@etherisc/gif-next 0.0.2-e922e07-736 → 0.0.2-e9a637d-547
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +0 -71
- package/artifacts/contracts/components/Component.sol/Component.dbg.json +1 -1
- package/artifacts/contracts/components/Component.sol/Component.json +68 -0
- package/artifacts/contracts/components/Distribution.sol/Distribution.dbg.json +1 -1
- package/artifacts/contracts/components/Distribution.sol/Distribution.json +68 -0
- package/artifacts/contracts/components/IComponent.sol/IComponent.dbg.json +1 -1
- package/artifacts/contracts/components/IComponent.sol/IComponent.json +158 -0
- package/artifacts/contracts/components/IDistributionComponent.sol/IDistributionComponent.dbg.json +1 -1
- package/artifacts/contracts/components/IDistributionComponent.sol/IDistributionComponent.json +158 -0
- package/artifacts/contracts/components/IPoolComponent.sol/IPoolComponent.dbg.json +1 -1
- package/artifacts/contracts/components/IPoolComponent.sol/IPoolComponent.json +184 -149
- package/artifacts/contracts/components/IProductComponent.sol/IProductComponent.dbg.json +1 -1
- package/artifacts/contracts/components/IProductComponent.sol/IProductComponent.json +158 -0
- package/artifacts/contracts/components/Pool.sol/Pool.dbg.json +1 -1
- package/artifacts/contracts/components/Pool.sol/Pool.json +114 -189
- package/artifacts/contracts/components/Product.sol/Product.dbg.json +1 -1
- package/artifacts/contracts/components/Product.sol/Product.json +68 -0
- package/artifacts/contracts/instance/AccessManagerUpgradeableInitializeable.sol/AccessManagerUpgradeableInitializeable.dbg.json +4 -0
- package/artifacts/contracts/instance/AccessManagerUpgradeableInitializeable.sol/AccessManagerUpgradeableInitializeable.json +1206 -0
- package/artifacts/contracts/instance/BundleManager.sol/BundleManager.dbg.json +1 -1
- package/artifacts/contracts/instance/BundleManager.sol/BundleManager.json +64 -50
- package/artifacts/contracts/instance/Cloneable.sol/Cloneable.dbg.json +1 -1
- package/artifacts/contracts/instance/Cloneable.sol/Cloneable.json +5 -0
- package/artifacts/contracts/instance/IInstance.sol/IInstance.dbg.json +1 -1
- package/artifacts/contracts/instance/IInstance.sol/IInstance.json +214 -2063
- package/artifacts/contracts/instance/IInstanceService.sol/IInstanceService.dbg.json +1 -1
- package/artifacts/contracts/instance/IInstanceService.sol/IInstanceService.json +196 -51
- package/artifacts/contracts/instance/Instance.sol/Instance.dbg.json +1 -1
- package/artifacts/contracts/instance/Instance.sol/Instance.json +363 -2832
- package/artifacts/contracts/instance/InstanceAccessManager.sol/InstanceAccessManager.dbg.json +1 -1
- package/artifacts/contracts/instance/InstanceAccessManager.sol/InstanceAccessManager.json +491 -127
- package/artifacts/contracts/instance/InstanceReader.sol/InstanceReader.dbg.json +1 -1
- package/artifacts/contracts/instance/InstanceReader.sol/InstanceReader.json +101 -167
- package/artifacts/contracts/instance/InstanceService.sol/InstanceService.dbg.json +1 -1
- package/artifacts/contracts/instance/InstanceService.sol/InstanceService.json +333 -171
- package/artifacts/contracts/instance/InstanceServiceManager.sol/InstanceServiceManager.dbg.json +1 -1
- package/artifacts/contracts/instance/InstanceServiceManager.sol/InstanceServiceManager.json +75 -23
- package/artifacts/contracts/instance/InstanceStore.sol/InstanceStore.dbg.json +4 -0
- package/artifacts/contracts/instance/InstanceStore.sol/InstanceStore.json +2677 -0
- package/artifacts/contracts/instance/ObjectManager.sol/ObjectManager.dbg.json +1 -1
- package/artifacts/contracts/instance/ObjectManager.sol/ObjectManager.json +8 -13
- package/artifacts/contracts/instance/base/ComponentService.sol/ComponentService.dbg.json +1 -1
- package/artifacts/contracts/instance/base/ComponentService.sol/ComponentService.json +85 -30
- package/artifacts/contracts/instance/base/IKeyValueStore.sol/IKeyValueStore.dbg.json +1 -1
- package/artifacts/contracts/instance/base/ILifecycle.sol/ILifecycle.dbg.json +1 -1
- package/artifacts/contracts/instance/base/KeyValueStore.sol/KeyValueStore.dbg.json +1 -1
- package/artifacts/contracts/instance/base/KeyValueStore.sol/KeyValueStore.json +40 -10
- package/artifacts/contracts/instance/base/Lifecycle.sol/Lifecycle.dbg.json +1 -1
- package/artifacts/contracts/instance/base/Lifecycle.sol/Lifecycle.json +36 -11
- package/artifacts/contracts/instance/module/IAccess.sol/IAccess.dbg.json +1 -1
- package/artifacts/contracts/instance/module/IAccess.sol/IAccess.json +56 -73
- package/artifacts/contracts/instance/module/IBundle.sol/IBundle.dbg.json +1 -1
- package/artifacts/contracts/instance/module/IComponents.sol/IComponents.dbg.json +4 -0
- package/artifacts/contracts/instance/module/IComponents.sol/IComponents.json +10 -0
- package/artifacts/contracts/instance/module/IDistribution.sol/IDistribution.dbg.json +1 -1
- package/artifacts/contracts/instance/module/IPolicy.sol/IPolicy.dbg.json +1 -1
- package/artifacts/contracts/instance/module/IRisk.sol/IRisk.dbg.json +1 -1
- package/artifacts/contracts/instance/module/ISetup.sol/ISetup.dbg.json +1 -1
- package/artifacts/contracts/instance/module/ITreasury.sol/ITreasury.dbg.json +1 -1
- package/artifacts/contracts/instance/service/ApplicationService.sol/ApplicationService.dbg.json +1 -1
- package/artifacts/contracts/instance/service/ApplicationService.sol/ApplicationService.json +124 -53
- package/artifacts/contracts/instance/service/ApplicationServiceManager.sol/ApplicationServiceManager.dbg.json +1 -1
- package/artifacts/contracts/instance/service/ApplicationServiceManager.sol/ApplicationServiceManager.json +21 -13
- package/artifacts/contracts/instance/service/BundleService.sol/BundleService.dbg.json +1 -1
- package/artifacts/contracts/instance/service/BundleService.sol/BundleService.json +384 -249
