@etherisc/gif-next 0.0.2-e922e07-736 → 0.0.2-e94f4c7-084

Sign up to get free protection for your applications and to get access to all the features.
Files changed (262) hide show
  1. package/README.md +6 -83
  2. package/artifacts/contracts/components/Component.sol/Component.dbg.json +1 -1
  3. package/artifacts/contracts/components/Component.sol/Component.json +68 -0
  4. package/artifacts/contracts/components/Distribution.sol/Distribution.dbg.json +1 -1
  5. package/artifacts/contracts/components/Distribution.sol/Distribution.json +84 -0
  6. package/artifacts/contracts/components/IComponent.sol/IComponent.dbg.json +1 -1
  7. package/artifacts/contracts/components/IComponent.sol/IComponent.json +158 -0
  8. package/artifacts/contracts/components/IDistributionComponent.sol/IDistributionComponent.dbg.json +1 -1
  9. package/artifacts/contracts/components/IDistributionComponent.sol/IDistributionComponent.json +158 -0
  10. package/artifacts/contracts/components/IPoolComponent.sol/IPoolComponent.dbg.json +1 -1
  11. package/artifacts/contracts/components/IPoolComponent.sol/IPoolComponent.json +184 -149
  12. package/artifacts/contracts/components/IProductComponent.sol/IProductComponent.dbg.json +1 -1
  13. package/artifacts/contracts/components/IProductComponent.sol/IProductComponent.json +158 -0
  14. package/artifacts/contracts/components/Pool.sol/Pool.dbg.json +1 -1
  15. package/artifacts/contracts/components/Pool.sol/Pool.json +114 -189
  16. package/artifacts/contracts/components/Product.sol/Product.dbg.json +1 -1
  17. package/artifacts/contracts/components/Product.sol/Product.json +68 -0
  18. package/artifacts/contracts/instance/AccessManagerUpgradeableInitializeable.sol/AccessManagerUpgradeableInitializeable.dbg.json +4 -0
  19. package/artifacts/contracts/instance/AccessManagerUpgradeableInitializeable.sol/AccessManagerUpgradeableInitializeable.json +1206 -0
  20. package/artifacts/contracts/instance/BundleManager.sol/BundleManager.dbg.json +1 -1
  21. package/artifacts/contracts/instance/BundleManager.sol/BundleManager.json +64 -50
  22. package/artifacts/contracts/instance/Cloneable.sol/Cloneable.dbg.json +1 -1
  23. package/artifacts/contracts/instance/Cloneable.sol/Cloneable.json +5 -0
  24. package/artifacts/contracts/instance/IInstance.sol/IInstance.dbg.json +1 -1
  25. package/artifacts/contracts/instance/IInstance.sol/IInstance.json +457 -268
  26. package/artifacts/contracts/instance/IInstanceService.sol/IInstanceService.dbg.json +1 -1
  27. package/artifacts/contracts/instance/IInstanceService.sol/IInstanceService.json +175 -51
  28. package/artifacts/contracts/instance/Instance.sol/Instance.dbg.json +1 -1
  29. package/artifacts/contracts/instance/Instance.sol/Instance.json +426 -476
  30. package/artifacts/contracts/instance/InstanceAccessManager.sol/InstanceAccessManager.dbg.json +1 -1
  31. package/artifacts/contracts/instance/InstanceAccessManager.sol/InstanceAccessManager.json +472 -126
  32. package/artifacts/contracts/instance/InstanceReader.sol/InstanceReader.dbg.json +1 -1
  33. package/artifacts/contracts/instance/InstanceReader.sol/InstanceReader.json +217 -169
  34. package/artifacts/contracts/instance/InstanceService.sol/InstanceService.dbg.json +1 -1
  35. package/artifacts/contracts/instance/InstanceService.sol/InstanceService.json +304 -210
  36. package/artifacts/contracts/instance/InstanceServiceManager.sol/InstanceServiceManager.dbg.json +1 -1
  37. package/artifacts/contracts/instance/InstanceServiceManager.sol/InstanceServiceManager.json +71 -23
  38. package/artifacts/contracts/instance/ObjectManager.sol/ObjectManager.dbg.json +1 -1
  39. package/artifacts/contracts/instance/ObjectManager.sol/ObjectManager.json +8 -13
  40. package/artifacts/contracts/instance/base/ComponentService.sol/ComponentService.dbg.json +1 -1
  41. package/artifacts/contracts/instance/base/ComponentService.sol/ComponentService.json +85 -30
  42. package/artifacts/contracts/instance/base/IKeyValueStore.sol/IKeyValueStore.dbg.json +1 -1
  43. package/artifacts/contracts/instance/base/ILifecycle.sol/ILifecycle.dbg.json +1 -1
  44. package/artifacts/contracts/instance/base/KeyValueStore.sol/KeyValueStore.dbg.json +1 -1
  45. package/artifacts/contracts/instance/base/KeyValueStore.sol/KeyValueStore.json +40 -10
  46. package/artifacts/contracts/instance/base/Lifecycle.sol/Lifecycle.dbg.json +1 -1
  47. package/artifacts/contracts/instance/base/Lifecycle.sol/Lifecycle.json +36 -11
  48. package/artifacts/contracts/instance/module/IAccess.sol/IAccess.dbg.json +1 -1
  49. package/artifacts/contracts/instance/module/IAccess.sol/IAccess.json +56 -73
  50. package/artifacts/contracts/instance/module/IBundle.sol/IBundle.dbg.json +1 -1
  51. package/artifacts/contracts/instance/module/IComponents.sol/IComponents.dbg.json +4 -0
  52. package/artifacts/contracts/instance/module/IComponents.sol/IComponents.json +10 -0
  53. package/artifacts/contracts/instance/module/IDistribution.sol/IDistribution.dbg.json +1 -1
  54. package/artifacts/contracts/instance/module/IPolicy.sol/IPolicy.dbg.json +1 -1
  55. package/artifacts/contracts/instance/module/IRisk.sol/IRisk.dbg.json +1 -1
  56. package/artifacts/contracts/instance/module/ISetup.sol/ISetup.dbg.json +1 -1
  57. package/artifacts/contracts/instance/module/ITreasury.sol/ITreasury.dbg.json +1 -1
  58. package/artifacts/contracts/instance/service/ApplicationService.sol/ApplicationService.dbg.json +1 -1
  59. package/artifacts/contracts/instance/service/ApplicationService.sol/ApplicationService.json +175 -83
  60. package/artifacts/contracts/instance/service/ApplicationServiceManager.sol/ApplicationServiceManager.dbg.json +1 -1
  61. package/artifacts/contracts/instance/service/ApplicationServiceManager.sol/ApplicationServiceManager.json +29 -13
  62. package/artifacts/contracts/instance/service/BundleService.sol/BundleService.dbg.json +1 -1
  63. package/artifacts/contracts/instance/service/BundleService.sol/BundleService.json +426 -233
  64. package/artifacts/contracts/instance/service/BundleServiceManager.sol/BundleServiceManager.dbg.json +1 -1
  65. package/artifacts/contracts/instance/service/BundleServiceManager.sol/BundleServiceManager.json +78 -14
  66. package/artifacts/contracts/instance/service/ClaimService.sol/ClaimService.dbg.json +1 -1
  67. package/artifacts/contracts/instance/service/ClaimService.sol/ClaimService.json +372 -86
  68. package/artifacts/contracts/instance/service/ClaimServiceManager.sol/ClaimServiceManager.dbg.json +1 -1
  69. package/artifacts/contracts/instance/service/ClaimServiceManager.sol/ClaimServiceManager.json +55 -7
  70. package/artifacts/contracts/instance/service/DistributionService.sol/DistributionService.dbg.json +1 -1
  71. package/artifacts/contracts/instance/service/DistributionService.sol/DistributionService.json +189 -139
  72. package/artifacts/contracts/instance/service/DistributionServiceManager.sol/DistributionServiceManager.dbg.json +1 -1
  73. package/artifacts/contracts/instance/service/DistributionServiceManager.sol/DistributionServiceManager.json +48 -56
  74. package/artifacts/contracts/instance/service/IApplicationService.sol/IApplicationService.dbg.json +1 -1
  75. package/artifacts/contracts/instance/service/IApplicationService.sol/IApplicationService.json +111 -40
