npm - @etherisc/gif-next - Versions diffs - 0.0.2-f1b01e0-214 → 0.0.2-f1e6957-384 - Mend

@etherisc/gif-next 0.0.2-f1b01e0-214 → 0.0.2-f1e6957-384

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (459) hide show

package/contracts/authorization/AccessAdminLib.sol CHANGED Viewed

@@ -6,29 +6,215 @@ import {AccessManagedUpgradeable} from "@openzeppelin/contracts-upgradeable/acce
 import {IAccess} from "./IAccess.sol";
 import {IAccessAdmin} from "./IAccessAdmin.sol";
 import {IAuthorization} from "./IAuthorization.sol";
+import {IComponent} from "../shared/IComponent.sol";
+import {IInstanceLinkedComponent} from "../shared/IInstanceLinkedComponent.sol";
 import {IRegistry} from "../registry/IRegistry.sol";
+import {IService} from "../shared/IService.sol";
+import {IServiceAuthorization} from "./IServiceAuthorization.sol";
+import {BlocknumberLib} from "../type/Blocknumber.sol";
 import {ContractLib} from "../shared/ContractLib.sol";
 import {ObjectType} from "../type/ObjectType.sol";
-import {RoleId} from "../type/RoleId.sol";
+import {RoleId, RoleIdLib, ADMIN_ROLE, PUBLIC_ROLE} from "../type/RoleId.sol";
 import {SelectorLib} from "../type/Selector.sol";
 import {Str, StrLib} from "../type/String.sol";
 import {TimestampLib} from "../type/Timestamp.sol";
-import {VersionPart} from "../type/Version.sol";
+import {VersionPart, VersionPartLib} from "../type/Version.sol";
 library AccessAdminLib { // ACCESS_ADMIN_LIB
+    string public constant TOKEN_HANDLER_SUFFIX = "Th";
+    string public constant ROLE_SUFFIX = "_Role";
+    uint64 public constant SERVICE_DOMAIN_ROLE_FACTOR = 100;
+    uint64 public constant COMPONENT_ROLE_FACTOR = 1000;
+    uint64 public constant COMPONENT_ROLE_MAX = 19000;
+    uint64 public constant CORE_ROLE_MIN        =     100;
+    uint64 public constant SERVICE_ROLE_MIN     =    1000; // + service domain * SERVICE_ROLE_FACTOR + release
+    uint64 public constant SERVICE_ROLE_FACTOR  =    1000;
+    uint64 public constant INSTANCE_ROLE_MIN    =  100000;
+    // MUST match with Authorization.COMPONENT_ROLE_MIN
+    uint64 public constant COMPONENT_ROLE_MIN   =  110000;
+    uint64 public constant CUSTOM_ROLE_MIN      = 1000000;
+    function ADMIN_ROLE_NAME() public pure returns (string memory) {
+        return "AdminRole";
+    }
+    function isAdminRoleName(string memory name) public pure returns (bool) {
+        return StrLib.eq(name, ADMIN_ROLE_NAME());
+    }
+    function PUBLIC_ROLE_NAME() public pure returns (string memory) {
+        return "PublicRole";
+    }
+    function getAdminRole() public pure returns (RoleId adminRoleId) {
+        // see oz AccessManagerUpgradeable
+        return RoleId.wrap(type(uint64).min);
+    }
+    function getPublicRole() public pure returns (RoleId publicRoleId) {
+        // see oz AccessManagerUpgradeable
+        return RoleId.wrap(type(uint64).max);
+    }
+    function isAdminOrPublicRole(string memory name)
+        public
+        view
+        returns (bool)
+    {
+        return StrLib.eq(name, ADMIN_ROLE_NAME())
+            || StrLib.eq(name, PUBLIC_ROLE_NAME());
+    }
+    function isDynamicRoleId(RoleId roleId)
+        public
+        pure
+        returns (bool)
+    {
+        return roleId.toInt() >= COMPONENT_ROLE_MIN;
+    }
+    function adminRoleInfo()
+        public
+        view
+        returns (IAccess.RoleInfo memory)
+    {
+        return roleInfo(
+            getAdminRole(),
+            IAccess.TargetType.Core,
+            1,
+            ADMIN_ROLE_NAME());
+    }
+    function publicRoleInfo()
+        public
+        view
+        returns (IAccess.RoleInfo memory)
+    {
+        return roleInfo(
+            getAdminRole(),
+            IAccess.TargetType.Custom,
+            type(uint32).max,
+            PUBLIC_ROLE_NAME());
+    }
+    function coreRoleInfo(string memory name)
+        public
+        view
+        returns (IAccess.RoleInfo memory)
+    {
+        return roleInfo(
