npm - @etherisc/gif-next - Versions diffs - 0.0.2-f1b01e0-214 → 0.0.2-f1e6957-384 - Mend

@etherisc/gif-next 0.0.2-f1b01e0-214 → 0.0.2-f1e6957-384

Files changed (459) hide show

package/contracts/authorization/AccessAdminLib.sol CHANGED Viewed

@@ -6,29 +6,215 @@ import {AccessManagedUpgradeable} from "@openzeppelin/contracts-upgradeable/acce
 import {IAccess} from "./IAccess.sol";
 import {IAccessAdmin} from "./IAccessAdmin.sol";
 import {IAuthorization} from "./IAuthorization.sol";
+import {IComponent} from "../shared/IComponent.sol";
+import {IInstanceLinkedComponent} from "../shared/IInstanceLinkedComponent.sol";
 import {IRegistry} from "../registry/IRegistry.sol";
+import {IService} from "../shared/IService.sol";
+import {IServiceAuthorization} from "./IServiceAuthorization.sol";
+import {BlocknumberLib} from "../type/Blocknumber.sol";
 import {ContractLib} from "../shared/ContractLib.sol";
 import {ObjectType} from "../type/ObjectType.sol";
-import {RoleId} from "../type/RoleId.sol";
+import {RoleId, RoleIdLib, ADMIN_ROLE, PUBLIC_ROLE} from "../type/RoleId.sol";
 import {SelectorLib} from "../type/Selector.sol";
 import {Str, StrLib} from "../type/String.sol";
 import {TimestampLib} from "../type/Timestamp.sol";
-import {VersionPart} from "../type/Version.sol";
+import {VersionPart, VersionPartLib} from "../type/Version.sol";
 library AccessAdminLib { // ACCESS_ADMIN_LIB
+    string public constant TOKEN_HANDLER_SUFFIX = "Th";
+    string public constant ROLE_SUFFIX = "_Role";
+    uint64 public constant SERVICE_DOMAIN_ROLE_FACTOR = 100;
+    uint64 public constant COMPONENT_ROLE_FACTOR = 1000;
+    uint64 public constant COMPONENT_ROLE_MAX = 19000;
+    uint64 public constant CORE_ROLE_MIN        =     100;
+    uint64 public constant SERVICE_ROLE_MIN     =    1000; // + service domain * SERVICE_ROLE_FACTOR + release
+    uint64 public constant SERVICE_ROLE_FACTOR  =    1000;
+    uint64 public constant INSTANCE_ROLE_MIN    =  100000;
+    // MUST match with Authorization.COMPONENT_ROLE_MIN
+    uint64 public constant COMPONENT_ROLE_MIN   =  110000;
+    uint64 public constant CUSTOM_ROLE_MIN      = 1000000;
+    function ADMIN_ROLE_NAME() public pure returns (string memory) {
+        return "AdminRole";
+    }
+    function isAdminRoleName(string memory name) public pure returns (bool) {
+        return StrLib.eq(name, ADMIN_ROLE_NAME());
+    }
+    function PUBLIC_ROLE_NAME() public pure returns (string memory) {
+        return "PublicRole";
+    }
+    function getAdminRole() public pure returns (RoleId adminRoleId) {
+        // see oz AccessManagerUpgradeable
+        return RoleId.wrap(type(uint64).min);
+    }
+    function getPublicRole() public pure returns (RoleId publicRoleId) {
+        // see oz AccessManagerUpgradeable
+        return RoleId.wrap(type(uint64).max);
+    }
+    function isAdminOrPublicRole(string memory name)
+        public
+        view
+        returns (bool)
+    {
+        return StrLib.eq(name, ADMIN_ROLE_NAME())
+            || StrLib.eq(name, PUBLIC_ROLE_NAME());
+    }
+    function isDynamicRoleId(RoleId roleId)
+        public
+        pure
+        returns (bool)
+    {
+        return roleId.toInt() >= COMPONENT_ROLE_MIN;
+    }
+    function adminRoleInfo()
+        public
+        view
+        returns (IAccess.RoleInfo memory)
+    {
+        return roleInfo(
+            getAdminRole(),
+            IAccess.TargetType.Core,
+            1,
+            ADMIN_ROLE_NAME());
+    }
+    function publicRoleInfo()
+        public
+        view
+        returns (IAccess.RoleInfo memory)
+    {
+        return roleInfo(
+            getAdminRole(),
+            IAccess.TargetType.Custom,
+            type(uint32).max,
+            PUBLIC_ROLE_NAME());
+    }
+    function coreRoleInfo(string memory name)
+        public
+        view
+        returns (IAccess.RoleInfo memory)
+    {
+        return roleInfo(
+            getAdminRole(),