  76. package/artifacts/contracts/instance/service/IBundleService.sol/IBundleService.dbg.json +1 -1
  77. package/artifacts/contracts/instance/service/IBundleService.sol/IBundleService.json +246 -170
  78. package/artifacts/contracts/instance/service/IClaimService.sol/IClaimService.dbg.json +1 -1
  79. package/artifacts/contracts/instance/service/IClaimService.sol/IClaimService.json +251 -58
  80. package/artifacts/contracts/instance/service/IDistributionService.sol/IDistributionService.dbg.json +1 -1
  81. package/artifacts/contracts/instance/service/IDistributionService.sol/IDistributionService.json +101 -24
  82. package/artifacts/contracts/instance/service/IPolicyService.sol/IPolicyService.dbg.json +1 -1
  83. package/artifacts/contracts/instance/service/IPolicyService.sol/IPolicyService.json +470 -41
  84. package/artifacts/contracts/instance/service/IPoolService.sol/IPoolService.dbg.json +1 -1
  85. package/artifacts/contracts/instance/service/IPoolService.sol/IPoolService.json +627 -14
  86. package/artifacts/contracts/instance/service/IProductService.sol/IProductService.dbg.json +1 -1
  87. package/artifacts/contracts/instance/service/IProductService.sol/IProductService.json +80 -14
  88. package/artifacts/contracts/instance/service/PolicyService.sol/PolicyService.dbg.json +1 -1
  89. package/artifacts/contracts/instance/service/PolicyService.sol/PolicyService.json +607 -85
  90. package/artifacts/contracts/instance/service/PolicyServiceManager.sol/PolicyServiceManager.dbg.json +1 -1
  91. package/artifacts/contracts/instance/service/PolicyServiceManager.sol/PolicyServiceManager.json +71 -19
  92. package/artifacts/contracts/instance/service/PoolService.sol/PoolService.dbg.json +1 -1
  93. package/artifacts/contracts/instance/service/PoolService.sol/PoolService.json +777 -55
  94. package/artifacts/contracts/instance/service/PoolServiceManager.sol/PoolServiceManager.dbg.json +1 -1
  95. package/artifacts/contracts/instance/service/PoolServiceManager.sol/PoolServiceManager.json +72 -12
  96. package/artifacts/contracts/instance/service/ProductService.sol/ProductService.dbg.json +1 -1
  97. package/artifacts/contracts/instance/service/ProductService.sol/ProductService.json +114 -51
  98. package/artifacts/contracts/instance/service/ProductServiceManager.sol/ProductServiceManager.dbg.json +1 -1
  99. package/artifacts/contracts/instance/service/ProductServiceManager.sol/ProductServiceManager.json +16 -12
  100. package/artifacts/contracts/registry/ChainNft.sol/ChainNft.dbg.json +1 -1
  101. package/artifacts/contracts/registry/ChainNft.sol/ChainNft.json +15 -2
  102. package/artifacts/contracts/registry/IRegistry.sol/IRegistry.dbg.json +1 -1
  103. package/artifacts/contracts/registry/IRegistry.sol/IRegistry.json +19 -0
  104. package/artifacts/contracts/registry/IRegistryService.sol/IRegistryService.dbg.json +1 -1
  105. package/artifacts/contracts/registry/IRegistryService.sol/IRegistryService.json +0 -24
  106. package/artifacts/contracts/registry/ITransferInterceptor.sol/ITransferInterceptor.dbg.json +1 -1
  107. package/artifacts/contracts/registry/ITransferInterceptor.sol/ITransferInterceptor.json +18 -0
  108. package/artifacts/contracts/registry/Registry.sol/Registry.dbg.json +1 -1
  109. package/artifacts/contracts/registry/Registry.sol/Registry.json +31 -12
  110. package/artifacts/contracts/registry/RegistryAccessManager.sol/RegistryAccessManager.dbg.json +1 -1
  111. package/artifacts/contracts/registry/RegistryAccessManager.sol/RegistryAccessManager.json +2 -2
  112. package/artifacts/contracts/registry/RegistryService.sol/RegistryService.dbg.json +1 -1
  113. package/artifacts/contracts/registry/RegistryService.sol/RegistryService.json +17 -36
  114. package/artifacts/contracts/registry/RegistryServiceManager.sol/RegistryServiceManager.dbg.json +1 -1
  115. package/artifacts/contracts/registry/RegistryServiceManager.sol/RegistryServiceManager.json +7 -7
  116. package/artifacts/contracts/registry/ReleaseManager.sol/ReleaseManager.dbg.json +1 -1
  117. package/artifacts/contracts/registry/ReleaseManager.sol/ReleaseManager.json +23 -11
  118. package/artifacts/contracts/registry/TokenRegistry.sol/TokenRegistry.dbg.json +1 -1
  119. package/artifacts/contracts/registry/TokenRegistry.sol/TokenRegistry.json +2 -2
  120. package/artifacts/contracts/shared/ContractDeployerLib.sol/ContractDeployerLib.dbg.json +1 -1
  121. package/artifacts/contracts/shared/ERC165.sol/ERC165.dbg.json +1 -1
  122. package/artifacts/contracts/shared/INftOwnable.sol/INftOwnable.dbg.json +1 -1
  123. package/artifacts/contracts/shared/IPolicyHolder.sol/IPolicyHolder.dbg.json +1 -1
  124. package/artifacts/contracts/shared/IRegisterable.sol/IRegisterable.dbg.json +1 -1
  125. package/artifacts/contracts/shared/IRegistryLinked.sol/IRegistryLinked.dbg.json +1 -1
  126. package/artifacts/contracts/shared/IService.sol/IService.dbg.json +1 -1
  127. package/artifacts/contracts/shared/IService.sol/IService.json +80 -14
  128. package/artifacts/contracts/shared/IVersionable.sol/IVersionable.dbg.json +1 -1
  129. package/artifacts/contracts/shared/NftOwnable.sol/NftOwnable.dbg.json +1 -1
  130. package/artifacts/contracts/shared/NftOwnable.sol/NftOwnable.json +2 -2
  131. package/artifacts/contracts/shared/PolicyHolder.sol/PolicyHolder.dbg.json +1 -1
  132. package/artifacts/contracts/shared/PolicyHolder.sol/PolicyHolder.json +2 -2
  133. package/artifacts/contracts/shared/ProxyManager.sol/ProxyManager.dbg.json +1 -1
  134. package/artifacts/contracts/shared/ProxyManager.sol/ProxyManager.json +2 -2
  135. package/artifacts/contracts/shared/Registerable.sol/Registerable.dbg.json +1 -1
  136. package/artifacts/contracts/shared/Registerable.sol/Registerable.json +2 -2
  137. package/artifacts/contracts/shared/RegistryLinked.sol/RegistryLinked.dbg.json +1 -1
  138. package/artifacts/contracts/shared/RegistryLinked.sol/RegistryLinked.json +2 -2
  139. package/artifacts/contracts/shared/Service.sol/Service.dbg.json +1 -1
  140. package/artifacts/contracts/shared/Service.sol/Service.json +86 -15
  141. package/artifacts/contracts/shared/TokenHandler.sol/TokenHandler.dbg.json +1 -1
  142. package/artifacts/contracts/shared/TokenHandler.sol/TokenHandler.json +2 -2
  143. package/artifacts/contracts/shared/UpgradableProxyWithAdmin.sol/UpgradableProxyWithAdmin.dbg.json +1 -1
  144. package/artifacts/contracts/shared/UpgradableProxyWithAdmin.sol/UpgradableProxyWithAdmin.json +2 -2
  145. package/artifacts/contracts/shared/Versionable.sol/Versionable.dbg.json +1 -1
  146. package/artifacts/contracts/test/TestFee.sol/TestFee.dbg.json +1 -1
  147. package/artifacts/contracts/test/TestFee.sol/TestFee.json +2 -2
  148. package/artifacts/contracts/test/TestRegisterable.sol/TestRegisterable.dbg.json +1 -1
  149. package/artifacts/contracts/test/TestRegisterable.sol/TestRegisterable.json +2 -2
  150. package/artifacts/contracts/test/TestRoleId.sol/TestRoleId.dbg.json +1 -1
  151. package/artifacts/contracts/test/TestRoleId.sol/TestRoleId.json +6 -6
  152. package/artifacts/contracts/test/TestService.sol/TestService.dbg.json +1 -1
  153. package/artifacts/contracts/test/TestService.sol/TestService.json +101 -26
  154. package/artifacts/contracts/test/TestToken.sol/TestUsdc.dbg.json +1 -1
  155. package/artifacts/contracts/test/TestVersion.sol/TestVersion.dbg.json +1 -1
