@etherisc/gif-next 0.0.2-d7cec72-860 → 0.0.2-d87995e-298
Sign up to get free protection for your applications and to get access to all the features.
- package/README.md +43 -4
- package/artifacts/contracts/authorization/AccessAdmin.sol/AccessAdmin.dbg.json +4 -0
- package/artifacts/contracts/authorization/AccessAdmin.sol/AccessAdmin.json +1253 -0
- package/artifacts/contracts/authorization/AccessManagerCloneable.sol/AccessManagerCloneable.dbg.json +4 -0
- package/artifacts/contracts/authorization/AccessManagerCloneable.sol/AccessManagerCloneable.json +1206 -0
- package/artifacts/contracts/authorization/Authorization.sol/Authorization.dbg.json +4 -0
- package/artifacts/contracts/authorization/Authorization.sol/Authorization.json +358 -0
- package/artifacts/contracts/authorization/IAccess.sol/IAccess.dbg.json +4 -0
- package/artifacts/contracts/authorization/IAccess.sol/IAccess.json +10 -0
- package/artifacts/contracts/authorization/IAccessAdmin.sol/IAccessAdmin.dbg.json +4 -0
- package/artifacts/contracts/{shared → authorization}/IAccessAdmin.sol/IAccessAdmin.json +95 -252
- package/artifacts/contracts/authorization/IAuthorization.sol/IAuthorization.dbg.json +4 -0
- package/artifacts/contracts/authorization/IAuthorization.sol/IAuthorization.json +258 -0
- package/artifacts/contracts/authorization/IModuleAuthorization.sol/IModuleAuthorization.dbg.json +4 -0
- package/artifacts/contracts/authorization/IModuleAuthorization.sol/IModuleAuthorization.json +290 -0
- package/artifacts/contracts/authorization/IServiceAuthorization.sol/IServiceAuthorization.dbg.json +4 -0
- package/artifacts/contracts/{registry → authorization}/IServiceAuthorization.sol/IServiceAuthorization.json +29 -10
- package/artifacts/contracts/authorization/ModuleAuthorization.sol/ModuleAuthorization.dbg.json +4 -0
- package/artifacts/contracts/authorization/ModuleAuthorization.sol/ModuleAuthorization.json +390 -0
- package/artifacts/contracts/authorization/ServiceAuthorization.sol/ServiceAuthorization.dbg.json +4 -0
- package/artifacts/contracts/authorization/ServiceAuthorization.sol/ServiceAuthorization.json +190 -0
- package/artifacts/contracts/distribution/BasicDistribution.sol/BasicDistribution.dbg.json +4 -0
- package/artifacts/contracts/distribution/BasicDistribution.sol/BasicDistribution.json +1548 -0
- package/artifacts/contracts/distribution/BasicDistributionAuthorization.sol/BasicDistributionAuthorization.dbg.json +4 -0
- package/artifacts/contracts/distribution/BasicDistributionAuthorization.sol/BasicDistributionAuthorization.json +410 -0
- package/artifacts/contracts/distribution/Distribution.sol/Distribution.dbg.json +1 -1
- package/artifacts/contracts/distribution/Distribution.sol/Distribution.json +46 -228
- package/artifacts/contracts/distribution/DistributionService.sol/DistributionService.dbg.json +1 -1
- package/artifacts/contracts/distribution/DistributionService.sol/DistributionService.json +269 -90
- package/artifacts/contracts/distribution/DistributionServiceManager.sol/DistributionServiceManager.dbg.json +1 -1
- package/artifacts/contracts/distribution/DistributionServiceManager.sol/DistributionServiceManager.json +83 -55
- package/artifacts/contracts/distribution/IDistributionComponent.sol/IDistributionComponent.dbg.json +1 -1
- package/artifacts/contracts/distribution/IDistributionComponent.sol/IDistributionComponent.json +100 -132
- package/artifacts/contracts/distribution/IDistributionService.sol/IDistributionService.dbg.json +1 -1
- package/artifacts/contracts/distribution/IDistributionService.sol/IDistributionService.json +134 -16
- package/artifacts/contracts/instance/BundleSet.sol/BundleSet.dbg.json +4 -0
- package/artifacts/contracts/instance/BundleSet.sol/BundleSet.json +703 -0
- package/artifacts/contracts/instance/IInstance.sol/IInstance.dbg.json +1 -1
- package/artifacts/contracts/instance/IInstance.sol/IInstance.json +6 -19
- package/artifacts/contracts/instance/IInstanceService.sol/IInstanceService.dbg.json +1 -1
- package/artifacts/contracts/instance/IInstanceService.sol/IInstanceService.json +32 -44
- package/artifacts/contracts/instance/Instance.sol/Instance.dbg.json +1 -1
- package/artifacts/contracts/instance/Instance.sol/Instance.json +35 -96
- package/artifacts/contracts/instance/InstanceAdmin.sol/InstanceAdmin.dbg.json +1 -1
- package/artifacts/contracts/instance/InstanceAdmin.sol/InstanceAdmin.json +1208 -290
- package/artifacts/contracts/instance/InstanceAuthorizationV3.sol/InstanceAuthorizationV3.dbg.json +4 -0
- package/artifacts/contracts/instance/InstanceAuthorizationV3.sol/InstanceAuthorizationV3.json +601 -0
- package/artifacts/contracts/instance/InstanceReader.sol/InstanceReader.dbg.json +1 -1
- package/artifacts/contracts/instance/InstanceReader.sol/InstanceReader.json +110 -81
- package/artifacts/contracts/instance/InstanceService.sol/InstanceService.dbg.json +1 -1
- package/artifacts/contracts/instance/InstanceService.sol/InstanceService.json +65 -125
- package/artifacts/contracts/instance/InstanceServiceManager.sol/InstanceServiceManager.dbg.json +1 -1
- package/artifacts/contracts/instance/InstanceServiceManager.sol/InstanceServiceManager.json +35 -59
- package/artifacts/contracts/instance/InstanceStore.sol/InstanceStore.dbg.json +1 -1
- package/artifacts/contracts/instance/InstanceStore.sol/InstanceStore.json +84 -101
- package/artifacts/contracts/instance/base/BalanceStore.sol/BalanceStore.dbg.json +1 -1
- package/artifacts/contracts/instance/base/BalanceStore.sol/BalanceStore.json +2 -2
- package/artifacts/contracts/instance/base/Cloneable.sol/Cloneable.dbg.json +1 -1
- package/artifacts/contracts/instance/base/ObjectCounter.sol/ObjectCounter.dbg.json +1 -1
- package/artifacts/contracts/instance/base/ObjectCounter.sol/ObjectCounter.json +2 -2
- package/artifacts/contracts/instance/base/ObjectLifecycle.sol/ObjectLifecycle.dbg.json +4 -0
- package/artifacts/contracts/instance/base/ObjectLifecycle.sol/ObjectLifecycle.json +182 -0
- package/artifacts/contracts/instance/base/ObjectSet.sol/ObjectSet.dbg.json +4 -0
- package/artifacts/contracts/instance/base/ObjectSet.sol/ObjectSet.json +181 -0
- package/artifacts/contracts/instance/module/IAccess.sol/IAccess.dbg.json +1 -1
- package/artifacts/contracts/instance/module/IBundle.sol/IBundle.dbg.json +1 -1
- package/artifacts/contracts/instance/module/IComponents.sol/IComponents.dbg.json +1 -1
- package/artifacts/contracts/instance/module/IDistribution.sol/IDistribution.dbg.json +1 -1
- package/artifacts/contracts/instance/module/IPolicy.sol/IPolicy.dbg.json +1 -1
- package/artifacts/contracts/instance/module/IRisk.sol/IRisk.dbg.json +1 -1
- package/artifacts/contracts/mock/Dip.sol/Dip.dbg.json +1 -1
- package/artifacts/contracts/mock/Dip.sol/Dip.json +2 -2
- package/artifacts/contracts/oracle/BasicOracle.sol/BasicOracle.dbg.json +4 -0
- package/artifacts/contracts/oracle/BasicOracle.sol/BasicOracle.json +1185 -0
- package/artifacts/contracts/oracle/BasicOracleAuthorization.sol/BasicOracleAuthorization.dbg.json +4 -0
- package/artifacts/contracts/oracle/BasicOracleAuthorization.sol/BasicOracleAuthorization.json +418 -0
- package/artifacts/contracts/oracle/IOracle.sol/IOracle.dbg.json +1 -1
- package/artifacts/contracts/oracle/IOracle.sol/IOracle.json +43 -1
- package/artifacts/contracts/oracle/IOracleComponent.sol/IOracleComponent.dbg.json +1 -1
- package/artifacts/contracts/oracle/IOracleComponent.sol/IOracleComponent.json +43 -0
- package/artifacts/contracts/oracle/IOracleService.sol/IOracleService.dbg.json +1 -1
- package/artifacts/contracts/oracle/Oracle.sol/Oracle.dbg.json +1 -1
- package/artifacts/contracts/oracle/Oracle.sol/Oracle.json +43 -96
- package/artifacts/contracts/oracle/OracleService.sol/OracleService.dbg.json +1 -1
- package/artifacts/contracts/oracle/OracleService.sol/OracleService.json +32 -32
- package/artifacts/contracts/oracle/OracleServiceManager.sol/OracleServiceManager.dbg.json +1 -1
- package/artifacts/contracts/oracle/OracleServiceManager.sol/OracleServiceManager.json +34 -34
- package/artifacts/contracts/pool/BasicPool.sol/BasicPool.dbg.json +4 -0
- package/artifacts/contracts/pool/BasicPool.sol/BasicPool.json +1520 -0
- package/artifacts/contracts/pool/BasicPoolAuthorization.sol/BasicPoolAuthorization.dbg.json +4 -0
- package/artifacts/contracts/pool/BasicPoolAuthorization.sol/BasicPoolAuthorization.json +410 -0
- package/artifacts/contracts/pool/BundleService.sol/BundleService.dbg.json +1 -1
- package/artifacts/contracts/pool/BundleService.sol/BundleService.json +220 -54
- package/artifacts/contracts/pool/BundleServiceManager.sol/BundleServiceManager.dbg.json +1 -1
- package/artifacts/contracts/pool/BundleServiceManager.sol/BundleServiceManager.json +72 -40
- package/artifacts/contracts/pool/IBundleService.sol/IBundleService.dbg.json +1 -1
- package/artifacts/contracts/pool/IBundleService.sol/IBundleService.json +102 -0
- package/artifacts/contracts/pool/IPoolComponent.sol/IPoolComponent.dbg.json +1 -1
- package/artifacts/contracts/pool/IPoolComponent.sol/IPoolComponent.json +43 -195