+            getAdminRole(),
+            IAccess.TargetType.Core,
+            1,
+            name);
+    }
+    function serviceRoleInfo(string memory serviceName)
+        public
+        view
+        returns (IAccess.RoleInfo memory)
+    {
+        return roleInfo(
+            getAdminRole(),
+            IAccess.TargetType.Service,
+            1,
+            serviceName);
+    }
+    /// @dev Creates a role info object from the provided parameters
+    function roleInfo(
+        RoleId adminRoleId,
+        IAccess.TargetType targetType,
+        uint32 maxMemberCount,
+        string memory roleName
+    )
+        public
+        view
+        returns (IAccess.RoleInfo memory info)
+    {
+        return IAccess.RoleInfo({
+            name: StrLib.toStr(roleName),
+            adminRoleId: adminRoleId,
+            targetType: targetType,
+            maxMemberCount: maxMemberCount,
+            createdAt: TimestampLib.current(),
+            pausedAt: TimestampLib.max(),
+            lastUpdateIn: BlocknumberLib.current()});
+    }
+    function getSelectors(
+        IAccess.FunctionInfo[] memory functions
+    )
+        public
+        pure
+        returns (
+            bytes4[] memory selectors
+        )
+    {
+        uint256 n = functions.length;
+        selectors = new bytes4[](n);
+        for (uint256 i = 0; i < n; i++) {
+            selectors[i] = functions[i].selector.toBytes4();
+        }
+    }
+    function checkInitParameters(
+        address authority,
+        string memory adminName
+    )
+        public
+        view
+    {
+        // only contract check (authority might not yet be initialized at this time)
+        if (!ContractLib.isContract(authority)) {
+            revert IAccessAdmin.ErrorAccessAdminAuthorityNotContract(authority);
+        }
+        // check name not empty
+        if (bytes(adminName).length == 0) {
+            revert IAccessAdmin.ErrorAccessAdminAccessManagerEmptyName();
+        }
+    }
     function checkRoleCreation(
         IAccessAdmin accessAdmin,
         RoleId roleId,
-        IAccess.RoleInfo memory info
+        IAccess.RoleInfo memory info,
+        bool revertOnExistingRole
     )
         public
         view
+        returns (bool isAdminOrPublicRole)
     {
-        // check role does not yet exist    // ACCESS_ADMIN_LIB role creation checks
-        if(accessAdmin.roleExists(roleId)) {
+        // check
+        if (roleId == ADMIN_ROLE() || roleId == PUBLIC_ROLE()) {
+            return true;
+        }
+        // check role does not yet exist
+        if(revertOnExistingRole && accessAdmin.roleExists(roleId)) {
             revert IAccessAdmin.ErrorAccessAdminRoleAlreadyCreated(
                 roleId,
                 accessAdmin.getRoleInfo(roleId).name.toString());
@@ -45,13 +231,52 @@ library AccessAdminLib { // ACCESS_ADMIN_LIB
         }
         // check role name is not used for another role
-        RoleId roleIdForName = accessAdmin.getRoleForName(StrLib.toString(info.name));
-        if(roleIdForName.gtz()) {
+        (RoleId roleIdForName, bool exists) = accessAdmin.getRoleForName(StrLib.toString(info.name));
+        if(revertOnExistingRole && exists) {
             revert IAccessAdmin.ErrorAccessAdminRoleNameAlreadyExists(
                 roleId,
                 info.name.toString(),
                 roleIdForName);
         }
+        return false;
+    }
+    function checkRoleExists(
+        IAccessAdmin accessAdmin,
+        RoleId roleId,
+        bool onlyActiveRole,
+        bool allowAdminAndPublicRoles
+    )
+        internal
+        view
+    {
+        // check role exists
+        if (!accessAdmin.roleExists(roleId)) {
+            revert IAccessAdmin.ErrorAccessAdminRoleUnknown(roleId);
+        }
+        // if onlyActiveRoles: check if role is disabled
+        if (onlyActiveRole && accessAdmin.getRoleInfo(roleId).pausedAt <= TimestampLib.current()) {