  156. package/artifacts/contracts/test/TestVersion.sol/TestVersion.json +2 -2
  157. package/artifacts/contracts/test/TestVersionable.sol/TestVersionable.dbg.json +1 -1
  158. package/artifacts/contracts/test/TestVersionable.sol/TestVersionable.json +2 -2
  159. package/artifacts/contracts/test/Usdc.sol/USDC.dbg.json +1 -1
  160. package/artifacts/contracts/types/AddressSet.sol/LibAddressSet.dbg.json +1 -1
  161. package/artifacts/contracts/types/Amount.sol/AmountLib.dbg.json +4 -0
  162. package/artifacts/contracts/types/Amount.sol/AmountLib.json +209 -0
  163. package/artifacts/contracts/types/Blocknumber.sol/BlocknumberLib.dbg.json +1 -1
  164. package/artifacts/contracts/types/Blocknumber.sol/BlocknumberLib.json +2 -2
  165. package/artifacts/contracts/types/ChainId.sol/ChainIdLib.dbg.json +1 -1
  166. package/artifacts/contracts/types/ClaimId.sol/ClaimIdLib.dbg.json +1 -1
  167. package/artifacts/contracts/types/ClaimId.sol/ClaimIdLib.json +83 -4
  168. package/artifacts/contracts/types/DistributorType.sol/DistributorTypeLib.dbg.json +1 -1
  169. package/artifacts/contracts/types/DistributorType.sol/DistributorTypeLib.json +2 -2
  170. package/artifacts/contracts/types/Fee.sol/FeeLib.dbg.json +1 -1
  171. package/artifacts/contracts/types/Fee.sol/FeeLib.json +40 -9
  172. package/artifacts/contracts/types/Key32.sol/Key32Lib.dbg.json +1 -1
  173. package/artifacts/contracts/types/Key32.sol/Key32Lib.json +2 -2
  174. package/artifacts/contracts/types/NftId.sol/NftIdLib.dbg.json +1 -1
  175. package/artifacts/contracts/types/NftId.sol/NftIdLib.json +17 -4
  176. package/artifacts/contracts/types/NftIdSet.sol/LibNftIdSet.dbg.json +1 -1
  177. package/artifacts/contracts/types/NftIdSet.sol/LibNftIdSet.json +2 -2
  178. package/artifacts/contracts/types/NumberId.sol/NumberIdLib.dbg.json +1 -1
  179. package/artifacts/contracts/types/ObjectType.sol/ObjectTypeLib.dbg.json +1 -1
  180. package/artifacts/contracts/types/ObjectType.sol/ObjectTypeLib.json +2 -2
  181. package/artifacts/contracts/types/PayoutId.sol/PayoutIdLib.dbg.json +1 -1
  182. package/artifacts/contracts/types/PayoutId.sol/PayoutIdLib.json +116 -7
  183. package/artifacts/contracts/types/Referral.sol/ReferralLib.dbg.json +1 -1
  184. package/artifacts/contracts/types/Referral.sol/ReferralLib.json +2 -2
  185. package/artifacts/contracts/types/RiskId.sol/RiskIdLib.dbg.json +1 -1
  186. package/artifacts/contracts/types/RiskId.sol/RiskIdLib.json +2 -2
  187. package/artifacts/contracts/types/RoleId.sol/RoleIdLib.dbg.json +1 -1
  188. package/artifacts/contracts/types/RoleId.sol/RoleIdLib.json +2 -2
  189. package/artifacts/contracts/types/Seconds.sol/SecondsLib.dbg.json +1 -1
  190. package/artifacts/contracts/types/StateId.sol/StateIdLib.dbg.json +1 -1
  191. package/artifacts/contracts/types/StateId.sol/StateIdLib.json +2 -2
  192. package/artifacts/contracts/types/Timestamp.sol/TimestampLib.dbg.json +1 -1
  193. package/artifacts/contracts/types/Timestamp.sol/TimestampLib.json +17 -4
  194. package/artifacts/contracts/types/UFixed.sol/MathLib.dbg.json +1 -1
  195. package/artifacts/contracts/types/UFixed.sol/MathLib.json +2 -2
  196. package/artifacts/contracts/types/UFixed.sol/UFixedLib.dbg.json +1 -1
  197. package/artifacts/contracts/types/UFixed.sol/UFixedLib.json +2 -2
  198. package/artifacts/contracts/types/Version.sol/VersionLib.dbg.json +1 -1
  199. package/artifacts/contracts/types/Version.sol/VersionLib.json +2 -2
  200. package/artifacts/contracts/types/Version.sol/VersionPartLib.dbg.json +1 -1
  201. package/artifacts/contracts/types/Version.sol/VersionPartLib.json +2 -2
  202. package/contracts/components/Component.sol +42 -10
  203. package/contracts/components/Distribution.sol +6 -2
  204. package/contracts/components/IComponent.sol +9 -1
  205. package/contracts/components/IPoolComponent.sol +6 -44
  206. package/contracts/components/Pool.sol +50 -126
  207. package/contracts/components/Product.sol +141 -59
  208. package/contracts/instance/AccessManagerUpgradeableInitializeable.sol +13 -0
  209. package/contracts/instance/BundleManager.sol +9 -8
  210. package/contracts/instance/Cloneable.sol +7 -2
  211. package/contracts/instance/IInstance.sol +37 -27
  212. package/contracts/instance/IInstanceService.sol +18 -9
  213. package/contracts/instance/Instance.sol +117 -98
  214. package/contracts/instance/InstanceAccessManager.sol +388 -158
  215. package/contracts/instance/InstanceReader.sol +36 -12
  216. package/contracts/instance/InstanceService.sol +193 -204
  217. package/contracts/instance/ObjectManager.sol +6 -8
  218. package/contracts/instance/base/ComponentService.sol +17 -30
  219. package/contracts/instance/base/KeyValueStore.sol +13 -5
  220. package/contracts/instance/base/Lifecycle.sol +23 -6
  221. package/contracts/instance/module/IAccess.sol +21 -14
  222. package/contracts/instance/module/IBundle.sol +6 -4
  223. package/contracts/instance/module/IComponents.sol +41 -0
  224. package/contracts/instance/module/IPolicy.sol +11 -6
  225. package/contracts/instance/module/ISetup.sol +3 -16
  226. package/contracts/instance/service/ApplicationService.sol +25 -19
  227. package/contracts/instance/service/BundleService.sol +224 -80
  228. package/contracts/instance/service/ClaimService.sol +114 -26
  229. package/contracts/instance/service/DistributionService.sol +58 -77
  230. package/contracts/instance/service/IApplicationService.sol +3 -7
  231. package/contracts/instance/service/IBundleService.sol +72 -25
  232. package/contracts/instance/service/IClaimService.sol +46 -15
  233. package/contracts/instance/service/IDistributionService.sol +1 -0
  234. package/contracts/instance/service/IPolicyService.sol +72 -5
  235. package/contracts/instance/service/IPoolService.sol +85 -3
  236. package/contracts/instance/service/PolicyService.sol +320 -143
  237. package/contracts/instance/service/PoolService.sol +245 -18
  238. package/contracts/instance/service/ProductService.sol +31 -54
  239. package/contracts/registry/ChainNft.sol +8 -0
  240. package/contracts/registry/IRegistry.sol +2 -0
  241. package/contracts/registry/IRegistryService.sol +4 -3
  242. package/contracts/registry/ITransferInterceptor.sol +1 -0
  243. package/contracts/registry/Registry.sol +23 -20
  244. package/contracts/registry/RegistryService.sol +10 -11
  245. package/contracts/registry/ReleaseManager.sol +20 -18
  246. package/contracts/shared/IService.sol +4 -6
  247. package/contracts/shared/Service.sol +21 -7
  248. package/contracts/shared/TokenHandler.sol +11 -5
  249. package/contracts/test/TestService.sol +1 -1
  250. package/contracts/types/Amount.sol +70 -0
  251. package/contracts/types/Blocknumber.sol +1 -0
  252. package/contracts/types/ClaimId.sol +25 -2
  253. package/contracts/types/Fee.sol +13 -5
  254. package/contracts/types/NftId.sol +8 -0
  255. package/contracts/types/ObjectType.sol +6 -5
  256. package/contracts/types/PayoutId.sol +33 -5
  257. package/contracts/types/RoleId.sol +6 -4
  258. package/contracts/types/StateId.sol +7 -2
  259. package/contracts/types/Timestamp.sol +6 -0
  260. package/contracts/types/UFixed.sol +1 -0
  261. package/contracts/types/Version.sol +1 -0
  262. package/package.json +1 -1
@@ -1,290 +1,520 @@
1
1
  // SPDX-License-Identifier: Apache-2.0
2
2
  pragma solidity ^0.8.20;
3
3
 
