npm - @etherisc/gif-next - Versions diffs - 0.0.2-da2c7dd-538 → 0.0.2-da87b00-860 - Mend

@etherisc/gif-next 0.0.2-da2c7dd-538 → 0.0.2-da87b00-860

Files changed (469) hide show

package/contracts/authorization/Authorization.sol CHANGED Viewed

@@ -1,131 +1,74 @@
 // SPDX-License-Identifier: Apache-2.0
 pragma solidity ^0.8.20;
-import {IAccess} from "./IAccess.sol";
 import {IAuthorization} from "./IAuthorization.sol";
-import {ObjectType, ObjectTypeLib, PRODUCT, ORACLE, DISTRIBUTION, POOL} from "../type/ObjectType.sol";
-import {RoleId, RoleIdLib, ADMIN_ROLE} from "../type/RoleId.sol";
-import {SelectorLib} from "../type/Selector.sol";
+import {ObjectType} from "../type/ObjectType.sol";
+import {RoleId, RoleIdLib} from "../type/RoleId.sol";
+import {ServiceAuthorization} from "../authorization/ServiceAuthorization.sol";
 import {Str, StrLib} from "../type/String.sol";
-import {TimestampLib} from "../type/Timestamp.sol";
-import {VersionPart, VersionPartLib} from "../type/Version.sol";
-contract Authorization
-    is IAuthorization
-{
-    uint256 public constant GIF_RELEASE = 3;
-    string public constant ROLE_NAME_SUFFIX = "Role";
-    string public constant SERVICE_ROLE_NAME_SUFFIX = "ServiceRole";
+contract Authorization is
+    ServiceAuthorization,
+    IAuthorization
+{
-    ObjectType[] internal _serviceDomains;
-    mapping(ObjectType domain => Str target) internal _serviceTarget;
+    // MUST match with AccessAdminLib.COMPONENT_ROLE_MIN
+    uint64 public constant COMPONENT_ROLE_MIN = 110000;
-    string internal _mainTargetName = "Component";
-    string internal _tokenHandlerName = "ComponentTH";
+    uint64 internal _nextGifContractRoleId;
-    Str internal _mainTarget;
+    string internal _tokenHandlerName = "ComponentTh";
     Str internal _tokenHandlerTarget;
-    Str[] internal _targets;
-    mapping(Str target => RoleId roleid) internal _targetRole;
-    mapping(Str target => bool exists) internal _targetExists;
-    RoleId[] internal _roles;
-    mapping(RoleId role => RoleInfo info) internal _roleInfo;
-    mapping(Str target => RoleId[] authorizedRoles) internal _authorizedRoles;
-    mapping(Str target => mapping(RoleId authorizedRole => IAccess.FunctionInfo[] functions)) internal _authorizedFunctions;
     constructor(
         string memory mainTargetName,
-        ObjectType targetDomain
+        ObjectType domain,
+        uint8 release,
+        string memory commitHash,
+        bool isComponent,
+        bool includeTokenHandler
     )
+        ServiceAuthorization(mainTargetName, domain, release, commitHash)
     {
-        // checks
-        if (bytes(mainTargetName).length == 0) {
-            revert ErrorAuthorizationMainTargetNameEmpty();
-        }
-        if (targetDomain.eqz()) {
-            revert ErrorAuthorizationTargetDomainZero();
-        }
+        _nextGifContractRoleId = 10;
-        // effects
-        // setup main target, main role id and main role info
-        _mainTargetName = mainTargetName;
-        _tokenHandlerName = string(abi.encodePacked(mainTargetName, "TH"));
+        // setup main target
+        if (isComponent) {
+            if (domain.eqz()) {
+                revert ErrorAuthorizationTargetDomainZero();
+            }
-        RoleId mainRoleId = RoleIdLib.toComponentRoleId(targetDomain, 0);
-        string memory mainRolName = _toTargetRoleName(mainTargetName);
+            RoleId mainRoleId = RoleIdLib.toRoleId(COMPONENT_ROLE_MIN);
+            string memory mainRolName = _toTargetRoleName(_mainTargetName);
-        _addTargetWithRole(
-            _mainTargetName,
-            mainRoleId,
-            mainRolName);
-        _mainTarget = StrLib.toStr(mainTargetName);
-        _targetRole[_mainTarget] = mainRoleId;
-        // add token handler target for components