+            IAccess.TargetType.Core,
+            1,
+            name);
+    }
+    function serviceRoleInfo(string memory serviceName)
+        public
+        view
+        returns (IAccess.RoleInfo memory)
+    {
+        return roleInfo(
+            getAdminRole(),
+            IAccess.TargetType.Service,
+            1,
+            serviceName);
+    }
+    /// @dev Creates a role info object from the provided parameters
+    function roleInfo(
+        RoleId adminRoleId,
+        IAccess.TargetType targetType,
+        uint32 maxMemberCount,
+        string memory roleName
+    )
+        public
+        view
+        returns (IAccess.RoleInfo memory info)
+    {
+        return IAccess.RoleInfo({
+            name: StrLib.toStr(roleName),
+            adminRoleId: adminRoleId,
+            targetType: targetType,
+            maxMemberCount: maxMemberCount,
+            createdAt: TimestampLib.current(),
+            pausedAt: TimestampLib.max(),
+            lastUpdateIn: BlocknumberLib.current()});
+    }
+    function getSelectors(
+        IAccess.FunctionInfo[] memory functions
+    )
+        public
+        pure
+        returns (
+            bytes4[] memory selectors
+        )
+    {
+        uint256 n = functions.length;
+        selectors = new bytes4[](n);
+        for (uint256 i = 0; i < n; i++) {
+            selectors[i] = functions[i].selector.toBytes4();
+        }
+    }
+    function checkInitParameters(
+        address authority,
+        string memory adminName
+    )
+        public
+        view
+    {
+        // only contract check (authority might not yet be initialized at this time)
+        if (!ContractLib.isContract(authority)) {
+            revert IAccessAdmin.ErrorAccessAdminAuthorityNotContract(authority);
+        }
+        // check name not empty
+        if (bytes(adminName).length == 0) {
+            revert IAccessAdmin.ErrorAccessAdminAccessManagerEmptyName();
+        }
+    }
     function checkRoleCreation(
         IAccessAdmin accessAdmin,
         RoleId roleId,
-        IAccess.RoleInfo memory info
+        IAccess.RoleInfo memory info,
+        bool revertOnExistingRole
     )
         public
         view
+        returns (bool isAdminOrPublicRole)
     {
-        // check role does not yet exist    // ACCESS_ADMIN_LIB role creation checks
-        if(accessAdmin.roleExists(roleId)) {
+        // check
+        if (roleId == ADMIN_ROLE() || roleId == PUBLIC_ROLE()) {
+            return true;
+        }
+        // check role does not yet exist
+        if(revertOnExistingRole && accessAdmin.roleExists(roleId)) {
             revert IAccessAdmin.ErrorAccessAdminRoleAlreadyCreated(
                 roleId,
                 accessAdmin.getRoleInfo(roleId).name.toString());
@@ -45,13 +231,52 @@ library AccessAdminLib { // ACCESS_ADMIN_LIB
         }
         // check role name is not used for another role
-        RoleId roleIdForName = accessAdmin.getRoleForName(StrLib.toString(info.name));
-        if(roleIdForName.gtz()) {
+        (RoleId roleIdForName, bool exists) = accessAdmin.getRoleForName(StrLib.toString(info.name));
+        if(revertOnExistingRole && exists) {
             revert IAccessAdmin.ErrorAccessAdminRoleNameAlreadyExists(
                 roleId,
                 info.name.toString(),
                 roleIdForName);
         }
+        return false;
+    }
+    function checkRoleExists(
+        IAccessAdmin accessAdmin,
+        RoleId roleId,
+        bool onlyActiveRole,
+        bool allowAdminAndPublicRoles
+    )
+        internal
+        view
+    {
+        // check role exists
+        if (!accessAdmin.roleExists(roleId)) {
+            revert IAccessAdmin.ErrorAccessAdminRoleUnknown(roleId);
+        }
+        // if onlyActiveRoles: check if role is disabled
+        if (onlyActiveRole && accessAdmin.getRoleInfo(roleId).pausedAt <= TimestampLib.current()) {