- package/artifacts/contracts/instance/service/BundleServiceManager.sol/BundleServiceManager.dbg.json +1 -1
- package/artifacts/contracts/instance/service/BundleServiceManager.sol/BundleServiceManager.json +74 -14
- package/artifacts/contracts/instance/service/ClaimService.sol/ClaimService.dbg.json +1 -1
- package/artifacts/contracts/instance/service/ClaimService.sol/ClaimService.json +104 -41
- package/artifacts/contracts/instance/service/ClaimServiceManager.sol/ClaimServiceManager.dbg.json +1 -1
- package/artifacts/contracts/instance/service/ClaimServiceManager.sol/ClaimServiceManager.json +11 -7
- package/artifacts/contracts/instance/service/DistributionService.sol/DistributionService.dbg.json +1 -1
- package/artifacts/contracts/instance/service/DistributionService.sol/DistributionService.json +195 -121
- package/artifacts/contracts/instance/service/DistributionServiceManager.sol/DistributionServiceManager.dbg.json +1 -1
- package/artifacts/contracts/instance/service/DistributionServiceManager.sol/DistributionServiceManager.json +51 -47
- package/artifacts/contracts/instance/service/IApplicationService.sol/IApplicationService.dbg.json +1 -1
- package/artifacts/contracts/instance/service/IApplicationService.sol/IApplicationService.json +80 -14
- package/artifacts/contracts/instance/service/IBundleService.sol/IBundleService.dbg.json +1 -1
- package/artifacts/contracts/instance/service/IBundleService.sol/IBundleService.json +212 -186
- package/artifacts/contracts/instance/service/IClaimService.sol/IClaimService.dbg.json +1 -1
- package/artifacts/contracts/instance/service/IClaimService.sol/IClaimService.json +80 -14
- package/artifacts/contracts/instance/service/IDistributionService.sol/IDistributionService.dbg.json +1 -1
- package/artifacts/contracts/instance/service/IDistributionService.sol/IDistributionService.json +101 -24
- package/artifacts/contracts/instance/service/IPolicyService.sol/IPolicyService.dbg.json +1 -1
- package/artifacts/contracts/instance/service/IPolicyService.sol/IPolicyService.json +90 -24
- package/artifacts/contracts/instance/service/IPoolService.sol/IPoolService.dbg.json +1 -1
- package/artifacts/contracts/instance/service/IPoolService.sol/IPoolService.json +511 -14
- package/artifacts/contracts/instance/service/IProductService.sol/IProductService.dbg.json +1 -1
- package/artifacts/contracts/instance/service/IProductService.sol/IProductService.json +80 -14
- package/artifacts/contracts/instance/service/PolicyService.sol/PolicyService.dbg.json +1 -1
- package/artifacts/contracts/instance/service/PolicyService.sol/PolicyService.json +136 -65
- package/artifacts/contracts/instance/service/PolicyServiceManager.sol/PolicyServiceManager.dbg.json +1 -1
- package/artifacts/contracts/instance/service/PolicyServiceManager.sol/PolicyServiceManager.json +27 -19
- package/artifacts/contracts/instance/service/PoolService.sol/PoolService.dbg.json +1 -1
- package/artifacts/contracts/instance/service/PoolService.sol/PoolService.json +561 -51
- package/artifacts/contracts/instance/service/PoolServiceManager.sol/PoolServiceManager.dbg.json +1 -1
- package/artifacts/contracts/instance/service/PoolServiceManager.sol/PoolServiceManager.json +24 -12
- package/artifacts/contracts/instance/service/ProductService.sol/ProductService.dbg.json +1 -1
- package/artifacts/contracts/instance/service/ProductService.sol/ProductService.json +114 -51
- package/artifacts/contracts/instance/service/ProductServiceManager.sol/ProductServiceManager.dbg.json +1 -1
- package/artifacts/contracts/instance/service/ProductServiceManager.sol/ProductServiceManager.json +16 -12
- package/artifacts/contracts/registry/ChainNft.sol/ChainNft.dbg.json +1 -1
- package/artifacts/contracts/registry/ChainNft.sol/ChainNft.json +15 -2
- package/artifacts/contracts/registry/IRegistry.sol/IRegistry.dbg.json +1 -1
- package/artifacts/contracts/registry/IRegistry.sol/IRegistry.json +19 -0
- package/artifacts/contracts/registry/IRegistryService.sol/IRegistryService.dbg.json +1 -1
- package/artifacts/contracts/registry/IRegistryService.sol/IRegistryService.json +0 -24
- package/artifacts/contracts/registry/ITransferInterceptor.sol/ITransferInterceptor.dbg.json +1 -1
- package/artifacts/contracts/registry/ITransferInterceptor.sol/ITransferInterceptor.json +18 -0
- package/artifacts/contracts/registry/Registry.sol/Registry.dbg.json +1 -1
- package/artifacts/contracts/registry/Registry.sol/Registry.json +31 -12
- package/artifacts/contracts/registry/RegistryAccessManager.sol/RegistryAccessManager.dbg.json +1 -1
- package/artifacts/contracts/registry/RegistryAccessManager.sol/RegistryAccessManager.json +2 -2
- package/artifacts/contracts/registry/RegistryService.sol/RegistryService.dbg.json +1 -1
- package/artifacts/contracts/registry/RegistryService.sol/RegistryService.json +17 -36
- package/artifacts/contracts/registry/RegistryServiceManager.sol/RegistryServiceManager.dbg.json +1 -1
- package/artifacts/contracts/registry/RegistryServiceManager.sol/RegistryServiceManager.json +7 -7
- package/artifacts/contracts/registry/ReleaseManager.sol/ReleaseManager.dbg.json +1 -1
- package/artifacts/contracts/registry/ReleaseManager.sol/ReleaseManager.json +23 -11
- package/artifacts/contracts/registry/TokenRegistry.sol/TokenRegistry.dbg.json +1 -1
- package/artifacts/contracts/registry/TokenRegistry.sol/TokenRegistry.json +2 -2
- package/artifacts/contracts/shared/ContractDeployerLib.sol/ContractDeployerLib.dbg.json +1 -1
- package/artifacts/contracts/shared/ERC165.sol/ERC165.dbg.json +1 -1
- package/artifacts/contracts/shared/INftOwnable.sol/INftOwnable.dbg.json +1 -1
- package/artifacts/contracts/shared/IPolicyHolder.sol/IPolicyHolder.dbg.json +1 -1
- package/artifacts/contracts/shared/IRegisterable.sol/IRegisterable.dbg.json +1 -1
