npm - @etherisc/gif-next - Versions diffs - 0.0.2-da2c7dd-538 → 0.0.2-da87b00-860 - Mend

@etherisc/gif-next 0.0.2-da2c7dd-538 → 0.0.2-da87b00-860

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (469) hide show

package/contracts/authorization/Authorization.sol CHANGED Viewed

@@ -1,131 +1,74 @@
 // SPDX-License-Identifier: Apache-2.0
 pragma solidity ^0.8.20;
-import {IAccess} from "./IAccess.sol";
 import {IAuthorization} from "./IAuthorization.sol";
-import {ObjectType, ObjectTypeLib, PRODUCT, ORACLE, DISTRIBUTION, POOL} from "../type/ObjectType.sol";
-import {RoleId, RoleIdLib, ADMIN_ROLE} from "../type/RoleId.sol";
-import {SelectorLib} from "../type/Selector.sol";
+import {ObjectType} from "../type/ObjectType.sol";
+import {RoleId, RoleIdLib} from "../type/RoleId.sol";
+import {ServiceAuthorization} from "../authorization/ServiceAuthorization.sol";
 import {Str, StrLib} from "../type/String.sol";
-import {TimestampLib} from "../type/Timestamp.sol";
-import {VersionPart, VersionPartLib} from "../type/Version.sol";
-contract Authorization
-    is IAuthorization
-{
-    uint256 public constant GIF_RELEASE = 3;
-    string public constant ROLE_NAME_SUFFIX = "Role";
-    string public constant SERVICE_ROLE_NAME_SUFFIX = "ServiceRole";
+contract Authorization is
+    ServiceAuthorization,
+    IAuthorization
+{
-    ObjectType[] internal _serviceDomains;
-    mapping(ObjectType domain => Str target) internal _serviceTarget;
+    // MUST match with AccessAdminLib.COMPONENT_ROLE_MIN
+    uint64 public constant COMPONENT_ROLE_MIN = 110000;
-    string internal _mainTargetName = "Component";
-    string internal _tokenHandlerName = "ComponentTH";
+    uint64 internal _nextGifContractRoleId;
-    Str internal _mainTarget;
+    string internal _tokenHandlerName = "ComponentTh";
     Str internal _tokenHandlerTarget;
-    Str[] internal _targets;
-    mapping(Str target => RoleId roleid) internal _targetRole;
-    mapping(Str target => bool exists) internal _targetExists;
-    RoleId[] internal _roles;
-    mapping(RoleId role => RoleInfo info) internal _roleInfo;
-    mapping(Str target => RoleId[] authorizedRoles) internal _authorizedRoles;
-    mapping(Str target => mapping(RoleId authorizedRole => IAccess.FunctionInfo[] functions)) internal _authorizedFunctions;
     constructor(
         string memory mainTargetName,
-        ObjectType targetDomain
+        ObjectType domain,
+        uint8 release,
+        string memory commitHash,
+        bool isComponent,
+        bool includeTokenHandler
     )
+        ServiceAuthorization(mainTargetName, domain, release, commitHash)
     {
-        // checks
-        if (bytes(mainTargetName).length == 0) {
-            revert ErrorAuthorizationMainTargetNameEmpty();
-        }
-        if (targetDomain.eqz()) {
-            revert ErrorAuthorizationTargetDomainZero();
-        }
+        _nextGifContractRoleId = 10;
-        // effects
-        // setup main target, main role id and main role info
-        _mainTargetName = mainTargetName;
-        _tokenHandlerName = string(abi.encodePacked(mainTargetName, "TH"));
+        // setup main target
+        if (isComponent) {
+            if (domain.eqz()) {
+                revert ErrorAuthorizationTargetDomainZero();
+            }
-        RoleId mainRoleId = RoleIdLib.toComponentRoleId(targetDomain, 0);
-        string memory mainRolName = _toTargetRoleName(mainTargetName);
+            RoleId mainRoleId = RoleIdLib.toRoleId(COMPONENT_ROLE_MIN);
+            string memory mainRolName = _toTargetRoleName(_mainTargetName);
-        _addTargetWithRole(
-            _mainTargetName,
-            mainRoleId,
-            mainRolName);
-        _mainTarget = StrLib.toStr(mainTargetName);
-        _targetRole[_mainTarget] = mainRoleId;