-        if (targetDomain == PRODUCT()
-            || targetDomain == DISTRIBUTION()
-            || targetDomain == ORACLE()
-            || targetDomain == POOL()
-        ) {
-            _addTarget(_tokenHandlerName);
+            _addTargetWithRole(
+                _mainTargetName,
+                mainRoleId,
+                mainRolName);
+        } else {
+            _addGifTarget(_mainTargetName);
         }
-        // setup token handler target
-        _tokenHandlerTarget = StrLib.toStr(_tokenHandlerName);
         // setup use case specific parts
         _setupServiceTargets();
         _setupRoles(); // not including main target role
         _setupTargets(); // not including main target (and token handler target)
-        _setupTokenHandlerAuthorizations();
         _setupTargetAuthorizations(); // not including token handler target
-    }
-    function getServiceDomains() external view returns(ObjectType[] memory serviceDomains) {
-        return _serviceDomains;
-    }
-    function getComponentRole(ObjectType componentDomain) public view returns(RoleId roleId) {
-        return RoleIdLib.toComponentRoleId(componentDomain, 0);
-    }
-    function getServiceRole(ObjectType serviceDomain) public virtual pure returns (RoleId serviceRoleId) {
-        return RoleIdLib.roleForTypeAndVersion(
-            serviceDomain,
-            getRelease());
-    }
-    function getServiceTarget(ObjectType serviceDomain) external view returns(Str serviceTarget) {
-        return _serviceTarget[serviceDomain];
-    }
-    function getRoles() external view returns(RoleId[] memory roles) {
-        return _roles;
-    }
-    function roleExists(RoleId roleId) public view returns(bool exists) {
-        return _roleInfo[roleId].roleType != RoleType.Undefined;
-    }
-    function getRoleInfo(RoleId roleId) external view returns (RoleInfo memory info) {
-        return _roleInfo[roleId];
-    }
+        // setup component token handler
+        if (includeTokenHandler) {
+            _tokenHandlerName = string(abi.encodePacked(mainTargetName, "Th"));
+            _tokenHandlerTarget = StrLib.toStr(_tokenHandlerName);
+            _addTarget(_tokenHandlerName);
+            _setupTokenHandlerAuthorizations();
+        }
-    function getMainTargetName() public virtual view returns (string memory name) {
-        return _mainTargetName;
+        _registerInterfaceNotInitializing(type(IAuthorization).interfaceId);
     }
-    function getMainTarget() public view returns(Str) {
-        return _mainTarget;
-    }
     function getTokenHandlerName() public view returns(string memory) {
         return _tokenHandlerName;
@@ -135,7 +78,7 @@ contract Authorization
         return _tokenHandlerTarget;
     }
-    function getTarget(string memory targetName) public view returns(Str target) {
+    function getTarget(string memory targetName) public pure returns(Str target) {
         return StrLib.toStr(targetName);
     }
@@ -147,97 +90,31 @@ contract Authorization
         return target == _mainTarget || _targetExists[target];
     }
-    function getTargetRole(Str target) external view returns(RoleId roleId) {
-        return _targetRole[target];
-    }
-    function getAuthorizedRoles(Str target) external view returns(RoleId[] memory roleIds) {
-        return _authorizedRoles[target];
-    }
-    function getAuthorizedFunctions(Str target, RoleId roleId) external view returns(IAccess.FunctionInfo[] memory authorizatedFunctions) {
-        return _authorizedFunctions[target][roleId];
-    }
-    function getRelease() public virtual pure returns(VersionPart release) {
-        return VersionPartLib.toVersionPart(GIF_RELEASE);
-    }
     /// @dev Sets up the relevant service targets for the component.