- package/artifacts/contracts/shared/IRegistryLinked.sol/IRegistryLinked.dbg.json +1 -1
- package/artifacts/contracts/shared/IService.sol/IService.dbg.json +1 -1
- package/artifacts/contracts/shared/IService.sol/IService.json +80 -14
- package/artifacts/contracts/shared/IVersionable.sol/IVersionable.dbg.json +1 -1
- package/artifacts/contracts/shared/NftOwnable.sol/NftOwnable.dbg.json +1 -1
- package/artifacts/contracts/shared/NftOwnable.sol/NftOwnable.json +2 -2
- package/artifacts/contracts/shared/PolicyHolder.sol/PolicyHolder.dbg.json +1 -1
- package/artifacts/contracts/shared/PolicyHolder.sol/PolicyHolder.json +2 -2
- package/artifacts/contracts/shared/ProxyManager.sol/ProxyManager.dbg.json +1 -1
- package/artifacts/contracts/shared/ProxyManager.sol/ProxyManager.json +2 -2
- package/artifacts/contracts/shared/Registerable.sol/Registerable.dbg.json +1 -1
- package/artifacts/contracts/shared/Registerable.sol/Registerable.json +2 -2
- package/artifacts/contracts/shared/RegistryLinked.sol/RegistryLinked.dbg.json +1 -1
- package/artifacts/contracts/shared/RegistryLinked.sol/RegistryLinked.json +2 -2
- package/artifacts/contracts/shared/Service.sol/Service.dbg.json +1 -1
- package/artifacts/contracts/shared/Service.sol/Service.json +86 -15
- package/artifacts/contracts/shared/TokenHandler.sol/TokenHandler.dbg.json +1 -1
- package/artifacts/contracts/shared/TokenHandler.sol/TokenHandler.json +2 -2
- package/artifacts/contracts/shared/UpgradableProxyWithAdmin.sol/UpgradableProxyWithAdmin.dbg.json +1 -1
- package/artifacts/contracts/shared/UpgradableProxyWithAdmin.sol/UpgradableProxyWithAdmin.json +2 -2
- package/artifacts/contracts/shared/Versionable.sol/Versionable.dbg.json +1 -1
- package/artifacts/contracts/test/TestFee.sol/TestFee.dbg.json +1 -1
- package/artifacts/contracts/test/TestFee.sol/TestFee.json +2 -2
- package/artifacts/contracts/test/TestRegisterable.sol/TestRegisterable.dbg.json +1 -1
- package/artifacts/contracts/test/TestRegisterable.sol/TestRegisterable.json +2 -2
- package/artifacts/contracts/test/TestRoleId.sol/TestRoleId.dbg.json +1 -1
- package/artifacts/contracts/test/TestRoleId.sol/TestRoleId.json +6 -6
- package/artifacts/contracts/test/TestService.sol/TestService.dbg.json +1 -1
- package/artifacts/contracts/test/TestService.sol/TestService.json +101 -26
- package/artifacts/contracts/test/TestToken.sol/TestUsdc.dbg.json +1 -1
- package/artifacts/contracts/test/TestVersion.sol/TestVersion.dbg.json +1 -1
- package/artifacts/contracts/test/TestVersion.sol/TestVersion.json +2 -2
- package/artifacts/contracts/test/TestVersionable.sol/TestVersionable.dbg.json +1 -1
- package/artifacts/contracts/test/TestVersionable.sol/TestVersionable.json +2 -2
- package/artifacts/contracts/test/Usdc.sol/USDC.dbg.json +1 -1
- package/artifacts/contracts/types/AddressSet.sol/LibAddressSet.dbg.json +1 -1
- package/artifacts/contracts/types/Amount.sol/AmountLib.dbg.json +4 -0
- package/artifacts/contracts/types/Amount.sol/AmountLib.json +161 -0
- package/artifacts/contracts/types/Blocknumber.sol/BlocknumberLib.dbg.json +1 -1
- package/artifacts/contracts/types/Blocknumber.sol/BlocknumberLib.json +2 -2
- package/artifacts/contracts/types/ChainId.sol/ChainIdLib.dbg.json +1 -1
- package/artifacts/contracts/types/ClaimId.sol/ClaimIdLib.dbg.json +1 -1
- package/artifacts/contracts/types/DistributorType.sol/DistributorTypeLib.dbg.json +1 -1
- package/artifacts/contracts/types/DistributorType.sol/DistributorTypeLib.json +2 -2
- package/artifacts/contracts/types/Fee.sol/FeeLib.dbg.json +1 -1
- package/artifacts/contracts/types/Fee.sol/FeeLib.json +40 -9
- package/artifacts/contracts/types/Key32.sol/Key32Lib.dbg.json +1 -1
- package/artifacts/contracts/types/Key32.sol/Key32Lib.json +2 -2
- package/artifacts/contracts/types/NftId.sol/NftIdLib.dbg.json +1 -1
- package/artifacts/contracts/types/NftId.sol/NftIdLib.json +17 -4
- package/artifacts/contracts/types/NftIdSet.sol/LibNftIdSet.dbg.json +1 -1
- package/artifacts/contracts/types/NftIdSet.sol/LibNftIdSet.json +2 -2
- package/artifacts/contracts/types/NumberId.sol/NumberIdLib.dbg.json +1 -1
- package/artifacts/contracts/types/ObjectType.sol/ObjectTypeLib.dbg.json +1 -1
- package/artifacts/contracts/types/ObjectType.sol/ObjectTypeLib.json +2 -2
- package/artifacts/contracts/types/PayoutId.sol/PayoutIdLib.dbg.json +1 -1
- package/artifacts/contracts/types/Referral.sol/ReferralLib.dbg.json +1 -1
- package/artifacts/contracts/types/Referral.sol/ReferralLib.json +2 -2
- package/artifacts/contracts/types/RiskId.sol/RiskIdLib.dbg.json +1 -1
- package/artifacts/contracts/types/RiskId.sol/RiskIdLib.json +2 -2
- package/artifacts/contracts/types/RoleId.sol/RoleIdLib.dbg.json +1 -1
- package/artifacts/contracts/types/RoleId.sol/RoleIdLib.json +2 -2
- package/artifacts/contracts/types/Seconds.sol/SecondsLib.dbg.json +1 -1
- package/artifacts/contracts/types/StateId.sol/StateIdLib.dbg.json +1 -1
- package/artifacts/contracts/types/StateId.sol/StateIdLib.json +2 -2
- package/artifacts/contracts/types/Timestamp.sol/TimestampLib.dbg.json +1 -1
- package/artifacts/contracts/types/Timestamp.sol/TimestampLib.json +2 -2
- package/artifacts/contracts/types/UFixed.sol/MathLib.dbg.json +1 -1
- package/artifacts/contracts/types/UFixed.sol/MathLib.json +2 -2
- package/artifacts/contracts/types/UFixed.sol/UFixedLib.dbg.json +1 -1
- package/artifacts/contracts/types/UFixed.sol/UFixedLib.json +2 -2
- package/artifacts/contracts/types/Version.sol/VersionLib.dbg.json +1 -1
- package/artifacts/contracts/types/Version.sol/VersionLib.json +2 -2
- package/artifacts/contracts/types/Version.sol/VersionPartLib.dbg.json +1 -1
- package/artifacts/contracts/types/Version.sol/VersionPartLib.json +2 -2
- package/contracts/components/Component.sol +42 -10
- package/contracts/components/IComponent.sol +9 -1
- package/contracts/components/IPoolComponent.sol +5 -43