-        // add token handler target for components
-        if (targetDomain == PRODUCT()
-            || targetDomain == DISTRIBUTION()
-            || targetDomain == ORACLE()
-            || targetDomain == POOL()
-        ) {
-            _addTarget(_tokenHandlerName);
+            _addTargetWithRole(
+                _mainTargetName,
+                mainRoleId,
+                mainRolName);
+        } else {
+            _addGifTarget(_mainTargetName);
         }
-        // setup token handler target
-        _tokenHandlerTarget = StrLib.toStr(_tokenHandlerName);
         // setup use case specific parts
         _setupServiceTargets();
         _setupRoles(); // not including main target role
         _setupTargets(); // not including main target (and token handler target)
-        _setupTokenHandlerAuthorizations();
         _setupTargetAuthorizations(); // not including token handler target
-    }
-    function getServiceDomains() external view returns(ObjectType[] memory serviceDomains) {
-        return _serviceDomains;
-    }
-    function getComponentRole(ObjectType componentDomain) public view returns(RoleId roleId) {
-        return RoleIdLib.toComponentRoleId(componentDomain, 0);
-    }
-    function getServiceRole(ObjectType serviceDomain) public virtual pure returns (RoleId serviceRoleId) {
-        return RoleIdLib.roleForTypeAndVersion(
-            serviceDomain,
-            getRelease());
-    }
-    function getServiceTarget(ObjectType serviceDomain) external view returns(Str serviceTarget) {
-        return _serviceTarget[serviceDomain];
-    }
-    function getRoles() external view returns(RoleId[] memory roles) {
-        return _roles;
-    }
-    function roleExists(RoleId roleId) public view returns(bool exists) {
-        return _roleInfo[roleId].roleType != RoleType.Undefined;
-    }
-    function getRoleInfo(RoleId roleId) external view returns (RoleInfo memory info) {
-        return _roleInfo[roleId];
-    }
+        // setup component token handler
+        if (includeTokenHandler) {
+            _tokenHandlerName = string(abi.encodePacked(mainTargetName, "Th"));
+            _tokenHandlerTarget = StrLib.toStr(_tokenHandlerName);
+            _addTarget(_tokenHandlerName);
+            _setupTokenHandlerAuthorizations();
+        }
-    function getMainTargetName() public virtual view returns (string memory name) {
-        return _mainTargetName;
+        _registerInterfaceNotInitializing(type(IAuthorization).interfaceId);
     }
-    function getMainTarget() public view returns(Str) {
-        return _mainTarget;
-    }
     function getTokenHandlerName() public view returns(string memory) {
         return _tokenHandlerName;
@@ -135,7 +78,7 @@ contract Authorization
         return _tokenHandlerTarget;
     }
-    function getTarget(string memory targetName) public view returns(Str target) {
+    function getTarget(string memory targetName) public pure returns(Str target) {
         return StrLib.toStr(targetName);
     }
@@ -147,97 +90,31 @@ contract Authorization
         return target == _mainTarget || _targetExists[target];
     }
-    function getTargetRole(Str target) external view returns(RoleId roleId) {
-        return _targetRole[target];
-    }
-    function getAuthorizedRoles(Str target) external view returns(RoleId[] memory roleIds) {
-        return _authorizedRoles[target];
-    }
-    function getAuthorizedFunctions(Str target, RoleId roleId) external view returns(IAccess.FunctionInfo[] memory authorizatedFunctions) {
-        return _authorizedFunctions[target][roleId];
-    }
-    function getRelease() public virtual pure returns(VersionPart release) {
-        return VersionPartLib.toVersionPart(GIF_RELEASE);
-    }
     /// @dev Sets up the relevant service targets for the component.