- package/artifacts/contracts/pool/IPoolService.sol/IPoolService.dbg.json +1 -1
- package/artifacts/contracts/pool/Pool.sol/Pool.dbg.json +1 -1
- package/artifacts/contracts/pool/Pool.sol/Pool.json +43 -296
- package/artifacts/contracts/pool/PoolService.sol/PoolService.dbg.json +1 -1
- package/artifacts/contracts/pool/PoolService.sol/PoolService.json +36 -36
- package/artifacts/contracts/pool/PoolServiceManager.sol/PoolServiceManager.dbg.json +1 -1
- package/artifacts/contracts/pool/PoolServiceManager.sol/PoolServiceManager.json +36 -36
- package/artifacts/contracts/product/ApplicationService.sol/ApplicationService.dbg.json +1 -1
- package/artifacts/contracts/product/ApplicationService.sol/ApplicationService.json +32 -32
- package/artifacts/contracts/product/ApplicationServiceManager.sol/ApplicationServiceManager.dbg.json +1 -1
- package/artifacts/contracts/product/ApplicationServiceManager.sol/ApplicationServiceManager.json +34 -34
- package/artifacts/contracts/product/BasicProduct.sol/BasicProduct.dbg.json +4 -0
- package/artifacts/contracts/product/BasicProduct.sol/BasicProduct.json +1318 -0
- package/artifacts/contracts/product/BasicProductAuthorization.sol/BasicProductAuthorization.dbg.json +4 -0
- package/artifacts/contracts/product/BasicProductAuthorization.sol/BasicProductAuthorization.json +410 -0
- package/artifacts/contracts/product/ClaimService.sol/ClaimService.dbg.json +1 -1
- package/artifacts/contracts/product/ClaimService.sol/ClaimService.json +72 -72
- package/artifacts/contracts/product/ClaimServiceManager.sol/ClaimServiceManager.dbg.json +1 -1
- package/artifacts/contracts/product/ClaimServiceManager.sol/ClaimServiceManager.json +54 -54
- package/artifacts/contracts/product/IApplicationService.sol/IApplicationService.dbg.json +1 -1
- package/artifacts/contracts/product/IClaimService.sol/IClaimService.dbg.json +1 -1
- package/artifacts/contracts/product/IPolicyService.sol/IPolicyService.dbg.json +1 -1
- package/artifacts/contracts/product/IPolicyService.sol/IPolicyService.json +13 -0
- package/artifacts/contracts/product/IPricingService.sol/IPricingService.dbg.json +1 -1
- package/artifacts/contracts/product/IProductComponent.sol/IProductComponent.dbg.json +1 -1
- package/artifacts/contracts/product/IProductComponent.sol/IProductComponent.json +32 -42
- package/artifacts/contracts/product/IProductService.sol/IProductService.dbg.json +1 -1
- package/artifacts/contracts/product/PolicyService.sol/PolicyService.dbg.json +1 -1
- package/artifacts/contracts/product/PolicyService.sol/PolicyService.json +64 -51
- package/artifacts/contracts/product/PolicyServiceManager.sol/PolicyServiceManager.dbg.json +1 -1
- package/artifacts/contracts/product/PolicyServiceManager.sol/PolicyServiceManager.json +43 -43
- package/artifacts/contracts/product/PricingService.sol/PricingService.dbg.json +1 -1
- package/artifacts/contracts/product/PricingService.sol/PricingService.json +63 -58
- package/artifacts/contracts/product/PricingServiceManager.sol/PricingServiceManager.dbg.json +1 -1
- package/artifacts/contracts/product/PricingServiceManager.sol/PricingServiceManager.json +47 -47
- package/artifacts/contracts/product/Product.sol/Product.dbg.json +1 -1
- package/artifacts/contracts/product/Product.sol/Product.json +32 -153
- package/artifacts/contracts/product/ProductService.sol/ProductService.dbg.json +1 -1
- package/artifacts/contracts/product/ProductService.sol/ProductService.json +20 -20
- package/artifacts/contracts/product/ProductServiceManager.sol/ProductServiceManager.dbg.json +1 -1
- package/artifacts/contracts/product/ProductServiceManager.sol/ProductServiceManager.json +28 -28
- package/artifacts/contracts/registry/ChainNft.sol/ChainNft.dbg.json +1 -1
- package/artifacts/contracts/registry/ChainNft.sol/ChainNft.json +2 -2
- package/artifacts/contracts/registry/IRegistry.sol/IRegistry.dbg.json +1 -1
- package/artifacts/contracts/registry/IRegistry.sol/IRegistry.json +50 -46
- package/artifacts/contracts/registry/IRegistryService.sol/IRegistryService.dbg.json +1 -1
- package/artifacts/contracts/registry/IRegistryService.sol/IRegistryService.json +0 -183
- package/artifacts/contracts/registry/ITransferInterceptor.sol/ITransferInterceptor.dbg.json +1 -1
- package/artifacts/contracts/registry/Registry.sol/Registry.dbg.json +1 -1
- package/artifacts/contracts/registry/Registry.sol/Registry.json +101 -73
- package/artifacts/contracts/registry/RegistryAdmin.sol/RegistryAdmin.dbg.json +1 -1
- package/artifacts/contracts/registry/RegistryAdmin.sol/RegistryAdmin.json +234 -389
- package/artifacts/contracts/registry/RegistryService.sol/RegistryService.dbg.json +1 -1
- package/artifacts/contracts/registry/RegistryService.sol/RegistryService.json +18 -18
- package/artifacts/contracts/registry/RegistryServiceManager.sol/RegistryServiceManager.dbg.json +1 -1
- package/artifacts/contracts/registry/RegistryServiceManager.sol/RegistryServiceManager.json +27 -27
- package/artifacts/contracts/registry/ReleaseLifecycle.sol/ReleaseLifecycle.dbg.json +4 -0
- package/artifacts/contracts/registry/ReleaseLifecycle.sol/ReleaseLifecycle.json +164 -0
- package/artifacts/contracts/registry/ReleaseRegistry.sol/ReleaseRegistry.dbg.json +4 -0
- package/artifacts/contracts/registry/ReleaseRegistry.sol/ReleaseRegistry.json +1159 -0
- package/artifacts/contracts/registry/ServiceAuthorizationV3.sol/ServiceAuthorizationV3.dbg.json +1 -1
- package/artifacts/contracts/registry/ServiceAuthorizationV3.sol/ServiceAuthorizationV3.json +43 -16
- package/artifacts/contracts/registry/TokenRegistry.sol/TokenRegistry.dbg.json +1 -1
- package/artifacts/contracts/registry/TokenRegistry.sol/TokenRegistry.json +4 -4
- package/artifacts/contracts/shared/Component.sol/Component.dbg.json +1 -1
- package/artifacts/contracts/shared/ComponentService.sol/ComponentService.dbg.json +1 -1
- package/artifacts/contracts/shared/ComponentService.sol/ComponentService.json +271 -86
- package/artifacts/contracts/shared/ComponentServiceManager.sol/ComponentServiceManager.dbg.json +1 -1
- package/artifacts/contracts/shared/ComponentServiceManager.sol/ComponentServiceManager.json +77 -61
- package/artifacts/contracts/shared/ComponentVerifyingService.sol/ComponentVerifyingService.dbg.json +1 -1
- package/artifacts/contracts/shared/IComponent.sol/IComponent.dbg.json +1 -1
- package/artifacts/contracts/shared/IComponentService.sol/IComponentService.dbg.json +1 -1
- package/artifacts/contracts/shared/IComponentService.sol/IComponentService.json +153 -0
- package/artifacts/contracts/shared/IInstanceLinkedComponent.sol/IInstanceLinkedComponent.dbg.json +1 -1
- package/artifacts/contracts/shared/IInstanceLinkedComponent.sol/IInstanceLinkedComponent.json +32 -0
- package/artifacts/contracts/shared/IKeyValueStore.sol/IKeyValueStore.dbg.json +1 -1
- package/artifacts/contracts/shared/IKeyValueStore.sol/IKeyValueStore.json +11 -5
- package/artifacts/contracts/shared/ILifecycle.sol/ILifecycle.dbg.json +1 -1
- package/artifacts/contracts/shared/ILifecycle.sol/ILifecycle.json +0 -5
- package/artifacts/contracts/shared/INftOwnable.sol/INftOwnable.dbg.json +1 -1
- package/artifacts/contracts/shared/IPolicyHolder.sol/IPolicyHolder.dbg.json +1 -1
- package/artifacts/contracts/shared/IRegisterable.sol/IRegisterable.dbg.json +1 -1
- package/artifacts/contracts/shared/IRegistryLinked.sol/IRegistryLinked.dbg.json +1 -1
- package/artifacts/contracts/shared/IService.sol/IService.dbg.json +1 -1
- package/artifacts/contracts/shared/InitializableCustom.sol/InitializableCustom.dbg.json +1 -1
- package/artifacts/contracts/shared/InitializableERC165.sol/InitializableERC165.dbg.json +4 -0
- package/artifacts/contracts/shared/InitializableERC165.sol/InitializableERC165.json +73 -0
- package/artifacts/contracts/shared/InstanceLinkedComponent.sol/InstanceLinkedComponent.dbg.json +1 -1
- package/artifacts/contracts/shared/InstanceLinkedComponent.sol/InstanceLinkedComponent.json +32 -53
- package/artifacts/contracts/shared/KeyValueStore.sol/KeyValueStore.dbg.json +1 -1
- package/artifacts/contracts/shared/KeyValueStore.sol/KeyValueStore.json +15 -89
- package/artifacts/contracts/shared/Lifecycle.sol/Lifecycle.dbg.json +1 -1
- package/artifacts/contracts/shared/Lifecycle.sol/Lifecycle.json +4 -65
- package/artifacts/contracts/shared/NftIdSet.sol/NftIdSet.dbg.json +4 -0
- package/artifacts/contracts/shared/NftIdSet.sol/NftIdSet.json +306 -0
- package/artifacts/contracts/shared/NftOwnable.sol/NftOwnable.dbg.json +1 -1
- package/artifacts/contracts/shared/NftOwnable.sol/NftOwnable.json +6 -6
- package/artifacts/contracts/shared/PolicyHolder.sol/PolicyHolder.dbg.json +1 -1
- package/artifacts/contracts/shared/PolicyHolder.sol/PolicyHolder.json +6 -6
- package/artifacts/contracts/shared/Registerable.sol/Registerable.dbg.json +1 -1
- package/artifacts/contracts/shared/Registerable.sol/Registerable.json +8 -8
- package/artifacts/contracts/shared/RegistryLinked.sol/RegistryLinked.dbg.json +1 -1
- package/artifacts/contracts/shared/RegistryLinked.sol/RegistryLinked.json +2 -2
- package/artifacts/contracts/shared/Service.sol/Service.dbg.json +1 -1
