@etherisc/gif-next 0.0.2-e922e07-736 → 0.0.2-e9a637d-547

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (256) hide show
  1. package/README.md +0 -71
  2. package/artifacts/contracts/components/Component.sol/Component.dbg.json +1 -1
  3. package/artifacts/contracts/components/Component.sol/Component.json +68 -0
  4. package/artifacts/contracts/components/Distribution.sol/Distribution.dbg.json +1 -1
  5. package/artifacts/contracts/components/Distribution.sol/Distribution.json +68 -0
  6. package/artifacts/contracts/components/IComponent.sol/IComponent.dbg.json +1 -1
  7. package/artifacts/contracts/components/IComponent.sol/IComponent.json +158 -0
  8. package/artifacts/contracts/components/IDistributionComponent.sol/IDistributionComponent.dbg.json +1 -1
  9. package/artifacts/contracts/components/IDistributionComponent.sol/IDistributionComponent.json +158 -0
  10. package/artifacts/contracts/components/IPoolComponent.sol/IPoolComponent.dbg.json +1 -1
  11. package/artifacts/contracts/components/IPoolComponent.sol/IPoolComponent.json +184 -149
  12. package/artifacts/contracts/components/IProductComponent.sol/IProductComponent.dbg.json +1 -1
  13. package/artifacts/contracts/components/IProductComponent.sol/IProductComponent.json +158 -0
  14. package/artifacts/contracts/components/Pool.sol/Pool.dbg.json +1 -1
  15. package/artifacts/contracts/components/Pool.sol/Pool.json +114 -189
  16. package/artifacts/contracts/components/Product.sol/Product.dbg.json +1 -1
  17. package/artifacts/contracts/components/Product.sol/Product.json +68 -0
  18. package/artifacts/contracts/instance/AccessManagerUpgradeableInitializeable.sol/AccessManagerUpgradeableInitializeable.dbg.json +4 -0
  19. package/artifacts/contracts/instance/AccessManagerUpgradeableInitializeable.sol/AccessManagerUpgradeableInitializeable.json +1206 -0
  20. package/artifacts/contracts/instance/BundleManager.sol/BundleManager.dbg.json +1 -1
  21. package/artifacts/contracts/instance/BundleManager.sol/BundleManager.json +64 -50
  22. package/artifacts/contracts/instance/Cloneable.sol/Cloneable.dbg.json +1 -1
  23. package/artifacts/contracts/instance/Cloneable.sol/Cloneable.json +5 -0
  24. package/artifacts/contracts/instance/IInstance.sol/IInstance.dbg.json +1 -1
  25. package/artifacts/contracts/instance/IInstance.sol/IInstance.json +214 -2063
  26. package/artifacts/contracts/instance/IInstanceService.sol/IInstanceService.dbg.json +1 -1
  27. package/artifacts/contracts/instance/IInstanceService.sol/IInstanceService.json +196 -51
  28. package/artifacts/contracts/instance/Instance.sol/Instance.dbg.json +1 -1
  29. package/artifacts/contracts/instance/Instance.sol/Instance.json +363 -2832
  30. package/artifacts/contracts/instance/InstanceAccessManager.sol/InstanceAccessManager.dbg.json +1 -1
  31. package/artifacts/contracts/instance/InstanceAccessManager.sol/InstanceAccessManager.json +491 -127
  32. package/artifacts/contracts/instance/InstanceReader.sol/InstanceReader.dbg.json +1 -1
  33. package/artifacts/contracts/instance/InstanceReader.sol/InstanceReader.json +101 -167
  34. package/artifacts/contracts/instance/InstanceService.sol/InstanceService.dbg.json +1 -1
  35. package/artifacts/contracts/instance/InstanceService.sol/InstanceService.json +333 -171
  36. package/artifacts/contracts/instance/InstanceServiceManager.sol/InstanceServiceManager.dbg.json +1 -1
  37. package/artifacts/contracts/instance/InstanceServiceManager.sol/InstanceServiceManager.json +75 -23
  38. package/artifacts/contracts/instance/InstanceStore.sol/InstanceStore.dbg.json +4 -0
  39. package/artifacts/contracts/instance/InstanceStore.sol/InstanceStore.json +2677 -0
  40. package/artifacts/contracts/instance/ObjectManager.sol/ObjectManager.dbg.json +1 -1
  41. package/artifacts/contracts/instance/ObjectManager.sol/ObjectManager.json +8 -13
  42. package/artifacts/contracts/instance/base/ComponentService.sol/ComponentService.dbg.json +1 -1
  43. package/artifacts/contracts/instance/base/ComponentService.sol/ComponentService.json +85 -30
  44. package/artifacts/contracts/instance/base/IKeyValueStore.sol/IKeyValueStore.dbg.json +1 -1
  45. package/artifacts/contracts/instance/base/ILifecycle.sol/ILifecycle.dbg.json +1 -1
  46. package/artifacts/contracts/instance/base/KeyValueStore.sol/KeyValueStore.dbg.json +1 -1
  47. package/artifacts/contracts/instance/base/KeyValueStore.sol/KeyValueStore.json +40 -10
  48. package/artifacts/contracts/instance/base/Lifecycle.sol/Lifecycle.dbg.json +1 -1
  49. package/artifacts/contracts/instance/base/Lifecycle.sol/Lifecycle.json +36 -11
  50. package/artifacts/contracts/instance/module/IAccess.sol/IAccess.dbg.json +1 -1
  51. package/artifacts/contracts/instance/module/IAccess.sol/IAccess.json +56 -73
  52. package/artifacts/contracts/instance/module/IBundle.sol/IBundle.dbg.json +1 -1
  53. package/artifacts/contracts/instance/module/IComponents.sol/IComponents.dbg.json +4 -0
  54. package/artifacts/contracts/instance/module/IComponents.sol/IComponents.json +10 -0
  55. package/artifacts/contracts/instance/module/IDistribution.sol/IDistribution.dbg.json +1 -1
  56. package/artifacts/contracts/instance/module/IPolicy.sol/IPolicy.dbg.json +1 -1
  57. package/artifacts/contracts/instance/module/IRisk.sol/IRisk.dbg.json +1 -1
  58. package/artifacts/contracts/instance/module/ISetup.sol/ISetup.dbg.json +1 -1
  59. package/artifacts/contracts/instance/module/ITreasury.sol/ITreasury.dbg.json +1 -1
  60. package/artifacts/contracts/instance/service/ApplicationService.sol/ApplicationService.dbg.json +1 -1
  61. package/artifacts/contracts/instance/service/ApplicationService.sol/ApplicationService.json +124 -53
  62. package/artifacts/contracts/instance/service/ApplicationServiceManager.sol/ApplicationServiceManager.dbg.json +1 -1
  63. package/artifacts/contracts/instance/service/ApplicationServiceManager.sol/ApplicationServiceManager.json +21 -13
  64. package/artifacts/contracts/instance/service/BundleService.sol/BundleService.dbg.json +1 -1
  65. package/artifacts/contracts/instance/service/BundleService.sol/BundleService.json +384 -249
  66. package/artifacts/contracts/instance/service/BundleServiceManager.sol/BundleServiceManager.dbg.json +1 -1
  67. package/artifacts/contracts/instance/service/BundleServiceManager.sol/BundleServiceManager.json +74 -14
  68. package/artifacts/contracts/instance/service/ClaimService.sol/ClaimService.dbg.json +1 -1
  69. package/artifacts/contracts/instance/service/ClaimService.sol/ClaimService.json +104 -41
  70. package/artifacts/contracts/instance/service/ClaimServiceManager.sol/ClaimServiceManager.dbg.json +1 -1
  71. package/artifacts/contracts/instance/service/ClaimServiceManager.sol/ClaimServiceManager.json +11 -7
  72. package/artifacts/contracts/instance/service/DistributionService.sol/DistributionService.dbg.json +1 -1
  73. package/artifacts/contracts/instance/service/DistributionService.sol/DistributionService.json +195 -121
  74. package/artifacts/contracts/instance/service/DistributionServiceManager.sol/DistributionServiceManager.dbg.json +1 -1
  75. package/artifacts/contracts/instance/service/DistributionServiceManager.sol/DistributionServiceManager.json +51 -47