     /// Overwrite this function for use case specific authorizations.
+    // solhint-disable-next-line no-empty-blocks
     function _setupServiceTargets() internal virtual { }
     /// @dev Sets up the relevant (non-service) targets for the component.
     /// Overwrite this function for use case specific authorizations.
+    // solhint-disable-next-line no-empty-blocks
     function _setupTargets() internal virtual { }
     /// @dev Sets up the relevant roles for the component.
     /// Overwrite this function for use case specific authorizations.
+    // solhint-disable-next-line no-empty-blocks
     function _setupRoles() internal virtual {}
     /// @dev Sets up the relevant component's token handler authorizations.
     /// Overwrite this function for use case specific authorizations.
+    // solhint-disable-next-line no-empty-blocks
     function _setupTokenHandlerAuthorizations() internal virtual {}
     /// @dev Sets up the relevant target authorizations for the component.
     /// Overwrite this function for use case specific authorizations.
+    // solhint-disable-next-line no-empty-blocks
     function _setupTargetAuthorizations() internal virtual {}
-    /// @dev Add the service target role for the specified service domain
-    function _addServiceTargetWithRole(ObjectType serviceDomain) internal {
-        // add service domain
-        _serviceDomains.push(serviceDomain);
-        // get versioned target name
-        string memory serviceTargetName = ObjectTypeLib.toVersionedName(
-                ObjectTypeLib.toName(serviceDomain),
-                "Service",
-                getRelease().toInt());
-        _serviceTarget[serviceDomain] = StrLib.toStr(serviceTargetName);
-        RoleId serviceRoleId = getServiceRole(serviceDomain);
-        string memory serviceRoleName = ObjectTypeLib.toVersionedName(
-                ObjectTypeLib.toName(serviceDomain),
-                "ServiceRole",
-                getRelease().toInt());
-        _addTargetWithRole(
-            serviceTargetName,
-            serviceRoleId,
-            serviceRoleName);
-    }
-    /// @dev Use this method to to add an authorized role.
-    function _addRole(RoleId roleId, RoleInfo memory info) internal {
-        _roles.push(roleId);
-        _roleInfo[roleId] = info;
-    }
-    /// @dev Add a contract role for the provided role id and name.
-    function _addContractRole(RoleId roleId, string memory name) internal {
-        _addRole(
-            roleId,
-            _toRoleInfo(
-                ADMIN_ROLE(),
-                RoleType.Contract,
-                1,
-                name));
-    }
-    /// @dev Add the versioned service role for the specified service domain
-    function _addServiceRole(ObjectType serviceDomain) internal {
-        _addContractRole(
-            getServiceRole(serviceDomain),
-            ObjectTypeLib.toVersionedName(
-                ObjectTypeLib.toName(serviceDomain),
-                SERVICE_ROLE_NAME_SUFFIX,
-                getRelease().toInt()));
-    }
     /// @dev Add a contract role for the provided role id and name.
     function _addCustomRole(RoleId roleId, RoleId adminRoleId, uint32 maxMemberCount, string memory name) internal {
@@ -250,31 +127,18 @@ contract Authorization
                 name));
     }
+    /// @dev Add a gif target with its corresponding contract role
+    function _addGifTarget(string memory contractName) internal {
+        RoleId contractRoleId = RoleIdLib.toRoleId(_nextGifContractRoleId++);
+        string memory contractRoleName = string(
+            abi.encodePacked(
+                contractName,
+                ROLE_NAME_SUFFIX));
-    /// @dev Use this method to to add an authorized target together with its target role.
-    function _addTargetWithRole(
-        string memory targetName,
-        RoleId roleId,
-        string memory roleName
-    )
-        internal
-    {
-        // add target
-        Str target = StrLib.toStr(targetName);
-        _targets.push(target);
-        _targetExists[target] = true;
-        // link role to target if defined
-        if (roleId != RoleIdLib.zero()) {
-            // add role if new
-            if (!roleExists(roleId)) {
-                _addContractRole(roleId, roleName);
-            }
-            // link target to role
-            _targetRole[target] = roleId;
-        }
+        _addTargetWithRole(
+            contractName,
+            contractRoleId,
+            contractRoleName);
     }
@@ -284,54 +148,22 @@ contract Authorization
     }
-    /// @dev Use this method to authorize the specified role to access the target.