- package/artifacts/contracts/shared/TokenHandler.sol/TokenHandler.dbg.json +1 -1
- package/artifacts/contracts/shared/TokenHandler.sol/TokenHandler.json +6 -6
- package/artifacts/contracts/staking/IStaking.sol/IStaking.dbg.json +1 -1
- package/artifacts/contracts/staking/IStakingService.sol/IStakingService.dbg.json +1 -1
- package/artifacts/contracts/staking/StakeManagerLib.sol/StakeManagerLib.dbg.json +1 -1
- package/artifacts/contracts/staking/StakeManagerLib.sol/StakeManagerLib.json +42 -32
- package/artifacts/contracts/staking/Staking.sol/Staking.dbg.json +1 -1
- package/artifacts/contracts/staking/Staking.sol/Staking.json +44 -44
- package/artifacts/contracts/staking/StakingLifecycle.sol/StakingLifecycle.dbg.json +4 -0
- package/artifacts/contracts/staking/StakingLifecycle.sol/StakingLifecycle.json +164 -0
- package/artifacts/contracts/staking/StakingManager.sol/StakingManager.dbg.json +1 -1
- package/artifacts/contracts/staking/StakingManager.sol/StakingManager.json +40 -40
- package/artifacts/contracts/staking/StakingReader.sol/StakingReader.dbg.json +1 -1
- package/artifacts/contracts/staking/StakingReader.sol/StakingReader.json +6 -6
- package/artifacts/contracts/staking/StakingService.sol/StakingService.dbg.json +1 -1
- package/artifacts/contracts/staking/StakingService.sol/StakingService.json +26 -26
- package/artifacts/contracts/staking/StakingServiceManager.sol/StakingServiceManager.dbg.json +1 -1
- package/artifacts/contracts/staking/StakingServiceManager.sol/StakingServiceManager.json +31 -31
- package/artifacts/contracts/staking/StakingStore.sol/StakingStore.dbg.json +1 -1
- package/artifacts/contracts/staking/StakingStore.sol/StakingStore.json +146 -165
- package/artifacts/contracts/staking/TargetManagerLib.sol/TargetManagerLib.dbg.json +1 -1
- package/artifacts/contracts/staking/TargetManagerLib.sol/TargetManagerLib.json +27 -22
- package/artifacts/contracts/type/AddressSet.sol/LibAddressSet.dbg.json +1 -1
- package/artifacts/contracts/type/AddressSet.sol/LibAddressSet.json +2 -2
- package/artifacts/contracts/type/Amount.sol/AmountLib.dbg.json +1 -1
- package/artifacts/contracts/type/Amount.sol/AmountLib.json +37 -8
- package/artifacts/contracts/type/Blocknumber.sol/BlocknumberLib.dbg.json +1 -1
- package/artifacts/contracts/type/Blocknumber.sol/BlocknumberLib.json +2 -2
- package/artifacts/contracts/type/ClaimId.sol/ClaimIdLib.dbg.json +1 -1
- package/artifacts/contracts/type/ClaimId.sol/ClaimIdLib.json +4 -4
- package/artifacts/contracts/type/DistributorType.sol/DistributorTypeLib.dbg.json +1 -1
- package/artifacts/contracts/type/DistributorType.sol/DistributorTypeLib.json +4 -4
- package/artifacts/contracts/type/Fee.sol/FeeLib.dbg.json +1 -1
- package/artifacts/contracts/type/Fee.sol/FeeLib.json +17 -12
- package/artifacts/contracts/type/Key32.sol/Key32Lib.dbg.json +1 -1
- package/artifacts/contracts/type/Key32.sol/Key32Lib.json +2 -2
- package/artifacts/contracts/type/NftId.sol/NftIdLib.dbg.json +1 -1
- package/artifacts/contracts/type/NftId.sol/NftIdLib.json +4 -4
- package/artifacts/contracts/type/NftIdSet.sol/LibNftIdSet.dbg.json +1 -1
- package/artifacts/contracts/type/NftIdSet.sol/LibNftIdSet.json +2 -2
- package/artifacts/contracts/type/ObjectType.sol/ObjectTypeLib.dbg.json +1 -1
- package/artifacts/contracts/type/ObjectType.sol/ObjectTypeLib.json +55 -2
- package/artifacts/contracts/type/PayoutId.sol/PayoutIdLib.dbg.json +1 -1
- package/artifacts/contracts/type/PayoutId.sol/PayoutIdLib.json +4 -4
- package/artifacts/contracts/type/Referral.sol/ReferralLib.dbg.json +1 -1
- package/artifacts/contracts/type/Referral.sol/ReferralLib.json +4 -4
- package/artifacts/contracts/type/RequestId.sol/RequestIdLib.dbg.json +1 -1
- package/artifacts/contracts/type/RequestId.sol/RequestIdLib.json +4 -4
- package/artifacts/contracts/type/RiskId.sol/RiskIdLib.dbg.json +1 -1
- package/artifacts/contracts/type/RiskId.sol/RiskIdLib.json +4 -4
- package/artifacts/contracts/type/RoleId.sol/RoleIdLib.dbg.json +1 -1
- package/artifacts/contracts/type/RoleId.sol/RoleIdLib.json +117 -14
- package/artifacts/contracts/type/Seconds.sol/SecondsLib.dbg.json +1 -1
- package/artifacts/contracts/type/Seconds.sol/SecondsLib.json +2 -2
- package/artifacts/contracts/type/Selector.sol/SelectorLib.dbg.json +1 -1
- package/artifacts/contracts/type/Selector.sol/SelectorLib.json +2 -2
- package/artifacts/contracts/type/Selector.sol/SelectorSetLib.dbg.json +1 -1
- package/artifacts/contracts/type/Selector.sol/SelectorSetLib.json +2 -2
- package/artifacts/contracts/type/StateId.sol/StateIdLib.dbg.json +1 -1
- package/artifacts/contracts/type/StateId.sol/StateIdLib.json +2 -2
- package/artifacts/contracts/type/String.sol/StrLib.dbg.json +1 -1
- package/artifacts/contracts/type/String.sol/StrLib.json +2 -2
- package/artifacts/contracts/type/Timestamp.sol/TimestampLib.dbg.json +1 -1
- package/artifacts/contracts/type/Timestamp.sol/TimestampLib.json +4 -4
- package/artifacts/contracts/type/UFixed.sol/MathLib.dbg.json +1 -1
- package/artifacts/contracts/type/UFixed.sol/MathLib.json +9 -3
- package/artifacts/contracts/type/UFixed.sol/UFixedLib.dbg.json +1 -1
- package/artifacts/contracts/type/UFixed.sol/UFixedLib.json +58 -2
- package/artifacts/contracts/type/Version.sol/VersionLib.dbg.json +1 -1
- package/artifacts/contracts/type/Version.sol/VersionLib.json +2 -2
- package/artifacts/contracts/type/Version.sol/VersionPartLib.dbg.json +1 -1
- package/artifacts/contracts/type/Version.sol/VersionPartLib.json +21 -2
- package/artifacts/contracts/upgradeability/IVersionable.sol/IVersionable.dbg.json +4 -0
- package/artifacts/contracts/{shared → upgradeability}/IVersionable.sol/IVersionable.json +1 -1
- package/artifacts/contracts/upgradeability/ProxyManager.sol/ProxyManager.dbg.json +4 -0
- package/artifacts/contracts/upgradeability/ProxyManager.sol/ProxyManager.json +617 -0
- package/artifacts/contracts/upgradeability/UpgradableProxyWithAdmin.sol/UpgradableProxyWithAdmin.dbg.json +4 -0
- package/artifacts/contracts/upgradeability/UpgradableProxyWithAdmin.sol/UpgradableProxyWithAdmin.json +129 -0
- package/artifacts/contracts/upgradeability/Versionable.sol/Versionable.dbg.json +4 -0
- package/artifacts/contracts/{shared → upgradeability}/Versionable.sol/Versionable.json +1 -1
- package/contracts/{shared → authorization}/AccessAdmin.sol +135 -303
- package/contracts/authorization/AccessManagerCloneable.sol +16 -0
- package/contracts/authorization/Authorization.sol +218 -0
- package/contracts/authorization/IAccess.sol +48 -0
- package/contracts/{shared → authorization}/IAccessAdmin.sol +22 -54
- package/contracts/authorization/IAuthorization.sol +54 -0
- package/contracts/authorization/IModuleAuthorization.sol +21 -0
- package/contracts/{registry → authorization}/IServiceAuthorization.sol +8 -5
- package/contracts/authorization/ModuleAuthorization.sol +78 -0
- package/contracts/{registry → authorization}/ServiceAuthorization.sol +21 -17
- package/contracts/distribution/BasicDistribution.sol +138 -0
- package/contracts/distribution/BasicDistributionAuthorization.sol +47 -0
- package/contracts/distribution/Distribution.sol +144 -110
- package/contracts/distribution/DistributionService.sol +71 -31
- package/contracts/distribution/DistributionServiceManager.sol +2 -5
- package/contracts/distribution/IDistributionComponent.sol +25 -39
- package/contracts/distribution/IDistributionService.sol +17 -1
- package/contracts/instance/{BundleManager.sol → BundleSet.sol} +23 -23
- package/contracts/instance/IInstance.sol +8 -9
- package/contracts/instance/IInstanceService.sol +13 -18
- package/contracts/instance/Instance.sol +61 -70
- package/contracts/instance/InstanceAdmin.sol +202 -267
- package/contracts/instance/InstanceAuthorizationV3.sol +204 -0
- package/contracts/instance/InstanceReader.sol +22 -9
- package/contracts/instance/InstanceService.sol +74 -70
- package/contracts/instance/InstanceServiceManager.sol +2 -6
- package/contracts/instance/InstanceStore.sol +13 -5
- package/contracts/instance/base/ObjectLifecycle.sol +106 -0
- package/contracts/instance/base/{ObjectManager.sol → ObjectSet.sol} +11 -12
- package/contracts/instance/module/IComponents.sol +0 -1
- package/contracts/instance/module/IDistribution.sol +0 -1
- package/contracts/oracle/BasicOracle.sol +48 -0
- package/contracts/oracle/BasicOracleAuthorization.sol +46 -0
- package/contracts/oracle/IOracle.sol +16 -0
- package/contracts/oracle/IOracleComponent.sol +2 -1
- package/contracts/oracle/Oracle.sol +72 -51
- package/contracts/oracle/OracleServiceManager.sol +2 -5
- package/contracts/pool/BasicPool.sol +164 -0
- package/contracts/pool/BasicPoolAuthorization.sol +55 -0
- package/contracts/pool/BundleService.sol +72 -27
- package/contracts/pool/BundleServiceManager.sol +2 -5
- package/contracts/pool/IBundleService.sol +14 -0
- package/contracts/pool/IPoolComponent.sol +6 -60
- package/contracts/pool/Pool.sol +160 -131
- package/contracts/pool/PoolService.sol +12 -30
- package/contracts/pool/PoolServiceManager.sol +2 -5
- package/contracts/product/ApplicationService.sol +12 -36