+            revert IAccessAdmin.ErrorAccessAdminRoleIsPaused(roleId);
+        }
+        // if not allowAdminAndPublicRoles, check if role is admin or public role
+        if (!allowAdminAndPublicRoles) {
+            checkNotAdminOrPublicRole(roleId);
+        }
+    }
+    function checkNotAdminOrPublicRole(RoleId roleId) public pure {
+        if (roleId == ADMIN_ROLE()) {
+            revert IAccessAdmin.ErrorAccessAdminInvalidUseOfAdminRole();
+        }
+        if (roleId == PUBLIC_ROLE()) {
+            revert IAccessAdmin.ErrorAccessAdminInvalidUseOfPublicRole();
+        }
     }
     function checkTargetCreation(
@@ -97,7 +322,73 @@ library AccessAdminLib { // ACCESS_ADMIN_LIB
                 revert IAccessAdmin.ErrorAccessAdminTargetAuthorityMismatch(accessAdmin.authority(), targetAuthority);
             }
         }
+    }
+    function checkComponentInitialization(
+        IAccessAdmin accessAdmin,
+        IAuthorization instanceAuthorization,
+        address componentAddress,
+        ObjectType expectedType
+    )
+        public
+        view
+        returns (IAuthorization componentAuthorization)
+    {
+        checkIsRegistered(address(accessAdmin.getRegistry()), componentAddress, expectedType);
+        VersionPart expecteRelease = accessAdmin.getRelease();
+        IInstanceLinkedComponent component = IInstanceLinkedComponent(componentAddress);
+        componentAuthorization = component.getAuthorization();
+        checkAuthorization(
+            address(instanceAuthorization),
+            address(componentAuthorization),
+            expectedType,
+            expecteRelease,
+            false, // expectServiceAuthorization,
+            false); // checkAlreadyInitialized
+    }
+    function checkTargetAndRoleForFunctions(
+        IAccessAdmin accessAdmin,
+        address target,
+        RoleId roleId,
+        bool onlyComponentOrContractTargets
+    )
+        public
+        view
+    {
+        // check target exists
+        IAccess.TargetType targetType = accessAdmin.getTargetInfo(target).targetType;
+        if (targetType == IAccess.TargetType.Undefined) {
+            revert IAccessAdmin.ErrorAccessAdminTargetNotCreated(target);
+        }
+        // check target type
+        if (onlyComponentOrContractTargets) {
+            if (targetType != IAccess.TargetType.Component && targetType != IAccess.TargetType.Contract) {
+                revert IAccessAdmin.ErrorAccessAdminNotComponentOrCustomTarget(target);
+            }
+        }
+        // check role exist
+        checkRoleExists(accessAdmin, roleId, true, true);
+    }
+    function checkTargetExists(
+        IAccessAdmin accessAdmin,
+        address target
+    )
+        public
+        view
+    {
+        // check not yet created
+        if (!accessAdmin.targetExists(target)) {
+            revert IAccessAdmin.ErrorAccessAdminTargetNotCreated(target);
+        }
     }
@@ -106,6 +397,7 @@ library AccessAdminLib { // ACCESS_ADMIN_LIB
         address authorization,
         ObjectType expectedDomain,
         VersionPart expectedRelease,
+        bool expectServiceAuthorization,
         bool checkAlreadyInitialized
     )
         public
@@ -118,8 +410,14 @@ library AccessAdminLib { // ACCESS_ADMIN_LIB
         }
         // check contract type matches
-        if (!ContractLib.supportsInterface(authorization, type(IAuthorization).interfaceId)) {
-            revert IAccessAdmin.ErrorAccessAdminNotAuthorization(authorization);
+        if (expectServiceAuthorization) {
+            if (!ContractLib.supportsInterface(authorization, type(IServiceAuthorization).interfaceId)) {
+                revert IAccessAdmin.ErrorAccessAdminNotServiceAuthorization(authorization);
+            }
+        } else {
+            if (!ContractLib.supportsInterface(authorization, type(IAuthorization).interfaceId)) {
+                revert IAccessAdmin.ErrorAccessAdminNotAuthorization(authorization);