4
- import {AccessManager} from "@openzeppelin/contracts/access/manager/AccessManager.sol";
5
4
  import {AccessManagedUpgradeable} from "@openzeppelin/contracts-upgradeable/access/manager/AccessManagedUpgradeable.sol";
6
5
  import {EnumerableSet} from "@openzeppelin/contracts/utils/structs/EnumerableSet.sol";
7
6
  import {ShortString, ShortStrings} from "@openzeppelin/contracts/utils/ShortStrings.sol";
8
7
 
9
- import {RoleId, RoleIdLib } from "../types/RoleId.sol";
8
+ import {RoleId, RoleIdLib, ADMIN_ROLE, PUBLIC_ROLE, INSTANCE_SERVICE_ROLE, INSTANCE_OWNER_ROLE, INSTANCE_ROLE} from "../types/RoleId.sol";
10
9
  import {TimestampLib} from "../types/Timestamp.sol";
10
+ import {NftId} from "../types/NftId.sol";
11
+
12
+ import {AccessManagerUpgradeableInitializeable} from "./AccessManagerUpgradeableInitializeable.sol";
13
+
14
+ import {IRegistry} from "../registry/IRegistry.sol";
15
+
16
+ import {IInstance} from "./IInstance.sol";
11
17
  import {IAccess} from "./module/IAccess.sol";
12
18
 
13
19
  contract InstanceAccessManager is
14
20
  AccessManagedUpgradeable
15
21
  {
22
+ event LogRoleCreation(RoleId roleId, ShortString name, IAccess.Type rtype);
23
+ event LogTargetCreation(address target, ShortString name, IAccess.Type ttype, bool isLocked);
24
+
16
25
  using RoleIdLib for RoleId;
17
26
 
18
27
  string public constant ADMIN_ROLE_NAME = "AdminRole";
19
28
  string public constant PUBLIC_ROLE_NAME = "PublicRole";
29
+ string public constant INSTANCE_ROLE_NAME = "InstanceRole";
30
+ string public constant INSTANCE_OWNER_ROLE_NAME = "InstanceOwnerRole";
20
31
 
21
- uint64 public constant CUSTOM_ROLE_ID_MIN = 10000;
32
+ uint64 public constant CUSTOM_ROLE_ID_MIN = 10000; // MUST be even
22
33
  uint32 public constant EXECUTION_DELAY = 0;
23
34
 
24
35
  // role specific state
25
- mapping(RoleId roleId => IAccess.RoleInfo info) internal _role;
36
+ mapping(RoleId roleId => IAccess.RoleInfo info) internal _roleInfo;
26
37
  mapping(RoleId roleId => EnumerableSet.AddressSet roleMembers) internal _roleMembers;
27
- mapping(ShortString name => RoleId roleId) internal _roleForName;
28
- RoleId [] internal _roles;
38
+ mapping(ShortString name => RoleId roleId) internal _roleIdForName;
39
+ RoleId [] internal _roleIds;
40
+ uint64 _idNext;
29
41
 
30
42
  // target specific state
31
- mapping(address target => IAccess.TargetInfo info) internal _target;
32
- mapping(ShortString name => address target) internal _targetForName;
43
+ mapping(address target => IAccess.TargetInfo info) internal _targetInfo;
44
+ mapping(ShortString name => address target) internal _targetAddressForName;
33
45
  address [] internal _targets;
34
46
 
35
- AccessManager internal _accessManager;
47
+ AccessManagerUpgradeableInitializeable internal _accessManager;
48
+ IRegistry internal _registry;
36
49
 
