npm - @etherisc/gif-next - Versions diffs - 0.0.2-bb3faee-097 → 0.0.2-bb9ecaf-723 - Mend

@etherisc/gif-next 0.0.2-bb3faee-097 → 0.0.2-bb9ecaf-723

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (345) hide show

package/contracts/authorization/AccessAdminLib.sol CHANGED Viewed

@@ -7,13 +7,15 @@ import {IAccess} from "./IAccess.sol";
 import {IAccessAdmin} from "./IAccessAdmin.sol";
 import {IAuthorization} from "./IAuthorization.sol";
 import {IComponent} from "../shared/IComponent.sol";
+import {IInstanceLinkedComponent} from "../shared/IInstanceLinkedComponent.sol";
 import {IRegistry} from "../registry/IRegistry.sol";
 import {IService} from "../shared/IService.sol";
 import {IServiceAuthorization} from "./IServiceAuthorization.sol";
+import {BlocknumberLib} from "../type/Blocknumber.sol";
 import {ContractLib} from "../shared/ContractLib.sol";
 import {ObjectType} from "../type/ObjectType.sol";
-import {RoleId, RoleIdLib} from "../type/RoleId.sol";
+import {RoleId, RoleIdLib, ADMIN_ROLE, PUBLIC_ROLE} from "../type/RoleId.sol";
 import {SelectorLib} from "../type/Selector.sol";
 import {Str, StrLib} from "../type/String.sol";
 import {TimestampLib} from "../type/Timestamp.sol";
@@ -40,6 +42,126 @@ library AccessAdminLib { // ACCESS_ADMIN_LIB
     uint64 public constant CUSTOM_ROLE_MIN      = 1000000;
+    function ADMIN_ROLE_NAME() public pure returns (string memory) {
+        return "AdminRole";
+    }
+    function isAdminRoleName(string memory name) public pure returns (bool) {
+        return StrLib.eq(name, ADMIN_ROLE_NAME());
+    }
+    function PUBLIC_ROLE_NAME() public pure returns (string memory) {
+        return "PublicRole";
+    }
+    function getAdminRole() public pure returns (RoleId adminRoleId) {
+        // see oz AccessManagerUpgradeable
+        return RoleId.wrap(type(uint64).min);
+    }
+    function getPublicRole() public pure returns (RoleId publicRoleId) {
+        // see oz AccessManagerUpgradeable
+        return RoleId.wrap(type(uint64).max);
+    }
+    function isAdminOrPublicRole(string memory name)
+        public
+        view
+        returns (bool)
+    {
+        return StrLib.eq(name, ADMIN_ROLE_NAME())
+            || StrLib.eq(name, PUBLIC_ROLE_NAME());
+    }
+    function isDynamicRoleId(RoleId roleId)
+        public
+        pure
+        returns (bool)
+    {
+        return roleId.toInt() >= COMPONENT_ROLE_MIN;
+    }
+    function adminRoleInfo()
+        public
+        view
+        returns (IAccess.RoleInfo memory)
+    {
+        return roleInfo(
+            getAdminRole(),
+            IAccess.TargetType.Core,
+            1,
+            ADMIN_ROLE_NAME());
+    }
+    function publicRoleInfo()
+        public
+        view
+        returns (IAccess.RoleInfo memory)
+    {
+        return roleInfo(
+            getAdminRole(),
+            IAccess.TargetType.Custom,
+            type(uint32).max,
+            PUBLIC_ROLE_NAME());
+    }
+    function coreRoleInfo(string memory name)
+        public
+        view
+        returns (IAccess.RoleInfo memory)
+    {
+        return roleInfo(
+            getAdminRole(),
+            IAccess.TargetType.Core,
+            1,
+            name);
+    }
+    function serviceRoleInfo(string memory serviceName)
+        public
+        view
+        returns (IAccess.RoleInfo memory)
+    {
+        return roleInfo(
+            getAdminRole(),
+            IAccess.TargetType.Service,
+            1,
+            serviceName);
+    }
+    /// @dev Creates a role info object from the provided parameters
+    function roleInfo(
+        RoleId adminRoleId,
+        IAccess.TargetType targetType,
+        uint32 maxMemberCount,
+        string memory roleName
+    )
+        public
+        view
+        returns (IAccess.RoleInfo memory info)
+    {
+        return IAccess.RoleInfo({
+            name: StrLib.toStr(roleName),
+            adminRoleId: adminRoleId,
+            targetType: targetType,
+            maxMemberCount: maxMemberCount,
+            createdAt: TimestampLib.current(),
+            pausedAt: TimestampLib.max(),
+            lastUpdateIn: BlocknumberLib.current()});
+    }
     function getSelectors(
         IAccess.FunctionInfo[] memory functions