     /// Overwrite this function for use case specific authorizations.
+    // solhint-disable-next-line no-empty-blocks
     function _setupServiceTargets() internal virtual { }
     /// @dev Sets up the relevant (non-service) targets for the component.
     /// Overwrite this function for use case specific authorizations.
+    // solhint-disable-next-line no-empty-blocks
     function _setupTargets() internal virtual { }
     /// @dev Sets up the relevant roles for the component.
     /// Overwrite this function for use case specific authorizations.
+    // solhint-disable-next-line no-empty-blocks
     function _setupRoles() internal virtual {}
     /// @dev Sets up the relevant component's token handler authorizations.
     /// Overwrite this function for use case specific authorizations.
+    // solhint-disable-next-line no-empty-blocks
     function _setupTokenHandlerAuthorizations() internal virtual {}
     /// @dev Sets up the relevant target authorizations for the component.
     /// Overwrite this function for use case specific authorizations.
+    // solhint-disable-next-line no-empty-blocks
     function _setupTargetAuthorizations() internal virtual {}
-    /// @dev Add the service target role for the specified service domain
-    function _addServiceTargetWithRole(ObjectType serviceDomain) internal {
-        // add service domain
-        _serviceDomains.push(serviceDomain);
-        // get versioned target name
-        string memory serviceTargetName = ObjectTypeLib.toVersionedName(
-                ObjectTypeLib.toName(serviceDomain),
-                "Service",
-                getRelease().toInt());
-        _serviceTarget[serviceDomain] = StrLib.toStr(serviceTargetName);
-        RoleId serviceRoleId = getServiceRole(serviceDomain);
-        string memory serviceRoleName = ObjectTypeLib.toVersionedName(
-                ObjectTypeLib.toName(serviceDomain),
-                "ServiceRole",
-                getRelease().toInt());
-        _addTargetWithRole(
-            serviceTargetName,
-            serviceRoleId,
-            serviceRoleName);
-    }
-    /// @dev Use this method to to add an authorized role.
-    function _addRole(RoleId roleId, RoleInfo memory info) internal {
-        _roles.push(roleId);
-        _roleInfo[roleId] = info;
-    }
-    /// @dev Add a contract role for the provided role id and name.
-    function _addContractRole(RoleId roleId, string memory name) internal {
-        _addRole(
-            roleId,
-            _toRoleInfo(
-                ADMIN_ROLE(),
-                RoleType.Contract,
-                1,
-                name));
-    }
-    /// @dev Add the versioned service role for the specified service domain
-    function _addServiceRole(ObjectType serviceDomain) internal {
-        _addContractRole(
-            getServiceRole(serviceDomain),
-            ObjectTypeLib.toVersionedName(
-                ObjectTypeLib.toName(serviceDomain),
-                SERVICE_ROLE_NAME_SUFFIX,
-                getRelease().toInt()));
-    }
     /// @dev Add a contract role for the provided role id and name.
     function _addCustomRole(RoleId roleId, RoleId adminRoleId, uint32 maxMemberCount, string memory name) internal {
@@ -250,31 +127,18 @@ contract Authorization
                 name));
     }
+    /// @dev Add a gif target with its corresponding contract role
+    function _addGifTarget(string memory contractName) internal {
+        RoleId contractRoleId = RoleIdLib.toRoleId(_nextGifContractRoleId++);
+        string memory contractRoleName = string(
+            abi.encodePacked(
+                contractName,
+                ROLE_NAME_SUFFIX));
-    /// @dev Use this method to to add an authorized target together with its target role.
-    function _addTargetWithRole(
-        string memory targetName,
-        RoleId roleId,
-        string memory roleName
-    )
-        internal
-    {
-        // add target
-        Str target = StrLib.toStr(targetName);
-        _targets.push(target);
-        _targetExists[target] = true;
-        // link role to target if defined
-        if (roleId != RoleIdLib.zero()) {
-            // add role if new
-            if (!roleExists(roleId)) {
-                _addContractRole(roleId, roleName);
-            }
-            // link target to role
-            _targetRole[target] = roleId;
-        }
+        _addTargetWithRole(
+            contractName,
+            contractRoleId,
+            contractRoleName);
     }
@@ -284,54 +148,22 @@ contract Authorization
     }
-    /// @dev Use this method to authorize the specified role to access the target.