37
- function initialize(address initialAdmin) external initializer
50
+ modifier restrictedToRoleAdmin(RoleId roleId) {
51
+ RoleId admin = getRoleAdmin(roleId);
52
+ (bool inRole, uint32 executionDelay) = _accessManager.hasRole(admin.toInt(), _msgSender());
53
+ assert(executionDelay == 0); // to be sure no delayed execution functionality is used
54
+ if (!inRole) {
55
+ revert IAccess.ErrorIAccessCallerIsNotRoleAdmin(_msgSender(), roleId);
56
+ }
57
+ _;
58
+ }
59
+
60
+ // instance owner is granted upon instance nft minting in callback function
61
+ function initialize(address instanceAddress) external initializer
38
62
  {
39
- // if size of the contract gets too large, this can be externalized which will reduce the contract size considerably
40
- _accessManager = new AccessManager(address(this));
41
- // this service required admin rights to access manager to be able to grant/revoke roles
42
- _accessManager.grantRole(_accessManager.ADMIN_ROLE(), initialAdmin, 0);
63
+ IInstance instance = IInstance(instanceAddress);
64
+ IRegistry registry = instance.getRegistry();
65
+ address authority = instance.authority();
66
+
67
+ __AccessManaged_init(authority);
68
+
69
+ _accessManager = AccessManagerUpgradeableInitializeable(authority);
70
+ _registry = registry;
71
+ _idNext = CUSTOM_ROLE_ID_MIN;
43
72
 
44
- __AccessManaged_init(address(_accessManager));
73
+ _createRole(ADMIN_ROLE(), ADMIN_ROLE_NAME, IAccess.Type.Core);
74
+ _createRole(PUBLIC_ROLE(), PUBLIC_ROLE_NAME, IAccess.Type.Core);
75
+ _createRole(INSTANCE_ROLE(), INSTANCE_ROLE_NAME, IAccess.Type.Core);
76
+ _createRole(INSTANCE_OWNER_ROLE(), INSTANCE_OWNER_ROLE_NAME, IAccess.Type.Gif);
45
77
 
46
- _createRole(RoleIdLib.toRoleId(_accessManager.ADMIN_ROLE()), ADMIN_ROLE_NAME, false, false);
47
- _createRole(RoleIdLib.toRoleId(_accessManager.PUBLIC_ROLE()), PUBLIC_ROLE_NAME, false, false);
78
+ // assume `this` is already a member of ADMIN_ROLE
79
+ EnumerableSet.add(_roleMembers[ADMIN_ROLE()], address(this));
80
+
81
+ grantRole(INSTANCE_ROLE(), instanceAddress);
82
+ setRoleAdmin(INSTANCE_OWNER_ROLE(), INSTANCE_ROLE());
48
83
  }
49
84
 
50
85
  //--- Role ------------------------------------------------------//
51
- function createGifRole(RoleId roleId, string memory name) external restricted() {
52
- _createRole(roleId, name, false, true);
86
+ // ADMIN_ROLE
87
+ // assume all core roles are know at deployment time
88
+ // assume core roles are set and granted only during instance cloning
89
+ // assume core roles are never revoked -> core roles admin is never active after intialization
90
+ function createCoreRole(RoleId roleId, string memory name)
91
+ external
92
+ restricted()
93
+ {
94
+ _createRole(roleId, name, IAccess.Type.Core);
53
95
  }
54
-
55
- function createRole(RoleId roleId, string memory name) external restricted() {
56
- _createRole(roleId, name, true, true);
96
+ // ADMIN_ROLE
97
+ // assume gif roles can be revoked
98
+ // assume admin is INSTANCE_OWNER_ROLE or INSTANCE_ROLE
99
+ function createGifRole(RoleId roleId, string memory name, RoleId admin)
100
+ external
101
+ restricted()
102
+ {
103
+ _createRole(roleId, name, IAccess.Type.Gif);
104
+ setRoleAdmin(roleId, admin);
57
105
  }
58
106
 
59
- function setRoleLocked(RoleId roleId, bool locked) external restricted() {
60
- if (!roleExists(roleId)) {
61
- revert IAccess.ErrorIAccessRoleIdInvalid(roleId);
62
- }
107
+ // INSTANCE_OWNER_ROLE
108
+ function createRole(string memory roleName, string memory adminName)
109
+ external
110
+ restricted()
111
+ returns(RoleId roleId, RoleId admin)
112
+ {
113
+ (roleId, admin) = _getNextCustomRoleId();
63
114
 
64
- _role[roleId].isLocked = locked;
65
- _role[roleId].updatedAt = TimestampLib.blockTimestamp();
66
- }
115
+ _createRole(roleId, roleName, IAccess.Type.Custom);
116
+ _createRole(admin, adminName, IAccess.Type.Custom);
67
117
 
68
- function roleExists(RoleId roleId) public view returns (bool exists) {
69
- return _role[roleId].createdAt.gtz();
118
+ // TODO works without this -> why?
119
+ setRoleAdmin(roleId, admin);
120
+ setRoleAdmin(admin, INSTANCE_OWNER_ROLE());
70
121
  }
71
122
 
72
- function grantRole(RoleId roleId, address member) external restricted() returns (bool granted) {
123
+ // ADMIN_ROLE
124
+ // assume used by instance service only during instance cloning
125
+ // assume used only by this.createRole(), this.createGifRole() afterwards
126
+ function setRoleAdmin(RoleId roleId, RoleId admin)
127
+ public
128
+ restricted()
129
+ {
73
130
  if (!roleExists(roleId)) {
74
- revert IAccess.ErrorIAccessRoleIdInvalid(roleId);
131
+ revert IAccess.ErrorIAccessRoleIdDoesNotExist(roleId);
75
132
  }
76
133
 
77
- if (_role[roleId].isLocked) {
78
- revert IAccess.ErrorIAccessRoleIdNotActive(roleId);
134
+ if(_roleInfo[roleId].rtype == IAccess.Type.Core) {
135
+ revert IAccess.ErrorIAccessRoleTypeInvalid(roleId, IAccess.Type.Core);
79
136
  }
80
137
 
81
- if (!EnumerableSet.contains(_roleMembers[roleId], member)) {
82
- _accessManager.grantRole(roleId.toInt(), member, EXECUTION_DELAY);
83
- EnumerableSet.add(_roleMembers[roleId], member);
84
- return true;
85
- }
138
+ if (!roleExists(admin)) {
139
+ revert IAccess.ErrorIAccessRoleIdDoesNotExist(admin);
140
+ }
86
141
 
87
- return false;
142
+ _roleInfo[roleId].admin = admin;
88
143
  }
89
144
 
90
- function revokeRole(RoleId roleId, address member) external restricted() returns (bool revoked) {
145
+ function grantRole(RoleId roleId, address member)
146
+ public
147
+ restrictedToRoleAdmin(roleId)
148
+ returns (bool granted)
149
+ {
91
150
  if (!roleExists(roleId)) {
92
- revert IAccess.ErrorIAccessRevokeNonexstentRole(roleId);
151
+ revert IAccess.ErrorIAccessRoleIdDoesNotExist(roleId);
93
152
  }
94
153
 