     )
@@ -57,16 +179,42 @@ library AccessAdminLib { // ACCESS_ADMIN_LIB
     }
+    function checkInitParameters(
+        address authority,
+        string memory adminName
+    )
+        public
+        view
+    {
+        // only contract check (authority might not yet be initialized at this time)
+        if (!ContractLib.isContract(authority)) {
+            revert IAccessAdmin.ErrorAccessAdminAuthorityNotContract(authority);
+        }
+        // check name not empty
+        if (bytes(adminName).length == 0) {
+            revert IAccessAdmin.ErrorAccessAdminAccessManagerEmptyName();
+        }
+    }
     function checkRoleCreation(
         IAccessAdmin accessAdmin,
         RoleId roleId,
-        IAccess.RoleInfo memory info
+        IAccess.RoleInfo memory info,
+        bool revertOnExistingRole
     )
         public
         view
+        returns (bool isAdminOrPublicRole)
     {
-        // check role does not yet exist    // ACCESS_ADMIN_LIB role creation checks
-        if(accessAdmin.roleExists(roleId)) {
+        // check
+        if (roleId == ADMIN_ROLE() || roleId == PUBLIC_ROLE()) {
+            return true;
+        }
+        // check role does not yet exist
+        if(revertOnExistingRole && accessAdmin.roleExists(roleId)) {
             revert IAccessAdmin.ErrorAccessAdminRoleAlreadyCreated(
                 roleId,
                 accessAdmin.getRoleInfo(roleId).name.toString());
@@ -83,16 +231,54 @@ library AccessAdminLib { // ACCESS_ADMIN_LIB
         }
         // check role name is not used for another role
-        RoleId roleIdForName = accessAdmin.getRoleForName(StrLib.toString(info.name));
-        if(roleIdForName.gtz()) {
+        (RoleId roleIdForName, bool exists) = accessAdmin.getRoleForName(StrLib.toString(info.name));
+        if(revertOnExistingRole && exists) {
             revert IAccessAdmin.ErrorAccessAdminRoleNameAlreadyExists(
                 roleId,
                 info.name.toString(),
                 roleIdForName);
         }
+        return false;
     }
+    function checkRoleExists(
+        IAccessAdmin accessAdmin,
+        RoleId roleId,
+        bool onlyActiveRole,
+        bool allowAdminAndPublicRoles
+    )
+        internal
+        view
+    {
+        // check role exists
+        if (!accessAdmin.roleExists(roleId)) {
+            revert IAccessAdmin.ErrorAccessAdminRoleUnknown(roleId);
+        }
+        // if onlyActiveRoles: check if role is disabled
+        if (onlyActiveRole && accessAdmin.getRoleInfo(roleId).pausedAt <= TimestampLib.current()) {
+            revert IAccessAdmin.ErrorAccessAdminRoleIsPaused(roleId);
+        }
+        // if not allowAdminAndPublicRoles, check if role is admin or public role
+        if (!allowAdminAndPublicRoles) {
+            checkNotAdminOrPublicRole(roleId);
+        }
+    }
+    function checkNotAdminOrPublicRole(RoleId roleId) public pure {
+        if (roleId == ADMIN_ROLE()) {
+            revert IAccessAdmin.ErrorAccessAdminInvalidUseOfAdminRole();
+        }
+        if (roleId == PUBLIC_ROLE()) {
+            revert IAccessAdmin.ErrorAccessAdminInvalidUseOfPublicRole();
+        }
+    }
     function checkTargetCreation(
         IAccessAdmin accessAdmin,
         address target,
@@ -139,6 +325,73 @@ library AccessAdminLib { // ACCESS_ADMIN_LIB
     }
+    function checkComponentInitialization(
+        IAccessAdmin accessAdmin,
+        IAuthorization instanceAuthorization,
+        address componentAddress,
+        ObjectType expectedType
+    )
+        public
+        view
+        returns (IAuthorization componentAuthorization)
+    {
+        checkIsRegistered(address(accessAdmin.getRegistry()), componentAddress, expectedType);
+        VersionPart expecteRelease = accessAdmin.getRelease();
+        IInstanceLinkedComponent component = IInstanceLinkedComponent(componentAddress);
+        componentAuthorization = component.getAuthorization();
+        checkAuthorization(
+            address(instanceAuthorization),
+            address(componentAuthorization),
+            expectedType,
+            expecteRelease,
+            false, // expectServiceAuthorization,
+            false); // checkAlreadyInitialized
+    }
