npm - @etherisc/gif-next - Versions diffs - 0.0.2-bb3faee-097 → 0.0.2-bb9ecaf-723 - Mend

@etherisc/gif-next 0.0.2-bb3faee-097 → 0.0.2-bb9ecaf-723

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (345) hide show

package/contracts/authorization/AccessAdmin.sol CHANGED Viewed

@@ -3,16 +3,16 @@ pragma solidity ^0.8.20;
 import {AccessManagedUpgradeable} from "@openzeppelin/contracts-upgradeable/access/manager/AccessManagedUpgradeable.sol";
 import {EnumerableSet} from "@openzeppelin/contracts/utils/structs/EnumerableSet.sol";
-import {ReentrancyGuardUpgradeable} from "@openzeppelin/contracts-upgradeable/utils/ReentrancyGuardUpgradeable.sol";
 import {IAccess} from "./IAccess.sol";
 import {IAccessAdmin} from "./IAccessAdmin.sol";
 import {IAuthorization} from "./IAuthorization.sol";
 import {IRegistry} from "../registry/IRegistry.sol";
+import {IServiceAuthorization} from "./IServiceAuthorization.sol";
-import {ADMIN_ROLE_NAME, PUBLIC_ROLE_NAME} from "./AccessAdmin.sol";
 import {AccessAdminLib} from "./AccessAdminLib.sol";
 import {AccessManagerCloneable} from "./AccessManagerCloneable.sol";
+import {Blocknumber, BlocknumberLib} from "../type/Blocknumber.sol";
 import {ContractLib} from "../shared/ContractLib.sol";
 import {NftId, NftIdLib} from "../type/NftId.sol";
 import {ObjectType} from "../type/ObjectType.sol";
@@ -22,9 +22,6 @@ import {Str, StrLib} from "../type/String.sol";
 import {TimestampLib} from "../type/Timestamp.sol";
 import {VersionPart} from "../type/Version.sol";
-function ADMIN_ROLE_NAME() pure returns (string memory) { return "AdminRole"; }
-function PUBLIC_ROLE_NAME() pure returns (string memory) { return "PublicRole"; }
 /**
  * @dev A generic access amin contract that implements role based access control based on OpenZeppelin's AccessManager contract.
@@ -33,7 +30,6 @@ function PUBLIC_ROLE_NAME() pure returns (string memory) { return "PublicRole";
  */
 contract AccessAdmin is
     AccessManagedUpgradeable,
-    ReentrancyGuardUpgradeable,
     IAccessAdmin
 {
     using EnumerableSet for EnumerableSet.AddressSet;
@@ -48,9 +44,9 @@ contract AccessAdmin is
     /// @dev the authorization contract used for initial access control
     IAuthorization internal _authorization;
-    /// @dev stores the deployer address and allows to create initializers
-    /// that are restricted to the deployer address.
-    address internal _deployer;
+    // /// @dev stores the deployer address and allows to create initializers
+    // /// that are restricted to the deployer address.
+    // address internal _deployer;
     /// @dev the linked NFT ID
     NftId internal _linkedNftId;
@@ -64,6 +60,9 @@ contract AccessAdmin is
     /// @dev store array with all created roles
     RoleId [] internal _roleIds;
+    // @dev target type specific role id counters
+    mapping(TargetType => uint64) internal _nextRoleId;
     /// @dev store set of current role members for given role
     mapping(RoleId roleId => EnumerableSet.AddressSet roleMembers) internal _roleMembers;
@@ -85,22 +84,6 @@ contract AccessAdmin is
     /// @dev temporary dynamic functions array
     bytes4[] private _functions;
-    // @dev target type specific role id counters
-    mapping(TargetType => uint64) internal _nextRoleId;
-    modifier onlyDeployer() {
-        // special case for cloned AccessAdmin contracts
-        // IMPORTANT cloning and initialize authority needs to be done in a single transaction
-        if (_deployer == address(0)) {
-            _deployer = msg.sender;
-        }
-        if (msg.sender != _deployer) {
-            revert ErrorAccessAdminNotDeployer();
-        }
-        _;
-    }
     //-------------- initialization functions ------------------------------//
@@ -117,25 +100,18 @@ contract AccessAdmin is
     }
+    /// @dev Initializes this admin with the provided accessManager and name.
+    /// IMPORTANT
+    /// - cloning of an access admin and initialization MUST be done in the same tx.