95
- if (EnumerableSet.contains(_roleMembers[roleId], member)) {
96
- _accessManager.revokeRole(roleId.toInt(), member);
97
- EnumerableSet.remove(_roleMembers[roleId], member);
98
- return true;
99
- }
100
-
101
- return false;
154
+ granted = EnumerableSet.add(_roleMembers[roleId], member);
155
+ if(granted) {
156
+ _accessManager.grantRole(roleId.toInt(), member, EXECUTION_DELAY);
157
+ }
102
158
  }
103
159
 
104
- /// @dev not restricted function by intention
105
- /// the restriction to role members is already enforced by the call to the access manger
106
- function renounceRole(RoleId roleId) external returns (bool revoked) {
107
- address member = msg.sender;
160
+ function revokeRole(RoleId roleId, address member)
161
+ external
162
+ restrictedToRoleAdmin(roleId)
163
+ returns (bool)
164
+ {
165
+ return _revokeRole(roleId, member);
166
+ }
108
167
 
168
+ // INSTANCE_OWNER_ROLE
169
+ // IMPORTANT: unbounded function, revoke all or revert
170
+ // Instance owner role decides what to do in case of custom role admin bening revoked, e.g.:
171
+ // 1) revoke custom role from ALL members
172
+ // 2) revoke custom role admin from ALL members
173
+ // 3) 1) + 2)
174
+ // 4) revoke only 1 member of custom role admin
175
+ function revokeRoleAllMembers(RoleId roleId)
176
+ external
177
+ restrictedToRoleAdmin(roleId)
178
+ returns (bool revoked)
179
+ {
109
180
  if (!roleExists(roleId)) {
110
- revert IAccess.ErrorIAccessRenounceNonexstentRole(roleId);
181
+ revert IAccess.ErrorIAccessRoleIdDoesNotExist(roleId);
111
182
  }
112
183
 
113
- if (EnumerableSet.contains(_roleMembers[roleId], member)) {
114
- // cannot use accessManger.renounce as it directly checks against msg.sender
115
- _accessManager.revokeRole(roleId.toInt(), member);
184
+ uint memberCount = EnumerableSet.length(_roleMembers[roleId]);
185
+ for(uint memberIdx = 0; memberIdx < memberCount; memberIdx++)
186
+ {
187
+ address member = EnumerableSet.at(_roleMembers[roleId], memberIdx);
116
188
  EnumerableSet.remove(_roleMembers[roleId], member);
117
- return true;
189
+ _accessManager.revokeRole(roleId.toInt(), member);
190
+ }
191
+ }
192
+
193
+ /// @dev not restricted function by intention
194
+ /// the restriction to role members is already enforced by the call to the access manager
195
+ function renounceRole(RoleId roleId)
196
+ external
197
+ returns (bool)
198
+ {
199
+ IAccess.Type rtype = _roleInfo[roleId].rtype;
200
+ if(rtype == IAccess.Type.Core || rtype == IAccess.Type.Gif) {
201
+ revert IAccess.ErrorIAccessRoleTypeInvalid(roleId, rtype);
118
202
  }
119
203
 
120
- return false;
204
+ address member = msg.sender;
205
+ // cannot use accessManger.renounce as it directly checks against msg.sender
206
+ return _revokeRole(roleId, member);
121
207
  }
122
208
 
123
- function roles() external view returns (uint256 numberOfRoles) {
124
- return _roles.length;
209
+ function roleExists(RoleId roleId) public view returns (bool exists) {
210
+ return _roleInfo[roleId].createdAt.gtz();
211
+ }
212
+ // TODO returns ADMIN_ROLE id for non existent roleId
213
+ function getRoleAdmin(RoleId roleId) public view returns(RoleId admin) {
214
+ return _roleInfo[roleId].admin;
215
+ }
216
+
217
+ function getRoleInfo(RoleId roleId) external view returns (IAccess.RoleInfo memory info) {
218
+ return _roleInfo[roleId];
219
+ }
220
+
221
+ function roleMembers(RoleId roleId) public view returns (uint256 numberOfMembers) {
222
+ return EnumerableSet.length(_roleMembers[roleId]);
125
223
  }
126
224
 
127
225
  function getRoleId(uint256 idx) external view returns (RoleId roleId) {
128
- return _roles[idx];
226
+ return _roleIds[idx];
129
227
  }
130
228
 
229
+ // TODO now: for non existent name returns ADMIN_ROLE id
131
230
  function getRoleIdForName(string memory name) external view returns (RoleId roleId) {
132
- return _roleForName[ShortStrings.toShortString(name)];
231
+ return _roleIdForName[ShortStrings.toShortString(name)];
133
232
  }
134
233
 
135
- function getRole(RoleId roleId) external view returns (IAccess.RoleInfo memory role) {
136
- return _role[roleId];
234
+ function roleMember(RoleId roleId, uint256 idx) external view returns (address member) {
235
+ return EnumerableSet.at(_roleMembers[roleId], idx);
137
236
  }
138
237
 
139
238
  function hasRole(RoleId roleId, address account) external view returns (bool accountHasRole) {
140
239
  (accountHasRole, ) = _accessManager.hasRole(roleId.toInt(), account);
141
240
  }
142
241
 
143
- function roleMembers(RoleId roleId) external view returns (uint256 numberOfMembers) {
144
- return EnumerableSet.length(_roleMembers[roleId]);
145
- }
146
-
147
- function getRoleMember(RoleId roleId, uint256 idx) external view returns (address roleMember) {
148
- return EnumerableSet.at(_roleMembers[roleId], idx);
242
+ function roles() external view returns (uint256 numberOfRoles) {
243
+ return _roleIds.length;
149
244
  }
150
245
 
151
246
  //--- Target ------------------------------------------------------//
152
- function createGifTarget(address target, string memory name) external restricted() {
153
- _createTarget(target, name, false, true);
247
+ // ADMIN_ROLE
248
+ // assume some core targets are registred (instance) while others are not (instance accesss manager, instance reader, bundle manager)
249
+ function createCoreTarget(address target, string memory name) external restricted() {
250
+ _createTarget(target, name, IAccess.Type.Core);
154
251
  }
252
+ // INSTANCE_SERVICE_ROLE
253
+ // assume gif target is registered and belongs to the same instance as instance access manager
254
+ function createGifTarget(address target, string memory name) external restricted()
255
+ {
256
+ if(!_registry.isRegistered(target)) {
257
+ revert IAccess.ErrorIAccessTargetNotRegistered(target);
258
+ }
155
259
 
156
- function createTarget(address target, string memory name) external restricted() {
157
- _createTarget(target, name, true, true);
260
+ _createTarget(target, name, IAccess.Type.Gif);
261
+ }
262
+ // INSTANCE_OWNER_ROLE
263
+ // assume custom target.authority() is constant -> target MUST not be used with different instance access manager
264
+ // assume custom target can not be registered as component -> each service which is doing component registration MUST register a gif target
265
+ // assume custom target can not be registered as instance or service -> why?
266
+ // TODO check target associated with instance owner or instance or instance components or components helpers
267
+ function createTarget(address target, string memory name) external restricted()
268
+ {
269
+ _createTarget(target, name, IAccess.Type.Custom);
158
270
  }
159
271
 