-    function _authorizeForTarget(string memory target, RoleId authorizedRoleId)
-        internal
-        returns (IAccess.FunctionInfo[] storage authorizatedFunctions)
-    {
-        Str targetStr = StrLib.toStr(target);
-        _authorizedRoles[targetStr].push(authorizedRoleId);
-        return _authorizedFunctions[targetStr][authorizedRoleId];
-    }
-    /// @dev Use this method to authorize a specific function authorization
-    function _authorize(IAccess.FunctionInfo[] storage functions, bytes4 selector, string memory name) internal {
-        functions.push(
-            IAccess.FunctionInfo({
-                selector: SelectorLib.toSelector(selector),
-                name: StrLib.toStr(name),
-                createdAt: TimestampLib.blockTimestamp()}));
-    }
-    /// @dev role id for targets registry, staking and instance
+    /// @dev Role id for targets registry, staking and instance
     function _toTargetRoleId(ObjectType targetDomain)
         internal
         pure
         returns (RoleId targetRoleId)
     {
-        return RoleIdLib.roleForType(targetDomain);
+        return RoleIdLib.toRoleId(100 * targetDomain.toInt());
     }
+    /// @dev Returns the role name for the specified target name
     function _toTargetRoleName(string memory targetName) internal pure returns (string memory) {
         return string(
             abi.encodePacked(
                 targetName,
                 ROLE_NAME_SUFFIX));
     }
-    /// @dev creates a role info object from the provided parameters
-    function _toRoleInfo(RoleId adminRoleId, RoleType roleType, uint32 maxMemberCount, string memory name) internal view returns (RoleInfo memory info) {
-        return RoleInfo({
-            name: StrLib.toStr(name),
-            adminRoleId: adminRoleId,
-            roleType: roleType,
-            maxMemberCount: maxMemberCount,
-            createdAt: TimestampLib.blockTimestamp(),
-            pausedAt: TimestampLib.max()});
-    }
 }

package/contracts/authorization/IAccess.sol CHANGED Viewed

@@ -10,38 +10,56 @@ interface IAccess {
     enum RoleType {
         Undefined, // no role must have this type
+        Core, // GIF core roles
         Contract, // roles assigned to contracts, cannot be revoked
-        Gif, // framework roles that may be freely assigned and revoked
+        Custom // use case specific rules for components
+    }
+    enum TargetType {
+        Undefined, // no target must have this type
+        Core, // GIF core contracts
+        GenericService, // release independent service contracts
+        Service, // service contracts
+        Instance, // instance contracts
+        Component, // instance contracts
         Custom // use case specific rules for components
     }
     struct RoleInfo {
-        RoleId adminRoleId;
-        RoleType roleType;
-        uint32 maxMemberCount;
+        // slot 0
+        RoleId adminRoleId;
+        RoleType roleType;
+        uint32 maxMemberCount;
+        Timestamp createdAt;
+        Timestamp pausedAt;
+        // slot 1
         Str name;
-        Timestamp createdAt;
-        Timestamp pausedAt;
     }
+    // TODO recalc slot allocation
     struct TargetInfo {
         Str name;
-        bool isCustom;
+        TargetType targetType;
+        RoleId roleId;
         Timestamp createdAt;
     }
     struct FunctionInfo {
+        // slot 0
         Str name; // function name
+        // slot 1
         Selector selector; // function selector
         Timestamp createdAt;
     }
     struct RoleNameInfo {
+        // slot 0
         RoleId roleId;
         bool exists;
     }
     struct TargeNameInfo {
+        // slot 0
         address target;
         bool exists;