+            revert IAccessAdmin.ErrorAccessAdminRoleIsPaused(roleId);
+        }
+        // if not allowAdminAndPublicRoles, check if role is admin or public role
+        if (!allowAdminAndPublicRoles) {
+            checkNotAdminOrPublicRole(roleId);
+        }
+    }
+    function checkNotAdminOrPublicRole(RoleId roleId) public pure {
+        if (roleId == ADMIN_ROLE()) {
+            revert IAccessAdmin.ErrorAccessAdminInvalidUseOfAdminRole();
+        }
+        if (roleId == PUBLIC_ROLE()) {
+            revert IAccessAdmin.ErrorAccessAdminInvalidUseOfPublicRole();
+        }
     }
     function checkTargetCreation(
@@ -97,7 +322,73 @@ library AccessAdminLib { // ACCESS_ADMIN_LIB
                 revert IAccessAdmin.ErrorAccessAdminTargetAuthorityMismatch(accessAdmin.authority(), targetAuthority);
             }
         }
+    }
+    function checkComponentInitialization(
+        IAccessAdmin accessAdmin,
+        IAuthorization instanceAuthorization,
+        address componentAddress,
+        ObjectType expectedType
+    )
+        public
+        view
+        returns (IAuthorization componentAuthorization)
+    {
+        checkIsRegistered(address(accessAdmin.getRegistry()), componentAddress, expectedType);
+        VersionPart expecteRelease = accessAdmin.getRelease();
+        IInstanceLinkedComponent component = IInstanceLinkedComponent(componentAddress);
+        componentAuthorization = component.getAuthorization();
+        checkAuthorization(
+            address(instanceAuthorization),
+            address(componentAuthorization),
+            expectedType,
+            expecteRelease,
+            false, // expectServiceAuthorization,
+            false); // checkAlreadyInitialized
+    }
+    function checkTargetAndRoleForFunctions(
+        IAccessAdmin accessAdmin,
+        address target,
+        RoleId roleId,
+        bool onlyComponentOrContractTargets
+    )
+        public
+        view
+    {
+        // check target exists
+        IAccess.TargetType targetType = accessAdmin.getTargetInfo(target).targetType;
+        if (targetType == IAccess.TargetType.Undefined) {
+            revert IAccessAdmin.ErrorAccessAdminTargetNotCreated(target);
+        }
+        // check target type
+        if (onlyComponentOrContractTargets) {
+            if (targetType != IAccess.TargetType.Component && targetType != IAccess.TargetType.Contract) {
+                revert IAccessAdmin.ErrorAccessAdminNotComponentOrCustomTarget(target);
+            }
+        }
+        // check role exist
+        checkRoleExists(accessAdmin, roleId, true, true);
+    }
+    function checkTargetExists(
+        IAccessAdmin accessAdmin,
+        address target
+    )
+        public
+        view
+    {
+        // check not yet created
+        if (!accessAdmin.targetExists(target)) {
+            revert IAccessAdmin.ErrorAccessAdminTargetNotCreated(target);
+        }
     }
@@ -106,6 +397,7 @@ library AccessAdminLib { // ACCESS_ADMIN_LIB
         address authorization,
         ObjectType expectedDomain,
         VersionPart expectedRelease,
+        bool expectServiceAuthorization,
         bool checkAlreadyInitialized
     )
         public
@@ -118,8 +410,14 @@ library AccessAdminLib { // ACCESS_ADMIN_LIB
         }
         // check contract type matches
-        if (!ContractLib.supportsInterface(authorization, type(IAuthorization).interfaceId)) {
-            revert IAccessAdmin.ErrorAccessAdminNotAuthorization(authorization);
+        if (expectServiceAuthorization) {
+            if (!ContractLib.supportsInterface(authorization, type(IServiceAuthorization).interfaceId)) {
+                revert IAccessAdmin.ErrorAccessAdminNotServiceAuthorization(authorization);
+            }
+        } else {
+            if (!ContractLib.supportsInterface(authorization, type(IAuthorization).interfaceId)) {
+                revert IAccessAdmin.ErrorAccessAdminNotAuthorization(authorization);
+            }
         }