-    function _authorizeForTarget(string memory target, RoleId authorizedRoleId)
-        internal
-        returns (IAccess.FunctionInfo[] storage authorizatedFunctions)
-    {
-        Str targetStr = StrLib.toStr(target);
-        _authorizedRoles[targetStr].push(authorizedRoleId);
-        return _authorizedFunctions[targetStr][authorizedRoleId];
-    }
-    /// @dev Use this method to authorize a specific function authorization
-    function _authorize(IAccess.FunctionInfo[] storage functions, bytes4 selector, string memory name) internal {
-        functions.push(
-            IAccess.FunctionInfo({
-                selector: SelectorLib.toSelector(selector),
-                name: StrLib.toStr(name),
-                createdAt: TimestampLib.blockTimestamp()}));
-    }
-    /// @dev role id for targets registry, staking and instance
+    /// @dev Role id for targets registry, staking and instance
     function _toTargetRoleId(ObjectType targetDomain)
         internal
         pure
         returns (RoleId targetRoleId)
     {
-        return RoleIdLib.roleForType(targetDomain);
+        return RoleIdLib.toRoleId(100 * targetDomain.toInt());
     }
+    /// @dev Returns the role name for the specified target name
     function _toTargetRoleName(string memory targetName) internal pure returns (string memory) {
         return string(
             abi.encodePacked(
                 targetName,
                 ROLE_NAME_SUFFIX));
     }
-    /// @dev creates a role info object from the provided parameters
-    function _toRoleInfo(RoleId adminRoleId, RoleType roleType, uint32 maxMemberCount, string memory name) internal view returns (RoleInfo memory info) {
-        return RoleInfo({
-            name: StrLib.toStr(name),
-            adminRoleId: adminRoleId,
-            roleType: roleType,
-            maxMemberCount: maxMemberCount,
-            createdAt: TimestampLib.blockTimestamp(),
-            pausedAt: TimestampLib.max()});
-    }
 }

package/contracts/authorization/IAccess.sol CHANGED Viewed

@@ -10,38 +10,56 @@ interface IAccess {
     enum RoleType {
         Undefined, // no role must have this type
+        Core, // GIF core roles
         Contract, // roles assigned to contracts, cannot be revoked
-        Gif, // framework roles that may be freely assigned and revoked
+        Custom // use case specific rules for components
+    }
+    enum TargetType {
+        Undefined, // no target must have this type
+        Core, // GIF core contracts
+        GenericService, // release independent service contracts
+        Service, // service contracts
+        Instance, // instance contracts
+        Component, // instance contracts
         Custom // use case specific rules for components
     }
     struct RoleInfo {
-        RoleId adminRoleId;
-        RoleType roleType;
-        uint32 maxMemberCount;
+        // slot 0
+        RoleId adminRoleId;
+        RoleType roleType;
+        uint32 maxMemberCount;
+        Timestamp createdAt;
+        Timestamp pausedAt;
+        // slot 1
         Str name;
-        Timestamp createdAt;
-        Timestamp pausedAt;
     }
+    // TODO recalc slot allocation
     struct TargetInfo {
         Str name;
-        bool isCustom;
+        TargetType targetType;
+        RoleId roleId;
         Timestamp createdAt;
     }
     struct FunctionInfo {
+        // slot 0
         Str name; // function name
+        // slot 1
         Selector selector; // function selector
         Timestamp createdAt;
     }
     struct RoleNameInfo {
+        // slot 0
         RoleId roleId;
         bool exists;
     }
     struct TargeNameInfo {
+        // slot 0
         address target;
         bool exists;