     }

package/contracts/authorization/IAccessAdmin.sol CHANGED Viewed

@@ -4,113 +4,114 @@ pragma solidity ^0.8.20;
 import {IAccessManaged} from "@openzeppelin/contracts/access/manager/IAccessManaged.sol";
 import {IAccess} from "./IAccess.sol";
+import {IAuthorization} from "./IAuthorization.sol";
 import {IRegistryLinked} from "../shared/IRegistryLinked.sol";
+import {IRelease} from "../registry/IRelease.sol";
+import {NftId} from "../type/NftId.sol";
+import {ObjectType} from "../type/ObjectType.sol";
 import {RoleId} from "../type/RoleId.sol";
-import {Selector} from "../type/Selector.sol";
 import {Str} from "../type/String.sol";
 import {VersionPart} from "../type/Version.sol";
+/// @dev Base interface for registry admin, release admin, and instance admin
 interface IAccessAdmin is
     IAccessManaged,
     IAccess,
-    IRegistryLinked
+    IRegistryLinked,
+    IRelease
 {
     // roles, targets and functions
-    event LogAccessAdminRoleCreated(RoleId roleId, RoleType roleType, RoleId roleAdminId, string name);
-    event LogAccessAdminTargetCreated(address target, string name);
+    event LogAccessAdminRoleCreated(string admin, RoleId roleId, RoleType roleType, RoleId roleAdminId, string name);
+    event LogAccessAdminTargetCreated(string admin, string name, bool managed, address target, RoleId roleId);
-    event LogAccessAdminRoleGranted(address account, string roleName);
-    event LogAccessAdminRoleRevoked(address account, string roleName);
-    event LogAccessAdminFunctionGranted(address target, string functionName, string roleName);
+    event LogAccessAdminRoleGranted(string admin, address account, string roleName);
+    event LogAccessAdminRoleRevoked(string admin, address account, string roleName);
+    event LogAccessAdminFunctionGranted(string admin, address target, string func);
     // only deployer modifier
-    error ErrorNotDeployer();
+    error ErrorAccessAdminNotDeployer();
     // only role admin modifier
-    error ErrorNotAdminOfRole(RoleId adminRoleId);
+    error ErrorAccessAdminNotAdminOfRole(RoleId adminRoleId, address account);
     // only role owner modifier
-    error ErrorNotRoleOwner(RoleId roleId);
+    error ErrorAccessAdminNotRoleOwner(RoleId roleId, address account);
+    // role management
+    error ErrorAccessAdminInvalidUserOfAdminRole();
+    error ErrorAccessAdminInvalidUserOfPublicRole();
+    error ErrorAccessAdminRoleNotCustom(RoleId roleId);
+    // initialization
+    error ErrorAccessAdminNotRegistry(address registry);
+    error ErrorAccessAdminAuthorityNotContract(address authority);
+    error ErrorAccessAdminAccessManagerNotAccessManager(address authority);
+    error ErrorAccessAdminAccessManagerEmptyName();
+    // check target
+    error ErrorAccessAdminInvalidTargetType(address target, TargetType targetType);
+    error ErrorAccessAdminInvalidServiceType(address target, TargetType serviceTargetType);
+    error ErrorAccessAdminTargetNotCreated(address target);
+    error ErrorAccessAdminTargetNotRegistered(address target);
+    error ErrorAccessAdminTargetTypeMismatch(address target, ObjectType expectedType, ObjectType actualType);
+    // check authorization
+    error ErrorAccessAdminAlreadyInitialized(address authorization);
+    error ErrorAccessAdminNotAuthorization(address authorization);
+    error ErrorAccessAdminNotServiceAuthorization(address serviceAuthorization);
+    error ErrorAccessAdminDomainMismatch(address authorization, ObjectType expectedDomain, ObjectType actualDomain);
+    error ErrorAccessAdminReleaseMismatch(address authorization, VersionPart expectedRelease, VersionPart actualRelease);
+    // link to nft
+    error ErrorAccessAdminNotRegistered(address registerable);