+    /// - this function as well as any completeSetup functions MUST be called in the same tx.
     function __AccessAdmin_init(
         address authority,
         string memory adminName
     )
         internal
         onlyInitializing()
-        onlyDeployer()
     {
-        // checks
-        // only contract check (authority might not yet be initialized at this time)
-        if (!ContractLib.isContract(authority)) {
-            revert ErrorAccessAdminAuthorityNotContract(authority);
-        }
-        // check name not empty
-        if (bytes(adminName).length == 0) {
-            revert ErrorAccessAdminAccessManagerEmptyName();
-        }
+        AccessAdminLib.checkInitParameters(authority, adminName);
         _authority = AccessManagerCloneable(authority);
         _authority.initialize(address(this));
@@ -155,11 +131,22 @@ contract AccessAdmin is
         // set initial linked NFT ID to zero
         _linkedNftId = NftIdLib.zero();
-        // create admin and public roles
-        _initializeAdminAndPublicRoles();
+        // setup admin role
+        _createRoleUnchecked(
+            ADMIN_ROLE(), AccessAdminLib.adminRoleInfo());
+        // add this contract as admin role member, as contract roles cannot be revoked
+        // and max member count is 1 for admin role this access admin contract will
+        // always be the only admin of the access manager.
+        _roleMembers[
+            RoleIdLib.toRoleId(_authority.ADMIN_ROLE())].add(address(this));
+        // setup public role
+        _createRoleUnchecked(
+            PUBLIC_ROLE(), AccessAdminLib.publicRoleInfo());
     }
-    //--- view functions for access amdin ---------------------------------------//
+    //--- view functions for access admin ---------------------------------------//
     function getRelease() public view virtual returns (VersionPart release) {
         return _authority.getRelease();
@@ -176,11 +163,6 @@ contract AccessAdmin is
     }
-    function getLinkedOwner() external view returns (address linkedOwner) {
-        return getRegistry().ownerOf(_linkedNftId);
-    }
     function getAuthorization() public view returns (IAuthorization authorization) {
         return _authorization;
     }
@@ -208,21 +190,17 @@ contract AccessAdmin is
         return RoleId.wrap(_authority.PUBLIC_ROLE());
     }
-    function roleExists(string memory name) public view returns (bool exists) {
-        // special case for admin and public roles
-        if (StrLib.eq(name, ADMIN_ROLE_NAME()) || StrLib.eq(name, PUBLIC_ROLE_NAME())) {
-            return true;
-        }
-        return _roleForName[StrLib.toStr(name)].roleId.gtz();
-    }
     function roleExists(RoleId roleId) public view returns (bool exists) {
-        return _roleInfo[roleId].createdAt.gtz();
+        return _roleInfo[roleId].targetType != TargetType.Undefined;
     }
-    function getRoleForName(string memory name) public view returns (RoleId roleId) {
-        return _roleForName[StrLib.toStr(name)].roleId;
+    function getRoleForName(string memory name) public view returns (RoleId roleId, bool exists) {
+        roleId = _roleForName[StrLib.toStr(name)].roleId;
+        exists = false;
+        if (roleId.gtz() || AccessAdminLib.isAdminRoleName(name)) {
+            exists = true;
+        }
     }
     function getRoleInfo(RoleId roleId) public view returns (RoleInfo memory) {
@@ -234,7 +212,7 @@ contract AccessAdmin is
     }
     function isRoleCustom(RoleId roleId) external view returns (bool isActive) {
-        return _roleInfo[roleId].roleType == RoleType.Custom;
+        return _roleInfo[roleId].targetType == TargetType.Custom;
     }
     function roleMembers(RoleId roleId) external view returns (uint256 numberOfMembers) {
@@ -282,6 +260,8 @@ contract AccessAdmin is
         return _authority.isLocked() || _authority.isTargetClosed(target);
     }
+    //--- view functions for target functions -------------------------------//
     function authorizedFunctions(address target) external view returns (uint256 numberOfFunctions) {
         return SelectorSetLib.size(_targetFunctions[target]);
     }
@@ -305,8 +285,13 @@ contract AccessAdmin is
                 selector.toBytes4()));
     }
-    function deployer() public view returns (address) {
-        return _deployer;
+    function getFunctionInfo(address target, Selector selector)
+        external
+        view
+        returns (FunctionInfo memory functionInfo)
+    {
+        return _functionInfo[target][selector];
     }
     //--- internal/private functions -------------------------------------------------//
@@ -320,150 +305,88 @@ contract AccessAdmin is
     }
-    function _initializeAdminAndPublicRoles()
-        internal
-        virtual
-        onlyInitializing()
-    {
-        // setup admin role
-        _createRoleUnchecked(
-            ADMIN_ROLE(),
-            AccessAdminLib.toRole({
-                adminRoleId: ADMIN_ROLE(),
-                roleType: RoleType.Contract,
-                maxMemberCount: 1,
-                name: ADMIN_ROLE_NAME()}));
-        // add this contract as admin role member, as contract roles cannot be revoked
-        // and max member count is 1 for admin role this access admin contract will
-        // always be the only admin of the access manager.