- package/contracts/product/ApplicationServiceManager.sol +2 -2
- package/contracts/product/BasicProduct.sol +52 -0
- package/contracts/product/BasicProductAuthorization.sol +43 -0
- package/contracts/product/ClaimService.sol +7 -32
- package/contracts/product/ClaimServiceManager.sol +2 -2
- package/contracts/product/IPolicyService.sol +2 -0
- package/contracts/product/IProductComponent.sol +7 -9
- package/contracts/product/PolicyService.sol +28 -4
- package/contracts/product/PolicyServiceManager.sol +2 -5
- package/contracts/product/PricingServiceManager.sol +2 -5
- package/contracts/product/Product.sol +112 -88
- package/contracts/product/ProductService.sol +7 -32
- package/contracts/product/ProductServiceManager.sol +2 -5
- package/contracts/registry/IRegistry.sol +26 -16
- package/contracts/registry/IRegistryService.sol +6 -6
- package/contracts/registry/Registry.sol +81 -87
- package/contracts/registry/RegistryAdmin.sol +118 -86
- package/contracts/registry/RegistryService.sol +4 -18
- package/contracts/registry/RegistryServiceManager.sol +2 -2
- package/contracts/registry/ReleaseLifecycle.sol +27 -0
- package/contracts/registry/ReleaseRegistry.sol +485 -0
- package/contracts/registry/ServiceAuthorizationV3.sol +14 -14
- package/contracts/registry/TokenRegistry.sol +2 -2
- package/contracts/shared/Component.sol +13 -14
- package/contracts/shared/ComponentService.sol +102 -68
- package/contracts/shared/ComponentServiceManager.sol +2 -2
- package/contracts/shared/ComponentVerifyingService.sol +1 -1
- package/contracts/shared/IComponentService.sol +15 -9
- package/contracts/shared/IInstanceLinkedComponent.sol +10 -0
- package/contracts/shared/IKeyValueStore.sol +1 -0
- package/contracts/shared/ILifecycle.sol +1 -2
- package/contracts/shared/IService.sol +1 -1
- package/contracts/shared/{ERC165.sol → InitializableERC165.sol} +1 -1
- package/contracts/shared/InstanceLinkedComponent.sol +47 -19
- package/contracts/shared/KeyValueStore.sol +6 -2
- package/contracts/shared/Lifecycle.sol +16 -69
- package/contracts/shared/{NftIdSetManager.sol → NftIdSet.sol} +1 -1
- package/contracts/shared/NftOwnable.sol +2 -2
- package/contracts/shared/PolicyHolder.sol +2 -5
- package/contracts/shared/Service.sol +3 -4
- package/contracts/staking/IStaking.sol +1 -2
- package/contracts/staking/IStakingService.sol +12 -5
- package/contracts/staking/Staking.sol +20 -17
- package/contracts/staking/StakingLifecycle.sol +23 -0
- package/contracts/staking/StakingManager.sol +2 -6
- package/contracts/staking/StakingReader.sol +12 -16
- package/contracts/staking/StakingServiceManager.sol +2 -2
- package/contracts/staking/StakingStore.sol +15 -23
- package/contracts/type/Amount.sol +12 -5
- package/contracts/type/ObjectType.sol +37 -7
- package/contracts/type/Referral.sol +1 -0
- package/contracts/type/RoleId.sol +55 -82
- package/contracts/type/UFixed.sol +34 -9
- package/contracts/type/Version.sol +3 -1
- package/contracts/{shared → upgradeability}/ProxyManager.sol +3 -4
- package/contracts/{shared → upgradeability}/UpgradableProxyWithAdmin.sol +1 -3
- package/package.json +6 -3
- package/artifacts/contracts/instance/BundleManager.sol/BundleManager.dbg.json +0 -4
- package/artifacts/contracts/instance/BundleManager.sol/BundleManager.json +0 -709
- package/artifacts/contracts/instance/InstanceAuthorizationsLib.sol/InstanceAuthorizationsLib.dbg.json +0 -4
- package/artifacts/contracts/instance/InstanceAuthorizationsLib.sol/InstanceAuthorizationsLib.json +0 -228
- package/artifacts/contracts/instance/base/ObjectManager.sol/ObjectManager.dbg.json +0 -4
- package/artifacts/contracts/instance/base/ObjectManager.sol/ObjectManager.json +0 -187
- package/artifacts/contracts/registry/IServiceAuthorization.sol/IServiceAuthorization.dbg.json +0 -4
- package/artifacts/contracts/registry/ReleaseManager.sol/ReleaseManager.dbg.json +0 -4
- package/artifacts/contracts/registry/ReleaseManager.sol/ReleaseManager.json +0 -1218
- package/artifacts/contracts/registry/ServiceAuthorization.sol/ServiceAuthorization.dbg.json +0 -4
- package/artifacts/contracts/registry/ServiceAuthorization.sol/ServiceAuthorization.json +0 -171
- package/artifacts/contracts/shared/AccessAdmin.sol/AccessAdmin.dbg.json +0 -4
- package/artifacts/contracts/shared/AccessAdmin.sol/AccessAdmin.json +0 -1559
- package/artifacts/contracts/shared/AccessManagerCustom.sol/AccessManagerCustom.dbg.json +0 -4
- package/artifacts/contracts/shared/AccessManagerCustom.sol/AccessManagerCustom.json +0 -1193
- package/artifacts/contracts/shared/AccessManagerExtended.sol/AccessManagerExtended.dbg.json +0 -4
- package/artifacts/contracts/shared/AccessManagerExtended.sol/AccessManagerExtended.json +0 -1747
- package/artifacts/contracts/shared/AccessManagerExtendedInitializeable.sol/AccessManagerExtendedInitializeable.dbg.json +0 -4
- package/artifacts/contracts/shared/AccessManagerExtendedInitializeable.sol/AccessManagerExtendedInitializeable.json +0 -1760
- package/artifacts/contracts/shared/AccessManagerExtendedWithDisable.sol/AccessManagerExtendedWithDisable.dbg.json +0 -4
- package/artifacts/contracts/shared/AccessManagerExtendedWithDisable.sol/AccessManagerExtendedWithDisable.json +0 -1838
- package/artifacts/contracts/shared/AccessManagerExtendedWithDisableInitializeable.sol/AccessManagerExtendedWithDisableInitializeable.dbg.json +0 -4
- package/artifacts/contracts/shared/AccessManagerExtendedWithDisableInitializeable.sol/AccessManagerExtendedWithDisableInitializeable.json +0 -1856
- package/artifacts/contracts/shared/ERC165.sol/ERC165.dbg.json +0 -4
- package/artifacts/contracts/shared/ERC165.sol/ERC165.json +0 -73
- package/artifacts/contracts/shared/IAccessAdmin.sol/IAccessAdmin.dbg.json +0 -4
- package/artifacts/contracts/shared/IAccessManagerExtended.sol/IAccessManagerExtended.dbg.json +0 -4
- package/artifacts/contracts/shared/IAccessManagerExtended.sol/IAccessManagerExtended.json +0 -1562
- package/artifacts/contracts/shared/IAccessManagerExtendedWithDisable.sol/IAccessManagerExtendedWithDisable.dbg.json +0 -4
- package/artifacts/contracts/shared/IAccessManagerExtendedWithDisable.sol/IAccessManagerExtendedWithDisable.json +0 -1600
- package/artifacts/contracts/shared/IVersionable.sol/IVersionable.dbg.json +0 -4
- package/artifacts/contracts/shared/NftIdSetManager.sol/NftIdSetManager.dbg.json +0 -4
- package/artifacts/contracts/shared/NftIdSetManager.sol/NftIdSetManager.json +0 -306
- package/artifacts/contracts/shared/ProxyManager.sol/ProxyManager.dbg.json +0 -4
- package/artifacts/contracts/shared/ProxyManager.sol/ProxyManager.json +0 -617
- package/artifacts/contracts/shared/UpgradableProxyWithAdmin.sol/UpgradableProxyWithAdmin.dbg.json +0 -4
- package/artifacts/contracts/shared/UpgradableProxyWithAdmin.sol/UpgradableProxyWithAdmin.json +0 -129
- package/artifacts/contracts/shared/Versionable.sol/Versionable.dbg.json +0 -4
- package/contracts/instance/InstanceAuthorizationsLib.sol +0 -377
- package/contracts/registry/ReleaseManager.sol +0 -527
- package/contracts/shared/AccessManagerCustom.sol +0 -741
- package/contracts/shared/AccessManagerExtended.sol +0 -481
- package/contracts/shared/AccessManagerExtendedInitializeable.sol +0 -13
- package/contracts/shared/AccessManagerExtendedWithDisable.sol +0 -137
- package/contracts/shared/AccessManagerExtendedWithDisableInitializeable.sol +0 -14
- package/contracts/shared/IAccessManagerExtended.sol +0 -74
- package/contracts/shared/IAccessManagerExtendedWithDisable.sol +0 -18
- /package/contracts/{shared → upgradeability}/IVersionable.sol +0 -0
- /package/contracts/{shared → upgradeability}/Versionable.sol +0 -0
@@ -1,741 +0,0 @@
|
|
1
|
-
// SPDX-License-Identifier: MIT
|
2
|
-
pragma solidity ^0.8.20;
|
3
|
-
|
4
|
-
import {IAccessManager} from "@openzeppelin/contracts/access/manager/IAccessManager.sol";
|
5
|
-
import {IAccessManaged} from "@openzeppelin/contracts/access/manager/IAccessManaged.sol";
|
6
|
-
import {Address} from "@openzeppelin/contracts/utils/Address.sol";
|
7
|
-
import {ContextUpgradeable} from "@openzeppelin/contracts-upgradeable/utils/ContextUpgradeable.sol";
|
8
|
-
import {MulticallUpgradeable} from "@openzeppelin/contracts-upgradeable/utils/MulticallUpgradeable.sol";
|
9
|
-
import {Math} from "@openzeppelin/contracts/utils/math/Math.sol";
|
10
|
-
import {Time} from "@openzeppelin/contracts/utils/types/Time.sol";
|
11
|
-
import {Initializable} from "@openzeppelin/contracts-upgradeable/proxy/utils/Initializable.sol";
|
12
|
-
|
13
|
-
/*
|
14
|
-
* copy of @openzeppelin/contract-upgradeable/access/manager/AccessManagerUpgradeable.sol" except:
|
15
|
-
1. abstract
|
16
|
-
2. renamed to AccessManagerCustom
|
17
|
-
2. _getAdminRestrictions() private view -> internal virtual view
|
18
|
-
3. _checkSelector() private pure -> internal pure
|
19
|
-
*/
|
20
|
-
abstract contract AccessManagerCustom is
|
21
|
-
Initializable,
|
22
|
-
ContextUpgradeable,
|
23
|
-
MulticallUpgradeable,
|
24
|
-
IAccessManager
|
25
|
-
{
|
26
|
-
using Time for *;
|
27
|
-
|
28
|
-
// Structure that stores the details for a target contract.