     // initialize authority
-    error ErrorAdminRoleMissing();
+    error ErrorAccessAdminAdminRoleMissing();
     // create role
-    error ErrorRoleAlreadyCreated(RoleId roleId, string name);
-    error ErrorRoleAdminNotExisting(RoleId adminRoleId);
-    error ErrorRoleNameEmpty(RoleId roleId);
-    error ErrorRoleNameAlreadyExists(RoleId roleId, string name, RoleId existingRoleId);
+    error ErrorAccessAdminRoleAlreadyCreated(RoleId roleId, string name);
+    error ErrorAccessAdminRoleAdminNotExisting(RoleId adminRoleId);
+    error ErrorAccessAdminRoleNameEmpty(RoleId roleId);
+    error ErrorAccessAdminRoleNameAlreadyExists(RoleId roleId, string name, RoleId existingRoleId);
     // grant/revoke/renounce role
-    error ErrorRoleUnknown(RoleId roleId);
-    error ErrorRoleIsLocked(RoleId roleId);
-    error ErrorRoleIsPaused(RoleId roleId);
-    error ErrorRoleMembersLimitReached(RoleId roleId, uint256 memberCountLimit);
-    error ErrorRoleMemberNotContract(RoleId roleId, address notContract);
-    error ErrorRoleMemberRemovalDisabled(RoleId roleId, address expectedMember);
+    error ErrorAccessAdminRoleUnknown(RoleId roleId);
+    error ErrorAccessAdminRoleIsLocked(RoleId roleId);
+    error ErrorAccessAdminRoleIsPaused(RoleId roleId);
+    error ErrorAccessAdminRoleMembersLimitReached(RoleId roleId, uint256 memberCountLimit);
+    error ErrorAccessAdminRoleMemberNotContract(RoleId roleId, address notContract);
+    error ErrorAccessAdminRoleMemberRemovalDisabled(RoleId roleId, address expectedMember);
     // create target
-    error ErrorTargetAlreadyCreated(address target, string name);
-    error ErrorTargetNameEmpty(address target);
-    error ErrorTargetNameAlreadyExists(address target, string name, address existingTarget);
-    error ErrorTargetNotAccessManaged(address target);
-    error ErrorTargetAuthorityMismatch(address expectedAuthority, address actualAuthority);
+    error ErrorAccessAdminTargetAlreadyCreated(address target, string name);
+    error ErrorAccessAdminTargetNameEmpty(address target);
+    error ErrorAccessAdminTargetNameAlreadyExists(address target, string name, address existingTarget);
+    error ErrorAccessAdminTargetNotAccessManaged(address target);
+    error ErrorAccessAdminTargetAuthorityMismatch(address expectedAuthority, address actualAuthority);
     // lock target
-    error ErrorTagetNotLockable();
-    error ErrorTargetAlreadyLocked(address target, bool isLocked);
+    error ErrorAccessAdminTagetNotLockable();
+    error ErrorAccessAdminTargetAlreadyLocked(address target, bool isLocked);
     // authorize target functions
-    error ErrorAuthorizeForAdminRoleInvalid(address target);
+    error ErrorAccessAdminAuthorizeForAdminRoleInvalid(address target);
+    // toFunction
+    error ErrorAccessAdminSelectorZero();
+    error ErrorAccessAdminFunctionNameEmpty();
     // check target
-    error ErrorTargetUnknown(address target);
-    /// @dev Set the disabled status of the speicified role.
-    /// Role disabling only prevents the role from being granted to new accounts.
-    /// Existing role members may still execute functions that are authorized for that role.
-    /// Permissioned: the caller must have the manager role (getManagerRole).
-    // TODO move to instance admin
-    // function setRoleDisabled(RoleId roleId, bool disabled) external;
-    /// @dev Grant the specified account the provided role.
-    /// Permissioned: the caller must have the roles admin role.
-    // TODO move to instance admin
-    // function grantRole(address account, RoleId roleId) external;
-    /// @dev Revoke the provided role from the specified account.
-    /// Permissioned: the caller must have the roles admin role.