+            }
         }
         // check domain matches
@@ -144,6 +442,8 @@ library AccessAdminLib { // ACCESS_ADMIN_LIB
         public
         view
     {
+        checkRegistry(registry);
         ObjectType tagetType = IRegistry(registry).getObjectInfo(target).objectType;
         if (tagetType.eqz()) {
             revert IAccessAdmin.ErrorAccessAdminNotRegistered(target);
@@ -154,30 +454,225 @@ library AccessAdminLib { // ACCESS_ADMIN_LIB
         }
     }
-    function toRole(RoleId adminRoleId, IAccessAdmin.RoleType roleType, uint32 maxMemberCount, string memory name)
+    function checkRegistry(
+        address registry
+    )
+        public
+        view
+    {
+        if (!ContractLib.isRegistry(registry)) {
+            revert IAccessAdmin.ErrorAccessAdminNotRegistry(registry);
+        }
+    }
+    function getAuthorizedRole(
+        IAccessAdmin accessAdmin,
+        IAuthorization authorization,
+        RoleId roleId
+    )
+        public
+        view
+        returns (RoleId authorizedRoleId)
+    {
+        string memory roleName = authorization.getRoleInfo(roleId).name.toString();
+        (authorizedRoleId, ) = accessAdmin.getRoleForName(roleName);
+    }
+    function getServiceRoleId(
+        address serviceAddress,
+        IAccess.TargetType serviceTargetType
+    )
+        public
+        view
+        returns (RoleId serviceRoleId)
+    {
+        IService service = IService(serviceAddress);
+        if (serviceTargetType == IAccess.TargetType.Service) {
+            return RoleIdLib.toServiceRoleId(service.getDomain(), service.getRelease());
+        } else if (serviceTargetType == IAccess.TargetType.GenericService) {
+            return RoleIdLib.toGenericServiceRoleId(service.getDomain());
+        }
+        revert IAccessAdmin.ErrorAccessAdminInvalidServiceType(serviceAddress, serviceTargetType);
+    }
+    function getVersionedServiceRoleId(
+        ObjectType serviceDomain,
+        VersionPart release
+    )
+        public
+        pure
+        returns (RoleId serviceRoleId)
+    {
+        return RoleIdLib.toRoleId(
+            SERVICE_ROLE_MIN + SERVICE_ROLE_FACTOR * serviceDomain.toInt() + release.toInt());
+    }
+    function getGenericServiceRoleId(
+        ObjectType serviceDomain
+    )
+        public
+        pure
+        returns (RoleId serviceRoleId)
+    {
+        return RoleIdLib.toRoleId(
+            SERVICE_ROLE_MIN + SERVICE_ROLE_FACTOR * serviceDomain.toInt() + VersionPartLib.releaseMax().toInt());
+    }
+    function getCustomRoleId(uint64 index)
+        public
+        pure
+        returns (RoleId customRoleId)
+    {
+        return RoleIdLib.toRoleId(CUSTOM_ROLE_MIN + index);
+    }
+    function isCustomRole(RoleId roleId)
+        public
+        pure
+        returns (bool)
+    {
+        return roleId.toInt() >= CUSTOM_ROLE_MIN;
+    }
+    function getTargetRoleId(
+        address target,
+        IAccess.TargetType targetType,
+        uint64 index
+    )
         public
+        view
+        returns (RoleId targetRoleId)
+    {
+        if (targetType == IAccess.TargetType.Core) {
+            return RoleIdLib.toRoleId(CORE_ROLE_MIN + index);
+        }
+        if (targetType == IAccess.TargetType.Service || targetType == IAccess.TargetType.GenericService ) {
+            return getServiceRoleId(target, targetType);
+        }
+        if (targetType == IAccess.TargetType.Instance) {
+            return RoleIdLib.toRoleId(INSTANCE_ROLE_MIN + index);
+        }
+        if (targetType == IAccess.TargetType.Component) {
+            return RoleIdLib.toRoleId(COMPONENT_ROLE_MIN + index);
+        }
+        if (targetType == IAccess.TargetType.Custom
+            || targetType == IAccess.TargetType.Contract)
+        {
+            return RoleIdLib.toRoleId(CUSTOM_ROLE_MIN + index);
+        }
+        revert IAccessAdmin.ErrorAccessAdminInvalidTargetType(target, targetType);
+    }
+    function getTokenHandler(