+    function checkTargetAndRoleForFunctions(
+        IAccessAdmin accessAdmin,
+        address target,
+        RoleId roleId,
+        bool onlyComponentOrContractTargets
+    )
+        public
+        view
+    {
+        // check target exists
+        IAccess.TargetType targetType = accessAdmin.getTargetInfo(target).targetType;
+        if (targetType == IAccess.TargetType.Undefined) {
+            revert IAccessAdmin.ErrorAccessAdminTargetNotCreated(target);
+        }
+        // check target type
+        if (onlyComponentOrContractTargets) {
+            if (targetType != IAccess.TargetType.Component && targetType != IAccess.TargetType.Contract) {
+                revert IAccessAdmin.ErrorAccessAdminNotComponentOrCustomTarget(target);
+            }
+        }
+        // check role exist
+        checkRoleExists(accessAdmin, roleId, true, true);
+    }
+    function checkTargetExists(
+        IAccessAdmin accessAdmin,
+        address target
+    )
+        public
+        view
+    {
+        // check not yet created
+        if (!accessAdmin.targetExists(target)) {
+            revert IAccessAdmin.ErrorAccessAdminTargetNotCreated(target);
+        }
+    }
     function checkAuthorization(
         address authorizationOld,
         address authorization,
@@ -214,6 +467,20 @@ library AccessAdminLib { // ACCESS_ADMIN_LIB
     }
+    function getAuthorizedRole(
+        IAccessAdmin accessAdmin,
+        IAuthorization authorization,
+        RoleId roleId
+    )
+        public
+        view
+        returns (RoleId authorizedRoleId)
+    {
+        string memory roleName = authorization.getRoleInfo(roleId).name.toString();
+        (authorizedRoleId, ) = accessAdmin.getRoleForName(roleName);
+    }
     function getServiceRoleId(
         address serviceAddress,
         IAccess.TargetType serviceTargetType
@@ -302,7 +569,9 @@ library AccessAdminLib { // ACCESS_ADMIN_LIB
             return RoleIdLib.toRoleId(COMPONENT_ROLE_MIN + index);
         }
-        if (targetType == IAccess.TargetType.Custom) {
+        if (targetType == IAccess.TargetType.Custom
+            || targetType == IAccess.TargetType.Contract)
+        {
             return RoleIdLib.toRoleId(CUSTOM_ROLE_MIN + index);
         }
@@ -342,32 +611,44 @@ library AccessAdminLib { // ACCESS_ADMIN_LIB
     }
-    function toRoleName(string memory name) public pure returns (string memory) {
+    function toFunctionGrantingString(
+        IAccessAdmin accessAdmin,
+        Str functionName,
+        RoleId roleId
+    )
+        public
+        view
+        returns (string memory)
+    {
         return string(
             abi.encodePacked(
-                name,
-                ROLE_SUFFIX));
+                functionName.toString(),
+                "(): ",
+                getRoleName(accessAdmin, roleId)));
     }
-    function toRole(
-        RoleId adminRoleId,
-        IAccessAdmin.RoleType roleType,
-        uint32 maxMemberCount,
-        string memory name
+    function getRoleName(
+        IAccessAdmin accessAdmin,
+        RoleId roleId
     )
-        public
+        public
         view
-        returns (IAccess.RoleInfo memory)
-    {
-        return IAccess.RoleInfo({
-            name: StrLib.toStr(name),
-            adminRoleId: adminRoleId,
-            roleType: roleType,
-            maxMemberCount: maxMemberCount,
-            createdAt: TimestampLib.current(),
-            pausedAt: TimestampLib.max()
-        });
+        returns (string memory)
+    {
+        if (accessAdmin.roleExists(roleId)) {
+            return accessAdmin.getRoleInfo(roleId).name.toString();
+        }
+        return "<unknown-role>";
+    }
+    function toRoleName(string memory name) public pure returns (string memory) {
+        return string(
+            abi.encodePacked(
+                name,
+                ROLE_SUFFIX));
     }
@@ -390,7 +671,8 @@ library AccessAdminLib { // ACCESS_ADMIN_LIB
         return IAccess.FunctionInfo({
             name: StrLib.toStr(name),
             selector: SelectorLib.toSelector(selector),
-            createdAt: TimestampLib.current()});
+            createdAt: TimestampLib.current(),
+            lastUpdateIn: BlocknumberLib.current()});
     }
 }