-        _roleMembers[
-            RoleIdLib.toRoleId(_authority.ADMIN_ROLE())].add(address(this));
-        // setup public role
-        _createRoleUnchecked(
-            PUBLIC_ROLE(),
-            AccessAdminLib.toRole({
-                adminRoleId: ADMIN_ROLE(),
-                roleType: RoleType.Core,
-                maxMemberCount: type(uint32).max,
-                name: PUBLIC_ROLE_NAME()}));
-    }
-    /// @dev Authorize the functions of the target for the specified role.
-    function _authorizeFunctions(IAuthorization authorization, Str target, RoleId roleId)
+    function _createRoles(
+        IServiceAuthorization authorization
+    )
         internal
     {
-        _authorizeTargetFunctions(
-            getTargetForName(target),
-            _toAuthorizedRoleId(authorization, roleId),
-            authorization.getAuthorizedFunctions(
-                target,
-                roleId),
-            true);
-    }
+        RoleId[] memory roles = authorization.getRoles();
+        for(uint256 i = 0; i < roles.length; i++) {
+            RoleId authzRoleId = roles[i];
+            IAccess.RoleInfo memory roleInfo = authorization.getRoleInfo(authzRoleId);
+            (RoleId roleId, bool exists) = getRoleForName(roleInfo.name.toString());
-    function _toAuthorizedRoleId(IAuthorization authorization, RoleId roleId)
-        internal
-        returns (RoleId authorizedRoleId)
-    {
-        // special case for service roles (service roles have predefined role ids)
-        if (roleId.isServiceRole()) {
+            if (!exists) {
+                if (!AccessAdminLib.isDynamicRoleId(authzRoleId)) {
+                    roleId = authzRoleId;
+                }
-            // create service role if missing
-            if (!roleExists(roleId)) {
                 _createRole(
-                    roleId,
-                    AccessAdminLib.toRole(
-                        ADMIN_ROLE(),
-                        RoleType.Contract,
-                        1,
-                        authorization.getRoleName(roleId)));
+                    roleId,
+                    roleInfo,
+                    true);
             }
-            return roleId;
         }
-        string memory roleName = authorization.getRoleInfo(roleId).name.toString();
-        return authorizedRoleId = getRoleForName(roleName);
     }
-    function _authorizeTargetFunctions(
-        address target,
+    /// @dev Creates a role based on the provided parameters.
+    /// Checks that the provided role and role id and role name not already used.
+    function _createRole(
         RoleId roleId,
-        FunctionInfo[] memory functions,
-        bool addFunctions
+        RoleInfo memory info,
+        bool revertOnExistingRole
     )
         internal
     {
-        if (addFunctions && roleId == getAdminRole()) {
-            revert ErrorAccessAdminAuthorizeForAdminRoleInvalid(target);
+        bool isAdminOrPublicRole = AccessAdminLib.checkRoleCreation(this, roleId, info, revertOnExistingRole);
+        if (!isAdminOrPublicRole) {
+            _createRoleUnchecked(roleId, info);
         }
-        // apply authz via access manager
-        _grantRoleAccessToFunctions(
-            target,
-            roleId,
-            functions,
-            addFunctions); // add functions
     }
-    /// @dev grant the specified role access to all functions in the provided selector list
-    function _grantRoleAccessToFunctions(
-        address target,
+    function _createRoleUnchecked(
         RoleId roleId,
-        FunctionInfo[] memory functions,
-        bool addFunctions
+        RoleInfo memory info
     )
-        internal
+        private
     {
-        _checkTargetExists(target);
-        _checkRoleExists(roleId, true, true);
+        // create role info
+        info.createdAt = TimestampLib.current();
+        info.pausedAt = TimestampLib.max();
+        _roleInfo[roleId] = info;
-        _authority.setTargetFunctionRole(
-            target,
-            AccessAdminLib.getSelectors(functions),
-            RoleId.unwrap(roleId));
+        // create role name info
+        _roleForName[info.name] = RoleNameInfo({
+            roleId: roleId,
+            exists: true});
-        // update function set and log function grantings
-        for (uint256 i = 0; i < functions.length; i++) {
-            _updateFunctionAccess(
-                target,
-                roleId,
-                functions[i],
-                addFunctions);
-        }
+        // add role to list of roles
+        _roleIds.push(roleId);
+        emit LogAccessAdminRoleCreated(_adminName, roleId, info.targetType, info.adminRoleId, info.name.toString());
     }
-    function _updateFunctionAccess(
-        address target,
-        RoleId roleId,
-        FunctionInfo memory func,
-        bool addFunction
-    )
+    /// @dev Activates or deactivates role.