+        address target,
+        string memory targetName,
+        IAccess.TargetType targetType
+    )
+        public
+        view
+        returns (
+            address tokenHandler,
+            string memory tokenHandlerName
+        )
+    {
+        // not component or core (we need to check core because of staking)
+        if (targetType != IAccess.TargetType.Component && targetType != IAccess.TargetType.Core) {
+            return (address(0), "");
+        }
+        // not contract
+        if (!ContractLib.isContract(target)) {
+            return (address(0), "");
+        }
+        // not component
+        if (!ContractLib.supportsInterface(target, type(IComponent).interfaceId)) {
+            return (address(0), "");
+        }
+        tokenHandler = address(IComponent(target).getTokenHandler());
+        tokenHandlerName = string(abi.encodePacked(targetName, TOKEN_HANDLER_SUFFIX));
+    }
+    function toFunctionGrantingString(
+        IAccessAdmin accessAdmin,
+        Str functionName,
+        RoleId roleId
+    )
+        public
+        view
+        returns (string memory)
+    {
+        return string(
+            abi.encodePacked(
+                functionName.toString(),
+                "(): ",
+                getRoleName(accessAdmin, roleId)));
+    }
+    function getRoleName(
+        IAccessAdmin accessAdmin,
+        RoleId roleId
+    )
+        public
         view
-        returns (IAccess.RoleInfo memory)
-    {
-        return IAccess.RoleInfo({
-            name: StrLib.toStr(name),
-            adminRoleId: adminRoleId,
-            roleType: roleType,
-            maxMemberCount: maxMemberCount,
-            createdAt: TimestampLib.blockTimestamp(),
-            pausedAt: TimestampLib.max()
-        });
+        returns (string memory)
+    {
+        if (accessAdmin.roleExists(roleId)) {
+            return accessAdmin.getRoleInfo(roleId).name.toString();
+        }
+        return "<unknown-role>";
     }
-    function toFunction(bytes4 selector, string memory name)
+    function toRoleName(string memory name) public pure returns (string memory) {
+        return string(
+            abi.encodePacked(
+                name,
+                ROLE_SUFFIX));
+    }
+    function toFunction(
+        bytes4 selector,
+        string memory name
+    )
         public
         view
         returns (IAccess.FunctionInfo memory)
     {
+        if(selector == bytes4(0)) {
+            revert IAccessAdmin.ErrorAccessAdminSelectorZero();
+        }
+        if(bytes(name).length == 0) {
+            revert IAccessAdmin.ErrorAccessAdminFunctionNameEmpty();
+        }
         return IAccess.FunctionInfo({
             name: StrLib.toStr(name),
             selector: SelectorLib.toSelector(selector),
-            createdAt: TimestampLib.blockTimestamp()});
+            createdAt: TimestampLib.current(),
+            lastUpdateIn: BlocknumberLib.current()});
     }
 }

package/contracts/authorization/AccessManagerCloneable.sol CHANGED Viewed

@@ -62,24 +62,6 @@ contract AccessManagerCloneable is
         _checkAndSetRelease(release);
     }
-    // /// @dev Completes the setup of the access manager.
-    // /// Links the access manager to the registry and sets the release version.
-    // function completeSetup(
-    //     address registry,
-    //     VersionPart release,
-    //     bool verifyRelease
-    // )
-    //     public
-    //     onlyAdminRole
-    //     reinitializer(uint64(release.toInt()))
-    // {
-    //     _checkAndSetRegistry(registry);
-    //     if (verifyRelease) {
-    //         _checkAndSetRelease(release);
-    //     }
-    // }
     /// @dev Returns true if the caller is authorized to call the target with the given selector and the manager lock is not set to locked.
     /// Feturn values as in OpenZeppelin AccessManager.
     /// For a locked manager the function reverts with ErrorAccessManagerTargetAdminLocked.