  76. package/artifacts/contracts/instance/service/IApplicationService.sol/IApplicationService.dbg.json +1 -1
  77. package/artifacts/contracts/instance/service/IApplicationService.sol/IApplicationService.json +80 -14
  78. package/artifacts/contracts/instance/service/IBundleService.sol/IBundleService.dbg.json +1 -1
  79. package/artifacts/contracts/instance/service/IBundleService.sol/IBundleService.json +212 -186
  80. package/artifacts/contracts/instance/service/IClaimService.sol/IClaimService.dbg.json +1 -1
  81. package/artifacts/contracts/instance/service/IClaimService.sol/IClaimService.json +80 -14
  82. package/artifacts/contracts/instance/service/IDistributionService.sol/IDistributionService.dbg.json +1 -1
  83. package/artifacts/contracts/instance/service/IDistributionService.sol/IDistributionService.json +101 -24
  84. package/artifacts/contracts/instance/service/IPolicyService.sol/IPolicyService.dbg.json +1 -1
  85. package/artifacts/contracts/instance/service/IPolicyService.sol/IPolicyService.json +90 -24
  86. package/artifacts/contracts/instance/service/IPoolService.sol/IPoolService.dbg.json +1 -1
  87. package/artifacts/contracts/instance/service/IPoolService.sol/IPoolService.json +511 -14
  88. package/artifacts/contracts/instance/service/IProductService.sol/IProductService.dbg.json +1 -1
  89. package/artifacts/contracts/instance/service/IProductService.sol/IProductService.json +80 -14
  90. package/artifacts/contracts/instance/service/PolicyService.sol/PolicyService.dbg.json +1 -1
  91. package/artifacts/contracts/instance/service/PolicyService.sol/PolicyService.json +136 -65
  92. package/artifacts/contracts/instance/service/PolicyServiceManager.sol/PolicyServiceManager.dbg.json +1 -1
  93. package/artifacts/contracts/instance/service/PolicyServiceManager.sol/PolicyServiceManager.json +27 -19
  94. package/artifacts/contracts/instance/service/PoolService.sol/PoolService.dbg.json +1 -1
  95. package/artifacts/contracts/instance/service/PoolService.sol/PoolService.json +561 -51
  96. package/artifacts/contracts/instance/service/PoolServiceManager.sol/PoolServiceManager.dbg.json +1 -1
  97. package/artifacts/contracts/instance/service/PoolServiceManager.sol/PoolServiceManager.json +24 -12
  98. package/artifacts/contracts/instance/service/ProductService.sol/ProductService.dbg.json +1 -1
  99. package/artifacts/contracts/instance/service/ProductService.sol/ProductService.json +114 -51
  100. package/artifacts/contracts/instance/service/ProductServiceManager.sol/ProductServiceManager.dbg.json +1 -1
  101. package/artifacts/contracts/instance/service/ProductServiceManager.sol/ProductServiceManager.json +16 -12
  102. package/artifacts/contracts/registry/ChainNft.sol/ChainNft.dbg.json +1 -1
  103. package/artifacts/contracts/registry/ChainNft.sol/ChainNft.json +15 -2
  104. package/artifacts/contracts/registry/IRegistry.sol/IRegistry.dbg.json +1 -1
  105. package/artifacts/contracts/registry/IRegistry.sol/IRegistry.json +19 -0
  106. package/artifacts/contracts/registry/IRegistryService.sol/IRegistryService.dbg.json +1 -1
  107. package/artifacts/contracts/registry/IRegistryService.sol/IRegistryService.json +0 -24
  108. package/artifacts/contracts/registry/ITransferInterceptor.sol/ITransferInterceptor.dbg.json +1 -1
  109. package/artifacts/contracts/registry/ITransferInterceptor.sol/ITransferInterceptor.json +18 -0
  110. package/artifacts/contracts/registry/Registry.sol/Registry.dbg.json +1 -1
  111. package/artifacts/contracts/registry/Registry.sol/Registry.json +31 -12
  112. package/artifacts/contracts/registry/RegistryAccessManager.sol/RegistryAccessManager.dbg.json +1 -1
  113. package/artifacts/contracts/registry/RegistryAccessManager.sol/RegistryAccessManager.json +2 -2
  114. package/artifacts/contracts/registry/RegistryService.sol/RegistryService.dbg.json +1 -1
  115. package/artifacts/contracts/registry/RegistryService.sol/RegistryService.json +17 -36
  116. package/artifacts/contracts/registry/RegistryServiceManager.sol/RegistryServiceManager.dbg.json +1 -1
  117. package/artifacts/contracts/registry/RegistryServiceManager.sol/RegistryServiceManager.json +7 -7
  118. package/artifacts/contracts/registry/ReleaseManager.sol/ReleaseManager.dbg.json +1 -1
  119. package/artifacts/contracts/registry/ReleaseManager.sol/ReleaseManager.json +23 -11
  120. package/artifacts/contracts/registry/TokenRegistry.sol/TokenRegistry.dbg.json +1 -1
  121. package/artifacts/contracts/registry/TokenRegistry.sol/TokenRegistry.json +2 -2
  122. package/artifacts/contracts/shared/ContractDeployerLib.sol/ContractDeployerLib.dbg.json +1 -1
  123. package/artifacts/contracts/shared/ERC165.sol/ERC165.dbg.json +1 -1
  124. package/artifacts/contracts/shared/INftOwnable.sol/INftOwnable.dbg.json +1 -1
  125. package/artifacts/contracts/shared/IPolicyHolder.sol/IPolicyHolder.dbg.json +1 -1
  126. package/artifacts/contracts/shared/IRegisterable.sol/IRegisterable.dbg.json +1 -1
  127. package/artifacts/contracts/shared/IRegistryLinked.sol/IRegistryLinked.dbg.json +1 -1
  128. package/artifacts/contracts/shared/IService.sol/IService.dbg.json +1 -1
  129. package/artifacts/contracts/shared/IService.sol/IService.json +80 -14
  130. package/artifacts/contracts/shared/IVersionable.sol/IVersionable.dbg.json +1 -1
  131. package/artifacts/contracts/shared/NftOwnable.sol/NftOwnable.dbg.json +1 -1
  132. package/artifacts/contracts/shared/NftOwnable.sol/NftOwnable.json +2 -2
  133. package/artifacts/contracts/shared/PolicyHolder.sol/PolicyHolder.dbg.json +1 -1
  134. package/artifacts/contracts/shared/PolicyHolder.sol/PolicyHolder.json +2 -2
  135. package/artifacts/contracts/shared/ProxyManager.sol/ProxyManager.dbg.json +1 -1
  136. package/artifacts/contracts/shared/ProxyManager.sol/ProxyManager.json +2 -2
  137. package/artifacts/contracts/shared/Registerable.sol/Registerable.dbg.json +1 -1
  138. package/artifacts/contracts/shared/Registerable.sol/Registerable.json +2 -2
  139. package/artifacts/contracts/shared/RegistryLinked.sol/RegistryLinked.dbg.json +1 -1
  140. package/artifacts/contracts/shared/RegistryLinked.sol/RegistryLinked.json +2 -2
  141. package/artifacts/contracts/shared/Service.sol/Service.dbg.json +1 -1
  142. package/artifacts/contracts/shared/Service.sol/Service.json +86 -15
  143. package/artifacts/contracts/shared/TokenHandler.sol/TokenHandler.dbg.json +1 -1
  144. package/artifacts/contracts/shared/TokenHandler.sol/TokenHandler.json +2 -2
  145. package/artifacts/contracts/shared/UpgradableProxyWithAdmin.sol/UpgradableProxyWithAdmin.dbg.json +1 -1
  146. package/artifacts/contracts/shared/UpgradableProxyWithAdmin.sol/UpgradableProxyWithAdmin.json +2 -2
  147. package/artifacts/contracts/shared/Versionable.sol/Versionable.dbg.json +1 -1
  148. package/artifacts/contracts/test/TestFee.sol/TestFee.dbg.json +1 -1
  149. package/artifacts/contracts/test/TestFee.sol/TestFee.json +2 -2
  150. package/artifacts/contracts/test/TestRegisterable.sol/TestRegisterable.dbg.json +1 -1
  151. package/artifacts/contracts/test/TestRegisterable.sol/TestRegisterable.json +2 -2
  152. package/artifacts/contracts/test/TestRoleId.sol/TestRoleId.dbg.json +1 -1