+    /// The role activ property is indirectly controlled over the pausedAt timestamp.
+    function _setRoleActive(RoleId roleId, bool active)
         internal
     {
-        // update functions info
-        Selector selector = func.selector;
-        _functionInfo[target][selector] = func;
+        AccessAdminLib.checkRoleExists(this, roleId, false, false);
-        // update function sets
-        if (addFunction) { SelectorSetLib.add(_targetFunctions[target], selector); }
-        else { SelectorSetLib.remove(_targetFunctions[target], selector); }
+        if (active) {
+            _roleInfo[roleId].pausedAt = TimestampLib.max();
+        } else {
+            _roleInfo[roleId].pausedAt = TimestampLib.current();
+        }
-        // logging
-        emit LogAccessAdminFunctionGranted(
-            _adminName,
-            target,
-            string(abi.encodePacked(
-                func.name.toString(),
-                "(): ",
-                _getRoleName(roleId))));
+        Blocknumber lastUpdateIn = _roleInfo[roleId].lastUpdateIn;
+        _roleInfo[roleId].lastUpdateIn = BlocknumberLib.current();
+        emit LogAccessAdminRoleActivatedSet(_adminName, roleId, active, lastUpdateIn);
     }
@@ -471,7 +394,7 @@ contract AccessAdmin is
     function _grantRoleToAccount(RoleId roleId, address account)
         internal
     {
-        _checkRoleExists(roleId, true, false);
+        AccessAdminLib.checkRoleExists(this, roleId, true, false);
         // check max role members will not be exceeded
         if (_roleMembers[roleId].length() >= _roleInfo[roleId].maxMemberCount) {
@@ -480,7 +403,7 @@ contract AccessAdmin is
         // check account is contract for contract role
         if (
-            _roleInfo[roleId].roleType == RoleType.Contract &&
+            _roleInfo[roleId].targetType != TargetType.Custom &&
             !ContractLib.isContract(account) // will fail in account's constructor
         ) {
             revert ErrorAccessAdminRoleMemberNotContract(roleId, account);
@@ -493,7 +416,10 @@ contract AccessAdmin is
             account,
             0);
-        emit LogAccessAdminRoleGranted(_adminName, account, _getRoleName(roleId));
+        emit LogAccessAdminRoleGranted(
+            _adminName,
+            account,
+            AccessAdminLib.getRoleName(this, roleId));
     }
@@ -501,10 +427,10 @@ contract AccessAdmin is
     function _revokeRoleFromAccount(RoleId roleId, address account)
         internal
     {
-        _checkRoleExists(roleId, false, false);
+        AccessAdminLib.checkRoleExists(this, roleId, false, false);
         // check for attempt to revoke contract role
-        if (_roleInfo[roleId].roleType == RoleType.Contract) {
+        if (_roleInfo[roleId].targetType != TargetType.Custom) {
             revert ErrorAccessAdminRoleMemberRemovalDisabled(roleId, account);
         }
@@ -518,57 +444,35 @@ contract AccessAdmin is
     }
-    /// @dev Creates a role based on the provided parameters.
-    /// Checks that the provided role and role id and role name not already used.
-    function _createRole(
-        RoleId roleId,
-        RoleInfo memory info
+    function _getOrCreateTargetRoleIdAndName(
+        address target,
+        string memory targetName,
+        TargetType targetType
     )
         internal
+        returns (
+            RoleId roleId,
+            string memory roleName,
+            bool exists
+        )
     {
-        // skip admin and public roles (they are created during initialization)
-        if (roleId == ADMIN_ROLE() || roleId == PUBLIC_ROLE()) {
-            return;
-        }
-        AccessAdminLib.checkRoleCreation(this, roleId, info);
-        _createRoleUnchecked(roleId, info);
-    }
+        roleName = AccessAdminLib.toRoleName(targetName);
+        (roleId, exists) = getRoleForName(roleName);
+        if (exists) {
+            return (roleId, roleName, true);
+        }
-    /// @dev Activates or deactivates role.