         // check domain matches
@@ -144,6 +442,8 @@ library AccessAdminLib { // ACCESS_ADMIN_LIB
         public
         view
     {
+        checkRegistry(registry);
         ObjectType tagetType = IRegistry(registry).getObjectInfo(target).objectType;
         if (tagetType.eqz()) {
             revert IAccessAdmin.ErrorAccessAdminNotRegistered(target);
@@ -154,30 +454,225 @@ library AccessAdminLib { // ACCESS_ADMIN_LIB
         }
     }
-    function toRole(RoleId adminRoleId, IAccessAdmin.RoleType roleType, uint32 maxMemberCount, string memory name)
+    function checkRegistry(
+        address registry
+    )
+        public
+        view
+    {
+        if (!ContractLib.isRegistry(registry)) {
+            revert IAccessAdmin.ErrorAccessAdminNotRegistry(registry);
+        }
+    }
+    function getAuthorizedRole(
+        IAccessAdmin accessAdmin,
+        IAuthorization authorization,
+        RoleId roleId
+    )
+        public
+        view
+        returns (RoleId authorizedRoleId)
+    {
+        string memory roleName = authorization.getRoleInfo(roleId).name.toString();
+        (authorizedRoleId, ) = accessAdmin.getRoleForName(roleName);
+    }
+    function getServiceRoleId(
+        address serviceAddress,
+        IAccess.TargetType serviceTargetType
+    )
+        public
+        view
+        returns (RoleId serviceRoleId)
+    {
+        IService service = IService(serviceAddress);
+        if (serviceTargetType == IAccess.TargetType.Service) {
+            return RoleIdLib.toServiceRoleId(service.getDomain(), service.getRelease());
+        } else if (serviceTargetType == IAccess.TargetType.GenericService) {
+            return RoleIdLib.toGenericServiceRoleId(service.getDomain());
+        }
+        revert IAccessAdmin.ErrorAccessAdminInvalidServiceType(serviceAddress, serviceTargetType);
+    }
+    function getVersionedServiceRoleId(
+        ObjectType serviceDomain,
+        VersionPart release
+    )
+        public
+        pure
+        returns (RoleId serviceRoleId)
+    {
+        return RoleIdLib.toRoleId(
+            SERVICE_ROLE_MIN + SERVICE_ROLE_FACTOR * serviceDomain.toInt() + release.toInt());
+    }
+    function getGenericServiceRoleId(
+        ObjectType serviceDomain
+    )
+        public
+        pure
+        returns (RoleId serviceRoleId)
+    {
+        return RoleIdLib.toRoleId(
+            SERVICE_ROLE_MIN + SERVICE_ROLE_FACTOR * serviceDomain.toInt() + VersionPartLib.releaseMax().toInt());
+    }
+    function getCustomRoleId(uint64 index)
+        public
+        pure
+        returns (RoleId customRoleId)
+    {
+        return RoleIdLib.toRoleId(CUSTOM_ROLE_MIN + index);
+    }
+    function isCustomRole(RoleId roleId)
+        public
+        pure
+        returns (bool)
+    {
+        return roleId.toInt() >= CUSTOM_ROLE_MIN;
+    }
+    function getTargetRoleId(
+        address target,
+        IAccess.TargetType targetType,
+        uint64 index
+    )
         public
+        view
+        returns (RoleId targetRoleId)
+    {
+        if (targetType == IAccess.TargetType.Core) {
+            return RoleIdLib.toRoleId(CORE_ROLE_MIN + index);
+        }
+        if (targetType == IAccess.TargetType.Service || targetType == IAccess.TargetType.GenericService ) {
+            return getServiceRoleId(target, targetType);
+        }
+        if (targetType == IAccess.TargetType.Instance) {
+            return RoleIdLib.toRoleId(INSTANCE_ROLE_MIN + index);
+        }
+        if (targetType == IAccess.TargetType.Component) {
+            return RoleIdLib.toRoleId(COMPONENT_ROLE_MIN + index);
+        }
+        if (targetType == IAccess.TargetType.Custom
+            || targetType == IAccess.TargetType.Contract)
+        {
+            return RoleIdLib.toRoleId(CUSTOM_ROLE_MIN + index);
+        }
+        revert IAccessAdmin.ErrorAccessAdminInvalidTargetType(target, targetType);
+    }
+    function getTokenHandler(