package/contracts/authorization/AccessManagerCloneable.sol CHANGED Viewed

@@ -62,24 +62,6 @@ contract AccessManagerCloneable is
         _checkAndSetRelease(release);
     }
-    // /// @dev Completes the setup of the access manager.
-    // /// Links the access manager to the registry and sets the release version.
-    // function completeSetup(
-    //     address registry,
-    //     VersionPart release,
-    //     bool verifyRelease
-    // )
-    //     public
-    //     onlyAdminRole
-    //     reinitializer(uint64(release.toInt()))
-    // {
-    //     _checkAndSetRegistry(registry);
-    //     if (verifyRelease) {
-    //         _checkAndSetRelease(release);
-    //     }
-    // }
     /// @dev Returns true if the caller is authorized to call the target with the given selector and the manager lock is not set to locked.
     /// Feturn values as in OpenZeppelin AccessManager.
     /// For a locked manager the function reverts with ErrorAccessManagerTargetAdminLocked.

package/contracts/authorization/Authorization.sol CHANGED Viewed

@@ -1,8 +1,10 @@
 // SPDX-License-Identifier: Apache-2.0
 pragma solidity ^0.8.20;
+import {IAccess} from "./IAccess.sol";
 import {IAuthorization} from "./IAuthorization.sol";
+import {AccessAdminLib} from "./AccessAdminLib.sol";
 import {ObjectType} from "../type/ObjectType.sol";
 import {RoleId, RoleIdLib} from "../type/RoleId.sol";
 import {ServiceAuthorization} from "../authorization/ServiceAuthorization.sol";
@@ -16,8 +18,10 @@ contract Authorization is
     // MUST match with AccessAdminLib.COMPONENT_ROLE_MIN
     uint64 public constant COMPONENT_ROLE_MIN = 110000;
+    uint64 public constant INSTANCE_ROLE_MIN = 100000;
     uint64 internal _nextGifContractRoleId;
+    uint64 internal _nextInstanceContractRoleId;
     string internal _tokenHandlerName = "ComponentTh";
     Str internal _tokenHandlerTarget;
@@ -28,28 +32,35 @@ contract Authorization is
         ObjectType domain,
         uint8 release,
         string memory commitHash,
-        bool isComponent,
+        IAccess.TargetType targetType,
         bool includeTokenHandler
     )
         ServiceAuthorization(mainTargetName, domain, release, commitHash)
     {
-        _nextGifContractRoleId = 10;
+        // IMPORTANT must match with AccessAdminLib.CORE_ROLE_MIN
+        _nextGifContractRoleId = 100;
+        _nextInstanceContractRoleId = INSTANCE_ROLE_MIN;
         // setup main target
-        if (isComponent) {
+        // special case: core targets
+        if (targetType == IAccess.TargetType.Core) {
+            _addGifTarget(_mainTargetName);
+        // special case instances
+        } else if (targetType == IAccess.TargetType.Instance) {
+            _addInstanceTarget(_mainTargetName);
+        // all other target types
+        } else {
             if (domain.eqz()) {
                 revert ErrorAuthorizationTargetDomainZero();
             }
             RoleId mainRoleId = RoleIdLib.toRoleId(COMPONENT_ROLE_MIN);
-            string memory mainRolName = _toTargetRoleName(_mainTargetName);
+            string memory mainRoleName = _toTargetRoleName(_mainTargetName);
             _addTargetWithRole(
                 _mainTargetName,
                 mainRoleId,
-                mainRolName);
