
@@ -267,8 +129,6 @@ contract RegistryService is
         restricted 
         returns(NftId nftId) 
     {
-        NftId senderNftId = _registry.getNftId(msg.sender);
-
         _verifyObjectInfo(info, POLICY());
 
         nftId = _registry.register(info);
@@ -279,31 +139,29 @@ contract RegistryService is
         restricted 
         returns(NftId nftId) 
     {
-
-        NftId senderNftId = _registry.getNftId(msg.sender);
-
         _verifyObjectInfo(info, BUNDLE());
 
         nftId = _registry.register(info);
     }
 
+    function registerStake(IRegistry.ObjectInfo memory info)
+        external
+        restricted 
+        returns(NftId nftId) 
+    {
+        _verifyObjectInfo(info, STAKE());
 
-    // From IService
-    function getName() public pure override(IService, Service) returns(string memory) {
-        return NAME;
+        nftId = _registry.register(info);
     }
-    //function getType() public pure override(IService, ServiceBase) returns(ObjectType serviceType) {
-    //    return SERVICE_TYPE;
-    //}
 
+    // From IService
+    function getDomain() public pure override(IService, Service) returns(ObjectType serviceDomain) {
+        return SERVICE(); 
+    }
 
     // from Versionable
 
     /// @dev top level initializer
-    // 1) registry is non upgradeable -> don't need a proxy and uses constructor !
-    // 2) deploy registry service first -> from its initialization func it is easier to deploy registry then vice versa
-    // 3) deploy registry -> pass registry service address as constructor argument
-    // registry is getting instantiated and locked to registry service address forever
     function _initialize(
         address owner, 
         bytes memory data
@@ -314,38 +172,66 @@ contract RegistryService is
     {
         (
             address initialAuthority,
-            bytes memory registryByteCodeWithInitCode
-        ) = abi.decode(data, (address, bytes));
+            address registry
+        ) = abi.decode(data, (address, address));
 
         __AccessManaged_init(initialAuthority);
 
-        bytes memory encodedConstructorArguments = abi.encode(
-            owner,
-            getMajorVersion());
+        _initializeService(address(registry), owner);
+
+        _registerInterface(type(IRegistryService).interfaceId);
+    }
+
+    // from IRegisterable
+
+    function getInitialInfo() 
+        public 
+        view
+        override(IRegisterable, Registerable)
+        returns (IRegistry.ObjectInfo memory info, bytes memory data)
+    {
+        (info , data) = super.getInitialInfo();
 
-        bytes memory registryCreationCode = ContractDeployerLib.getCreationCode(
-            registryByteCodeWithInitCode,
-            encodedConstructorArguments);
+        FunctionConfig[] memory config = new FunctionConfig[](6);
 
-        IRegistry registry = IRegistry(ContractDeployerLib.deploy(
-            registryCreationCode,
-            REGISTRY_CREATION_CODE_HASH));
+        // registerInstance() have no restriction
+        config[0].serviceDomain = INSTANCE();
+        config[0].selector = new bytes4[](1);
+        config[0].selector[0] = RegistryService.registerInstance.selector;
 
-        NftId registryNftId = registry.getNftId(address(registry));
+        config[1].serviceDomain = POOL();
+        config[1].selector = new bytes4[](1);
+        config[1].selector[0] = RegistryService.registerPool.selector;
 
-        _initializeService(address(registry), owner);
+        config[2].serviceDomain = DISTRIBUTION();
+        config[2].selector = new bytes4[](1);
+        config[2].selector[0] = RegistryService.registerDistribution.selector;
 
-        // TODO why do registry service proxy need to keep its nftId??? -> no registryServiceNftId checks in implementation
-        // if they are -> use registry address to obtain owner of registry service nft (works the same with any registerable and(or) implementation)
-        linkToRegisteredNftId(); 
-        _registerInterface(type(IRegistryService).interfaceId);
+        config[3].serviceDomain = PRODUCT();
+        config[3].selector = new bytes4[](1);
+        config[3].selector[0] = RegistryService.registerProduct.selector;
+
+        config[4].serviceDomain = POLICY();
+        config[4].selector = new bytes4[](1);
+        config[4].selector[0] = RegistryService.registerPolicy.selector;
+
+        config[5].serviceDomain = BUNDLE();
+        config[5].selector = new bytes4[](1);
+        config[5].selector[0] = RegistryService.registerBundle.selector;
+
+        /*config[6].serviceDomain = STAKE();
+        config[6].selector = new bytes4[](1);
+        config[6].selector[0] = RegistryService.registerStake.selector;*/
+
+        data = abi.encode(config);
     }
 
-    // parent check done in registry because of approve()
+    // Internal
+
     function _getAndVerifyContractInfo(
         IRegisterable registerable,
         ObjectType expectedType, // assume can be valid only
-        address expectedOwner // assume can be 0
+        address expectedOwner // assume can be 0 when given by other service
     )
         internal
         view
@@ -394,31 +280,31 @@ contract RegistryService is
             revert InvalidParent(parentNftId);
         }*/
 
-        return(
-            info,
-            data
-        );
+        return(info, data);
     }
 
-    // parent checks done in registry because of approve()
     function _verifyObjectInfo(
         IRegistry.ObjectInfo memory info,
-        ObjectType objectType
+        ObjectType expectedType
     )
         internal
         view
     {
-        if(info.objectAddress > address(0)) {
-            revert InvalidAddress(info.objectAddress);
+        // enforce instead of check
+        info.objectAddress = address(0);
+
+        if(info.objectType != expectedType) {// type is checked in registry anyway...but service logic may depend on expected value
+            revert UnexpectedRegisterableType(expectedType, info.objectType);
         }
 
-        if(
-            getRegistry().isRegistered(info.initialOwner) ||
-            info.initialOwner == address(0)) {
-            // TODO non registered address can register object(e.g. POLICY()) and then transfer associated nft to registered contract
-            // what are motivations to do so?
-            // at least registered contract can not register objects by itself, SERVICE, 
-            revert InvalidInitialOwner(info.initialOwner); 
+        address owner = info.initialOwner;
+
+        if(owner == address(0)) {
+            revert RegisterableOwnerIsZero();
+        }
+
+        if(getRegistry().isRegistered(owner)) { 
+            revert RegisterableOwnerIsRegistered();
         }
 
         // can catch all 3 if check that initialOwner is not registered