     }

package/contracts/authorization/IAccessAdmin.sol CHANGED Viewed

@@ -4,113 +4,114 @@ pragma solidity ^0.8.20;
 import {IAccessManaged} from "@openzeppelin/contracts/access/manager/IAccessManaged.sol";
 import {IAccess} from "./IAccess.sol";
+import {IAuthorization} from "./IAuthorization.sol";
 import {IRegistryLinked} from "../shared/IRegistryLinked.sol";
+import {IRelease} from "../registry/IRelease.sol";
+import {NftId} from "../type/NftId.sol";
+import {ObjectType} from "../type/ObjectType.sol";
 import {RoleId} from "../type/RoleId.sol";
-import {Selector} from "../type/Selector.sol";
 import {Str} from "../type/String.sol";
 import {VersionPart} from "../type/Version.sol";
+/// @dev Base interface for registry admin, release admin, and instance admin
 interface IAccessAdmin is
     IAccessManaged,
     IAccess,
-    IRegistryLinked
+    IRegistryLinked,
+    IRelease
 {
     // roles, targets and functions
-    event LogAccessAdminRoleCreated(RoleId roleId, RoleType roleType, RoleId roleAdminId, string name);
-    event LogAccessAdminTargetCreated(address target, string name);
+    event LogAccessAdminRoleCreated(string admin, RoleId roleId, RoleType roleType, RoleId roleAdminId, string name);
+    event LogAccessAdminTargetCreated(string admin, string name, bool managed, address target, RoleId roleId);
-    event LogAccessAdminRoleGranted(address account, string roleName);
-    event LogAccessAdminRoleRevoked(address account, string roleName);
-    event LogAccessAdminFunctionGranted(address target, string functionName, string roleName);
+    event LogAccessAdminRoleGranted(string admin, address account, string roleName);
+    event LogAccessAdminRoleRevoked(string admin, address account, string roleName);
+    event LogAccessAdminFunctionGranted(string admin, address target, string func);
     // only deployer modifier
-    error ErrorNotDeployer();
+    error ErrorAccessAdminNotDeployer();
     // only role admin modifier
-    error ErrorNotAdminOfRole(RoleId adminRoleId);
+    error ErrorAccessAdminNotAdminOfRole(RoleId adminRoleId, address account);
     // only role owner modifier
-    error ErrorNotRoleOwner(RoleId roleId);
+    error ErrorAccessAdminNotRoleOwner(RoleId roleId, address account);
+    // role management
+    error ErrorAccessAdminInvalidUserOfAdminRole();
+    error ErrorAccessAdminInvalidUserOfPublicRole();
+    error ErrorAccessAdminRoleNotCustom(RoleId roleId);
+    // initialization
+    error ErrorAccessAdminNotRegistry(address registry);
+    error ErrorAccessAdminAuthorityNotContract(address authority);
+    error ErrorAccessAdminAccessManagerNotAccessManager(address authority);
+    error ErrorAccessAdminAccessManagerEmptyName();
+    // check target
+    error ErrorAccessAdminInvalidTargetType(address target, TargetType targetType);
+    error ErrorAccessAdminInvalidServiceType(address target, TargetType serviceTargetType);
+    error ErrorAccessAdminTargetNotCreated(address target);
+    error ErrorAccessAdminTargetNotRegistered(address target);
+    error ErrorAccessAdminTargetTypeMismatch(address target, ObjectType expectedType, ObjectType actualType);
+    // check authorization
+    error ErrorAccessAdminAlreadyInitialized(address authorization);
+    error ErrorAccessAdminNotAuthorization(address authorization);
+    error ErrorAccessAdminNotServiceAuthorization(address serviceAuthorization);
+    error ErrorAccessAdminDomainMismatch(address authorization, ObjectType expectedDomain, ObjectType actualDomain);
+    error ErrorAccessAdminReleaseMismatch(address authorization, VersionPart expectedRelease, VersionPart actualRelease);
+    // link to nft
+    error ErrorAccessAdminNotRegistered(address registerable);