|
29
|
-
struct TargetConfig {
|
30
|
-
mapping(bytes4 selector => uint64 roleId) allowedRoles;
|
31
|
-
Time.Delay adminDelay;
|
32
|
-
bool closed;
|
33
|
-
}
|
34
|
-
|
35
|
-
// Structure that stores the details for a role/account pair. This structures fit into a single slot.
|
36
|
-
struct Access {
|
37
|
-
// Timepoint at which the user gets the permission.
|
38
|
-
// If this is either 0 or in the future, then the role permission is not available.
|
39
|
-
uint48 since;
|
40
|
-
// Delay for execution. Only applies to restricted() / execute() calls.
|
41
|
-
Time.Delay delay;
|
42
|
-
}
|
43
|
-
|
44
|
-
// Structure that stores the details of a role.
|
45
|
-
struct Role {
|
46
|
-
// Members of the role.
|
47
|
-
mapping(address user => Access access) members;
|
48
|
-
// Admin who can grant or revoke permissions.
|
49
|
-
uint64 admin;
|
50
|
-
// Guardian who can cancel operations targeting functions that need this role.
|
51
|
-
uint64 guardian;
|
52
|
-
// Delay in which the role takes effect after being granted.
|
53
|
-
Time.Delay grantDelay;
|
54
|
-
}
|
55
|
-
|
56
|
-
// Structure that stores the details for a scheduled operation. This structure fits into a single slot.
|
57
|
-
struct Schedule {
|
58
|
-
// Moment at which the operation can be executed.
|
59
|
-
uint48 timepoint;
|
60
|
-
// Operation nonce to allow third-party contracts to identify the operation.
|
61
|
-
uint32 nonce;
|
62
|
-
}
|
63
|
-
|
64
|
-
uint64 public constant ADMIN_ROLE = type(uint64).min; // 0
|
65
|
-
uint64 public constant PUBLIC_ROLE = type(uint64).max; // 2**64-1
|
66
|
-
|
67
|
-
/// @custom:storage-location erc7201:openzeppelin.storage.AccessManagerCustom
|
68
|
-
struct AccessManagerStorage {
|
69
|
-
mapping(address target => TargetConfig mode) _targets;
|
70
|
-
mapping(uint64 roleId => Role) _roles;
|
71
|
-
mapping(bytes32 operationId => Schedule) _schedules;
|
72
|
-
|
73
|
-
// Used to identify operations that are currently being executed via {execute}.
|
74
|
-
// This should be transient storage when supported by the EVM.
|
75
|
-
bytes32 _executionId;
|
76
|
-
}
|
77
|
-
|
78
|
-
// TODO compute address
|
79
|
-
// keccak256(abi.encode(uint256(keccak256("etherisc.storage.AccessManagerCustom")) - 1)) & ~bytes32(uint256(0xff))
|
80
|
-
bytes32 private constant AccessManagerCustomStorageLocation = 0x77301bc69e8248c80abb894217605b71fa89ea6a9e8bdf359d9e8aa1dd62bf00;
|
81
|
-
|
82
|
-
function _getAccessManagerCustomStorage() private pure returns (AccessManagerStorage storage $) {
|
83
|
-
assembly {
|
84
|
-
$.slot := AccessManagerCustomStorageLocation
|
85
|
-
}
|
86
|
-
}
|
87
|
-
|
88
|
-
/**
|
89
|
-
* @dev Check that the caller is authorized to perform the operation, following the restrictions encoded in
|
90
|
-
* {_getAdminRestrictions}.
|
91
|
-
*/
|
92
|
-
modifier onlyAuthorized() {
|
93
|
-
_checkAuthorized();
|
94
|
-
_;
|
95
|
-
}
|
96
|
-
|
97
|
-
function __AccessManagerCustom_init(address initialAdmin) internal onlyInitializing {
|
98
|
-
__AccessManagerCustom_init_unchained(initialAdmin);
|
99
|
-
}
|
100
|
-
|
101
|
-
function __AccessManagerCustom_init_unchained(address initialAdmin) internal onlyInitializing {
|
102
|
-
if (initialAdmin == address(0)) {
|
103
|
-
revert AccessManagerInvalidInitialAdmin(address(0));
|
104
|
-
}
|
105
|
-
|
106
|
-
// admin is active immediately and without any execution delay.
|
107
|
-
_grantRole(ADMIN_ROLE, initialAdmin, 0, 0);
|
108
|
-
}
|
109
|
-
|
110
|
-
// =================================================== GETTERS ====================================================
|
111
|
-
/// @inheritdoc IAccessManager
|
112
|
-
function canCall(
|
113
|
-
address caller,
|
114
|
-
address target,
|
115
|
-
bytes4 selector
|
116
|
-
) public view virtual returns (bool immediate, uint32 delay) {
|
117
|
-
if (isTargetClosed(target)) {
|
118
|
-
return (false, 0);
|
119
|
-
} else if (caller == address(this)) {
|
120
|
-
// Caller is AccessManager, this means the call was sent through {execute} and it already checked
|
121
|
-
// permissions. We verify that the call "identifier", which is set during {execute}, is correct.