-    /// The role activ property is indirectly controlled over the pausedAt timestamp.
-    function _setRoleActive(RoleId roleId, bool active)
-        internal
-    {
-        if (active) {
-            _roleInfo[roleId].pausedAt = TimestampLib.max();
+        // get roleId
+        if (targetType == TargetType.Service || targetType == TargetType.GenericService) {
+            roleId = AccessAdminLib.getServiceRoleId(target, targetType);
         } else {
-            _roleInfo[roleId].pausedAt = TimestampLib.current();
-        }
-    }
-    function _createManagedTarget(
-        address target,
-        string memory targetName,
-        TargetType targetType
-    )
-        internal
-        returns (RoleId contractRoleId)
-    {
-        return _createTarget(target, targetName, targetType, true);
-    }
+            uint64 nextRoleId = _nextRoleId[targetType];
+            roleId = AccessAdminLib.getTargetRoleId(target, targetType, nextRoleId);
-    function _createUncheckedTarget(
-        address target,
-        string memory targetName,
-        TargetType targetType
-    )
-        internal
-    {
-        _createTarget(target, targetName, targetType, false);
+            // increment target type specific role id counter
+            _nextRoleId[targetType]++;
+        }
     }
@@ -578,7 +482,7 @@ contract AccessAdmin is
         TargetType targetType,
         bool checkAuthority
     )
-        private
+        internal
         returns (RoleId contractRoleId)
     {
         // checks
@@ -607,29 +511,6 @@ contract AccessAdmin is
     }
-    function _createRoleUnchecked(
-        RoleId roleId,
-        RoleInfo memory info
-    )
-        private
-    {
-        // create role info
-        info.createdAt = TimestampLib.current();
-        info.pausedAt = TimestampLib.max();
-        _roleInfo[roleId] = info;
-        // create role name info
-        _roleForName[info.name] = RoleNameInfo({
-            roleId: roleId,
-            exists: true});
-        // add role to list of roles
-        _roleIds.push(roleId);
-        emit LogAccessAdminRoleCreated(_adminName, roleId, info.roleType, info.adminRoleId, info.name.toString());
-    }
     /// @dev Creates a new target and a corresponding contract role.
     /// The function assigns the role to the target and logs the creation.
     function _createTargetUnchecked(
@@ -643,12 +524,18 @@ contract AccessAdmin is
     {
         // create target role (if not existing)
         string memory roleName;
-        (targetRoleId, roleName) = _getOrCreateTargetRoleIdAndName(target, targetName, targetType);
+        bool roleExists;
+        (targetRoleId, roleName, roleExists) = _getOrCreateTargetRoleIdAndName(target, targetName, targetType);
-        if (!roleExists(targetRoleId)) {
+        if (!roleExists) {
             _createRole(
                 targetRoleId,
-                AccessAdminLib.toRole(ADMIN_ROLE(), IAccess.RoleType.Contract, 1, roleName));
+                AccessAdminLib.roleInfo(
+                    ADMIN_ROLE(),
+                    targetType,
+                    1,
+                    roleName),
+                true); // revert on existing role
         }
         // create target info
@@ -657,8 +544,8 @@ contract AccessAdmin is
             name: name,
             targetType: targetType,
             roleId: targetRoleId,
-            createdAt: TimestampLib.current()
-        });
+            createdAt: TimestampLib.current(),
+            lastUpdateIn: BlocknumberLib.current()});
         // create name to target mapping
         _targetForName[name] = target;
@@ -673,45 +560,101 @@ contract AccessAdmin is
     }
-    function _getOrCreateTargetRoleIdAndName(
-        address target,
-        string memory targetName,
-        TargetType targetType
-    )
+    function _setTargetLocked(address target, bool locked)
         internal
-        returns (
-            RoleId roleId,
-            string memory roleName
-        )
     {
-        // get roleId
-        if (targetType == TargetType.Service || targetType == TargetType.GenericService) {
-            roleId = AccessAdminLib.getServiceRoleId(target, targetType);
-        } else {
-            roleId = AccessAdminLib.getTargetRoleId(target, targetType, _nextRoleId[targetType]);
+        AccessAdminLib.checkTargetExists(this, target);
+        _authority.setTargetClosed(target, locked);
-            // increment target type specific role id counter
-            _nextRoleId[targetType]++;
-        }
+        // logging
+        Blocknumber lastUpdateIn = _targetInfo[target].lastUpdateIn;
+        _targetInfo[target].lastUpdateIn = BlocknumberLib.current();
-        // create role name
-        roleName = AccessAdminLib.toRoleName(targetName);
+        emit LogAccessAdminTargetLockedSet(_adminName, target, locked, lastUpdateIn);
     }
-    function _setTargetLocked(address target, bool locked)
+    /// @dev Authorize the functions of the target for the specified role.