- package/contracts/components/Pool.sol +47 -122
- package/contracts/components/Product.sol +4 -0
- package/contracts/instance/AccessManagerUpgradeableInitializeable.sol +13 -0
- package/contracts/instance/BundleManager.sol +6 -4
- package/contracts/instance/Cloneable.sol +7 -2
- package/contracts/instance/IInstance.sol +23 -55
- package/contracts/instance/IInstanceService.sol +31 -6
- package/contracts/instance/Instance.sol +90 -182
- package/contracts/instance/InstanceAccessManager.sol +402 -159
- package/contracts/instance/InstanceReader.sol +12 -12
- package/contracts/instance/InstanceService.sol +287 -246
- package/contracts/instance/InstanceStore.sol +219 -0
- package/contracts/instance/ObjectManager.sol +6 -8
- package/contracts/instance/base/ComponentService.sol +17 -30
- package/contracts/instance/base/KeyValueStore.sol +13 -5
- package/contracts/instance/base/Lifecycle.sol +11 -2
- package/contracts/instance/module/IAccess.sol +21 -14
- package/contracts/instance/module/IBundle.sol +6 -4
- package/contracts/instance/module/IComponents.sol +41 -0
- package/contracts/instance/module/ISetup.sol +3 -16
- package/contracts/instance/service/ApplicationService.sol +18 -16
- package/contracts/instance/service/BundleService.sol +213 -81
- package/contracts/instance/service/ClaimService.sol +3 -3
- package/contracts/instance/service/DistributionService.sol +57 -70
- package/contracts/instance/service/IBundleService.sol +63 -25
- package/contracts/instance/service/IDistributionService.sol +1 -0
- package/contracts/instance/service/IPoolService.sol +82 -3
- package/contracts/instance/service/PolicyService.sol +68 -100
- package/contracts/instance/service/PoolService.sol +214 -20
- package/contracts/instance/service/ProductService.sol +34 -58
- package/contracts/registry/ChainNft.sol +8 -0
- package/contracts/registry/IRegistry.sol +2 -0
- package/contracts/registry/IRegistryService.sol +4 -3
- package/contracts/registry/ITransferInterceptor.sol +1 -0
- package/contracts/registry/Registry.sol +23 -20
- package/contracts/registry/RegistryService.sol +10 -11
- package/contracts/registry/ReleaseManager.sol +20 -18
- package/contracts/shared/IService.sol +4 -6
- package/contracts/shared/Service.sol +21 -7
- package/contracts/shared/TokenHandler.sol +11 -5
- package/contracts/test/TestService.sol +1 -1
- package/contracts/types/Amount.sol +60 -0
- package/contracts/types/Blocknumber.sol +1 -0
- package/contracts/types/Fee.sol +13 -5
- package/contracts/types/NftId.sol +8 -0
- package/contracts/types/ObjectType.sol +1 -0
- package/contracts/types/RoleId.sol +6 -4
- package/contracts/types/StateId.sol +1 -0
- package/contracts/types/Timestamp.sol +1 -0
- package/contracts/types/UFixed.sol +1 -0
- package/contracts/types/Version.sol +1 -0
- package/package.json +1 -1
@@ -1,290 +1,533 @@
|
|
1
1
|
// SPDX-License-Identifier: Apache-2.0
|
2
2
|
pragma solidity ^0.8.20;
|
3
3
|
|
4
|
-
import {AccessManager} from "@openzeppelin/contracts/access/manager/AccessManager.sol";
|
5
4
|
import {AccessManagedUpgradeable} from "@openzeppelin/contracts-upgradeable/access/manager/AccessManagedUpgradeable.sol";
|
6
5
|
import {EnumerableSet} from "@openzeppelin/contracts/utils/structs/EnumerableSet.sol";
|
7
6
|
import {ShortString, ShortStrings} from "@openzeppelin/contracts/utils/ShortStrings.sol";
|
8
7
|
|
9
|
-
import {RoleId, RoleIdLib } from "../types/RoleId.sol";
|
8
|
+
import {RoleId, RoleIdLib, ADMIN_ROLE, PUBLIC_ROLE, INSTANCE_SERVICE_ROLE, INSTANCE_OWNER_ROLE, INSTANCE_ROLE} from "../types/RoleId.sol";
|
10
9
|
import {TimestampLib} from "../types/Timestamp.sol";
|
10
|
+
import {NftId} from "../types/NftId.sol";
|
11
|
+
|
12
|
+
import {AccessManagerUpgradeableInitializeable} from "./AccessManagerUpgradeableInitializeable.sol";
|
13
|
+
|
14
|
+
import {IRegistry} from "../registry/IRegistry.sol";
|
15
|
+
|
16
|
+
import {IInstance} from "./IInstance.sol";
|
11
17
|
import {IAccess} from "./module/IAccess.sol";
|
12
18
|
|
13
19
|
contract InstanceAccessManager is
|
14
20
|
AccessManagedUpgradeable
|
15
21
|
{
|
22
|
+
event LogRoleCreation(RoleId roleId, ShortString name, IAccess.Type rtype);
|
23
|
+
event LogTargetCreation(address target, ShortString name, IAccess.Type ttype, bool isLocked);
|
24
|
+
|
16
25
|
using RoleIdLib for RoleId;
|
17
26
|
|
18
27
|
string public constant ADMIN_ROLE_NAME = "AdminRole";
|
19
28
|
string public constant PUBLIC_ROLE_NAME = "PublicRole";
|
29
|
+
string public constant INSTANCE_ROLE_NAME = "InstanceRole";
|
30
|
+
string public constant INSTANCE_OWNER_ROLE_NAME = "InstanceOwnerRole";
|
20
31
|
|
21
|
-
uint64 public constant CUSTOM_ROLE_ID_MIN = 10000;
|
32
|
+
uint64 public constant CUSTOM_ROLE_ID_MIN = 10000; // MUST be even
|
22
33
|
uint32 public constant EXECUTION_DELAY = 0;
|
23
34
|
|
24
35
|
// role specific state
|
25
|
-
mapping(RoleId roleId => IAccess.RoleInfo info) internal
|
36
|
+
mapping(RoleId roleId => IAccess.RoleInfo info) internal _roleInfo;
|
26
37
|
mapping(RoleId roleId => EnumerableSet.AddressSet roleMembers) internal _roleMembers;
|
27
|
-
mapping(ShortString name => RoleId roleId) internal
|
28
|
-
RoleId [] internal
|
38
|
+
mapping(ShortString name => RoleId roleId) internal _roleIdForName;
|
39
|
+
RoleId [] internal _roleIds;
|
40
|
+
uint64 _idNext;
|
29
41
|
|
30
42
|
// target specific state
|
31
|
-
mapping(address target => IAccess.TargetInfo info) internal
|
32
|
-
mapping(ShortString name => address target) internal
|
43
|
+
mapping(address target => IAccess.TargetInfo info) internal _targetInfo;
|
44
|
+
mapping(ShortString name => address target) internal _targetAddressForName;
|
33
45
|
address [] internal _targets;
|
34
46
|
|
35
|
-
|
47
|
+
AccessManagerUpgradeableInitializeable internal _accessManager;
|
48
|
+
IRegistry internal _registry;
|
49
|
+
|