|
122
|
-
return (_isExecuting(target, selector), 0);
|
123
|
-
} else {
|
124
|
-
uint64 roleId = getTargetFunctionRole(target, selector);
|
125
|
-
(bool isMember, uint32 currentDelay) = hasRole(roleId, caller);
|
126
|
-
return isMember ? (currentDelay == 0, currentDelay) : (false, 0);
|
127
|
-
}
|
128
|
-
}
|
129
|
-
|
130
|
-
/// @inheritdoc IAccessManager
|
131
|
-
function expiration() public view virtual returns (uint32) {
|
132
|
-
return 1 weeks;
|
133
|
-
}
|
134
|
-
|
135
|
-
/// @inheritdoc IAccessManager
|
136
|
-
function minSetback() public view virtual returns (uint32) {
|
137
|
-
return 5 days;
|
138
|
-
}
|
139
|
-
|
140
|
-
/// @inheritdoc IAccessManager
|
141
|
-
function isTargetClosed(address target) public view virtual returns (bool) {
|
142
|
-
AccessManagerStorage storage $ = _getAccessManagerCustomStorage();
|
143
|
-
return $._targets[target].closed;
|
144
|
-
}
|
145
|
-
|
146
|
-
/// @inheritdoc IAccessManager
|
147
|
-
function getTargetFunctionRole(address target, bytes4 selector) public view virtual returns (uint64) {
|
148
|
-
AccessManagerStorage storage $ = _getAccessManagerCustomStorage();
|
149
|
-
return $._targets[target].allowedRoles[selector];
|
150
|
-
}
|
151
|
-
|
152
|
-
/// @inheritdoc IAccessManager
|
153
|
-
function getTargetAdminDelay(address target) public view virtual returns (uint32) {
|
154
|
-
AccessManagerStorage storage $ = _getAccessManagerCustomStorage();
|
155
|
-
return $._targets[target].adminDelay.get();
|
156
|
-
}
|
157
|
-
|
158
|
-
/// @inheritdoc IAccessManager
|
159
|
-
function getRoleAdmin(uint64 roleId) public view virtual returns (uint64) {
|
160
|
-
AccessManagerStorage storage $ = _getAccessManagerCustomStorage();
|
161
|
-
return $._roles[roleId].admin;
|
162
|
-
}
|
163
|
-
|
164
|
-
/// @inheritdoc IAccessManager
|
165
|
-
function getRoleGuardian(uint64 roleId) public view virtual returns (uint64) {
|
166
|
-
AccessManagerStorage storage $ = _getAccessManagerCustomStorage();
|
167
|
-
return $._roles[roleId].guardian;
|
168
|
-
}
|
169
|
-
|
170
|
-
/// @inheritdoc IAccessManager
|
171
|
-
function getRoleGrantDelay(uint64 roleId) public view virtual returns (uint32) {
|
172
|
-
AccessManagerStorage storage $ = _getAccessManagerCustomStorage();
|
173
|
-
return $._roles[roleId].grantDelay.get();
|
174
|
-
}
|
175
|
-
|
176
|
-
/// @inheritdoc IAccessManager
|
177
|
-
function getAccess(
|
178
|
-
uint64 roleId,
|
179
|
-
address account
|
180
|
-
) public view virtual returns (uint48 since, uint32 currentDelay, uint32 pendingDelay, uint48 effect) {
|
181
|
-
AccessManagerStorage storage $ = _getAccessManagerCustomStorage();
|
182
|
-
Access storage access = $._roles[roleId].members[account];
|
183
|
-
|
184
|
-
since = access.since;
|
185
|
-
(currentDelay, pendingDelay, effect) = access.delay.getFull();
|
186
|
-
|
187
|
-
return (since, currentDelay, pendingDelay, effect);
|
188
|
-
}
|
189
|
-
|
190
|
-
/// @inheritdoc IAccessManager
|
191
|
-
function hasRole(
|
192
|
-
uint64 roleId,
|
193
|
-
address account
|
194
|
-
) public view virtual returns (bool isMember, uint32 executionDelay) {
|
195
|
-
if (roleId == PUBLIC_ROLE) {
|
196
|
-
return (true, 0);
|
197
|
-
} else {
|
198
|
-
(uint48 hasRoleSince, uint32 currentDelay, , ) = getAccess(roleId, account);
|
199
|
-
return (hasRoleSince != 0 && hasRoleSince <= Time.timestamp(), currentDelay);
|
200
|
-
}
|
201
|
-
}
|
202
|
-
|
203
|
-
// =============================================== ROLE MANAGEMENT ===============================================
|
204
|
-
/// @inheritdoc IAccessManager
|
205
|
-
function labelRole(uint64 roleId, string calldata label) public virtual onlyAuthorized {
|
206
|
-
if (roleId == ADMIN_ROLE || roleId == PUBLIC_ROLE) {
|
207
|
-
revert AccessManagerLockedRole(roleId);
|
208
|
-
}
|
209
|
-
emit RoleLabel(roleId, label);
|
210
|
-
}
|
211
|
-
|
212
|
-
/// @inheritdoc IAccessManager
|
213
|
-
function grantRole(uint64 roleId, address account, uint32 executionDelay) public virtual onlyAuthorized {
|
214
|
-
_grantRole(roleId, account, getRoleGrantDelay(roleId), executionDelay);
|
215
|
-
}
|
216
|
-
|
217
|
-
/// @inheritdoc IAccessManager
|
218
|
-
function revokeRole(uint64 roleId, address account) public virtual onlyAuthorized {
|
219
|
-
_revokeRole(roleId, account);
|
220
|
-
}
|
221
|
-
|
222
|
-
/// @inheritdoc IAccessManager
|
223
|
-
function renounceRole(uint64 roleId, address callerConfirmation) public virtual {
|
224
|
-
if (callerConfirmation != _msgSender()) {
|
225
|
-
revert AccessManagerBadConfirmation();
|
226
|
-
}
|
227
|
-
_revokeRole(roleId, callerConfirmation);
|
228
|
-
}
|
229
|
-
|
230
|
-
/// @inheritdoc IAccessManager
|
231
|
-
function setRoleAdmin(uint64 roleId, uint64 admin) public virtual onlyAuthorized {
|
232
|
-
_setRoleAdmin(roleId, admin);
|
233
|
-
}
|
234
|
-
|
235
|
-
/// @inheritdoc IAccessManager
|
236
|
-
function setRoleGuardian(uint64 roleId, uint64 guardian) public virtual onlyAuthorized {
|
237
|
-
_setRoleGuardian(roleId, guardian);
|
238
|
-
}
|
239
|
-
|
240
|
-
/// @inheritdoc IAccessManager
|
241
|
-
function setGrantDelay(uint64 roleId, uint32 newDelay) public virtual onlyAuthorized {
|
242
|
-
_setGrantDelay(roleId, newDelay);
|
243
|
-
}
|
244
|
-
|
245
|
-
/**
|
246
|
-
* @dev Internal version of {grantRole} without access control. Returns true if the role was newly granted.
|
247
|
-
*
|
248
|
-
* Emits a {RoleGranted} event.
|
249
|
-
*/
|
250
|
-
function _grantRole(
|
251
|
-
uint64 roleId,
|
252
|
-
address account,
|
253
|
-
uint32 grantDelay,
|
254
|
-
uint32 executionDelay
|
255
|
-
) internal virtual returns (bool) {
|
256
|
-
AccessManagerStorage storage $ = _getAccessManagerCustomStorage();
|
257
|
-
if (roleId == PUBLIC_ROLE) {
|
258
|
-
revert AccessManagerLockedRole(roleId);
|
259
|
-
}
|
260
|
-
|
261
|
-
bool newMember = $._roles[roleId].members[account].since == 0;
|
262
|
-
uint48 since;
|
263
|
-
|
264
|
-
if (newMember) {
|
265
|
-
since = Time.timestamp() + grantDelay;
|
266
|
-
$._roles[roleId].members[account] = Access({since: since, delay: executionDelay.toDelay()});
|
267
|
-
} else {
|
268
|
-
// No setback here. Value can be reset by doing revoke + grant, effectively allowing the admin to perform
|
269
|
-
// any change to the execution delay within the duration of the role admin delay.
|
270
|
-
($._roles[roleId].members[account].delay, since) = $._roles[roleId].members[account].delay.withUpdate(
|
271
|
-
executionDelay,
|
272
|
-
0
|
273
|
-
);
|
274
|
-
}
|
275
|
-
|
276
|
-
emit RoleGranted(roleId, account, executionDelay, since, newMember);
|
277
|
-
return newMember;
|
278
|
-
}
|
279
|
-
|
280
|
-
/**
|
281
|
-
* @dev Internal version of {revokeRole} without access control. This logic is also used by {renounceRole}.
|
282
|
-
* Returns true if the role was previously granted.
|
283
|
-
*
|
284
|
-
* Emits a {RoleRevoked} event if the account had the role.
|
285
|
-
*/
|
286
|
-
function _revokeRole(uint64 roleId, address account) internal virtual returns (bool) {
|
287
|
-
AccessManagerStorage storage $ = _getAccessManagerCustomStorage();
|
288
|
-
if (roleId == PUBLIC_ROLE) {
|
289
|
-
revert AccessManagerLockedRole(roleId);
|
290
|
-
}
|
291
|
-
|
292
|
-
if ($._roles[roleId].members[account].since == 0) {
|
293
|
-
return false;
|
294
|
-
}
|
295
|
-
|
296
|
-
delete $._roles[roleId].members[account];
|
297
|
-
|
298
|
-
emit RoleRevoked(roleId, account);
|
299
|
-
return true;
|
300
|
-
}
|
301
|
-
|
302
|
-
/**
|
303
|
-
* @dev Internal version of {setRoleAdmin} without access control.
|
304
|
-
*
|
305
|
-
* Emits a {RoleAdminChanged} event.
|
306
|
-
*
|
307
|
-
* NOTE: Setting the admin role as the `PUBLIC_ROLE` is allowed, but it will effectively allow
|
308
|
-
* anyone to set grant or revoke such role.
|
309
|
-
*/
|
310
|
-
function _setRoleAdmin(uint64 roleId, uint64 admin) internal virtual {
|
311
|
-
AccessManagerStorage storage $ = _getAccessManagerCustomStorage();
|
312
|
-
if (roleId == ADMIN_ROLE || roleId == PUBLIC_ROLE) {
|
313
|
-
revert AccessManagerLockedRole(roleId);
|
314
|
-
}
|
315
|
-
|
316
|
-
$._roles[roleId].admin = admin;
|
317
|
-
|
318
|
-
emit RoleAdminChanged(roleId, admin);
|
319
|
-
}
|
320
|
-
|
321
|
-
/**
|
322
|
-
* @dev Internal version of {setRoleGuardian} without access control.
|
323
|
-
*
|
324
|
-
* Emits a {RoleGuardianChanged} event.
|
325
|
-
*
|
326
|
-
* NOTE: Setting the guardian role as the `PUBLIC_ROLE` is allowed, but it will effectively allow
|
327
|
-
* anyone to cancel any scheduled operation for such role.
|
328
|
-
*/
|
329
|
-
function _setRoleGuardian(uint64 roleId, uint64 guardian) internal virtual {
|
330
|
-
AccessManagerStorage storage $ = _getAccessManagerCustomStorage();
|
331
|
-
if (roleId == ADMIN_ROLE || roleId == PUBLIC_ROLE) {
|
332
|
-
revert AccessManagerLockedRole(roleId);
|
333
|
-
}
|
334
|
-
|
335
|
-
$._roles[roleId].guardian = guardian;
|
336
|
-
|
337
|
-
emit RoleGuardianChanged(roleId, guardian);
|
338
|
-
}
|
339
|
-
|
340
|
-
/**
|
341
|
-
* @dev Internal version of {setGrantDelay} without access control.
|
342
|
-
*
|
343
|
-
* Emits a {RoleGrantDelayChanged} event.
|
344
|
-
*/
|
345
|
-
function _setGrantDelay(uint64 roleId, uint32 newDelay) internal virtual {
|
346
|
-
AccessManagerStorage storage $ = _getAccessManagerCustomStorage();
|
347
|
-
if (roleId == PUBLIC_ROLE) {
|
348
|
-
revert AccessManagerLockedRole(roleId);
|
349
|
-
}
|
350
|
-
|
351
|
-
uint48 effect;
|
352
|
-
($._roles[roleId].grantDelay, effect) = $._roles[roleId].grantDelay.withUpdate(newDelay, minSetback());
|
353
|
-
|
354
|
-
emit RoleGrantDelayChanged(roleId, newDelay, effect);
|
355
|
-
}
|
356
|
-
|
357
|
-
// ============================================= FUNCTION MANAGEMENT ==============================================
|
358
|
-
/// @inheritdoc IAccessManager
|
359
|
-
function setTargetFunctionRole(
|
360
|
-
address target,
|
361
|
-
bytes4[] calldata selectors,
|
362
|
-
uint64 roleId
|
363
|
-
) public virtual onlyAuthorized {
|
364
|
-
for (uint256 i = 0; i < selectors.length; ++i) {
|
365
|
-
_setTargetFunctionRole(target, selectors[i], roleId);
|
366
|
-
}
|
367
|
-
}
|
368
|
-
|
369
|
-
/**
|
370
|
-
* @dev Internal version of {setTargetFunctionRole} without access control.