  153. package/artifacts/contracts/test/TestRoleId.sol/TestRoleId.json +6 -6
  154. package/artifacts/contracts/test/TestService.sol/TestService.dbg.json +1 -1
  155. package/artifacts/contracts/test/TestService.sol/TestService.json +101 -26
  156. package/artifacts/contracts/test/TestToken.sol/TestUsdc.dbg.json +1 -1
  157. package/artifacts/contracts/test/TestVersion.sol/TestVersion.dbg.json +1 -1
  158. package/artifacts/contracts/test/TestVersion.sol/TestVersion.json +2 -2
  159. package/artifacts/contracts/test/TestVersionable.sol/TestVersionable.dbg.json +1 -1
  160. package/artifacts/contracts/test/TestVersionable.sol/TestVersionable.json +2 -2
  161. package/artifacts/contracts/test/Usdc.sol/USDC.dbg.json +1 -1
  162. package/artifacts/contracts/types/AddressSet.sol/LibAddressSet.dbg.json +1 -1
  163. package/artifacts/contracts/types/Amount.sol/AmountLib.dbg.json +4 -0
  164. package/artifacts/contracts/types/Amount.sol/AmountLib.json +161 -0
  165. package/artifacts/contracts/types/Blocknumber.sol/BlocknumberLib.dbg.json +1 -1
  166. package/artifacts/contracts/types/Blocknumber.sol/BlocknumberLib.json +2 -2
  167. package/artifacts/contracts/types/ChainId.sol/ChainIdLib.dbg.json +1 -1
  168. package/artifacts/contracts/types/ClaimId.sol/ClaimIdLib.dbg.json +1 -1
  169. package/artifacts/contracts/types/DistributorType.sol/DistributorTypeLib.dbg.json +1 -1
  170. package/artifacts/contracts/types/DistributorType.sol/DistributorTypeLib.json +2 -2
  171. package/artifacts/contracts/types/Fee.sol/FeeLib.dbg.json +1 -1
  172. package/artifacts/contracts/types/Fee.sol/FeeLib.json +40 -9
  173. package/artifacts/contracts/types/Key32.sol/Key32Lib.dbg.json +1 -1
  174. package/artifacts/contracts/types/Key32.sol/Key32Lib.json +2 -2
  175. package/artifacts/contracts/types/NftId.sol/NftIdLib.dbg.json +1 -1
  176. package/artifacts/contracts/types/NftId.sol/NftIdLib.json +17 -4
  177. package/artifacts/contracts/types/NftIdSet.sol/LibNftIdSet.dbg.json +1 -1
  178. package/artifacts/contracts/types/NftIdSet.sol/LibNftIdSet.json +2 -2
  179. package/artifacts/contracts/types/NumberId.sol/NumberIdLib.dbg.json +1 -1
  180. package/artifacts/contracts/types/ObjectType.sol/ObjectTypeLib.dbg.json +1 -1
  181. package/artifacts/contracts/types/ObjectType.sol/ObjectTypeLib.json +2 -2
  182. package/artifacts/contracts/types/PayoutId.sol/PayoutIdLib.dbg.json +1 -1
  183. package/artifacts/contracts/types/Referral.sol/ReferralLib.dbg.json +1 -1
  184. package/artifacts/contracts/types/Referral.sol/ReferralLib.json +2 -2
  185. package/artifacts/contracts/types/RiskId.sol/RiskIdLib.dbg.json +1 -1
  186. package/artifacts/contracts/types/RiskId.sol/RiskIdLib.json +2 -2
  187. package/artifacts/contracts/types/RoleId.sol/RoleIdLib.dbg.json +1 -1
  188. package/artifacts/contracts/types/RoleId.sol/RoleIdLib.json +2 -2
  189. package/artifacts/contracts/types/Seconds.sol/SecondsLib.dbg.json +1 -1
  190. package/artifacts/contracts/types/StateId.sol/StateIdLib.dbg.json +1 -1
  191. package/artifacts/contracts/types/StateId.sol/StateIdLib.json +2 -2
  192. package/artifacts/contracts/types/Timestamp.sol/TimestampLib.dbg.json +1 -1
  193. package/artifacts/contracts/types/Timestamp.sol/TimestampLib.json +2 -2
  194. package/artifacts/contracts/types/UFixed.sol/MathLib.dbg.json +1 -1
  195. package/artifacts/contracts/types/UFixed.sol/MathLib.json +2 -2
  196. package/artifacts/contracts/types/UFixed.sol/UFixedLib.dbg.json +1 -1
  197. package/artifacts/contracts/types/UFixed.sol/UFixedLib.json +2 -2
  198. package/artifacts/contracts/types/Version.sol/VersionLib.dbg.json +1 -1
  199. package/artifacts/contracts/types/Version.sol/VersionLib.json +2 -2
  200. package/artifacts/contracts/types/Version.sol/VersionPartLib.dbg.json +1 -1
  201. package/artifacts/contracts/types/Version.sol/VersionPartLib.json +2 -2
  202. package/contracts/components/Component.sol +42 -10
  203. package/contracts/components/IComponent.sol +9 -1
  204. package/contracts/components/IPoolComponent.sol +5 -43
  205. package/contracts/components/Pool.sol +47 -122
  206. package/contracts/components/Product.sol +4 -0
  207. package/contracts/instance/AccessManagerUpgradeableInitializeable.sol +13 -0
  208. package/contracts/instance/BundleManager.sol +6 -4
  209. package/contracts/instance/Cloneable.sol +7 -2
  210. package/contracts/instance/IInstance.sol +23 -55
  211. package/contracts/instance/IInstanceService.sol +31 -6
  212. package/contracts/instance/Instance.sol +90 -182
  213. package/contracts/instance/InstanceAccessManager.sol +402 -159
  214. package/contracts/instance/InstanceReader.sol +12 -12
  215. package/contracts/instance/InstanceService.sol +287 -246
  216. package/contracts/instance/InstanceStore.sol +219 -0
  217. package/contracts/instance/ObjectManager.sol +6 -8
  218. package/contracts/instance/base/ComponentService.sol +17 -30
  219. package/contracts/instance/base/KeyValueStore.sol +13 -5
  220. package/contracts/instance/base/Lifecycle.sol +11 -2
  221. package/contracts/instance/module/IAccess.sol +21 -14
  222. package/contracts/instance/module/IBundle.sol +6 -4
  223. package/contracts/instance/module/IComponents.sol +41 -0
  224. package/contracts/instance/module/ISetup.sol +3 -16
  225. package/contracts/instance/service/ApplicationService.sol +18 -16
  226. package/contracts/instance/service/BundleService.sol +213 -81
  227. package/contracts/instance/service/ClaimService.sol +3 -3
  228. package/contracts/instance/service/DistributionService.sol +57 -70
  229. package/contracts/instance/service/IBundleService.sol +63 -25
  230. package/contracts/instance/service/IDistributionService.sol +1 -0
  231. package/contracts/instance/service/IPoolService.sol +82 -3
  232. package/contracts/instance/service/PolicyService.sol +68 -100
  233. package/contracts/instance/service/PoolService.sol +214 -20
  234. package/contracts/instance/service/ProductService.sol +34 -58
  235. package/contracts/registry/ChainNft.sol +8 -0
  236. package/contracts/registry/IRegistry.sol +2 -0
  237. package/contracts/registry/IRegistryService.sol +4 -3
  238. package/contracts/registry/ITransferInterceptor.sol +1 -0
  239. package/contracts/registry/Registry.sol +23 -20
  240. package/contracts/registry/RegistryService.sol +10 -11
  241. package/contracts/registry/ReleaseManager.sol +20 -18
  242. package/contracts/shared/IService.sol +4 -6
  243. package/contracts/shared/Service.sol +21 -7
  244. package/contracts/shared/TokenHandler.sol +11 -5
  245. package/contracts/test/TestService.sol +1 -1
  246. package/contracts/types/Amount.sol +60 -0
  247. package/contracts/types/Blocknumber.sol +1 -0
  248. package/contracts/types/Fee.sol +13 -5
  249. package/contracts/types/NftId.sol +8 -0
  250. package/contracts/types/ObjectType.sol +1 -0
  251. package/contracts/types/RoleId.sol +6 -4
  252. package/contracts/types/StateId.sol +1 -0
  253. package/contracts/types/Timestamp.sol +1 -0
  254. package/contracts/types/UFixed.sol +1 -0
  255. package/contracts/types/Version.sol +1 -0
  256. package/package.json +1 -1
@@ -1,290 +1,533 @@
1
1
  // SPDX-License-Identifier: Apache-2.0
2
2
  pragma solidity ^0.8.20;
3
3
 