     // initialize authority
-    error ErrorAdminRoleMissing();
+    error ErrorAccessAdminAdminRoleMissing();
     // create role
-    error ErrorRoleAlreadyCreated(RoleId roleId, string name);
-    error ErrorRoleAdminNotExisting(RoleId adminRoleId);
-    error ErrorRoleNameEmpty(RoleId roleId);
-    error ErrorRoleNameAlreadyExists(RoleId roleId, string name, RoleId existingRoleId);
+    error ErrorAccessAdminRoleAlreadyCreated(RoleId roleId, string name);
+    error ErrorAccessAdminRoleAdminNotExisting(RoleId adminRoleId);
+    error ErrorAccessAdminRoleNameEmpty(RoleId roleId);
+    error ErrorAccessAdminRoleNameAlreadyExists(RoleId roleId, string name, RoleId existingRoleId);
     // grant/revoke/renounce role
-    error ErrorRoleUnknown(RoleId roleId);
-    error ErrorRoleIsLocked(RoleId roleId);
-    error ErrorRoleIsPaused(RoleId roleId);
-    error ErrorRoleMembersLimitReached(RoleId roleId, uint256 memberCountLimit);
-    error ErrorRoleMemberNotContract(RoleId roleId, address notContract);
-    error ErrorRoleMemberRemovalDisabled(RoleId roleId, address expectedMember);
+    error ErrorAccessAdminRoleUnknown(RoleId roleId);
+    error ErrorAccessAdminRoleIsLocked(RoleId roleId);
+    error ErrorAccessAdminRoleIsPaused(RoleId roleId);
+    error ErrorAccessAdminRoleMembersLimitReached(RoleId roleId, uint256 memberCountLimit);
+    error ErrorAccessAdminRoleMemberNotContract(RoleId roleId, address notContract);
+    error ErrorAccessAdminRoleMemberRemovalDisabled(RoleId roleId, address expectedMember);
     // create target
-    error ErrorTargetAlreadyCreated(address target, string name);
-    error ErrorTargetNameEmpty(address target);
-    error ErrorTargetNameAlreadyExists(address target, string name, address existingTarget);
-    error ErrorTargetNotAccessManaged(address target);
-    error ErrorTargetAuthorityMismatch(address expectedAuthority, address actualAuthority);
+    error ErrorAccessAdminTargetAlreadyCreated(address target, string name);
+    error ErrorAccessAdminTargetNameEmpty(address target);
+    error ErrorAccessAdminTargetNameAlreadyExists(address target, string name, address existingTarget);
+    error ErrorAccessAdminTargetNotAccessManaged(address target);
+    error ErrorAccessAdminTargetAuthorityMismatch(address expectedAuthority, address actualAuthority);
     // lock target
-    error ErrorTagetNotLockable();
-    error ErrorTargetAlreadyLocked(address target, bool isLocked);
+    error ErrorAccessAdminTagetNotLockable();
+    error ErrorAccessAdminTargetAlreadyLocked(address target, bool isLocked);
     // authorize target functions
-    error ErrorAuthorizeForAdminRoleInvalid(address target);
+    error ErrorAccessAdminAuthorizeForAdminRoleInvalid(address target);
+    // toFunction
+    error ErrorAccessAdminSelectorZero();
+    error ErrorAccessAdminFunctionNameEmpty();
     // check target
-    error ErrorTargetUnknown(address target);
-    /// @dev Set the disabled status of the speicified role.
-    /// Role disabling only prevents the role from being granted to new accounts.
-    /// Existing role members may still execute functions that are authorized for that role.
-    /// Permissioned: the caller must have the manager role (getManagerRole).
-    // TODO move to instance admin
-    // function setRoleDisabled(RoleId roleId, bool disabled) external;
-    /// @dev Grant the specified account the provided role.
-    /// Permissioned: the caller must have the roles admin role.
-    // TODO move to instance admin
-    // function grantRole(address account, RoleId roleId) external;
-    /// @dev Revoke the provided role from the specified account.
-    /// Permissioned: the caller must have the roles admin role.