-        } else {
-            _addGifTarget(_mainTargetName);
+                mainRoleName);
         }
         // setup use case specific parts
@@ -120,9 +131,9 @@ contract Authorization is
     function _addCustomRole(RoleId roleId, RoleId adminRoleId, uint32 maxMemberCount, string memory name) internal {
         _addRole(
             roleId,
-            _toRoleInfo(
+            AccessAdminLib.roleInfo(
                 adminRoleId,
-                RoleType.Custom,
+                TargetType.Custom,
                 maxMemberCount,
                 name));
     }
@@ -141,6 +152,16 @@ contract Authorization is
             contractRoleName);
     }
+    /// @dev Add an instance target with its corresponding contract role
+    function _addInstanceTarget(string memory contractName) internal {
+        RoleId contractRoleId = RoleIdLib.toRoleId(_nextInstanceContractRoleId++);
+        string memory contractRoleName = _toTargetRoleName(contractName);
+        _addTargetWithRole(
+            contractName,
+            contractRoleId,
+            contractRoleName);
+    }
     /// @dev Use this method to to add an authorized target.
     function _addTarget(string memory name) internal {

package/contracts/authorization/IAccess.sol CHANGED Viewed

@@ -1,6 +1,7 @@
 // SPDX-License-Identifier: UNLICENSED
 pragma solidity ^0.8.20;
+import {Blocknumber} from "../type/Blocknumber.sol";
 import {RoleId} from "../type/RoleId.sol";
 import {Selector} from "../type/Selector.sol";
 import {Str} from "../type/String.sol";
@@ -8,13 +9,6 @@ import {Timestamp} from "../type/Timestamp.sol";
 interface IAccess {
-    enum RoleType {
-        Undefined, // no role must have this type
-        Core, // GIF core roles
-        Contract, // roles assigned to contracts, cannot be revoked
-        Custom // use case specific rules for components
-    }
     enum TargetType {
         Undefined, // no target must have this type
         Core, // GIF core contracts
@@ -22,26 +16,30 @@ interface IAccess {
         Service, // service contracts
         Instance, // instance contracts
         Component, // instance contracts
-        Custom // use case specific rules for components
+        Contract, // normal contracts
+        Custom // use case specific rules for contracts or normal accounts
     }
     struct RoleInfo {
         // slot 0
-        RoleId adminRoleId;
-        RoleType roleType;
-        uint32 maxMemberCount;
-        Timestamp createdAt;
-        Timestamp pausedAt;
+        RoleId adminRoleId;  // 64
+        TargetType targetType; // ?
+        uint32 maxMemberCount; // 32
+        Timestamp createdAt; // 40
+        Timestamp pausedAt; // 40
+        Blocknumber lastUpdateIn; // 40
         // slot 1
-        Str name;
+        Str name; // 256
     }
     // TODO recalc slot allocation
     struct TargetInfo {
         Str name;
         TargetType targetType;
         RoleId roleId;
         Timestamp createdAt;
+        Blocknumber lastUpdateIn;
     }
     struct FunctionInfo {
@@ -50,6 +48,7 @@ interface IAccess {
         // slot 1
         Selector selector; // function selector
         Timestamp createdAt;
+        Blocknumber lastUpdateIn;
     }
     struct RoleNameInfo {