4
- import {AccessManager} from "@openzeppelin/contracts/access/manager/AccessManager.sol";
5
4
  import {AccessManagedUpgradeable} from "@openzeppelin/contracts-upgradeable/access/manager/AccessManagedUpgradeable.sol";
6
5
  import {EnumerableSet} from "@openzeppelin/contracts/utils/structs/EnumerableSet.sol";
7
6
  import {ShortString, ShortStrings} from "@openzeppelin/contracts/utils/ShortStrings.sol";
8
7
 
9
- import {RoleId, RoleIdLib } from "../types/RoleId.sol";
8
+ import {RoleId, RoleIdLib, ADMIN_ROLE, PUBLIC_ROLE, INSTANCE_SERVICE_ROLE, INSTANCE_OWNER_ROLE, INSTANCE_ROLE} from "../types/RoleId.sol";
10
9
  import {TimestampLib} from "../types/Timestamp.sol";
10
+ import {NftId} from "../types/NftId.sol";
11
+
12
+ import {AccessManagerUpgradeableInitializeable} from "./AccessManagerUpgradeableInitializeable.sol";
13
+
14
+ import {IRegistry} from "../registry/IRegistry.sol";
15
+
16
+ import {IInstance} from "./IInstance.sol";
11
17
  import {IAccess} from "./module/IAccess.sol";
12
18
 
13
19
  contract InstanceAccessManager is
14
20
  AccessManagedUpgradeable
15
21
  {
22
+ event LogRoleCreation(RoleId roleId, ShortString name, IAccess.Type rtype);
23
+ event LogTargetCreation(address target, ShortString name, IAccess.Type ttype, bool isLocked);
24
+
16
25
  using RoleIdLib for RoleId;
17
26
 
18
27
  string public constant ADMIN_ROLE_NAME = "AdminRole";
19
28
  string public constant PUBLIC_ROLE_NAME = "PublicRole";
29
+ string public constant INSTANCE_ROLE_NAME = "InstanceRole";
30
+ string public constant INSTANCE_OWNER_ROLE_NAME = "InstanceOwnerRole";
20
31
 
21
- uint64 public constant CUSTOM_ROLE_ID_MIN = 10000;
32
+ uint64 public constant CUSTOM_ROLE_ID_MIN = 10000; // MUST be even
22
33
  uint32 public constant EXECUTION_DELAY = 0;
23
34
 
24
35
  // role specific state
25
- mapping(RoleId roleId => IAccess.RoleInfo info) internal _role;
36
+ mapping(RoleId roleId => IAccess.RoleInfo info) internal _roleInfo;
26
37
  mapping(RoleId roleId => EnumerableSet.AddressSet roleMembers) internal _roleMembers;
27
- mapping(ShortString name => RoleId roleId) internal _roleForName;
28
- RoleId [] internal _roles;
38
+ mapping(ShortString name => RoleId roleId) internal _roleIdForName;
39
+ RoleId [] internal _roleIds;
40
+ uint64 _idNext;
29
41
 
30
42
  // target specific state
31
- mapping(address target => IAccess.TargetInfo info) internal _target;
32
- mapping(ShortString name => address target) internal _targetForName;
43
+ mapping(address target => IAccess.TargetInfo info) internal _targetInfo;
44
+ mapping(ShortString name => address target) internal _targetAddressForName;
33
45
  address [] internal _targets;
34
46
 
35
- AccessManager internal _accessManager;
47
+ AccessManagerUpgradeableInitializeable internal _accessManager;
48
+ IRegistry internal _registry;
49
+
50
+ modifier restrictedToRoleAdmin(RoleId roleId) {
51
+ RoleId admin = getRoleAdmin(roleId);
52
+ (bool inRole, uint32 executionDelay) = _accessManager.hasRole(admin.toInt(), _msgSender());
53
+ assert(executionDelay == 0); // to be sure no delayed execution functionality is used
54
+ if (!inRole) {
55
+ revert IAccess.ErrorIAccessCallerIsNotRoleAdmin(_msgSender(), roleId);
56
+ }
57
+ _;
58
+ }
36
59
 