+        address target,
+        string memory targetName,
+        IAccess.TargetType targetType
+    )
+        public
+        view
+        returns (
+            address tokenHandler,
+            string memory tokenHandlerName
+        )
+    {
+        // not component or core (we need to check core because of staking)
+        if (targetType != IAccess.TargetType.Component && targetType != IAccess.TargetType.Core) {
+            return (address(0), "");
+        }
+        // not contract
+        if (!ContractLib.isContract(target)) {
+            return (address(0), "");
+        }
+        // not component
+        if (!ContractLib.supportsInterface(target, type(IComponent).interfaceId)) {
+            return (address(0), "");
+        }
+        tokenHandler = address(IComponent(target).getTokenHandler());
+        tokenHandlerName = string(abi.encodePacked(targetName, TOKEN_HANDLER_SUFFIX));
+    }
+    function toFunctionGrantingString(
+        IAccessAdmin accessAdmin,
+        Str functionName,
+        RoleId roleId
+    )
+        public
+        view
+        returns (string memory)
+    {
+        return string(
+            abi.encodePacked(
+                functionName.toString(),
+                "(): ",
+                getRoleName(accessAdmin, roleId)));
+    }
+    function getRoleName(
+        IAccessAdmin accessAdmin,
+        RoleId roleId
+    )
+        public
         view
-        returns (IAccess.RoleInfo memory)
-    {
-        return IAccess.RoleInfo({
-            name: StrLib.toStr(name),
-            adminRoleId: adminRoleId,
-            roleType: roleType,
-            maxMemberCount: maxMemberCount,
-            createdAt: TimestampLib.blockTimestamp(),
-            pausedAt: TimestampLib.max()
-        });
+        returns (string memory)
+    {
+        if (accessAdmin.roleExists(roleId)) {
+            return accessAdmin.getRoleInfo(roleId).name.toString();
+        }
+        return "<unknown-role>";
     }
-    function toFunction(bytes4 selector, string memory name)
+    function toRoleName(string memory name) public pure returns (string memory) {
+        return string(
+            abi.encodePacked(
+                name,
+                ROLE_SUFFIX));
+    }
+    function toFunction(
+        bytes4 selector,
+        string memory name
+    )
         public
         view
         returns (IAccess.FunctionInfo memory)
     {
+        if(selector == bytes4(0)) {
+            revert IAccessAdmin.ErrorAccessAdminSelectorZero();
+        }
+        if(bytes(name).length == 0) {
+            revert IAccessAdmin.ErrorAccessAdminFunctionNameEmpty();
+        }
         return IAccess.FunctionInfo({
             name: StrLib.toStr(name),
             selector: SelectorLib.toSelector(selector),
-            createdAt: TimestampLib.blockTimestamp()});
+            createdAt: TimestampLib.current(),
+            lastUpdateIn: BlocknumberLib.current()});
     }
 }

package/contracts/authorization/AccessManagerCloneable.sol CHANGED Viewed

@@ -62,24 +62,6 @@ contract AccessManagerCloneable is
         _checkAndSetRelease(release);
     }
-    // /// @dev Completes the setup of the access manager.
-    // /// Links the access manager to the registry and sets the release version.
-    // function completeSetup(
-    //     address registry,
-    //     VersionPart release,
-    //     bool verifyRelease
-    // )
-    //     public
-    //     onlyAdminRole
-    //     reinitializer(uint64(release.toInt()))
-    // {
-    //     _checkAndSetRegistry(registry);
-    //     if (verifyRelease) {
-    //         _checkAndSetRelease(release);
-    //     }
-    // }
     /// @dev Returns true if the caller is authorized to call the target with the given selector and the manager lock is not set to locked.
     /// Feturn values as in OpenZeppelin AccessManager.
     /// For a locked manager the function reverts with ErrorAccessManagerTargetAdminLocked.