50
|
+
modifier restrictedToRoleAdmin(RoleId roleId) {
|
51
|
+
RoleId admin = getRoleAdmin(roleId);
|
52
|
+
(bool inRole, uint32 executionDelay) = _accessManager.hasRole(admin.toInt(), _msgSender());
|
53
|
+
assert(executionDelay == 0); // to be sure no delayed execution functionality is used
|
54
|
+
if (!inRole) {
|
55
|
+
revert IAccess.ErrorIAccessCallerIsNotRoleAdmin(_msgSender(), roleId);
|
56
|
+
}
|
57
|
+
_;
|
58
|
+
}
|
36
59
|
|
37
|
-
|
60
|
+
// instance owner is granted upon instance nft minting in callback function
|
61
|
+
function initialize(address instanceAddress) external initializer
|
38
62
|
{
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
|
63
|
+
IInstance instance = IInstance(instanceAddress);
|
64
|
+
IRegistry registry = instance.getRegistry();
|
65
|
+
address authority = instance.authority();
|
66
|
+
|
67
|
+
__AccessManaged_init(authority);
|
68
|
+
|
69
|
+
_accessManager = AccessManagerUpgradeableInitializeable(authority);
|
70
|
+
_registry = registry;
|
71
|
+
_idNext = CUSTOM_ROLE_ID_MIN;
|
72
|
+
|
73
|
+
_createRole(ADMIN_ROLE(), ADMIN_ROLE_NAME, IAccess.Type.Core);
|
74
|
+
_createRole(PUBLIC_ROLE(), PUBLIC_ROLE_NAME, IAccess.Type.Core);
|
75
|
+
_createRole(INSTANCE_ROLE(), INSTANCE_ROLE_NAME, IAccess.Type.Core);
|
76
|
+
_createRole(INSTANCE_OWNER_ROLE(), INSTANCE_OWNER_ROLE_NAME, IAccess.Type.Gif);// TODO should be of core type
|
43
77
|
|
44
|
-
|
78
|
+
// assume `this` is already a member of ADMIN_ROLE
|
79
|
+
EnumerableSet.add(_roleMembers[ADMIN_ROLE()], address(this));
|
45
80
|
|
46
|
-
|
47
|
-
|
81
|
+
grantRole(INSTANCE_ROLE(), instanceAddress);
|
82
|
+
setRoleAdmin(INSTANCE_OWNER_ROLE(), INSTANCE_ROLE());
|
48
83
|
}
|
49
84
|
|
50
85
|
//--- Role ------------------------------------------------------//
|
51
|
-
|
52
|
-
|
86
|
+
// ADMIN_ROLE
|
87
|
+
// assume all core roles are know at deployment time
|
88
|
+
// assume core roles are set and granted only during instance cloning
|
89
|
+
// assume core roles are never revoked -> core roles admin is never active after intialization
|
90
|
+
function createCoreRole(RoleId roleId, string memory name)
|
91
|
+
external
|
92
|
+
restricted()
|
93
|
+
{
|
94
|
+
_createRole(roleId, name, IAccess.Type.Core);
|
53
95
|
}
|
54
|
-
|
55
|
-
|
56
|
-
|
96
|
+
// ADMIN_ROLE
|
97
|
+
// assume gif roles can be revoked
|
98
|
+
// assume admin is INSTANCE_OWNER_ROLE or INSTANCE_ROLE
|
99
|
+
function createGifRole(RoleId roleId, string memory name, RoleId admin)
|
100
|
+
external
|
101
|
+
restricted()
|
102
|
+
{
|
103
|
+
_createRole(roleId, name, IAccess.Type.Gif);
|
104
|
+
setRoleAdmin(roleId, admin);
|
57
105
|
}
|
58
106
|
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
|
107
|
+
// INSTANCE_OWNER_ROLE
|
108
|
+
function createRole(string memory roleName, string memory adminName)
|
109
|
+
external
|
110
|
+
restricted()
|
111
|
+
returns(RoleId roleId, RoleId admin)
|
112
|
+
{
|
113
|
+
(roleId, admin) = _getNextCustomRoleId();
|
63
114
|
|
64
|
-
|
65
|
-
|
66
|
-
}
|
115
|
+
_createRole(roleId, roleName, IAccess.Type.Custom);
|
116
|
+
_createRole(admin, adminName, IAccess.Type.Custom);
|
67
117
|
|
68
|
-
|
69
|
-
|
118
|
+
// TODO works without this -> why?
|
119
|
+
setRoleAdmin(roleId, admin);
|
120
|
+
setRoleAdmin(admin, INSTANCE_OWNER_ROLE());
|
70
121
|
}
|
71
122
|
|
72
|
-
|
123
|
+
// ADMIN_ROLE
|
124
|
+
// assume used by instance service only during instance cloning
|
125
|
+
// assume used only by this.createRole(), this.createGifRole() afterwards
|
126
|
+
function setRoleAdmin(RoleId roleId, RoleId admin)
|
127
|
+
public
|
128
|
+
restricted()
|
129
|
+
{
|
73
130
|
if (!roleExists(roleId)) {
|
74
|
-
revert IAccess.
|
131
|
+
revert IAccess.ErrorIAccessRoleIdDoesNotExist(roleId);
|
75
132
|
}
|
76
133
|
|
77
|
-
if
|
78
|
-
revert IAccess.
|
134
|
+
if(_roleInfo[roleId].rtype == IAccess.Type.Core) {
|
135
|
+
revert IAccess.ErrorIAccessRoleTypeInvalid(roleId, IAccess.Type.Core);
|
79
136
|
}
|
80
137
|
|
81
|
-
if (!
|
82
|
-
|
83
|
-
|
84
|
-
return true;
|
85
|
-
}
|
138
|
+
if (!roleExists(admin)) {
|
139
|
+
revert IAccess.ErrorIAccessRoleIdDoesNotExist(admin);
|
140
|
+
}
|
86
141
|
|
87
|
-
|
142
|
+
_roleInfo[roleId].admin = admin;
|
88
143
|
}
|
89
144
|
|
90
|
-
|
145
|
+
// TODO core role can be granted only to 1 member
|
146
|
+
function grantRole(RoleId roleId, address member)
|
147
|
+
public
|
148
|
+
restrictedToRoleAdmin(roleId)
|
149
|
+
returns (bool granted)
|
150
|
+
{
|
91
151
|
if (!roleExists(roleId)) {
|
92
|
-
revert IAccess.
|
152
|
+
revert IAccess.ErrorIAccessRoleIdDoesNotExist(roleId);
|
93
153
|
}
|
94
154
|
|
95
|
-
|
96
|
-
|
97
|
-
|
98
|
-
|
99
|
-
}
|
100
|
-
|
101
|
-
return false;
|
155
|
+
granted = EnumerableSet.add(_roleMembers[roleId], member);
|
156
|
+
if(granted) {
|
157
|
+
_accessManager.grantRole(roleId.toInt(), member, EXECUTION_DELAY);
|
158
|
+
}
|
102
159
|
}
|
103
160
|
|
104
|
-
|
105
|
-
|
106
|
-
|
107
|
-
|
161
|
+
function revokeRole(RoleId roleId, address member)
|
162
|
+
external
|
163
|
+
restrictedToRoleAdmin(roleId)
|
164
|
+
returns (bool)
|
165
|
+
{
|
166
|
+
return _revokeRole(roleId, member);
|
167
|
+
}
|
108
168
|
|
169
|
+
// INSTANCE_OWNER_ROLE
|
170
|
+
// IMPORTANT: unbounded function, revoke all or revert
|
171
|
+
// Instance owner role decides what to do in case of custom role admin bening revoked, e.g.:
|
172
|
+
// 1) revoke custom role from ALL members
|
173
|
+
// 2) revoke custom role admin from ALL members
|
174
|
+
// 3) 1) + 2)
|
175
|
+
// 4) revoke only 1 member of custom role admin
|
176
|
+
function revokeRoleAllMembers(RoleId roleId)
|
177
|
+
external
|
178
|
+
restrictedToRoleAdmin(roleId)
|
179
|
+
returns (bool revoked)
|
180
|
+
{
|
109
181
|
if (!roleExists(roleId)) {
|
110
|
-
revert IAccess.