37
- function initialize(address initialAdmin) external initializer
60
+ // instance owner is granted upon instance nft minting in callback function
61
+ function initialize(address instanceAddress) external initializer
38
62
  {
39
- // if size of the contract gets too large, this can be externalized which will reduce the contract size considerably
40
- _accessManager = new AccessManager(address(this));
41
- // this service required admin rights to access manager to be able to grant/revoke roles
42
- _accessManager.grantRole(_accessManager.ADMIN_ROLE(), initialAdmin, 0);
63
+ IInstance instance = IInstance(instanceAddress);
64
+ IRegistry registry = instance.getRegistry();
65
+ address authority = instance.authority();
66
+
67
+ __AccessManaged_init(authority);
68
+
69
+ _accessManager = AccessManagerUpgradeableInitializeable(authority);
70
+ _registry = registry;
71
+ _idNext = CUSTOM_ROLE_ID_MIN;
72
+
73
+ _createRole(ADMIN_ROLE(), ADMIN_ROLE_NAME, IAccess.Type.Core);
74
+ _createRole(PUBLIC_ROLE(), PUBLIC_ROLE_NAME, IAccess.Type.Core);
75
+ _createRole(INSTANCE_ROLE(), INSTANCE_ROLE_NAME, IAccess.Type.Core);
76
+ _createRole(INSTANCE_OWNER_ROLE(), INSTANCE_OWNER_ROLE_NAME, IAccess.Type.Gif);// TODO should be of core type
43
77
 
44
- __AccessManaged_init(address(_accessManager));
78
+ // assume `this` is already a member of ADMIN_ROLE
79
+ EnumerableSet.add(_roleMembers[ADMIN_ROLE()], address(this));
45
80
 
46
- _createRole(RoleIdLib.toRoleId(_accessManager.ADMIN_ROLE()), ADMIN_ROLE_NAME, false, false);
47
- _createRole(RoleIdLib.toRoleId(_accessManager.PUBLIC_ROLE()), PUBLIC_ROLE_NAME, false, false);
81
+ grantRole(INSTANCE_ROLE(), instanceAddress);
82
+ setRoleAdmin(INSTANCE_OWNER_ROLE(), INSTANCE_ROLE());
48
83
  }
49
84
 
50
85
  //--- Role ------------------------------------------------------//
51
- function createGifRole(RoleId roleId, string memory name) external restricted() {
52
- _createRole(roleId, name, false, true);
86
+ // ADMIN_ROLE
87
+ // assume all core roles are know at deployment time
88
+ // assume core roles are set and granted only during instance cloning
89
+ // assume core roles are never revoked -> core roles admin is never active after intialization
90
+ function createCoreRole(RoleId roleId, string memory name)
91
+ external
92
+ restricted()
93
+ {
94
+ _createRole(roleId, name, IAccess.Type.Core);
53
95
  }
54
-
55
- function createRole(RoleId roleId, string memory name) external restricted() {
56
- _createRole(roleId, name, true, true);
96
+ // ADMIN_ROLE
97
+ // assume gif roles can be revoked
98
+ // assume admin is INSTANCE_OWNER_ROLE or INSTANCE_ROLE
99
+ function createGifRole(RoleId roleId, string memory name, RoleId admin)
100
+ external
101
+ restricted()
102
+ {
103
+ _createRole(roleId, name, IAccess.Type.Gif);
104
+ setRoleAdmin(roleId, admin);
57
105
  }
58
106
 
59
- function setRoleLocked(RoleId roleId, bool locked) external restricted() {
60
- if (!roleExists(roleId)) {
61
- revert IAccess.ErrorIAccessRoleIdInvalid(roleId);
62
- }
107
+ // INSTANCE_OWNER_ROLE
108
+ function createRole(string memory roleName, string memory adminName)
109
+ external
110
+ restricted()
111
+ returns(RoleId roleId, RoleId admin)
112
+ {
113
+ (roleId, admin) = _getNextCustomRoleId();
63
114
 
64
- _role[roleId].isLocked = locked;
65
- _role[roleId].updatedAt = TimestampLib.blockTimestamp();
66
- }
115
+ _createRole(roleId, roleName, IAccess.Type.Custom);
116
+ _createRole(admin, adminName, IAccess.Type.Custom);
67
117
 
68
- function roleExists(RoleId roleId) public view returns (bool exists) {
69
- return _role[roleId].createdAt.gtz();
118
+ // TODO works without this -> why?
119
+ setRoleAdmin(roleId, admin);
120
+ setRoleAdmin(admin, INSTANCE_OWNER_ROLE());
70
121
  }
71
122
 
72
- function grantRole(RoleId roleId, address member) external restricted() returns (bool granted) {
123
+ // ADMIN_ROLE
124
+ // assume used by instance service only during instance cloning
125
+ // assume used only by this.createRole(), this.createGifRole() afterwards
126
+ function setRoleAdmin(RoleId roleId, RoleId admin)
127
+ public
128
+ restricted()
129
+ {
73
130
  if (!roleExists(roleId)) {
74
- revert IAccess.ErrorIAccessRoleIdInvalid(roleId);
131
+ revert IAccess.ErrorIAccessRoleIdDoesNotExist(roleId);
75
132
  }
76
133
 
77
- if (_role[roleId].isLocked) {
78
- revert IAccess.ErrorIAccessRoleIdNotActive(roleId);
134
+ if(_roleInfo[roleId].rtype == IAccess.Type.Core) {
135
+ revert IAccess.ErrorIAccessRoleTypeInvalid(roleId, IAccess.Type.Core);
79
136
  }
80
137
 
81
- if (!EnumerableSet.contains(_roleMembers[roleId], member)) {
82
- _accessManager.grantRole(roleId.toInt(), member, EXECUTION_DELAY);
83
- EnumerableSet.add(_roleMembers[roleId], member);
84
- return true;
85
- }
138
+ if (!roleExists(admin)) {
139
+ revert IAccess.ErrorIAccessRoleIdDoesNotExist(admin);
140
+ }
86
141
 
87
- return false;
142
+ _roleInfo[roleId].admin = admin;
88
143
  }
89
144
 
90
- function revokeRole(RoleId roleId, address member) external restricted() returns (bool revoked) {
145
+ // TODO core role can be granted only to 1 member
146
+ function grantRole(RoleId roleId, address member)
147
+ public
148
+ restrictedToRoleAdmin(roleId)
149
+ returns (bool granted)
150
+ {
91
151
  if (!roleExists(roleId)) {
92
- revert IAccess.ErrorIAccessRevokeNonexstentRole(roleId);
152
+ revert IAccess.ErrorIAccessRoleIdDoesNotExist(roleId);
93
153
  }
94
154
 
95
- if (EnumerableSet.contains(_roleMembers[roleId], member)) {
96
- _accessManager.revokeRole(roleId.toInt(), member);
97
- EnumerableSet.remove(_roleMembers[roleId], member);
98
- return true;
99
- }
100
-
101
- return false;
155
+ granted = EnumerableSet.add(_roleMembers[roleId], member);
156
+ if(granted) {
157
+ _accessManager.grantRole(roleId.toInt(), member, EXECUTION_DELAY);
158
+ }
102
159
  }
103
160
 