|
371
|
-
*
|
372
|
-
* Emits a {TargetFunctionRoleUpdated} event.
|
373
|
-
*/
|
374
|
-
function _setTargetFunctionRole(address target, bytes4 selector, uint64 roleId) internal virtual {
|
375
|
-
AccessManagerStorage storage $ = _getAccessManagerCustomStorage();
|
376
|
-
$._targets[target].allowedRoles[selector] = roleId;
|
377
|
-
emit TargetFunctionRoleUpdated(target, selector, roleId);
|
378
|
-
}
|
379
|
-
|
380
|
-
/// @inheritdoc IAccessManager
|
381
|
-
function setTargetAdminDelay(address target, uint32 newDelay) public virtual onlyAuthorized {
|
382
|
-
_setTargetAdminDelay(target, newDelay);
|
383
|
-
}
|
384
|
-
|
385
|
-
/**
|
386
|
-
* @dev Internal version of {setTargetAdminDelay} without access control.
|
387
|
-
*
|
388
|
-
* Emits a {TargetAdminDelayUpdated} event.
|
389
|
-
*/
|
390
|
-
function _setTargetAdminDelay(address target, uint32 newDelay) internal virtual {
|
391
|
-
AccessManagerStorage storage $ = _getAccessManagerCustomStorage();
|
392
|
-
uint48 effect;
|
393
|
-
($._targets[target].adminDelay, effect) = $._targets[target].adminDelay.withUpdate(newDelay, minSetback());
|
394
|
-
emit TargetAdminDelayUpdated(target, newDelay, effect);
|
395
|
-
}
|
396
|
-
|
397
|
-
// =============================================== MODE MANAGEMENT ================================================
|
398
|
-
/// @inheritdoc IAccessManager
|
399
|
-
function setTargetClosed(address target, bool closed) public virtual onlyAuthorized {
|
400
|
-
_setTargetClosed(target, closed);
|
401
|
-
}
|
402
|
-
|
403
|
-
/**
|
404
|
-
* @dev Set the closed flag for a contract. This is an internal setter with no access restrictions.
|
405
|
-
*
|
406
|
-
* Emits a {TargetClosed} event.
|
407
|
-
*/
|
408
|
-
function _setTargetClosed(address target, bool closed) internal virtual {
|
409
|
-
AccessManagerStorage storage $ = _getAccessManagerCustomStorage();
|
410
|
-
if (target == address(this)) {
|
411
|
-
revert AccessManagerLockedAccount(target);
|
412
|
-
}
|
413
|
-
$._targets[target].closed = closed;
|
414
|
-
emit TargetClosed(target, closed);
|
415
|
-
}
|
416
|
-
|
417
|
-
// ============================================== DELAYED OPERATIONS ==============================================
|
418
|
-
/// @inheritdoc IAccessManager
|
419
|
-
function getSchedule(bytes32 id) public view virtual returns (uint48) {
|
420
|
-
AccessManagerStorage storage $ = _getAccessManagerCustomStorage();
|
421
|
-
uint48 timepoint = $._schedules[id].timepoint;
|
422
|
-
return _isExpired(timepoint) ? 0 : timepoint;
|
423
|
-
}
|
424
|
-
|
425
|
-
/// @inheritdoc IAccessManager
|
426
|
-
function getNonce(bytes32 id) public view virtual returns (uint32) {
|
427
|
-
AccessManagerStorage storage $ = _getAccessManagerCustomStorage();
|
428
|
-
return $._schedules[id].nonce;
|
429
|
-
}
|
430
|
-
|
431
|
-
/// @inheritdoc IAccessManager
|
432
|
-
function schedule(
|
433
|
-
address target,
|
434
|
-
bytes calldata data,
|
435
|
-
uint48 when
|
436
|
-
) public virtual returns (bytes32 operationId, uint32 nonce) {
|
437
|
-
AccessManagerStorage storage $ = _getAccessManagerCustomStorage();
|
438
|
-
address caller = _msgSender();
|
439
|
-
|
440
|
-
// Fetch restrictions that apply to the caller on the targeted function
|
441
|
-
(, uint32 setback) = _canCallExtended(caller, target, data);
|
442
|
-
|
443
|
-
uint48 minWhen = Time.timestamp() + setback;
|
444
|
-
|
445
|
-
// if call with delay is not authorized, or if requested timing is too soon
|
446
|
-
if (setback == 0 || (when > 0 && when < minWhen)) {
|
447
|
-
revert AccessManagerUnauthorizedCall(caller, target, _checkSelector(data));
|
448
|
-
}
|
449
|
-
|
450
|
-
// Reuse variable due to stack too deep
|
451
|
-
when = uint48(Math.max(when, minWhen)); // cast is safe: both inputs are uint48
|
452
|
-
|
453
|
-
// If caller is authorised, schedule operation
|
454
|
-
operationId = hashOperation(caller, target, data);
|
455
|
-
|
456
|
-
_checkNotScheduled(operationId);
|
457
|
-
|
458
|
-
unchecked {
|
459
|
-
// It's not feasible to overflow the nonce in less than 1000 years
|
460
|
-
nonce = $._schedules[operationId].nonce + 1;
|
461
|
-
}
|
462
|
-
$._schedules[operationId].timepoint = when;
|
463
|
-
$._schedules[operationId].nonce = nonce;
|
464
|
-
emit OperationScheduled(operationId, nonce, when, caller, target, data);
|
465
|
-
|
466
|
-
// Using named return values because otherwise we get stack too deep
|
467
|
-
}
|
468
|
-
|
469
|
-
/**
|
470
|
-
* @dev Reverts if the operation is currently scheduled and has not expired.
|
471
|
-
* (Note: This function was introduced due to stack too deep errors in schedule.)
|
472
|
-
*/
|
473
|
-
function _checkNotScheduled(bytes32 operationId) private view {
|
474
|
-
AccessManagerStorage storage $ = _getAccessManagerCustomStorage();
|
475
|
-
uint48 prevTimepoint = $._schedules[operationId].timepoint;
|
476
|
-
if (prevTimepoint != 0 && !_isExpired(prevTimepoint)) {
|
477
|
-
revert AccessManagerAlreadyScheduled(operationId);
|
478
|
-
}
|
479
|
-
}
|
480
|
-
|
481
|
-
/// @inheritdoc IAccessManager
|
482
|
-
// Reentrancy is not an issue because permissions are checked on msg.sender. Additionally,
|
483
|
-
// _consumeScheduledOp guarantees a scheduled operation is only executed once.
|
484
|
-
// slither-disable-next-line reentrancy-no-eth
|
485
|
-
function execute(address target, bytes calldata data) public payable virtual returns (uint32) {
|
486
|
-
AccessManagerStorage storage $ = _getAccessManagerCustomStorage();
|
487
|
-
address caller = _msgSender();
|
488
|
-
|
489
|
-
// Fetch restrictions that apply to the caller on the targeted function
|
490
|
-
(bool immediate, uint32 setback) = _canCallExtended(caller, target, data);
|
491
|
-
|
492
|
-
// If caller is not authorised, revert
|
493
|
-
if (!immediate && setback == 0) {
|
494
|
-
revert AccessManagerUnauthorizedCall(caller, target, _checkSelector(data));
|
495
|
-
}
|
496
|
-
|
497
|
-
bytes32 operationId = hashOperation(caller, target, data);
|
498
|
-
uint32 nonce;
|
499
|
-
|
500
|
-
// If caller is authorised, check operation was scheduled early enough
|
501
|
-
// Consume an available schedule even if there is no currently enforced delay
|
502
|
-
if (setback != 0 || getSchedule(operationId) != 0) {
|
503
|
-
nonce = _consumeScheduledOp(operationId);
|
504
|
-
}
|
505
|
-
|
506
|
-
// Mark the target and selector as authorised
|
507
|
-
bytes32 executionIdBefore = $._executionId;
|
508
|
-
$._executionId = _hashExecutionId(target, _checkSelector(data));
|
509
|
-
|
510
|
-
// Perform call
|
511
|
-
Address.functionCallWithValue(target, data, msg.value);
|
512
|
-
|
513
|
-
// Reset execute identifier
|
514
|
-
$._executionId = executionIdBefore;
|
515
|
-
|
516
|
-
return nonce;
|
517
|
-
}
|
518
|
-
|
519
|
-
/// @inheritdoc IAccessManager
|
520
|
-
function cancel(address caller, address target, bytes calldata data) public virtual returns (uint32) {
|
521
|
-
AccessManagerStorage storage $ = _getAccessManagerCustomStorage();
|
522
|
-
address msgsender = _msgSender();
|
523
|
-
bytes4 selector = _checkSelector(data);
|
524
|
-
|
525
|
-
bytes32 operationId = hashOperation(caller, target, data);
|
526
|
-
if ($._schedules[operationId].timepoint == 0) {
|
527
|
-
revert AccessManagerNotScheduled(operationId);
|
528
|
-
} else if (caller != msgsender) {
|
529
|
-
// calls can only be canceled by the account that scheduled them, a global admin, or by a guardian of the required role.
|
530
|
-
(bool isAdmin, ) = hasRole(ADMIN_ROLE, msgsender);
|
531
|
-
(bool isGuardian, ) = hasRole(getRoleGuardian(getTargetFunctionRole(target, selector)), msgsender);
|
532
|
-
if (!isAdmin && !isGuardian) {
|
533
|
-
revert AccessManagerUnauthorizedCancel(msgsender, caller, target, selector);
|
534
|
-
}
|
535
|
-
}
|
536
|
-
|
537
|
-
delete $._schedules[operationId].timepoint; // reset the timepoint, keep the nonce
|
538
|
-
uint32 nonce = $._schedules[operationId].nonce;
|
539
|
-
emit OperationCanceled(operationId, nonce);
|
540
|
-
|
541
|
-
return nonce;
|
542
|
-
}
|
543
|
-
|
544
|
-
/// @inheritdoc IAccessManager
|
545
|
-
function consumeScheduledOp(address caller, bytes calldata data) public virtual {
|
546
|
-
address target = _msgSender();
|
547
|
-
if (IAccessManaged(target).isConsumingScheduledOp() != IAccessManaged.isConsumingScheduledOp.selector) {
|
548
|
-
revert AccessManagerUnauthorizedConsume(target);
|
549
|
-
}
|
550
|
-
_consumeScheduledOp(hashOperation(caller, target, data));
|
551
|
-
}
|
552
|
-
|
553
|
-
/**
|
554
|
-
* @dev Internal variant of {consumeScheduledOp} that operates on bytes32 operationId.