|
182
|
+
revert IAccess.ErrorIAccessRoleIdDoesNotExist(roleId);
|
111
183
|
}
|
112
184
|
|
113
|
-
|
114
|
-
|
115
|
-
|
185
|
+
uint memberCount = EnumerableSet.length(_roleMembers[roleId]);
|
186
|
+
for(uint memberIdx = 0; memberIdx < memberCount; memberIdx++)
|
187
|
+
{
|
188
|
+
address member = EnumerableSet.at(_roleMembers[roleId], memberIdx);
|
116
189
|
EnumerableSet.remove(_roleMembers[roleId], member);
|
117
|
-
|
190
|
+
_accessManager.revokeRole(roleId.toInt(), member);
|
191
|
+
}
|
192
|
+
}
|
193
|
+
|
194
|
+
/// @dev not restricted function by intention
|
195
|
+
/// the restriction to role members is already enforced by the call to the access manager
|
196
|
+
function renounceRole(RoleId roleId)
|
197
|
+
external
|
198
|
+
returns (bool)
|
199
|
+
{
|
200
|
+
IAccess.Type rtype = _roleInfo[roleId].rtype;
|
201
|
+
if(rtype == IAccess.Type.Core || rtype == IAccess.Type.Gif) {
|
202
|
+
revert IAccess.ErrorIAccessRoleTypeInvalid(roleId, rtype);
|
118
203
|
}
|
119
204
|
|
120
|
-
|
205
|
+
address member = msg.sender;
|
206
|
+
// cannot use accessManger.renounce as it directly checks against msg.sender
|
207
|
+
return _revokeRole(roleId, member);
|
121
208
|
}
|
122
209
|
|
123
|
-
function
|
124
|
-
return
|
210
|
+
function roleExists(RoleId roleId) public view returns (bool exists) {
|
211
|
+
return _roleInfo[roleId].createdAt.gtz();
|
212
|
+
}
|
213
|
+
// TODO returns ADMIN_ROLE id for non existent roleId
|
214
|
+
function getRoleAdmin(RoleId roleId) public view returns(RoleId admin) {
|
215
|
+
return _roleInfo[roleId].admin;
|
216
|
+
}
|
217
|
+
|
218
|
+
function getRoleInfo(RoleId roleId) external view returns (IAccess.RoleInfo memory info) {
|
219
|
+
return _roleInfo[roleId];
|
220
|
+
}
|
221
|
+
|
222
|
+
function roleMembers(RoleId roleId) public view returns (uint256 numberOfMembers) {
|
223
|
+
return EnumerableSet.length(_roleMembers[roleId]);
|
125
224
|
}
|
126
225
|
|
127
226
|
function getRoleId(uint256 idx) external view returns (RoleId roleId) {
|
128
|
-
return
|
227
|
+
return _roleIds[idx];
|
129
228
|
}
|
130
229
|
|
230
|
+
// TODO returns ADMIN_ROLE id for non existent name
|
131
231
|
function getRoleIdForName(string memory name) external view returns (RoleId roleId) {
|
132
|
-
return
|
232
|
+
return _roleIdForName[ShortStrings.toShortString(name)];
|
133
233
|
}
|
134
234
|
|
135
|
-
function
|
136
|
-
return
|
235
|
+
function roleMember(RoleId roleId, uint256 idx) external view returns (address member) {
|
236
|
+
return EnumerableSet.at(_roleMembers[roleId], idx);
|
137
237
|
}
|
138
238
|
|
139
239
|
function hasRole(RoleId roleId, address account) external view returns (bool accountHasRole) {
|
140
240
|
(accountHasRole, ) = _accessManager.hasRole(roleId.toInt(), account);
|
141
241
|
}
|
142
242
|
|
143
|
-
function
|
144
|
-
return
|
243
|
+
function roles() external view returns (uint256 numberOfRoles) {
|
244
|
+
return _roleIds.length;
|
145
245
|
}
|
146
246
|
|
147
|
-
|
148
|
-
|
247
|
+
//--- Target ------------------------------------------------------//
|
248
|
+
// ADMIN_ROLE
|
249
|
+
// assume some core targets are registred (instance) while others are not (instance accesss manager, instance reader, bundle manager)
|
250
|
+
function createCoreTarget(address target, string memory name) external restricted() {
|
251
|
+
_createTarget(target, name, IAccess.Type.Core);
|
149
252
|
}
|
253
|
+
// INSTANCE_SERVICE_ROLE
|
254
|
+
// TODO check for instance mismatch?
|
255
|
+
function createGifTarget(address target, string memory name) external restricted()
|
256
|
+
{
|
257
|
+
if(!_registry.isRegistered(target)) {
|
258
|
+
revert IAccess.ErrorIAccessTargetNotRegistered(target);
|
259
|
+
}
|
150
260
|
|
151
|
-
|
152
|
-
|
153
|
-
|
261
|
+
_createTarget(target, name, IAccess.Type.Gif);
|
262
|
+
}
|
263
|
+
// INSTANCE_OWNER_ROLE
|
264
|
+
// assume custom target.authority() is constant -> target MUST not be used with different instance access manager
|
265
|
+
// assume custom target can not be registered as component -> each service which is doing component registration MUST register a gif target
|
266
|
+
// assume custom target can not be registered as instance or service -> why?
|
267
|
+
// TODO check target associated with instance owner or instance or instance components or components helpers
|
268
|
+
function createTarget(address target, string memory name) external restricted()
|
269
|
+
{
|
270
|
+
_createTarget(target, name, IAccess.Type.Custom);
|
154
271
|
}
|
155
272
|
|
156
|
-
|
157
|
-
|
273
|
+
// TODO instance owner locks component instead of revoking it access to the instance...