160
- function setTargetLocked(string memory targetName, bool locked) external restricted() {
161
- address target = _targetForName[ShortStrings.toShortString(targetName)];
162
-
163
- if (target == address(0)) {
164
- revert IAccess.ErrorIAccessTargetDoesNotExist(ShortStrings.toShortString(targetName));
272
+ // INSTANCE_SERVICE_ROLE
273
+ // IMPORTANT: instance access manager MUST be of Core type -> otherwise will be locked forever
274
+ function setTargetLocked(address target, bool locked)
275
+ external
276
+ restricted()
277
+ {
278
+ IAccess.Type targetType = _targetInfo[target].ttype;
279
+ if(target == address(0) || targetType == IAccess.Type.NotInitialized) {
280
+ revert IAccess.ErrorIAccessTargetDoesNotExist(target);
281
+ }
282
+
283
+ if(targetType == IAccess.Type.Core) {
284
+ revert IAccess.ErrorIAccessTargetTypeInvalid(target, targetType);
165
285
  }
166
286
 
167
- _target[target].isLocked = locked;
287
+ // TODO isLocked is redundant but makes getTargetInfo() faster
288
+ _targetInfo[target].isLocked = locked;
168
289
  _accessManager.setTargetClosed(target, locked);
169
290
  }
170
291
 
171
- function targetExists(address target) public view returns (bool exists) {
172
- return _target[target].createdAt.gtz();
292
+ // allowed combinations of roles and targets:
293
+ //1) set core role for core target
294
+ //2) set gif role for gif target
295
+ //3) set custom role for gif target
296
+ //4) set custom role for custom target
297
+
298
+ // ADMIN_ROLE if used only during initialization, works with:
299
+ // any roles for any targets
300
+ // INSTANCE_SERVICE_ROLE if used not only during initilization, works with:
301
+ // core roles for core targets
302
+ // gif roles for gif targets
303
+ function setCoreTargetFunctionRole(
304
+ string memory targetName,
305
+ bytes4[] calldata selectors,
306
+ RoleId roleId
307
+ )
308
+ public
309
+ virtual
310
+ restricted()
311
+ {
312
+ ShortString nameShort = ShortStrings.toShortString(targetName);
313
+ address target = _targetAddressForName[nameShort];
314
+
315
+ // not custom target
316
+ if(_targetInfo[target].ttype == IAccess.Type.Custom) {
317
+ revert IAccess.ErrorIAccessTargetTypeInvalid(target, IAccess.Type.Custom);
318
+ }
319
+
320
+ // not custom role
321
+ if(_roleInfo[roleId].rtype == IAccess.Type.Custom) {
322
+ revert IAccess.ErrorIAccessRoleTypeInvalid(roleId, IAccess.Type.Custom);
323
+ }
324
+
325
+ _setTargetFunctionRole(target, nameShort, selectors, roleId);
173
326
  }
174
327
 
175
- //--- internal view/pure functions --------------------------------------//
328
+ // INSTANCE_OWNER_ROLE
329
+ // gif role for gif target
330
+ // gif role for custom target
331
+ // custom role for gif target
332
+ // custom role for custom target
333
+ // TODO instance owner can mess with gif target (component) -> e.g. set custom role for function intendent to work with gif role
334
+ function setTargetFunctionRole(
335
+ string memory targetName,
336
+ bytes4[] calldata selectors,
337
+ RoleId roleId
338
+ )
339
+ public
340
+ virtual
341
+ restricted()
342
+ {
343
+ ShortString nameShort = ShortStrings.toShortString(targetName);
344
+ address target = _targetAddressForName[nameShort];
176
345
 
177
- function _createRole(RoleId roleId, string memory name, bool isCustom, bool validateParameters) internal {
178
- if (validateParameters) {
179
- _validateRoleParameters(roleId, name, isCustom);
346
+ // not core target
347
+ if(_targetInfo[target].ttype == IAccess.Type.Core) {
348
+ revert IAccess.ErrorIAccessTargetTypeInvalid(target, IAccess.Type.Core);
180
349
  }
181
350
 
182
- IAccess.RoleInfo memory role = IAccess.RoleInfo(
183
- ShortStrings.toShortString(name),
184
- isCustom,
185
- false, // role un-locked,
186
- TimestampLib.blockTimestamp(),
187
- TimestampLib.blockTimestamp());
351
+ // not core role
352
+ if(_roleInfo[roleId].rtype == IAccess.Type.Core) {
353
+ revert IAccess.ErrorIAccessRoleTypeInvalid(roleId, IAccess.Type.Core);
354
+ }
355
+
356
+ _setTargetFunctionRole(target, nameShort, selectors, roleId);
357
+ }
358
+
359
+ function getTargetAddress(string memory targetName) public view returns(address targetAddress) {
360
+ ShortString nameShort = ShortStrings.toShortString(targetName);
361
+ return _targetAddressForName[nameShort];
362
+ }
363
+
364
+ function isTargetLocked(address target) public view returns (bool locked) {
365
+ return _accessManager.isTargetClosed(target);
366
+ }
188
367
 
189
- _role[roleId] = role;
190
- _roleForName[role.name] = roleId;
191
- _roles.push(roleId);
368
+ function targetExists(address target) public view returns (bool exists) {
369
+ return _targetInfo[target].createdAt.gtz();
370
+ }
371
+
372
+ function getTargetInfo(address target) public view returns (IAccess.TargetInfo memory) {
373
+ return _targetInfo[target];
192
374
  }
193
375
 
194
- function _validateRoleParameters(
195
- RoleId roleId,
196
- string memory name,
197
- bool isCustom
198
- )
376
+ //--- Role internal view/pure functions --------------------------------------//
377
+ function _createRole(RoleId roleId, string memory roleName, IAccess.Type rtype)
199
378
  internal
200
- view
201
- returns (IAccess.RoleInfo memory existingRole)
202
379
  {
203
- // check role id
204
- uint64 roleIdInt = RoleId.unwrap(roleId);
205
- if(roleIdInt == _accessManager.ADMIN_ROLE() || roleIdInt == _accessManager.PUBLIC_ROLE()) {
206
- revert IAccess.ErrorIAccessRoleIdInvalid(roleId);
380
+ ShortString name = ShortStrings.toShortString(roleName);
381
+ _validateRole(roleId, name, rtype);
382
+
383
+ if(roleExists(roleId)) {
384
+ revert IAccess.ErrorIAccessRoleIdExists(roleId);
385
+ }
386
+
387
+ if (_roleIdForName[name].gtz()) {
388
+ revert IAccess.ErrorIAccessRoleNameExists(roleId, _roleIdForName[name], name);
207
389
  }
208
390
 
209
- // prevent changing isCustom for existing roles
210
- existingRole = _role[roleId];
391
+ _roleInfo[roleId] = IAccess.RoleInfo(
392
+ name,
393
+ rtype,
394
+ ADMIN_ROLE(),
395
+ TimestampLib.blockTimestamp(),
396
+ TimestampLib.blockTimestamp()
397
+ );
398
+ _roleIdForName[name] = roleId;
399
+ _roleIds.push(roleId);
211
400
 
212
- if (existingRole.createdAt.gtz() && isCustom != existingRole.isCustom) {
213
- revert IAccess.ErrorIAccessRoleIsCustomIsImmutable(roleId, isCustom, existingRole.isCustom);
401
+ emit LogRoleCreation(roleId, name, rtype);
402
+ }
403
+
404
+ function _validateRole(RoleId roleId, ShortString name, IAccess.Type rtype)
405
+ internal
406
+ view
407
+ {
408
+ uint roleIdInt = roleId.toInt();
409
+ if(rtype == IAccess.Type.Custom && roleIdInt < CUSTOM_ROLE_ID_MIN) {
410
+ revert IAccess.ErrorIAccessRoleIdTooSmall(roleId);
214
411
  }
215
412
 