104
- /// @dev not restricted function by intention
105
- /// the restriction to role members is already enforced by the call to the access manger
106
- function renounceRole(RoleId roleId) external returns (bool revoked) {
107
- address member = msg.sender;
161
+ function revokeRole(RoleId roleId, address member)
162
+ external
163
+ restrictedToRoleAdmin(roleId)
164
+ returns (bool)
165
+ {
166
+ return _revokeRole(roleId, member);
167
+ }
108
168
 
169
+ // INSTANCE_OWNER_ROLE
170
+ // IMPORTANT: unbounded function, revoke all or revert
171
+ // Instance owner role decides what to do in case of custom role admin bening revoked, e.g.:
172
+ // 1) revoke custom role from ALL members
173
+ // 2) revoke custom role admin from ALL members
174
+ // 3) 1) + 2)
175
+ // 4) revoke only 1 member of custom role admin
176
+ function revokeRoleAllMembers(RoleId roleId)
177
+ external
178
+ restrictedToRoleAdmin(roleId)
179
+ returns (bool revoked)
180
+ {
109
181
  if (!roleExists(roleId)) {
110
- revert IAccess.ErrorIAccessRenounceNonexstentRole(roleId);
182
+ revert IAccess.ErrorIAccessRoleIdDoesNotExist(roleId);
111
183
  }
112
184
 
113
- if (EnumerableSet.contains(_roleMembers[roleId], member)) {
114
- // cannot use accessManger.renounce as it directly checks against msg.sender
115
- _accessManager.revokeRole(roleId.toInt(), member);
185
+ uint memberCount = EnumerableSet.length(_roleMembers[roleId]);
186
+ for(uint memberIdx = 0; memberIdx < memberCount; memberIdx++)
187
+ {
188
+ address member = EnumerableSet.at(_roleMembers[roleId], memberIdx);
116
189
  EnumerableSet.remove(_roleMembers[roleId], member);
117
- return true;
190
+ _accessManager.revokeRole(roleId.toInt(), member);
191
+ }
192
+ }
193
+
194
+ /// @dev not restricted function by intention
195
+ /// the restriction to role members is already enforced by the call to the access manager
196
+ function renounceRole(RoleId roleId)
197
+ external
198
+ returns (bool)
199
+ {
200
+ IAccess.Type rtype = _roleInfo[roleId].rtype;
201
+ if(rtype == IAccess.Type.Core || rtype == IAccess.Type.Gif) {
202
+ revert IAccess.ErrorIAccessRoleTypeInvalid(roleId, rtype);
118
203
  }
119
204
 
120
- return false;
205
+ address member = msg.sender;
206
+ // cannot use accessManger.renounce as it directly checks against msg.sender
207
+ return _revokeRole(roleId, member);
121
208
  }
122
209
 
123
- function roles() external view returns (uint256 numberOfRoles) {
124
- return _roles.length;
210
+ function roleExists(RoleId roleId) public view returns (bool exists) {
211
+ return _roleInfo[roleId].createdAt.gtz();
212
+ }
213
+ // TODO returns ADMIN_ROLE id for non existent roleId
214
+ function getRoleAdmin(RoleId roleId) public view returns(RoleId admin) {
215
+ return _roleInfo[roleId].admin;
216
+ }
217
+
218
+ function getRoleInfo(RoleId roleId) external view returns (IAccess.RoleInfo memory info) {
219
+ return _roleInfo[roleId];
220
+ }
221
+
222
+ function roleMembers(RoleId roleId) public view returns (uint256 numberOfMembers) {
223
+ return EnumerableSet.length(_roleMembers[roleId]);
125
224
  }
126
225
 
127
226
  function getRoleId(uint256 idx) external view returns (RoleId roleId) {
128
- return _roles[idx];
227
+ return _roleIds[idx];
129
228
  }
130
229
 
230
+ // TODO returns ADMIN_ROLE id for non existent name
131
231
  function getRoleIdForName(string memory name) external view returns (RoleId roleId) {
132
- return _roleForName[ShortStrings.toShortString(name)];
232
+ return _roleIdForName[ShortStrings.toShortString(name)];
133
233
  }
134
234
 
135
- function getRole(RoleId roleId) external view returns (IAccess.RoleInfo memory role) {
136
- return _role[roleId];
235
+ function roleMember(RoleId roleId, uint256 idx) external view returns (address member) {
236
+ return EnumerableSet.at(_roleMembers[roleId], idx);
137
237
  }
138
238
 
139
239
  function hasRole(RoleId roleId, address account) external view returns (bool accountHasRole) {
140
240
  (accountHasRole, ) = _accessManager.hasRole(roleId.toInt(), account);
141
241
  }
142
242
 
143
- function roleMembers(RoleId roleId) external view returns (uint256 numberOfMembers) {
144
- return EnumerableSet.length(_roleMembers[roleId]);
243
+ function roles() external view returns (uint256 numberOfRoles) {
244
+ return _roleIds.length;
145
245
  }
146
246
 
147
- function getRoleMember(RoleId roleId, uint256 idx) external view returns (address roleMember) {
148
- return EnumerableSet.at(_roleMembers[roleId], idx);
247
+ //--- Target ------------------------------------------------------//
248
+ // ADMIN_ROLE
249
+ // assume some core targets are registred (instance) while others are not (instance accesss manager, instance reader, bundle manager)
250
+ function createCoreTarget(address target, string memory name) external restricted() {
251
+ _createTarget(target, name, IAccess.Type.Core);
149
252
  }
253
+ // INSTANCE_SERVICE_ROLE
254
+ // TODO check for instance mismatch?
255
+ function createGifTarget(address target, string memory name) external restricted()
256
+ {
257
+ if(!_registry.isRegistered(target)) {
258
+ revert IAccess.ErrorIAccessTargetNotRegistered(target);
259
+ }
150
260
 
151
- //--- Target ------------------------------------------------------//
152
- function createGifTarget(address target, string memory name) external restricted() {
153
- _createTarget(target, name, false, true);
261
+ _createTarget(target, name, IAccess.Type.Gif);
262
+ }
263
+ // INSTANCE_OWNER_ROLE
264
+ // assume custom target.authority() is constant -> target MUST not be used with different instance access manager
265
+ // assume custom target can not be registered as component -> each service which is doing component registration MUST register a gif target
266
+ // assume custom target can not be registered as instance or service -> why?
267
+ // TODO check target associated with instance owner or instance or instance components or components helpers
268
+ function createTarget(address target, string memory name) external restricted()
269
+ {
270
+ _createTarget(target, name, IAccess.Type.Custom);
154
271
  }
155
272
 
156
- function createTarget(address target, string memory name) external restricted() {
157
- _createTarget(target, name, true, true);
273
+ // TODO instance owner locks component instead of revoking it access to the instance...
274
+ function setTargetLockedByService(address target, bool locked)
275
+ external
276
+ restricted // INSTANCE_SERVICE_ROLE
277
+ {
278
+ _setTargetLocked(target, locked);
158
279
  }
159
280
 