|
274
|
+
function setTargetLockedByService(address target, bool locked)
|
275
|
+
external
|
276
|
+
restricted // INSTANCE_SERVICE_ROLE
|
277
|
+
{
|
278
|
+
_setTargetLocked(target, locked);
|
158
279
|
}
|
159
280
|
|
160
|
-
function
|
161
|
-
|
162
|
-
|
163
|
-
|
164
|
-
|
281
|
+
function setTargetLockedByInstance(address target, bool locked)
|
282
|
+
external
|
283
|
+
restricted // INSTANCE_ROLE
|
284
|
+
{
|
285
|
+
_setTargetLocked(target, locked);
|
286
|
+
}
|
287
|
+
|
288
|
+
|
289
|
+
// allowed combinations of roles and targets:
|
290
|
+
//1) set core role for core target
|
291
|
+
//2) set gif role for gif target
|
292
|
+
//3) set custom role for gif target
|
293
|
+
//4) set custom role for custom target
|
294
|
+
|
295
|
+
// ADMIN_ROLE if used only during initialization, works with:
|
296
|
+
// any roles for any targets
|
297
|
+
// INSTANCE_SERVICE_ROLE if used not only during initilization, works with:
|
298
|
+
// core roles for core targets
|
299
|
+
// gif roles for gif targets
|
300
|
+
function setCoreTargetFunctionRole(
|
301
|
+
string memory targetName,
|
302
|
+
bytes4[] calldata selectors,
|
303
|
+
RoleId roleId
|
304
|
+
)
|
305
|
+
public
|
306
|
+
virtual
|
307
|
+
restricted()
|
308
|
+
{
|
309
|
+
ShortString nameShort = ShortStrings.toShortString(targetName);
|
310
|
+
address target = _targetAddressForName[nameShort];
|
311
|
+
|
312
|
+
// not custom target
|
313
|
+
if(_targetInfo[target].ttype == IAccess.Type.Custom) {
|
314
|
+
revert IAccess.ErrorIAccessTargetTypeInvalid(target, IAccess.Type.Custom);
|
165
315
|
}
|
166
316
|
|
167
|
-
|
168
|
-
|
169
|
-
|
317
|
+
// not custom role
|
318
|
+
if(_roleInfo[roleId].rtype == IAccess.Type.Custom) {
|
319
|
+
revert IAccess.ErrorIAccessRoleTypeInvalid(roleId, IAccess.Type.Custom);
|
320
|
+
}
|
170
321
|
|
171
|
-
|
172
|
-
return _target[target].createdAt.gtz();
|
322
|
+
_setTargetFunctionRole(target, nameShort, selectors, roleId);
|
173
323
|
}
|
174
324
|
|
175
|
-
|
325
|
+
// INSTANCE_OWNER_ROLE
|
326
|
+
// gif role for gif target
|
327
|
+
// gif role for custom target
|
328
|
+
// custom role for gif target
|
329
|
+
// custom role for custom target
|
330
|
+
// TODO instance owner can mess with gif target (component) -> e.g. set custom role for function intendent to work with gif role
|
331
|
+
function setTargetFunctionRole(
|
332
|
+
string memory targetName,
|
333
|
+
bytes4[] calldata selectors,
|
334
|
+
RoleId roleId
|
335
|
+
)
|
336
|
+
public
|
337
|
+
virtual
|
338
|
+
restricted()
|
339
|
+
{
|
340
|
+
ShortString nameShort = ShortStrings.toShortString(targetName);
|
341
|
+
address target = _targetAddressForName[nameShort];
|
176
342
|
|
177
|
-
|
178
|
-
if
|
179
|
-
|
343
|
+
// not core target
|
344
|
+
if(_targetInfo[target].ttype == IAccess.Type.Core) {
|
345
|
+
revert IAccess.ErrorIAccessTargetTypeInvalid(target, IAccess.Type.Core);
|
180
346
|
}
|
181
347
|
|
182
|
-
|
183
|
-
|
184
|
-
|
185
|
-
|
186
|
-
|
187
|
-
|
348
|
+
// not core role
|
349
|
+
if(_roleInfo[roleId].rtype == IAccess.Type.Core) {
|
350
|
+
revert IAccess.ErrorIAccessRoleTypeInvalid(roleId, IAccess.Type.Core);
|
351
|
+
}
|
352
|
+
|
353
|
+
_setTargetFunctionRole(target, nameShort, selectors, roleId);
|
354
|
+
}
|
188
355
|
|
189
|
-
|
190
|
-
|
191
|
-
|
356
|
+
function getTargetAddress(string memory targetName) public view returns(address targetAddress) {
|
357
|
+
ShortString nameShort = ShortStrings.toShortString(targetName);
|
358
|
+
return _targetAddressForName[nameShort];
|
192
359
|
}
|
193
360
|
|
194
|
-
function
|
195
|
-
|
196
|
-
|
197
|
-
|
198
|
-
)
|
361
|
+
function isTargetLocked(address target) public view returns (bool locked) {
|
362
|
+
return _targetInfo[target].isLocked;
|
363
|
+
}
|
364
|
+
|
365
|
+
function targetExists(address target) public view returns (bool exists) {
|
366
|
+
return _targetInfo[target].createdAt.gtz();
|
367
|
+
}
|
368
|
+
|
369
|
+
function getTargetInfo(address target) public view returns (IAccess.TargetInfo memory) {
|
370
|
+
return _targetInfo[target];
|
371
|
+
}
|
372
|
+
|
373
|
+
//--- Role internal view/pure functions --------------------------------------//
|
374
|
+
function _createRole(RoleId roleId, string memory roleName, IAccess.Type rtype)
|
199
375
|
internal
|
200
|
-
view
|
201
|
-
returns (IAccess.RoleInfo memory existingRole)
|
202
376
|
{
|
203
|
-
|
204
|
-
|
205
|
-
|
206
|
-
|
377
|
+
ShortString name = ShortStrings.toShortString(roleName);
|
378
|
+
_validateRole(roleId, name, rtype);
|
379
|
+
|
380
|
+
if(roleExists(roleId)) {
|
381
|
+
revert IAccess.ErrorIAccessRoleIdExists(roleId);
|
207
382
|
}
|
208
383
|
|
209
|
-
|
210
|
-
|
384
|
+
if (_roleIdForName[name].gtz()) {
|
385
|
+
revert IAccess.ErrorIAccessRoleNameExists(roleId, _roleIdForName[name], name);
|
386
|
+
}
|
387
|
+
|
388
|
+
_roleInfo[roleId] = IAccess.RoleInfo(
|
389
|
+
name,
|
390
|
+
rtype,
|
391
|
+
ADMIN_ROLE(),
|
392
|
+
TimestampLib.blockTimestamp(),
|
393
|
+
TimestampLib.blockTimestamp()
|
394
|
+
);
|
395
|
+
_roleIdForName[name] = roleId;
|
396
|
+
_roleIds.push(roleId);
|
211
397
|
|
212
|
-
|
213
|
-
|
398
|
+
emit LogRoleCreation(roleId, name, rtype);
|
399
|
+
}
|
400
|
+
|
401
|
+
function _validateRole(RoleId roleId, ShortString name, IAccess.Type rtype)
|
402
|
+
internal
|
403
|
+
view
|
404
|
+
{
|