-    // TODO move to instance admin
-    // function revokeRole(address account, RoleId roleId) external;
-    /// @dev Removes the provided role from the caller
-    // TODO move to instance admin
-    // function renounceRole(RoleId roleId) external;
-    /// @dev Set the locked status of the speicified contract.
-    /// IMPORTANT: using this function the AccessManager might itself be put into locked state from which it cannot be unlocked again.
-    /// Overwrite this function if a different use case specific behaviour is required.
-    /// Alternatively, add specific function to just unlock this contract without a restricted() modifier.
-    /// Permissioned: the caller must have the manager role (getManagerRole).
-    // TODO move to instance admin
-    // function setTargetLocked(address target, bool locked) external;
-    /// @dev Specifies which functions of the target can be accessed by the provided role.
-    /// Previously existing authorizations will be overwritten.
-    /// Authorizing the admin role is not allowed, use function unauthorizedFunctions for this.
-    /// Permissioned: the caller must have the manager role (getManagerRole).
-    // TODO move to instance admin
-    // function authorizeFunctions(address target, RoleId roleId, FunctionInfo[] memory functions) external;
-    /// @dev Specifies for which functionss to remove any previous authorization
-    /// Permissioned: the caller must have the manager role (getManagerRole).
-    // TODO move to instance admin
-    // function unauthorizeFunctions(address target, FunctionInfo[] memory functions) external;
+    error ErrorAccessAdminTargetUnknown(address target);
     //--- view functions ----------------------------------------------------//
-    function getRelease() external view returns (VersionPart release);
+    function getAuthorization() external view returns (IAuthorization authorization);
+    function getLinkedNftId() external view returns (NftId linkedNftId);
+    function getLinkedOwner() external view returns (address linkedOwner);
+    function isLocked() external view returns (bool locked);
     function roles() external view returns (uint256 numberOfRoles);
     function getRoleId(uint256 idx) external view returns (RoleId roleId);
@@ -118,26 +119,26 @@ interface IAccessAdmin is
     function getPublicRole() external view returns (RoleId roleId);
     function roleExists(RoleId roleId) external view returns (bool exists);
+    function roleExists(string memory roleName) external view returns (bool exists);
+    function getRoleForName(string memory name) external view returns (RoleId roleId);
     function getRoleInfo(RoleId roleId) external view returns (RoleInfo memory roleInfo);
-    function getRoleForName(Str name) external view returns (RoleNameInfo memory);
+    function isRoleActive(RoleId roleId) external view returns (bool isActive);
+    function isRoleCustom(RoleId roleId) external view returns (bool isCustom);
-    function hasRole(address account, RoleId roleId) external view returns (bool);
-    function hasAdminRole(address account, RoleId roleId) external view returns (bool);
+    function isRoleMember(RoleId roleId, address account) external view returns (bool);
+    function isRoleAdmin(RoleId roleId, address account) external view returns (bool);
     function roleMembers(RoleId roleId) external view returns (uint256 numberOfMembers);
     function getRoleMember(RoleId roleId, uint256 idx) external view returns (address account);
     function targetExists(address target) external view returns (bool exists);
-    function isTargetLocked(address target) external view returns (bool locked);
+    function getTargetForName(Str name) external view returns (address target);
     function targets() external view returns (uint256 numberOfTargets);
     function getTargetAddress(uint256 idx) external view returns (address target);
     function getTargetInfo(address target) external view returns (TargetInfo memory targetInfo);
-    function getTargetForName(Str name) external view returns (address target);
+    function isTargetLocked(address target) external view returns (bool locked);
     function authorizedFunctions(address target) external view returns (uint256 numberOfFunctions);
     function getAuthorizedFunction(address target, uint256 idx) external view returns (FunctionInfo memory func, RoleId roleId);
-    function canCall(address caller, address target, Selector selector) external view returns (bool can);
-    function toRole(RoleId adminRoleId, RoleType roleType, uint32 maxMemberCount, string memory name) external view returns (RoleInfo memory);
-    function toFunction(bytes4 selector, string memory name) external view returns (FunctionInfo memory);
     function deployer() external view returns (address);
 }