package/contracts/authorization/IAccessAdmin.sol CHANGED Viewed

@@ -8,6 +8,7 @@ import {IAuthorization} from "./IAuthorization.sol";
 import {IRegistryLinked} from "../shared/IRegistryLinked.sol";
 import {IRelease} from "../registry/IRelease.sol";
+import {Blocknumber} from "../type/Blocknumber.sol";
 import {NftId} from "../type/NftId.sol";
 import {ObjectType} from "../type/ObjectType.sol";
 import {RoleId} from "../type/RoleId.sol";
@@ -23,12 +24,14 @@ interface IAccessAdmin is
 {
     // roles, targets and functions
-    event LogAccessAdminRoleCreated(string admin, RoleId roleId, RoleType roleType, RoleId roleAdminId, string name);
+    event LogAccessAdminRoleCreated(string admin, RoleId roleId, TargetType targetType, RoleId roleAdminId, string name);
     event LogAccessAdminTargetCreated(string admin, string name, bool managed, address target, RoleId roleId);
+    event LogAccessAdminRoleActivatedSet(string admin, RoleId roleId, bool active, Blocknumber lastUpdateIn);
     event LogAccessAdminRoleGranted(string admin, address account, string roleName);
     event LogAccessAdminRoleRevoked(string admin, address account, string roleName);
-    event LogAccessAdminFunctionGranted(string admin, address target, string func);
+    event LogAccessAdminTargetLockedSet(string admin, address target, bool locked, Blocknumber lastUpdateIn);
+    event LogAccessAdminFunctionGranted(string admin, address target, string func, Blocknumber lastUpdateIn);
     // only deployer modifier
     error ErrorAccessAdminNotDeployer();
@@ -40,8 +43,8 @@ interface IAccessAdmin is
     error ErrorAccessAdminNotRoleOwner(RoleId roleId, address account);
     // role management
-    error ErrorAccessAdminInvalidUserOfAdminRole();
-    error ErrorAccessAdminInvalidUserOfPublicRole();
+    error ErrorAccessAdminInvalidUseOfAdminRole();
+    error ErrorAccessAdminInvalidUseOfPublicRole();
     error ErrorAccessAdminRoleNotCustom(RoleId roleId);
     // initialization
@@ -96,6 +99,7 @@ interface IAccessAdmin is
     error ErrorAccessAdminTargetAlreadyLocked(address target, bool isLocked);
     // authorize target functions
+    error ErrorAccessAdminNotComponentOrCustomTarget(address target);
     error ErrorAccessAdminAuthorizeForAdminRoleInvalid(address target);
     // toFunction
@@ -109,18 +113,14 @@ interface IAccessAdmin is
     function getAuthorization() external view returns (IAuthorization authorization);
     function getLinkedNftId() external view returns (NftId linkedNftId);
-    function getLinkedOwner() external view returns (address linkedOwner);
     function isLocked() external view returns (bool locked);
     function roles() external view returns (uint256 numberOfRoles);
     function getRoleId(uint256 idx) external view returns (RoleId roleId);
-    function getAdminRole() external view returns (RoleId roleId);
-    function getPublicRole() external view returns (RoleId roleId);
     function roleExists(RoleId roleId) external view returns (bool exists);
-    function roleExists(string memory roleName) external view returns (bool exists);
-    function getRoleForName(string memory name) external view returns (RoleId roleId);
+    function getRoleForName(string memory name) external view returns (RoleId roleId, bool exists);
     function getRoleInfo(RoleId roleId) external view returns (RoleInfo memory roleInfo);
     function isRoleActive(RoleId roleId) external view returns (bool isActive);
     function isRoleCustom(RoleId roleId) external view returns (bool isCustom);
@@ -139,6 +139,4 @@ interface IAccessAdmin is
     function authorizedFunctions(address target) external view returns (uint256 numberOfFunctions);
     function getAuthorizedFunction(address target, uint256 idx) external view returns (FunctionInfo memory func, RoleId roleId);
-    function deployer() external view returns (address);
 }