405
|
+
uint roleIdInt = roleId.toInt();
|
406
|
+
if(rtype == IAccess.Type.Custom && roleIdInt < CUSTOM_ROLE_ID_MIN) {
|
407
|
+
revert IAccess.ErrorIAccessRoleIdTooSmall(roleId);
|
214
408
|
}
|
215
409
|
|
216
|
-
if
|
217
|
-
|
218
|
-
|
219
|
-
|
410
|
+
if(
|
411
|
+
rtype != IAccess.Type.Custom &&
|
412
|
+
roleIdInt >= CUSTOM_ROLE_ID_MIN &&
|
413
|
+
roleIdInt != PUBLIC_ROLE().toInt())
|
414
|
+
{
|
415
|
+
revert IAccess.ErrorIAccessRoleIdTooBig(roleId);
|
220
416
|
}
|
221
417
|
|
222
418
|
// role name checks
|
223
|
-
|
224
|
-
if (ShortStrings.byteLength(nameShort) == 0) {
|
419
|
+
if (ShortStrings.byteLength(name) == 0) {
|
225
420
|
revert IAccess.ErrorIAccessRoleNameEmpty(roleId);
|
226
421
|
}
|
422
|
+
}
|
227
423
|
|
228
|
-
|
229
|
-
|
424
|
+
function _revokeRole(RoleId roleId, address member)
|
425
|
+
internal
|
426
|
+
returns(bool revoked)
|
427
|
+
{
|
428
|
+
if (!roleExists(roleId)) {
|
429
|
+
revert IAccess.ErrorIAccessRoleIdDoesNotExist(roleId);
|
230
430
|
}
|
231
|
-
}
|
232
431
|
|
233
|
-
|
234
|
-
if
|
235
|
-
|
432
|
+
revoked = EnumerableSet.remove(_roleMembers[roleId], member);
|
433
|
+
if(revoked) {
|
434
|
+
_accessManager.revokeRole(roleId.toInt(), member);
|
236
435
|
}
|
436
|
+
}
|
437
|
+
|
438
|
+
function _getNextCustomRoleId()
|
439
|
+
internal
|
440
|
+
returns(RoleId roleId, RoleId admin)
|
441
|
+
{
|
442
|
+
uint64 roleIdInt = _idNext;
|
443
|
+
uint64 adminInt = roleIdInt + 1;
|
237
444
|
|
238
|
-
|
239
|
-
|
445
|
+
_idNext = roleIdInt + 2;
|
446
|
+
|
447
|
+
roleId = RoleIdLib.toRoleId(roleIdInt);
|
448
|
+
admin = RoleIdLib.toRoleId(adminInt);
|
449
|
+
}
|
450
|
+
|
451
|
+
//--- Target internal view/pure functions --------------------------------------//
|
452
|
+
function _createTarget(address target, string memory targetName, IAccess.Type ttype)
|
453
|
+
internal
|
454
|
+
{
|
455
|
+
ShortString name = ShortStrings.toShortString(targetName);
|
456
|
+
_validateTarget(target, name, ttype);
|
457
|
+
|
458
|
+
if (_targetInfo[target].createdAt.gtz()) {
|
459
|
+
revert IAccess.ErrorIAccessTargetExists(target, _targetInfo[target].name);
|
240
460
|
}
|
241
|
-
|
242
|
-
|
461
|
+
|
462
|
+
if (_targetAddressForName[name] != address(0)) {
|
463
|
+
revert IAccess.ErrorIAccessTargetNameExists(
|
464
|
+
target,
|
465
|
+
_targetAddressForName[name],
|
466
|
+
name);
|
243
467
|
}
|
244
468
|
|
245
|
-
|
246
|
-
|
247
|
-
|
248
|
-
|
469
|
+
bool isLocked = _accessManager.isTargetClosed(target);// sync with state in access manager
|
470
|
+
_targetInfo[target] = IAccess.TargetInfo(
|
471
|
+
name,
|
472
|
+
ttype,
|
473
|
+
isLocked,
|
249
474
|
TimestampLib.blockTimestamp(),
|
250
|
-
TimestampLib.blockTimestamp()
|
251
|
-
|
252
|
-
|
253
|
-
_targetForName[info.name] = target;
|
475
|
+
TimestampLib.blockTimestamp()
|
476
|
+
);
|
477
|
+
_targetAddressForName[name] = target;
|
254
478
|
_targets.push(target);
|
479
|
+
|
480
|
+
emit LogTargetCreation(target, name, ttype, isLocked);
|
255
481
|
}
|
256
482
|
|
257
|
-
function
|
258
|
-
|
483
|
+
function _validateTarget(address target, ShortString name, IAccess.Type ttype)
|
484
|
+
internal
|
485
|
+
view
|
486
|
+
{
|
487
|
+
address targetAuthority = AccessManagedUpgradeable(target).authority();
|
488
|
+
if(targetAuthority != authority()) {
|
489
|
+
revert IAccess.ErrorIAccessTargetAuthorityInvalid(target, targetAuthority);
|
490
|
+
}
|
491
|
+
|
492
|
+
if (ShortStrings.byteLength(name) == 0) {
|
493
|
+
revert IAccess.ErrorIAccessTargetNameEmpty(target);
|
494
|
+
}
|
259
495
|
}
|
260
496
|
|
261
|
-
|
262
|
-
|
263
|
-
|
264
|
-
|
265
|
-
|
266
|
-
|
267
|
-
|
268
|
-
if (target == address(0)) {
|
269
|
-
revert IAccess.ErrorIAccessTargetDoesNotExist(ShortStrings.toShortString(targetName));
|
497
|
+
// IMPORTANT: instance access manager MUST be of Core type -> otherwise can be locked forever
|
498
|
+
function _setTargetLocked(address target, bool locked) internal
|
499
|
+
{
|
500
|
+
IAccess.Type targetType = _targetInfo[target].ttype;
|
501
|
+
if(target == address(0) || targetType == IAccess.Type.NotInitialized) {
|
502
|
+
revert IAccess.ErrorIAccessTargetDoesNotExist(target);
|
270
503
|
}
|
271
|
-
|
272
|
-
|
504
|
+
|
505
|
+
if(targetType == IAccess.Type.Core) {
|
506
|
+
revert IAccess.ErrorIAccessTargetTypeInvalid(target, targetType);
|
273
507
|
}
|
274
|
-
|
275
|
-
|
508
|
+
|
509
|
+
_targetInfo[target].isLocked = locked;
|
510
|
+
_accessManager.setTargetClosed(target, locked);
|
276
511
|
}
|
277
512
|
|
278
|
-
function
|
279
|
-
address target
|
513
|
+
function _setTargetFunctionRole(
|
514
|
+
address target,
|
515
|
+
ShortString name,
|
516
|
+
bytes4[] calldata selectors,
|
517
|
+
RoleId roleId
|
518
|
+
)
|
519
|
+
internal
|
520
|
+
{
|
280
521
|
if (target == address(0)) {
|
281
|
-
revert IAccess.ErrorIAccessTargetDoesNotExist(
|
522
|
+
revert IAccess.ErrorIAccessTargetDoesNotExist(target);
|
282
523
|
}
|
283
|
-
_accessManager.setTargetClosed(target, closed);
|
284
|
-
}
|
285
524
|
|
286
|
-
|
287
|
-
|
525
|
+
if (!roleExists(roleId)) {
|
526
|
+
revert IAccess.ErrorIAccessRoleIdDoesNotExist(roleId);
|
527
|
+
}
|
528
|
+
|
529
|
+
uint64 roleIdInt = RoleId.unwrap(roleId);
|
530
|
+
_accessManager.setTargetFunctionRole(target, selectors, roleIdInt);
|
288
531
|
}
|
289
532
|
|
290
533
|
function canCall(
|