216
- if (isCustom && roleIdInt < CUSTOM_ROLE_ID_MIN) {
217
- revert IAccess.ErrorIAccessRoleIdTooSmall(roleId);
218
- } else if (!isCustom && roleIdInt >= CUSTOM_ROLE_ID_MIN) {
219
- revert IAccess.ErrorIAccessRoleIdTooBig(roleId);
413
+ if(
414
+ rtype != IAccess.Type.Custom &&
415
+ roleIdInt >= CUSTOM_ROLE_ID_MIN &&
416
+ roleIdInt != PUBLIC_ROLE().toInt())
417
+ {
418
+ revert IAccess.ErrorIAccessRoleIdTooBig(roleId);
220
419
  }
221
420
 
222
421
  // role name checks
223
- ShortString nameShort = ShortStrings.toShortString(name);
224
- if (ShortStrings.byteLength(nameShort) == 0) {
422
+ if (ShortStrings.byteLength(name) == 0) {
225
423
  revert IAccess.ErrorIAccessRoleNameEmpty(roleId);
226
424
  }
425
+ }
426
+
427
+ function _revokeRole(RoleId roleId, address member)
428
+ internal
429
+ returns(bool revoked)
430
+ {
431
+ if (!roleExists(roleId)) {
432
+ revert IAccess.ErrorIAccessRoleIdDoesNotExist(roleId);
433
+ }
227
434
 
228
- if (_roleForName[nameShort] != RoleIdLib.zero() && _roleForName[nameShort] != roleId) {
229
- revert IAccess.ErrorIAccessRoleNameNotUnique(_roleForName[nameShort], nameShort);
435
+ revoked = EnumerableSet.remove(_roleMembers[roleId], member);
436
+ if(revoked) {
437
+ _accessManager.revokeRole(roleId.toInt(), member);
230
438
  }
231
439
  }
232
440
 
233
- function _createTarget(address target, string memory name, bool isCustom, bool validateParameters) internal {
234
- if (validateParameters) {
235
- _validateTargetParameters(target, name, isCustom);
236
- }
441
+ function _getNextCustomRoleId()
442
+ internal
443
+ returns(RoleId roleId, RoleId admin)
444
+ {
445
+ uint64 roleIdInt = _idNext;
446
+ uint64 adminInt = roleIdInt + 1;
237
447
 
238
- if (_target[target].createdAt.gtz()) {
239
- revert IAccess.ErrorIAccessTargetExists(target, _target[target].name);
448
+ _idNext = roleIdInt + 2;
449
+
450
+ roleId = RoleIdLib.toRoleId(roleIdInt);
451
+ admin = RoleIdLib.toRoleId(adminInt);
452
+ }
453
+
454
+ //--- Target internal view/pure functions --------------------------------------//
455
+ function _createTarget(address target, string memory targetName, IAccess.Type ttype)
456
+ internal
457
+ {
458
+ ShortString name = ShortStrings.toShortString(targetName);
459
+ _validateTarget(target, name, ttype);
460
+
461
+ if (_targetInfo[target].createdAt.gtz()) {
462
+ revert IAccess.ErrorIAccessTargetExists(target, _targetInfo[target].name);
240
463
  }
241
- if (_targetForName[ShortStrings.toShortString(name)] != address(0)) {
242
- revert IAccess.ErrorIAccessTargetNameExists(target, _targetForName[ShortStrings.toShortString(name)], ShortStrings.toShortString(name));
464
+
465
+ if (_targetAddressForName[name] != address(0)) {
466
+ revert IAccess.ErrorIAccessTargetNameExists(
467
+ target,
468
+ _targetAddressForName[name],
469
+ name);
243
470
  }
244
471
 
245
- IAccess.TargetInfo memory info = IAccess.TargetInfo(
246
- ShortStrings.toShortString(name),
247
- isCustom,
248
- _accessManager.isTargetClosed(target), // sync with state in access manager
472
+ bool isLocked = _accessManager.isTargetClosed(target);// sync with state in access manager
473
+ _targetInfo[target] = IAccess.TargetInfo(
474
+ name,
475
+ ttype,
476
+ isLocked,
249
477
  TimestampLib.blockTimestamp(),
250
- TimestampLib.blockTimestamp());
251
-
252
- _target[target] = info;
253
- _targetForName[info.name] = target;
478
+ TimestampLib.blockTimestamp()
479
+ );
480
+ _targetAddressForName[name] = target;
254
481
  _targets.push(target);
482
+
483
+ emit LogTargetCreation(target, name, ttype, isLocked);
255
484
  }
256
485
 
257
- function _validateTargetParameters(address target, string memory name, bool isCustom) internal view {
258
- // TODO: implement
486
+ function _validateTarget(address target, ShortString name, IAccess.Type ttype)
487
+ internal
488
+ view
489
+ {
490
+ address targetAuthority = AccessManagedUpgradeable(target).authority();
491
+ if(targetAuthority != authority()) {
492
+ revert IAccess.ErrorIAccessTargetAuthorityInvalid(target, targetAuthority);
493
+ }
494
+
495
+ if (ShortStrings.byteLength(name) == 0) {
496
+ revert IAccess.ErrorIAccessTargetNameEmpty(target);
497
+ }
259
498
  }
260
499
 
261
- function setTargetFunctionRole(
262
- string memory targetName,
500
+ function _setTargetFunctionRole(
501
+ address target,
502
+ ShortString name,
263
503
  bytes4[] calldata selectors,
264
504
  RoleId roleId
265
- ) public virtual restricted() {
266
- address target = _targetForName[ShortStrings.toShortString(targetName)];
267
-
505
+ )
506
+ internal
507
+ {
268
508
  if (target == address(0)) {
269
- revert IAccess.ErrorIAccessTargetDoesNotExist(ShortStrings.toShortString(targetName));
270
- }
271
- if (! roleExists(roleId)) {
272
- revert IAccess.ErrorIAccessRoleIdInvalid(roleId);
509
+ revert IAccess.ErrorIAccessTargetDoesNotExist(target);
273
510
  }
274
- uint64 roleIdInt = RoleId.unwrap(roleId);
275
- _accessManager.setTargetFunctionRole(target, selectors, roleIdInt);
276
- }
277
511
 
278
- function setTargetClosed(string memory targetName, bool closed) public restricted() {
279
- address target = _targetForName[ShortStrings.toShortString(targetName)];
280
- if (target == address(0)) {
281
- revert IAccess.ErrorIAccessTargetDoesNotExist(ShortStrings.toShortString(targetName));
512
+ if (!roleExists(roleId)) {
513
+ revert IAccess.ErrorIAccessRoleIdDoesNotExist(roleId);
282
514
  }
283
- _accessManager.setTargetClosed(target, closed);
284
- }
285
515
 
286
- function isTargetLocked(address target) public view returns (bool locked) {
287
- return _accessManager.isTargetClosed(target);
516
+ uint64 roleIdInt = RoleId.unwrap(roleId);
517
+ _accessManager.setTargetFunctionRole(target, selectors, roleIdInt);
288
518
  }
289
519
 
290
520
  function canCall(