+    function _authorizeFunctions(IAuthorization authorization, Str target, RoleId roleId)
         internal
     {
-        _checkTargetExists(target);
-        _authority.setTargetClosed(target, locked);
+        _authorizeTargetFunctions(
+            getTargetForName(target),
+            AccessAdminLib.getAuthorizedRole(
+                this,
+                authorization,
+                roleId),
+            authorization.getAuthorizedFunctions(
+                target,
+                roleId),
+            false,
+            true);
     }
-    function _getRoleName(RoleId roleId) internal view returns (string memory) {
-        if (roleExists(roleId)) {
-            return _roleInfo[roleId].name.toString();
+    /// @dev Authorize the functions of the target for the specified role.
+    /// Flag addFunctions determines if functions are added or removed.
+    function _authorizeTargetFunctions(
+        address target,
+        RoleId roleId,
+        FunctionInfo[] memory functions,
+        bool onlyComponentOrContractTargets,
+        bool addFunctions
+    )
+        internal
+    {
+        // checks
+        AccessAdminLib.checkTargetAndRoleForFunctions(
+            this,
+            target,
+            roleId,
+            onlyComponentOrContractTargets);
+        if (addFunctions && roleId == getAdminRole()) {
+            revert ErrorAccessAdminAuthorizeForAdminRoleInvalid(target);
+        }
+        _authority.setTargetFunctionRole(
+            target,
+            AccessAdminLib.getSelectors(functions),
+            RoleId.unwrap(roleId));
+        // update function set and log function grantings
+        for (uint256 i = 0; i < functions.length; i++) {
+            _updateFunctionAccess(
+                target,
+                roleId,
+                functions[i],
+                addFunctions);
         }
-        return "<unknown-role>";
+    }
+    function _updateFunctionAccess(
+        address target,
+        RoleId roleId,
+        FunctionInfo memory func,
+        bool addFunction
+    )
+        internal
+    {
+        // update functions info
+        Selector selector = func.selector;
+        Blocknumber lastUpdateIn = _functionInfo[target][selector].lastUpdateIn;
+        // update function sets
+        if (addFunction) { SelectorSetLib.add(_targetFunctions[target], selector); }
+        else { SelectorSetLib.remove(_targetFunctions[target], selector); }
+        _functionInfo[target][selector] = func;
+        _functionInfo[target][selector].lastUpdateIn = BlocknumberLib.current();
+        // logging
+        emit LogAccessAdminFunctionGranted(
+            _adminName,
+            target,
+            AccessAdminLib.toFunctionGrantingString(this, func.name, roleId),
+            lastUpdateIn);
     }
@@ -733,48 +676,4 @@ contract AccessAdmin is
             expectServiceAuthorization,
             checkAlreadyInitialized);
     }
-    function _checkRoleExists(
-        RoleId roleId,
-        bool onlyActiveRole,
-        bool allowAdminAndPublicRoles
-    )
-        internal
-        view
-    {
-        if (!roleExists(roleId)) {
-            revert ErrorAccessAdminRoleUnknown(roleId);
-        }
-        if (!allowAdminAndPublicRoles) {
-            if (roleId == ADMIN_ROLE()) {
-                revert ErrorAccessAdminInvalidUserOfAdminRole();
-            }
-            // check role is not public role
-            if (roleId == PUBLIC_ROLE()) {
-                revert ErrorAccessAdminInvalidUserOfPublicRole();
-            }
-        }
-        // check if role is disabled
-        if (onlyActiveRole && _roleInfo[roleId].pausedAt <= TimestampLib.current()) {
-            revert ErrorAccessAdminRoleIsPaused(roleId);
-        }
-    }
-    /// @dev check if target exists and reverts if it doesn't
-    function _checkTargetExists(
-        address target
-    )
-        internal
-        view
-    {
-        // check not yet created
-        if (!targetExists(target)) {
-            revert ErrorAccessAdminTargetNotCreated(target);
-        }
-    }
 }