|
555
|
-
*
|
556
|
-
* Returns the nonce of the scheduled operation that is consumed.
|
557
|
-
*/
|
558
|
-
function _consumeScheduledOp(bytes32 operationId) internal virtual returns (uint32) {
|
559
|
-
AccessManagerStorage storage $ = _getAccessManagerCustomStorage();
|
560
|
-
uint48 timepoint = $._schedules[operationId].timepoint;
|
561
|
-
uint32 nonce = $._schedules[operationId].nonce;
|
562
|
-
|
563
|
-
if (timepoint == 0) {
|
564
|
-
revert AccessManagerNotScheduled(operationId);
|
565
|
-
} else if (timepoint > Time.timestamp()) {
|
566
|
-
revert AccessManagerNotReady(operationId);
|
567
|
-
} else if (_isExpired(timepoint)) {
|
568
|
-
revert AccessManagerExpired(operationId);
|
569
|
-
}
|
570
|
-
|
571
|
-
delete $._schedules[operationId].timepoint; // reset the timepoint, keep the nonce
|
572
|
-
emit OperationExecuted(operationId, nonce);
|
573
|
-
|
574
|
-
return nonce;
|
575
|
-
}
|
576
|
-
|
577
|
-
/// @inheritdoc IAccessManager
|
578
|
-
function hashOperation(address caller, address target, bytes calldata data) public view virtual returns (bytes32) {
|
579
|
-
return keccak256(abi.encode(caller, target, data));
|
580
|
-
}
|
581
|
-
|
582
|
-
// ==================================================== OTHERS ====================================================
|
583
|
-
/// @inheritdoc IAccessManager
|
584
|
-
function updateAuthority(address target, address newAuthority) public virtual onlyAuthorized {
|
585
|
-
IAccessManaged(target).setAuthority(newAuthority);
|
586
|
-
}
|
587
|
-
|
588
|
-
// ================================================= ADMIN LOGIC ==================================================
|
589
|
-
/**
|
590
|
-
* @dev Check if the current call is authorized according to admin logic.
|
591
|
-
*/
|
592
|
-
function _checkAuthorized() private {
|
593
|
-
address caller = msg.sender;//_msgSender();
|
594
|
-
(bool immediate, uint32 delay) = _canCallSelf(caller, _msgData());
|
595
|
-
if (!immediate) {
|
596
|
-
if (delay == 0) {
|
597
|
-
(, uint64 requiredRole, ) = _getAdminRestrictions(_msgData());
|
598
|
-
revert AccessManagerUnauthorizedAccount(caller, requiredRole);
|
599
|
-
} else {
|
600
|
-
_consumeScheduledOp(hashOperation(caller, address(this), _msgData()));
|
601
|
-
}
|
602
|
-
}
|
603
|
-
}
|
604
|
-
|
605
|
-
/**
|
606
|
-
* @dev Get the admin restrictions of a given function call based on the function and arguments involved.
|
607
|
-
*
|
608
|
-
* Returns:
|
609
|
-
* - bool restricted: does this data match a restricted operation
|
610
|
-
* - uint64: which role is this operation restricted to
|
611
|
-
* - uint32: minimum delay to enforce for that operation (max between operation's delay and admin's execution delay)
|
612
|
-
*/
|
613
|
-
/**
|
614
|
-
* @dev Get the admin restrictions of a given function call based on the function and arguments involved.
|
615
|
-
*
|
616
|
-
* Returns:
|
617
|
-
* - bool restricted: does this data match a restricted operation
|
618
|
-
* - uint64: which role is this operation restricted to
|
619
|
-
* - uint32: minimum delay to enforce for that operation (max between operation's delay and admin's execution delay)
|
620
|
-
*/
|
621
|
-
function _getAdminRestrictions(
|
622
|
-
bytes calldata data
|
623
|
-
) internal virtual view returns (bool restricted, uint64 roleAdminId, uint32 executionDelay) {
|
624
|
-
if (data.length < 4) {
|
625
|
-
return (false, 0, 0);
|
626
|
-
}
|
627
|
-
|
628
|
-
bytes4 selector = _checkSelector(data);
|
629
|
-
|
630
|
-
// Restricted to ADMIN with no delay beside any execution delay the caller may have
|
631
|
-
if (
|
632
|
-
selector == this.labelRole.selector ||
|
633
|
-
selector == this.setRoleAdmin.selector ||
|
634
|
-
selector == this.setRoleGuardian.selector ||
|
635
|
-
selector == this.setGrantDelay.selector ||
|
636
|
-
selector == this.setTargetAdminDelay.selector
|
637
|
-
) {
|
638
|
-
return (true, ADMIN_ROLE, 0);
|
639
|
-
}
|
640
|
-
|
641
|
-
// Restricted to ADMIN with the admin delay corresponding to the target
|
642
|
-
if (
|
643
|
-
selector == this.updateAuthority.selector ||
|
644
|
-
selector == this.setTargetClosed.selector ||
|
645
|
-
selector == this.setTargetFunctionRole.selector
|
646
|
-
) {
|
647
|
-
// First argument is a target.
|
648
|
-
address target = abi.decode(data[0x04:0x24], (address));// who is target???
|
649
|
-
uint32 delay = getTargetAdminDelay(target);
|
650
|
-
return (true, ADMIN_ROLE, delay);
|
651
|
-
}
|
652
|
-
|
653
|
-
// Restricted to that role's admin with no delay beside any execution delay the caller may have.
|
654
|
-
if (selector == this.grantRole.selector || selector == this.revokeRole.selector) {
|
655
|
-
// First argument is a roleId.
|
656
|
-
uint64 roleId = abi.decode(data[0x04:0x24], (uint64));
|
657
|
-
return (true, getRoleAdmin(roleId), 0);
|
658
|
-
}
|
659
|
-
|
660
|
-
return (false, 0, 0);
|
661
|
-
}
|
662
|
-
|
663
|
-
// =================================================== HELPERS ====================================================
|
664
|
-
/**
|
665
|
-
* @dev An extended version of {canCall} for internal usage that checks {_canCallSelf}
|
666
|
-
* when the target is this contract.
|
667
|
-
*
|
668
|
-
* Returns:
|
669
|
-
* - bool immediate: whether the operation can be executed immediately (with no delay)
|
670
|
-
* - uint32 delay: the execution delay
|
671
|
-
*/
|
672
|
-
function _canCallExtended(
|
673
|
-
address caller,
|
674
|
-
address target,
|
675
|
-
bytes calldata data
|
676
|
-
) private view returns (bool immediate, uint32 delay) {
|
677
|
-
if (target == address(this)) {
|
678
|
-
return _canCallSelf(caller, data);
|
679
|
-
} else {
|
680
|
-
return data.length < 4 ? (false, 0) : canCall(caller, target, _checkSelector(data));
|
681
|
-
}
|
682
|
-
}
|
683
|
-
|
684
|
-
/**
|
685
|
-
* @dev A version of {canCall} that checks for admin restrictions in this contract.
|
686
|
-
*/
|
687
|
-
function _canCallSelf(address caller, bytes calldata data) private view returns (bool immediate, uint32 delay) {
|
688
|
-
if (data.length < 4) {
|
689
|
-
return (false, 0);
|
690
|
-
}
|
691
|
-
|
692
|
-
if (caller == address(this)) {
|
693
|
-
// Caller is AccessManager, this means the call was sent through {execute} and it already checked
|
694
|
-
// permissions. We verify that the call "identifier", which is set during {execute}, is correct.
|
695
|
-
return (_isExecuting(address(this), _checkSelector(data)), 0);
|
696
|
-
}
|
697
|
-
|
698
|
-
(bool enabled, uint64 roleId, uint32 operationDelay) = _getAdminRestrictions(data);
|
699
|
-
if (!enabled) {
|
700
|
-
return (false, 0);
|
701
|
-
}
|
702
|
-
|
703
|
-
(bool inRole, uint32 executionDelay) = hasRole(roleId, caller);
|
704
|
-
if (!inRole) {
|
705
|
-
return (false, 0);
|
706
|
-
}
|
707
|
-
|
708
|
-
// downcast is safe because both options are uint32
|
709
|
-
delay = uint32(Math.max(operationDelay, executionDelay));
|
710
|
-
return (delay == 0, delay);
|
711
|
-
}
|
712
|
-
|
713
|
-
/**
|
714
|
-
* @dev Returns true if a call with `target` and `selector` is being executed via {executed}.
|
715
|
-
*/
|
716
|
-
function _isExecuting(address target, bytes4 selector) private view returns (bool) {
|
717
|
-
AccessManagerStorage storage $ = _getAccessManagerCustomStorage();
|
718
|
-
return $._executionId == _hashExecutionId(target, selector);
|
719
|
-
}
|
720
|
-
|
721
|
-
/**
|
722
|
-
* @dev Returns true if a schedule timepoint is past its expiration deadline.
|
723
|
-
*/
|
724
|
-
function _isExpired(uint48 timepoint) private view returns (bool) {
|
725
|
-
return timepoint + expiration() <= Time.timestamp();
|
726
|
-
}
|
727
|
-
|
728
|
-
/**
|
729
|
-
* @dev Extracts the selector from calldata. Panics if data is not at least 4 bytes
|
730
|
-
*/
|
731
|
-
function _checkSelector(bytes calldata data) internal pure returns (bytes4) {
|
732
|
-
return bytes4(data[0:4]);
|
733
|
-
}
|
734
|
-
|
735
|
-
/**
|
736
|
-
* @dev Hashing function for execute protection
|
737
|
-
*/
|
738
|
-
function _hashExecutionId(address target, bytes4 selector) private pure returns (bytes32) {
|
739
|
-
return keccak256(abi.encode(target, selector));
|
740
|
-
}
|
741
|
-
}
|