-    // TODO move to instance admin
-    // function revokeRole(address account, RoleId roleId) external;
-    /// @dev Removes the provided role from the caller
-    // TODO move to instance admin
-    // function renounceRole(RoleId roleId) external;
-    /// @dev Set the locked status of the speicified contract.
-    /// IMPORTANT: using this function the AccessManager might itself be put into locked state from which it cannot be unlocked again.
-    /// Overwrite this function if a different use case specific behaviour is required.
-    /// Alternatively, add specific function to just unlock this contract without a restricted() modifier.
-    /// Permissioned: the caller must have the manager role (getManagerRole).
-    // TODO move to instance admin
-    // function setTargetLocked(address target, bool locked) external;
-    /// @dev Specifies which functions of the target can be accessed by the provided role.
-    /// Previously existing authorizations will be overwritten.
-    /// Authorizing the admin role is not allowed, use function unauthorizedFunctions for this.
-    /// Permissioned: the caller must have the manager role (getManagerRole).
-    // TODO move to instance admin
-    // function authorizeFunctions(address target, RoleId roleId, FunctionInfo[] memory functions) external;
-    /// @dev Specifies for which functionss to remove any previous authorization
-    /// Permissioned: the caller must have the manager role (getManagerRole).
-    // TODO move to instance admin
-    // function unauthorizeFunctions(address target, FunctionInfo[] memory functions) external;
+    error ErrorAccessAdminTargetUnknown(address target);
     //--- view functions ----------------------------------------------------//
-    function getRelease() external view returns (VersionPart release);
+    function getAuthorization() external view returns (IAuthorization authorization);
+    function getLinkedNftId() external view returns (NftId linkedNftId);
+    function getLinkedOwner() external view returns (address linkedOwner);
+    function isLocked() external view returns (bool locked);
     function roles() external view returns (uint256 numberOfRoles);
     function getRoleId(uint256 idx) external view returns (RoleId roleId);
@@ -118,26 +119,26 @@ interface IAccessAdmin is
     function getPublicRole() external view returns (RoleId roleId);
     function roleExists(RoleId roleId) external view returns (bool exists);
+    function roleExists(string memory roleName) external view returns (bool exists);
+    function getRoleForName(string memory name) external view returns (RoleId roleId);
     function getRoleInfo(RoleId roleId) external view returns (RoleInfo memory roleInfo);
-    function getRoleForName(Str name) external view returns (RoleNameInfo memory);
+    function isRoleActive(RoleId roleId) external view returns (bool isActive);
+    function isRoleCustom(RoleId roleId) external view returns (bool isCustom);
-    function hasRole(address account, RoleId roleId) external view returns (bool);
-    function hasAdminRole(address account, RoleId roleId) external view returns (bool);
+    function isRoleMember(RoleId roleId, address account) external view returns (bool);
+    function isRoleAdmin(RoleId roleId, address account) external view returns (bool);
     function roleMembers(RoleId roleId) external view returns (uint256 numberOfMembers);
     function getRoleMember(RoleId roleId, uint256 idx) external view returns (address account);
     function targetExists(address target) external view returns (bool exists);
-    function isTargetLocked(address target) external view returns (bool locked);
+    function getTargetForName(Str name) external view returns (address target);
     function targets() external view returns (uint256 numberOfTargets);
     function getTargetAddress(uint256 idx) external view returns (address target);
     function getTargetInfo(address target) external view returns (TargetInfo memory targetInfo);
-    function getTargetForName(Str name) external view returns (address target);
+    function isTargetLocked(address target) external view returns (bool locked);
     function authorizedFunctions(address target) external view returns (uint256 numberOfFunctions);
     function getAuthorizedFunction(address target, uint256 idx) external view returns (FunctionInfo memory func, RoleId roleId);
-    function canCall(address caller, address target, Selector selector) external view returns (bool can);
-    function toRole(RoleId adminRoleId, RoleType roleType, uint32 maxMemberCount, string memory name) external view returns (RoleInfo memory);
-    function toFunction(bytes4 selector, string memory name) external view returns (FunctionInfo memory);
     function deployer() external view returns (address);
 }