160
- function setTargetLocked(string memory targetName, bool locked) external restricted() {
161
- address target = _targetForName[ShortStrings.toShortString(targetName)];
162
-
163
- if (target == address(0)) {
164
- revert IAccess.ErrorIAccessTargetDoesNotExist(ShortStrings.toShortString(targetName));
281
+ function setTargetLockedByInstance(address target, bool locked)
282
+ external
283
+ restricted // INSTANCE_ROLE
284
+ {
285
+ _setTargetLocked(target, locked);
286
+ }
287
+
288
+
289
+ // allowed combinations of roles and targets:
290
+ //1) set core role for core target
291
+ //2) set gif role for gif target
292
+ //3) set custom role for gif target
293
+ //4) set custom role for custom target
294
+
295
+ // ADMIN_ROLE if used only during initialization, works with:
296
+ // any roles for any targets
297
+ // INSTANCE_SERVICE_ROLE if used not only during initilization, works with:
298
+ // core roles for core targets
299
+ // gif roles for gif targets
300
+ function setCoreTargetFunctionRole(
301
+ string memory targetName,
302
+ bytes4[] calldata selectors,
303
+ RoleId roleId
304
+ )
305
+ public
306
+ virtual
307
+ restricted()
308
+ {
309
+ ShortString nameShort = ShortStrings.toShortString(targetName);
310
+ address target = _targetAddressForName[nameShort];
311
+
312
+ // not custom target
313
+ if(_targetInfo[target].ttype == IAccess.Type.Custom) {
314
+ revert IAccess.ErrorIAccessTargetTypeInvalid(target, IAccess.Type.Custom);
165
315
  }
166
316
 
167
- _target[target].isLocked = locked;
168
- _accessManager.setTargetClosed(target, locked);
169
- }
317
+ // not custom role
318
+ if(_roleInfo[roleId].rtype == IAccess.Type.Custom) {
319
+ revert IAccess.ErrorIAccessRoleTypeInvalid(roleId, IAccess.Type.Custom);
320
+ }
170
321
 
171
- function targetExists(address target) public view returns (bool exists) {
172
- return _target[target].createdAt.gtz();
322
+ _setTargetFunctionRole(target, nameShort, selectors, roleId);
173
323
  }
174
324
 
175
- //--- internal view/pure functions --------------------------------------//
325
+ // INSTANCE_OWNER_ROLE
326
+ // gif role for gif target
327
+ // gif role for custom target
328
+ // custom role for gif target
329
+ // custom role for custom target
330
+ // TODO instance owner can mess with gif target (component) -> e.g. set custom role for function intendent to work with gif role
331
+ function setTargetFunctionRole(
332
+ string memory targetName,
333
+ bytes4[] calldata selectors,
334
+ RoleId roleId
335
+ )
336
+ public
337
+ virtual
338
+ restricted()
339
+ {
340
+ ShortString nameShort = ShortStrings.toShortString(targetName);
341
+ address target = _targetAddressForName[nameShort];
176
342
 
177
- function _createRole(RoleId roleId, string memory name, bool isCustom, bool validateParameters) internal {
178
- if (validateParameters) {
179
- _validateRoleParameters(roleId, name, isCustom);
343
+ // not core target
344
+ if(_targetInfo[target].ttype == IAccess.Type.Core) {
345
+ revert IAccess.ErrorIAccessTargetTypeInvalid(target, IAccess.Type.Core);
180
346
  }
181
347
 
182
- IAccess.RoleInfo memory role = IAccess.RoleInfo(
183
- ShortStrings.toShortString(name),
184
- isCustom,
185
- false, // role un-locked,
186
- TimestampLib.blockTimestamp(),
187
- TimestampLib.blockTimestamp());
348
+ // not core role
349
+ if(_roleInfo[roleId].rtype == IAccess.Type.Core) {
350
+ revert IAccess.ErrorIAccessRoleTypeInvalid(roleId, IAccess.Type.Core);
351
+ }
352
+
353
+ _setTargetFunctionRole(target, nameShort, selectors, roleId);
354
+ }
188
355
 
189
- _role[roleId] = role;
190
- _roleForName[role.name] = roleId;
191
- _roles.push(roleId);
356
+ function getTargetAddress(string memory targetName) public view returns(address targetAddress) {
357
+ ShortString nameShort = ShortStrings.toShortString(targetName);
358
+ return _targetAddressForName[nameShort];
192
359
  }
193
360
 
194
- function _validateRoleParameters(
195
- RoleId roleId,
196
- string memory name,
197
- bool isCustom
198
- )
361
+ function isTargetLocked(address target) public view returns (bool locked) {
362
+ return _targetInfo[target].isLocked;
363
+ }
364
+
365
+ function targetExists(address target) public view returns (bool exists) {
366
+ return _targetInfo[target].createdAt.gtz();
367
+ }
368
+
369
+ function getTargetInfo(address target) public view returns (IAccess.TargetInfo memory) {
370
+ return _targetInfo[target];
371
+ }
372
+
373
+ //--- Role internal view/pure functions --------------------------------------//
374
+ function _createRole(RoleId roleId, string memory roleName, IAccess.Type rtype)
199
375
  internal
200
- view
201
- returns (IAccess.RoleInfo memory existingRole)
202
376
  {
203
- // check role id
204
- uint64 roleIdInt = RoleId.unwrap(roleId);
205
- if(roleIdInt == _accessManager.ADMIN_ROLE() || roleIdInt == _accessManager.PUBLIC_ROLE()) {
206
- revert IAccess.ErrorIAccessRoleIdInvalid(roleId);
377
+ ShortString name = ShortStrings.toShortString(roleName);
378
+ _validateRole(roleId, name, rtype);
379
+
380
+ if(roleExists(roleId)) {
381
+ revert IAccess.ErrorIAccessRoleIdExists(roleId);
207
382
  }
208
383
 
209
- // prevent changing isCustom for existing roles
210
- existingRole = _role[roleId];
384
+ if (_roleIdForName[name].gtz()) {
385
+ revert IAccess.ErrorIAccessRoleNameExists(roleId, _roleIdForName[name], name);
386
+ }
387
+
388
+ _roleInfo[roleId] = IAccess.RoleInfo(
389
+ name,
390
+ rtype,
391
+ ADMIN_ROLE(),
392
+ TimestampLib.blockTimestamp(),
393
+ TimestampLib.blockTimestamp()
394
+ );
395
+ _roleIdForName[name] = roleId;
396
+ _roleIds.push(roleId);
211
397
 
212
- if (existingRole.createdAt.gtz() && isCustom != existingRole.isCustom) {
213
- revert IAccess.ErrorIAccessRoleIsCustomIsImmutable(roleId, isCustom, existingRole.isCustom);
398
+ emit LogRoleCreation(roleId, name, rtype);
399
+ }
400
+
401
+ function _validateRole(RoleId roleId, ShortString name, IAccess.Type rtype)
402
+ internal
403
+ view
404
+ {
405
+ uint roleIdInt = roleId.toInt();
406
+ if(rtype == IAccess.Type.Custom && roleIdInt < CUSTOM_ROLE_ID_MIN) {
407
+ revert IAccess.ErrorIAccessRoleIdTooSmall(roleId);
214
408
  }
215
409
 
216
- if (isCustom && roleIdInt < CUSTOM_ROLE_ID_MIN) {
217
- revert IAccess.ErrorIAccessRoleIdTooSmall(roleId);
218
- } else if (!isCustom && roleIdInt >= CUSTOM_ROLE_ID_MIN) {
219
- revert IAccess.ErrorIAccessRoleIdTooBig(roleId);
410
+ if(
411
+ rtype != IAccess.Type.Custom &&
412
+ roleIdInt >= CUSTOM_ROLE_ID_MIN &&
413
+ roleIdInt != PUBLIC_ROLE().toInt())
414
+ {
415
+ revert IAccess.ErrorIAccessRoleIdTooBig(roleId);
220
416
  }
221
417
 
222
418
  // role name checks
223
- ShortString nameShort = ShortStrings.toShortString(name);
224
- if (ShortStrings.byteLength(nameShort) == 0) {
419
+ if (ShortStrings.byteLength(name) == 0) {
225
420
  revert IAccess.ErrorIAccessRoleNameEmpty(roleId);
226
421
  }
422
+ }
227
423
 
228
- if (_roleForName[nameShort] != RoleIdLib.zero() && _roleForName[nameShort] != roleId) {
229
- revert IAccess.ErrorIAccessRoleNameNotUnique(_roleForName[nameShort], nameShort);
424
+ function _revokeRole(RoleId roleId, address member)
425
+ internal
426
+ returns(bool revoked)
427
+ {
428
+ if (!roleExists(roleId)) {
429
+ revert IAccess.ErrorIAccessRoleIdDoesNotExist(roleId);
230
430
  }
231
- }
232
431
 
233
- function _createTarget(address target, string memory name, bool isCustom, bool validateParameters) internal {
234
- if (validateParameters) {
235
- _validateTargetParameters(target, name, isCustom);
432
+ revoked = EnumerableSet.remove(_roleMembers[roleId], member);
433
+ if(revoked) {
434
+ _accessManager.revokeRole(roleId.toInt(), member);
236
435
  }
436
+ }
437
+
438
+ function _getNextCustomRoleId()
439
+ internal
440
+ returns(RoleId roleId, RoleId admin)
441
+ {
442
+ uint64 roleIdInt = _idNext;
443
+ uint64 adminInt = roleIdInt + 1;
237
444
 
238
- if (_target[target].createdAt.gtz()) {
239
- revert IAccess.ErrorIAccessTargetExists(target, _target[target].name);
445
+ _idNext = roleIdInt + 2;
446
+
447
+ roleId = RoleIdLib.toRoleId(roleIdInt);
448
+ admin = RoleIdLib.toRoleId(adminInt);
449
+ }
450
+
451
+ //--- Target internal view/pure functions --------------------------------------//
452
+ function _createTarget(address target, string memory targetName, IAccess.Type ttype)
453
+ internal
454
+ {
455
+ ShortString name = ShortStrings.toShortString(targetName);
456
+ _validateTarget(target, name, ttype);
457
+
458
+ if (_targetInfo[target].createdAt.gtz()) {
459
+ revert IAccess.ErrorIAccessTargetExists(target, _targetInfo[target].name);
240
460
  }
241
- if (_targetForName[ShortStrings.toShortString(name)] != address(0)) {
242
- revert IAccess.ErrorIAccessTargetNameExists(target, _targetForName[ShortStrings.toShortString(name)], ShortStrings.toShortString(name));
461
+
462
+ if (_targetAddressForName[name] != address(0)) {
463
+ revert IAccess.ErrorIAccessTargetNameExists(
464
+ target,
465
+ _targetAddressForName[name],
466
+ name);
243
467
  }
244
468
 
245
- IAccess.TargetInfo memory info = IAccess.TargetInfo(
246
- ShortStrings.toShortString(name),
247
- isCustom,
248
- _accessManager.isTargetClosed(target), // sync with state in access manager
469
+ bool isLocked = _accessManager.isTargetClosed(target);// sync with state in access manager
470
+ _targetInfo[target] = IAccess.TargetInfo(
471
+ name,
472
+ ttype,
473
+ isLocked,
249
474
  TimestampLib.blockTimestamp(),
250
- TimestampLib.blockTimestamp());
251
-
252
- _target[target] = info;
253
- _targetForName[info.name] = target;
475
+ TimestampLib.blockTimestamp()
476
+ );
477
+ _targetAddressForName[name] = target;
254
478
  _targets.push(target);
479
+
480
+ emit LogTargetCreation(target, name, ttype, isLocked);
255
481
  }
256
482
 
257
- function _validateTargetParameters(address target, string memory name, bool isCustom) internal view {
258
- // TODO: implement
483
+ function _validateTarget(address target, ShortString name, IAccess.Type ttype)
484
+ internal
485
+ view
486
+ {
487
+ address targetAuthority = AccessManagedUpgradeable(target).authority();
488
+ if(targetAuthority != authority()) {
489
+ revert IAccess.ErrorIAccessTargetAuthorityInvalid(target, targetAuthority);
490
+ }
491
+
492
+ if (ShortStrings.byteLength(name) == 0) {
493
+ revert IAccess.ErrorIAccessTargetNameEmpty(target);
494
+ }
259
495
  }
260
496
 
261
- function setTargetFunctionRole(
262
- string memory targetName,
263
- bytes4[] calldata selectors,
264
- RoleId roleId
265
- ) public virtual restricted() {
266
- address target = _targetForName[ShortStrings.toShortString(targetName)];
267
-
268
- if (target == address(0)) {
269
- revert IAccess.ErrorIAccessTargetDoesNotExist(ShortStrings.toShortString(targetName));
497
+ // IMPORTANT: instance access manager MUST be of Core type -> otherwise can be locked forever
498
+ function _setTargetLocked(address target, bool locked) internal
499
+ {
500
+ IAccess.Type targetType = _targetInfo[target].ttype;
501
+ if(target == address(0) || targetType == IAccess.Type.NotInitialized) {
502
+ revert IAccess.ErrorIAccessTargetDoesNotExist(target);
270
503
  }
271
- if (! roleExists(roleId)) {
272
- revert IAccess.ErrorIAccessRoleIdInvalid(roleId);
504
+
505
+ if(targetType == IAccess.Type.Core) {
506
+ revert IAccess.ErrorIAccessTargetTypeInvalid(target, targetType);
273
507
  }
274
- uint64 roleIdInt = RoleId.unwrap(roleId);
275
- _accessManager.setTargetFunctionRole(target, selectors, roleIdInt);
508
+
509
+ _targetInfo[target].isLocked = locked;
510
+ _accessManager.setTargetClosed(target, locked);
276
511
  }
277
512
 
278
- function setTargetClosed(string memory targetName, bool closed) public restricted() {
279
- address target = _targetForName[ShortStrings.toShortString(targetName)];
513
+ function _setTargetFunctionRole(
514
+ address target,
515
+ ShortString name,
516
+ bytes4[] calldata selectors,
517
+ RoleId roleId
518
+ )
519
+ internal
520
+ {
280
521
  if (target == address(0)) {
281
- revert IAccess.ErrorIAccessTargetDoesNotExist(ShortStrings.toShortString(targetName));
522
+ revert IAccess.ErrorIAccessTargetDoesNotExist(target);
282
523
  }
283
- _accessManager.setTargetClosed(target, closed);
284
- }
285
524
 
286
- function isTargetLocked(address target) public view returns (bool locked) {
287
- return _accessManager.isTargetClosed(target);
525
+ if (!roleExists(roleId)) {
526
+ revert IAccess.ErrorIAccessRoleIdDoesNotExist(roleId);
527
+ }
528
+
529
+ uint64 roleIdInt = RoleId.unwrap(roleId);
530
+ _accessManager.setTargetFunctionRole(target, selectors, roleIdInt);
288
531
  }
289
532
 
290
533
  function canCall(